318 Tech Journal

WordPress Security Auditing

DK — Thu, 11 Mar 2010 21:46:22 +0000

After reading Sarah Gooding’s WPMU.org article, 7 Quick Strategies to Beef Up Your Security, we decided to take a look at our own WordPress settings here on the 318 Tech Journal.

Deleting the Default Admin User

Creating a new user with admin permissions, then logging in as that user and deleting the default “admin” account is great advice. Just make sure you assign all of the old admin users posts and links to the new account. Another caveat, if you are using the WPG2 plugin with a Gallery2 installation, make sure to remove the Gallery2 user links before deleting the old admin account.

Don’t Use the Default “wp_” Table Prefix

SQL injection attacks are very real, and this tip can help mitigate risk of infection. The WP Security Scan plug-in mentioned in the WPMU.org article has a built-in tool to help automate this change, but it can also lock you out of your dashboard. The trick is to make sure each user’s meta_key settings in the usermeta table match whatever prefix you choose:

wp_capabilities –> newprefix_capabilities
wp_usersettings –> newprefix_usersettings
wp_usersettingstime –> newprefix_usersettingstime
wp_user_level –> newprefix_user_level

Whitelisting Access to wp-admin by IP Address

This is typically done via .htaccess files and the AskApache Password Protection For WordPress plug-in mentioned in the WPMU.org article can help get the settings correct, although that plug-in has specific server requirements in order to run (it will run some tests for you to see if your server qualifies). If you do set this up, beware of dynamic IP address changes, which can lock you out in the future.

Other Items to Consider

Consider using a local MySQL application like Sequel Pro or the command line mysql tools for database configuration instead of public web-facing tools like phpMyAdmin. If you do use PMA, you should lock down access as much as possible using .htaccess controls (or other methods).
Tools like the WP Security Scan plug-in mentioned above or Donncha O Caoimh’s WordPress Exploit Scanner plug-in can help identify file permission issues in your WordPress setup.
Using SSH/SFTP instead of FTP to access your server is always good advice, even when you are using whitelists.
Stay up to date on both WordPress core files and all of your plug-ins.

318 is here to help you with all of your WordPress needs – call us today at 877.318.1318!

Link To:

Follow us on Twitter

Joel Cowgill — Fri, 05 Mar 2010 22:47:56 +0000

Follow 318 on Twitter

Link To:

Visit our booth at Macworld 2010

Joel Cowgill — Thu, 11 Feb 2010 19:08:50 +0000

Come visit our booth at Macworld 2010 on the expo floor. We are located in Booth 566C and have a bunch of free schwag to give out.

We also have a number of sessions this year:

Hands-on Snow Leopard Server: Collaboration Services with Charles Edge
2/10 – 1:00PM to 3:00PM

Push: The Next Generation of Collaboration is Snow Leopard Server with Charles Edge
2/11 – 4:30PM to 6:00PM

Advanced Integration with Final Cut Server with Beau Hunter
2/12 – 3:30PM to 5:00PM

iPhone Mass Deployment with Zack Smith
2/13 – 2:30PM to 4:00PM

We hope to see you there!

Link To:

Screen Saver for Background Video

Charles Edge — Fri, 29 Jan 2010 14:41:48 +0000

Link To:

“And Now For Something Completely Different”

Charles Edge — Thu, 28 Jan 2010 20:19:15 +0000

This week, Apple launched their newest product: the iPad. The sleek iPad is a revolutionary new look at the NetBook, but able to run most of the 140,000 applications that are in the App Store for the iPhone. Given the popularity of the App Store so far and the new development methods introduced for the iPad you can rest assured that even more feature rich applications will be developed for the iPad as time goes on. Not that Apple hasn’t led the charge in using the new iPad APIs: iWork has been ported to the iPad. This means that you can create rich Pages, Numbers and Keynote presentations in addition to interacting with a number of cloud based services and leveraging those existing iPhone applications.

The iPad is aluminum and glass, comes with up to 64GB of space, a multi-touch LED screen, 802.11n, Bluetooth and can have a 3G data connection for only $29.99 per month. All of this in a secure, easy-to-use interface that we’ve all grown accustomed to!

