A question of software
I currently use Anquet as my digital mapping tool. However I’m growing to dislike it by a large amount. I find the user interface clunky, the way it saves the various databases, and the cost of the maps.
I tried Quo, and is by far the better of the two. Far more features and the user interface has been thought about in an intelligent way, rather than mashed by a chimpanzee with ADHD.
Things I like about Quo,
- Integration with Google Earth, view routes directly from the application
- Export / Import Google Earth KML files
- Printing. So much better than with Anquet, which dont let you print to images at all.
- MultiChart Technology Zoom in and zoom out through different maps in different scales, changing dynamically without having to open each map individually
- No stupid database handling.
- 3D View much smoother, and the ability to print the 3D view and the height charts
- Better route cards.
- Individual tiles. Just the area you need, and no more
- Prices. Quo is so much less than Anquet.
So, Anquet will not be getting my money when I download my 1:25K tiles, that will definitely be spent upon Quo. I’ll write a more concise comparison when I’ve used quo for a time.
A little experiment & a iptables script
So in addition to my adding an unprotected outdated windows XP system to the internet, and watching as it got slammed with internet nasties within 10 minutes of being on-line, I decided to do the same with a Linux machine.
Linux is great for monitoring the incoming, as a simple iptables rule will show you what is hitting the interface at any time.
So, after one hour of being on-line, nothing of any major concern came the way of the machine. A few SSH log in attempts, 10 a penny those, here are some details
root@feddesk $> lastb | awk ‘{print $1}’ | sort | uniq -c | sort -rn | head -5
43 root
16 test
6 guest
1 btmp
1
root@feddesk $> awk ‘gsub(“.*sshd.*Failed password for (invalid user )?”, “”) {print $1}’ /var/log/secure* | sort | uniq -c | sort -rn | head -5
43 root
8 test
3 guest
root@feddesk $> awk ‘gsub(“.*sshd.*Failed password for (invalid user )?”, “”) {print $3}’ /var/log/secure* | sort | uniq -c | sort -rn | head -5
54 61.155.177.2
Thats 54 times 61.155.177.2 tried to log in via SSH. A simple whois from the terminal tells us who this is
root@feddesk $> whois 61.155.177.2
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.htmlinetnum: 61.155.0.0 – 61.155.255.255
netname: CHINANET-JS
descr: CHINANET jiangsu province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: CJ186-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-JS
mnt-routes: maint-chinanet-js
changed: hostmaster@ns.chinanet.cn.net 20020209
changed: hostmaster@ns.chinanet.cn.net 20030306
status: ALLOCATED non-PORTABLE
source: APNICroute: 61.155.0.0/16
descr: CHINANET jiangsu province network
country: CN
origin: AS23650
mnt-by: MAINT-CHINANET-JS
changed: ip@jsinfo.net 20030414
source: APNICrole: CHINANET JIANGSU
address: 260 Zhongyang Road,Nanjing 210037
country: CN
phone: +86-25-86588231.+86-25-86588745
fax-no: +86-25-86588104
e-mail: ip@jsinfo.net
trouble: send anti-spam reports to spam@jsinfo.net
trouble: send abuse reports to abuse@jsinfo.net
trouble: times in GMT+8
admin-c: CH360-AP
tech-c: CS306-AP
tech-c: CN142-AP
nic-hdl: CJ186-AP
remarks: http://www.jsinfo.net
notify: ip@jsinfo.net
mnt-by: MAINT-CHINANET-JS
changed: dns@jsinfo.net 20090831
changed: ip@jsinfo.net 20090831
changed: hm-changed@apnic.net 20090901
source: APNICperson: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC
Yup its the Chinese. There are litteraly thousands of pages on the internet detailing how to improve SSH security, but they all boil down to the same thing, dont allow Root to log in, move the port from TCP/22, dont allow password logins only certificates. If you must use passwords, enforce a secure password scheme.
Loads of other hits from China. I mean LOADS of probes, logins, scans and connect attempts to loads of what seem to be random ports. The sheer amount of attempts from china was surprising, well over 90% of the log was Chinese IP addresses. They seemed very keen on trying port TCP 8080, no doubt looking for insecure proxy servers to use to either hide behind, or evade the “Great Wall”.
