You are here

thinktime

BlueHackers: Rat Park drug experiment cartoon – Stuart McMillen comics

Planet Linux Australia - Thu 29th Jan 2015 14:01

http://www.stuartmcmillen.com/comics_en/rat-park/





Comic about a classic experiment into drug addiction science: Rat Park.

Would rats choose to take drugs if given a stimulating environment and company?

Read and learn.

Stuart McMillen is an awesome Australian based young artist.

Categories: thinktime

This week's sponsor: MyFonts

a list apart - Thu 29th Jan 2015 05:01

Thanks to MyFonts for sponsoring A List Apart this week. MyFonts webfonts are flexible, easy to use, and require no monthly fees. Take a look at their list of the 50 most popular fonts on the web right now.

Categories: thinktime

The best laid plans

Seth Godin - Wed 28th Jan 2015 21:01
As your plans get more detailed, it's also more and more likely that they won't work exactly as you described them. Certainly, it's worth visualizing the thing you're working to build. When it works, what's it going to be like?...         Seth Godin
Categories: thinktime

Russell Coker: SE Linux Play Machine Over Tor

Planet Linux Australia - Wed 28th Jan 2015 19:01

I work on SE Linux to improve security for all computer users. I think that my work has gone reasonably well in that regard in terms of directly improving security of computers and helping developers find and fix certain types of security flaws in apps. But a large part of the security problems we have at the moment are related to subversion of Internet infrastructure. The Tor project is a significant step towards addressing such problems. So to achieve my goals in improving computer security I have to support the Tor project. So I decided to put my latest SE Linux Play Machine online as a Tor hidden service. There is no real need for it to be hidden (for the record it’s in my bedroom), but it’s a learning experience for me and for everyone who logs in.

A Play Machine is what I call a system with root as the guest account with only SE Linux to restrict access.

Running a Hidden Service

A Hidden Service in TOR is just a cryptographically protected address that forwards to a regular TCP port. It’s not difficult to setup and the Tor project has good documentation [1]. For Debian the file to edit is /etc/tor/torrc.

I added the following 3 lines to my torrc to create a hidden service for SSH. I forwarded port 80 for test purposes because web browsers are easier to configure for SOCKS proxying than ssh.

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 22 192.168.0.2:22

HiddenServicePort 80 192.168.0.2:22

Generally when setting up a hidden service you want to avoid using an IP address that gives anything away. So it’s a good idea to run a hidden service on a virtual machine that is well isolated from any public network. My Play machine is hidden in that manner not for secrecy but to prevent it being used for attacking other systems.

SSH over Tor

Howtoforge has a good article on setting up SSH with Tor [2]. That has everything you need for setting up Tor for a regular ssh connection, but the tor-resolve program only works for connecting to services on the public Internet. By design the .onion addresses used by Hidden Services have no mapping to anything that reswemble IP addresses and tor-resolve breaks it. I believe that the fact that tor-resolve breaks thins in this situation is a bug, I have filed Debian bug report #776454 requesting that tor-resolve allow such things to just work [3].

Host *.onion

ProxyCommand connect -5 -S localhost:9050 %h %p

I use the above ssh configuration (which can go in ~/.ssh/config or /etc/ssh/ssh_config) to tell the ssh client how to deal with .onion addresses. I also had to install the connect-proxy package which provides the connect program.

ssh root@zp7zwyd5t3aju57m.onion

The authenticity of host ‘zp7zwyd5t3aju57m.onion ()

ECDSA key fingerprint is 3c:17:2f:7b:e2:f6:c0:c2:66:f5:c9:ab:4e:02:45:74.

Are you sure you want to continue connecting (yes/no)?

I now get the above message when I connect, the ssh developers have dealt with connecting via a proxy that doesn’t have an IP address.

Also see the general information page about my Play Machine, that information page has the root password [4].

Related posts:

  1. Trust and My SE Linux Play Machine When discussing the machine there are two common comments I...
  2. New SE Linux Play Machine Online After over a year I have finally got a SE...
  3. Play Machine Online Again I have returned from the US and my SE Linux...
Categories: thinktime

Diet and nutrition essential for mental health

Teaser:  Evidence is rapidly growing showing vital relationships between both diet quality and potential nutritional deficiencies and mental health, a new international collaboration led by the University of Melbourne and Deakin University has revealed.

