Tuesday, November 15, 2005

Well, Hang it all!

With the help of my Dad, we found a way that was simple enough to get the new doorbell wiring down into the basement. Really, I just had to take the wire straight down inside of the wall, but the problem was going to be drilling down through floor joists and stair supports. I didn't have a drill bit that was long enough for that.

Since we are talking about low-voltage wire for the doorbell, and not the normal 120/240V stuff, we decided instead to just make a small hole above and below each board we were going to drill through, and instead just make a trench between the two holes. Then the wire could come out of the wall from the top hole hole, sit in the bottom of the trench and go back into the wall in the bottom hole. Patching up the sheetrock trench will be easier and stronger than patching a large hole in the sheetrock.

Here is a good example to know what I'm talking about:

Here is the longest trench I had to make. This is at the level of the ceiling/floor between above the basement. There was board behind this hole that made us have to make a very long trench. I think it would have been almost impossible to drill a hole through that and fish the wires through it.

So now the problem is that we decided to move over our front entry mirror so that it is more centered between a door and the wall. It was simple enough to measure and eyeball where the center should be, but I should have measured where each sheetrock screw should go because I had one side too low, then I spackled the hole and waited around 24 hours, then I used a level and thought I was drilling a hole that would be just right, but I made a hole that was too high, and had to fill it in with spackle as well. Hopefully today I can make a hole in just the right spot.

After that I'll paint over my spackle and hopefully our front entry will look like nothing ever happened. Michelle will be very happy to have the 'pardon our dust' look gone.

Friday, November 11, 2005

Local fun - with and without Google

Last night we planned on going on 'Mommy-Daddy dates'. That means Michelled takes one or two of the kids and I take one or two, and they get their own special date. Since we have three kids, only one child gets actual one on one time, but since our youngest is only two, it still ends up being that the older child feels like they are getting almost one-on-one attention.

My son chose to use one of his free bowling coupons and go with my wife. He also had a free ice cream cone coupon. He thought that meant that they would just give you the cone, and you'd have to buy the ice cream to put on it! I guess we've taught them well to be wary of consumer advertising.

My daughter stuck with something she has done before and decided that she wanted to go get frozen custard at Nielsen's Frozen Custard. Next we went to the library to check out books, and then home to read some of the books and watch the Baby Newton DVD (from Baby Einstein) that we checked out.

Overall, the kids had a great time. I don't even remember having to argue with any of them - at all!

It didn't take Google Local to find Nielsen's, the library or the bowling alley, but it did get me closer to maybe finding a cabinet maker or woodworking shop that might be able to get me a good price on materials for my desk. I may build the desk and then add the drawers, cabinets, sides and trim later. If I bought custom sized cabinet doors, they would really make my desk look nice, and that might take care of the part that I can't do myself. I also wonder if I might not be able to find someone who could do the whole job for me. I would think that would get expensive though... we'll see.

Thursday, November 10, 2005

Holey walls Batman! Ding-donging extra doorbell!

My home-office is in our basement. We only have one doorbell, very near the front door where it can be heard fairly well throughout the whole house, except maybe in the outer reaches of the basement. Thus, I miss the doorbell if someone ever comes over, which is a problem if no-one else is home at the time.

So, I resolved to put an additional doorbell in the basement close to my office. I thought I already had a doorbell, which was the main reason I wanted to put one in, but I may have given it away when we moved. So, I went and bought a cheap $7.00 doorbell at The Home Depot.

I searched all over in the basement for where the transformer may be hidden for the doorbell, but I think the previous owner covered it up with sheetrock and paint. (If I had finished the basement, I would have pre-ran the wires for a second doorbell and various other things.) I took off the cover of our chime-box and hooked up my new doorbell in parallel with the existing doorbell. I tried the front and back bells, and they both chime on both chime-boxes, so the transformer must be powerful enough.

Now the trick is to run the wires through the wall down to the location of the second chime box. I have an advantage and disadvantage built into one with the existing chime box being on the wall next to our stairs. Since the basement stairs have a door under them with unfinished walls inside of it, it will be easy for me to run the wire from where the wires come down from above to the wall location where I want to put the new chime box. This might be easier though because the stairs also require more boards to be in the walls right there, which means I have to drill holes through the boards to put the wires through.

In order to drill holes through the boards, I'll need to drill or cut access holes in the sheetrock walls. That means 3 - 4 holes. Luckily I already have spackel, wire mesh and the right paint to patch the holes. It is still a bit of guess work though to figure out where all the holes should go. I've been knocking on walls and measuring rather than using a studfinder. That is a bit tricky when you are going down stairs.

I may ask my dad to come help me out.

Wednesday, November 09, 2005

Ultimate L-shaped desk for a tall guy's home-office

Ever since I moved here to Layton, UT and have been working out of my home office, I've been settling for two cheap desks side by side to hold my two monitors and three machines. The plan is to eventually buy or build the perfect desk for my environment.

Here are the obstacles:
  1. I'm tall. I want any desk I end up with to be slightly taller than the standard desk. I've measured the precise location and height for where a keyboard should be, and I don't want it more or less than a half inch off either way.

