Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - The OpenSSH Bug That Wasn't -> writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.
Link to Original Source

Comment Password guessing attacks are a fact of life, so (Score 1) 157 157

we hit the max title length, but the second part is "and so is the existence of bugs in any non-trivial piece of software".

Re-using the existing connection is of course useful to fend off the traditional killing techniques for rapid-fire password guessers (such as and similar), but you still have to come up with the set of bytes that will let you authenticate. Which leads to the other thing --

The clowns I have been writing about ("The Hail Mary Cloud" -- and links therein) used a totally different approach, but the general advice re passwords and other issues given in the conclusions apply here too.

Submission + - Solaris 11.3 Onwards Will Feature OpenBSD's PF Packet Filter -> writes: In his most recent article, Solaris Admins: For A Glimpse Of Your Networking Future, Install OpenBSD, Peter Hansteen points to leaked information (via a patch to a mailing list) that Oracle's Solaris from version 11.3 (expected this year) onwards is joining the ranks of OSes using the OpenBSD PF firewall. From version 12 onwards, PF will be the only packet filter, replacing the legacy IPF system. Which was the software PF was designed to replace, due to performance and rather nasty licensing reasons.
Link to Original Source

Submission + - Book Review: Networking for System Administrators->

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for writing a review.)

Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. "Networking for System Administrators", available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend.

Like the title suggests, this book explains networking to sysadmins — both juniors new to this career, and those who have been around for a while but don't understand how those network folks live or what they need to do their job. If you're one of the latter, you might think "Oh I've read 'TCP/IP Illustrated' — I don't need another networking book." And it's true that there is overlap between these two books. But Lucas also explains about how to work with network folks: dealing with areas of shared responsibility, how to understand where your side ends, and how to talk to a network admin so that everyone understands each other — and more importantly, is both able and happy to help the other. This is something that is out-of-scope for a network textbook, and it's valuable.

So what's in this book? Lucas takes us through all the network layers, explaining how everything fits together. From physical ("If you can trip over it, snag it, break the stupid tab off the plastic connector at its end, or broadcast static over it, it's the physical layer.") to transport and application, he shows practical examples of how the OSI model maps (or doesn't) to the world of TCP/IP. He shows the happy path and the sad path at each layer, explaining how to understand what's going on and troubleshooting failures. This is the part with the strongest overlap with those other network textbooks. If system administration is a side gig (maybe you're a developer who has to maintain your own server), you'll have enough in this book to deal with just about anything you're likely to trip over. But if you're early in your sysadmin career, or you find yourself making the jump to Ops, you will want to follow it up with "TCP/IP Illustrated" for the additional depth.

Since you'll be troubleshooting, you'll need to know the tools that let you dump DNS, peer into packets, and list what's listening (or not) on the network. Lucas covers Linux and Unix, of course, but he also covers Windows — particularly handy if, like me, you've stuck to one side over the course of your career. Tcpdump/Windump, arp, netstat, netcat and ifconfig are all covered here, but more importantly you'll also learn how to understand what they tell you, and how to relay that information to network administrators.

That thought leads to the final chapter of this book: a plea for working as a team, even when you're not on the same team. Bad things come from network and systems folks not understanding each other. Good things — happy workplaces, successful careers, thriving companies and new friends — can come from something as simple as saying "Well, I don't know if it is the network's fault...why don't we test and find out?"

After reading this book, you'll have a strong footing in networking. Lucas explains concepts in practical ways; he makes sure to teach tools in both Unix/Linux and Windows; and he gives you the terms you'll use to explain what you're seeing to the network folks. Along the way there's a lot of hard-won knowledge sprinkled throughout (leave autonegotiation on — it's a lot better than it used to be; replace cables if there's any hint of flakiness in a server's network connection) that, for me at least (and be honest, you too) would have saved a lot of time over the years.

Who would I recommend this book to?
  • If you're a sysadmin at the beginning of your career, this book is an excellent beginning; take it, read it, and build on it — both with practical experience and further reading.
  • If you're coming into system administration the back way (as a developer who has to manage their own server, say, or who shares responsibility for a networked service with other admins), I can't think of a better single source for the practical knowledge you need. You'll gain an understanding of what's going on under the hood, how to diagnose problems you encounter, and how to talk to either system or network administrators about fixing those problems.
  • If you're a manager or senior sysadmin, buy this book and read it through before handing it to the juniors on your team, or that dev who keeps asking questions about routing and the firewall; you may learn a few things, and it's always good to read fine technical writing.

Link to Original Source

Submission + - Book Review: "FreeBSD Mastery: Storage Essentials", by Michael W. Lucas-> 1 1

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for review. Disclaimer to the disclaimer: I would gladly have paid for it anyway.)

If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start?

You start here, with Michael W. Lucas' latest book, "FreeBSD Mastery: Storage Essentials". You've heard his name before; he's written "Sudo Mastery" (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring.

