K World

I’ve spent another Satyam Cinemas ticket for hosting, this time, to a host which got older-but-stable versions of softwares. I’ve migrated database to this new one as well.

Guess what, this time, I’m trying yet-another-new-thing. Now, I’ve two hosting packages on two different hosts (didn’t waste much money, total cost is three tickets at Satyam Cinemas). My DNS management is done for free by ZoneEdit and it supports Round-robin DNS (A technique that enables a domain to be hosted on multiple servers, and to have the load balanced between them) So, I configured both servers to have my blog and one of the will be pointed by ZoneEdit’s DNS Servers when you request.

Reasons for this action

• I’ve no clue why I did this
• Let me see if I get to learn something new as I got so many new doubts right now while doing it
• First host is bad, I don’t know about second host. Atleast one of them will up to serve the blog

I’ve no clue for following questions

• How am I going to synchronize posts at both the servers ?
• Will DNS server point you to the second server automatically when the first server is down ?
• What exactly will be happening in the background at DNS server and my browser when I request a page ?

I’m sure that I’ll get more doubts and I’m more sure that I’m going to find answers for these questions. If you’ve answers for my questions, please let me know, otherwise, I will let you guys know when I find solutions

This post is going to be technical. Some truth, some imagination and a bunch of assumptions.

My first assumption is - There is a big company with a portal which is primary means of doing many things across the company. Every employer gets access to the portal which they would use for their daily use.

My second assumption is - The company turns new-technology oriented, and it starts it’s own wiki or micro-blogging or even blogging with in the enterprise.

My third assumption is - The company considers an open source solution for the tool and modifies it a lot so that, by the time it opens it to the regular employees, the open source solution which they used gets an upgrade with the patches for the existing vulnerabilities in their solution.

My fourth assumption is - The company, as it managed to modify the code for making it work seamlessly with their current environment wouldn’t take more pain to upgrade the version of opensource solution which they are using.

Out of these four assumptions, we get a situation with the weakest link - A situation where a modified-but-vulnerable opensource solution is integrated with a company’s portal.

My brain’s assuming part will stop working here and the imagination part starts here. When a new tool is integrated seamlessly to the tool, it would be using LDAP for authentication. It’s a solution that can be easily guessed as well as confirm. When LDAP is being used, the next interesting imagination would be - they will be using a flow - where, if any user tries to login - if the user is first time user, the open source solution will create a profile for him in the solution’s database, or if not, just let him in based on the LDAP authentication.

The above all will work great as long as They are not concentrating on you. But, when They concentrate on you, greatest codes will look vulnerable simple codes. As per the title, I’m going to write “How Would They Do ?” Again, it’s completely imagination as I’m not “good enough in skill” or “bad enough in motive” to be one of Them. Let’s see what would They do.

They will find that the latest added opensource solution is the weakest part of the portal and try to find out the version of the solution. Using the solution, they would find the list of vulnerabilities and try to exploit them. If they succeed at this point, they will try to get complete access over that opensource solution a.k.a new tool. They will make themselves admin on the new tool, and look for possible chances of going further. Some of the current opensource solutions are so-advanced that they allow to edit code of their plugins/themes/core through their interface if the user is administrator. If not that advanced, atleast they allow the administrator to take a backup of the complete database. Both the cases are bad, first being terrible and second being bad enough to hurt.

But, if the case is first, where They got admin rights and They can edit the code, They would simply edit the code to do their work and that is - The solution would add every user and his password to new table on their successful authentication and later they can download the database of users with their un-hashed passwords which is the biggest thing that can go wrong for that total portal. The total compromise.

This is some stupid theory with lots of facts, assumptions and imagination in it. If you understand technology, you can understand the seriousness of simple mistakes we do. If you don’t understand technology, I didn’t expect you to be so bored that you read this post !! And by the way, if you haven’t understand who are They … come on dude, it’s dream of every kid who use computer to become like Them and read their friends’ emails. No more hints.

Well, welcome again to K World @ Selfdabba.

