H/C/P: Fear and Goofing on the Internet…

October 10th, 2006

99 just put up a piece that is still under revision. She requests your brief attention to help improve it, and I sugest that you read it because it is quite nice already. The full title (as of this writing) is Hacks, Cracks, and Pranks: Fear and Goofing on the Internet, in the Basement, and at WTO Meetings

Here’s a taste:

Hey, guess what? Not all hackers are evil, pimply, lurking teenagers with a poor sense of fashion and a great sense of disaffection. They are also not criminals by default, not necessarily computer geniuses, and some of them might even be people you’d have over for dinner. Conversely, some of them are one or more of those things, but consistently, they are easy targets for a sweaty mainstream media, jonesing for the next sexy lead.

Read the rest….

Filed under: , ,

No Comments »

plaintext to cryptext (and back) via GPG

October 10th, 2006

Let’s pretend that a file is called secrets and is full of information that I don’t want anyone else to know. I can encrypt just that file using the GNU Privacy Guard like this:

gpg -c secrets
enter a passphrase
enter passphrase again
You’re done! But now both the original file secrets and the encrypted file secrets.gpg exist so:
rm secrets

To view the contents of the encrypted file simply:
gpg -d secrets
and give the passphrase when prompted.

If you lose your passphrase, well, tough luck.

Filed under: , ,

No Comments »

Serial Console

October 5th, 2006

In , on an i386 machine the serial port is not the system console by default. If you have a machine that will run headless you’ll want to do this to make the serial port a viable console.

  • echo "-P" >/boot.config*

and

  • set ttyd0 to cons25 ** and on in /etc/ttys

And from the boot manual page:

-D boot with the dual console configuration. In the single configuration, the console will be either the internal display or the serial port, depending on the state of the -h option below. In the dual console configuration, both the internal display and the serial port will become the console at the same time, regardless of the state of the -h option.

-h force the serial console. For instance, if you boot from the internal console, you can use the -h option to force the kernel to use the serial port as its console device.

-P probe the keyboard. If no keyboard is found, the -D and -h options are automatically set.

* The newest version of the handbook suggests using the /boot/loader.conf method, but there is no allowance for probing the keyboard.

* The “-D” method makes both the local console and the serial port system consoles. Because the console is primarily used to get out of an unforseen sticky situation, having both available is preferable. Unfortunately, the -D option does not show the multiuser startup output, so if a daemon hangs because of a hoarked configuration file, you won’t know it. Depending on which daemon is hanging, this can be very bad.

*** The handbook says vt100 but I find that cons25 works best with my console server.

Filed under: ,

1 Comment »

FreeBSD Mail Server

June 14th, 2006

Here’s a two part article on building a mail server based on FreeBSD.
part one and part two

update: Look! Everyone is doing it!

part one - http://www.freesoftwaremagazine.com/articles/secure_email_server_bsd_part_1
part two - http://www.freesoftwaremagazine.com/articles/secure_email_servers_from_scratch_with_freebsd_6_part_2

Filed under: , ,

No Comments »

How to: Make World

April 17th, 2006

Ahh, brilliant. Someone with the handle Understudy wrote us an article How to: Make World.

It doesn’t really plow any new ground, but it does a couple of things really well. First, it is comprehensive. Most articles on this topic are written by folks so new to the process that they miss stuff or are half finished because they got familiar with “their process” and never completed the content or explanation. And by comprehensive I mean this doc walks you through mergemaster. Most docs of this sort say “read the mergemaster man page and figure it out and don’t call me crying if you screw up.” Secondly, the doc is available as a .pdf which seems key when you’ll be performing such low-level operations and you will need to be rebooting (and the system just might not come back up).

That said, I would offer that the suggested way to clean up the ports could be improved and a this could be nicely be paired up with an article on portsupdate. Maybe one day, kids.

Filed under: ,

No Comments »

CUPS = Can’t Usually Print Stuff

December 12th, 2005

These are notes on getting CUPS running on my such that I can print to printers on my LAN and create PDF documents.

lappy.corp.com 6.0-STABLE 6.0-STABLE #0: Mon Nov 21 13:05:09 EST 2005 earlax@lappy.corp.com:/usr/obj/usr/src/sys/GENERIC i386

Although I have read ESR’s rant on CUPS, I still find it easier than building my own printcap file. Unfortunately, I always forget something. So, to avoid that next time, here’s another collection of sparse notes without comment — an occasional feature of this site. Don’t do any of this if you don’t know why you’re doing it.

It should be said that some guy named Scott Robbins did us all a favor by scratching out these CUPS gotchas. They cover command-line manipulations as well as Red Hat, Gentoo, NetBSD and specific as well as general CUPS stuff.

I find that I need to install three ports to get CUPS working

  • print/cups-base
  • print/cups
  • print/cups-pdf

The last is not required, but If I am going to send something to someone else, it needs to be in a format I know they can read.

So, after installing those three ports I need to add this to to /etc/rc.conf

cups_enable="YES"

and to /etc/make.conf

CUPS_OVERWRITE_BASE=yes
NO_LPR= yes

then I need to

mv /usr/bin/lp /usr/bin/lp.bak
mv /usr/bin/lpr /usr/bin/lpr.bak
ln -s /usr/local/bin/lp /usr/bin/lp
ln -s /usr/local/bin/lpr /usr/bin/lpr

and

cp /usr/local/etc/rc.d/cups.sh ./usr/local/etc/rc.d/cups.sh

so I can

box# /usr/local/etc/rc.d/cups.sh start

and connect to http://localhost:631 and provide the root username/password to be able to create printers.

