PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Stop The Internet Filter!

   No Clean Feed

   The Internet Filter Is An Ex-parrot!





Feedback and Hints, December 2002.

If you have a question regarding any of the articles in this journal, or some comments please send them in. If there are any general questions about Unix or Database Administration, I will attempt to answer them.

Spam Diaries:

Feedback for this month:

Hints for this month:

Linux Consultants Ham.

Just recently, I received some e-mail that was decidedly spammy. I still don't know whether I should file it under spam or info. I'll reserve judgement on that for the meantime. Here is the e-mail: 

	From pr@hosting.commandprompt.com Wed Dec 18 06:51:51 2002
	Return-Path: <pr@hosting.commandprompt.com>
	Received: from hosting.commandprompt.com ([207.173.200.195])
		by xxxxxx.xxxx.xxx.xx (8.11.6/8.11.6) with ESMTP id gBHJpns42386
		for <xxxxx@xxxx.xxx.xx>; Wed, 18 Dec 2002 06:51:50 +1100 (EST)
		(envelope-from pr@hosting.commandprompt.com)
	Received: (from pr@localhost)
		by hosting.commandprompt.com (8.11.6/8.11.6) id gBHJT4v01939
		for xxxxx@xxxx.xxx.xx; Tue, 17 Dec 2002 11:29:04 -0800
	Date: Tue, 17 Dec 2002 11:29:04 -0800
	From: "Command Prompt PR." <pr@hosting.commandprompt.com>
	Message-Id: <200212171929.gBHJT4v01939@hosting.commandprompt.com>
	X-Authentication-Warning: hosting.commandprompt.com: Processed from queue /var/spool/mqueue/
	Subject: Consultants Guide Update (Last for the Year)
	To: undisclosed-recipients:;

	Hello All,

	  As usual, we are sending out a brief update on the Consultants Guide.
	In case you haven't noticed we released a new version a couple of weeks
	ago so you may want to take a look.

	  Also, the survey people are back, and have asked me to forward this
	the message below along. We would really appreciate it, if you folks
	would fill out the survey. We get 5.00 for everyone of you that completes
	the survey, which helps us support the Consultants Guide quite a bit.

	  Thanks for all your support in the past and we hope you are having
	a great season.

	Sincerely,

	Joshua Drake

	Dear Linux Developer:

	     On behalf of The Linux Review and SurveySite, a third-party
	     independent marketing research firm, we would like to invite you
	     to take a few moments to participate in an online Web survey
	     regarding Linux communities.  The survey should take less than 5
	     minutes to complete.



	     If you complete the survey, we would be pleased to send you a copy
	     of the results when the study is done. Simply enter your e-mail
	     address at the end of the survey to receive a copy of the results.

	     Please note that your answers to this survey will remain private
	     and confidential and you will not be contacted further.

	     If you would like to participate in this important survey, please
	     click on the following link:


	     http://www2.survey-poll.com/email/2166mty.html


	     If your Web browser does not support automatic linking, please
	     type the URL above into the address bar of your browser.

	     Thank you for your input.  Your opinion counts!

	     Sincerely,

	     The Linux Review

	     Please direct questions about completing this survey to:
	     surveyhelp-2166mt@surveysite.com
	     <mailto:surveyhelp-2166mt@surveysite.com>

Ok, strictly speaking, it's not spam ... the return address appears genuine, and provided there is no annoying follow-ups, it could be classified as impolite UCE. But it sails rather close to the edge. Let's just call it ham rather than spam. At first, I thought it might be some rather over-enthusiastic entrepreneur who'd suffered from sudden lapse in cognitive functions, or even a severe bout of temporary insanity, and decided it was a good day to spam some linux consultants. I was inclined to ignore it. Nevertheless, just out of curiosity, I checked the URL http://www2.survey-poll.com/email/2166mty.html. It wouldn't work with w3m. Which didn't surprise me, but the URL seemed suspicious (they used an IIS server for a Survey on Linux ?!). I noticed that the IP address for hosting.commandprompt.com is actually 207.173.200.143 rather than the IP address that is stated in the header (207.173.200.195). Furthermore it was difficult to find contact information for anyone who would actually take responsibility for 207.173.200.195. This raised my spam antennae. By checking on domains, I discovered the following: 

