(A tall gringo sticking out like a sore thumb in Machu Picchu, Peru)
Other pictures from the Great Peruvian Excursion of 2007
This is the corner of cyberspace inhabited by Terrell Prude' Jr. I use it to host email and Web service for myself and certain of my friends who need it. It also exists to keep me sharp. Being an Internet site, it sees untold thousands of attacks every day. My job, therefore, is to keep the attackers from succeeding. So far, I've done a pretty darn good job of it. :-)
Well, dudes and dudettes, I'm from San Francisco, California, in the United States of America. I happen to be a social liberal. I'm a computer geek. I've been fortunate enough to travel to several countries and experience their cultures. And, like millions before and after me, I am a veteran, specifically the United States Air Force. Joining the military after graduating high school was probably one of the smartest decisions I've ever made, and I recommend it heartily. Among other things, my time in the Service gave me a healthy respect and admiration for the country that we have here. It's up to Us, The People to maintain it.
On the Information Technology side, I'm a Free Software advocate and have personally been using various GNU/Linux distros and Free/Net/OpenBSD for quite a few years now. Free Software is not just technically excellent--though it surely is that--but it is also a form of exercising and demanding your right to basic civil freedoms . It's much more than just "open source." Now, there are those I've met who have mistakenly taken that as "anti-Microsoft" or "anti-Apple". Well, I'd be quite a hypocrite if I were somehow "anti-Microsoft", given that I used to work for them and thus the company is a big reason why I do Information Technology today (thanks, Bill!). :-) Rather, I've simply made the choice in my personal life to use Free Software, just as you might choose a Toyota, Honda, Chevrolet, Ford, Volkswagen, or Mercedes-Benz. It's all about personal preference.
During my time at a major school district, I was an advocate and deployer of the Linux Terminal
Server Project (LTSP). It continues to have
applications today in both business and education.
I am also a minor warrior in the fight against email spam
and have written an article or two on the subject.
While I personally have way too many computers already (what true geek doesn't?), if I needed another one, I'd certainly consider one of these. Yes, they run GNU/Linux...and yes, they're rock-solid.
Bot mostly, I build my own computers and install a good desktop GNU/Linux distribution on them. Ubuntu and Debian, in that order, are my first choices for most people at present. It is actually remarkably easy to build your own and has been for several years. You generally end up with a better computer anyway, since you choose the components. I generally recommend that people focus on input/output (I/O) more than "WHOA, MONDO CPU MAN!!" The bigger concerns are memory (DRAM) and storage. That's because virtually all modern CPU's nowadays are already exceedingly powerful, even the so-called "low-end" ones. My computers, to the present day, have always had somewhat "modest" CPU's by the standards of the day...and in actual everyday usage, my boxes have outrun others with those "MONDO GAMER CPUS D00D!!" because I learned to focus on I/O. I've been doing that to "31337 g4m0rzz" for more than 25 years now. It's fun. :-)
This is my actual production "pf.conf" firewall configuration file that I use on my OpenBSD anti-spam firewall. Feel free to use it for your own purposes; it is released under a Free Software license exactly for this reason. This is what I used to use when I was giving workshops on how to build firewalls.
Why am I sharing this with you? Well, there's nothing "secret" in here. I'm referencing the interfaces instead of the IP addresses; PF lets you do that. The other reason is that I wrote this config file based on documentation that's out there already. I highly recommend The Book of PF by Peter N.M. Hansteen , which is a very good instructional reference for how to write BSD firewall rules.
My strategy is more like Cisco ACL's or Linux's "iptables" rules in that the first match means you stop processing rules (PF's default is the reverse, i. e. "process all rules, then evaluate the last matching one"). Therefore, you fellow Cisco/Linux folks should find my example config perhaps a bit more familiar.My production pf.conf file
NOTE: RHEL/CentOS 6 is end-of-life and no longer receiving bug fixes (including security updates) since December 31, 2020! Thus, this tool and documentation are now in "historical" status.
I wrote this because I got sick and tired of spending three and a half hours per box to lock it down. At the time, not only had NSA/DISA not devised a STIG script, but there wasn't even a NIST document for RHEL 6 yet!
Therefore, I decided to write one. :-) Here's the link to that page.
