Wednesday, August 27, 2008

What I Learned About iptables

I've got a good web host. OCS Solutions by name. Small, but with a good reputation. Quiet. Out of the way. Not flashy, but solid.

I found them through a web site called "Rails Hosting Info". People fill out a form and rate their hosts. Mine, of my old host, has been up for the better part of a year. I gave them the lowest possible rating, which is a "1". Zero was not an option.

They were good to start but sold out to some big company. The hosting service became erratic, and customer service was turned over to monkeys. I bailed with $90 left on my account. And glad I did.

I've bugged OCS a little too much, and they've been tolerant, going out of their way to give me hints about things they didn't need to. The service has been rock solid. Everything was fine.

Until lately. Not their fault. I did it. I switched to Linux.

Again, not Linux's fault, but I've had a few issues. One thing I wanted to be sure of, coming from Windows (XP, gratefully, not having had to go through Vista), was that I had adequate firewall and anti-virus protection. In fact, I had a scare recently, when I clicked on a link after a Google search and came face to face with the "XP Antivirus 2008" malware. It completely took over Firefox and would not allow me to do anything.

Being sort of sure that nothing could happen because I was on Linux and had a firewall set up wasn't enough. It spooked the snot out of me. I panicked. The only way I could think of to get things back under control was to close all applications (except Firefox, which was not responding to me at all) and shut down.

Later in the day I re-enabled NoScript (which I had gotten tired of) and went back to that squirrelly link. Bang. It killed Firefox entirely except for its bogus dialog, which I could not shut. NoScript did not intervene. It got blown out of the water somehow. But this time I reopened a main Firefox window and disabled JavaScript, Java, and "Load images automatically". Then the dialog quit refreshing itself and I was able to close it and then close Firefox normally.

I think I still rebooted the computer to be sure, and then did a search on "*.exe" in case I'd gotten some malware placed on the computer (even though it would not run on Linux -- except that I have Wine installed -- not sure about that). Anyway, it seems like I got through it OK.

So back to OCS.

I have two web sites there, and I need access to cPanel, the standard administration software, and to WHM (Web Host Manager). Couldn't get there under Linux.

When I had a small issue with my server stopping, making my web sites unavailable, OCS was kind enough to remind me of a line in their FAQ that told how to resolve this, and they told me without telling me. They just gave me the info and let me go. I stumbled on the FAQ a few days later. And then of course felt like an idiot for not checking there (though I did review their forums)

Then I followed up with a question about accessing cPanel, and got a response to run "iptables -L" in a console window. I did, and got lots of gibberish. Lots of it. Informative, I'm sure, but meaningless to me.

So I searched and searched and couldn't find anything relevant except how to use iptables to set up a server correctly. I was just trying to connect to my host so I could maintain my web sites. The URL is something like https://foo.ocssolutions:1234/. My browser just went around in circles until it timed out.

Finally I posted a question on the OCS forum, and got a reply from the owner, who had originally suggested the "iptables -L" option. This time he said to try "iptables -F". Some research indicated that this would flush the settings -- I think that means that it would wipe out my firewall settings altogether. Not exactly sure, but I at least wanted to have a clue before running commands at random.

I did find a couple of articles, one of them immensely long.

But I'm too short on experience. Detailed information is great if you already know enough so that it is another step up, and you aren't trying to make a single leap to the stars.

Anyway, I decided to play with Guarddog in a trial and error approach, and under Network I found that leaving "DNS" checked and adding "NIS" did the trick. Finally, eh?

I ran "iptables -L" again and found four new lines. I have no idea what they say, but I can identify them, and can access cPanel at OCS.

Now I have to go back and add to my forum post there so I can share the sources I found.

Just in case. You never know. Someone else may need this info.


References

Anatomy of a malware scam: The evil genius of XP Antivirus 2008
cPanel and WHM
Guarddog
Iptables Tutorial 1.2.2
NoScript
OCS Solutions
Rails Hosting Info
Wine HQ

Wednesday, August 20, 2008

Clipping My Emacs

Unlike René Seindal I haven't been using Emacs for 20 years.

More like 11 at most, and most of that time it's been NTEmacs, for Windows platforms.

That isn't enough time. I use Emacs daily. I know maybe at most one percent of what Emacs is capable of. Most of it is inscrutable. For me. There are those who can do wonders with it, but it's hard for me to even find the configuration options. Or if there are any for what I want to do.

I sort of feel I should be ashamed of this but probably not. I haven't learned Lisp and won't bother. And why would I anyway? Lisp? Arrr.

Without Lisp you can't learn all the internals and do intense scripting. Or even understand a lot of what people say.

