I’ve been using the excellent fpm (Effing package manager!) tool for automatically generating rpms from source (for example, creating a custom compiled php-fpm binary and then wrapping it for install in an rpm for distribution from our own repository). FPM also creates .debs and other binaries as you need them.

To ensure we have a secure infrastructure we wanted to make sure that the rpms are correctly signed so that the gpg check can be completed on them when installed.

First, generate the gpg public/private key pair:

Fill out the required information. The entropy generation step may take a long time to complete.

Export a text version of the public key with this command, for later use in your repository:

fpm docs state that you just need to add the –rpm-sign to your fpm command. However, this generated the following error for me:

The reason for this is that it uses the settings located in your ~/.rpmmacros file. Find your key ID:

In this sample, the KEY_ID would be “94E8C1F6″

From here, the fpm command runs without issue.

This is an alias of the rpm --addsign command.

Now let’s check the signature on this rpm.

Whoops, it doesn’t seem to be signed properly. Well, that is because the rpm system doesn’t know to trust this GPG key yet. Import with the following command:

Note that this is the plain text file from before. Your RPM system knows to trust this key, and now if you verify the file:

This RPM is now ready for use in a repo. In the .repo file, use the following to ensure it follows the correct signature:

All key names have been changed to protect the innocent.

A few months ago, we had an interesting issue with another website stealing our content in an unusual way. Essentially they ran a proxy service on a similar domain (a .com.ar instead of .com) and then replicated our site, replacing our ads with their own. They also ran our content through a content replacement algorithm, removing certain pieces of text and also replacing our own domain with theirs. It is fairly easy to do.

We had a few concerns about this. Firstly, we were worried that unsuspecting users would enter their login information on this site. Also, they actually were showing up in Google search engine results, which both hurts our brand, ranking and perception by users (this site loaded much slower than ours obviously).

First Attempt To Stop The Proxy Spammers: IP Blocking

Determined to put a stop to it, the first method we tried was blocking their crawler IPs. However, they owned enough IPs in enough ranges that it was simply a cat and mouse game. We would block them, and then a day later they would be back up. After a few weeks of this it didn’t seem to be a viable long-term solution for blocking these spammers.

Next, We Used Their Mirroring Of Our Content Against Them

Next I thought I would use the fact that they were modifying our page content and disable their site that way.

I created a box in html/css which would trigger via JavaScript only when loading from their domain. But, you wouldn’t think it would be that easy would you? They replace our domain with theirs, modifying any mention of their own domain. So I used a quick hash function to create a unique identifier from the loaded domain and then matched against that.

Also, figuring they would just take out the HTML box I created, I also found it useful to display a hex-encoded version of it. You can encode text to the hex-escaped version for Javascript with the following command line:

The final Javascript I started loading on our site (and therefore their site) is below:

After thoroughly testing and then putting up the code, we launched it live. It was very satisfying knowing that end-users were getting the warning message when visiting their site, and the actually reported their experience back to us. After about 12 hours, they figured out our play out and turned off their proxy. Success!

…

Not quite. The next morning I woke up to see their site back up. Looking into their code, they had removed the JS completely. I changed our code, embedded it in a JS file, and used other creative means to get it back up – but in the end they were just able to disable the Javascript entirely and defeat this attack. It was just another cat-and-mouse game.

We also tried DMCA/Abuse Contacts

We also tried to send notices to their hosting company to get them to take down the site. They were hosted in Argentina, so DMCA is not applicable. Their abuse contacts were non-responsive.

Originally we thought we could go after their domain registration since it violated our trademark – but this is a long and involved process involving lots of paperwork and time, and for another $10 they could just register another domain name. We didn’t think this was a viable option.

Going to the Source: Google

Google is involved in this scam in a number of ways. First, they were indexing and serving his site in their search results. Secondly the scammers were replacing our ads with their own Google AdSense ads, which I am sure is a ToS violation.

While we were attempting to defeat their site from a technical perspective, we also began looking at Google to see what we could do from there.

Google has a process for submitting DMCA requests. The issue in this case is that they make you submit one batch at a time, and with millions of pages on our site and indexed in Google, it just doesn’t make sense to list out urls line by line. It worked to remove those submitted results from search engine results, but it was like cutting grass with scissors. Finally, I attempted to contact Matt Cutts via Twitter:

Thanks. So much for that venue. I know @mattcutts is the public face of Web Spam at Google so I’m sure that he gets lots of @’s with dumb questions, but we were already way beyond this.

