Tuesday, October 20, 2009

Tag, path and weighted tag

Tags have been slowly replacing the path/folder we used to use to organize articles/emails ... etc.

Tags, in mathematic terms, can be considered based on set theory. An information item can be considered an element while tags establish sub-sets. You can, therefore, find information items that belong to the intersection of the 'tea' subset and the 'green' subset and, hopefully, some of them are about 'green tea'.

The paths/folders are more like ordered tuples. It can be thought of as giving weights to the leading/parent folders. For example, a path of Education/computer could describing an item for educational community but contains information about computer usages. On the other hand, Computer/Education could be describing an item that are mainly for IT audiences but is related to education.

In terms of classifying an information item, the path/folder approach can give additional info about and item than tags, assuming using the same keywords. On the flip side, of cause, the classifying with paths are more involved. The other problem with paths is that, even though it provide weights, the weights are either 1 or 0 for parent and child folder.

The other issue to consider is the use of phrases in addition to words for tagging. There are times that tag with words is not the same as tag with a phrase. This applies to the paths too!

A possible alternative to tag and path is the weighted tag/phrase. In addition to plan tags/phases we can give them weights. The searching mechanism can now using both tag and weights to provide better results. In addition to that, the weight to a phrase can be distributed to words in the phrase in calculating the searching weights.

Saturday, October 17, 2009

A note on ipfwadm spoof package protection

I was studying how to set up firewall rules for ipfwadm Linux command. In the process, I found some sample codes in filtering spoofed packets. However, I can't agree with the code.

Here is the code:

EXTERNNET="172.160.50.0/24"; # Subnetted external segment
ipfwadm -I -p accept
ipfwadm -I -a deny -V $IFINTERN -S $EXTERNNET -o

I thought about it and I think the code is in error. First of all, you can't defined an EXTERNNET. The EXTERNNET should be anything that is not your internal segment. But the ipfwadm syntax do not allow you to specify a negate or the supplement set. To over come this in this code setting, we should first allow the internal subnet:

ipfwadm -I -a accept -V $IFINTERN -S $INTERNNET -o

Then denied all others:

ipfwadm -I -a deny -V $IFINTERN -S $ANYWHERE -o

Of cause, depend on other rules, the deny statement may have to be moved toward the end so not to interfere with other rules.

Wednesday, October 14, 2009

A note of MySQL GUI and web hosting

For a long time, I used the phpMyAdmin to backup MySql databases used by my web site. Recently, the database grew bigger and the hosting company set time limits on how long a script can run. As a result of this, I can no longer backup my databases with phpMyAdmin.

The hosting company do provide the ability to do Remote MySql. By using the MySQL GUI program downloaded from here, I can do the backup from my desktop.

In my case, in order for me to connect to my database, I need to log into my hosting company and configure the database using Remote MySql to accept connections from the IP of my home machine. As with most of the ISP, my home machine do not have a static IP and I will need to find out that IP address first. Fortunately, if you just started the MySQLAdministrator.exe and attempt to connect, it will display an error with your current IP. But I still have to cross my finger and hope that during the connection, my IP address does not get changed.

Once you set the correct IP on the MySql server, you can connect to MySql server with your MySql/cpanel account. Once connected successfully to MySql, you can select backup, click new project, select the database to backup, set options and click Execute Backup Now. After a while, the program will prompt you for places to save your backup files.

Once you are done, you can do -File -Exit. Just to be on the safe side, you might like to disable that IP you enabled at the server.

On 20150607, MySQLAdministrator returns: user@h55.71.88.75.dynamic.ip.windstream.net  IP:75.88.71.55

Sunday, October 11, 2009

man page for ipautofw - FREESCO

I was working on setting up a Linux firewall for my home next work. I found the FREESCO distribution and installed without a problem. Even though this is my 2nd Linux box, I never really spend enough time to learn the Linux.

This time, I begin by trying to figure out how the firewall is initialized. Since the FREESCO 042 is based on Linux 2.0, I run into the problem that some of the man page is hard to find. After an afternoon on the Google, I found the man page for both
ipautofw and ipportfw. Both of them are at Debian.Org web site.

The man page for ipautofw is by Bartosz Feński at:
http://lists.debian.org/debian-l10n-english/2003/10/msg00012.html

The man page for ipportfw can be download from Debian's early release.

If anyone can convert the man page to html, it will be great appreciated.

+++++++++++++ begin ipautofw ++++++++++++++++++++++
.TH "ipautofw" "1" "980511" "Bartosz Fenski " "Executable programs or shell commands"
.SH NAME
ipautofw \- utility to automatically add masquerade entries.
.SH SYNOPSIS

.nf
.B ipautofw [\fIcommand\fP] [\fIoptions\fP]
.fi
.SH DESCRIPTION

\fBipautofw\fP allows Linux masquerading available in 2.0 series kernels
to work with programs such as RealAudio which don't send out a packet
on all ports they wish to receive on.

This program is useless for 2.2 and 2.4 series kernels.

.SH OPTIONS

The following commands and options are supported.
.
.SS Valid commands:
.TP 15
.B -A
add new autoforward entry.
.TP
.B -D
delete an autoforward entry.
.TP
.B -F
flush the autoforward table.
.PD
.SS Valid options:
.TP 15
.B -r \fItype\fP \fIlow\fP \fIhigh\fP
forwarding on ports \fIlow\fP to \fIhigh\fP using protocol \fItype\fP
(tcp or udp).
.TP
.B -h \fIhost\fP
IP address of \fIhost\fP to receive forwarded packets.
.TP
.B -d \fItype\fP \fIlow\fP \fIhigh\fP
specifies a set of ports which will not use the default high range (60000+)
masquerade port area.
.TP
.B -p \fItype\fP \fIvisible\fP \fIhost\fP:\fIhidden\fP
set up port bouncing from visible host port to masqueraded host \fIhost\fP on
port \fIhidden\fP, protocol \fItype\fP (currently not supported).
.TP
.B -c \fItype\fP \fIport\fP
specifies a control port and protocol.
.TP
.B -u
do \fBnot\fP require that a host connect within 15 seconds of triggering the
control port.
.TP
.B -i
insecure mode; any host many connect after implied by not using the -c option
or implied by using the -h option once the control port has been triggered.
.TP
.B -v
verbose mode.
.SH AUTHORS
\fBipautofw\fP has been written by Richard Lynch.
This man page was written by Bartosz Fenski for the
Debian GNU/Linux distribution (but it may be used by others).
+++++++++++++ end ipautofw ++++++++++++++++++