So i plain simple English, i find myself debating as to whether traditional university education, and especially master’s degrees are worth anything.  I hear people in management positions telling me they don’t, and in rare occasions i find some who appreciate them.  And in the land of Academia, if good universities are worth more than some unknown or dodgy universities for that matter.

How can someone even consider a certification on a product to be of an equivalent value as a master’s degree.  This is simply beyond me.  I found myself at an interview some time back debating whether my master’s degree was of equal value or not with someone who had certifications in an equivalent field, security. Certifications that were not even backed up by experience.

I have met people in Cyprus with lots of certifications on their C.V. who are pretty much not adequate to be in a professional environment.  The reality is that since no one can even control the place in which exams are taking place (i.e. enough measures to prevent people from cheating – and yes i know people who were calling people from the outside while in a Microsoft certification exam asking for answers to be googled up), the results of the exams themselves can not be trusted.

The methods in which they are taught are not assessed by institutions that carry histories of decades and peer review, such as in the case of universities.  The material is not assessed or deemed valuable  and not product specific, by the same network of institutions that evaluate each other through the quality of their work.
In many cases the certification material  is even promoting company practices and standards of the vendor, that goes as far as to try and redefine standards and definitions, instead of even accepting widely accepted standards in the corresponding field.

Also, unlike a degree from a university, a certification has to be backed up by certain years of experience, as to prove that the certification was not taken by simply following a testkey guide for that exam.  But since the certification market is so big, no one even bothers.  Everyone just sees masses of people for them and they see revenue in their pockets.

So yes to certification, if they come with 3 to 5 years of provable experience applied to that specific field.  And yes if they are in a field of work you need. Don’t look for an information security professional and take into consideration I.T. Audit certifications.  They are a plus, but are mos likely to be irrelevant to what you need a security professional for.  Unless of course you want an Auditor in your team and you understand what you need them for.

But if not the certification should not carry much weight in my opinion.  And one can not come and ignore the value of academic degrees and especially Master’s degrees that come in specific fields and offered by good universities.

So think well before hiring, and think of how you are rewarding people in terms of salaries.  If management does not understand or is unable to evaluate candidates and their C.V.s in technical fields such as I.T. properly, then it is best to seek consultation and not simply get excited with certifications and titles.  Undermining the value of academic degrees (in technical fields at least and from universities that are internationally acknowledged for their contribution) shows ignorance in the technical nature of the field.

And as a final note, a reminder to those hiring once again, a person with a good degree is more likely to have an all around knowledge and will better cope with difficulties in anything outside of the scope technical expertise of someone without one.  This is true for most cases i have seen as universities tend to pass principles that apply to most IT related fields.  Principles not passed in certification classes or in forums and self learning.

There are exceptions to these rules of course and i am lucky to have met some.  But in most cases you won’t be likely to find one. So how lucky do you feel when hiring?

Spam a la Grecque ?? coming right up!

I was going through my hotmail junk box this morning ( a good practice if you don’t trust Microsoft’s spam filters, or who ever else they are buying the service from).  To my surprise i came across a spam message claiming to be from a Greek bank!! So someone figured out i spoke Greek, probably cause some Greek talking forum i signed up to either sold the member email addresses to spammers, their database got dumbed or they decided to start spam phishing campaigns. I doubt that the Russian/Nigerian mafia decided to hit Greeks for the fun of it (i mean, the guys are broke, it isn’t worth the trouble!!).  (the Turkish mafia could be behind this as well but i again doubt it )

Anyway, enough with the conspiracy theories.  To cut to the chase have a look at the email i got:

As usual the link to read your “security” message takes you to compromised website, in this case of some rug cleaning company.

Have a look at the screen shot from the site (i don’t recommend visiting it if you don’t know what you are doing as the site might also be serving malware).

Greek Phishing Spam

Pay attention to the fact that they took screenshots and placed them on the page to make the user feel as if they were on the real site.  Not sure if they were too lazy to replicate the original or thought it was more fitting to the eyes of the unsuspected victims.