Finally, What Worked

Members of our site had a few personal contacts at Google both in an AdSense representative and otherwise. One of our contacts with Google was able to bring this issue up with the right people and they finally took the offending domain out of the SERPs permanently. We also reported their AdSense account – but we don’t know what happened with that. Without them showing up in SERPs, it was a moot point because they won’t be getting many visitors any more.

The Problem With Google

Google has become so large that it is almost impossible to get a situation like this taken care of without knowing someone who works for them. They have many automated systems in place, but scammers will continue to utilize loopholes for their own profit. Google enables this type of scam, yet they also profit from it.

I wish Google would have some sort of Ombudsman or review system set up so that someone like us, who is having our content ripped off by others using Google’s own tools (and with Google taking a percentage of profit from these people), has a way to efficiently deal with them without resorting to personal contacts. We spent much time on this, time that could have been put to better use.

Or maybe personal contacts are the only real way to deal with a situation like this?

Anyway – I am welcoming comments and any other ideas for dealing with these Proxy Hijackers and how to keep them offline. I’m curious how widespread this type of incident is, we know of only one other site that was having the same issue from the same scammer.

After all, they can always get another domain for $10.

Usually, I will try to push clients towards using SCP (via a client such as WinSCP), however inevitably there are clients who do not understand this new method of accessing their files securely online, and who for one reason or another insist on using FTP for their online file access. As they say – the customer is always right?

Anyway, there are currently 3 mainstream FTP servers available via the yum command on CentOS 6.x. PureFTPd, ProFTPd and vsftpd. So which FTP server is the best? I will summarize the servers below, or skip to the summary.

ProFTPd

ProFTPd is a modular FTP server which has been around for a long time. The large control panels (cPanel, DirectAdmin) all support ProFTPd and have for years.

The most feature rich of the bunch is certainly ProFTPd. There are a ton of plugins available for it, and the creator of it modeled its configuration architecture much like Apache’s – it is also using the GPL for licensing.

Configuration of ProFTPd is fairly straight forward, and example configuration files abound at a quick search of Google.

ProFTPd is available on a wide variety of system architectures and operating systems.

ProFTPd Security

Of the bunch, ProFTPd has the most CVE vulnerabilities listed. The high number is most likely an indicator of ProFTPd’s widespread use which makes it a target of hackers.

ProFTPd CVE Entries: 40
Shodan ProFTPd entries: 127

PureFTPd

PureFTPd‘s mantra is ‘Security First.’ This is evident in the low number of CVE entries (see below).

Licensed under the BSD license, PureFTPd is also available on a wide-range of operating systems (but not Windows).

Configuration of PureFTPd is simple, with a no-configuration file option. Although not as widely used as ProFTPd, PureFTPd has many configuration examples listed online.

PureFTPd Security

PureFTPd’s “Security First” mantra puts it at the lead in the security department with the fewest security vulnerabilities.

PureFTPd CVE Entries: 4
Shodan Pure-FTPd Entries: 12

vsftpd

vsftpd is another GPL-licensed FTP server, which stands for “Very Security FTP daemon.” It is a lighweight FTP server built with security in mind.

Its lightweight nature allows it to scale very efficiently, and many large sites (ftp.redhat.com, ftp.debian.org, ftp.freebsd.org) currently utilize vsftpd as their FTP server of choice.

vsftpd Security

vsftpd has a lower number of vulnerabilities listed in CVE than ProFTPd but more than PureFTPd. This could be because, since its name implies it is a secure FTP service, or because it is so widely used on large sites – that it is under more scrutiny than the others.

vsftpd CVE Entries: 12
Shodan vsftpd entries: 41

Summary & FTP Server Recommendations

#

Considering the evaluations above, any server would work in a situation, however generally speaking:

• If you want a server with the most flexible configuration options and external modules: ProFTPd
• If you have just a few users and want a simple, secure FTP server: PureFTPd
• If you want to run a FTP server at scale with many users: vsftpd

Of course, everyone’s requirements are different so make sure you evaluate the options according to your own needs.

Disagree with my assessment? Let me know why!

After I ditched cable TV, I used both Snapstream’s BeyondTV and SageTV (now owned by Google) to sate my and my family’s television needs. After almost 2 years we ended up turning cable back on. Win one for the cable company!

But that did not end my search for the perfect home television system. Our cable box, well, works; but the hard drive is limited, you have to pay $15.99/mo for it, and the recordings are only on one device.

Luckily I found the DCR-2650 (currently $122 at amazon) which allows you to rent a CableCARD from the cable company (I’m paying $3.99/mo from Verizon) and get all of the premium cable channels on your PC – the drawback is that you must use Windows Media Center due to the DRM (there is a hack for SageTV – more on that later).

