Archive for the "Business and Open Source" Category


Business and Open Source

Why I don't support Windows anymore

This is a Windows horror story from almost 8 years ago.

My friend was running Windows 98 at the time, and she’s using outlook express to handle her emails. Then one night she called me out of panic, she couldn’t seem to see any of her emails, I tried to troubleshoot remotely to no avail, lately I figured that huge Inbox file was corrupted, and I tried all possible means known to me to salvage her emails, but none worked, she lost all her old emails.

Then I installed Thunderbird for her on Windows, it turned out it was another mistake, she lost her emails due to windows crash but this time I had her to backup her local mail storage, and I put linux on her machine, moved all emails from back to her new linux installation, she was happy ever since, no weird and mysteries problems any more, and when she needs some help I just have to ssh into her machine or run nomachines’ NX client with freenx server to get job done.

It’s a joy to work with Linux, but not too many people can appreciate this fact. FUD, misinformation, greedy, corruption all play their roles in this twisted world, we see good people get bad treatment, crooks get what they want, criminals get to control the justice system, it’s not too surprise to see a superior system gets second rate treatment.

Technorati Tags: , , , , ,

Why people keep using Windows

I started using Linux around 1997-98, it was RedhHat 5.x at the time. Until I had the chance to try out Linux I was running Windows NT on our servers to provide database and web service, Windows 98 was on the desktop, and to be honest, I was quite happy with what I could do with the system, simple web page with FrontPage, simple database with FoxPro, database  driven web site served by Apache with Perl run-time from ActiveState on windows, and all these worked pretty well.  Then I had the chance to build a bulletin board system for local university community, I had to compile the code(written in C) on a Linux system, that was the first time I ever tried Linux, and it was on server, not on desktop. I enjoyed working on Linux system, even it was considered not too user friendly at the time(the GUI was rough and basic), but it was so powerful on the server, I was totally hooked. Late I put RedHat on my desktop, in one week there was no more Windows for me.

Since I am a developer and a system administrator it was easy for me to appreciate the power and freedom of Linux, for Joe users it wasn’t that easy and clear cut. In the 90’s you had to configure X window manually, the user interface was pretty primitive, I never tried to recommend Linux to my friends and colleagues, if I did I was looking for trouble. Fast forward to 21st century, in the last a few years Linux had been improved to a point that Joe users actually could appreciate the power and benefits of Linux, some of the benefits we all know are virtually virus free, malware free, no spyware as long as users follow the basic security rules(don’t login as root being the most important one). And the ease of installation of Linux becomes one of the most touted features.

But people keep using Windows. Someone may say that more and more people are using Linux or Mac,  and quite some people use China as an example, saying that people there are using Linux more and more, I will have to say all these maybe true, but in reality people are still using Windows. Let’s look at the  Linux usage in China, there is an easy way to determine the percentage, people there use qq, which is an instant messaging system only runs on Windows, to communicate with each other, they even integrated  the email system, so people don’t need separate email software to receive and send emails. The young generation is all using qq in some way, dedicated or casually, it becomes part of their life style, and the young generation represents most of the internet users in China, all these people are running Windows for sure; The older generation are worse in this regard, they hardly know anything other than Windows, because in China there was no Unix tradition, people from 90’s only know Windows, maybe some know DOS, but that’s about it. So 95% Windows usage is a safe estimation, the 5% including university students, some government agencies, some other unexpected sources, even 99% is not too far fetched, as far as I know. And the government wants people to use Windows as well, because it’s easy for them to track the individual users as they see fit.

The world wide Linux usage maybe around 5-10% IMHO, if it is not weighted average. The western world has higher percentage because people there know better, especially when it comes to computers and freedom, the proof is that almost all free/open software projects originated from Western,  China probably has more computer users than US has, but there are almost no free/open projects originated from Chinese development community.

Now we see most people are still using Windows even Linux has matured vastly lately, and quite some people understand the advantages of using Linux, there must be some reasons behind this phenomena. Of course the first one and also the most cited one is that MS still has the control of hardware manufacturers/vendors, and has monopoly on desktop, the Windows pre-installation is still the only game in town(in large scale). Many people believe this is the major reason why people are still using Windows despite it’s security nightmare.

There are also some other reasons why people keep using windows, such as commercial games availability, essential apps only run on windows, etc., but I believe all these are not the driving forces. To me the reason is very simple, a lot of people grow up with Windows, and they see Windows every where, and they perceive Windows as computers. People are stubborn, they intend to hold onto their own ideas, bad or not, people just don’t care, they just want it, that’s the force driving people. Day to day life is already enough for most people, they just want it at the end of day, be it to just get the job done, to just feel good, or not to be different than your fellows. The status quo won’t be changed until there is something dramatic happens.

It’s just as simple as it is.

Ratchet Straps and Cargo Bars

Lately we moved a lot of stuff from our old warehouse to our new warehouse, lots of them are pretty heavy and bulk,  we hired a semi trailer to help us move everything. It’s about 40 minutes driving from old place to new warehouse, the driver told us we would have to secure our load before we hit the road.

Now we don’t have much experience with moving big stuff in the big truck, we really need help from someone who knows how to move the load. Of course the first person we turned to is the driver, we were told we needed ratchet straps to secure our load, and we have some big boxes we also needed cargo bars to secure them, and he recommended a truck tie downs store which sells tie down stuff  for us to buy the ratchet straps and cargo bar, we called their number on the front page as asked for help, there were really nice people there and they helped us out, they recommended the right stuff for our needs and shipped the package real fast, we got everything in just 2 days!

