I don't subscribe to conspiracy theories, but one of my coworkers is wondering if the White House is taking the news sites offline. Possible? Or are they just getting more hits than ever before in history.
Guys, an attacker can't know when you're sending an su or sudo password. If you use password authentication to log in, though, the attacker knows there is a password in the beginning.
You could replace su and sudo functionality with ssh publick key authentication, too. Just set up the other user's authorized_keys file to contain an additional publick key.
Please call me an idiot more often. It really adds to the quality of conversation around here.
Yes it does, because it prevents you from sending your password over ssh, because that's what that was about.
The idea is you are authenticating yourself with public key encryption instead of sending your password over ssh. Not sending your password over ssh very definitely protects against attacks that work by timing the keypresses in your password sent over ssh.
I read the first article in this series, and since then I've learned all sorts of things about secure shell. Here's my recommendations (similar to the above) for making your life easy and secure:
Create a DSA public key/private key pair:
$ ssh-keygen -t dsa
You'll be prompted to enter an encryption passphrase to protect your private key in the event that your account is compromised.
Copy (scp) the public key to other hosts you want to be able to get to easily and securely:
$ scp ~/.ssh/id_dsa.pub remotehost:
Connect to the other hosts and add this public key to your list of authorized keys:
Presuming you are running X (specifically this worked for me with Gnome under RedHat 7.1; probably very applicable everywhere else), setup a.xsession file with these contents:
cat >.xsession
#!/bin/sh
exec/usr/bin/ssh-agent sh -c '/usr/bin/ssh-add & sleep 5; exec/usr/bin/gnome-session'
Now logout and log back in. You'll be prompted for the encryption phrase you entered for your DSA private key. Now you'll be able to ssh to the remote hosts you setup the authorized_keys2 file for without typing a password or an encryption passphrase!
I was able to ssh into my Windows NT machine at work from my Linux machine at work using this technique. I had ssh installed with cygwin. You have to setup a host key for the Windows machine with this command:
$ ssh-keygen -t dsa -f/etc/ssh_host_dsa_key -N ''
And then you have to start the server:
$/usr/sbin/sshd
Then put your public key into the authorized_keys2 file on the Windows machine. You may need to connect as "Administrator":
linux$ ssh Administrator@winnt
You really need to try to understand how all this works to be able to make good informed decisions about security. Read some good accounts of basic public key/private key encryption (RSA/PGP) to start. If you already know how PGP works, the public key authentication of ssh (which keeps you from having to type a password) works very similarly: the ssh client basically provides a signature using the private key which the server on the remote host checks against the public key to validate your identity. Plus, this protects against the password keypress timing "attack" mentioned a week or two ago.
Be sure to always verify the host key signature of a machine you ssh to for the first time. This protects you against the man-in-the-middle attack, the only real vulnerability ssh has. (If you always verify that long hex string with the real value, you'll never be compromised.) If you need the hex host key signature for a machine, you can get it by typing:
$ ssh-keygen -l -f/etc/ssh_host_rsa_key.pub
But only do this in a verified connection, such as on the console.
BTW, many exact paths may vary. You may find things in/usr/local instead of/usr. You may find ssh config files in/etc/ssh instead of/etc. You also probably want to review manpages, look up the command-line options I used, decide between DSA and RSA, etc. Have fun!
That about sums up four weeks of learning or so for you. I hope others can benefit from what I've learned. Now I plan to go read that second article and see what else I can learn!
Actually, I paid money for RedHat Linux. RedHat this year unveiled RedHat database, which is a $3000+ (or is it $7000+) product identical in every respect to what I bought, with the addition of PostgreSQL and a support contract. Actually mine came with PostgreSQL, too. In fact, I could construct the same product as RedHat database from the RedHat I bought and a few extra downloads. Yet the product retails for $n000.