	Server Name: NS.ACHIEVEMENTRESOURCES.NET
	IP Address: 207.173.200.195
	Registrar: ENOM, INC.
	Whois Server: whois.enom.com
	Referral URL: http://www.enom.com
The home page for this URL is http://www.achievementresources.net. It seems to be some sort of financing operation for companies that are having problems with debt. And it seems a bit dodgey. But at least they included name and address information on the site. They are the Achievement Resources Group of 2861 Paseo Zorro, in San Juan Capo, California. The MX record for achievementresources.net lists the host mail.achievementresources.net (207.173.200.195). Interestingly enough, when I check the URL http://207.173.200.195, I get a completely different page. Information about this page is as follows: 
	Title             Debt Solution Centers of America
	Current URL       http://207.173.200.195/
	Document Type     text/html
	Last Modified     Wed, 11 Dec 2002 18:44:30 GMT
	Number of lines   42
	Transferred bytes 21044
	Server: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2
	mod_perl/1.26 mod_jk

The page on this URL seems to be (surprise, surprise) a debt consolidation scheme. The DNS entry is www.debtsolutioncenters.com. The MX record for this domain is (you guessed it) 207.173.200.195. However in the case of www.debtsolutioncenters.com, there is no address or company information on the website -- just a phone number. Why are they so coy about their identity? Both websites have forms asking users to supply personal information. And there are some ingenous reassurances to the effect that this information will not be misused. And I would be all that more ready to believe them, if they supplied a bit of information about themselves. This might be similar to the recent case in Western Australia, where an IT firm claimed to have two arms. And one of those arms wasn't exactly squeeky clean (see last month's edition). In this particular case we may have a similar situation. If this host (207.173.200.195), has two arms (maybe it has many arms), then possibly one of these arms is fiddling around under the table. Could it be achievementresources.net is the (nice) corporate version and debtsolutioncenters.com is the (not so nice) homeowners' version? As far as I can tell both schemes seem to be tailored for the very desperate (or the very foolish). They might even be distant cousins of the Mortgage Bros. Information for debtsolutioncenters.com is: 

	Domain Name: DEBTSOLUTIONCENTERS.COM
	Registrar: ALLDOMAINS.COM INC.
	Whois Server: whois.alldomains.com
	Referral URL: http://www.alldomains.com
	Name Server: NS1.SECONDARY.COM
	Name Server: NS1.COMMANDPROMPT.COM
	Updated Date: 22-nov-2002

So this seems to be the connection with commandprompt.com (who host them). The information for commandprompt.com is: 

	Domain Name: COMMANDPROMPT.COM
	Registrar: TUCOWS, INC.
	Whois Server: whois.opensrs.net
	Referral URL: http://www.opensrs.org
	Name Server: UDNS1.ULTRADNS.NET
	Name Server: UDNS2.ULTRADNS.NET
	Name Server: NS1.COMMANDPROMPT.COM
	Updated Date: 10-dec-2002
Which includes the following Administrative contact info: 
	Drake, Joshua
	Custom Programming / Linux Managed Services
	Technical Writing / Application Design
	3439 NE Sandy Blvd #127
	Portland, OR 97232
Which was one of the few real addresses I found in the whole convoluted tin of worms. So Joshua Drake is a real name, and according to the registery, he can be contacted at linuxports.com, which seems above board (after all the e-mail purports to be from The Linux Review). Still, if he was indeed the author of the e-mail, he is keeping some strange company! If he was acting on behalf of The Linux Review, why not send it from their domain? I thought it worth my while to contact him and ask about it. I sent an e-mail, but then realised that I may have blocked his reply (I had added the two IP addresses, mentioned previously, to my blacklist). So I unblocked it and tried again.

Back To Top

Field blocked by Outpost?

