bsd.b3ta.org
Yet another *nix admin blog

There have been many reported cases of a new scheme of scam involving generally a Chinese domain registration firm asking for people to register some domain names through them because “a third party” was trying to register them. Normally a dot.com domain owner who would receive an unsolicited email from those bogus companies claiming that someone else was trying to register some .cn of the same domain, so they wanted the company owner to register these domains first with them to “protect their trademarks”.

In the process, they earn fee for so-called service offered in disputing non-existent third party registration. In another word, they create demand triggered by fear.

Nevertheless, it make sense to register and park a .cn, if China is a targeted new operation ground for your company. This will block it being snapped by cybersquatters, competitors or even Chinese scammers mentioned earlier.
Here are the some samples communication of my attempt to lure them.

(more…)

Perhaps I missed out this news on TV / Newpapers (maybe it was published in _the_tiny_little_column_that_we_always_miss_out). Or perhaps, they are still busy with the press restriction at lobby of the Malaysian Parliament.

Here are some photos that were forwarded to me. Street protest is bad. But what else could they do?

(more…)

As good citizens, security.org.my initiated Month of Malaysian Government Websites Bugs (MoMGWB) which aims to provide independent review, gather vulnerabilities submitted by volunteer hackers and disclose/reveal security issues of .gov.my websites to GCERT prior to public disclosure.

I found it rather ridiculous as such noble initiative ended up being accused as a project to attack/hack .gov.my websites! duh! (Encik, do you read English, really?) This stirred up a bit of panic among .gov.my.

You can view the email corresponds from .gov.my and security.org.my at Xwings’ blog.

Fear the spoonman!!!!!!!!!!!!!!!!!!!!

%deluge
no existing Deluge session
Starting new Deluge session…
deluge_core; using libtorrent 0.13.0.0. Compiled with NDEBUG.
Applying preferences
terminate called after throwing an instance of ‘boost::bad_lexical_cast’
what(): bad lexical cast: source type value could not be interpreted as target
Abort
%

Deluge refused to restart after my computer was not properly shut down. Simple workaround is to remove deluge config directory (don’t be too worried about your previous torrent download) and fire up deluge.

%rm -r ~/.config/deluge && deluge

Add your previous torrent seeds and select the previous directory where you saved them. Deluge will check your previous downloads and resume them.

This is funny. UN against Open Source

“Tun Dr Mahathir Mohamad has expressed regret at the use of a video clip that purportedly showed he admitted that he had framed Datuk Seri Anwar Ibrahim.

Dr Mahathir said those who attended the talk understood the context of his speech but the Opposition took one part and distorted it.”

Source thestar

Seriously, I don’t know how true this is. Judge it yourself.

Here’s the note with easy steps to get pound running with SSL signed by CA.

Generating Certificate Signing Request
# cd /etc/ssl
# openssl req -new -nodes -subj '/C=MY/ST=Wilayah Persekutuan/L=Kuala Lumpur/CN=myshinny.webserver.com/O=My office./OU=IT department.' -key host.key -out host.csr

After generating certificate signing request, you need to copy and paste the contain of host.csr to Verisign for signing. Once you have got your certificate signed, save it as host.crt. Note: the naming convention here is for the demonstration below.

Obtaining Verisign intermediate CA certificate
Depending on which type of certificate that you have purchased, you could obtain Verisign CA certificate from this page. Copy the certificate content and save it as verisign.pem.

Now you have 4 files: host.key, host.csr, host.crt and verisign.pem. Only 3 of them are needed for pound ssl. Prepare the certificate to use with pound. Note: In server.pem that will be created, it is important that you follow the sequence as such.

1 Your key
2 Your certificate
3 CA certificate

# cat host.key host.crt verisign.pem > server.pem

Example pound configuration, pound.cfg:-

---snip---
ListenHTTPS
        Address x.x.x.x
        Port    443
        HeadRemove "X-SSL-.*"
        HeadRemove "X-Client-Verify.*"
        Cert    "/etc/ssl/server.pem"
        CAlist "/etc/ssl/verisign.pem"
        Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
---snip---

End

Replace x.x.x.x with your server IP address. Restart pound and you are done!

友人把这笑话转发。觉得它完完全全的反映当今的大马。

小明的作业要用国家、社会、党、人民来造句。他不理解，就去问爸爸。
爸爸：国家就象你奶奶，地位最高，但是实际上管不了什么事。党就象我，咱家里我说了算，社会就象你妈，为你奶奶、我、你，我们大家服务。人民就象你，我们谁的话你都得听。
晚上小明还是不太明白，就再去爸爸的房间问爸爸，爸爸正和妈妈两人XX，一脚就把他给踢了出来，他哭着去找奶奶，可是奶奶已经睡下了。小明没办法，随便造了句就去睡觉了。
转天爸爸接到学校老师的电话。

老师：小明的造句是谁给造的？
爸爸：他造得不好吗？
老师：是造的太好了，让我们以为不是他造的。
爸爸：他怎么造的？

老师：”国家在沉睡，党在玩社会，社会在呻吟，人民在哭泣。“

I’d like to wish all of my friends who are celebrating Chinese New Year on this coming 7th and 8th Feb, A happy,healthy,prosperous years ahead and may your all wishes come true. 新年快乐。

Well, it seems like people like to mess around with Ubuntu logo. Some of them are creative, hilarious, and offensive in the eyes of Ubuntu users. PLEASE PARDON THE PUN. DON’T HIT ME! Especially Ubuntu-my meetup is just around the corner. Please don’t ask me for the author of those images. These are just some of the images that I came across on the net.

WARNING!

Rated 18SX: The images might contain non-excessive sexual element and they are only for viewers of age of 18 years old and above. :p

Click to view.
(more…)