• Home
• Contact jsimmons
• About Jsimmons
• Hire Jason/CV
• What is Applied IT

Bespoke multi media services

Posted on July 27, 2010
Filed Under News | Leave a Comment

This is a shameless plug for a new service I have setup with my brother and a few other creative people. We have setup a service to help people create audio content for videos, presentations, phone systems and tutorials.

I’m basically reselling the following services.

• Bespoke musical content for videos and even films and computer games
• Content for Internet marketers
• Training video authors
• Music on Hold for Phone systems

Basically anyone who requires digital audio content, I know someone who can help you.

Frozen Ammo Recordings, Bespoke audio content

IPBrick Enterprise Linux

Posted on July 19, 2010
Filed Under IT & Business, IT Solutions | Leave a Comment

If you are a regular reader of my website you will know that I’m a fan of Linux and how it can be used within business. I have been looking at a number of Linux distributions and how they can be used in business. My favorites so far have been Ubuntu and also Centos. However these are great starting points for a general purpose server. You still need to provide quite a lot of installation and tweaking to create a perfect server for business use. Whilst at Cebit a couple of years ago , I can across a Linux Distribution based on Debian called IPBrick. If you can put the name aside for a moment, the distro is actually very good.

A small team of developers have taken the pain of gathering openldap, samba, apache and a number of other open-source tools and they have created a single management interface. This a commercial distro which you do have to license your server for. What you are paying for is the management tools and also the support. Yes if you are determined enough you can create your own management scripts ,and plugin other tools from sourceforge, however this does take time, and time is money, so why not pay some one else to do it.

http://www.trensys.com/ucoip

Using IPset with IPtables in Ubuntu LTS 10.04 to block large IP ranges

Posted on June 8, 2010
Filed Under IT Solutions | Leave a Comment

There are a large number of firewall and security appliances on the market, some good some awful. I tend to use a lot of Cisco security products. With the current supply chain problems in getting hold of Cisco products I have been looking around the market. I have noticed that a number of products are systems which have FreeBSD or Linux at the heart under a nice shiny badge.

I thought I will put together a solution myself based on the same ingredients. The reason why is because I have realised that I have become dependent on main stream vendors to deploy solutions, and don’t always fully address the need. With the push to virtualisation, it would be good to have a powerful virtualised firewall just like the big boys. So he is what I have done so far.

High performance Ubuntu Firewall

If you run a webserver you will know that your webserver is scanned and probed from particular networks from originating from a hot-spot of countries. If your web application does not require then why not just block it.

Well it can prove expensive in terms of performance, to block a whole country can take 1000’s of rules (http://www.countryipblocks.net/). Well using this solution you can do things some of the big boys cant do ( Sonicwall !). Using iptables and IPset you can create 1000’s of rules and objects with impacting heavily on performance.

Iptables is already part of all Linux Distributions, However IPset is not. You have to install it and it can be a bit awkward. However it is a piece of cake in Ubuntu 10.04 LTS.

sudo apt-get install ipset ipset-source
m-a a-i ipset

Performing the previous commands will install the required kernel modules using module-assistant, and also the user space tools. You are know ready to create your very large firewall rules. This is so much easier than patching the kernel with patcho-matic and recompiling iptables. This is how you use it

Create your sets, you can get your network list from http://www.countryipblocks.net/ and write a script to generate the creation of the list.

ipset –create feckoff nethash
ipset –add feckoff 27.8.0.0/12
ipset –add feckoff 27.24.0.0/13
ipset –add feckoff 27.8.0.0/12
ipset –add feckoff 27.24.0.0/13
ipset –add feckoff 27.36.0.0/13
ipset –add feckoff 27.44.0.0/14
ipset –add feckoff 27.50.128.0/17
ipset –add feckoff 27.54.192.0/18
ipset –add feckoff 27.144.0.0/16
ipset –add feckoff 27.148.0.0/10
ipset –add feckoff 27.212.0.0/12
ipset –add feckoff 58.14.0.0/13
ipset –add feckoff 58.22.0.0/14
……. etc etc 100’s of subnets later you have added all your subnets, DONT MIX /32 networks or hosts

Now he comes the important bit. Now you have created your IPset you can now apply it to your rule base.

iptables -A INPUT -m set –set feckoff src -j DROP

You have just blocked 1000’s of subnets with one command in your ruleset

In an ideal world you would not really want to block a whole range of subnets like this, It is not the best use of resources. However there are times when this is required to increase security of you webserver against a particular type of attack.