I'd much rather that Sistina stayed alive and was Open Source instead of Free Software instead of them sticking to their ideological guns and ending up teetering on the brink of death
Free software and open source software are basically the same thing. Software that meets one definition almost always meets the other. On the other hand, demanding licensing fees not only causes software to fail GNU's definition of free software, it also causes software to fail the open source definition! (See points 6 and 7, and also to a lesser extent, 3 and 5.)
Point 6 says, "6. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research."
Just because the source code is available doesn't mean a product is "open source." That's why so many people are so upset about Microsoft's "shared source" program. In fact, the open source initiative was originally conceived to protect "open source" as a trademark, to prevent companies from licensing software that made source available, but not under truly open source terms.
Yes, from some points of view, what Sistina is doing is fair. But it's not open source. The point of free software is not to eliminate business or profit. (At least not for most of us.) You might check out selling free software. The differences between free software and open source software have nothing to do with whether the copyright owner makes a profit or not.
The idea is to codify psychological, emotive, cultural, and physical characteristics in a standardized way. They say that the most obvious application would be for describing phsyical characteristics and actions in virtual reality environments.
So, since describing physical characteristics is the most obvious application (not to mention probably the easiest), we say "physical" last and throw in "psychological, emotive, cultural" in front of it, just so everybody wonders what this is all about.
This would avoid the current problem that when comments critical of Slashdot, or a particular editor, are down-modded, there's no way to tell whether the mod is "honest", or an editor abusing his position.
I've never seen such a comment. Where are you getting this? I read at cutoff 5 sorted by score.
Re:Help -- Keeping Linux in Developers' Ghetto
on
KDE 2.2 Released
·
· Score: 1
Yeah, I know; it was a little rough. But my point is, please don't whine about all this stuff people have given you free. I haven't contributed anything, either, but you don't hear me whining about things missing in Linux/GNU/free software/open source. In fact, I'm starting to make plans to contribute to a project that doesn't do quite what I want.
You can say things like, "Linux needs this," without saying, "You *$&%ing %$^&s! You're so stupid! Don't you know Linux has to have... to succeed! Linux will never work! You suck!" Now, maybe I'm exaggerating a little what the original poster said, but he could try to be a little more positive in his suggestions, or else people will always say "Hey, you! Get coding or shut up!" Or, hopefully, they'll just ignore him and that's a shame if he has good ideas.
He seems to be unsure whether "the community" likes to accept code under the GPL. If he means the business community, maybe I can understand his uncertainty, but I thought he meant the hacker community.
He actually stated "a hypothetical open source/free software hacker may prefer to create source code under the GPL, but may prefer to use source code licensed to her under a license that permits her to combine the licensed source code with proprietary source code." Are we that hypocritical?
Then if it's so important, get out there and start writing a common icon API.
If the success of free software means something to you, then please add your contribution. If it does not, then please don't try to shoot it down. We'd like to make a go at it even if you don't.
I saw something that might have been UFO2000, but it looked like it still depended on parts of XCOM. But, we can always hope.
LinCity is pretty neat. It includes a lot more than the original SimCity. That kind of bothered me at first, but actually it just shows you that free software can do more than imitate.:)
I haven't tried FreeCraft, yet, but as it is one of the most popular Sourceforge downloads, I suspect it must be very good. I'll get there, some day.
For proof that free software is coming up with some real innovations in the area of games, check out Worldforge. Among other things, they are solving the long standing problem of NPCs that don't interact well with the player. The things Worldforge has planned go far beyond what most game companies have thought of. They are also very inclusive of artistic and musical talent, and the other non-computer-specific skills needed to make a successful game.
When I bought RedHat 7.1 a couple of months ago, I was entranced by FreeCiv 1.11.4. This really turned my thinking around on open-source/free software games. Previously, I had thought games were a good place to make an exception to the free software philosophy, but FreeCiv changed my mind.
I think the community should try to win over proprietary software lovers by cloning games right and left. Yes, this means imitation instead of innovation for awhile. Guess what? Richard Stallman did the same thing when he decided to copy UNIX for GNU. Eventually, the free software/open source community will reach a critical mass and innovation will begin to outpace the imitation.