Why no script for RHEL 7, 8, and 9? That's because NIST got on the stick and is now providing guidance and scripts. Therefore, there's no further need for me to do so.RHEL/CentOS 6 STIG Script
This is Thomas Jefferson's early draft of that great foundational document of the United States, our Declaration of Independence. While the final version, i. e. what most people have read, is ultimately a better document for the ages, this early draft better reflects the heated emotion and bitter disappointment of the Founding Fathers in the behaviour of the British government toward them. It gives context to the final version.The Declaration of Independence - Jefferson's Early Draft
This is a piece written in 2007 by R. Scott Belford, Founder and Director of the Hawaii Open Source Education Foundation (HOSEF). As one who deals with schools a lot, he has noticed an interesting phenomenon that he calls "OPM Addiction," especially in public schools. I had heard this term many times from my Dad growing up and, having worked in public schools myself for almost 10 years, learned the truth of it. Given the increasing prevalence of Android smartphones and GNU/Linux-based notebooks (e. g. ChromeBooks), we should be broader about how we teach our kids about technology.
This is something that we, as taxpayers, really should hold our school boards accountable for more than we do. It also applies to our State Colleges and Universities."OPM Addiction" in Schools
The Linux Terminal Server Project (LTSP). This is one very good way for certain businesses to set up their corporate LAN's. Security, control, and productivity go way up, all while maintaining user-friendliness and considerably reducing costs. Small businesses, especially, would benefit from this sort of setup.
Some years ago, there was a K-12 (primary and secondary) education based, turn-key LTSP setup called K12LTSP (later K12Linux), which was quite good.
The OpenBSD Project. This is my
primary tool against email spammers. With OpenBSD, I have achieved a
99.5% spam rejection rate. This is just with OpenBSD's spamd program;
it's so effective that I do not currently use SpamAssassin or any other
server-side tools. Despite the project leader's well-known, umm, "strong personality" , the
OpenBSD team's commitment to Free Software, security, and open
results of their work cannot be denied. Through their amazing work, they have
helped the online community immensely.
The LibreOffice Suite.
Formerly known as LibreOffice,
this is Free Software's answer to Microsoft Office. Available for
GNU/Linux, MS Windows, and Mac OS X, LibreOffice is a true drop-in
replacement for Microsoft Office. For years, and with approval,
I used it at work all the time
with all my MS Office-using colleagues, and they had no idea that I was
using "something different." It's that seamless. At home, I haven't
used MS Office in years...I haven't had to.
With the increasing push toward the cloud-based MS Office 365--an interesting idea if somewhat flawed in its practice--LibreOffice has taken on a new importance.
Why the big PC vendors like Dell, Apple, HP, etc. don't include LibreOffice as a selectable option
on the computers that they sell is beyond me. LibreOffice really is that good.
The Mozilla Firefox Web Browser. This is an excellent browser that has been around for a long time. It is great that Microsoft has finally gotten rid of Internet Explorer (Exploder?), due to its horrible security record. Firefox with the free NoScript extension is like cake with the frosting; it's one of the safest ways to surf the Internet today.
The Mozilla Thunderbird Email Client. This is my favorite email client, not only because it works exceedingly well, but also because its junk mail filter is the best client-side junk filter I've seen yet. In my case, it doesn't get very much exercise, thanks to the OpenBSD spamtrap mentioned previously.
The GNU Project. Without the GNU Project, started by Richard M. Stallman, the Free Software Movement as we know it would not exist. I thank him and the FSF every day that I use a computer. If we don't fight for and defend our basic civil freedoms, including those involving computers and technology, then we deserve what we get.
The Bill of Rights. It seems that every time a new administration gets into office, various of our Constitutional rights come under fire. CAUTION: POLITICS! It's not just one Party that does it, either; both the Democrats and the Republicans seem to do this in equal measure. Do these "lawmakers" even bother to read the Constitution that they swore to defend and uphold, regardless of Party? And is it our fault for the choices that we make at the ballot box? As the old saying goes, "the price of liberty is eternal vigilance." My days in the US Air Force just reinforced how important remembering that old saying is.
Contact Information: Please feel free to email me at microman at (the domain name for this Web site).