The official Emacs manual leaves me dizzy. Sometimes I learn a thing or to, but only after I read a piece six or seven times, finally decide it just may be the thing I'm looking for, sort of, hopefully, and then spend half a day in trial an error mode trying to guess at how to implement whatever it is that the manual writers said.

Or what I think I thought they said.

Sometimes I'm lucky. Sometimes it works.

A while ago I bought a PC from ZaReason with Ubuntu installed. I switched it to Kubuntu and overwrote Windows XP on an older machine. On yet a third box I reinstalled Windows XP (after a disastrous "upgrade" to Service Pack 3) and am now dual booting that machine with Linux Mint, which is choice.

But.

We all have at least one but.

But!

One really annoying thing on Linux is that it takes an extra step to copy or cut text in Emacs and then paste it somewhere else. In Kubuntu I've been having to make a trip to Klipper, the clipboard tool. It's sort of a buffer where clipped items can be stored temporarily, or exchanged.

For some reason or other what I copy in Emacs is visible in Klipper, and I can put that text into Kubuntu's clipboard, but only after going to Klipper and selecting it there.

OK, so last night I decided to search for a fix and found one almost immediately. This is after about two months of messing around and forgetting to move things to the clipboard about 10 times a day. It's pretty easy, just type Ctrl-Alt v, then down arrow to the selection and hit enter. If that is easy.

No. It isn't. Not when I could type Ctrl-k in Emacs, followed by Ctrl-y for cut-and-yank (cut and restore) and have things in the system-wide clipboard under Windows.

So now I find that under Emacs version 22.1.1 there is a customization option under "Group Emacs | Group Editing | Group Killing | Option X Select Enable Clipboard". Now the only thing I can't understand is why I didn't look there before. So blindingly obvious. But then that's me. So oblivious, me.

Or is it Emacs? One of us is mucked up.

Anyhoo, now I have a clipboard that works in both directions. Formerly I could cut or copy anything and Emacs would receive it, but this now also works from Emacs to everything else. As it should. I think.

I'm not really sure, since I'm not smart enough to figure out any reason at all why every other application I've used under Linux directly accesses the clipboard and not Emacs.

Anyway I have what I like now. I am so relieved.


References:

NTEmacs.

René Seindal: With GNU Emacs you can always learn.

Clipboard: Emacs Documentation, By Juergen Haas.

Quick tip for Linux users having trouble with Emacs (or XEmacs) copy/paste.


Wednesday, August 13, 2008

Still Sucking at my Qwest

Life goes on. Things get stranger. Having worked in a large bureaucracy I can understand how things work.

No, I can't.

I've never understood institutional incompetence. After all, any organization is made up only of individual persons. I've met a lot of dorks but even stupid people aren't stupid all over. Mostly they're smart enough, just stupid in spots.

Organizations aren't like that. They are the opposite. Organizations are stupid all over, and only smart in spots. Only smart in the spot where you happen to be dealing with a single individual who happens to care a little bit for no particular reason. They never have to, but sometimes one of them does.

So here I am trying to deal with Qwest Communications on an issue that began in April of this year. And guess what? No progress.

No, wait. That isn't right. There is progress.

Usually when someone says "progress" what they mean is that things are moving "forward", getting better in some way, but the word "progress" doesn't really imply that. Progress means only that things are moving. In fact, they may get worse as well as better. So that's it. Progress.

In reverse. But progress. I should stop using that word.

First my internet service went out. It was the DSL modem that I was leasing. I returned it. Then Qwest offered to send me another one, free, with no shipping charges, to keep. For some reason. OK by me, so I accepted.

But it didn't show up. After eight phone calls and talking to nine different representatives, and being promised delivery on three different dates, and having this whole deal confirmed by five different representatives, nothing happened.

Then Qwest charged me another month's lease fee on the DSL modem I no longer had.

I gave up calling and began writing. So far I've sent seven letters. No response.

I complained to the state Utilities and Transportation Commission, to be told that they didn't deal with broadband, only land lines. Since I have a land line connection I don't get this, but so be it. I'll complain to the FCC if I have to.

Then Qwest sent me a different DSL modem than the one they promised, and charged me over $70, including shipping fees and tax.

I'm going to start a small claims lawsuit and see what happens. I have no idea what they are up to. The modem they sent has with it an invoice with one order id, and a letter I got congratulating me on signing up for Qwest broadband service has a different order id. Of course it doesn't matter that I did not sign up for Qwest broadband service again. I did that in 2004. Let alone the fact that I have placed no order.

And still they don't respond.

What I'd like, what I'd love, is if they don't show up in court for some reason. Make it an uncontested case, which I win by default. And then they continue to ignore me. So I can put a lien on their property. Keep them from selling any property in the state. For the next 10 years, renewable for another 10 after that.

That would be worth it.

Almost.


References:

Zero-star ratings
Qwest sucks at Google