To create the PDF printer I use:

  • name: pdf
  • location: /var/spool/cups-pdf/
  • description: creates Portable Document Format files
  • Device: Virtual Printer (PDF Printer)
  • Make: Postscript
  • Model: Generic postscript color printer (rev3) (en)

To create printers for one of the two network (HP JetDirect) printers in my office I use:

  • Name: ds
  • Location: past the bathroom
  • Description: doublesided
  • Device: AppSocket/HP JetDirect
  • Device: socket://192.168.146.18:9100
  • Make: HP
  • Model: HP LaserJet Series CUPS v1.1 (en)
Filed under: , ,

No Comments »

Backing Up, Starting Over, Seeing Success

November 24th, 2005

It was often said about my late grandfather…

There are three ways to do things: the right way, the wrong way, and his way.

My mother and grandmother spent a lifetime learning how handle it when their husbands got into “Earl mode” and determined to do things in their own way. The gene that controls this is, unfortunately, very dominant. Having recieved this gene I have spent many frustrating hours of my life trying to do things in ways that make sense to me, suit my preference, and are ridiculous. In such cases it is often impossible for us to back up, reevaluate the situation, and take a new tack. Impossible because we become blind, solidly assured that our method, our solution has the maximum benefit.

I use “our” and “us” because it is helpful to blame my problem on genetics. Because it is somehow less obnoxious when I am not the only one who does this. Because if I can’t help it I can’t be made responsible for it. This is all wrong, but habitual. Pardon me. As the recipient of this gene I accept the mantle of Earl and the reponsibility for my own actions. Going forward this will not be considered explanation nor excuse for this behavior.

What follows is a perfect example from yesterday of how this gets me into trouble. The particulars of this may only make sense to you if you are a computer geek, but the story is the same. This specific example is so thouroughly documented because after spending so much time on it, I don’t want to forget what worked.

The unix system at work where my home directory lives creates a subdirectory called .snapshot and periodically copies the contents of the home directory, creating fifteen snapshots of its contents, stretching back through two weeks of time:


foo [bar:/homes/uu02/h/homedir/.snapshot]% ls
hourly.0 hourly.3 nightly.0 nightly.3 nightly.6
hourly.1 hourly.4 nightly.1 nightly.4 weekly.0
hourly.2 hourly.5 nightly.2 nightly.5 weekly.1

That’s all very nice and quite useful if I inadvertently delete some important document, but when I am going to create an offline backup of my home directory, I do not want to include the .snapshot directory tree. Without it, my home directory — including mail archives — are almost 1GB, why make it 16GB. The process for copying a directory is fairly straightforward (cp -r ...), but to copy “everything in the directory except…” is a bit different. Yesterday, I spent several hours trying to get various iterations of find -L home -not -path "*\.snapshot*" -exec cp -pv {} backup/ \; and even trying a little xargs magic, all without success (for reasons which are still not completely clear). After knocking away at this problem I looked out the window at about 8:30 pm and I had to call my brother to say “Dude! It is snowing! It won’t be long now before snowboarding season!” In that conversation he invited me to come have some wings with him and some of his friends. I decided that I had beaten my head against the problem enough hours for one day and went out for some chicken.

This morning when I woke up, my thoughts began to return to the directory copying problem and realized (this is critical) that I had been doing it all wrong yesterday. In fact, I should not be using find or cp, or even rsync (as suggested by one person I asked about it), I should be using tar! So, for posterity, here’s the command that eventually worked for me and the command that I used to verify that it seemed to work:

% tar --exclude="*\.snapshot*" -cf - csserve0/ | ( cd bACK/ ; tar -xpvf - )
% diff -sr csserve0/ bACK/csserve0/

I based the actual command I used on some notes I took dated January 20, 2001. This just shows how rusty my unix-foo is, but that is a topic for another post alone.

The take away lessons from this are:

  • avoid getting stuck on just one solution
  • evaluate all options; ALL options
  • don’t find -exec cp when you can tar
  • walking away from a problem sometimes helps solve it.
  • save your notes
Filed under: , ,

Comments Off

Protected: Keeping up FreeBSD

November 9th, 2005

This post is password protected. To view it please enter your password below:


Filed under: ,

Enter your password to view comments

Bad Atom

November 2nd, 2005

From:

http://www.brandonhutchinson.com/BadAtom_BadWindow_errors_with_ssh_X11_forwarding.html

Although I’m not sure if the “problem” resides in the version of XFree86 or the OpenSSH client or server version, I sometimes receive the following errors when using standard (ssh -X) X11 forwarding with OpenSSH:

warning, error event received:
X Error of failed request: BadAtom (invalid Atom parameter)
Major opcode of failed request: 18 (X_ChangeProperty)
Atom id in failed request: 0×1b3
Serial number of failed request: 944
Current serial number in output stream: 946

warning, error event received:
X Error of failed request: BadWindow (invalid Window parameter)
Major opcode of failed request: 25 (X_SendEvent)
Resource id in failed request: 0×16000d5
Serial number of failed request: 2055
Current serial number in output stream: 2056

Using “trusted” X11 forwarding (ssh -Y) appears to fix the problem. The ForwardX11Trusted=yes directive may be specified in ~/.ssh/config as an alternative to specifying the -Y flag on the command line.

Filed under: , ,

Comments Off

« Previous Entries
Next Entries »