In any case this is my first greek phishing spam message and it got me all excited

Hi Guys!!!

added a new link section called Jobs – Cyprus , and it lists recruitment sites in Cyprus.  If you are looking for a job in Cyprus then this is the place to start!!

Although not much of a book reader, as my attention span seems to be rather limited when it comes to reading stories, a friend (Stephanos) posted on Google buzz he was buying a new book called Life Without Limits: Inspiration for a Ridiculously Good Life .  Quoting from the Amazon website:

Glancing at this book’s cover, it takes a moment to register that the smiling young man staring back has neither arms nor legs. That’s fitting, since Vujicic’s story is about how, despite extreme disabilities, he wants to be seen as a normal person. Readers might find extraordinary a better word, as they learn how Vujicic, born limbless (but with a tiny foot), lives what he calls “a ridiculously good life.” By learning to be a help and resource to others, and choosing to dwell on the positives in his life, including a supportive family and friends, he has overcome the despondency natural to a young person in his predicament and become a source of inspiration for those he meets as a speaker and those who see his videos on YouTube. Although much of his account is straightforward biography, he also devotes considerable space to sharing his faith in God and offering practical suggestions for making one’s life happier and more productive. The underlying message is, “I’m happy; why aren’t you?” That’s a pretty good question, as readers will see after only a few pages. –Ilene Cooper

You will wonder why i posted this.  The answer is simple, we always complain about how bad we have it but never think that it’s actually not that bad and we should stop nagging about our lives. I will actually buy this book and read it.

Thumbs up for this guy for being so optimistic!!

Links:

http://press.lifewithoutlimbs.org/

I have been reading about RIAA actions over the last few years but i think it’s time i expressed an opinion about them by simply stating the obvious.  Don’t expect them to be coherent, they are just thoughts after all.

Fact one:  the movie and music industries make billions every year, a big portion of which is profits which get distributed to the few elite people in the industry.  The figures? Google them up, and we are not talking about a few million dollars or whatever.

Fact two: Generalizing, People who download things illegally weren’t going to buy them to begin with, they either can not afford to or simply didn’t think they were worthy of spending money on.  One thing i have to mention is the fact that people didn’t just decide to indulge themselves in piracy over the last decade.

The piracy of modern media dates back to vhs and audio tapes, and everyone just lived with it.  No RIAA back then.  And these are only ways i remember.  I am not that old.

Fact 3: Industries fuel from the so called art by selling more blank media, recorders (computers and other hardware), but the RIAA doesn’t seem to be targeting them as they would surely loose the battle. Stake holders in this industry, the same as those in the media industry.  See a pattern here already?

The media industries didn’t go bankrupt, they moved on to grow and prosper.   So this model of piracy that dates decades back seems to work for the media industries.

What happens in reality is that those down-loaders will actually be more willing to buy a product such as a dvd as they have seen and enjoyed it, and probably associated it with a positive feelings.  If they might want to give something as a gift, it will be a movie or a music cd, and it will not be a copy.  It will be an original branded dvd, cd or any other sort of legal product.  It looks nice.  It is only natural that they give it to a loved one, or simply want it in their dvd collection. I myself rarely buy gifts that aren’t DVDs or CDs.

Fact 4:  The RIAA is basically a banch of unemployed lawyers who managed to find a way to make money out of people who can’t even afford to pay money.  Instead of targeting on the people that mass produce illegal copies of dvds etc, they focus on the consumer.  Why? individuals are easier to target and attack.

Scare tactics or not the manage to take to court people who have done nothing more than help the media industry market promote its products.

The RIAA is probably a place of investment for the media lords, who see it as yet another way to milk the cow and make some more money.

But really, governments should see the RIAA for what it is, a bunch of unemployed lawyers trying to make money on the expense of the public and individuals but at the same time are incompetent in targeting the organized crime syndicates fueling the creating and distribution of illegal copies of copyrighted material. And they are not doing it over the INTERNET via bittorrent, there is no money to be made there!!

By all means, instead of spending so much effort trying to get money out of people who were not going to give it to you anyway, try and promote your products in such a way that people will want to buy more of those “illegally” downloaded films and music.

