Chucks Blog

Yesterday I found myself stumbling around Amazon searching for Christmas gifts. Out of pure habit I checked the electronic gadgets section, and managed to find an interesting little device for around 50$ USD: The Zipit Z2.

It is marketed as a instant messaging device, but a quick Google search finds it capable of being flashed to run a basic copy of Debian. This makes it really cool, as it can then be used as a small, portable SSH terminal. And since by default an install of Debian has fairly little included the device can be fairly secure. This makes it suitable for running simple personal things, like alpine and irssi to keep in touch with people without giving up passwords to a possibly keylogged kiosk.

One thing to note though is that the device’s default firmware requires a subscription to use. Therefore when purchasing one of these you need to be sure to not select any subscription, else you will be charged around 150$ instead of 50$. If your tempted to use this as it is advertised consider flashing it to Debian, and installing a simple IM client. Even irssi connecting to a bitlbee server is more than sufficient for the average user.

Alright, I’ll confess. I do have a Facebook account, even though I am a bit of a privacy nut. However, unlike most users I have employed the privacy settings to protect me from the average data mining theif.

Although it looks like it’s about to get a bit harder for these folks to get the data they want easily. Facebook just popped up a wizard today for me as I logged in, one that allowed me to change my privacy settings. Naturally I really didn’t change anything, because I already had my settings perfected, but this looks like it will help with eliminating most users privacy issues. Sure, the more hidden options like preventing your account from being indexed by search engines isn’t there, but maybe this wizard will help people realize it does exist.

Props to Facebook for making an effort, even if it is very small.

ab (apache bench) is a command line program that comes with apache by default in most distributions. It allows one to run a quick and efficient test of how a server can handle a heavy load of clients.

To use it simply run (as root)

ab -n number_of_requests_to_try http://www.websiteyouwanttobenchmark.com/

Note that the trailing / is necessary for ab to function. Once run it will produce a easy to read status report showing how fast your server responded to the requests. From there you can optimize your webserver to handle the requests more efficiently, all without having to resort to changing variables in the dark.

I’m a nerd. As such I find nerdy gadgets awesome, and this by far is one of the coolest ones in awhile. Meet the WiFi access point detecting shirt.

It’s a pretty simple device overall. It works by having a decal on the front that actually is powered by a few AAA batteries detect wireless g & b access point signals nearby. When a signal is strong then all the bars are lit up, else less bars are lit up. The decal can then be removed when one wishes to wash the shirt.

This is a great toy for those who travel a lot, as you could simply wear this to determine the best reception point in an airport lobby or hotel room. Even those of us who don’t travel often probably wouldn’t mind using it to see how close to Mc. Donalds we need to park in order to use their free WiFi connection.

Today I poured over some of my auth.log files as usual, and yet again to my disappointment there were several hosts that had spent around three to four hours hounding my server with login attempts every five seconds. Having a few hours of time to kill I decided to investigate one of the machines.

I managed to determine large quantities of information. Below is a snippet of the text file I logged my findings in:

Fedora Core (unknown version)
Default Apache 2 installation
- /var/www/html is directory for www files
- /cgi-bin/ does exist, but directory indexing is off

Port 21 (ftp), 22 (ssh), 80 (http), 443 (http) are open.

All this points to that the owner set up a machine, connected it to the Internet, and forgot about it. One would assume the owner would have at least have tried to secure this server with some simple things, but nope. FTP still had its default banner, the apache test CGI scripts were available, and the machine was not patched. (Apache and ssh were about 6 months behind the latest, most secure versions)

I assume the reason this machine was attacking servers was because of a rogue individual compromising its security. I of course did not check, but it is perfectly possible that the owner left a default user account with a common password, opening the avenue for a simple bruteforce attack. How ironic, considering this is what it is doing itself to other machines.

In conclusion, admins, PLEASE SECURE YOUR MACHINES! If you do not then you will likely have your box compromised, just like this one. And trust me, you do not want to be on as many blacklists as this unfortunate victim.

Well, it appears KDX is finally dead. Haxial software pulled the plug on themselves. From their homepage:

Unfortunately, the Haxial Software company is unable to continue operation, and has suspended itself.

The software is no longer being distributed or sold, and technical support is no longer provided.

Tis a sad day. For anyone who doesn’t know already, KDX was a bulletin board like chatting system. It may have never grown as popular as Hotline, but it did excel in many ways. It was actually very useful for moving files between Linux, Windows, and Mac OS 9/X without having to resort to FTP.

Ah well, farewell KDX, and good luck former Haxial employees.

Around the end of October, Canonical (the company behind Ubuntu) announced the new release of Ubuntu, specifically version 9.10. A little after it was released I installed in on my laptop, and so far I’m pretty impressed. I haven’t tested it extensively, but I do use it enough on a day-to-day basis that I would have noticed any significant issues.

Heres a screen shot of my desktop. This is not an out of the box desktop, rather it is about 20 minutes of work customizing my install. This is better than previous versions, where customizing like this took a good solid hour.

Besides being easy to customize, the new version of Ubuntu offers several notable features. A quick list of the ones I have noticed so far:

• Much better Bluetooth device support
• Darker and more eyecandy-like login screen
• Faster boot time (About 60% faster on my laptop than 8.04)
• Better integration of instant messaging  and email into the desktop
• The default usage of the ext4 filesystem
• And finally a new, and very promising service known as “Ubuntu One”

I haven’t really noticed any issues so far with anything, but there were some reports from early adopters stating plenty of large issues. I believe the majority of them have been fixed now, though it’s still advisable to test from the live CD to make sure hardware support hasn’t disappeared.

One thing I look forward to seeing advance is the Ubuntu One service. So far it only syncs bookmarks on FireFox, contacts in Evolution, files, and allows for quick sharing of a desktop, but possibly later on it could support things like mail and instant messenger account settings.

So maybe you’ve gotten tired of entering your password every time you log in to your home server. Maybe you desire better security. Or maybe you want to run automated scripts from a remote box and have their results piped to a local file. (Yay nerdiness!) Regardless this article is for you.

I’m not sure how to do this if your using putty, (feel free to contact me if you know) but I do when it comes to any Linux/BSD based operating system with the standard ssh package. First off you need to generate a RSA key pair (or DSA, your choice) on your client machine. Do this by running

ssh-keygen -t rsa

And just use the default location for the keys to be saved when asked. Heres the big thing to remember: when it asks for a password, DO NOT give it one. If you do than you will have to enter it every time you use the keypair.

The next step is to copy the public key into the ~/.ssh/authorized_keys file on your server. If this file does not exist already simply run the following to copy it over

scp .ssh/id_rsa.pub user@remoteserver:~/.ssh/authorized_keys

Then try connecting to the server. It should instantly login. Now, if your authorized_keys file already exists then what you need to do is append your public key to it. A simple copy+paste usually works, just be careful not to break any lines.

And that’s how you setup public key authentication with ssh. You can also change your server’s ssh daemon confiuration file to disable password authentication if you wish, but be sure you have a backup method of obtaining access to your server if you lose your private key.