Wed, 19 Jan 2005
A fellow nolugger wrote this article about New Orleans. I think much of the same could be said about European countries. Certainly my recent honeymoon to Spain had me thinking in a similar mode. Priorities, perspective, and values....
[/Life/Rambles/#New_Orleans.html] Comments (1)
BigAdmin article on SAN booting and Jumpstart
This is one of those articles I'm just preserving for my own future reference.
[/Computers/OS/Solaris/#SANfabricboot.html] Comments (0)
Tue, 18 Jan 2005I found this article on installing Debian From Scratch fairly intresting. Lately I've been installing mepis as a Debian install for others. But for myself, I need something a bit more hands-on. The Debian install I have at home is getting really stale now so I am actually considering a re-install.
Lots of folks think a re-install might not be necessary; just apt-get upgrade to happiness. But, honestly, I've got a mess of old packages, configs, etc form having a nearly 4 year old desktop, unstable installation. If this box were a server with a stable-testing, it would be a different story. There are times when a clean install makes sense. And it would give me a chance to get re-aquainted with the "Debian way" and new tools they have built -- just recently I discovered the rather handy modules-assistant for rebuilding nvidia-kernel and alsa-src on my 2.4-kernel unstable Debian box.
References
- http://people.debian.org/~jgoerzen/dfs/html/dfs.html - DFS documentation
- http://julien.danjou.info/article-apt-build.html - apt-build tutorial (translated from French). Gives (overly) fine-grained build customization ala Gentoo.
[/Computers/OS/Linux/#DebianFromScratch.html] Comments (1)
Thu, 13 Jan 2005
Just some quick apple humor bits
I found this really funny for some reason. The answer is pretty fun as well.
[/Humor/#apple_laughs.html] Comments (0)
Wed, 12 Jan 2005Joey Hess wrote an article sometime back on how he maintains his entire home directory in cvs. He has updated it now to use subversion now. I've been using svn to maintain some projects myself and I liked Joey's original concept. The only issues for me is that I sometimes use different profiles for some job sites. And the Operating System differences in some of my more heavily edited bash_profile scripts are pretty convoluted. I also may not have svn clients on the machine's I use so rsync or just scp would be needed there.
In any case, it's a neat concept and something I may have to try soon.
[/Computers/OS/Linux/#homedirinrevcontrol.html] Comments (0)
Sat, 08 Jan 2005- LWN: Welcome to LWN.net
excellent Linux news site
- Slashdot: News for nerds, stuff that matters
duh.
- How To Ask Questions The Smart Way
- Debian -- The Universal Operating System
my other favorite linux distribution ;)
- Gentoo Linux -- Gentoo Linux News
One of my favorite distributions
- x11vnc: a VNC server for real X displays
very useful utility for VNC. use with SSH tunnels to connect to active remote desktops ala console utility 'screen'
- SecurityFocus HOME Infocus: SSH Port Forwarding
Part of an excellent series describing smarter ssh usage. I use most of these daily
[/Computers/Bookmarks/#1105145534.html] Comments (0)
Thu, 06 Jan 2005Everything is Crazy has published an article that asserts that ever increasing bandwidth will eventually overcome Microsoft's Operating System monopoly. In other words, the application platform moves from the Operating System to the Internet itself.
There is some evidence to support the notion that Operating Systems will matter less and less. Google's Gmail is a tantalizing, but relatively simple glimpse. Mozilla and Firefox have oft been presented as application platforms in their own right. Certainly the browser is one of the most utilized components for any computer user. And while the old "the network is the computer" campaigns ultimately fizzled, as Everything is Crazy's author notes in a followup, the bandwidth simply wasn't there.
Here's where the argument falls apart a bit for me:
Most users have no desire to be the system administrators of their machines, and would gladly turn that task over to someone else for a nominal fee. As bandwidth increases, telcos, cable companies, and others will be in the perfect position to become application service providers for the average home user, and said average home user will gladly accept this, as long as the price isn't too high. I see this as almost inevitable.It's true, average joe users are struggling with security pains and becoming less than happy system administrators. But I just don't see cable companies and telcos stepping up to this plate. The bottom line, as always, is the bottom line. The investment to become an application provider would be substantial. This is particularly evident when you factor in the support costs. Telco's and cable companies have not been particularly good at consumer tech support and satisfaction so far.
And I don't see there being a viable return on investment any time soon. Providers are still looking to maximize their initial investments building and launching broadband. They are spending most of their time and dollars getting 'triple-play' going to compete with one another while fending off interlopers such as Vonage and AT&T for voice. The only provider that might have some ability to test these waters as a variant of the Application Service Provider is Time-Warner with it's AOL division.