My journey of moving my blog from blogger was not only interesting, but also informative. I’ve learned a little about DNS systems and what are the things I should take care about while dealing with domain names. The first part of this post is about how managed to migrate my previous blog. The second part is about all the domain issues.

As I’m using wordpress as my blogging platform here, it’s as simple as drinking coke to import your blogger posts.

1. Just goto your Admin Page, Click Manage - and then import.
2. Click on Blogger, Press Authorize button there. Make sure that you are logged in into Google Account which deals with your blog on blogger.
3. Just select the username to migrate those posts to or create a new user and its DONE !!!

I faced a small problem here, SSL would be needed to connect to Blogger servers, as the transaction of database would be happening over encrypted channel. My host didn’t support SSL, so, I had to do a small work around to do that. I created an account on wordpress and imported my blogger posts to that account by using the above 3 steps. Then

1. On wordpress.com, I went to Admin page, Manage - Export
2. Pressed “Download Export File” button and saved the XML file, which is database
3. On this blog, I went to Admin page, Manage - Import
4. Clicked on Wordpress, selected the downloaded XML file and pressed “Upload and import” button
5. Tada !!! Migration is DONE

This was the easiest part of my Journey. The Second part (which supposedly happened before this) was my most confused part and most informative part.

I bought two domains - mondayphobia.com and selfdabba.com and I’ve no clue what to do with them. All I knew was, I’ve to point them to my host’s nameservers and I did the same. But, being a guy who knows little technology, I wanted to make more out of my domain names than just pointing them to ONE silly server.

I asked the guy from whom I bought my domain that I want DNS management of my domain and he told that he would give that service for a very small fee. I bought that service, I had add four more Name Servers to my domain registration. Well, You need to have lots of patience while dealing with DNS, as it would take some time to propagate through the name servers all over the world.

Being guy with very less patience (or being over anxious guy who couldn’t wait) I complained about this to an experienced guy, AJ (one of the guys behind all successful, Indian version of Yelp - Burrp) He suggested me to use ZoneEdit service. I went there, registered there, and added two more nameservers to my domains. Then, I felt lame that I didn’t know much about DNS servers and started reading about them and on journey, I visited DNSStuff, which gives a very good report about your zone a.k.a domain. It gave me so many parameters which confused me a lot and actually increased my zeal to study about them.

Well, it goes like this. Just follow these steps, your domain management will go as simple as possible.

1. Have lots of patience, nothing is going to work in 10 minutes. Make your changes and wait for a day or two to reflect. But, before leaving them to reflect, make sure that everything is correct.
2. Two Nameservers are required - Primary Nameserver and Secondary Namesever. If you are not “my” type of user, and all you want to do is to host some pages, add the entries given by your hosting service and forget everything.
3. Well, If you want to try more, you can do following stuff -
   Create subdomains
   1. Create a bunch of emails for your friends and family ending with your domain name
   2. Save your domain from spammers abuse by creating SPF record
   3. Create canonical names for some other site
   4. Learn a lot more about DNS

If you are still reading this post, you probably are interested about doing more with your domain name.

1. Creating Subdomains : Anything.YourDomain.Com is a subdomain. You can use these as Canonical Names where you forward guys who visit that subdomain to entirely different domain or You can create an Alias, where you point your subdomain to particular IP address. If the webserver running on that IP address knows the vhost (another issue, you’ve to take care) it will serve the page
   Or, You can create an IP Alias for *.yourdomain.com and serve particular subdomain by filtering with a .htaccess file. If you are wondering how blogspot or wordpress.com or wordpress Mu works, you know the answer now.
2. You can modify your MX entries pointing towards Google servers (Service name - Google Apps) and you can get gmail service on your domain - in simple words, You get gmail webspace and interface for your @yourdomain email ID
3. Create Canonical Names a.k.a CNAMEs on your domain for ghs.google.com (Service name - Google Apps) and you can get calendar, homepage, docs services on your domain.
4. Create an SPF record in TXT records of your domain so that spammers can’t abuse your domain. In short words, spammers can mail someone using youremail@yourdomain.com email-id. But, if you’ve SPF record which specifies the servers which can mail using youremail@yourdomain.com email-id, the receiving server can mark the email as SPAM by identifying the sending server. More info @ OpenSPF

Use your creativity and find out more uses and please let me know if I’m wrong anywhere. Don’t forget to read this very good tutorial by Scott Perry. He wrote everything in simple words so that anyone can understand.