Want help integrating the iPad into your Enterprise? Let 318 know if you have interest with mass deployment, purchasing or development: our developers are on hand to work with you on commercial and enterprise applications as needed!

Link To:

Preparing for Exchange 2007

Charles Edge — Wed, 27 Jan 2010 18:05:48 +0000

Make sure you have a fully updated Windows 2008 64bit install setup for the following commands to work. Note that Windows 2008 R2 will NOT work with Exchange 2007.

Exchange 2007 has a lot of prerequisites that need to be installed before you can install Exchange 2007. Instead of going through a bunch of Wizards and using trial and error to make sure you have everything installed, you can set them up using a command line.

The first command that should be run is:

ServerManagerCmd -i PowerShell

This will install and configure everything that Exchange 2007 needs for PowerShell.

IIS has several components that need to be installed to use Exchange 2007. You can create a quick batch script that includes them all. The following commands need to be run:

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

If you plan on using RPC over HTTP (Outlook Anywhere) you will need to run this command after all of the IIS commands have finished:

ServerManagerCmd -i RPC-over-HTTP-proxy

After running these commands you should be ready to run the actual setup files. When you run setup.exe you should see that everything before option 4. Is greyed out. Option 4. is what triggers the install. If anything has not finished look through the command lines to make sure no errors have shown up.

Link To:

New ActiveStorage iPhone App

Charles Edge — Tue, 26 Jan 2010 20:47:41 +0000

Active Storage has released a new iPhone app that you can use to monitor the status of their new XRAID ES. If you are interested in the Active Storage products then please call 318 at 310-581-9500 for more information and pricing.

The App is available on the App Store.

Link To:

ACLs and NFS

Beau Hunter — Fri, 15 Jan 2010 02:15:07 +0000

The permissions that a user obtains for NFS shares will boil down to effective permissions. NFS doesn’t support ACLs, but it does honor them for Mac OS X NFS clients when bound to the directory.: if a user is granted read/write via an ACL, they WILL have read/write access via NFS. However, there are a few things to note here.

First and foremost, granular ACL’s won’t translate completely. Secondly, although you might have effective write privileges via ACL’s, if you don’t have write privileges via POSIX, it will *look* like you don’t have privileges when you do an `ls` on the mounted NFS volume, however, if you try to read or write a file, it will work without issue. Poorly written software might inspect the POSIX permissions and determine that you don’t have access when you really do. Most software will attempt to read/write an asset and will report errors when encountered (as it should). Lastly, ACL inheritance IS honored over NFS as well, so any files/dirs your users will create will have the appropriate ACL’s assigned on the backend, though displayed POSIX permissions once again won’t be especially accurate.

Link To:

Mighty Mouse Unleashed!

Charles Edge — Thu, 31 Dec 2009 18:31:57 +0000

If you have been wondering what more you can do with that shiny new Mighty Mouse then get ready. MagicPrefs, from Vlad Alexa allows you to do the following:

- It features the ability to bind a variable number of finger clicks, taps, swipes, pinch and other gestures to functions like Middle Click , Hold Down Both Mouse Buttons , Spaces , Expose, Dashboard etc.
- Touch Sensitivity implements a single point control for a number of factors impacting the algorithms of the taps, swipes, pinche and other gestures.
- Tracking Speed adds the ability to increase the maximum mouse speed by a extra 200%.
- Also featured is a real-time display of the fingers touching the surface of the mouse that you can enable to test and monitor the way the mouse sees fingers.

Link To:

Background Checks? There’s an App for That!

Charles Edge — Thu, 24 Dec 2009 22:25:34 +0000

Apple’s App store is a veritable wild west movie of products; business, pleasure, pleasure disguised to look like business, useful tools that are free and do-nothing apps that cost $999.99.

Beenverified.com has released a “free” app that allows you to run background checks right from your iPhone. While this isn’t a new idea, the app is well designed and you get three free searches a week. Since it’s just been released, you can only run one search at a time due to high server demand, but the searches are accurate and in-depth. It was able to produce not only basic information about those of us that have tried it, but also gave a complete histories of houses, including past owners, past occupants and the house’s current market value, amongst other things!