This article originally appeared on the Melbourne Newsroom on January 28. View the original here.

Evidence is rapidly growing showing vital relationships between both diet quality and potential nutritional deficiencies and mental health, a new international collaboration led by the University of Melbourne and Deakin University has revealed.

www.enaonline.org

read more

Categories: thinktime

Francois Marier: Using unattended-upgrades on Rackspace's Debian and Ubuntu servers

Planet Linux Australia - Tue 27th Jan 2015 21:01

I install the unattended-upgrades package on almost all of my Debian and Ubuntu servers in order to ensure that security updates are automatically applied. It works quite well except that I still need to login manually to upgrade my Rackspace servers whenever a new rackspace-monitoring-agent is released because it comes from a separate repository that's not covered by unattended-upgrades.

It turns out that unattended-upgrades can be configured to automatically upgrade packages outside of the standard security repositories but it's not very well documented and the few relevant answers you can find online are still using the old whitelist syntax.

Initial setup

The first thing to do is to install the package if it's not already done:

apt-get install unattended-upgrades

and to answer yes to the automatic stable update question.

If you don't see the question (because your debconf threshold is too low -- change it with dpkg-reconfigure debconf), you can always trigger the question manually:

dpkg-reconfigure -plow unattended-upgrades

Once you've got that installed, the configuration file you need to look at is /etc/apt/apt.conf.d/50unattended-upgrades.

Whitelist matching criteria

Looking at the unattended-upgrades source code, I found the list of things that can be used to match on in the whitelist:

  • origin (shortcut: o)
  • label (shortcut: l)
  • archive (shortcut: a)
  • suite (which is the same as archive)
  • component (shortcut: c)
  • site (no shortcut)

You can find the value for each of these fields in the appropriate _Release file under /var/lib/apt/lists/.

Note that the value of site is the hostname of the package repository, also present in the first part these *_Release filenames (stable.packages.cloudmonitoring.rackspace.com in the example below).

In my case, I was looking at the following inside /var/lib/apt/lists/stable.packages.cloudmonitoring.rackspace.com_debian-wheezy-x86%5f64_dists_cloudmonitoring_Release:

Origin: Rackspace Codename: cloudmonitoring Date: Fri, 23 Jan 2015 18:58:49 UTC Architectures: i386 amd64 Components: main ...

which means that, in addition to site, the only things I could match on were origin and component since there are no Suite or Label fields in the Release file.

This is the line I ended up adding to my /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Origins-Pattern { // Archive or Suite based matching: // Note that this will silently match a different release after // migration to the specified archive (e.g. testing becomes the // new stable). // "o=Debian,a=stable"; // "o=Debian,a=stable-updates"; // "o=Debian,a=proposed-updates"; "origin=Debian,archive=stable,label=Debian-Security"; "origin=Debian,archive=oldstable,label=Debian-Security"; + "origin=Rackspace,component=main"; }; Testing

To ensure that the config is right and that unattended-upgrades will pick up rackspace-monitoring-agent the next time it runs, I used:

unattended-upgrade --dry-run --debug

which should output something like this:

Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['origin=Debian,archive=stable,label=Debian-Security', 'origin=Debian,archive=oldstable,label=Debian-Security', 'origin=Rackspace,component=main'] Checking: rackspace-monitoring-agent (["<Origin component:'main' archive:'' origin:'Rackspace' label:'' site:'stable.packages.cloudmonitoring.rackspace.com' isTrusted:True>"]) pkgs that look like they should be upgraded: rackspace-monitoring-agent ... Option --dry-run given, *not* performing real actions Packages that are upgraded: rackspace-monitoring-agent Making sure that automatic updates are happening

In order to make sure that all of this is working and that updates are actually happening, I always install apticron on all of the servers I maintain. It runs once a day and emails me a list of packages that need to be updated and it keeps doing that until the system is fully up-to-date.

The only thing missing from this is getting a reminder whenever a package update (usually the kernel) requires a reboot to take effect. That's where the update-notifier-common package comes in.

Because that package will add a hook that will create the /var/run/reboot-required file whenever a kernel update has been installed, all you need to do is create a cronjob like this in /etc/cron.daily/reboot-required:

#!/bin/sh cat /var/run/reboot-required 2> /dev/null || true

assuming of course that you are already receiving emails sent to the root user (if not, add the appropriate alias in /etc/aliases and run newaliases).

