Is Security a Feature?

April 18, 2009 in Tech by lyz | No comments

Updating a computer is quite straight-forward.   Either type a command or click a couple of times,  wait, and reboot.  When the computer restarts, everything is back to the way is was.  Right?

Well, the truth is that this may not always be the case.   Case in point, my last Cent OS 5 update.  Without getting into the details, the end result was that a service that I relied on was not running after the reboot.  After checking the logs, I discovered that it was due to the service being locked down to running in a specific manner (the port mountd could run on was restricted).

Security patches are the reason for a majority of updates to a stable system.  The software has a security issue, the software gets patched, and then the patch is sent to the users.   The cycle happens offend, and, most of the time, without negative impact.

These is another kind of “patch”.  One that restricts what a process or a user can do.  These are important to do as they improve the overall security of the machine.  However, they can also be quite the nuisance.   Security updates in the restrictive sense cause a lot of pain.  Remember when Windows XP SP 2 came out and introduced Windows Firewall?  I do.  It was painful to adapt in some cases.  The access controls that are built into Vista are another example of this.   Again, security restrictions causing pain.

I don’t fault a software vendor for including major (user affecting and application affecting) updates when a new release goes gold.  Can anyone imagine how much more malware would be out there if Windows Firewall wasn’t on by default?  On the other hand, users and application developers prefer that their applications run correctly all the time.

A perfect OS would never need additional user or application affecting restrictions placed upon it.   It would be set and forget.  Security updates would still need to be applied, but everything that ran before the update will run after the update.   OSs on the market today are getting closer to this goal.

I’m pondering this because these are the decisions I like to make.  Do we release an update that will break users’ applications (causing them grief), or do we allow a system to run insecurely (which could cause an number of issues)?  This question comes up in the technology world _very_ frequently.  Typically, there are costs associated with both choices and a decision is made.

What is the right answer.  Well, it’s mu, of course!  And that’s why technology is challenging and fun at the same time.

Tags:

Finally, an OpenSolaris DomU under Linux

February 21, 2009 in Tech by lyz | No comments

This is something I’ve wanted to do for a while now.  I finally found put the time to it and found a really good tutorial.  For people wanting to do the same, check out http://www.neuhalfen.name/drupal/node/3.

Tags:

Weekend Hacking

February 16, 2009 in Life, Tech by lyz | No comments

This weekend was a busy one.

* Created a gentoo chroot on my server that shares compiling duties with my desktop using distcc.
* Recovered /etc on my server after antecedently deleting it.  This involved recovering the iptables, nfs exports, and fstab after loading an old backup.
* Fixed a nasty cups-pdf issue on my desktop where the /var/tmp directory had the wrong permissions and the logs were of no help.
* Rebuilt the arcade using Debian Lenny and SDLMAME 128u3.
* Cleared up a bunch of spam comments on this blog and implemented re-captcha.
* Switched the web xen instance to using the pygrub bootloader instead of specifying a kernel and initrd on the host OS .
* Finally beat Civ 4 on the Noble difficulty level.

I really need to elaborate on these things as there is quite a bit of knowledge associated with these tasks that is scattered throughout the Internet.  Of course, that’s was wikux was for….

Tags: ,

Down in Africa

January 18, 2009 in Life by lyz | No comments

We’re back and doing well after spending 2 1/2 weeks in Kenya.  Due to popular demand, the pictures are up in the gallery.  Click on the image below or follow the gallery link to get there.  Thanks for the thoughts and prayers for us while we were away.

Some of the sights in southern Kenya

Tags:

Remote Control of an OS X Box

August 10, 2008 in Tech by lyz | No comments

You’re trying to connect to an OS X box and your vnc viewer just doesn’t seem to work. Then, after many a google serch, you discover that OS X’s remote access protocol is incompatible with most VNC servers.  Tuning to Apple for help yeilds a solution, for a small(large) fee.

Thankfully, there is a better way.  There is a free VNC server for OS X called Vine.  Download it and install the server.  Now you should be able to connect through a typical VNC client.

Remember, if you use tightVNC to connect, use the F8 key to bring up the menu that allows you to switch to fullscreen and disconnect the session.

Tags: , ,

When the Power Goes Out

August 5, 2008 in Tech by lyz | No comments

The storms that went through yesterday had an interesting effect on the available wifi networks in the area.   It wasn’t so much the storms that caused this, it was more the lack of power in the area when the lightning started striking.   Here is what the wireless situation looks like with and without power:

Before power goes out

Before power goes out

A UPS on internet equipment is something that I haven’t seen in too many places.  Apparently, not many people in my complex have heard of it either.

Power just went out

Power just went out

And finally, I win.  The Xantrax Xpower 400 actually kept the Internet up for over 8 hours after the power outage.

I stand alone

I stand alone

Of course, the server didn’t do as well, and I had to turn it down after 20 minutes.  It’s tough to have 99% uptime off of home DSL.

Tags: ,

Fixing this error: You either don’t have a PayPal account or your PayPal account is not linked to your eBay account

August 1, 2008 in Tech by lyz | No comments

Some content is taken from http://forums.ebay.co.uk/thread.jspa?threadID=1200182458.

I tried to link my ebay account to my paypal account and it would just simply not work. After going through the prompts many times, it would still say that there was no association. There is a fix in an odd location.

Go to account settings -> addresses
Click on all addresses
Then click on add paypal addresses

This gives yet another paypal login. After login, I was greeted with a message thanking me for creating a paypal account. Hmmm.

Tags: ,

Discovering Dependant Dlls in Windows

July 24, 2008 in Life, Tech by lyz | No comments

Sometime, you just don’t know which dll files to register.  Enlighten yourself with dependancy walker .

Tags: , ,

Linux.com :: Benchmarking hardware RAID vs. Linux kernel software RAID

July 16, 2008 in Tech by lyz | No comments

Ben Martin’s articles have always been a great resource. In his latest article, Linux.com :: Benchmarking hardware RAID vs. Linux kernel software RAID, he makes a very informative comparison between hardware and software RAID.  It is a must read for the server admins out there.  While you’re at it, also check out his other articles.  They are all great reads.

This is my 1st test of WordPress 2.6′s Blog this Button.  It works, but I loose my information when I move from Photo to Text mode.

Tags: , , ,

Liberate Your Fonts

July 14, 2008 in Tech by lyz | No comments

They’ve been out for over a year, but I just stumbled upon them this week.  Redhat release some very high quality and non-encumbered fonts.   Most distibutions will have them in a package named liberated-fonts.  They are substitues for some very popular fonts such asTimes New Roman, Thorndale, Nimbus Roman, and Bitstream Vera Serif.  Check em out at https://www.redhat.com/promo/fonts/.

Tags: ,

« Older entries § Newer entries »