Migrating accounts and user data from one Zimbra OSE to another.

A few months ago, I inherited a used server, and decided to install xen on it, and then create myself web and mail vm's. This would then replace my current web server. I installed a web vm, which works nicely, a second web vm for a friend, and finally, a Zimbra VM. The Zimbra vm was troublesome. My hardware was old, it wasn't the best platform for virtualization, and zimbra seems unhappy in a xen VM. After i finished migrating all of my data from my old web server to the new web vm, i decided to give zimbra a shot on metal. So i installed Zimbra on my old web server (after stripping out all of my web related accounts and services of course). Performance was better, and zimbra seemed happier. So i set about trying to find a nice clean way to move all of my zimbra data from the VM, to the new install. Well, Open Source Edition does not include the nice backup features of Network Edition, which would have probably made this a lot easier. So I was left to find my own means. I found some talk on the zimbra forums about how this might be accomplished. Simply install zimbra on the target server, then copy /opt/zimbra from the source server, to the destination server. This depends on similar configurations on both ends though, and this did not end well for me. After hours of work (and hours of an scp copy) i ended up with a zimbra install that appeared to function, but postfix was hosed beyond belief. This seems at least partially due to the fact that my target system had a different hostname than the source system. This was almost a necessity for me, as my vm server, and my old web server are located in different datacenter's, many many miles apart. So i decided to give something else a shot. Let's take zimbra's ldap, mysql, and store, and just tear it out of the source and import it into the target. Here's how i did it: I started out with two servers. One the production server (source, "interchange") and one the newly setup server (target, "stimpson"). On the target, i installed zimbra, fresh and clean. I did a few customizations during the install such as time zone, and alert e-mails, but nothing fancy. First, you'll want to stop your MTA on the source, so new mail coming in is queued at the sender. This way you're sure not to miss any mail.
[zimbra@interchange ~]$ zmmtactl stop
Now, zimbra is still running, but it's not accepting mail. Any mesages sent to our server should be queued at the sender, and re-tried later. Don't leave your system in this state for too long however, as you have no idea how long the sending server will queue these messages. A few hours is probably a safe bet. Now, backup all of your data. ldap: Zimbra, in zcs 6, includes a slapcat like script, for just this purpose.
[zimbra@interchange ~]$ /opt/zimbra/libexec/zmslapcat /tmp/foo
This places an ldap.bak file in /tmp/foo. This is an ldif file, you can rename it. I called mine interchange.ldif Mysql: I had to create a script for mysqldump, this was included in earlier versions of zimbra, but they removed it. I'm not sure why. I took ~zimbra/bin/mysql and copied it to ~zimbra/bin/mysqldump, and then modified it such:
[zimbra@interchange ~]$ cat ~zimbra/bin/mysqldump 
# Zimbra Collaboration Suite Server
# Copyright (C) 2004, 2005, 2006, 2007 Zimbra, Inc.
# The contents of this file are subject to the Yahoo! Public License
# Version 1.0 ("License"); you may not use this file except in
# compliance with the License.  You may obtain a copy of the License at
# http://www.zimbra.com/license.
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
# ***** END LICENSE BLOCK *****

source `dirname $0`/zmshutil || exit 1
zmsetvars mysql_directory mysql_socket zimbra_mysql_user zimbra_mysql_password

exec ${mysql_directory}/bin/mysqldump -S ${mysql_socket} \
    -u ${zimbra_mysql_user} --password=${zimbra_mysql_password} "$@"