So, speaking of imitation, what are the odds I might see an open source game like XCOM some time soon? I also understand Linus Torvalds really loved Prince of Persia. Either of these would be great to clone.
GZIP and BZIP2 are two different types of compression. The two files are the same. The BZIP2 version is smaller, but you will need bzip2 in order to uncompress it.
First Saturday is the safest you will ever be on the streets of downtown Dallas at 3AM. Look around, wall to wall nerds.
LOL; that's great. It's really that way, too. We always say that everyone who would otherwise be out flees Dallas when they see all the geeks coming each month.
I hit first Saturday faithfully every month with a big group of friends. Show up at midnight if you want to get the good deals. Last week we saw an IBM dual Pentium server for $20. Nice case, but too big for the space I have, or I would've bought it.
One of the guys who I usually go with says First Saturday is bigger than the MIT swap meet. I wouldn't know, though.:)
Interestingly, First Saturday started as a HAM radio swap meet, like other people have mentioned.
We can use P2P concepts for DNS as well as solve a lot of these other problems. My favorite alternative is DNS-over-freenet. This solution turns domainnames into a first-come, first-served free system, where unused domains are gradually removed from the system. That may not be what a lot of people want, but I think it sounds very fair. (i.e., you can cybersquat if you want, but your site had better be popular or you will lose the domain name.)
Slashdot Mirror
I don't subscribe to conspiracy theories, but one of my coworkers is wondering if the White House is taking the news sites offline. Possible? Or are they just getting more hits than ever before in history.
Yeah, I'm sorry I'm so stupid. ...
Guys, an attacker can't know when you're sending an su or sudo password. If you use password authentication to log in, though, the attacker knows there is a password in the beginning.
You could replace su and sudo functionality with ssh publick key authentication, too. Just set up the other user's authorized_keys file to contain an additional publick key.
Please call me an idiot more often. It really adds to the quality of conversation around here.
Yes it does, because it prevents you from sending your password over ssh, because that's what that was about.
The idea is you are authenticating yourself with public key encryption instead of sending your password over ssh. Not sending your password over ssh very definitely protects against attacks that work by timing the keypresses in your password sent over ssh.
I read the first article in this series, and since then I've learned all sorts of things about secure shell. Here's my recommendations (similar to the above) for making your life easy and secure:
Create a DSA public key/private key pair:
$ ssh-keygen -t dsa
You'll be prompted to enter an encryption passphrase to protect your private key in the event that your account is compromised.
Copy (scp) the public key to other hosts you want to be able to get to easily and securely:
$ scp ~/.ssh/id_dsa.pub remotehost:
Connect to the other hosts and add this public key to your list of authorized keys:
$ ssh remotehost
$ cat id_dsa.pub >> ~/.ssh/authorized_keys2
$ exit
Presuming you are running X (specifically this worked for me with Gnome under RedHat 7.1; probably very applicable everywhere else), setup a .xsession file with these contents:
cat > .xsession
/usr/bin/ssh-agent sh -c '/usr/bin/ssh-add & sleep 5; exec /usr/bin/gnome-session'
#!/bin/sh
exec
Now logout and log back in. You'll be prompted for the encryption phrase you entered for your DSA private key. Now you'll be able to ssh to the remote hosts you setup the authorized_keys2 file for without typing a password or an encryption passphrase!
I was able to ssh into my Windows NT machine at work from my Linux machine at work using this technique. I had ssh installed with cygwin. You have to setup a host key for the Windows machine with this command:
$ ssh-keygen -t dsa -f /etc/ssh_host_dsa_key -N ''
And then you have to start the server:
$ /usr/sbin/sshd
Then put your public key into the authorized_keys2 file on the Windows machine. You may need to connect as "Administrator":
linux$ ssh Administrator@winnt
You really need to try to understand how all this works to be able to make good informed decisions about security. Read some good accounts of basic public key/private key encryption (RSA/PGP) to start. If you already know how PGP works, the public key authentication of ssh (which keeps you from having to type a password) works very similarly: the ssh client basically provides a signature using the private key which the server on the remote host checks against the public key to validate your identity. Plus, this protects against the password keypress timing "attack" mentioned a week or two ago.
