ColdFusion Muse

The "Certificate Authority" Racket

You might think that a "secure certificate" is all about encryption. Actually there are two reasons to buy a secure certificate and only one of them is encryption. The other one is about "legitimacy". That second reason is a bit of a sham. It's also about how a very few companies get to profit from a ubiquitous a essentially free technology.

Email Injection Bot Attacks and SPF Records

I got an email from someone on my blog about implementing SPF that said it should cut down on email injection attacks. The reasoning was that the email injection attack typically sends "from" the domain of the web site. Since SPF dictates the servers or domains mail can come "from" then mail from the web server would be rejected. Stopping Email Injection Bots would be a nice side effect of SPF, but it is unlikely. This reasoning does not take into account 2 important details.

Dual NIC - Dual Gateway Issue on Windows 2000

Here's a tip on a windows 2000 box. If you have 2 NICs connected to the same subnet using NAT with static IPs but you are using 2 separate gateways you may suffer from periodic outages of 80 to 180 seconds. In a network I recently worked on, there was a machine that handled static mappings for 2 sets of IPs routed through 2 separate PIX using static mappings and NAT. In this scenario the PIX is the gateway. So NIC 1 with address 192.168.0.8 was setup with gateway 192.168.0.1 and NIC 2 with IP 192.168.0.9 was set up with gateway 192.168.0.2 - both gateway metrics set to 1.

Spam Wars Episode III - Revenge of the SPF

Yesterday and today I've joined the SPF bandwagon. SPF or "Sender Policy Framework" is a way of trying to back track an e-mail’s domain and figure out if the server is legitimate . It does this by adding what is essentially a mask or pattern to a simple text record in the DNS server. For example, you can specify that all mail from a domain should be rejected unless it originates from a particular server or domain. You might dictate that mail must come from servers listed as MX records, or you can specify an "A" record. If your data center has just a few subnets you could specify a range of IP addresses. Pretty neat huh?

Working With Hive Files (Recovering From a Crash)

Did you ever have a truly catastrophic crash where you had to reinstall the whole operating system? If you work with servers this is particularly daunting. A server configuration is more than just the installation of programs. For example, one of our customers recently lost the system drive on a mail server. The hosting company reinstalled Windows 2000 on a new drive and we had to come up with a plan for getting Imail back up and running with over 200 domains. The prospect of calling so many users and reissuing so many passwords made us want to run out into the cold Nebraska night screaming (like we do whenever the Huskers lose to Oklahoma). We had to come up with an alternative plan.

Explaining DNS Without Drinking (or was it Before Drinking)

"DNS is yet another one of those Internet 'things' that just makes me step back and go... Wow! This is amazingly complex, and yet it works really well" Those are the words of Jeff Zimmerman the Cisco King that always has an answer to questions about our network and equipment. He and I trade emails rife with geek speak about cool stuff like DNS. Surprisingly, I have to explain Domain Name Service (DNS) to clients and customers on a regular basis. Questions always arise when a customer is setting up a new web site to host with us, or they are moving an existing web site over to us. The 2 most frequent questions are "What is DNS?" and "Why does it take 12 to 48 hours to make a name change?"

Part II - Possibly the BEST Marketing Strategy Ever

I stand corrected. The candidate is now actually going to GO WITH the blackmailing host company. Not only that, but the company supports no scripting languages - only Front Page Extensions. They do this for security reasons (security reasons?). So my friend the developer is busy converting his site into a front page site to make it more secure. Meanwhile, I'm going to contact the host and see if they are interested in my new idea - selling bottled Nebraska air on E-bay. I think they might be able to pull it off.

(this is a follow up to my previous post.)

Developersauros Tarpit - Email Marketing

If it hasn't happened to you yet get ready - it will. Some client or potential client is going to ask you if you can do an "email blast". Now, they might mean that they want to send a newsletter or announcement to their own customers. Or they might mean they want you to contribute to the juggernaut of spam that is flooding the Internet. To you, spam is a battle - a titanic struggle between good and evil. To them, spam is minor annoyance, or (due to the fact that many clients are salesman turned businessman) a goldmine of nearly free marketing. Of course, they may not read 200 to 300 emails a day. In any case you will have to consider how to respond and what kind of advice to give your client. Here are a few important things to consider.