Geek Pit

What is it about Dell and their laptops that they have to change the
hardware every few months, even among the same model lines? I used to
have a Dell Inspiron 600m, which worked quite well under Debian Sarge,
with a decent X screen resolution (1400×1050), working sound, Ethernet
and wireless, and working PCMCIA.

I recently got a new laptop, […]

Read Full Post »

Ivan Ristic (the author
of ModSecurity),
talks about some
of ModSecurity’s
new features.

Some decent tips
for securing Linux distributions, mainly concerned with Red
Hat-like distributions.

Over at Desktoplinux.com, Jem Matzan comments on
how desktop
Linux distros are headed in the wrong direction. His main point is
that developers are trying to compete with Vista and Mac OS X by
incorporating eye-candy into their desktops, when they […]

Read Full Post »

I had an amusing exchange recently when I was calling a big-name
security vendor for support on behalf of a client. I had been mildly
irritated that I couldn’t access their support portal with Firefox,
since I wanted to open a ticket online. I suspected it was one of
those ‘IE-only’ sites you hear about. Becoming less-and-less frequent,
those. No […]

Read Full Post »

Cracking
buggy wireless drivers. Makes you
glad some operating
systems don’t ship
with binary-only drivers.

Debian Administration tells us
about stack-smashing
protection (SSP) now
in Debian
Sid. Also a good overview of shellcode exploits.

Yet
another person who doesn’t understand the false dichotomy between
Free and
commercial
software. I’m glad that in the end, he […]

Read Full Post »

Well, OpenBSD keeps getting
better and better as a firewall
platform. First, pf,
CARP and pfsync for failover or load-balanced firewall clusters,
and
now IPSec
VPN failover. Sounds like it will be ready for the next release
this fall. While this has been available as a feature in expensive,
proprietary firewalls for some time (think Check Point), I don’t know
of any free-software implementation […]

Read Full Post »

A
good interview
with Eugene Spafford about the prevalence of network security
risks, and how current trends are increasing them. He points to three
factors:

Deployment of cost-saving technologies without thinking through
the consequences (VOIP, wireless)
The disappearance of the network perimeter
Relying on one security vendor for all your products.

He has one interesting comment concerning the dangers of
losing […]

Read Full Post »

I came across this
nifty Perl script for starting services in /etc/rc.d on Slackware
(easily modified to run on other Linux or *BSD variants). This is like
Red Hat’s service command
(e.g. ’service sshd restart’), just more concise and with fewer
options, but still very usable.

There are two articles about switching back to Linux from Mac OS X,
one by Chromatic […]

Read Full Post »

There is
a not-so-nice
review of Dapper Drake,
Ubuntu’s new
release, over at Tectonic. A few comments - I’m typing this on
my laptop running Dapper as we speak, and it has been pretty stable
for me, once I got it installed. One complaint I did share was the
[…]

Read Full Post »

I guess Emacs
really can be used as an operating system.

Over at O’Reilly blogs, Brian Jepson gives us some more humor as he
is outsmarted by a
chatterbot - this for fans
of Monty
Python.

It
seems bloggers
really like Ubuntu.

Two good articles on Pre-seeding Debian
installations: Part
I
and Part
II.

A former NSA cryptologist gives us a fascinating look
at breaking a 137
[…]

Read Full Post »

One of the hazards of remote firewall administration is the
possibility of locking yourself out after an erroneous rulebase
change. It can happen with any firewall. There are various ways
around this, I’m going to go over a few of them.

Traditionally what I’ve used when making major (or first-time)
firewall policy changes via a remote SSH session or remote […]

Read Full Post »