Link To:

MergeSafBookmarks Now Open Sourced

Charles Edge — Wed, 23 Dec 2009 00:49:36 +0000

318 has open sourced our mergeSafBookmarks python script. This tool can read in a pair of property lists and merge them into a single resultant bookmarks file for Safari. This takes a lot of the work out of pushing bookmarks to existing users as part of your deployment. You can find it here:

http://mergebookmarks.sourceforge.net

Note: The script also looks at existing bookmarks and doesn’t merge in duplicates.

Link To:

Xsan 2.2.1

Charles Edge — Fri, 18 Dec 2009 21:32:34 +0000

Xsan 2.2.1 has been released. Updates include:

Improved filesystem reliability
Improved cvfsck (the Xsan filesystem repair tool)
Resolves QuickTime reporting “invalid public movie atom found” on playback
Eliminates “An unknown disk has been inserted” message when mounting Xsan volumes (occurs in Mac OS X 10.5 Leopard only)

Link To:

318 Open Sources the ASR Setup Tool

Charles Edge — Mon, 14 Dec 2009 20:34:54 +0000

318 has decided to open source our ASR Setup Tool under GPLv3. The tool can now be found at http://asrsetup.sourceforge.net. The ASR Setup Tool is built as a wrapper for the asr command line suite from Apple. The description from SourceForge:

Developed by 318 Inc., ASR Setup Toll is an application for setting up Apple Software Restore (“ASR”). In the context of the ASR Setup Tool, ASR is used for setting up a multicast stream that can then be leveraged for imaging Mac OS X computers.

We hope you enjoy!

Link To:

Screen Shots & ARD

Beau Hunter — Tue, 08 Dec 2009 14:36:21 +0000

For what it’s worth, we take ours from the command line. It helps keep proper track of the names screens. Simply open up a terminal window on a remote server via Apple Remote Desktop (ARD) and run the following command:

sleep 3; screencapture -iw ~/Desktop/filename.png

When you run that full string as a command you’ll have 3 seconds after hitting enter to highlight your target window, at which point your cursor will switch to the photo in window selection mode. Alternatively, you can run:

sleep 3; screencapture -iwc

Which will capture the picture to the remote machines clipboard (and can then be copied via ARD, and opened in Preview (File->new from clipboard).

Link To:

Google Apps Connector for BlackBerry

Charles Edge — Wed, 02 Dec 2009 16:01:23 +0000

Using the Google Apps Connector for BlackBerry means that your Blackberry users can keep using the mobile platform that they love, with Google Apps. The Google Apps Connector allows users to access mail, calendar and contacts using the built-in applications for doing so rather than needing a 3rd party application. The Google Apps Connector plugs into BlackBerry Enterprise Server and connects from your organization to Google, handing off the traffic destined to handhelds through Research In Motion in much the same way that Blackberry Enterprise Server for Exchange works.

The 1.5 version of the Google Apps connector for Blackberry has now been released. This update brings maturity, additional capacity and overall performance enhancements. But most importantly, it can be run on 64-bit operating systems. You can also now use BlackBerry Professional with the Google Apps Connector for BlackBerry Enterprise Server.

If your organization is considering a move to Google Apps, contact 318 now and we can help to plan the transition; whether from Exchange or Lotus Notes or even good ‘ole postfix, 318 is here to help!

Link To:

OmniGraffle Tips & Tricks

Charles Edge — Tue, 01 Dec 2009 19:13:51 +0000

Here are some great OmniGraffle Tips and Tricks!

Link To:

New CLI Options in Final Cut Server

Charles Edge — Wed, 25 Nov 2009 19:05:52 +0000

For those of us who thought that the Final Cut Server 1.5.1 update was just a couple of minor bug fixes, there’s a little more than meets the eye. If you run /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_client then you’ll note that there are a few fun new features. While there hasn’t been enough time to thoroughly put the new options through their paces, we do hope to do further reporting on them as we become more comfortable with leveraging them for automations. Stay tuned!

