If you’ve read my OpenSSH series, perhaps even if you haven’t, you are probably aware of the power SSH offers to those who know how to use it. 
There are many ways to protect the service from unauthorized usage, focusing on self-contained or single host solutions, one finds two common flavors: those which make use of the Linux kernel’s packet filtering tools (netfilter and iptables), and those which rely on Wietse Venema’s TCP Wrappers. Netfilter certainly offers power and flexibility, but this may be at the cost of simplicity and management ease. While no security measure ought to be implemented blindly, there is an undeniable benefit to simple measures which can be configured quickly and with little fuss — in this arena, TCP Wrappers stands tall.
Continue reading »
One thing not mentioned in EC2StartersGuide is how to apply kernel patches. Technically, this isn’t currently possible in the Amazon cloud, which is to say that the boot loader (e.g. grub) within an EC2 instance cannot load an arbitrary kernel; nonetheless, official kernel updates are available via package updates, though cloud servers won’t automatically load the latest installed kernel when booted. Continue reading »
Database management is one of those tasks where GUI tools can often be handy and occasionally critical. The history of Linux point-and-click tools for MySQL is a bit checkered, and prominently features MySQL Query Browser and MySQL Administrator, official tools formerly supported by MySQL. Early releases were buggy and crash-prone, but had progressed to merely flaky by late 2009, when MySQL announced they would pull the trigger on them in favor of MySQL Workbench. MySQL support for the GUI Tools Bundle officially ended in June 2010, but the tools are still available in Debian and Ubuntu repositories, while MySQL Workbench is conspicuously absent. While this may deter many users from test driving Workbench, they are missing out on a powerful tool for database management. Fortunately, MySQL publishes MySQL Workbench binaries. Continue reading »
There are many resources on the Internet for correctly securing apache web sites with X.509 client certificate authentication. This isn’t one of them. What follows is a three step guide to the fastest, easiest method for setting up self-signed server and client certificates. You are advised not to run any of the commands below in a production environment, they are presented only as an aid for those who learn kinesthetically.
“A good solution applied with vigor now is better than a perfect solution applied ten minutes later.”
- General George Smith Patton III (source)
One thing to note about the United States Court of Appeals for the District of Columbia Circuit decision in Comcast vs. F.C.C.– it doesn’t restrict the F.C.C.‘s ability to regulate Internet services; rather, the court ruled that the broad regulatory powers enjoyed by the F.C.C. were overstepped when they told Comcast to stop discriminating against BitTorrent traffic . Many individuals dismiss this as a “bad decision” of the court, but to do so ignores important issues relevant to this ruling.
I generally favor ‘net neutrality, and I certainly don’t take a kindly view of the arbitrary packet discrimination employed by unscrupulous companies; left unchecked, such practices easily (perhaps inevitably) lead to “the pseudo service scenario of bribery … extortion“, but the same slippery slope analogy could slide the other way. Had the appellate court ruled in favor of the F.C.C. it would have set a precedent for allowing a regulatory authority to essentially invent new powers not specifically delegated to it by any act of Congress. If you would prefer that Congress pass such a law, you may wish to ask your representatives to support H.R. 3458.
In most cases, Ubuntu desktop systems will automatically detect and mount removable media, and this is largely done with software that is part of the X Windows system; for server systems without X Windows however, this sort of thing requires a bit of work.
Now some may ask, “Why automount removable media at all?” It is unwise to remove an active device, such as unplugging a USB drive without first unmounting it, and automounting may encourage this sort of recklessness. I don’t contend this, but if one runs a server using an external USB drive, there are two words which should spark an immediate interest in automatic mounts: power failure.
Continue reading »
Some time ago I enabled recipient delimiters (e.g. user+foo@host.tld) as a convenient way to know if shady web forms are 
contributing to my spam folder. The idea is that when House Depot requires me to have an account before I can see if they have loose screws in stock locally, I can sign up with garrison+housedepot@codefix.net instead of my usual e-mail. With recipient delimiters enabled, postfix will try to deliver any incoming mail to garrison+housedepot but when it finds no such user, it will try garrison and I get my mail. The problem arises when I discover that House Depot’s broken web form rejects any e-mail addresses with “+” in the user name as invalid. I’m already using garrison+foo style addresses elsewhere so I don’t want to change the recipient delimiter, but neither do I trust my real address to a company that can’t even create a proper web form. Continue reading »
S.A.R.E. Ninjas are the folks over at SpamAssassin Rules Emporium who act as sort of an arms dealer in the Spam War: they publish custom rules and plugins for SpamAssassin, the Open Source world’s powerful anti-spam software. This article is about an imminent software release that promises big trouble for spammers. Continue reading »
Dell didn’t ask but if they had I would have told them that Ubuntu Linux is a good choice. I have generally refrained from the usual histrionics whenever something Linux-ish makes the news, but I’d would like to voice a couple remarks regarding Dell’s Ubuntu announcement.
While I’m always happy to see Linux reaching a wider audience, Dell has been something of a fair weather friend to the open source crowd. Continue reading »
I’m working on a marketing letter, and I’ll be using one of my favorite success stories which is about Russ, owner of a small Internet service provider (ISP) providing web hosting, e-mail, and related services to his local community.
Once upon a time, I would listen to Russ complain of problems with his proprietary e-mail server, then I would suggest he let me set up a Linux server running open source software, and Russ would sigh, “Yeah, I really should…” but he could usually get his e-mail running again without too much help and everything would continue as before. Continue reading »
Recent Comments