Then, just dump mysql, as you would on any mysql server, you do not need to specify login credentials however, you'll see, that s included in the script.
[zimbra@interchange ~]$ mysqldump --all-databases > /tmp/foo/interchange.sql
Store: The store is simple (this includes the index as well).
[zimbra@interchange ~]$ tar czf /tmp/foo/interchange_store.tar.gz /opt/zimbra/store /opt/zimbra/index
Now, however its convenient for you, get all of these files to the target server. On the target, stop zimbra.
[zimbra@stimpson ~]$ zmcontrol stop
Host stimpson.undrground.org
	Stopping stats...Done.
	Stopping mta...Done.
	Stopping spell...Done.
	Stopping snmp...Done.
	Stopping archiving...Done.
	Stopping antivirus...Done.
	Stopping antispam...Done.
	Stopping imapproxy...Done.
	Stopping memcached...Done.
	Stopping mailbox...Done.
	Stopping logger...Done.
	Stopping ldap...Done.
Now, i had to do some modification to my data files. because of hostname changes and whatnot. If you want to make a backup of /opt/zimbra in case something goes wrong, and you need to start with a fresh install, now's the time to do it.
[root@stimpson /opt]# cp -rp zimbra/ zimbra.fresh
Ldap contains all of your account data, AND a lot of your configuration. I found it cleanest to strip all but the account data out. This was done by beheading the ldif of the first 1615 lines. You may need to look at your ldif and see if this is the right number for you, i found that an ldif i slapcatted from the target server (for comparison) had about 100 fewer lines that needed to be hacked off, so you'll have to look. I found in the ldif file where the COS definitions started, and hacked off every thing before that. This worked mostly well, i did run into one issue with one domain. I'll cover that later. I also searched for any occurance of "interchange" and swapped it with "stimpson". The sql file we dumped also needs to be updated. A simple global search/replace for your old hostname, to your new hostname is all you need. In my case, i searched for interchange, and replaced it with stimpson. Now, the real fun begins. Import ldap: Be sure zimbra is stopped (see above). Import your ldif with the following command:
[zimbra@stimpson ~]$  ~zimbra/openldap- -F ~zimbra/data/ldap/config -l interchange.ldif
I did not capture the output of this command, it returns a progress bar, and then a success message. Mysql: In order to import mysql, you'll need mysql running. It's safe to start up zimbra at this point, so go ahead.
[zimbra@stimpson ~]$ zmcontrol start
Host stimpson.undrground.org
	Starting ldap...Done.
	Starting logger...Done.
	Starting mailbox...Done.
	Starting antispam...Done.
	Starting antivirus...Done.
	Starting snmp...Done.
	Starting spell...Done.
	Starting mta...Done.
	Starting stats...Done.
You'll need to grab some information from your source, and target servers now. Namely, the mysql password. It will be different from one server to the next, and once you import your mysql dump, it will be reset (unless you go into the .sql file, and remove the piece which resets it.. up to you).
[zimbra@interchange ~]$ zmlocalconfig -s | grep zimbra_mysql_password
zimbra_mysql_password = bob

[zimbra@stimpson ~]$ zmlocalconfig -s | grep zimbra_mysql_password
zimbra_mysql_password = joe
Yes, i've changed these passwords, theyre not actually bob and joe, i cant go giving my mysql password out to the world. What you'll have here is some long, random, password. Make note of both of them, and which servers they belong to. Once zimbra is started, mysql will also be running, so now we can import our database.
[zimbra@stimpson ~]$ mysql < interchange.sql
Once its imported, you'll find that you can no longer access mysql.
[zimbra@stimpson ~]$ mysql
ERROR 1045 (28000): Access denied for user 'zimbra'@'localhost' (using password: YES)

This is because zimbra@localhost's password has changed. The simplest way around this is to take zimbra's mysql script, and hack it up again. So i took ~zimbra/bin/mysql and copied it to ~zimbra/bin/mysql.mod then made the following change
[[zimbra@stimpson ~]$ cat ~zimbra/bin/mysql.mod 
# Zimbra Collaboration Suite Server
# Copyright (C) 2004, 2005, 2006, 2007, 2009, 2010 Zimbra, Inc.
# The contents of this file are subject to the Zimbra Public License
# Version 1.3 ("License"); you may not use this file except in
# compliance with the License.  You may obtain a copy of the License at
# http://www.zimbra.com/license.
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied.
# ***** END LICENSE BLOCK *****

source `dirname $0`/zmshutil || exit 1
zmsetvars mysql_directory mysql_socket zimbra_mysql_user zimbra_mysql_password
exec ${mysql_directory}/bin/mysql -S ${mysql_socket} \
    -u ${zimbra_mysql_user} --password=bob "$@"
Notice that --password says bob now. Now connect to mysql, and issue the following commands. This is to reset zimbra's mysql password to what it was before the import.
[zimbra@stimpson ~]$ mysql.mod
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 328
Server version: 5.0.90-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> set password for 'zimbra'@'localhost' = password('joe');
Query OK, 0 rows affected (0.02 sec)

mysql> set password for 'zimbra'@'localhost.localdomain' = password('joe');
Query OK, 0 rows affected (0.00 sec)