Link To:

ATTO Fibre Channel + Snow Leopard

Chris Barker — Tue, 24 Nov 2009 21:11:47 +0000

If you’re using the ATTO card along with Snow Leopard then the 2.41MP driver on their website is compatible with 10.6, but they have yet to update the website to reflect that it is. These are the drivers for 42ES coupled with the EMC Clarion system:
http://attotech.com/product.php?model=80

You may want to check with Tech Support, but it appears the latest 10.5 drivers will work with 10.6

Link To:

Tier Zero Asset Development

Charles Edge — Tue, 17 Nov 2009 17:02:19 +0000

The staff at 318 is responsible for developing over 75 courses, 40 exams and thousands of pages of assets for ourselves and our customers, including vendors that you may have obtained certifications through. 318 is a firm believer in education, developing a substantial amount of documentation and testing materials for our own internal use and exclusive use for various customers. We are able to do this because we have a strong emphasis on education, which can be seen by the fact that 7 of our staff have become technical authors publishing books while at 318.

But developing assets that can be leveraged to decrease Total Cost of Ownership (TCO) for an organization is arguably a different beast. FAQs, knowledge base articles and pre-populated wiki entries are only the beginning to the self-servicing power that can be unleashed for your users. Concerned that you don’t have the deep technical backgrounds, the time to develop the required assets or the writing experience on staff, then let 318 work with you to develop a plan and assets that can be provided in a variety of means to meet the needs of your dynamically changing user base.

Contact 318 today for more on leveraging our experience to help you with your emerging zero asset needs.

Link To:

Kerio Beta Released

Charles Edge — Wed, 11 Nov 2009 17:34:12 +0000

The next version of Kerio, Kerio Connect, has now gone into Beta. The most impressive addition is the ability to have multiple servers, which will help to scale Kerio further both in terms of geography and in terms of total user count. For more on the update:

As Kerio 7 continues to move forward in development, we look forward to seeing how the other new features perform and work with our customers to develop strategies for the newly supported features. If you were thinking about Kerio, but the scalability was a barrier for you in the past, then contact us now and we can work with you to determine if Kerio is a good fit for your organization and if so, develop a strategy for integration!

Link To:

Mac OS X 10.6.2 Server Available

Charles Edge — Tue, 10 Nov 2009 13:00:59 +0000

Mac OS X 10.6.2 Server is now available. This update represents a great step for environments that have either already made to, or are preparing/planning the upgrade to, Snow Leopard Server. In this update, Apple addresses the following issues (from Apple.com):

adding and removing imported users in Server Preferences

synchronizing Portable Home Directory content

using iCal web interface within select time zones

previewing and capturing dual-source video in Podcast Capture

server-side filtering of incoming mail messages

using chained digital certificates for mail services

creating images with System Image Utility

automating installation of NetRestore images

preventing brute force password attacks

using sudo command with authenticated Open Directory binding

binding to Active Directory domains with invalid service records

creation of mobile accounts for Active Directory users

correcting a problem that would cause the Software Update cache to grow excessively

Link To:

Mac OS X 10.6.2 Now Available

Charles Edge — Mon, 09 Nov 2009 15:50:15 +0000

For those considering a migration for Snow Leopard or those who have already moved into Snow Leopard, you will be interested to know that Apple has released the 10.6.2 update that has been in progress for some time. Updates and issue resolutions that are included (from Apple):

an issue that might cause your system to logout unexpectedly

a graphics distortion in Safari Top Sites

Spotlight search results not showing Exchange contacts

a problem that prevented authenticating as an administrative user

issues when using NTFS and WebDAV file servers

the reliability of menu extras

an issue with the 4-finger swipe gesture

an issue that causes Mail to quit unexpectedly when setting up an Exchange server Address Book becoming unresponsive when editing

a problem adding images to contacts in Address Book

an issue that prevented opening files downloaded from the Internet

Safari plug-in reliability

general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk

an issue that caused data to be deleted when using a guest account

Mac OS X 10.6.2 represents Apple coming another step to making Snow Leopard ready for mass integration in most any environment. If you have not already done so, consider contacting your 318 representative now to start planning for your migration!

