Living in New Orleans
A fellow nolugger wrote this article about New Orleans.
I think much of the same could be said about European countries. Certainly my
recent honeymoon to Spain had me thinking
in a similar mode. Priorities, perspective, and values....
[/Life/Rambles/#New_Orleans.html]
Comments (1)
BigAdmin article on SAN booting and Jumpstart
This is one of those articles
I'm just preserving for my own future reference.
[/Computers/OS/Solaris/#SANfabricboot.html]
Comments (0)
Debian From Scratch
I found this article
on installing Debian From Scratch fairly intresting. Lately I've been
installing mepis as a Debian install for
others. But for myself, I need something a bit more hands-on. The Debian
install I have at home is getting really stale now so I am actually
considering a re-install.
Lots of folks think a re-install might not be necessary; just apt-get
upgrade to happiness. But, honestly, I've got a mess of old packages,
configs, etc form having a nearly 4 year old desktop, unstable installation.
If this box were a server with a stable-testing, it would be a different
story. There are times when a clean install makes sense. And it would give
me a chance to get re-aquainted with the "Debian way" and new tools they have
built -- just recently I discovered the rather
handy modules-assistant for rebuilding nvidia-kernel and alsa-src on my
2.4-kernel unstable Debian box.
References
[/Computers/OS/Linux/#DebianFromScratch.html]
Comments (1)
Just some quick apple humor bits
I found this really funny
for some reason. The answer is
pretty fun as well.
[/Humor/#apple_laughs.html]
Comments (0)
$HOME in revision control
Joey Hess wrote an article sometime back on how he maintains his entire home
directory in cvs. He has updated it now to use subversion
now. I've been using svn to maintain some projects myself and I liked Joey's
original concept. The only issues for me is that I sometimes use different
profiles for some job sites. And the Operating System differences in some of
my more heavily edited bash_profile scripts are pretty convoluted. I also may
not have svn clients on the machine's I use so rsync or just scp would be
needed there.
In any case, it's a neat concept and something I may have to try soon.
[/Computers/OS/Linux/#homedirinrevcontrol.html]
Comments (0)
Today's del.icio.us links
More at http://del.icio.us/omegaman)
[/Computers/Bookmarks/#1105145534.html]
Comments (0)
The internet as platform?
Everything is Crazy has published an article that asserts
that ever increasing bandwidth will eventually overcome Microsoft's Operating
System monopoly. In other words, the application platform moves from the
Operating System to the Internet itself.
There is some evidence to support the notion that Operating Systems will matter
less and less. Google's Gmail is a tantalizing, but relatively simple
glimpse. Mozilla and Firefox have oft been presented as application platforms
in their own right. Certainly the browser is one of the most utilized
components for any computer user. And while the old "the network is the
computer" campaigns ultimately fizzled, as Everything is Crazy's author notes in a
followup, the bandwidth simply wasn't there.
Here's where the argument falls apart a bit for me:
Most users have no desire to be the system administrators of their machines,
and would gladly turn that task over to someone else for a nominal fee. As
bandwidth increases, telcos, cable companies, and others will be in the
perfect position to become application service providers for the average home
user, and said average home user will gladly accept this, as long as the price
isn't too high. I see this as almost inevitable.
It's true, average joe users are struggling with security pains and becoming
less than happy system administrators. But I just don't see cable companies
and telcos stepping up to this plate. The bottom line, as always, is the
bottom line. The investment to become an application provider would be
substantial. This is particularly evident when you factor in the support
costs. Telco's and cable companies have not been particularly good
at consumer tech support and satisfaction so far.
And I don't see there being a viable return on investment any time soon.
Providers are still looking to maximize their initial investments building and
launching broadband. They are spending most of their time and dollars getting
'triple-play' going to compete with one another while fending off interlopers
such as Vonage and AT&T for voice. The only provider that might
have some ability to test these waters as a variant of the Application Service
Provider is Time-Warner with it's AOL division.
Otherwise, third parties probably have the best possibility of getting into
this sort of game. Will we one day do all of our word processing and
spreadsheet work in a browser rather than a traditional desktop app? Maybe.
Or maybe in two or three years things will be far more different than we imagined
presenting other possibilities for people to get (over)excited about.
[/Computers/Internet/#internet_as_app_platform.html]
Comments (0)
Keeping ports up to date on OpenBSD
OpenBSD doesn't have portupgrade
like FreeBSD. Many OpenBSD users just take a snapshot of installed
ports/packages by first running pkg_info and then deleting their package
database as described in OpenBSD's upgrade documentation. OpenBSD does offer
a script though, to check what ports are out of date:
/usr/ports/infrastructure/build/out-of-date. The script seems to
work well for my needs.
[/Computers/OS/OpenBSD/#updating_ports.html]
Comments (0)
Today's del.icio.us links
More at http://del.icio.us/omegaman)
[/Computers/Bookmarks/#1104958956.html]
Comments (0)
Xlivecd
cygwin, perl, ssh with X11 forwarding on a single cd. All of it runs from the
cd too. Another CD for the toolkit. Get it here.
[/Computers/Tips/#xlivecd.html]
Comments (0)
Emacs keybindings for firefox
Sometime around the release of Firefox 1.0, the default use of Emacs-style
keybindings in the URL bar was changed. Here's
how to put it back right.
Also found a really handy feature for
reading RSS/Atom feeds in Thunderbird. I like this much better than the Live
bookmarks method employed by Firefox or the sidebar readers available as
extensions. This is a really good way to get security announcements and weekly
newsletters from the various distributions. Mouse gestures, Conquery,
Adblock, and User-Agent Switcher extensions make the whole Mozilla
Firefox/Thunderbird suite the winning combo for me.
[/Computers/Tips/#emacs_bindings_for_firefox.html]
Comments (0)
ssh blocker script for TCP Wrappers
Since this past summer, compromised machines have been attempting to brute
force user accounts via ssh. Mostly this is annoying but it would be nice to
detect and block these IPs. Francisco de Borja Lopez Rio made a Python script
that watches /var/log/authlog on OpenBSD and adds IPs to a filter table for
OpenBSD's pf. Script can be found here.
Later Juan J. Martinez used the same concept to create a simple shell script to behave similarly.
While this is nice, some of my own bastion hosts running ssh are not OpenBSD
machines and thus cannot run pf. So I modified Juan's script to use Weitse
Venema's ubiquitous tcp wrappers instead. The bash shell script also expects
GNU variants of cat, echo, awk, etc. but should be easily modifiable to
operate on, say, Solaris. You can get it right here. It would
also be relatively easy to edit to use Linux iptables instead.
Incidently, there may be some other, perhaps better approaches for dealing with this.
One is to only allow key-based authentication instead of simple password
authentication. Another might be to run ssh on a port other than 22. The
first option is probably the most secure and some useful details can be found
here. Running
somewhere other than 22 may be out of the question and automated attack
scripts may use port scanning to find running sshd's rather than assuming the
well-known service port.
If you don't need to ssh from arbitrary hosts, then you should be blocking
that at the firewall level, though you can add it to hosts.deny as well. Since
this is IP based, attackers that can figure out your "whitelist" allowed
machine IPs could utilize spoofing for a determined attack. The attacks we're
blocking here are almost certainly automated and more of a nuisance.
Restricting logins to key-based authentication only should be considered. This
script or one of the firewall scripts noted above could then be added as well
to block automated nuisance attempts. For a little extra obscurity, Port Knocking could be
layered into the mix....
Download link: ssh_blocker_wrap-sh.tar.gz
[/Computers/Security/#ssh_blocker_wrap-sh.html]
Comments (0)
|