Do you need to know about GEOM? It's in here: Lucas takes your from "What *is* GEOM, anyway?" (answer: FreeBSD's system of layers for filesytem management) through "How do I set up RAID 10?" through "Here's how to configure things to solve that weird edge-case." Still trying to figure out GUID partitions? I sure as hell was...and then I read Chapter Two. Do you remember disklabels fondly, and wonder whatever happened to them? They're still around, but mainly on embedded systems that still use MBR partitions — so grab this book if you need to deal with them.

The discussion of SMART disk monitoring is one of the best introductions to this subject I've ever read, and should serve *any* sysadmin well, no matter what OS they're dealing with; I plan on keeping it around for reference until we no longer use hard drives. RAID is covered, of course, but so are more complex setups — as well as UFS recovery and repair for when you run into trouble.

Disk encryption gets three chapters (!) full of details on the two methods in FreeBSD, GBDE and GELI. But just as important, Lucas outlines why disk encryption might *not* be the right choice: recovering data can be difficult or impossible, it might get you unwanted attention from adversaries, and it will *not* protect you against, say, an adversary who can put a keylogger on your laptop. If it still make sense to encrypt your hard drive, you'll have the knowledge you need to do the job right.

I said that this covers *almost* everything you need to know, and the big omission here is ZFS. It shows up, but only occasionally and mostly in contrast to other filesystem choices. For example, there's an excellent discussion of why you might want to use FreeBSD's plain UFS filesystem instead of all-singing, all-dancing ZFS. (Answer: modest CPU or RAM, or a need to do things in ways that don't fit in with ZFS, make UFS an excellent choice.) I would have loved to see ZFS covered here — but honestly, that would be a book of its own, and I look forward to seeing one from Lucas someday; when that day comes, it will be a great companion to this book, and I'll have Christmas gifts for all my fellow sysadmins.

One big part of the appeal of this book (and Lucas' writing in general) is that he is clear about the tradeoffs that come with picking one solution over another. He shows you where the sharp edges are, and leaves you well-placed to make the final decision yourself. Whether it's GBDE versus GELI for disk encryption, or what might bite you when enabling soft updates journaling, he makes sure you know what you're getting into. He makes recommendations, but always tells you their limits.

There's also Lucas' usual mastery of writing; well-written explanations with liberal dollops of geek humour that don't distract from the knowledge he's dropping. He's clear, he's thorough, and he's interesting — and that's an amazing thing to say about a book on filesystems.

Finally, technical review was done by Poul Henning-Kamp; he's a FreeBSD developer who wrote huge parts of the GEOM and GBDE systems mentioned above. That gives me a lot of warm fuzzies about the accuracy of this book.

If you're a FreeBSD (or Linux, or Unix) sysadmin, then you need this book; it has a *lot* of hard-won knowledge, and will save your butt more than you'll be comfortable admitting. If you've read anything else by Lucas, you also know we need him writing more books. Do the right thing and buy this now.

Link to Original Source

Submission + - The Password? You Changed It, Right?-> writes: Right at this moment, there's a swarm of little password guessing robots trying for your router's admin accounts. Do yourself a favor and do some logs checking right away. Some European ISPs have been forced to do some ad-hoc reconfigs to end user equipment recently, so do check you equipment. And of course, this turned up in my lap while I was on my way back from a most enjoyable passwords conference — traces of what appears to be a distributed password guessing efforts. Read on for data and the beginnings of analysis.
Link to Original Source

Comment No longer OOXML ISO compliant then? (Score 2, Informative) 110 110

If I remember correctly, the OOXML ISO standard that was rushed through some years back included specifications for a clipart library not entirely unlike the Microsoft Office one. I suppose this move means that Microsoft has give up on adhering to its wholly-owned ISO standard.

Comment Wiped out by new diseases perhaps? (Score 2) 57 57

A non-violent mass die-off could suggest something along the lines of a population's first exposure to a new disease (as in one nobody in the population has any immunity for) of some sort, perhaps several. Slightly more modern examples include native american populations that essentially disappeared during the early days of European exploration and settlement of north america.

Submission + - Password Gropers Hit Peak Stupid, Take the Spamtrap Bait-> 1 1 writes: Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're take from the spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally Peak Stupid.
Link to Original Source

Comment The Linux Foundation is not actually that evil (Score 1) 164 164

Unfortunately the summary gets several important facts wrong, including the status of support from the linux fooundation -- last status is ongoing discussions, not total ignore as the post summary says. And you can see what Bob actually said in the video jason Tubnor uploaded to youtube The real Bob Beck on OpenSSL talk

Submission + - Have you changed your password lately? Does it even matter?-> writes: Do frequent password changes actually matter security wise? Or do they just make us pick the minimum complexity password the system will accept? I want your opinion. In his latest piece, Peter Hansteen wants your opinion on common security enforcement practices and even offers a poll about enforced password changes. Let loose the debate rage!
Link to Original Source

Nothing is rich but the inexhaustible wealth of nature. She shows us only surfaces, but she is a million fathoms deep. -- Ralph Waldo Emerson