It turns out that my ISP, like many now, is filtering NetBIOS traffic at the border, so I did’nt see any of the various exploits of the Microsoft sharing services. Not even any from my local subnet. So they might be filtering it local as well as at the borders. I’m not a supporter of the ISP filtering any traffic, never have been. I would rather deal with it than be “protected” by an upstream service.
Well, it confirmed one thing I already knew. Linux is the more secure Operating system, by design. But it would be easy to accidentally change it to make it as insecure as Windows Machines if your not careful in how you set it up.
Here is a simple iptables rule set for a standalone desktop machine
#A very Simple basic firewall.
#to use, type #iptables-restore iptables.txt
#Michael Thompson 2010# Generated by iptables-save v1.4.5 on Wed Apr 7 16:47:14 2010
*filter#You could have the default target set as drop, and you would not have to have the last line in the rules
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [56348:175502723]#Drop Any invalid packets straight out.
-A INPUT -m state –state INVALID -j DROP#Accept any connection on the LocalHost address. Things may break if you dont…..
-A INPUT -i lo -j ACCEPT#Accept Local network traffic without anyrules. If you trust the network 100%. Else Filter that too.
-A INPUT -s 192.168.0.0/16 -j ACCEPT#Allow for ICMP, but control it.
-A INPUT -p icmp -m icmp –icmp-type 8 -m limit –limit 1/sec -j ACCEPT
-A INPUT -p icmp -m icmp –icmp-type 8 -j DROP
-A INPUT -p icmp -j ACCEPT#Allow anything that is already known about.
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT#SSH probes are VERY Common, detect and log them, but not if from inside the network, else we would flood.
-A INPUT ! -s 192.168.0.0/16 -p tcp -m tcp –dport 22 -j LOG –log-prefix “SSH Attempt: “#I like to log, so log all dropped packets here.
-A INPUT ! -s 192.168.0.0/16 -p tcp ! –dport 22 -j LOG#Dosnt fit the rules above? Throw it out.
-A INPUT -j DROP#Reject forwarding, we’re not a router, and will be doing no forwarding here.
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Apr 7 16:47:14 2010
Rain Rain
Ah the rain. Its rained here for three days straight, and heavy rain at that.
Never mind.
In other news I’m now spending more time in my virtual machine install of Linux after refindinding my love of Linux. A few years ago I was running nothing but Linux, even on my desktops as well as servers. I used the Gentoo distribution, which is a “From Source” distribution, and can be a cow to install and configure. But recently real progress has been made at making distributions like Fedora and Ubuntu a lot more mainstream and easier for the user to install and use. The desktop share of these two distributions alone is gaining ground at a superb rate.
However now, on the desktop I’m using Fedora 12, and despite some bugs its working well. And on the laptop is Ubuntu, one I’m not overly keen on as I have never liked Debian. But fedora refused to install on the laptop now. 
I could never truly ditch Microsoft, as there are software packages I have no option but to use in Windows, such as Lightroom and Anquet. Until a similar set of software is developed for Linux, I will keep my copy of Windows 7 around for running those applications. But once again, I’m looking at switching full-time over to Linux.
Lightroom 3
First, a word of CAUTION. This is a true beta. DO NOT use this in production! Make copies of any images you intend to work on inside the beta. There are still known, and perhaps unknown, issues to be ironed out before Lightroom 3 is ready for production work.
Whew! Now that we have the warnings out of the way let’s dig in and see what’s new!
Watermarks
Finally! Useful watermarking comes to Lightroom. The new watermarking functionality let’s you use text or graphics based watermarks. You can control the size, position, opacity, color, and rotation. You can also save watermarks so you can choose which one to apply.
Watermarking is available in the Print and Web modules. You can also apply them during export.
Slideshow Movies
Lightroom 3 Beta adds the ability to create a movie in H.264 format. The movie will include any music you have chosen for your slideshow.
Print Packages
You are no longer tied to one image per page when laying out your custom print packages. Now you can use multiple images and different sizes on one page or across multiple pages.