What Next

Well I think I will add the following

1. OpenVPN
2. Snort
3. FreeRadius ( So I can use 802.1x )
4. Layer7 Filter for IPtables
5. Some Clustering/ Load balancing

I could end up with with some pretty powerful firewall here. Any one fancy helping me write a GUI for management, or crafting in webmin.

Let me know your comments, who would be interested in VM firewall protecting your virtual server envronment.

Where are the innovators ?

Posted on June 3, 2010
Filed Under General | Leave a Comment

Growing up in the 1980’s as a teenager I was exposed to new exciting developments of the Micro Computer. These were machines which plug into the home television and you can play games and experiment and learn. I had a commodore 64 on which I taught myself 6502 machine code at the age of 14. What help keep my interest was magazine which came out over 52 weeks teaching you how to program.

It was available from the likes of WH Smiths & John Menzies newagents for a couple of quid. Not only was this an age of emerging computers it was also the formative years of major brands. The Darling brothers started codemasters whilst still schoolboys.

The difference between those days and now is that we have so much more technology to play with and learn and exploit. With the Internet this information is so easy to get hold of.

Despite this the nature of how computers are used and viewed has changed. Computers are used for consumption rather then creation. You consume facebook,twitter,online gaming,itunes, pirating movies and even porn. Now the tools are very much closed and prescribed, You have to purchase expensive software development kits licensed from the likes of Sony or Microsoft to create mainstream games.

The point is it feels like the days of prevalent innovation have passed. The days where you could walk into John Menzies and buy a assembly language compiler for £3.95 have gone. Sure you can get free compilers off the Internet if you know where to look.

All the magazines in the news agents now are geared towards consumption of other people games. Even the creation of websites involve the use of expensive tools which most hobbyists can not afford.

We are now benefiting from the things which were created back in those days, and the same environment has been removed for future innovation and creation. If you have kids teach them that computers are also a playing ground for learning not just mindless consumption.

10 POKE 53281,0
20 PRINT “I WANT TO LEARN MACHINE CODE”
30 GOTO 20
40 REM WILL THIS CODE WORK
50 SYS 64738

The man in the white Suit

Posted on May 28, 2010
Filed Under Open Source | Leave a Comment

The man in the white suit is a comedy film made in the 1950’s about an eager scientist that creates a revolutionary product to help mankind. He observes the poor trying to keep themselves clothed and clean. The older washer women struggling to clean clothes, so he decides to fix the problem.

He decides to fix the problem by creating a material which never gets dirty, never wears out and so never needs to be replaced. He thinks this is a marvelous invention and sets out to tell the world that they need to struggle no more.

He makes a white suit made out of the material so he can demonstrate the merits of his invention. The suit works perfectly ,true to design it does not wear out and never gets dirty no matter what scrapes he gets into.

A lot of people love his invention and welcome it with open arms, however at the same time something rather sinister is occurring which he did not expect.

The textile and cleaning industry are not as happy to receive his invention. Textiles that don’t need cleaning or replacing are not very good attributes for either industry. Both industries try nicely at first to persuade him to sell the invention to them. If he sold the invention he would have become very wealthy.

He decides not to sell as he knows that the invention would be crushed never to be seen again. He wants the world to receive the freedom to benefit from such an invention, even if he has to turn away great personal wealth. This is when things turn nasty as the industries turn up the heat to get rid of this product that threatens their industry.

Not only is this an entertaining film, but as a IT professional I can see similarities between the Open Source software paradigm and the more established closed/proprietary commercial software industries. The Open Source software proponents have a number of white suits in existence. lets take a look at one of my favorites, the Linux Operating System.

Some the features of Linux.

• You can obtain Linux for free, just download it from the internet.
• You can change Linux to suit you, even create your own version.
• Linux is very stable and makes good use of your computer resources
• It is not susceptible to the large numbers of virus’s and worms on the internet
• You are encouraged to share Linux with your friends without licensing violations

A lot of people love the power this feature-set provides, some use it quietly in the background outside of public view and some hate it.
Steve Ballmer calls Linux a cancer in the industry

Facts behind Microsoft’s anti-Linux campaign

Software patents ‘threaten Linux’

The established industry dislike Open Sources software as it disrupts established markets. Many different tactics are being pursued to restrict the growth of Open Source.

It is important to keep in mind that most of the established IT companies will guide you with careful marketing to show you which products are best for YOU. However it is not always the case. Companies need to sustain/grow market share and remove any threat to this by using careful fear/uncertainty/doubt marketing, patents and litigation.