On the 19-Nov-2002 at 19:17 (Australian Eastern Summer Time) I was visited by someone who was using a browser that had the following agent string: 

	Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
As far as I know, this is a version of MS Internet Explorer version 5.5. The interesting thing is that this particular version had been modified by some protection software called Outpost Personal Firewall. One of the protection features that this software offers is removal of the Referer URL. The Referer URL is a feature of many browsers today, and is almost universal. Now it strikes me that this is a singularly unhelpful feature. First of all it is not really doing much in the way of protection, but more important was that the Referer URL contained the URL of the company that provides Outpost Personal Firewall.

Let's think that through ... If Fred Nurk (of Nurk Pty. Ltd.) has found an article on my site, and he thinks Hey this article is not too bad! (to which I would say, thanks Fred) and so he creates a link to it. Then when one of Fred's readers clicks on the link, I might become aware of the fact that Fred has linked to me. (From the logfile -- everyone reads the logfiles -- right?). I will see that the referer is in the nurk.com domain and so I could check Fred's site and maybe even create a link back to his site, if I like what I see.

Obviously I couldn't do this if Fred's URL has been hijacked by the people who make Outpost Personal Firewall!. In this case Fred will get no credit for directing traffic to my site. I am not going to tell you what the Outpost URL is ... they are already trying to generate publicity by over-writing the referer URL, and I won't assist them. I will just wish them very little success in the venture! Quite frankly, I think that anyone who uses such software should take a long hard look at what other protection it offers.

As far as security goes, I admit that omission of the Referer URL makes it difficult to construct an audit trial of which sites a particular web-user has visited. The question is: Who wants to hide this information anyway? Very few honest citizens would want to conceal which site they previously visited. Criminals and crackers, on the other hand, would find it very useful (Although I can't imagine any serious cracker using MSIE 5.5 as a vehicle).

Whichever way I look at it, I can't see a convincing argument for not disclosing where you came from. And even if it was important, I can see no rationale for substituting someone else's URL (It would be more secure to put the the standard empty value). Besides, if you were really concerned about security, MSIE 5.5 would be the second application program to get rid of. (The first would be MS Outlook, which is with out doubt the biggest threat to computer security that the world has ever seen).

Back To Top

ORA-01161 Error.

	Date: 16-Nov-2002
	From: Asheu
	Agent: MSIE 6.0, Windows 2000

	Cloning An Oracle Database on Windows NT/2000
	By Gerry Patterson

	correction:
	must replace REUSE to SET on the first line of ctrl<NEW_SID> file:
	CREATE CONTROLFILE SET DATABAS...
	otherwise, you\'ll get ORA-01161 error.

	A very good article.
Thanks for the feedback Asheu. Actually if you followed that instructions slavishly, you won't get the error. That's because you will have renamed the old control file to the new-name. I agree that such action is a bit pointless, since the renamed file would not be any use. However, the reason for this algorithm was a process that could be fully automated. The backup script was originally intended to create a cold backup of an Oracle Database. I modified it to fit in with the current procedure and created a script which automates the cloning process. This is intended to run on a regular basis. If it does then there will always be an existing control file, in which case you must add the REUSE option.

Back To Top

What is the postgres equivalent of the Oracle nvl() function?

The postgres function is called coalesce(). All you postgres gurus knew that of course. And it is in the postgres documentation. Nevertheless, Oracle DBAs will be a bit puzzled that the name should be the same as an oracle command that coalesces fragmented free extents in a tablespace. The format of the postgres coalesce function is: 

	coalesce(var1,var2,var3 ... default);
The variables can repeat as often as you like. So the following command: 
	coalesce(var1,var2);
returns var1 if var1 is not NULL, otherwise it returns var2 if that variable is not NULL. Similarly, the following: 
	coalesce(var1,var2,'(null)');
returns var1 if var1 is not NULL, otherwise it returns var2 if var2 is not NULL and failing that (i.e. both var1 and var2 are null) it will return the string '(null)'.

Back To Top