FRII Break Room

Informal tech chatter from the geeks of Northern Colorado’s largest commercially available data center

Warning: Email phishing attacks are targeting you

Do you know how to tell a legitimate email from a targeted phishing attack?

fish hook

Phishing scams try to “hook” you into believing they come from legitimate businesses so that you’ll reveal personal or secure information.

Sometimes it’s not easy to tell what’s real and what isn’t, even for the most sophisticated email user. This article will help you or someone you care about learn what to look for so that your information stays safe.

Within the past few years, there’s been an increase in the ability of the average email user to detect and delete spam. This has not gone unnoticed, particularly by the spammers who have a direct financial interest in obtaining our confidential information. Because of this, the percentage of people who respond to spam has remarkably decreased. Now, though, we’re seeing an increase in the type of targeted spam known as phishing. We’ve entered the next evolution of email scams, and things are just heating up.
Continue reading

How Net Neutrality Affects You

There has been a lot of discussion about net neutrality lately, but it’s a topic that can be difficult to understand. This article briefly looks at the recent background (why it’s in the news), and both sides of the debate. If you have any questions about net neutrality, let us know in the comments section. Thanks.

Definitions Integral to Understanding Net Neutrality

net neutrality logo

Net Neutrality is the idea that all types of information transmitted across the Internet should be treated equally, in much the same way that all phone calls across phone lines are. (image in the public domain image)

Content Delivery Network
A content delivery network is a large network of storage devices that are connected through Internet service providers for the purpose of providing content to end users in a high-availability, high-performance architecture.
Network (Net) Neutrality
At the very core of the debate on net neutrality is the belief that all information transmitted over the Internet should be treated equally, without any bias being introduced based on content, origin, or communication media.

Background

On May 15, 2014, the US Federal Communications Commission (FCC) voted to approve a notice of proposed changes to its classification of broadband providers, which would essentially permit service providers to engage in “commercially reasonable” traffic management practices. This has been described as opening “fast lanes” on the Internet. There have also been discussions of reclassifying broadband services providers as common utility carriers, subjecting them to increased regulation, which is where the debate arises.

The FCC has stated that action is needed regarding the classification of broadband service providers following the previous net neutrality rules, which were tossed out by the US Court of Appeals for the District of Columbia in January. Proposed legislation by the FCC is open for public comment for a period of 120 days after the initial announcement. (The deadline for the first round of comments is July 15. A second round of comments ends September 10 and is intended for people to address issues brought up in the first round.)

Proponents Views

Rights in the Digital Age

Many proponents of net neutrality argue that a free, open Internet is essential for providing a platform to develop innovative and independent content. Without equal access to information, and, more importantly, the ability to create and publish content that is freely accessible by all, industries, especially those whose success is largely dependent on their web footprint, may be adversely affected. By permitting content providers to “fast lane” traffic to their sites, they effectively create a legal method to discriminate against providers with less money.

Promoting Competition

Competition is perhaps the single most effective democratic method for promoting innovation. Proponents argue that, by allowing the larger, tier 1 service providers to place a higher priority on content requested through a specific content delivery network, smaller content providers who are unable to pay “tariffs” to transmit their content to end users will be put at a competitive disadvantage.

Net neutrality allows small Internet Service Providers and content distributors to compete in a free market against the larger, well-established rivals. While competition may be limited at the micro-level, competition at the macro-level is absolutely essential to the overall health, efficacy, and function of the Internet. The proposed legislation allows Internet giants to utilize their massive resources to squash competitors.

Opponents Views

Bandwidth Availability

Since the inception of the World Wide Web in the early 1990s, the amount of usage and information transmitted across it has continued to increase every year, creating the need for additional bandwidth to be able to handle all of the traffic.

The content of the Internet has also changed. It initially began as a way for connected universities to share research information with other institutions. Now, with the emergence of streaming video content providers, the majority of Internet traffic constitutes large-bandwidth, high-consumption traffic.

Opponents of net neutrality argue that the fees charged for accessing larger bandwidth content would be used by service providers to reinvest in their infrastructure. They argue that this would ultimately make services available for more customers.

Designing for the Future

Opponents of net neutrality legislation argue that bandwidth prioritization is an essential need for the continual growth and innovation of the Internet. They also argue that broadband service providers should be able to give preferential treatment to those willing and able to pay for the ability to transmit data packets more quickly than those who are either not able or willing to pay extra. The additional revenue would then be reinvested in more bandwidth and increased expansion of their network, allowing access to more residential subscribers.

The Bottom Line

Regulation within the Internet, especially those proposing a “tiered” class of Internet service, undermines the free Information sharing philosophy upon which the Internet was created. Regulation can and will lead to pay-per-view type services, where websites impose fees for access.