mysql> set password for 'zimbra'@'%' = password('joe');
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Now mysql should be accessible to zimbra again. Now, the store, this is the easy part. Stop zimbra, you may not really need to do this, but it feels cleaner to me. Depending on the path included in your tar archive (remember, mine was /opt/zimbra/store) you'll want to change to the appropriate directory. Since mine includes the absolute path, i'm moving to /, as root.
[root@stimpson /]# tar xvzf interchange_store.tar.gz
Your store will decompress, in my case to /opt/zimbra/store Once it's complete, reset perms on /opt/zimbra store so that its owned by zimbra:zimbra.
[root@stimpson /]# chown -R zimbra:zimbra /opt/zimbra/store /opt/zimbra/index
Done! Now you should be set to go, start up zimbra! Now you should be able to re-direct DNS, so that your MX for your zimbra domains are pointing to the proper place. Also, whatever your webmail addresses are should be updated. For good measure, i also chkconfig off'd zimbra on the source server. Issues i had: I mentioned earlier that one of my domains didnt transfer over properly. I have about a half a dozen domains hosted. One of them, which happens to be the first domain i setup, didnt come over completely. All of the mailboxes were there, and i could login to them via webmail,. The only time i saw an issue was when i viewed the domains in the zimbra admin, or if a piece of e-mail came in for one of the addresses at the broken domain. They'd get bounced. It seems to me that the ldap data i imported must have been incomplete. I was able to fix it rather easily though. If i used zmprov to view all domains, the domain was listed.
zmprov getalldomains
But, if i tried to view detail on the broken domain, it returned an error stating that the domain didnt exist.
zmprov getdomain brokendomain.com
I assumed that zimbra added some sanity checking into their zmprov utility, and thought i'd give a simple modification to the domain a shot, and see if this fixed anything. I renamed the domain via zmprov, and then renamed it back to its original name.
zmprov -l renameDomain brokendomain.com brokeddomain.com

zmprov -l renameDomain borkeddomain.com brokendomain.com
This resolved the issue. Update: See my thread on zimbra's forums for another method. Looks like I may have been able to accomplish this using the "Copy zimbra's home dir" method if i'd know about zmsetservername! Ah well, i like my method better anyway. :P Update: I found that my zimbra documents were not working, probably due to the wiki account changing. The fix is simple, once you track it down. Find out what your global wiki account is, you can get it with the following command:
[zimbra@stimpson ~]$ zmprov gacf | grep zimbraNotebookAccount
zimbraNotebookAccount: wiki@stimpson.(domain.name)
(domain.name) is your actual top level domain, of course. this is generally the fqdn of the first domain you setup, which is generally the fqdn of your zimbra server. Now do the following:
[zimbra@stimpson ~]$ zmprov in wiki@stimpson.(domain.name)
Initializing folders 
Creating folder Template
[zimbra@stimpson ~]$ zmprov ut -h stimpson.(domain.name) /opt/zimbra/wiki/Template/updating global wiki account wiki@stimpson.(domain.name)
Creating wiki page _PathBodyTemplate in folder Template
Creating wiki page _Index in folder Template
Creating wiki page _TocItemTemplate in folder Template
Creating wiki page _TitleBar in folder Template
Creating wiki page _PathItemTemplate in folder Template
Creating wiki page _VersionTitleBar in folder Template
Creating wiki page _Template in folder Template
Creating wiki page _VersionIndex in folder Template
Creating wiki page _TemplateStyles_unused in folder Template
Creating wiki page _SideBar in folder Template
Creating file document Logo.gif in folder Template
Creating wiki page _VersionTemplate in folder Template
Creating wiki page _TocVersionBodyTemplate in folder Template
Creating wiki page _TocVersionItemTemplate in folder Template
Creating wiki page _TemplateStyles in folder Template
Creating wiki page _Footer in folder Template
Creating wiki page _Header in folder Template
Creating wiki page _TocBodyTemplate in folder Template
Creating wiki page _PathSeparator in folder Template

Kernel 2.6.32 and nVidia issues.

I run Fedora on my workstation at work. The machine has an nVidia Quadro 570 in it. I have a cron job setup to use yum to check for updates and install them automatically every night. This means i can keep my system up to date, and not have to really think about it. This works mostly well. Well, I was running FC 12, which was on a 2.6.31 kernel. Once night the updates ran, and i was moved to a 2.6.32 kernel. After a kernel upgrade, I need to rebuild my nVidia graphics driver against the new kernel. So i went through the routine of doing just that. The problem is that, this time, X wouldnt load after the rebuild. It would throw both of my displays into power save, and then completely hang my console input. I didn't have much time to put into it when it first happened. I worked on it for an hour or so, couldnt find the problem, and found that booting the old kernel (the 2.6.31.x kernel) i could get X to work as expected. So i told yum to stop bothering to upgrade the kernel, and kept my working kernel, all was well. Yesterday however, I decided to upgrade to FC13. After the upgrade process was complete, i found myself in the same boat, broken X, and this time, no option to drop back to an older kernel! So for the time being i threw in the stock nouveau driver, and got X up and running, so i could at least get back to work. Today I dug a little deeper, and ran across a thread on Fedora Forum which seemed very similar to my issue. It recomends adding the following to your kernel line in grub.conf:
So i did just that, i ended up with:
title Fedora (
	root (hd0,0)
	kernel /vmlinuz- ro root=/dev/mapper/vg_lagermeister-lv_root rhgb SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=us nouveau.modeset=0 vga=0x318 iommu=soft
	initrd /initramfs-
I'm venturing a guess here, but I think this means that my CPU supports IOMMU. Possibly that the 2.6.31 and previous kernels did not have IOMMU enabled, and that in 2.6.32 it was enabled by default. Thus, i had to deal with it at boot. Why this had any affect on my video card... I have no idea. This worked splendidly! I'm up and running on the proprietary nVidia driver (which supports 3D, where nouveau dies not, yet), and all is well. I seem to have a little bug where my displays flicker every so often, but otherwise, all is well.