Link To:

Mail Archival

Charles Edge — Sat, 07 Nov 2009 19:39:50 +0000

There are a number of messaging solutions that allow for automated message archiving. Message archiving can save space, while freeing up valuable resources and can also help to maintain Sarbanes-Oxley compliance (as well as achieve a number of other objectives). But not all messaging solutions allow for automated archival. Enter Mail Archiva into the picture.

Mail Archiva is an open source project aimed at bringing messaging archival to Microsoft Exchange, Zimbra, Mac OS X Server, Postfix, SendMail, IpSwitch, Axigen and a number of other messaging servers.

If you are in need of mail archival then feel free to reach out to us for more information on Mail Archiva today!

Link To:

Non-profits in Need of GroupWare?

Charles Edge — Tue, 03 Nov 2009 13:30:46 +0000

Not-for-profit and looking at options for messaging and groupware moving forward? Then you need to take a 2nd or even a 3rd look at Google Apps! Not-for-profit organizations with less than 3,000 users can get Google Appls Education Edition for free! For a not-for-profit with more than 3,000 users you can get Google Apps Premier Edition at a 40% discount.

Imagine all the infrastructure that can be repurposed, all the networking and message hygiene that you won’t have to do any more and most importantly, how happy the users will be. If your interest is peaked give 318 a call today and we’ll be happy to work with you on a strategy, whether it’s Google Apps, Microsoft Exchange, Zimbra, Mac OS X Server, etc – 318 is agnostic to the platform and here to help!

Link To:

Reading Virtual Memory Stats

Charles Edge — Thu, 29 Oct 2009 19:06:11 +0000

The vm_stat command in Mac OS X will show you the free, active, inactive, wired down, copy-on-write, zero filled, and reactivated pages for virtual memory utilization. You will also see the pageins as well as pageouts. If you wish to write these statistics routinely then you can use the vm_stat command followed by an integer. For example, to see the virtual memory statistics every 5 seconds:

vm_stat 5

Link To:

NetBook Upgrades for Windows 7

Charles Edge — Mon, 26 Oct 2009 19:12:38 +0000

Chances are that if you have a NetBook you don’t have a DVD drive. And chances are if that NetBook is running a previous version of Windows that you’re probably thinking about upgrading it to Windows 7. If you are using a NetBook with Vista then you might want to check out the new Windows 7 USB/DVD Download Tool. With the Download Tool you would use a 4GB USB drive to cache the installer files and install Windows 7. Therefore you wouldn’t need an optical drive! But you will need the .NET Framework 2.0 or later and to configure the BIOS to boot off the jump drive.

Happy upgrades and if you need any help, as always, feel free to call 318.

Link To:

318 Video on “Gone Phishing”

Charles Edge — Fri, 23 Oct 2009 16:28:39 +0000

Link To:

Windows 7 Officially Available

Charles Edge — Thu, 22 Oct 2009 15:11:00 +0000

Windows 7 has been released officially released. You see the wacky people standing in line and you know that’s just wrong when you can get it on Microsoft.com as an immediate downloadhttp://store.microsoft.com/microsoft/Windows-Windows-7/category/102. All that time spent driving home could instead be spent running the installer and crossing your fingers that your hardware works! Well, if you’re going from XP or Vista then you should be fine on that point… Windows 3.1, maybe not so much…

Link To:

318 on Metadata

Charles Edge — Wed, 21 Oct 2009 15:47:10 +0000

Link To:

New Mac mini w/ Mac OS X Server for $999

Charles Edge — Tue, 20 Oct 2009 16:52:14 +0000

Apple has released a new Mac mini that retails for $999. You might be thinking that $999 is just a little bit high for a Mac mini – and you would be right, that is, if it didn’t come with Mac OS X Server. The combination of the price point, the hardware and the software make the new Mac mini with Mac OS X Server a perfect purchase for small businesses and servers geared for use as specific utility servers!

The new Mac mini server comes with no optical drive, which is great because instead you get a pair of internal drives that can be setup in a RAID to protect your data! The server also comes with 802.11n, Ethernet and bluetooth – allowing a variety of uses.

Call 318 today for more information on this great new product from Apple!

Link To: