Squid, SquidGuard and OpenDNS

While my kids are both very young at the moment, Josh will be starting at infant school in September, and from our recent parent's introductory tour of the school they will be providing a good grounding in IT Literacy, including Internet familiarity.

As my working life revolves around Computer System Administration, I have more infrastructure than most at home - I host my own email, I have a web server and SSH VPN server, I have three seperate networks etc. It also means I spend a fair amount of time testing and evaluating software and services at home myself and with my family.

My latest focus for my home networks has been to start looking at how I can give my children Internet access while protecting them from the destructive and criminal elements of the Internet but without getting in the way of them making use of what is a very rich source of knowledge and experience.

There are two approaches I am looking at. Firstly, I am implementing Squid and SquidGuard on my Linux firewall.

I have these both installed, and have been looking at getting a set of policies put together to manage it all - currently I am looking at web-based management interfaces for the combination of Squid and SquidGuard (I'm sure there are a few) but haven't made much headway as yet. Watch this space for more as I find time to play.

Secondly, to back it up (and because the site definitions are likely going to be maintained much more often) I have already configured OpenDNS for my home LAN. Initially this was with the intention of speeding up name resolution from home but the service, to my pleasant surprise, includes much more functionality than a simple DNS lookup service.

First impressions of the OpenDNS service are very good - and the added bonus features (such as DNS Aliases - for example I could link "email" with my webmail server, "news" with the BBC News web site etc) are already proving useful. I was not looking for this service to offer the same results as my Squid/SquidGuard combination, but that would seem to be the result. A complementary set of protections, and an extra layer of safety against viruses can be no bad thing.

As a no-cost solution I would recommend people look at this service - in my opinion it compares well against some of the paid-for "Net Nanny" style products out there on the shelves, and will complement almost any combination of security measures you implement to protect your Internet activities.

Zimbra FTW!

Having now used Yahoo's open source Zimbra email server to host my email for some time, I am finally getting around to writing some words about it.

As a no-cost solution, running on comodity hardware and an open source software stack supporting it, I would chose Zimbra over any of the hosted solutions I have come across for the 1-50 user business (or in my case family). The rich webmail client has replaced desktop email clients for me, and having access to the same mail client, with the same customisations and settings from any machine with net access is a great boost. More recently the full desktop client, which allows offline access to messages, is easily as feature rich and useable as solutions from Microsoft or IBM that I have had the opportunity to use in anger, as well as the various open source solutions out there - can anyone say "evolution --force-shutdown".

There are features that I miss - GPG and S/MIME signing and encrypting my emails, ctrl-click drag and drop to copy messages - but progress is good and you can always connect your favourite desktop email client.

One more promising bonus is the ZimbraME Beta product - this installs on your Mobile Phone and provides you access from anywhere to your mail, a great addon. I have the generic version running on my Three Skype S2 phone (although scrolling within messages doesn't work) and for a beta its great to check which parking space I have been allocated when I turn up at work first thing like a zombie!

With version 6 just around the corner, lets hope my high expectations continue to be met!

RHEL5/CentOS5 Graphics Problems on HP ML115/ML150

Well, thought I would note this here for others' use - steps required to get RHEL5/CentOS5 to give you a usable display (without the corruption on the bottom 1/10th of the screen).

• At the gdm login prompt, drop to a console session: Ctrl-Alt-F1


• log in and su to root: su -



• stop the graphical login screen by switching to runlevel 3: telinit 3


• take a backup of the xorg.conf file:
  cp /etc/X11/xorg.conf /etc/X11/xorg.conf.backup"


• ask X to create a config for us: X -configure


• copy this config to our live xorg.conf, but force the vesa driver:
  
  sed 's/mga/vesa/' /root/xorg.conf.new > /etc/X11/xorg.conf


• edit the generated xorg.conf for keyboard settings etc with your favourite console editor


• test the config: startx


• assuming all is ok, System -> Log Out or: Ctrl-Alt-Backspace


• return to runlevel 5: telinit 5


• Don't forget to log out from VT1 Ctrl-Alt-F1

 

Hope this helps someone - its not a fix, but will at least give you a usable X session until a better solution presents itself.

Jim

Return of the Rain

Well, its raining again today - came back from a quick walk around the shops (and purchase of some cough syrup) looking like I had been for a swim in my jacket!

Although its not quite so cold, it seems to be a lot more like an average English January now.

Wednesday was David's funeral - it was a very nice ceremony, and a real testament to the hard work that Ness, David (Junior) and Julia put in getting prepared that everything went so well. David (Senior) would be very proud I am sure, and I am certainly very proud of Ness, she was so concerned that things wouldn't go well and everything was perfect on the day. Thankfully, even the weather held out for us with hazy sunshine lasting until the early evening by which time we were all back indoors.

In better news, I have received my new employment contract at work for my promotion to ICT Infrastructure Manager which can be no bad thing - another step on the path to my goals.

Geeky technical news: got the UPS service working on the server at home (kept meaning to look at this since I put it in last October but never seemed to remember when I was at a keyboard), and I have found everything I need to set Ness's laptop up to work wirelessly and run Linux instead of Windows so she should be able to do her thing anywhere in the house.

At work, Tobie has finally got some useful support from our Firewall suppliers on how to get us up and running again, and today we have finally got at least one site working perfectly - lets just hope the other follow suit.

Well, thats all I can think of right now so back to the grindstone for me.

Happy New Year

Well, its 2008 - taken me ages to get a chance to sit and write, apologies to anyone who has been waiting - not that I imagine there are many (sorry, any) of you.

Christmas has come and gone, New year has come and gone - I have yet to have a day resting this past three months though. What with everything that has been going on following the sad passing of Ness's Dad and all the usual Christmas period chaos with the kids and my family, it seems to have been non-stop.

Tomorrow we have David's funeral. Mum is coming to stay with me tonight (Ness and the kids are already at her Mum's) and tomorrow so that she can help me out - its tough being the last person people turn to, and someone to lean on is very greatly appreciated. While I am not looking forward to the inevitable emotions, I am glad we are finally able to put David at rest. It has been a long time coming, and I hope it will be a milestone in the grieving process for Ness and her family, allowing them to begin moving forwards and pick up the pieces.

That is all I have to say this morning, but with time on my own while Ness is staying with her mum I hope to start writing more frequently so watch this space - tech and geek stuff coming soon!

All that remains is to wish you a Happy and Prosperous 2008.