Be sure to always verify the host key signature of a machine you ssh to for the first time. This protects you against the man-in-the-middle attack, the only real vulnerability ssh has. (If you always verify that long hex string with the real value, you'll never be compromised.) If you need the hex host key signature for a machine, you can get it by typing:
$ ssh-keygen -l -f /etc/ssh_host_rsa_key.pub
But only do this in a verified connection, such as on the console.
BTW, many exact paths may vary. You may find things in /usr/local instead of /usr. You may find ssh config files in /etc/ssh instead of /etc. You also probably want to review manpages, look up the command-line options I used, decide between DSA and RSA, etc. Have fun!
That about sums up four weeks of learning or so for you. I hope others can benefit from what I've learned. Now I plan to go read that second article and see what else I can learn!
So, not only do the slashdot readers not read the articles before commenting, neither do the slashdot administrators. I'm shocked.
Actually, I paid money for RedHat Linux. RedHat this year unveiled RedHat database, which is a $3000+ (or is it $7000+) product identical in every respect to what I bought, with the addition of PostgreSQL and a support contract. Actually mine came with PostgreSQL, too. In fact, I could construct the same product as RedHat database from the RedHat I bought and a few extra downloads. Yet the product retails for $n000.
I'd much rather that Sistina stayed alive and was Open Source instead of Free Software instead of them sticking to their ideological guns and ending up teetering on the brink of death
Wrong argument. This isn't about open source versus free software. This is about proprietary software versus open source/free software. Check out the open source definition and GNU's definition of free software.
Free software and open source software are basically the same thing. Software that meets one definition almost always meets the other. On the other hand, demanding licensing fees not only causes software to fail GNU's definition of free software, it also causes software to fail the open source definition! (See points 6 and 7, and also to a lesser extent, 3 and 5.)
Point 6 says, " 6. No Discrimination Against Fields of Endeavor The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research."
Just because the source code is available doesn't mean a product is "open source." That's why so many people are so upset about Microsoft's "shared source" program. In fact, the open source initiative was originally conceived to protect "open source" as a trademark, to prevent companies from licensing software that made source available, but not under truly open source terms.
Yes, from some points of view, what Sistina is doing is fair. But it's not open source. The point of free software is not to eliminate business or profit. (At least not for most of us.) You might check out selling free software. The differences between free software and open source software have nothing to do with whether the copyright owner makes a profit or not.
The other guy was redundant; I was first.
http://archive.nytimes.com/2001/08/24/nyregion/24V OTE.html.
Cheer up, man. My first posting was entitled "n".
The idea is to codify psychological, emotive, cultural, and physical characteristics in a standardized way. They say that the most obvious application would be for describing phsyical characteristics and actions in virtual reality environments.
So, since describing physical characteristics is the most obvious application (not to mention probably the easiest), we say "physical" last and throw in "psychological, emotive, cultural" in front of it, just so everybody wonders what this is all about.
This would avoid the current problem that when comments critical of Slashdot, or a particular editor, are down-modded, there's no way to tell whether the mod is "honest", or an editor abusing his position.
I've never seen such a comment. Where are you getting this? I read at cutoff 5 sorted by score.
Yeah, I know; it was a little rough. But my point is, please don't whine about all this stuff people have given you free. I haven't contributed anything, either, but you don't hear me whining about things missing in Linux/GNU/free software/open source. In fact, I'm starting to make plans to contribute to a project that doesn't do quite what I want.