We were very happy with the purchase, and the driver loved  the  straps and bars, actually when we finished moving we just let the driver took half of the ratchet straps and cargo bars as gifts!

Technorati Tags: , , ,

Fighting spam with greylisting and thunderbird

Greylisting is an effective way to fight spams. According to Evan Harris, “The Greylisting method is very simple. It only looks at three pieces of information”, the three pieces of information refers to “The IP address of the host attempting the delivery”, “The IP address of the host attempting the delivery” and “The envelope recipient address”. These three pieces of information called “triplet”, the way greylisting works is very simple: “If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.” Here the certain amount time can be a few minutes to more than an hour, if the amount of time to delay the mail delivery is too long, some legitimate emails will be lost, if the time period is too short, it maybe defeated easily.

The principle of greylisting is simple and elegant, because most spams are fire and forget, meaning that spammers send a batch of spams once and never look back, and this behavior is necessary for spammers, if the spams behave  like legitimate emails it will be easy to identify the source and block the spams.

Of course, greylisting is just the first defense against spams, to be exact, those rogue and  random spams, there are also unsolicited emails from ad agencies, email campaigns, etc., these emails are not all spams but most of them are spams, these emails behave just like legitimate emails, and some of them are requested by the recipients, so we can’t just block them, we will have to find another way to fight them, in my case, mozilla thunderbird is the solution.

Mozilla thunderbird has a nice “Junk Setting”, you can enable “adaptive junk mail control” and train thunderbird to recognize legitimate emails(hams) and spams. When you receive an email in your Inbox, say it’s an ad from a company, and you don’t like it and consider it spam but the mail server won’t be able to block this email without losing legitimate emails, you can manually mark the email in question as junk, depends on your settings, the email will be moved into Junk folder automatically or you can move it into the Junk folder manually. You will have to do this a few times before thunderbird will automatically label this kind of emails as spam. Sometimes thunderbird will label legitimate emails as spam, you will have to unmark those emails and move them back from Junk folder, usually thunderbird will do it right after the training.

We’ve been running our own mail server with greylisting, spamassassin and clamav for more than 6 years and using thunderbird as our mail client from the very beginning, we probably will receive 2-3 spams a week per person right now, the  total email volume well exceeds a few thousands a week. So far the combination of greylisting and thunderbird works quite well, in fact we all love the simplicity of the way server and client side handling the emails, greylisting is transparent to end users, thunderbird junk mail control is really convenient to use, no hassle to the end users, together they deliver the real world wonders.

Technorati Tags: , ,

Paypal police at work

I’ve heard paypal horror stories before, but I haven’t had one yet, but this one got my attention: “Pocketing Police”. It’s pretty scary when paypal can do that kind things at their will.

We’re doing a portion of our business through paypal payment, simply because there are no better choices at the moment, and people still want to use paypal for their own good. And we’re very careful with our paypal balance, whenever it exceeds $10,000 we will transfer money into our bank account, just to be safe.

Now Corporate America is acting as judge and jury, I’m afraid we’re slipping into somewhere deep down.

Off the topic, we’ve had trouble downloading paypal history numerous times, there was one time it took us a few days to download payment history(about 3-4 month worth of data), we always got “connection reset” error message. Come to think of it, it seems that paypal website is overloading at any given time, because we’ve been using paypal for a few years and this problem was there from the very beginning.

Technorati Tags:

Install ioncube loaders under SELinux

When you install free ioncube loaders under CentOS 5.x, which has SELinux enabled by default, you will see following error message:

“cannot restore segment prot after reloc: Permission denied”

You have a few choices here.

You can disable SELinux, edit /etc/selinux/config, look for” SELINUX=”, put “disabled” to the right of “=”, it reads like this “SELINUX=disabled”, when you restart the machine, SELinux will be totally disabled. But when you want to enable SELinux lately, the system will relabel all the files at the boot time, it will take very long time to finish the relabeling process, so disable SELinux is not recommended.

Then you can put “permissive” in place of “disabled”, or run “setenforce 0” on command line(“setenforce 1” re-enable it),  you will see warning messages but SELinux won’t do anything to stop unauthorized access. If you are serious about security, probably you won’t feel comfortable when SELinux is not enforcing it’s rules.

Now you’re ready for the real solution.

When you see the error messages when you restart your HTTP server, run following command:

audit2allow -l -a -r

You should see the required types and classes being displayed and the permissions you need to load into selinux module, you’re not going to see them all at once, you will have to try a few times to get all the required types, classes and permissions. Following I will show you how make it work, step by step:

You need to create an file “local.te”, which will hold all the required types, classes and permissions to be loaded in to SELinux module, in our case, you need to add following into local.te:

module local 1.0;

require {

class process {execstack execmem execheap};

class file { ioctl lock append create getattr setattr link relabelfrom unlink write read rename execmod };

type unconfined_t;

type httpd_t;

type httpd_sys_content_t;


allow unconfined_t httpd_sys_content_t:file execmod;

allow httpd_t self:process {execstack execmem execheap};

End of code.

When you have the local.te ready, run following command:

checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -i local.pp

Now you HTTP server will load ioncube loader just fine.

Technorati Tags: , , ,