Jaton GeForce 9500GT cooling problems, with a slightly creative fix.

A few months ago, around February, I built myself a new PC. I decided to finally move into the multi-core and 64-bit arena. I built a nice dual-core AMD 64-bit machine, with just shy of 2tb of storage, spread over 3 SATA drives. I had them raid 5'd, to get 1.2tb, but, well, we'll just say that didnt end well. I now have three individual drives, but thats a whole other blog entry.

How apple is stifling innovation.

Has anyone else noticed this? I have, for a very long time, been opposed to the popular game in town, and instead rooted for the little guy. In high school I never strove to be popular, I ran cross country instead of trying to get on the football team. A junior in high school, i started trying to move to linux, getting away from Microsoft. I've always done things based on my own research, what works for me, and not based on current trends. So read this article, knowing that I personally feel that Apple is becoming "Trendy", and I am somewhat bias against "Trendy". Next time you're at a high school, shopping mall, college campus, grocery store, or anywhere that a lot of people with cel phones. Look around. Look at people using their phones, and see if you can identify some of what you see kids fiddling with while theyre waiting in line to check out, what devices people are hugging to their cheek. You may notice an abundance of iPhones. Ok, so I see a lot of reasons for that. First, Apple is very good at marketing. Apple is also very good at writing decent software. And on top of all of that, well, the iPhone is indeed a slick device. So what the hell am i complaining about? There are a ton of touch screen phones out there. A ton of popular smart phones in general. Ever hear of a little manufacturer called BlackBerry? Theyve been producing phones for much longer than Apple. It's easy to see however why the iPhone is more popular, its more fun, its got a slicker interface, and apple's marketing machine is no less than stellar. So you're still wondering what I'm getting at. Ok, here we go. How many people out there have left Microsoft to go to Apple? I'm going to say... a lot. Now, how many have left Microsoft to go to Linux? Not nearly as many. How many people do you see going out and spending less on a PC, and then installing linux on it. Versus how many people you see spending a fortune on similar hardware, for the privilege of using an Apple? Linux could kill Microsoft. Linux, a project which is free for anyone to install/use. A system which is more secure than windows. A system which is infinitely customizable. A system... which is only used by geeks and open source activists. This is my point. If apple weren't so popular, if they weren't convincing people that the privilege of using an apple was worth the extra price tag... Then other projects might get more attention. There are projects that have been terminated because of apple's success. An example is HP's slate. It was dropped shortly after the release of the iPad. Look at MP3 players. The mp3 music sales industry caters to the iPod, and all other mp3 players need to live up to the standard that the iPod has set. Even if these other players may feature more options, other features, more storage space, if theyre not a clone of an iPod, theyre not accepted. Everyone wants the iPod. Am i saying everyone should boycott apple, and start looking for other products? No, i'm just ranting. Take it for what its worth. :D

Linux and the IBM XIV. Performance tweaking, and install automation.