The costs for this type of access will not directly be to the end user, but to the Internet Service Provider, who will adjust their pricing based on the additional overhead required to provide its customers the content they desire. These costs, of course, are ultimately passed on to the end user through additional fees for accessing the Internet. It means imposing tariffs and usage fees associated with Voice over Internet Protocol (VoIP) telephony, chat or instant messaging services, and advanced search engines.

Feedback

Our position here at Front Range Internet, Inc. (FRII) is in-line with those beliefs held by proponents of net neutrality; the Internet should be open and accessible by all, regardless of the content you seek, geographic location, or (in)ability to pay increased costs for access. However, we value your opinion and want to hear your thoughts on the matter. Please leave us feedback by posting a comment to this blog article.

The Trouble with Passwords

Password Strength from xkcd

Popular web comic xkcd shows why most people’s hard to remember passwords aren’t very safe. Click image for full size. (license here)

Many people have trouble with passwords. And since the discovery of the Heartbleed bug, there’s a lot of frustration as people are asked to change their passwords on multiple sites. I think that most of this frustration stems from the habit we, as an Internet society, have of creating hard to remember passwords. And because we create hard to remember passwords, we tend to use tricks to help us — and these tricks make them easier to be cracked.

So here’s a list of things a lot of us do, but shouldn’t, along with things most of us don’t do, but probably should. These should make your passwords more secure and easier to remember.
Continue reading

PSA: Heartbleed OpenSSL Vulnerability

heartbleed vulnerability icon

The Heartbleed OpenSSL vulnerability should be taken seriously. FixedOpenSSL has been released. Please see heartbleed.org for more information. (image from heartbleed.org)

Warning: OpenSSL vulnerability.

I’ll skip trying to re-explain everything and just link to: http://heartbleed.com/

The short version is that OpenSSL versions in the last ~2 years are vulnerable to having basically any confidential information stolen. Any exploited servers are vulnerable to having previously sniffed traffic decrypted, even after patching out the vulnerability. It is recommended that you regenerate your SSL private keys and certificates, even after patching, and revoke the previous certificates with your certificate authority.

All in all, very bad. Approximately 1/3 of the Internet is effected. FRII is advising all customers to take this extremely seriously (as we are) and take every precaution. FRII has already patched all potentially vulnerable portions of our infrastructure, and any potentially compromised certificates will be revoked and replaced as soon as possible.

Mail Delivery Time Monitoring

a blue stopwatch represents timing mail delivery

You can use the same code as FRII’s team to monitor the delivery time of your email.

After the launch of our new MagicMail environment last year, in order to be completely on top of any issues that may arise, we’ve steadily added more monitoring for that system. One monitoring check that required a bit of scripting is checking the time it takes for end-to-end delivery on our system.

First of all, to view the code for this system, go here: https://gist.github.com/FRII/9748818

I won’t explain every line of those files, but I’ll be going over the general concepts of each script.

Continue reading

Spam Prevention

What is Spam?

in a list of email folders, the spam folder is highlighted for selection

Spam is an annoyance for most email users.

When FRII talks about spam (in the context of email), we’re referring to emails that are both unsolicited and bulk. For your convenience, here is a more technical definition from Spamhaus.org, a reputable anti-spam protection organization:

An electronic message is “spam” if (A) the recipient’s personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.
Continue reading

How to use mailing lists

Types of Mailing Lists

MailingList

Mailing lists are a convenient and adaptable method for email users to manage electronic mail distributions. These lists are typically used, and are subsequently named, for one of two purposes: announcement and discussion lists. Announcement lists are used to distribute email to a group of email addresses for newsletters, periodicals, and marketing materials. Discussion lists are used to provide a forum for individuals to participate in moderated or un-moderated discussions on topics of particular interest to them.

Continue reading

Mailing Lists: EZMLM v. Mailman — Which is better?

lots of envelopes with the "at" symbol, symbolizing mass mailing through e-mail

Bulk mailings should be done using email mailing lists.

If you need to send an email to a lot of people all at once, the best way to do this is through an e-mail mailing list. Most email providers won’t allow you to send too many emails without one (for instance, FRII has a rate limit that doesn’t allow any user to send email to more than 150 recipients in any five-minute period. Here’s a link to current rate limits for some major providers). Continue reading

Bottle.py to Apache mod_wsgi

logos for Python, Bottle, and Apache

Recently I have been building some small Python-based web tools for internal usage here at the office. I decided to use Bottle for handling the request routing, etc. I happen to like microframeworks for small projects such as these. What I’m going to post here today is some of the structure I built around Bottle to integrate it with Apache httpd (mod_wsgi), and allow more easily for multiple code files.

Continue reading