RIAA: if you really have what it takes, start targeting the organized crime units that sell copies of your products and stop hassling users.

Music Industry: adapt to the changing world around you.  Don’t target the users who are after all your clients.  They will always outsmart you if you force them to.

Legal systems and governments : please adapt to the changing world around you.  Understand what the internet is and new technolodgies.  Killing net neutrality, sacrificing the right to privacy (as you are doing in the name of national security), and penilizing users isn’t the way.  Stop listening to industries and the BS they feed you when they pay to elect your politicians.

Unemployed Lawyers: go do something useful like helping people, or simply go study something else.

Not all of the are great but some do help!!!

http://helpdeskgeek.com/windows-xp-tips/99-ways-to-make-your-computer-blazingly-fast/

Pingdom.com is a company that makes a living by monitoring websites and alerting you of downtimes and other events.  There is a paid service (with a trial) but in addition there is a one website free account option that people might be interested in.

http://www.pingdom.com/

The mission: find a solution that can restrict FireFox from accessing pages other than ones we specify on a white list.

The solution: the ProCon Latte FireFox extension

This extension will let you do things like filter pages based on the words that appear on a page (e.g. no pages that include the word “bunkers”), restrict pages you can access based on what is included in a white-list you specify and more!  Best of all it lets you hide it, make it uninstallable and password protected to help you protect it from users wanting to tamper with it! (don’t think in terms of strongly encrypted data files et cetera, this is to keep your kids away!)

I hope you find it useful!

ProCon Latte

One of the most useful things in scripting and programing languages (as well as tools such as vim) are regular expressions.  They allow you to create complex expressions that can match to text that meets the criteria you wish (based on characters, size et cetera).

Apache also allows for the use of regular expressions with mod_rewrite Rewrite Rules.

The problem i had was the following:
1 host www.example.com, 1 directory inside the domain root, www.example.com/directory.
I need every request under example.com/ that doesn’t target example.com/directory/ to be redirected to the /directory.  For example www.example.com/test should take us to example.com/directory.  Anything under directory should remain unchanged (i.e. example.com/directory/1 is valid and should not redirect anywhere).  Request to example.com should be served though normally!

So
example.com    ->  example.com
example.com/(anything appart from directory) ->  example.com/directory
example.com/directory  -> example.com/directory

The configuration is the following, placed either under httpd.conf (or the virtual host file), or under the .htaccess file

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_URI} ^([/]?[^/]*/?)$ [NC]
RewriteCond %{REQUEST_URI} !^(/?directory/?)$ [NC]
RewriteRule (.*)  http://example.com/directory/

Please make note of the following:  On the second RewriteCond if you do not include the parenthesis, you will not be able to add the $ at the end, although the ^ at the start will be accepted.  What will happen if you do not include the parenthesis and place the $ at the end is that it will cause your regular expression not to be true when it should be!  It took me ages to figure this out!!!!! (no documentation on this as usual!!)

Also make sure you include Options +FollowSymLinks above the rewrite engine on clause!

Also to divert all traffic to https:
RewriteCond %{HTTPS} Off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Any comments? shoot!

I haven’t really tested it out and there are probably more of these sites out there, but you might want to check out this website:

http://www.filesovermiles.com/

What you can do is send a file to someone over the web without a server in-between or without using programs such as msn messenger.  It will in theory allow you to send a file at your max upload speed since a lot of service providers put caps on file transfers on most things apart from web based services.

Test it out and leave a comment!!

Tired of searching the net for subtitles? Tired of downloading the wrong subtitles after hours of search?

http://subdownloader.net/

This Windows/Linux application (possibly other O.S. too) checksums films in directories you specify, and goes on a popular subtitle page to search for any available subtitles for that specific video file.  You can filter results by language and you can even upload your own subtitles if you choose to do so!!