Over the course of almost a year, I've been involved in the long process of picking out a new SAN for the College. The decision process is better suited for its own blog entry. I'll just say that we came to the decision that the IBM XIV was the right choice for us. These things are great. A storage grid, which is resilliant to just about any failure (within reason) you can throw at it! I'm just worried that it may gain sentience and steal our data... :P So now that we've finalized the decision, gotten funding, purchased, and now delivered our pair of XIV's, it's time to start connecting hosts. We run a primarily Linux shop, so we're focusing on making the install on linux as painless as possible. IBM provides a host attachment kit, which is actually rather slick. They provide it in the form of a tar.gz, which contains two rpm's, and a few shell scripts. To install, you unpack it, and run the install.sh script. We have a Kickstart server, which we use to automate installs. So to follow suite, we'd like to automate as much of the XIV HAK install as possible. Untarring an archive, and running an install script is rather easy, but we had other thoughts. These are RPM's, right? So why do we need this install script? All it seems to do is install the rpm's! So i took a closer look at what install.sh does. It calls a few other scirpts, checks on a few things, including dependancies, and then installs the RPMs. Well, RPM has a dependancy check built in, so why do we need a script to do that? The rest of the script seems to check if the HAK is already installed, and then makes the environment sane for an upgrade if it's already there. Well, that's easy enough to do on our own. Besides, these are new install's we're doing. There will be no HAK already present. So, i took the RPM's from each arch's package, and placed them in a YUM repository. This works beautifully! Not only does the install run by simply entering "yum install host_attach", but it also depsolves, and grabs any dependancies which are required at install! Once the install is finished, I reboot, because it adds items to udev, which seems like a good reason to reboot. Then i run xiv_attach, which builds a multipath config and whatnot. Tuning

Your role as a netizen.