We recently got an Xbox 360 for Christmas, and I’ve been wanting to try the Media Center Extender functionality on it. I’m happy to report it works really well! Here is a video with a quick walkthrough of the Media Center Extender experience on the Xbox 360.

Some notes on the setup:

• My Media Center PC & Xbox are both connected via gigabit wired network
• Live TV, Guide and DVR functionality work perfectly
• Have had issues with Movie playback. This is because the Xbox is limited in what codecs it can decode. Apparently the Windows Media Center Extender app does not use the same codecs as the Xbox media player app.
• You could use as many Xboxes as you want, so essentially you have a free number of DVRs in your home
• The DCR-2650 uses a single cable card but has 2 tuners. This means you are limited to 2 channels at a time of live TV or recording shows. You could easily continue to add tuners if you would like more.
• The Windows Media Center app is available directly on the main Xbox menu that pops up when you hit the Xbox button on your controller/remote

The quality of the video coming from the Media Center Extender is significantly better compared to the “LiveTV” streamed over the internet – also from Verizon.

If Microsoft and Verizon is serious about making their streaming live TV app commonplace in consumer’s homes, they will need to both up the quality of the video and also add DVR functionality to the system.

Between how well it works and the fact that you can get a remote for the Xbox, it really makes an ideal replacement for your cable box.

I’ve been busy lately on a number of projects, one of which is a programming class I am currently taking. The class itself is interesting, we are learning about the different types of programming languages. For our latest project, we were tasked with writing a simple program in Pascal. Pascal isn’t used too much any more since it lacks some of the features that most modern languages have, but it is good to know at least a little bit about it in case you ever run across some old Pascal programs in the wild.

The syntax for pascal is a bit verbose, that is the main complaint about it. There are a number of others, but that is beyond the scope of this howto.

Installing The Pascal Compiler on Ubuntu

Installing Pascal in modern Ubuntu is a cinch. The Free Pascal Compiler, or fpc, is all that you need to get started. It works great on 32-bit or 64-bit systems. Install with:

Any prerequisites will automatically download and install along with fpc.

Getting Started in Pascal

To test the compiler let’s start with a simple Hello World program. Open up hello.pas and enter:

Compile with fpc hello.pas and run:

Selection Sort in Pascal

Now that we’ve verified it is running, I’m going to show you the code that I wrote for my program. Basically we were asked to Selection Sort two arrays of varying length. Apparently one of the (bad) features of Pascal originally was that you needed to declare the length of the array which made it a pain to work with them.

In this situation it is just two arrays so it isn’t too bad. Enter your array by creating two text files arrayA.txt and arrayB.txt. One number per line. The source code for sort.pas is:

Compile and run (ok to ignore the compile-time errors)

And there you have it. Compiling Pascal program on Ubuntu is an easy way to get your feet wet in programming. Pascal is a great beginner’s programming language, but if you want to learn more there are a number of great resources available for learning Pascal.

It’s no secret that I’m a huge fan of Handbrake. After committing to copying my DVD collection to my storage array, I’ve tried and tested just about all software out there for converting video to H.264 with an emphasis on quality and speed. Many software packages have problems with quality or desynchronized audio, Handbrake is my hands-down favorite when it comes down to converting video — and that includes both free and commercial software.

One of the complaints I hear about Handbrake is that there are too many options. Well, the good news for someone looking for simplicity is that the built-in presets mostly take care of them for you. And for anyone who likes to dive into the nitty gritty of video compression, it also allows for a lot of tweaking to get the most out of your movie while maintaining small file sizes and high quality.

This guide was done on the Windows version but the other versions are all very similar. Also it assumes that there is no copy protection on the disc. If you have copy protection and it is legal in your country to remove it, you can use DVD43 (free), AnyDVD (paid), or other software to do so. If you have a particular question regarding Handbrake, be sure to ask in the comments below and I will get back to you as soon as possible. Thanks to the developers of Handbrake for the great piece of software they have put together! Many of the answers I am supplying below are available via the Handbrake wiki, which is also where you should go if you are looking for more detailed information on a particular item. On to the list!

The Main Menu

You will mainly use 2 buttons here – Source and Start. Source lets you select the DVD you wish to rip from, which is either the disc directly, or the “video_ts” folder if it is stored on your drive. Start begins the encoding process. If you want to run more than one at once, you would Start the first one, then “Add to Queue” to add it to the list of encodings it will do next. The Show Queue button allows you to reorganize or delete upcoming encodings.

Source Information

This area shows you information about your current disc. It will automatically select the largest title and most movies have only one angle. If you only want to encode a certain chapter or section of the disc, this is where you would select it.

Output File

Select where you would like to send the file when done, easy enough!

