Monday, September 29, 2014

Presenting ideas with Mind Map

Was on the internet today and saw a long time software, Freemind. How I miss working with Mind Map.

Mind mapping was traditionally used on sheets of paper or mahjong paper to present ideas and later it was also used for teams to work together to build an idea together. The mind mapping technique I learnt was something made popular by Tony Buzan, UK. Looks like branches from a tree, but from what I have also learnt, mind mapping was around long before Buzan and appears in many forms to pictorially describe an idea. Officially, I learnt a great deal of mind mapping during the courses at SMR.

Many of the mind mapping software subscribes to Buzan way of doing things. There are 2 software that is open source software; (1) Freemind is a Java Technology based mind mapping tool that allowed users to use data interchangeably on Linux and MS Windows. (2) XMind is considered one of the more popular tool in the Internet, but it didn't really stick with me. Note taking tools such as Evernote provided even more flexibility for mind mappers as it is integrated with XMind.

Saw good reviews on Mindomo, why not try it, as its advantage is that it is available on MS Windows, Mac and Android. That is if you don't mind installing Adobe Air.

Today, there is even a mind mapping tool built into Chrome web browser.

See https://chrome.google.com/webstore/detail/mindmap/gdaeohpmcenmffofpikllphdhlkkocfa?utm_source=gmail

It saves the mindmap in Google Drive and I can access it pretty much any where.

Serious exploits in August and Sept 2014

These recent months have shown how the open source software model could handle (or is still handling) bugs that could be turned into an exploit of Linux servers. These are;

Shellshock (Sept 2014) - remotely take over a server.
BBC http://www.bbc.com/news/technology-29361794

Heartbleed (April 2014) - OpenSSL data could be intercepted.
BBC http://www.bbc.com/news/technology-28867113

The sheer number of Linux servers affected means that it is a serious threat and is wide spread. In Heartbleed, its patched but Shellshock is yet to have a patch to fully resolve the bug.

Interesting technical discussion on Shellshock is found at stackexchange.
https://unix.stackexchange.com/questions/157329/what-does-env-x-command-bash-do-and-why-is-it-insecure

How do you know if your shell is vulnerable? Hackernews recommends to run the following command in all the shell being used;

env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"
env X="() { :;} ; echo shellshock" `which bash` -c "echo completed"

If you see the text output "shellshock", please find a patch.

Chris, a contributor at Buzzfeed News, provided a good material on how 2 persons maintained the OpenSSL package, Steve Marquess and Stephen Henson. The commercial entity for this is known as OpenSSL Software Foundation.

Now doesn't it make you wonder who is responsible of bash shell and is it the same package for every Linux distro?


Tuesday, September 9, 2014

What is FTP?

FTP or File Transfer Protocol
"... is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server."
wikipedia.org

One reason why this is being replaced by other network protocol is in its exposure of the user password in plain text for a traditional FTP server. SSH and encrypted FTP sessions have replaced almost all new implementations these days.

Which ports are used by this service?
Standard ports used are port 20 (data) and 21 (command) but this may change depending on the server's settings. On the client FTP site, free standard ports higher than number 1023  is used.



This service by the FTP Server can provide active or passive connection and sometimes both. A simplified explanation in Slacksite.org entitled "Active FTP vs. Passive FTP, a Definitive Explanation" is a good read.

Typically, on the FTP server in Passive mode will require connection to several higher standard ports and this allows larger number of connections. In Active mode, limitation on the server is to how many connections can be done over that one port 20.

How to determine if its in Passive more?
After login to FTP server, type
quote PASV

How to establish connection to an FTP server?
Use an FTP client and enter the FTP server's URL. E.g. on Linux, to connect to the FTP server ftp.myserver.com

ftp ftp.myserver.com

-end-


Friday, September 5, 2014

Microsoft's Windows Defender

It was time to uninstall the McAfee antivirus that came pre-installed with the Windows 8 laptop. Just by doing that I noticed that the bubble appear to say that I am no longer protected and to click it. This is when Windows Defender application started, which makes me wonder if its good enough to replace the previous antivirus.

Doing an update to virus and spyware definition version 1.183.1668.0 on 5th Sept 2014. Will continue to run this with Basic membership setting where this means almost anything could be sent to Microsoft.