This somewhat links to my post on Privacy Online, if you want a little bit of back story, well, there it is. I thought I'd follow up with a little bit about what we should all be responsible for in our online lives. This is all my opinion. I don't claim to be an authority, but this is my bog dammit. Read if it you want, otherwise, go look up some porn, or start a flame war on Facebook. That's what the internet's for, right? Looking up illicit material, and getting into arguments over politics, religion, pet ownership, or whatever. Right? Well, not really. That's what the internet has turned into. Here's a brief and history lesson (which admittedly comes from my memory, and cites no references). The internet, in its infancy, was used for communication, and early on, but colleges. It was used to internetwork research labs, and libraries, and pass factual information around. So a student in California could collaborate with a student in New York, without leaving his lab. One of my first memories of the internet was researching for a science paper that I had due. It was a bout black holes. My dad had just gotten an internet connection, and we decided to put this thing to use. So we hopped on our blazing fast 14.4kbps dial-up connection, and went to Webcrawler, and started searching. We found a pamphlet online on the subject, it came direct from Greenwich Observatory, in England. This was astounding to me! We'd gone into a computer in England, and gotten information and saved it on my dad's computer, all for the cost of a monthly subscription to an ISP, and a telephone line. Wow! Today, that's not so amazing. I mean, you can video chat with some dude in Asia, while downloading your porn and reading the NY Times. It's second nature to us now, its become integral to our lives. The little story about the research paper, that was only about 15 years ago. Since then, connectivity to the internet has changed, a lot! Bandwidth that would have cost a fortune, and required a leased optical line to your premises back then is now commonplace, and sold for $40/month from your digital cable or DSL provider. At that price, everyone's online now. Even if theyre at the lower end, or even still using the dreaded dial-up service. You'd be hard pressed to find someone who has NO contact with the internet. And its not just on your computer anymore, cel phones, media players, and other hand-held devices. You can pull a device out of your pocket, or off of your belt, or in some cases out of your back pack, and there you have the wealth of information that is the internet at your disposal. I use the term wealth of information loosely. Now you'll see how my little stroll down memory lane ties into the subject of YOUR role as a participant in this global thing called the Internet. See, back in 1995, when i was working on my research paper on black holes, the internet was a different place. Yes, there was porn, and there was illicit material, and even some illegal activities, but there was also this huge amount of factual information. Yea, you heard me right, information, based on fact, as in, the kind you can reference. Not ridiculous opinions presented as fact, not flat out lies presented as fact, but actual fact. Yes, it's still out there, but you need to know how to find it. Is this right? When you go to the library, do you have to read 4 books on the same subject in order to decide if the information you're reading in one book is correct? Sure, if you want to be thorough, but really, if you pick up a book at the library, and its presented to you as fact, there's a pretty good chance that it ACTUALLY IS FACT. What does this have to do as your role as a netizen? Well, not a whole lot, except that you should try to do your best to avoid propagating lies as fact. A good example is these viral chain e-mails and microblog posts about how some such event is going to change the face of (insert service here) and the only way to prevent it is to (insert action here). I can remember these from back as far as the early ICQ days. This was before AOL bought out Mirabillis, and the ICQ service became their property, mid 90's or so. There were messages that spread like wildfire saying things like "Mirabillis is going to start charging for ICQ unless you send this message to every flipping person on the planet!". Or the famous, "Bill gates will send you money if you forward this e-mail on", which went on to say how Microsoft is tracking this e-mail, and if you send it to people, you'll get your slice of some exorbitant amount of money. Nevermind the fact that it's almost impossible for someone to accurately track an e-mail like that. Its not like an e-mail can phone home. At least, not without some sort of attached application. This method of spreading panic has moved its way on to pretty much every social network i've ever been a part of. I see it on facebook, i've seen it on myspace, and so many others before them. Before you spread something like this, think about it, i mean really think about it. Take a ride over to Snopes and try to find an article referencing the item that you're about to continue to spread. If you find reason to believe it's true, then ok, post away, but if you find evidence to the contrary, stop in there, or even better, spread the correct information in its place! Now comes the good part. Protecting yourself online... Imagine the battlefields of old, where wars were waged with swords, maces, bows and arrows. Warriors went into battle wearing armour, and carrying some weapon with which to defend themselves. To do otherwise would be suicide. Now imagine the internet as that battlefield, and your computer as the warrior. If your computer isn't wearing its armour, it's going to get killed. There are a lot of threats out there. Spyware, viruses, adware, attackers... Sounds like a lot to deal with, right? Well, not if you're prepared. First, it's good to be knowledgeable of what you're getting into. Be aware of current threats. I don't mean that you need to go and get a Computer Science degree, but keep an ear to the ground for threats. There are lot of web sites which publish these things. Subscribe to an RSS feed, or just hit up one or two of these sites a few times a week, just to see what's out there. Know your enemy so to speak. Next, consider your computer. Think about what OS you're running, and what its vulnerable to. It's pretty common knowledge that Windows is a target for many viruses and malware. There are a number of reasons for this, but I could write a whole other post about that. So if you're running windows, you need to be on the alert. Keep your computer up to date. Microsoft makes this relatively easy by building automatic updates into your OS. If you cant be bothered with actively going and installing these updates ever so often, then turn on auto-updates, and let them install for you while you're sleeping. The next thing to consider is Anti-Virus. Keep one on your computer, keep it running, and keep it up to date. I personally use AVG Free on my windows machines. Is this the best on the market? No, but it's free, and it works well for me. The last thing to consider is a firewall. Personally, i run a pretty lax firewall on my pc's, but then i protect my network with a firewall in between me and the internet. I do this via a Smoothwall Express machine acting as my internet gateway. It's connected to my cable modem, and then my network accesses the internet through it. You could also use a personal firewall, such as the windows firewall, or a 3rd party application. I could get into a long talk on network security, but I'll spare you. Yea, that was all about Windows, the same ideas apply to other OS's. Personally, I like linux. I run linux on my workstation at work (solely linux, no dual-boot), and my laptop, and home pc both dual boot Windows 7 and Linux. IMHO, you cant beat the security on linux. Again, i could go nuts listing the reasons, but we'll just say that at a core level, linux is just more secure than Windows. Much of this applies to MacOS X as well. The same basic principles apply however. Anti-Virus, and Firewalls are still a good idea. So, we've covered your pc, and the spread of nonsense. How about you, as the user? It's simple really. In the words of Wil Wheaton, "Don't be a dick". Yea, I know it's fun to poke at people from across the world because they have no way to retaliate, other than poking back at you, but really... If you wouldn't do it to someone's face, don't hide behind your computer and do it. We're all guilty of this from time to time, but make an effort, and the 'net will be a better place. Other than that, just try to educate yourself on how the magical machine you're sitting behind works! Yes, I know it's daunting, I know that your dvd player, your computer, and your cel phone all hold quite a bit of mystery. A computer is not that complex of a device when you get down to it. Well, it is, but you can get a general understanding of its parts and what they do without spending 4 years in higher education. Once you have that basic knowledge, you're really much better off than most of the average users on the internet. Go read about it, and learn things, you'd be surprised how simple some of this computer magic really is! Last but not least, protect your identity. There are a lot of people out there who want to collect as much information about you as possible, and use it against you. Whether its for advertising, or identity theft. See my entry on Privacy (linked above) for a more in-depth look at protecting your privacy online. If you get an e-mail, asking you for personal information, please take a really good hard look at it before you blindly reply. Any company who's asking you for your password in an e-mail really needs to take a good hard look at their security practices. Under no circumstances should you ever send someone your personal information in an e-mail unless you've encrypted it using a method that only the intended recipient can decrypt. I mean it, seriously, if a legitimate company asks you for your password in an e-mail, you should either stop dealing with them, or call them and ask them if they're really serious. E-mail, unless you've made an effort to make it otherwise, is clear text. If someone intercepts your message, they can see what's in it. So anyway, there it is, now go, be a productive member of the 'net.

Privacy online.

