technorati tags: blogging, microblogging, networking

I haven't blogged for some time, I didn't have time - busy travelling the world. Anyway I'm back, but no longer on myspace. I've gone over to WordPress

technorati tags: technorati, wordpress, blogging

My current gmail stats:

I was offered a job not so long ago to work for a company which produces a fuzzy logic database for biometric applications. It's being used for a number of 3-letter acronyms in the US and US-VISIT (United States Visitor and Immigrant Status Indicator Technology) [I'll explain my idea of fuzzy logic another time.]

On another note, I'm an evil capitalist now! I own my apartment, it's all mine. I now live in the house I rented for almost 2 years - 3rd of November - right in the middle of Amsterdam. It took a lot of heartache, and too many ups and downs, but I have it!

Can you understand why I am so happy? Live is hard, and live is good. God giveth and God taketh away. (Fill in your deity or roll the dice.) And yet without the bad times, how would you recognize the good???

It doesn't hurt my mood that I'm being sent to India for 2 weeks to work on something I think I can do with my hands tied behind my back. ;) Not that the task I have is easy - it's certainly not easy - it's challenging with some very difficult parts, but when it's finished it will make me feel I've accomplished something I haven't had a chance to do yet: Finish a project I started. (I'm not complaining, just very busy!)

technorati tags: india, job, employment, acronym, government, us, work, company, love

I was setting up an anonymous ftp to serve up all my vservers from. (I recently bought 1.5Tb, 1Tb for my PVR and .5Tb for internal storage such as mail, cvs, http, ftp and samba.) I already had a boa web server running on another machine hosting my internal portage tree with overlays, but I preferred ftp for this task as there was no need for a pretty interface and I thought it would be fun to setup.

It had been a while since I configured ProFTPD or any ftp server, and I can only recall setting up one anonymous ftp in 1999. Naturally ftp should be easy to setup with anonymous access, no messing with pam or an authentication stuff. The configuration is pretty much the same as apache, only not as long.

I'm running a really old install of Mandrake, now Mandriva, it was installed in the 25th of December 2001. The machine itself is a laptop Mobile Pentium MMX 200.457Mhz with the original patched/recompiled 2.4.8-26mdk build date Sep 23 17:06:39 CEST 2001. The uptime is back and the main disk is failing, but it has served me well as a web/mail server and development machine. The disk actually comes from a far older machine, which is in my computer cupboard. I'm digressing.

I was installing this ftp server and configured it with the example configs from ProFTP, but it didn't work. I kept getting:

Connected to localhost.localdomain.
220 ProFTPD 1.2.2 Server (ProFTPD VServer Store) [rphh]
500 AUTH not understood.
500 AUTH not understood.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Anonymous login ok, send your complete email address as your password.
Password:
530 Login incorrect.
Login failed.
ftp> 221 Goodbye.

It couldn't be the config, that was almost verbatim from the example.

User                            ftp
Group                           ftp
UserAlias                       anonymous       ftp
RequireValidShell               off

proftpd -nd5

rphh (127.0.0.1[127.0.0.1]) - connected - local  : 127.0.0.1:21
rphh (127.0.0.1[127.0.0.1]) - connected - remote : 127.0.0.1:1525
rphh (127.0.0.1[127.0.0.1]) - FTP session opened.
rphh (127.0.0.1[127.0.0.1]) - received: AUTH GSSAPI
rphh (127.0.0.1[127.0.0.1]) - received: AUTH KERBEROS_V4
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: USER anonymous
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - received: PASS (hidden)
rphh (127.0.0.1[127.0.0.1]) - no supplemental groups found for user 'ftp'
rphh (127.0.0.1[127.0.0.1]) - USER ftp (Login failed): Invalid shell.
rphh (127.0.0.1[127.0.0.1]) - received: SYST
rphh (127.0.0.1[127.0.0.1]) - received: QUIT
rphh (127.0.0.1[127.0.0.1]) - received: QUIT
rphh (127.0.0.1[127.0.0.1]) - FTP session closed.

User                            ftp
Group                           nogroup
UserAlias                       anonymous       ftp
RequireValidShell               off

I ended up spending an hour, where I could have spend 15 minutes because the install added the user ftp, but not the group. Oh well...

technorati tags: ftp, ncftp, proftp, boa, http, httpd, debug, authentication, login, server, mandrake, mandriva, chown, nogroup

I just saw the prime minister of the Netherlands, Jan Peter Balkenende, in the United Nations call on the Security Council for troups on the ground in Myanmar. Then I saw Laura Bush effectively call on China to do somethings about it.

