Slashdot Mirror

← Back to Stories (view on slashdot.org)

Update On WorkSpot

Posted by ryuzaki0 on from the straight-from-the-horse's-mouth dept.

Michelle Kraus of WorkSpot passed along the note below in response to many of the questions raised following the announcement of free demonstration accounts on the WorkSpot server featuring upgradeable Linux desktops. Kudos to the crew at WorkSpot for handling the influx of account requests as well as they have. Getting Slashdotted isn't easy on servers;)

"Dear members of the Slashdot community:

We at Workspot want to thank everyone who has take the time to check out our service (www.workspot.com). We have been operating under the radar for the last year, with lots of enthusiastic comments from those who have found out about us. We have had lots of suggestions about how to optimize our service, which we are incorporating into our upcoming release. We are also implementing a significant upgrade to our architecture and capacity to provide more users with continued access.

We want to make sure everyone understands that we are in early beta with an imminent upgrade to be released soon. Therefore, we ask you to please be patient with us as we register the thousands of users that have come to our door this week. For more information and our initial response to questions raised by the community go to this Slashdot response.

Note,we will post a technical FAQ later this month and will continue to respond to technical issues raised by the community. We are here to serve Linux!"

9 of 28 comments (clear)

  1. There's a BIG problem with WorkSpot by Anonymous Coward · · Score: 2

    Apparently, the account generation is done automatically by a script. This is very nice and efficient, BUT it's not foolproof.

    How do we know this? Let's just say that someone applied for the username "root". And it went through.

    Now, I'm sure you can see why it is that they haven't been responding as of late.

    --AC to protect myself

    1. Re:There's a BIG problem with WorkSpot by dlc · · Score: 2
      • Are you sure that's the only thing that's special? I suspect that if that script ran "passwd root", the effects would qualify as "special".

      Nope, still nothing special about the name "root". It's a character string, nothing more, nothing less. The problem, though, is that Unix searched through the password file line by line and stops when it reaches the name it is looking for. So, "passwd root" will do what you think it will if the admin hasn't changed the name associated with UID 0. Many, if not most, good sysadmins change the superuser's name.

      By the way, even Microsoft recommends, as part of the standard "NT hardening", changing the name of the Administrator and Guest accounts.

      But, just as an aside, if you use a system with shadow passwords (good idea) and you want to change the name of the root user, be sure to do it in both /etc/passwd and /etc/shadow (or run /usr/sbin/pwunconv first) before you log out as root, or you'll in a world of hurt (have your installation media close by if you do this!). Experience talking here...

      darren


      Cthulhu for President!
      --
      (darren)
    2. Re:There's a BIG problem with WorkSpot by roystgnr · · Score: 4

      As long as the script doesn't assign UID '0' it should be OK. There's nothing special about the username 'root' other than the fact that most of the time it is attached to UID '0' :-)

      Are you sure that's the only thing that's special? I suspect that if that script ran "passwd root", the effects would qualify as "special".

  2. Re:Decoy method of security? by QZS4 · · Score: 2

    I've heard of machines with several accounts with uid 0, but that was machines used for Unix training - When the student messed up the r00t account, there was still a way to get in for the instructor.

    Actually, changing the name of the administrator-account is recommended practice on NT, from what I've heard...

  3. "Invalid e-mail address"? by Kris_J · · Score: 2

    I'm trying to sign up, but it keeps telling me I have an invalid e-mail address. I've tried a couple, anyone else having these problems?

  4. Re:Decoy method of security? by Teferi · · Score: 3

    You bet. :P
    Actually, there're probably a few poorly written scripts that depend on the username, but in general, that should work...
    Heh, makes me wonder why more people don't do it - "Hey! I rooted this box, but I can't rm -rf /!"


    "If ignorance is bliss, may I never be happy.

    --
    -- Veni, vidi, dormivi
  5. Decoy method of security? by Symbiosis · · Score: 3

    Hrm....
    So, does that mean I could assign root a different UID, and give a different username UID 0? Ya know, sorta set-up a "dummy root", as a security measure? Or is this not a feasible task? i.e., would this account function fully as root, or do some tasks expect the username "root"?

    --Ricky

    ====================================
    My mommy told me never to take my sig out in public.

    --

    -------------------------------------------
    I like nonsense, it wakes up the brain cells.
    -- Dr. Seuss
  6. VNC is the jewel hidden in this story by Nik4 · · Score: 4

    This story got me to VNC and it has made a big difference to my working. Cannot recommend it enough.

    Workspot is good for people to tryout/use Linux ...but for people who already have Linux ...VNC is THE thing to run.

    I run VNC on my home DSL connected Linux PC. To take care of dynamic IP addresses on my DSL connection i use the superb DNS service from DHS, these guys are great!

    Now, where ever i am, using VNC-SSH-DHS combo i can easily and securely reach my home Linux desktop with it's GB's of space and all the sw/code/tools that i have installed.

    btw, a great SSH client for Windows without any crypto restrictions is TTSSH.

    i have reached Nirvana (atleast for some time :)

  7. My call.. by nutty · · Score: 5

    I've been using Workspot for almost 3 months now, and its great.

    As a student in an NT school, i'll often set IE to full screen and code away on some perl scripts.

    The coolest thing about workspot is the fact that it offers the whole free storage thing too. Now some of you may think this is old news (X drive, etc), but to all the geeks out there, you can access this storage space via a Palm VII app! Basically, Its a wireless storage space like that.

    And you also get free web hosting @ http://www.workspot.net/~username. With CGI! Mmmmm...

    O ya, and the KDE kiks ass too. But don't try to run it in Netscape/MacOS. *crash*.

    The only constraint has been bandwidth. The coolness loses its touch when the menu's are jerkin around on a 56k.

    All in all, a perfect OS gateway for those with network access to the internet.

    /nutt