Glass Panes That Separate

transparent barriers to communication

Tag: tech

  • relaunch

    Just over two years ago, I started a new job at Dawson Community College. When I started, their website was a mess. That’s probably an understatement. It was not in good shape, and had probably fifteen different styles throughout the site. The front page looked like a circus, and it was difficult to find what you were looking for.

    On Thursday, we launched the new site. It was exciting. At least, I’m excited about it. I’m sure there will always be more work to do on it, and we’ll probably redesign it in two years again, but I’m pretty proud of what we’ve accomplished.

  • familylink

    I don’t spend as much time on Facebook as I used to. And so it’s been a while since I went to the familylink app to update things. I clicked on it today, and noticed a funny thing. I was no longer on Facebook and it wanted me to login to a totally different site. So I clicked on the familylink app link in the Facebook bookmarks pane. Now, they wanted permission to use (steal) my email address (thanks for exposing that Facebook). I said NO, and then they tried to be sneaky and get me to update my personal info, which included my email address. I entered my name, and skipped the email, then they wanted permission to pull info from facebook. It was then that I realized I was no longer on Facebook (again). I promptly went to ‘authorized apps’ on Facebook, removed the familylink app, and gave them a 1-star rating. I don’t need another site to keep track of, I don’t like giving out my email address, and I wish they would go back to being a real Facebook app where I can see all my relatives that are on Facebook. Thanks Familylink. Thanks for making a pile of poop.

  • work

    Seems a lot of my posts lately have been about stuff I’ve been doing at work. This one is going to follow in that tradition, even if it is Christmas. Maybe I’ll write something about Christmas later too…

    At any rate, my assistant (not a secretary) left last week for greener (maybe bluer is proper here) pastures at Miles Community College. We’ll miss him dearly (I already do, it gets lonely on the IT Island). As such, we’re hiring. If you’re looking for a job working with computers, maybe this will be a Christmas present for you. If you’re interested, go to DCC employment opportunities and send in the required application materials.

  • static, but not

    If you ever wondered if an interface with a dhcp obtained address can also have static aliases assigned to it, stop wondering. It can. That said, some (probably most) firewall distributions don’t allow setting aliases if your external IP is obtained via DHCP. I’m looking at you, IPCop (UPDATE: no longer developed). I thought maybe my ISP was the only one that did this to provide static IP addresses to it’s customers, but AT&T also does it, as I’m sure others do too, since I’ve seen a few posts on how to setup such a beast for firewall purposes. Because my beloved IPCop wasn’t up to the task, I ended up using a vanilla install of Ubuntu server, and I used webmin to setup the firewall using iptables. I detailed that process in the post Wall.

  • direction

    In case you’ve ever wondered how to figure out which type of port your traffic is using (source/destination) for the purposes of setting up iptables (with or without webmin), here’s a little help.

    The truth of the matter is that it varies depending on the type of traffic, but you typically want to set the port as a destination port when you’re doing something like port forwarding. Here’s an example of  what’s going on for http traffic: a client computer doesn’t start it’s connection on port 80, it chooses a random, high-numbered port to open the connection on it’s side, so the source port could be 10843. The connection is going to port 80 on the server, since that’s what the server is listening on (unless you’re using a non-standard http port), so 80 is your destination port. This isn’t true for all types of traffic though, which confused me a bit this last week when setting up my firewall from scratch on a Ubuntu server. For something like ntp, the client actually starts it’s request on port 123 (source), and ends up at 123 on the ntp server (destination). So for ntp, you could theoretically set a firewall rule that used 123 as the source port instead of destination port, and it would work, but doing so for port 80 for http traffic will not. Regarding the ntp port, I believe this is also why you can’t run the ntpdate command (a one time synchronization) when the ntp service is running. Both the client and server use the same port on both ends of the communication.