I finally got unlazy and found the energy to start on the new revision of this website. The layout is going to stay the same, but the way the site works is changing drastically. The changes should allow me to add new features more quickly aswell as adding cooler features (comments on every page, for example).

I'm still brainstorming how it should all come together, but for the most part I've got a decent xml- and make-based website framework. Webpages are written in pure XML/XHTML and HTML is created using XSLT. The whole website is managed with simple makefiles so when I change one thing, I can simply type 'make' and it republishes itself. Ideally, this would be done by a cronjob so updates simply publish themselves.

I've posted more information about it on the new site, check it out:
http://www.csh.rit.edu/~psionic/new/ (this url no longer works)

Hurray XML!

My love for XML as a document format has only been growing over the past months. I write almost all of my formatted documents using XML these days. Articles and Project pages are written in XML, as are a number of my projects. Most notably, my xmlpresenter project is one of the cooler examples. I can fully publish articles by typing 'make' now, which executes this makefile. No magic cgi scripts involved. Plain HTML is served: Simple, clean, efficient.

I've been wanting to completely rewrite my website using xml and makefiles becuase they're just so simple and xslt makes document formatting the easiest thing in the world. I'm hoping to soon have gathered enough effort points to want to spend on redesigning the internals of this site. We'll see. I'll post more probably in a month when I finally get off my lazy bum.

Files of possible interest:
article.xsl
Article Makefile
ssh security article xml

Having accidentally found a means to completely knock my friend's laptop offline, I sat down and did some research into why and how it happened. Like most of my researching endeavors, I found more information that I had intended. Like the article says in the preface, all of the information presented in the article is probably not new or innovative. In fact, I'd wager that it's public knowledge in the security community.

Whatever, it is new to me. Read if you so desire :)

Link: articles/arp-security/

Kenya, one of my machines, sends me security reports daily (Thanks FreeBSD!).

kenya.csh.rit.edu login failures:
Sep 15 11:15:24 kenya sshd[32882]: Failed password for illegal user a from 218.44.208.162 port 2946 ssh2
Sep 15 11:58:55 kenya sshd[32986]: Failed password for illegal user root from 212.0.132.27 port 40961 ssh2
Sep 15 21:59:03 kenya sshd[34537]: Failed password for illegal user test from 218.44.208.162 port 3614 ssh2

Notice how there was only one root-user attempt and only 2 illegal-user attempts? My logwatcher is configured to instantly block any root login attempts aswell as anyone who tries to login with an invalid user more than once. Keeps the brute-force attempts out of my logs.

Doing this is certainly not a catch-all solution by any means, but definately it keeps my security logs clear of idiots.

Anyone who gets blocked by being naughty on ssh goes into the whores table in pf. That table has been growing steadily for a few weeks now...

kenya(~) [1000] % sudo pfctl -t whores -T show | wc -l
     129

Logwatcher most definately isn't just for security, but the only thing I use it for is to watch auth.log for brute-force bot activity. I'm hoping to have some spare time to spend on developing more neat features into logwatcher as time progresses. Right now, though, it's pretty slick. If you want more information about logwatcher, feel free to visit the logwatcher project page or find me online (aim or email) and bug me with questions or feature requests.