Since the first day I saw content from Planet51 I knew it was going to rock. I am emotionally attached to this movie because I worked in the Videogame for a few months and because I have worked in the past with several member of the technical team that is behind the movie. I know first hand they are very talented people.

And finally, the trailer is now live: Planet51 trailer!

Congratulations to all the team. All the best for them.

• Launchy. Launchy is a keystroke launcher that clones the behaviour of Quicksilver in Mac OS. With this tool you will say goodbye to your start menu and desktop icons. Everything is now accessible from a few keystrokes: folders, applications and even websites, all with a simple alt + space. The perfect complement for Launchy is StartKiller, a tool for removing the Start button from the taskbar. To me, Launchy is as revolutionary as 4DOS was back in MS-DOS days. How much time did you save? (bonus: and now that you can have a 100% clean desktop it is time to use a decent wallpaper…).
• AutoHotkey. Whatever can not be done with a few launchy keystrokes most likely can be programmed with an AutoHotkey macro. AutoHotkey incorporate a powerful script language that will allow you to automate almost anything: instant access to disk folders, internet tabs, activate tray programs, change visual studio layouts, send email, check calendar, etc.
• xplorer². xplorer² is a file manager with enough features to say good bye to Windows Explorer (Microsoft, admit it, it is not designed for advanced file manipulation). Although there is a professional version, the free lite version is enough to me, especially the Tabbed dual-pane interface feature. With AutoHotkey you can easily redirect Win + E to xplorer².

And that closes out my small contribution to reduce energy wastage in the world . I am sure you can share more gems like these. One more time, thanks for reading.

As you probably know I am working in a very small (3) team through internet. We do not share a physical place and we have very limited resources. All the infrastructure is based on servers we have at our own home (code repository, wiki, bug tracking service, build machines, web server, backup machines, NAS servers, etc). As you can imagine, we try to optimize our time and bandwidth as much as possible. I want to share with you in this post two examples of this optimizing philosophy with the idea of discussing them and discovering other interesting usages you may be doing (if you want to share of course)

• Twitter: I like to know where the rest of the team is working on. We have weekly voice meeting, we have emails and IM accounts but that is not enough to know with precision where each part is working on. Twitter, a micro-blogging service you probably know is ideal for this purpose. We have private twitter accounts (nobody out of the team can read it) where we update or current status: developing a new package, fixing a ticket, writing documentation, meeting a client, etc. With a simple look at your twitter account you get the status of the team.
• Dropbox: I am absolutely impressed with this software. If you don’t know about it I recommend that you have a look at its tutorial. The service is incredibly simple to use and it just works without problems. We have created a dropbox account for internal distribution and testing of our binary releases. Our build machine copy each generated distribution to a shared dropbox folder. This dropbox folder is shared with our team giving us the following advantages:
  • Every member on the team have the binaries everywhere and in all machines we want to test.
  • Logs for each execution are saved in the shared folder and are automatically synchronized in all the accounts. The logs give us useful information about the execution of the software that every developer can inspect.
  • Crashes are stored as minidumps in that same folder. And, as we distribute pdb with our releases, this means that everybody in the team can open any dump from any release and reproduce the exact crashing conditions everywhere. For more information about symbols, read my previous article about Setting up a Symbol Server

Do you have more interesting related ideas? Please, share them with us.

• Upgrading to Wordpress 2.3: This have been a surprisingly smooth upgrade. I only had minor problems with UTF-8 conversion (I had to disable the line define('DB_CHARSET', 'utf8') from the configuration file). It seems that with this new Wordpress version, categories are going to be deprecated in favor of Tag Clouds. I have yet to convert my post database to tags
• Feed Icons: I am using now what is supposed to be the standard for RSS icons
• Email subscription: Thanks to FeedBurner now you can subscribe to this blog via email. If you are not using a Feed Reader, please use this method instead of bookmarking
• W3C Validation: Now, the XHTML and CSS of this blog are fully validated by the W3C tests. I use a simple text editor to modify the HTML and CSS, so there were lots of errors. After a lot of minor changes (like eliminating warnings in C++), the blog passes all the tests becoming a more standard blog and, supposedly, more friendly to bots navigating through my rumblings
• Amazon book links: I do not like putting ad in my blog (and you probably won’t ever see any), but now book links pass though my Amazon account (I receive a small percentage if you buy using that link). It is a non-intrusive modification so I expect you don’t care about it
• Wordpress plugins updated: I have updated and added new Wordpress plugins. This is the list of plugins I am using:
  • Askimet to combat the spam. 95% of the comments I receive are spam
  • All in One SEO Pack. Meta information, that invisible information that only bots can read, is important. This plugin gives you control over the generated metadata
  • Counterize for tracking internal visitor stats
  • FeedBurner FeedSmith to get feed usage stats. FeedBurner have been bought by Google and now all the pro services are free
  • Subscribe To Comments. This is a very interesting plugin that is increasing the number of comments in the blog. It allows email subscription to posts where you contribute
  • Ultimate Google Analytics to collect info for the Google Service Analytics
  • WP-PostViews for getting visit stats for each post
  • WP-UserOnline. An online users counter

Comments are welcome, thanks for reading.

My host is joining the Fon Movement, a free WiFi community oriented towards sharing home internet connections to the world. Sharing your connection allows you to use any Fon node in the world for free.

There are already lots of nodes around the globe. You can check your neighborhood here.

What really impressed me is that they are selling is FON Social Router (La Fonera) for just 5 €/$. A 802.11g router with a linux 2.4.0 inside! I couldn’t resist such a bargain.

If you live in Spain, like me, Pc Actual is offering the router, 400 skypeout minutes, skype starter kit and a guide of Pc Tricks in this page.

