About
Shiatsu
Contact
RSS
Die Mehrheit der Jugendlichen in Deutschland würde einer Studie zufolge eher auf den aktuellen Partner verzichten als auf Handy und Internet. Ein Leben ohne Internet sei für 84 Prozent der Befragten 14- bis 29-Jährigen undenkbar, während 97 Prozent sich ein Leben ohne Handy nicht vorstellen könnten. Der aktuelle Lebenspartner ist demnach nur für 43 Prozent der Jugendlichen unverzichtbar.
Also unsere Welt muss ja zugrunde gehen…
(Studie via Heise, das Bild ist von openclipart.org)
I just noticed that my previously published article about “Must-have tools for HTML, JavaScript and AJAX development and debugging” has been translated to Chinese:
进行 HTML、JavaScript 和 Ajax 开发和调试的必用工具
Have fun reading 
Every six month or so the students in the Tools development team are asking me a lot of questions about Vienna. Which is fine – most of them are from overseas and they want to visit all major cities in Europe and not only stay in Herrenberg 
Most of the time they are asking the same questions and I’m googling for the same links. So why not create a link collection, add some comments now and then and provide a permanent resource for my students and the rest of the world? But primarily for my students, of course
And hey, you can still ask me questions and contact me, so we can go for a beer or a cocktail…. if you want.
In general wien.gv.at is a very good page about Vienna and you also have a very good city map there.
Ok, the first important thing is how to get from the airport into the city. A taxi costs about EUR 30,-, so the CAT might be cheaper.
Badly the page for public transport in Vienna does not have an English version (or I just don’t find it) and the page is just bad. But here is the basic information from that page:
The first one can be sold at any subway entrance, for the others I have no idea yet – please update me.
Another nice page I’ve found is The Vienna Metro with a lot of information about tickets, metro maps and all that stuff…. check it out!
Regarding “living” in Vienna I don’t have any experience, I only know that my flat is nice but too small…. but here is the major killer link regarding youth hostels: Youth Hostels in Austria. The one called Hostel Schlossherberge is very nice, but a bit outside.
If you have stayed in Vienna (Youth hostel, hotel, wherever) please send me a link and a recommondation of that “place”, so I can add it here.
There is a lot of stuff so see in Vienna, so I even don’t know where to start. One student (Sophie) told me that she just entered the tram 1 (or 2, which is the opposite direction) and jumped on and off wherever she found something interesting. And really, tram 1/2 are following the “ring” so you will see the Opera, a lot of museums, the town hall….
In general you should just walk around in the city – the starting point should be the St. Stephen’s Cathedral, the center of the city. From there you can easily walk to the Hofburg.
“Outside” we have the Schönbrunn Palace, a must-have-seen. Furthermore you should go to the Prater with the Giant Ferris Wheel.
More information about sightseeing can be found here.
When you are in Vienna and in the Prater you should go and eat at the Schweizerhaus – mandatory! And I’ll be with you – mandatory!
And you definitely have to go to the Hotel Sacher next to the opera to try their famous cake!
For other good restaurants and bars ask me, don’t want to write more now…. but for going out at night my recommondation is the Volksgarten – does not matter if Club, Pavillon or Tanzcafe!
The most important topic, especially for the female students. Maybe I should handover to my girlfriend here?
Anyways, I also have some shopping-experience – being in front of St. Stephan’s Cathedral you can turn to the left and follow down the Rotenturmstrasse to the Schwedenplatz. On the right there is the more important street – the Kärntnerstrasse, which leads you to the Opera (opposite to Starbucks).
Or you can just turn around and walk into the Graben (leave Zara on your right hand side) until you reach the famous Julius Meindl. In the street to the left you will find some very cheap shops (Louis Vuitton, Versace, D&G, Channel….), the right side is a bit better. If you want to know where to find Furla, please contact me.
The other must-be is the Mariahilferstrasse, , the longest shopping-street in Austria. Just start at the MQ and and follow the street until you reach the Benetton super store….
That’s it for now – more will come whenever I have the time to write something….
Hopefully this page helps you all a bit – it would be nice if you send me your comments, corrections or ideas, so this page can be improved!
Regards,
Mike
Found a bug? Want to say something? Or just send me an comment? Feel free to do so!
On December 5th 2007 I could not believe my eyes when I had a look at the log files – someone was trying to send a severe amount of spam to my server. Someone? Yes, “someone” targeted his botnet against a hosted domain and this botnet performed a dictionary attack. So what did I do? What can you do?
First of all let’s see what happens in detail – a bad guy ™ who controls a botnet says he wants to spam a certain domain – now the bots start sending mails to that domain using random (dictionary based) recipients that don’t exist on the server, i.e.
By running the following command against the mail-log you can see that most of the sender IP’s are unique:
cat mail.log | grep NOQUEUE | awk -F[ '{print $3}' | awk -F] ‘{print $1}’ | sort | uniq -c | sort -n
You will also see that most IP’s are just contacting the server once.