I was recently told that I should have gone to Myanmar when I was traveling through SE Asia, I'm glad I decided against supporting the military junta.

Oh, and Wear Red for Burma this Friday

technorati tags: balkenende, myanmar, birma (_{for the dutch searchers}), burma, war, oil, un, united nations, laura bush, china

I like Ontologies, Taxonomies and Folksonomies. I'm currently reading Wikinomics, I bought Blink at the same time. Wikinomics is is quite interesting, and it is filling me with lots of ideas. It's also gotten me back on the Ontology and Semantic Web path. Related to that I was reading an article I found with Technorati on Identity Blog about privacy and was confronted with Human Ontogenesis. (Read the article, or wait until I reference it again and then read it.)

Ontogenesis -
1. The process of an individual organism growing organically; a purely biological unfolding of events involved in an organism changing gradually from a simple to a more complex level.

Ontology -
1. The branch of metaphysics that deals with the nature of being; a systematic account of existence.
2. A rigorous and exhaustive organization of some knowledge domain that is usually hierarchical and contains all the relevant entities and their relations.

technorati tags: wikinomics, ontogenesis, ontology, folksonomy, taxonomy, collaboration

I was browsing random links, the way people used to do before StumbleUpon, and discovered the following permutation sort algorithm psort. "The interface is intended to ressemble exactly the interface to the standard c function of qsort, to allow easy insertion of this code into applications that you want to make unuseable."

technorati tags: qsort, psort, algorithm, permutation, math, random, code, programming,

I know... I'm a really bad friend... So I forgot one of my best friends, Adrianus, is doing the Amsterdam-Odessa Rally 2007. His team is called Pirates of the Ukraine.

technorati tags: pirates, ukraine, amsterdam, odessa, warmenhoven, paladin, friends, charity

Since I started working for my company I've been exposed to PCI DSS (Payment Card Industry Data Security Standard), "It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues."¹ There are only a small amount of requirements that need to be implemented, although these can be pretty substantial for some customers. I can also be difficult to understand the details of these 12 requirements for compliance.²

Being a programmer by nature I've often been told that the nuts and bolts of what I do, the part I enjoy, are a little complex. PCI is something different, everybody can understand that credit card data needs to be protected from unauthorized access. Not just credit card data, but all data that could potentially be used in identity theft. Which means that a policy or control needs to be implemented to control this, and note any non-compliance.

PCI is just about protecting your "Cardholder Data":

1. Primary Account Number (PAN)
2. Cardholder Name
3. Service Code
4. Expiration Date

It may seem obvious that this data is stored securely, credit card use is ubiquitous. Yet the large banks have had the same problems with data leakage as small retailers, which means the data must be secured from the customer right to the bank who finally processes the payment to avoid this type of leakage. The problem is that payment service providers or merchants have traditionally not done this. They may handle the temporary authorization requests for the PAN or use the Bank Identification Number (BIN) from the card number for routing the payments to the specific issuer, so they may need the number. That's fine, as long as they store the data securely and have a log of who accessed the data and why the data was accessed.

Now that's out of the way I can tell you what I'm doing, I'm playing with RSA Database Security Manager and RSA Key Manager. Simply put DBSM is a framework which encrypts the data as in goes into the database and decrypts it as it comes out. It's something that anybody who is paranoid like me had already been doing for a while, but the way I was doing it required me to write custom fragments of code for every application which needed to access the data. DBSM does it transparently, while at the same time checking the users who try to access it, so only the correct users gain access. RKM hooks into this by providing a framework for the policies or controls which grants the correct people/devices/programs a key to lock-up or unlock the data, different policies can be implemented for different types of data or device.

Now you know what I do.

More reading

• PCI DSS (Wikipedia)
• Payment Card Industry Data Security Standard (pdf)

technorati tags: pci, dss, payment, industry, rsa, rkm, dbsm, encryption, standard, bank, merchant, retailer, ecommerce

So you meet somebody nice have lots of fun at a festival in Turkey, and all that time he's a popstar. A real live popstar. Off all the things you could be! WARNING: Shameless plug: The band is called Githead, the music is quite nice to listen to. I'm not going to tell you who I know otherwise I'll just get lots of groupies hassling me because they want him for his body.

If he thinks I'm going to treat him different now that I know, he can forget it. (Now to find out if I can get a free CD.)

technorati tags: music, friends, mail, humour, humor