Otherwise, third parties probably have the best possibility of getting into this sort of game. Will we one day do all of our word processing and spreadsheet work in a browser rather than a traditional desktop app? Maybe. Or maybe in two or three years things will be far more different than we imagined presenting other possibilities for people to get (over)excited about.
[/Computers/Internet/#internet_as_app_platform.html] Comments (0)
Keeping ports up to date on OpenBSD
OpenBSD doesn't have portupgrade like FreeBSD. Many OpenBSD users just take a snapshot of installed ports/packages by first running pkg_info and then deleting their package database as described in OpenBSD's upgrade documentation. OpenBSD does offer a script though, to check what ports are out of date: /usr/ports/infrastructure/build/out-of-date. The script seems to work well for my needs.
[/Computers/OS/OpenBSD/#updating_ports.html] Comments (0)
Wed, 05 Jan 2005- blosxom :: the zen of blogging ::
My blog tool of choice
- broadband » The 'bible' for Information on DSL, Cable and Other High Speed Internet Services
Best site for broadband information troubleshooting
- !InetDaemon.Com - Tutorials: Internet, Telecom, Satellite, Computers, Troubleshooting
Tutorials and documentation for networking/protocols etc.
- The Moron's Guide to Kerberos, Version 1.2.2
Good description/documentation of kerberos
- Nix Bits
This is my own home page
[/Computers/Bookmarks/#1104958956.html] Comments (0)
cygwin, perl, ssh with X11 forwarding on a single cd. All of it runs from the cd too. Another CD for the toolkit. Get it here.
[/Computers/Tips/#xlivecd.html] Comments (0)
Sometime around the release of Firefox 1.0, the default use of Emacs-style keybindings in the URL bar was changed. Here's how to put it back right.
Also found a really handy feature for reading RSS/Atom feeds in Thunderbird. I like this much better than the Live bookmarks method employed by Firefox or the sidebar readers available as extensions. This is a really good way to get security announcements and weekly newsletters from the various distributions. Mouse gestures, Conquery, Adblock, and User-Agent Switcher extensions make the whole Mozilla Firefox/Thunderbird suite the winning combo for me.
[/Computers/Tips/#emacs_bindings_for_firefox.html] Comments (0)
Mon, 03 Jan 2005
ssh blocker script for TCP Wrappers
Since this past summer, compromised machines have been attempting to brute force user accounts via ssh. Mostly this is annoying but it would be nice to detect and block these IPs. Francisco de Borja Lopez Rio made a Python script that watches /var/log/authlog on OpenBSD and adds IPs to a filter table for OpenBSD's pf. Script can be found here.
Later Juan J. Martinez used the same concept to create a simple shell script to behave similarly. While this is nice, some of my own bastion hosts running ssh are not OpenBSD machines and thus cannot run pf. So I modified Juan's script to use Weitse Venema's ubiquitous tcp wrappers instead. The bash shell script also expects GNU variants of cat, echo, awk, etc. but should be easily modifiable to operate on, say, Solaris. You can get it right here. It would also be relatively easy to edit to use Linux iptables instead.
Incidently, there may be some other, perhaps better approaches for dealing with this. One is to only allow key-based authentication instead of simple password authentication. Another might be to run ssh on a port other than 22. The first option is probably the most secure and some useful details can be found here. Running somewhere other than 22 may be out of the question and automated attack scripts may use port scanning to find running sshd's rather than assuming the well-known service port.
If you don't need to ssh from arbitrary hosts, then you should be blocking that at the firewall level, though you can add it to hosts.deny as well. Since this is IP based, attackers that can figure out your "whitelist" allowed machine IPs could utilize spoofing for a determined attack. The attacks we're blocking here are almost certainly automated and more of a nuisance. Restricting logins to key-based authentication only should be considered. This script or one of the firewall scripts noted above could then be added as well to block automated nuisance attempts. For a little extra obscurity, Port Knocking could be layered into the mix....
Download link: ssh_blocker_wrap-sh.tar.gz
[/Computers/Security/#ssh_blocker_wrap-sh.html] Comments (0)
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 |
About
Nix Bits, Notes about life, *nix, and other stuff.
Scott Harney (GPG key)
<scott_harney@yahoo.com>
Wedding
I got married on 9/4/2004. So click for details, already.
Resume
An online copy of my resume. This resume is suitable for printing
but also contains clickable links providing more detail.
Just mouse over the bullet items.
Photo Album
Lots and lots of family pictures.
Archives
Search
Bookmarks
My del.icio.us bookmarks
Subscribe
Subscribe to a syndicated feed of my weblog,
brought to you by the wonders of RSS or Atom.
Old stuff
Links and writings from the older version of this site
Old stuff