I was browsing the net trying to learn what’s “hip and cool” today!  Then I came across this – not so new – page (2 pages actually but who is counting!).

http://www.google.com/apps/intl/en/business/switch_exchange.html

http://www.google.com/apps/intl/en/business/details.html

Google seems to be trying to contest the 2 big players in the working office when it comes to office tools, emailing systems and colaboration tools.  Already offering migration tools for its services and promessing savings (quoting : “A leading research firm found that Google Apps is as little as 1/3 the total cost of competing solutions.” although not sure what the costs of support, migration and risks of running these services online is) while at the same time giving numbers of 1.75 million businesses using google Apps (not sure if this means the paid service though), google seems to be quckening its pace trying to catch up with the giants.

Google’s move to starting offering such paid services was long in the horizon, one has to wonder though how it can address the needs of business, as they are already addressed by Microsoft and IBM.

Although not the most interesting post ever, have a look at the following link :

http://alternativeto.net/

Have a look at this example:

http://alternativeto.net/desktop/activesync/

To all those wondering what La Fonera is then please have a look at : www.fon.com

To sum things up, La Fonera is a company which provides small wifi access points / routers based on the Atheros platform. These are running a firmware based on OpenWRT.  La fonera bases its business model on the idea that people from all over the world are willing to share their internet connection over wifi, to other people within the community.  Given that enough people join this community the wifi coverage of this community is enough that people who are not members of the community can pick such hot sports up, go buy credit, and access the Internet.

From the money received from these people, the person offering the Internet access gets 50% of the net income.  The concept is pretty sweet !

When the La Fonera community was being build a lot of these routers where given for free!  As the business model adapted though so did the prices on the routers.  The La Fonera routers are now on sale, but for a relatively cheap price, with their latest offering being a router capable of being a small home server able to cope with things such as downloading and sharing folders on the local network.

All the above functionality is offered with the help of OpenWRT, http://openwrt.org/ .  Unfortunately these routers are also locked down limiting their functionality for someone wanting more from their router!

As a lot of us know a lot of alternative firmware exists for routers such as Linksys ones (look around for the specific models et cetera).  Luckily the atheros platform is supported by many of those project.  The ones i was looking at that support the La Fonera router are DD-Wrt and OpenWRT.

When it came down to which one i was going to use, i decided to go to OpenWRT.  DD-WRT does come as a nice package with a web interface and all, but as DD-WRT is also moving down a commercial road, with packages for the La Fonera also being sold (unless you are happy with an older package from 2007). OpenWRT seemed like the obvious choice with a larger developer community, and no commercial routes in sight.

The next step was to flash the router with the latest OpenWRT Kamikaze firmware.  As it turns out flashing the La Fonera router is not an easy task with hacks all around the place.  After playing around for a few hours i found the easiest solution to be the following.

Visit http://flash.fonera.be/ and follow the instructions there. For the firmware images you want go to the download site of OpenWRT and download the atheros images of the release want.  In my case

• http://downloads.openwrt.org/kamikaze/8.09.1/atheros/openwrt-atheros-root.squashfs
• http://downloads.openwrt.org/kamikaze/8.09.1/atheros/openwrt-atheros-vmlinux.lzma

When using the FonFlash executable, remember that the RottFS file is the .squashfs file and the kernel file is the .lzma file.

Follow the instructions:  Start the program clicking flash, reboot your LaFonera router, wait until you get the right messages on the FonFlash program, Wait until flashing is finished.  This might take up to 30 minutes.  DO NOT disconnect your router while this is happening, you might brick it!

That’s it!Remember that in order to set the root password you need to telnet in the router, and set the password with passwd .  Any comments??

–

additions!

If you need a web interface to your OpenWRT router have a look at http://www.x-wrt.org/ and http://wiki.x-wrt.org/index.php/Installation_Guide under the  X-Wrt as ipkg install (via SSH) !!

As you all know Apple’s annoying devices found everywhere, i-<devices>, aren’t excactly user friendly when it comes to accessing the device as a proper disk drive (i.e. as a usb device).  This means that you can’t find your downloaded mp3 files (legit or not, don’t do the crime if you can’t do the time!).

After going through some software copytrans seems to be one piece of software that does the job well, http://www.copytrans.net/

I haven’t tested any open source, free as in beer, software but if there are any please do let me know!