Zaf’s Blog

Ripe 55 has finished, I didn’t go but I’ve read as much as I can thats come from it. I think the best thing that came from it was this.

According to the latest Herald-DigiPoll, Labour trails National with 36.8% as preferred political party. That said, Helen Clark is still the preferred Prime Minister at 47.4%. Does that means 10.6% of people want Helen Clark, but not Labour? Are they aware what party she belongs to?

Good grief, the state of New Zealand politics is a nightmare. The Prime Minister is in a party that almost 2/3’s of people don’t want in power.

Many people over the last week must feel that Telecom NZ’s Xtra Internet service have given up on email entirely. Well, you aren’t wrong.

All email for Xtra customers now goes through Yahoo’s systems. There seems to be very little of Telecom/Xtra’s equipment or systems involved in their own email service now.

Given that Email is an essential Internet service, it is disconcerting when an ISP decides they are no longer capable of providing an email service, and then hand their email service on to another company who seem equally incapable. I acknowledge that Yahoo in general have run an email system for a long time, and it has been generally well received, but their implementation for Xtra customers seems to be rife with problems.

Customers have been reporting massive problems using the new service. Some of the “features” of the new service are:

• The system insists on installing a program on your local computer in order to access webmail. This is just plain wrong for so many reasons.
• The spam filtering system feels that most email messages are spam, including what is, to almost any system, legitimate mail
• The default spam filtering system does not allow you to download mail put in the Bulk folder.
• There is no way to configure the spam filtering system to mark the message as possible spam, whilst still allowing you to download it.
• The system often requires double-login’s to access various pages. This means the user gets prompted for a username & password, they enter the correct details, click Login and are redirected to another page that asks for the same details. This leads users to believe they have initially entered the wrong password.
• The SMTP servers routinely reject mail with a temporary error code. This does not appear to be greylisting, as no white-list is established once the email is accepted.
• Email delays of up to an hour are routinely reported (this is because of the previous problem).

So Xtra now join my list of companies that I actively do not recommend. This means if a customer asks me if they should use Xtra, I will now say, “I strongly do not recommend Xtra as an Internet provider”. I will also be making suggestions to companies to begin moving their services away from Xtra.

My network is often subjected to brute-force SSH attacks. I have no idea how many attacks would actually occur if not for my various defense mechanisms. The first layer of defense is very very good passwords on all accounts, but the next layer is SSH rate limiting. Only a few connections per minute are allowed from each IP to the SSH port. This is done using the IP tables recent module, which is a very powerful module. There are many examples of using this module to block SSH, and the one below is very well published.
Read the rest of this entry »

I’m often on the road, and sometimes I’d like to be able to connect back to the office network. Normally this is a perfect place for a VPN set up. When dealing with IPv4, a  PPtP, OpenVPN, or IPSec based VPN will work fine. Given that I’m often behind firewalls, PPtP is my preferred choice, although OpenVPN would work well.

But I don’t like easy… Read the rest of this entry »

Sometimes you choose not to use a particular business’s services. Maybe its they don’t look right, maybe its a gut feel, but either way you make that choice. Its really nice when later on, you can see that it was the right choice to make.

Read the rest of this entry »