Well, I’ve messed up my DNS settings again while writing this post. If some thing goes wrong …. Uhmm, it would be good coz it would let me learn more. If everything’s going to be fine, then it’s too good that I can continue learning something else

Tribe 3 is on the move now to become Gutsy Gibbon next Thursday, which actually managed to impress most of the people out there. Gutsy Gibbon is coming; with lots of hopes on its shoulders.

If you are thinking what the hell is this ??? Well, never mind, I’m talking about the new release of Ubuntu Linux Distribution. Probably, you want to read about Vista rather than this

If you are wondering, what is Gutsy Gibbon bringing with it; It’s bringing hopes of several Linux lovers of Linux becoming a desktop ready OS. Dell and some other vendors are already selling some of their Laptop and PC models with Linux pre-installed in them. But, the present day situation is little different that Linux is not really so friendly that any one can just start using it as simple they use Windows.

If you are probably a Linux user already, the features worth looking forward in Gutsy Gibbon are

• Faster Desktop Search
• Compiz Fusion by default
• AppArmor security framework
• Improvements in Firefox plugins
• Better support for audio/video codecs
• Graphical configuration tool for X.org
• Faster User Switching in shared machines
• Printer auto-detection
• Better handling for commercial drivers
• Better support for NTFS

What is Gutsy Gibbon doing to Linux ?

Well, Ubuntu is just one flavor Linux, and it’s giving it’s best to take Linux one step ahead of becoming a Desktop OS.

What is so good about Linux ?

This question surprises me a lot. To be very clear, everything is great about Linux. It’s got a sexy interface, if you don’t trust me, take a look at what Compiz can do. If you don’t want any GUI interface, you are TEH GUY for Linux, it welcomes you with a very useful shell. It’s got almost every tool you use on windows, check LinuxAlt for more information. It gives you more control on your computer than windows. It lets you do MORE useful stuff with your computer rather than burning your computer cycles for checking those stupid commercial DRM rights. If you are a casual user, you need not spend thousands of your hard earned money just to buy one crippled OS which never gives you for your money.

Is Linux nearly a step ahead of becoming Desktop OS ?

Well, the answer is not with just me. It depends on the “particular” user. A user like me will be comfortable with Linux obviously coz, it does everything what windows do, but, if you are some games freak or if you need Photoshop, well, Linux can’t help you much other than giving you some decent alternatives.

What does it mean if you are still reading this post ?

It means nothing that you are little bored of your Windows, and you are little scared of trying/buying the new OS from Microsoft - Vista. And, yes, you are thinking about something good. Just, grab your LiveCD from Ubuntu, and pop the CD and reboot. Ubuntu will boot from the CD without installation. If you like it, you can install it beside your “windows” installation without doing any harm to your files.

You can download the ISO of the CD from Ubuntu site or order a free copy of Ubuntu from its “ShipIt” service.

Opensource collaboration suite Zimbra was acquired by Yahoo few days before. Now, Jaiku - A Twitter wannabe or a twitter killer or what ever you want to take it as, is acquired by Google.

If you don’t know what’s twitter and what can be done using twitter, It is a micro-blogging platform that allows users to send updates via SMS, IM or email. If you want to know what it does, there is a simple and straight forward tip posted at nexuz.

If you want to see the comparison between Jaiku and Twitter to make your choice of selection of the service, here is a very good prizefight between Jaiku and Twitter @ CNET TV.

For Google, it’s count++ on mobile services as well as social networking. I started to love these 2.0 wars, let’s see what’s the next thing going to be sold on the market.