New Import Dialogs
Getting your images into Lightroom 3 Beta is a whole new and improved process. There are now two different import dialogs: compact and full. The full dialog covers nearly all of the Lightroom interface and will show you where the images are coming from, what images are being imported and where the images are going. Add to these three main areas all of the expected frills such as keywords, metadata presets, backup copies, selection check-boxes, and the ability to save import presets and you have one powerful import tool!
A nice feature of the full dialog is the ability to zoom an image so you can examine it more closely before deciding to import.
The import presets become very useful as workflow enhancers. If you have regular sources of images that you regularly send to the same destination then you can set up the preset and call upon it in the compact mode.
The compact mode of the import dialog is much smaller and quicker.
Publish
This is a great new feature! Lightroom 3 Beta comes with a Publish connection to Flickr. More will be rolled out later (yes, Jeffrey Freidl is hard at work!)
Publish let’s you create a connection to an online site (or a folder on your drive). Images added to the publish collection are uploaded to the site. If you make any changes to an image it rejoins the “ready to publish” queue and will upload the changes.
But wait! There’s more! Call before..sorry I just got carried away! It’s not just a one way street. When comments are posted online they will download into Lightroom.
Publish works like this: you set up your details of an online photo-hosting site (e.g. Flickr), then an entry for it appears in the Publish pane, looking a lot like a collection. From then on…
- when you add photos to that “publish collection”, they automatically get uploaded to the photo-hosting site.
- as any of those photos are changed (new metadata, new crop, etc.), they are automatically re-sent to the photo-hosting site.
- when you delete photos from the publish collection, they get deleted from the photo-hosting site. (Take note! Potential troublespot.)
Some Develop Module Enhancements
Lots of tweaks here. Improvements have been made to the capture sharpening and color noise reduction algorithms.
The problem with the post-crop vignette has been solved by letting you choose whether to vignette using Color Priority or Highlight Priority. Some photographers didn’t like the unnatural look of just adding black or white to the edges and this addresses that.
Now I know you try your best to shoot so your images have as little noise as possible. But sometimes we yearn for the days when fast films had visible grain. Enter the Grain Tool! Now you can add as much grain as you like and adjust the size and roughness of that grain. Give your images some texture and edge!
Because so much has changed under the hood, Lightroom 3 Beta introduces the concept of Process Versions. Whenever major changes are made to the RAW processing features, a new Process Version is created. Now, instead of just updating your image automatically, you can choose which Process Version you want. No more mysteriously changing images!
Other Tweaks
There are so many things going on here and I’ve only scratched the surface!
A few simple changes such as the appearance of Collections in the Develop module makes getting to images much easier. Also, filters are now lockable. When you change from one collection to another you can lock the filter so it will apply wherever you go.
Well, this is getting to be a long winded post. I’ll be back with more about Lightroom 3 Beta.
Now It’s Your Turn
In order to make this a great release Adobe needs your feedback. Play around with the beta. Let them know what isn’t working or could work better. Join the conversation over at Adobe Labs and be part of making Lightroom the best it can be
Oh lordy
Fedora 11 has a annoying bug. Every once in a while, for no reason the screensaver kicks in. Now that is a minor annoyance, but the real kick in the ball is when the mouse cursor just dissapears.
Now that is seriously fookin’ annoying. I’ll give it awhile, and watch the fedora mailing list. Maybe it will get sorted.
In the meantime, I will play with Ubuntu in my VMWare install and see what it is like.
A Problem of NTFS
I was playing around with a batch file, that I use to backup several machines.
Problem was that I made a little booboo with the code, and ended up with a directory that was hundreds and hundreds of levels deep. Now thats not good, as NTFS will not support that filename length.
Nothing I could think of would get rid of that directory. Vista complained that the filename was way to long for the destination when deleted, rmdir complained the directory was’nt empty, del just looked and walked away. I was stumped. I had no idea how to get rid of this. Then a thought hit me square in the forhead with a painful thwack.
I created a directory, and then ran robocopy in mirror mode, and of course, as those directorys did not exist in the source, robocopy quite happily removed them. Bingo problem solved.
So if you ever get a deep nested directory you cannot delete, look to robocopy for the answer 