You can say things like, "Linux needs this," without saying, "You *$&%ing %$^&s! You're so stupid! Don't you know Linux has to have ... to succeed! Linux will never work! You suck!" Now, maybe I'm exaggerating a little what the original poster said, but he could try to be a little more positive in his suggestions, or else people will always say "Hey, you! Get coding or shut up!" Or, hopefully, they'll just ignore him and that's a shame if he has good ideas.
He seems to be unsure whether "the community" likes to accept code under the GPL. If he means the business community, maybe I can understand his uncertainty, but I thought he meant the hacker community.
He actually stated "a hypothetical open source/free software hacker may prefer to create source code under the GPL, but may prefer to use source code licensed to her under a license that permits her to combine the licensed source code with proprietary source code." Are we that hypocritical?
Then if it's so important, get out there and start writing a common icon API.
If the success of free software means something to you, then please add your contribution. If it does not, then please don't try to shoot it down. We'd like to make a go at it even if you don't.
sorry.
I saw something that might have been UFO2000, but it looked like it still depended on parts of XCOM. But, we can always hope.
LinCity is pretty neat. It includes a lot more than the original SimCity. That kind of bothered me at first, but actually it just shows you that free software can do more than imitate. :)
I haven't tried FreeCraft, yet, but as it is one of the most popular Sourceforge downloads, I suspect it must be very good. I'll get there, some day.
For proof that free software is coming up with some real innovations in the area of games, check out Worldforge. Among other things, they are solving the long standing problem of NPCs that don't interact well with the player. The things Worldforge has planned go far beyond what most game companies have thought of. They are also very inclusive of artistic and musical talent, and the other non-computer-specific skills needed to make a successful game.
When I bought RedHat 7.1 a couple of months ago, I was entranced by FreeCiv 1.11.4. This really turned my thinking around on open-source/free software games. Previously, I had thought games were a good place to make an exception to the free software philosophy, but FreeCiv changed my mind.
I think the community should try to win over proprietary software lovers by cloning games right and left. Yes, this means imitation instead of innovation for awhile. Guess what? Richard Stallman did the same thing when he decided to copy UNIX for GNU. Eventually, the free software/open source community will reach a critical mass and innovation will begin to outpace the imitation.
So, speaking of imitation, what are the odds I might see an open source game like XCOM some time soon? I also understand Linus Torvalds really loved Prince of Persia. Either of these would be great to clone.
GZIP and BZIP2 are two different types of compression. The two files are the same. The BZIP2 version is smaller, but you will need bzip2 in order to uncompress it.
know end
Feeling kind of stupid and sheepish, now. Say, is that preview button any good?
Is it past my bedtime yet?
Hey, wow. Slashdot makes you wait two minutes between each post. Never ran into that before.
Thank you, thank you, thank you! This is destined to become my favorite destination on the web. This kind of thing just ~grates~ on me to know end.
Out of curiosity, do you consider a VCR to be a letter, a number, or a figure?
:) (Please accept this in the humorous spirit it was intended, as if we were old friends or something instead of complete strangers on the Internet.)
First Saturday is the safest you will ever be on the streets of downtown Dallas at 3AM. Look around, wall to wall nerds.
LOL; that's great. It's really that way, too. We always say that everyone who would otherwise be out flees Dallas when they see all the geeks coming each month.
I hit first Saturday faithfully every month with a big group of friends. Show up at midnight if you want to get the good deals. Last week we saw an IBM dual Pentium server for $20. Nice case, but too big for the space I have, or I would've bought it.
One of the guys who I usually go with says First Saturday is bigger than the MIT swap meet. I wouldn't know, though. :)
Interestingly, First Saturday started as a HAM radio swap meet, like other people have mentioned.
If you go, be sure to have a bratwurst!
We can use P2P concepts for DNS as well as solve a lot of these other problems. My favorite alternative is DNS-over-freenet. This solution turns domainnames into a first-come, first-served free system, where unused domains are gradually removed from the system. That may not be what a lot of people want, but I think it sounds very fair. (i.e., you can cybersquat if you want, but your site had better be popular or you will lose the domain name.)
I like "liberty software."