If you don’t keep these things in mind, you could be missing out on some of the benefits that software like Linux, FreeBSD, Asterisk, PostgreSQL,Apache and numerous other Open Source software have to offer.

You have the freedom of choice.

The Linux Desktop

Posted on March 1, 2010
Filed Under Open Source | Leave a Comment

I have been an keen advocate of open source software and Linux in particular since discovering it back in early 2000, and the power it gave me to manage network environments. Network engineering is more core skill, and I discovered Linux and a myriad of network management tools whilst working for a cash strapped automotive firm.

As Linux improved in usability and hardware driver availability, I began using it on my desktop environments instead of excursively on servers. My reasons for running a Linux desktop and dumping windows were as follows.

• I got fed up of paying £35-£50 to buy software to protect me from virus’s , and then not being sure that you are actually still virus free.
• I got fed up of asking Microsoft for a new activation code for windows every time, I upgraded my Graphics card, or upgraded my PC.
• I got fed-up of having my machine taken, over just by viewing a jpeg in Internet explorer.
• I loved the fact that I could install software from Linux on-line catalogs for free.
• I love the fact I have more tools to secure my computer ,without having to ask if I have the “Professional” or “Ultimate” versions of Linux.
• I love the fact that I’m forced to run as a with non administrative rights, and elevate my right only when required.
• I love the desktop effects and and virtual desktops which windows is only just starting to try and emulate.

Running a Linux desktop puts you back in control. You don’t feel that Microsoft have lent you the machine, or that your machine is actually owned by a teenager from china, and it’s in your house.

As for which version of Linux to use, yes there a lots to choose from, which makes things so interesting. One of the key ones which as had a key hand in making Linux so usable is Ubuntu Linux. “Linux for Human beings”.

Now when I’m approached to fix a virus ridden machines with about 12 botnets running on it. I also suggest the owners take a look at Linux.

9 times out of ten , most people moan that they wish they heard about Linux earlier.

If that’s the case ( you may ask). Why does Linux have less that 2% market share.

This will come clear in my later articles.

Thank you Ubuntu Developement team

Posted on December 14, 2009
Filed Under Uncategorized | Leave a Comment

Pictured below are the people involved in creating and developing Ubuntu Linux. This is just before version 9.10 was launched. if you have not tried Linux before. I recommend you give Ubuntu Linux a try.

Many thanks for all your hard work guys.

How to FAIL, even with good technology

Posted on December 2, 2009
Filed Under General | Leave a Comment

If you read my article on ” What is Applied Information Technology” you will see that I take the view that the use of technology in business should create strong benefits, otherwise technology becomes a burden. You should be able to see a direct business benefit in the operation of your business, and also your customer satisfaction due to your more efficient information management and hopefully your process’s .

One of the best case studies of how to fail, even with good technology is parcelforce worldwide . I have written this post due to the fact that I’m currently experiencing some symptoms of the serious failings of this business, and thought I would use this as a case study, and also to warn other people not to trust items to parcelforce until they improve their systems and process’s. An item I’m shipping overseas has been lost or stolen whilst entrusted to parcelforce. Yes I’m annoyed that the parcel has been lost, but the key area of study is how it is being dealt with.

This is what is highlighting some serious problems which I wish I knew before i tried to use there services. Especially after I have done some research I can see that it is far reaching. I had no idea things were like this.

Parcelforce are keen to highlight that in 2006 they received an IFW Freighting Industry Awards for technology Well as we approach 2010 it looks like the technology no longer fits the business, or it is not being used effectively and they are now firefighting.

Apparently in 2007 a number of new computer systems were installed to replace some of the older systems which they inherited from Royal Mail and Post office counters.

Here are some of the symptoms, As we approach the Christmas rush this organisation will be under greater strain, and I would recommend you find an alternative method of delivering items.

• Electronically tracked items are lost without trace, which the investigations team can not locate
• To make a claim for lost items, You download a claim form in PDF fill it in by hand and FAX it back to them
• Once the claim is faxed, staff are not able to acknowledge receipt for at least 7 days. Hang on to your fax receipt
• You can’t book online on your Apple Mac, Smartphone, netbook or Linux machine. Windows only
• In June 2009 personal information customer information was leaked via the parcelforce.com website

“Competitive advantage does not come from possessing Information Technology, It comes from how well it is applied”

Caveat emptor ( buyer beware)

Posted on June 1, 2009
Filed Under General | Leave a Comment

Have you seen those adverts on the web or in the internet mags advertising server co-location. Co-location is where you pay a company to place your server on the internet in a data center. You pay a monthly or fee and you may sometimes a setup fee. Just like a mobile phone, different tarrifs are available, depending on your requirements. These are the key variables which will affect your pricing.