  2. I would rather use two keyboards and mice for my two computers than use a switch. Lately I've been doing most of my development by SSH from my windows computer, but I think the better setup for more organization is the way I used to do it, where I could keep all my SSH sessions open under one or two main KDE windows on a couple of virtual desktops. That's the main thing I loved about my linux environment, the multiple desktops and putting all my SSH windows under one tabbed window where I know where everthing is. It makes it much easier to manage my 12 different servers if I don't have to open another window and not have it always in a certain place. I have tried various windows programs that gave me multiple desktops, and some SSH programs that have tabs, but none are free and have the features that come with KDE.

  3. I need the desk to be an L-shaped desk. I have one corner to put it in where I will be able to look out the window, and yet have a wall behind the main monitor so that I can control the brightness of the wall behind the monitor to reduce the strain on my eyes. An L-shaped desk will also give me the most room for writing / planning as I don't type all day everyday and hope to do more planning before actual programming. The L-shape will also allow me to use my rotating chair to simply switch between machines / monitors. That will allow me the power to control two computers easily at once and have the computer I'm working on directly in front of me so I don't have to strain my neck or arms, etc.

I made up plans for exactly how I would build a desk that would suit my needs.
It would be strong, functional and exactly the right height width and depth. The problem is that it wouldn't be easy for me to make it look nice. I'm not a carpenter and I'm sure the desk would probably end up looking kind of plain if I were to build it myself. Maybe that wouldn't be bad, and I do have a couple of ideas for sprucing it up, but nothing that would be really easy. It would be hard for me to do things like custom cabinet doors and such without paying for them to be made separately. The big benefit of making it myself is that I could do it for $100 - $200. That is way less than what I have to pay for something the same size and exact dimensions I want (if I can even find it) anywhere else that I've looked.

There are a few desks I've considered:

Bush Desk

Bestar desk

Note that neither desk has legs at the corner that would prevent me from swinging my legs back and forth under the whole thing. Some desks have a leg or legs right at the corner and that is not OK with me.

I would also want to change the design of any pull-out keyboard holder so that it is at the exact position and height that I would want. I don't know if either of these desks would allow me to do that.

Anyone have any suggestions?

Tuesday, November 08, 2005

Will you share your hacker's IP with me?

This might be quite off-topic from more of my recent posts, but it is just another aspect of my life. I am the Technology Director for a company with less than 10 full time employees and a two person IT department. That means I'm also a Systems Administrator, Network Administrator, Abuse Administrator, etc.

This past week marked the anniversary of the use of a program I designed that would help me to carry out my administrative duties more easily. I used to review the LogWatch emails from my RedHat linux systems daily and would send out emails to the attacking systems' administrators and their upstream providers (ISPs). Every day I would send 5-10 emails because my systems are almost constantly under attack by script-kiddie attempts to login to my systems. They basically try common usernames and passwords to see if they can login to the machine and use it for their own dastardly purposes.

The program basically:
1) gathers attackers IP addresses from login logs
2) looks up the abuse contact information for each IP
3) puts together an abuse report email to send to the abuse contacts
4) sends the abuse report email to the abuse contacts, with a copy to my Hosting company so they can use the information to stop future attacks (although I think I do more work than their whole abuse department)
5) outputs a log of steps 1-4 and emails it to me and my tech team

This process has been working fairly well and the perl script that we have works well on our RedHat systems parsing the /var/log/secure log and automatically doing what I used to spend a half an hour a day on.

I have now began another project to block the IP address (and sometimes the IP ranges) of attackers so that they can't even attempt to hack any of my networks or machines. This is still a mostly manual process that takes me from a half hour to an hour. I look at the IP address of the people who tried to login and failed, usually the number of attempts for any particular attacker range from 10 to several hundred or even thousands of login attempts. The higher the number of attempts, the faster I want to block them, since they are taking up a small portion of my resources.

So I've modified a whois lookup script to be able to store the IP address, IP range, abuse contact, whois host (whois.apnic.net, whois.arin.net, whois.afrinic.net, whois.ripe.net, etc.), date of incident, hostname of attacked machine, and source country of the attack. Most of the attacks come from other countries. I currently don't have any websites that require someone to connect from Asia or Africa, so I just block whole ranges of foreign universities and ISPs, etc. from where I'm being attacked so that something like it won't happen again (my other script already notifies them of the attack, and if they get back to me, I may unblock them).

What I want to automate next:
1) Automatically add entries into my database of attacks from all my systems.
2) Automatically publish IPs and IP ranges to my iptables block lists to all my systems.

Here is where I ask the question: Would you like to share your hacker's IP with me?
I think a distributed network of hacking information would be beneficial to sysadmins everywhere, similar to RBLs for spam, it would be great to setup a Realtime Block List for hackers. In fact I don't see any reason why the same software that some of the other RBLs use couldn't be ported for the purpose. Maybe I'm out of it and something already exists for it. I don't know that it would though, because not near as many people are aware of the hacking problems that happen, because they don't see the evidence of it in their email box every day.

However, if we were to block attackers from being able to keep getting more compromised machines by stopping them at their source, there would be far less machines from which attackers could launch their email spam campaigns. I think this effort would reap large benefits for all corporations. (Although it might put a few sysadmins out of a job if they let the secret out.) I'm one system administrator that would be glad to pass my abuse administrator duties to an automatic program. I'm also sure that pooling our information together will reap the most benefits for everyone.