And now, waiting for it…

1. Master the Operating System you use

Stay away from the Windows vs Linux wars. Choose the OS you like and learn about it. Most of the security breaks are due to administration errors: not staying up to date, running services not needed, bad password policies…

Using Linux is itself no guarantee of security. You have to manage it properly.

Personally I am in love with Gentoo Linux: a Linux distribution from programmers to programers.

2. Have your system updated (automatically if possible)

Security bugs are discovered every day (Bugtraq List). So you should be updating your system everyday and doing it as automatically as possible. In Windows you have Windows Update for updating the operating system. Software not part of the operating system should be updated independently.

For Gentoo, you can have all your system updated easily:

These two lines will only synchronize with the latest packages and show you the info. The integration process should be done manually to detect potential issues.

You can check for known security vulnerabilities in Gentoo Linux using the Gentoo Linux Security Announcements (GLSA) (currently a service in beta)

At the moment glsa-check is an experimental tool.

3. Run the minimum number of services

Do not have services you do not need. Every installed service may be a new security hole on your computer. Some linux distributions come with a generic configuration with a lot of default services you won’t need. Disable all the services and start activating the ones you need. That is exactly what you get when you start installing Gentoo from scratch.

4. Firewall your system

Have a robust (highly configurable and with a decent support for logging and alerts) firewall installed on your server and configure it properly.

Linux firewalls are based on Iptables. This is a great tutorial on Iptables. Ulogd is a daemon for iptables very useful to have an independent log file for your firewall.

5. Use encryption when connecting with your server

Do not use telnet, rlogin or ftp. Those protocols go across the Internet unencrypted. In Windows, if you use Terminal Services enable encryption. In linux, OpenSSH is the right tool.

OpenSSH allows you to encrypt all traffic and provides tunnelling for the rest of the ports. Use OpenSSH with the RSA/DSA authentication. I always have with me the private key in my USB removable device. If you examine your logs you will see dozens of attempts per day trying to log into your machine. If you have your server connected 24h/day you should have this port well secured. Disable direct root login and try to use a high level port. OpenSSH offers you sftp, the encrypted version of ftp.

6. Detect changes to important system files

You want to know every change that is made to your system files, at least to the critical ones. AIDE is your friend here. It works by making cryptographic hashes for the files to be checked. Those hashes should be stored in a safe device: a read-only one, for example.

7. Check against rootkits

You don’t want rootkits in your computer. So, you should be doing continuous checkings against this. I recommend to run both Rootkit Hunter and chkrootkit every day.

8. Scan all your logs to detect suspicious activity

You should watch all your logs everyday. Doing this automatically is prone to errors, so you should have a daemon doing this for your and emailing you when it finds something suspicious. Logwatch is an useful tool for this. It will send you emails every day with automatically generated reports.

9. Continuously monitor your system

It is vitally important that you continuously monitor the health of your system to detect anomalies: cpu usage, network traffic, memory usage, system temperature, hdd status, etc. Cacti (a back-end for RRDtool) is ideal for this.

10. Automatize as much as possible

Minimize the things you manually do. You have Task Scheduler in Windows and Cron Jobs in Linux. For example, these are the some tasks I have automatized in my server:

Synchronize to the latest stable packages.

Check for known vulnerabilities in the system.

Run AIDE to detect changes in system files.

Look for rootkits with chkrootkit.

Look for rootkits with rkhunter.

Generate reports from system logs.

Check for new network ports opened.

And that makes ten guidelines. I know I leave lot of topics (nessus, snort, etc) but they will have to wait for other posts. I hope you have enjoyed this recommendations. Do not hesitate to give comments here.

I wanted to start a topic (the first on Linux, I promise more on this) about the hardware machine where this blog is hosted: a machine installed in one corner of my living room. I bought the box to be the server for all my machines at home (personal computer, media center, videogame consoles, ip camera, fileserver…). Being network security one of my hobbies I am always playing with security tools. That is one of the reasons why I decided to host this blog in my home server: to play with a new toy.

In the past, whenever I installed a linux distribution (SUSE most of the times) I always finished mutating it to my own distribution due to the fact that these clasic distributions evolve too slow. This was frustrating and time consuming for me because I had to mantain lot of packages and some big changes (gcc, glibc) could break the system. When I was starting to build my own personal distribution (based on Linux From Scratch) I discovered Gentoo. Gentoo Linux is the perfect distribution to me. It is based on source (every package you install must be compiled) and it is continuously evolving like an organic system.

This is the current hardware configuration for my Linux Box:

• Shuttle Barebone ST62k
• Pentum IV Celeron 2.4Ghz 1Gb Ram
• Crystalfontz CFA-631 LCD Module

I have an internet connection with a dynamic IP. To be always accessible I’m using the services from DynDNS.

And that is enough for today, my next article on this topic will be about tips & tricks on security to avoid to be owned.

Even you have a plugin for Firefox, so you can use del.icio.us as a traditional bookmark.

The idea is simple, but very powerful.

Everybody seems to be contributing to this revolution. Being a feature of blogs in the past now you can get rss feed from a lot of popular pages. Even Microsoft is proposing its own extension. You know, it’s Microsoft.

If you are curious, these are my currents feeds.

Currently I’m using BlogLines. It is a web reader, so you can safely read your news at work, home, travelling… Other popular web readers are Feedster and Google Reader (in beta).

So, what are you waiting to start feeding from here?

Having been browsing for about an hour, I can say this version seems to be running faster and smoother than before.

If you don’t know it, google is firmly supporting firefox. Even they will pay you if you promote it.

People at www.spreadfirefox.com is preparing a big marketing campaign this time.