Output Settings

Container: MP4 or MKV. This depends on where you want to play the file – MP4 is usually more compatible but MKV can have more flexibility.
Large File Size: This mainly seems to be depreciated but you used to have problems playing files larger than 4GB on some devices if this is not checked.
Web Optimized: Assists with streaming via web – if you do not plan on hosting the video online it is safe to keep this off.
iPod 5G support: Only useful if you plan on playing video on a 5th Generation iPod.

Presets

Presets are the easiest way to get encoding fast. The Regular->Normal setting seems to work best both on my local PC and my HTPC. For movies with a lot of special effects where I am looking for higher quality (sacrificing longer encoding times and more hard drive usage) I will move to High Profile. If you are planning on making the movie portable, select the device which closest matches the one you have. It should shrink it down to whatever size you need.

You can also save new presets. If you like to encode a movie a certain way or for a certain device, feel free to change the settings and then ‘Add’ a new profile.

Picture

Source: Resolution of the original video.
Aspect ratio: Whether the original should be “stretched” and how much.
Anamorphic: How much the original should retain its resultion. I keep this on “Strict” most of the time. If you move it to different settings, you may need to specify the resolution, but in general it is best to keep the resolution the same.
Cropping: Best left to automatic – will remove any black bars on the top, bottom or sides of the video. If you find it missed the, select custom and then how much you want to chop off.

Video Filters

Detelecine: This has to do with how the video is interlaced when framerates are changed around. See Handbrake’s wiki for a technical explanation.
Decomb: Similar to Detelecine, this looks at every pixel. While having better results, it will slow down your encode. See more details.
Deinterlace: Deinterlaces every frame an can result in some loss of quality to the video. Removes the lines you sometimes see when anything is moving quickly across the screen.
Denoise: This will filter out noise and film grain from the video.
Deblock: This will remove blocky video due to compression or low quality.
Grayscale Encoding: Your movie will be in black & white.

Generally speaking I leave these options off as they slow down video and also alter the video from what is on the DVD. If you want to keep original quality, keep them off, otherwise feel free to customize to your needs. There is a great Handbrake wiki settings page which explain them further in technical detail.

Video

Video codec: H.264 or MPEG-4 via ffmpeg. In most situations H.264 is superior as the video codec.
Framerate: Highly recommend keeping this same as source. Otherwise your audio and video might get desynchronized.
Quality: I usually go for Constant quality anywhere from 60 to 75. Target size is good if you are trying to fit it on a CD or DVD, and Avg Bitrate is used on some older devices.

Audio

If you want to encode the video only with English then it is usually OK to leave this area alone. You can add other audio tracks to your movie by clicking “Add track” and then selecting the source. Mixdown if you don’t expect to play the movie on a full-speaker system, but keep the bitrate at 160 or more. DRC stands for Dynamic Range Compression – setting this higher will help reduce the differences between the soft and loud moments in the movie.

Subtitles

MakeUseOf covered Subtitles on Handbrake last year, you can review it on that article.

Chapters

Some software will allow you to fast forward or rewind based on the chapters in the file. Handbrake will automatically convert your DVD chapters into the file, tweak them here as needed.

Advanced

Handbrake allows you to change all sorts of settings within the h.264 encoder. These are for advanced users, but below is a summary of the settings just in case you find a need to tweak them for a movie you are encoding.

Instead of rehashing what is already over on the Handbrake wiki article H.264 options, you can just head over there for the gory details. These are tweaks which control how the video is compressed. The only reason to change them is if you are trying to encode a video and are not getting the quality or compression results you are expecting.

Get Encoding!

Hopefully this guide will help you to understand Handbrake and all that it is capable of. This is one of the most important tools in the savvy media connoisseur’s toolbox, and I hope you have found it as useful as I have. Let us know if you have any questions in the comments area below.

I’m not trying to say I had anything to do with Google adding two-factor authentication to Google Apps. I’m really not. But on September 9th, MakeUseOf published an article named How To Secure Your Google Apps Account with Two Factor Authentication. In this article, I wrote:

All of this brings up the question: why doesn’t Google enable a direct way to use two factor authentication with their Gmail, Calendar and other services? Many folks such as myself use Google services for all too many things in their lives, and that login is potentially the most important one of their online life. I would suggest that Google gets onto the security boat and enables this as an option for everyday folks.

Today, 11 days later, Google released their own Two-Factor authentication scheme for Google Apps account (Premier, Education and Government). An example of accurate prognostication? Or just dumb luck? Either way, great job Google!

If you are a Google Apps user, your Administrator will need to enable the feature for your account. Standard edition users will have this feature available shortly. Highly recommended for password and data security if you store your data in the Google cloud.