• Bandwidth
• Size, 1U, 2U etc
• Additional IP addressing
• Physical Firewall
• **Power Consumption

The reason I have placed an asterisk next to power consumption is because this is a key area where you may get stung. Most hosting providers will have an introductory tarrif which will allow your server to consume 0.4a to 0.5a of power. If your server is pulling more than 0.4a when a measurement is taken, You will be charged extra for going over your allowance,

Seems fair at first glance, power & cooling is expensive after all. However , how many servers draw 0.5amps. You are hosting a server designed to serve hundreds of people, lots of ram and redundant power supplies and hard discs. Yet you have an allowance of 0.5amps. To put this in perspective, I have seen my little Fujitsu sub-note book draw 0.3amps when on charge.

Perhaps I should co-locate my sub-notebook.

The point of this posting is to let you be aware that the headline tarrifs you see for server hosting will not always be what you will pay. It is very important to know your hardware and how much power it use’s at idle, and also on full load. That £45 per month tarrif could end up costing you £75 per month because you did not do your homework.

Caveat emptor

Sockstress is able to cause internet meltdown

Posted on October 4, 2008
Filed Under IT News | Leave a Comment

A rather dangerous security flaw which can cause major havoc on the ability to deliver internet services has been discovered. A team of security researchers have discovered a security flaw in the protocol called TCP. TCP is the blood that flows through the internet. Without TCP the internet would not function as we know it.

To investigate this security flaw, an application called Sockstress has been created. This application has the ability to crash routers, Firewalls, Web Servers, Windows Servers and even Linux servers. This is a serious cross platform flaw which affects any internet device which offers internet based services. Even your small webserver sitting behind your broadband router is affected.

It works by causing what is known as a DOS (Denial of Service ) attack. This means the server will no longer be able to function or offer websites, Email or any internet based services.

It works by causing the internet server to consume large amounts of resources, and then it runs out of resources and stops working. Resources are things like Memory and Disc space. Every connection that is made to a internet servers requires resources. When a new connection is made , the servers will allocate resources for that connection. The more connections that are made, the more resources are allocated.

Sockstress creates connections to the internet server, then does nothing with them. The internet server then keeps asking “Can you use the connection now ?” and the answer is always no. And at the same time new connections are being made, and the process gets repeated. Eventually the server runs out of resources to offer to real customers, and it dies.

Think of it like this.

A few people telephone a restaurant and reserve a table. The restaurant reserves the table for that person. These people keep doing this over a period of time pretending to be different people. The restaurant reserves all it’s tables, calls in extra staff, cancels staff vacations and starts refusing real customers because all tables are reserved.

These trickster people who have made these reservations do not turn up and the restaurant tries to contact these people to see what’s happening. Some people can be contacted and they insist that they are coming, please do not unreserve my table.

During all this, the restaurant is no longer accepting reservations from real customers. The real customers have been denied service. Hence the term DOS “Denial Of Service” attack

This is a very simplistic view, but it conveys the principal of how the attack works.

I’m sure a workaround will be created soon, However at the moment we don’t have one, and the internet is as risk.

http://www.t2.fi/2008/08/27/jack-c-louis-and-robert-e-lee-to-talk-about-new-dos-attack-vectors/

keep looking »

• About

  Jason Simmons is an Information Technology professional with over 20 years experience. This website is designed to provide a technical resource for technology implementers, and provide comments and insight for business managers on how Information technology can be applied for benefit.

• Recently Written

  • Bespoke multi media services
  • IPBrick Enterprise Linux
  • Using IPset with IPtables in Ubuntu LTS 10.04 to block large IP ranges
  • Where are the innovators ?
  • The man in the white Suit
  • The Linux Desktop
  • Thank you Ubuntu Developement team
  • How to FAIL, even with good technology
  • Caveat emptor ( buyer beware)
  • Sockstress is able to cause internet meltdown


• Categories

  • General
  • Humor
  • IT & Business
  • IT News
  • IT Solutions
  • Networking
  • News
  • Open Source
  • Uncategorized

• Monthly Archives

  • July 2010
  • June 2010
  • May 2010
  • March 2010
  • December 2009
  • June 2009
  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • January 2008
  • December 2007
  • April 2007
  • February 2007
  • January 2007
  • September 2006
  • April 2006
  • November 2005
  • October 2005
  • August 2005
  • June 2005
  • May 2005