MinimalCD, maximum effect
January 21, 2008
Very well hidden within the ubuntu wiki, I found this little (literally) gem. Possibly, this is the solution to a very nasty install failure I had today due to a cdrom error: (Please insert the disk labeled: Ubuntu 7.10_Gutsy Gibbon_-Release i386 (20071016) in drive /cdrom/). From what I see of people running into this error on the net, something seems to be seriously amiss. Good luck figuring it out, I’m hoping to evade the problem with this MinimalCD.
Afterpost: I tested it IRL, and it really is the alternate, including lvm+cryptdisk stuff! To whomever came up with this bright idea: THANK YOU!
getting GNU screen to work for me
January 12, 2008
cp /etc/screenrc to ~/.screenrc
added “termcapinfo xterm ti@:te@” (I put it directly below the line reading “termcapinfo vt100 dl=5\E[M” so scrolling doesn’t break.
I also found a solution for auto logging:
added this to .screenrc:
# auto-log
logfile $HOME/Documents/screen-logs/%Y%m%d-%n.log
deflog on
Link
January 6, 2008
Culture of security, a site by the Organisation for Economic Co-operation and development (OECD)
openssl command for self signed certificates
December 30, 2007
This looks like a good introduction:
openssl req -x509 \
-nodes -days 365 -newkey rsa:1024 \
-keyout mycert.pem -out mycert.pem
In ubuntu Gutsy, apache2-ssl-certificate is gone. It has been replaced with make-ssl-cert, which uses /usr/share/ssl-cert/ssleay.cnf.
There was probably a layer8 problem involved, but I could not get make-ssl-cert to give me 365 days of validity, nor sha256 (sha256 I did not test extensively) with make-ssl-cert. To add sha256 to the mix, just use the -sha256 parameter with the openssl command above.
sha256 indeed breaks Internet explorer 6 and 7 on windows XP. On windows Vista, IE7 works, even with rsa:2048. Firefox, the only other browser I tested, works flawlessly on windows XP. Its hard for me not to make sneery comments about this…
onesixtyone
December 30, 2007
onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100Mbs switched networks.
Kerckhoffs’ principle
December 30, 2007
Found this through a post by Chad Perrin
Kerckhoff’s principle
The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from French, they are:
1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the concourse of several people;
6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
see: Claude Shannon as “the enemy knows the system”.
see: Eric Raymond extends this principle in support of open source software, saying
“Any security software design that doesn’t assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*.
The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency.