So I'm listening to online radio, and one of the commercials i keep hearing is for this service called Privacy Defender. They tell you how all of this information that you thought might be private is floating around the internet. The continue to scare the crap out of you by stating that prospective employers, significant others, and others might go find this information online, and it could affect their opinion of you. First I'd like to say that this is nothing more than a company preying on your fear and dis-information to try to make a buck. The idea that you could hire someone to go about erasing your identity from the internet is ridiculous. You may or may not be aware of how "The Internet" works. So I'll give you a basic run down. There is no thing called "The Internet" which is operated or controlled by some group. The network that we perceive as this mysical thing which you can go play games on, chat with your friends, or (imagine this) research things you'd like to know more about, is a conglomeration of many computers, all containing data, which is then shared out to all the rest of the members on the network. If you're reading this blog, on your computer, sitting in your living room, you're an equal member of this network as any other machine that's connected. You could be a web server, you could be a mail server, providing that your ISP allows you to. You control your information. If you don't want others to have it.... Dont share it! Keep in mind, that a lot of your information is considered public knowledge, and can be obtained through the court house, or even your local library. If you've already jumped in both feet, and your information is everywhere, well, go try to get it back. A lot of web site administrators will cooperate with you if you go to them in a professional manner. I don't know if they're legally obligated (or, even if they should be) to remove your data, but ask them, if theyre reasonable, they'll help you out. If they won't, don't sue them. It's different if they've obtained private data about you and published it without your knowledge. If you've posted some embarrassing pictures of you and your college room mate making out at some frat house party in college, you put it there, you should have thought better of it before you posted it. If someone else posted it because they were at the frat house party, and took a picture of you, and you let it happen, then maybe you should have thought of that and tackled them and deleted the picture from their phone. Contacting the site operator is essentially what services like Privacy Defender would do. Of course, i don't know what goes on under the sheets of Privacy Defender, but knowing what i know about running a web server, what else could they do? They can't go and remove things from my server, they have to go to Me, the operator of the server, and ask nicely. The only power they have that you might not, is a knowledge of the law and perhaps sleazy lawyers that know how to exploit it. I recently watched an interesting video, where Eben Moglen spoke in front of a group about "Freedom in the cloud". I'll embed the video in a moment, if you'd like to watch it. He made some very good points regarding privacy, a user's role in the internet, and how we've all blindly given our information away. If you use Facebook, i'd highly recommend you watch this video. It's a little dry, and some of it's a bit technical, but it brings out some very important details about what the guys at facebook (and other social networking sites for that matter) can do with your data! So, why am I posting this? Well, watching that video really made me think about our society, and how intertwined our lives are with our online lives. Slowly they're becoming one and the same. This is a cool trend, but also a scary one! When companies like facebook can, via a nicely worded EULA, claim ownership of all of the data you decide to post, where does your privacy go? When i started getting involved with computers, BBS's, web communities, and things of the like. I always used an alias, an avatar, to identify myself. This is how it was done, this is how everyone did it. If someone signed up with their full name as their username, you knew they were naive, and not privacy minded. At that time, if you chose to sign up with some online community, the only person who had access to your data (other than the data you chose to make public) was the operator. Was there still a chance of that operator doing nasty things with your data? Yes, but that was your responsibility. You tried to keep track of who you were giving your data to, and what you gave them. Today, we share some of our most private data without a through on sites like MySpace, and Facebook. Sexual preference, the town you live in, how many kid's you've got, what their names are, what your favorite hobbies are, where you work, your political affiliation. I could build a profile on you based on the information you post daily on Facebook. On top of that, i can find out what you looked like from your picture gallery, or if i were a predator, what you're 14 year old daughter looked like... Combine all of that data, and someone could literally show up at your door, or stalk you at work, or god forbid, your children at school. Am i saying we should all leave social networking en-mass? No, just be careful what you make public. Keep in mind that ANYONE on the internet can find that data. Dont set the password to your bank account online to some data that i could phish out of your facebook profile. -War

Rate limiting outbound mail in Zimbra, with Policyd

I've recently found a need for outbound rate limiting in Zimbra. The idea is that this will help prevent a spam outbreak, sourcing from one of my users accounts, if it's compromised. This has happened in the past, and it's finally time to put a stop to it. There are two options available to me for limiting outbound mail. First is within Zimbra, the other is via out outbound spam/virus filter which is handled by a ProofPoint Protection Server. This is basically an e-mail firewall, similar to Barracuda, or Postini. I spoke with our support personnel at ProofPoint, and they were less than helpful. Not on the whole, they're generally very good, I would in fact recommend them to others. The system is sound, and flexible, and their support is usually great. In this case, I was simply asking for something that this system cannot offer. Because this is an outbound limiter, i need to rate limit based on sender, not sending server. Apparently the PPS just doesn't have that sort of tracking. So I moved on to Zimbra. Out of the box, Zimbra does not have this feature either. However, Zimbra's MTA is build on Postfix. A relatively clean, stock postfix. Most postfix mod's also work on Zimbra's MTA. I did a little digging, a little asking around on Zimbra's forums, and a little research on my own and came up with Policyd. Policyd is a service which runs on either your local postfix box, or on a remote box, which manages lists of policies. Postfix queries policyd for every transaction, and asks it if it has a policy which pertains to this transaction. Once it gets the result of said policy, it moves on with the session. Now, there are tons of things which can be done with policyd, I'm focusing on JUST outbound, and JUST quota based rate limiting.