So the first thing to do is blocking the “top 50″ (or top 100) of those IP’s using iptables. This helps to filter IP’s that are coming back on a regular basis (be sure you don’t filter any of your users!) and works, but compared to ~1000 unique IP’s that are ever-changing it does not really work out. This manually IP filtering shows up in the graph around 14:45 and 18:00.
You are lucky if you are running a greylisting service, that way ~90% of all mails are rejected the first time and the spam bots never come back to try a second time. This is also visible in the graph – usually there is about 1 mail per minute filtered, during the attack this number went up to 22/minute. What I did was increasing the greylisting time-out time to 3000 seconds (50 minutes) to block the bots even longer. But still some of them tried very often and did not get blocked by manually created iptables rules – they came through to the mail server.
Luckily catch-all was disabled on this domain, so the other 10% that came through have been rejected with a “user not found” message. I would estimate that not a single mail has been delivered to any inbox… so, as no mail hit Spamassassin and ClamAV (which are expensive processes) the load of the machine was still fine and it had reserves left even at the peak of the attack around 18:00.
What else to do? Actually, there is nothing you can do if you have such an attack except waiting until it’s over. Next steps would have been disabling the targeted domain in the mail server (which makes the denial of service attack successful) or shutting the service down – which also has an impact on other hosted domains. Both options are only the last resort and should be taken if the mails start coming through to Spamassassin and ClamAV and the server load increases dramatically. But it’s better shutting one service down than to loose the whole machine.
So, sit down, have a drink and wait.
The conclusion is that you can’t really do anything against such attacks as they are coming from a lot of different hosts – but the spammers will stop by themselves after a while and it’s going to be over soon. But you better be prepared – be sure you use a greylisting filter and catch-all is disabled. Also closely monitor the system load and be prepared to shut the service down (inform your users before you do that!).
Three additional comments: the spike at 21:15 was a user sending his evening-bunch of “funny fun mails” to a lot of recipients (he should use Youtube for those videos… *grml*). No user reported an issue with the server, it was responding as usual during the attack. Traffic did not increase rapidly during the attack.
Have you ever heard of O’Reilly’s popular Hacks-Series? In those books they cover detailed stuff about special areas and they are very specific about those topics.
That was the reason to order PHP Hacks (by Jack D. Herrington) – a complete failure.
Contents
Purely from the contents the book looks amazing – it covers some basics, focuses on Web Design and DHTML, talks about Graphics and Databases and even about Design Patterns and Testing. Perfect, isn’t it?
So I started reading, skipped the first Chapter about the installation and continued with…
Within this chapter PHP must not be used at all – the chapters just describe the HTML/CSS basics, and they do it in a wrong way. For example on page 17 the printed option-tag is invalid xhtml, because it must be ‘selected=”selected”‘ and not just “selected”.
And the examples are dangerous, because the author does not take care of XSS bugs –> the $_GET["style"] is just printed back to the screen without any validation or without even mentioning that there might be an XSS bug.
Again, to explain how to display simple boxes with HTML/CSS or how to format tabs – no PHP is needed at all!
The hack #6 about tabs is shows that the author did not think about application performance – the example executes the code of all tabs but displays only one of it, the rest of the output is just buffered and increases the memory usage of the script.
Almost the same for hack #8 – this is basic HTML formatting and should be in a beginners-book, but not in O’Reilly’s famous hacks-series.
While reading about hack #10 (Send HTML Email) I got really pissed of – I’ve never seen such a circumstantial way of sending a mail. He is not using one of the installed PEAR packages or using a class design, no, he is sending the HTML mail in a crappy way so it can’t be reused and does not hide the details from the developer. Sending HTML mails using PEAR would have been much easier that that.
The chapter about DHTML and Ajax is just advertising for various JavaScript frameworks, and not for OpenSource frameworks, but also for commercial ones. Over all there is absolutely no need of using PHP for those examples – they just make the code much harder to read and don’t allow to focus on the problem or solution.
In hack #16 the author suggests to use the Google image search to search for arrow keys without mentioning that those graphics might be copyright protected. This hint is very dangerous and could bring readers into serious problems!
The most absurd hack is #18 – about how to obscure JavaScript code. This is as useless as those “Disable Right Click” scripts that can easily be bypassed.
Also very intersting is the binary clock – those little scriptlets can be found by searching the web and there is no magic behind it and there is no need of printing such a (useless!) scriptlet in a book.
The calendar (hack #26) is also useless, because noone creates an own calendar today. There are lots of good and free (free as in speech and free as in beer!) calendar creating frameworks out there, so save yourself a lot of time and don’t reinvent the wheel!
The only almost good hack is about copying Googles map-scrolling-effect, but the whole thing does only work with one browser and therefore it is not really useful at all.
Somehow the story could continue for every single chapter. But after chapter five or so I stopped reading and just fly over the rest of the book… just check out the table of contents and you will see that I’m right if I say that the book just sucks and is not worth the money.
Buy another book that is really professional and has something new in it…