4.2U Wii, homebrew hack.

A while ago, a friend of mine helped me exploit my Wii, so that I could run the Homebrew channel. There are many advantages to doing this, and for lots of reasons. Not just game piracy. Homebrew lets you install 3rd party apps on your Wii, which allow you to get some creative use out of the system. You can also connect USB storage to your Wii, and use it to store your games, so that you dont need to swap discs around when you want to play a game. When we hacked the Wii, it was running update 3.6. I'd stopped updating the Wii from Nintendo's update procedure because I assumed that they would probably tromp on my hacked wii, and restore the OS to its pristine condition, and I'd then have to go through re-hacking. Well, I knew this time would come. I was forced into an update, so I could run the New Super Mario Brothers game. I guess it has something to do with the ability for the players to interact as they do in the game. So, i bit the bullet, and ran the update. It wasn't until after i ran the update that i found a number of reports on the 'net about how to update a hacked Wii, without actually running nintendo's update. This would have kept my Homebrew intact, and still gotten me the update. But, oh well, I was committed at this point. After some digging, I found a number of how-to's on the subject of hacking a 4.2U Wii. 4.2U being the most recent update. I tried a number of them, and none of them worked. Until i found this how-to, which was SOOOOO much easier to follow than some of the others. Since i'd been through so many other failed attempts at hacking this system, and since it was hacked once before, i decided now was a good time to backup my save data, and format the Wii's system memory. Luckily, i was able to backup all of my save data to an SD card, and then save that data to my PC. I then performed the format, but wasnt able to put my save data back on the Wii until after i'd run each game at least once. This meant i either had to break out all of my discs, or get homebrew and the usb loader working before i could get my save data off of my sd card. So i started down the road to Wii-freedom. In the end, it wasnt all that difficult, and i ended up with bootmii, which is a more secure replacement for Wii's boot2 loader, and the homebrew channel. I also have all of my USB capability back, and once i get all of my homebrew software reinstalled, i'll have all of the functionality that i had before the format. On top of all that, i can play Mario now. :D

Some good ol house music for your Tuesday.

I'm into quite a few types of music. Mostly anything that has a good beat, and a deep sound. I always imagine that a lot of people who have been exposed to my taste in music are baffled by the seeming variety of genre's I listen to. There's a theme believe it or not. Its hard to describe. I like bass, and I like guitar. If its got a deep sound, I like it. This can be found in a few genre's commonly. Mostly electronic music, like House, and Trance, and a lot of Rock/Metal has the same element. So, most of what I listen to falls into these few genre's. One of the DJ's that I started following while XM's "The System" was still on the satellite waves, is Zoltar. He had two shows, The Mutant Dance Party, and Subterranean. Both are shows where he plays mixes of club music. Mostly house. One of these shows can still be heard on Sirius/XM's "Area", though its never on when I'm able to listen since Sirius/XM has so royally screwed up the pricing for XM customers that I can no longer listen online (as i refuse to pay extra for a service which used to be included in my package), but i'm getting off topic. You can still download podcasts of Zoltar at http://zoltar.podomatic.com, so this is how I currently listen to Zoltar. I downloaded his most recent show, which is a year-end review, a best-of 2009 show. One of the songs that caught my eye.. er.. ear was Melleefresh, and Deadmau5 doing "Hey baby". Nice beat, suggestive lyrics, but that's ok. So I started hunting around online for an MP3, so I can listen to just that song whenever i'd like. I found one, but in my search I also found a rather amusing YouTube video. Something to think about before watching this video is this. These are usually one-off DJ tracks. A lot of them are not really professionally recorded. Most of them do not have videos produced by the artist. So, fans will create videos which sort of fit. Most of them are videos just for the sake of being videos, some feature a still image and just play the music. This one is a mash-up of a ton of different suggestive animations, which have been floating around the 'net forever. So, if you don't mind suggestive lyrics, lots of looped almost-nakedness, and a deep progressive beat, then check out this video. :D