Categories: thinktime

Your mood vs. your reality

Seth Godin - Tue 27th Jan 2015 20:01
Who is happy? Are rock stars, billionaires or recently-funded entrepreneurs happier? What about teenagers with clear skin? Either what happens changes our mood... or our mood changes the way we narrate what happens. This goes beyond happiness economics and the...         Seth Godin
Categories: thinktime

Andrew McDonnell: Linux.conf.au 2015 catchup #1

Planet Linux Australia - Mon 26th Jan 2015 22:01

At the conference in Auckland I had two presentations.

For the first time I managed to get a main conference talk accepted, actually it was a tutorial which goes for 90 minutes! It was a bit daunting beforehand, but after I finished, I realised I prefer the tutorial format over having to deliver a talk. I enjoy the interaction with the audience and the sharing of knowledge, and also not being the sole focus (and not having to remember exactly what to say so much!)

My tutorial was on Reverse Engineering with Radare2; the video (Youtube) and slides are linked from the conference presentation, and have the slides up on my personal landing page as well. Thanks to James for helping with a final practice run, its always good to have a typical candidate audience perspective beforehand.

I also did a shorter talk at the Open Hardware mini-conference, on hardening embedded Linux, using OpenWRT on devices like the carambola2 as an example. The video of the mini-conferences is a bit less polished due to resourcing, here I am on about 2/3 the way through. I was somewhat more flustered in my delivery due to late changes to some slides (see earlier blog article) and a problem with my laptop deciding to have thermal issues an hour before the talk. I managed to resolve these (thanks AndyK for your help!) but it put me off my mojo a bit unfortunately. The live demo I was quite happy with, it worked without issue, so perhaps the demo gods were appeased by my earlier mishaps… The final slides are here.

Categories: thinktime

Fear of public speaking

Seth Godin - Mon 26th Jan 2015 21:01
Very few people are afraid of speaking. It's the public part that's the problem. What makes it public? After all, speaking to a waiter or someone you bump into on the street is hardly private. I think we define public...         Seth Godin
Categories: thinktime

Tim Serong: A Brief Exercise in Shameless Self Promotion

Planet Linux Australia - Mon 26th Jan 2015 20:01

At linux.conf.au the other week, a friend asked if I’d ever considered a career writing a web comic. I forget exactly how it came up, but it might have had something to do with the STONTIH Deathmatch t-shirt I was wearing at the time, or may have been due to someone mentioning the talk Florian Haas and I gave at LCA 2011 with the live cartooning.

Anyway, the answer was “no, not really”, largely because I sincerely enjoy my gig at SUSE (we’re hiring ATM, BTW), but also partly because I honestly don’t come up with enough interesting stuff often enough, and consider it unlikely I’ll ever make a living off it. Still, I have put a handful of bits and pieces up on Redbubble over the last few years, so I thought I’d engage in a bit of narcissism and promote it shamelessly and obviously. In chronological order then, from oldest to newest, I have produced:

Categories: thinktime

Michael Still: First jog, and a walk to Los Altos

Planet Linux Australia - Mon 26th Jan 2015 16:01
Today was a busy day, not only did I foolishly go for a jog 5 minutes after sunrise...



Interactive map for this route. ...but then I went for a walk with James in the afternoon as well.



Interactive map for this route. Let's just say my fitbit is very impressed with me.



Tags for this post: blog walk california running

Related posts: Walking to work; Did I mention it's hot here?; Summing up Santa Monica; Noisy neighbours at Central Park in Mountain View; So, how am I getting to the US?; VTA station for the Santa Clara Convention Center



Comment
Categories: thinktime

Clinton Roy: clintonroy

Planet Linux Australia - Mon 26th Jan 2015 15:01

Notwork, due to Australia day. Spending an inordinate amount of time trying to find some aircon so I don’t sweat all day long. I did get to pre-poll vote in the morning, so not all aircon hunting time was wasted.

My headphones have died in one ear, time for another set of consumables. The wirleless in the library is hopeless. This combination is making me very unproductive at both tasks I set myself for today.



Filed under: Uncategorized
Categories: thinktime

Sridhar Dhanapalan: Twitter posts: 2015-01-19 to 2015-01-25

Planet Linux Australia - Mon 26th Jan 2015 01:01
Categories: thinktime

Advice or criticism?

Seth Godin - Sun 25th Jan 2015 20:01
It's quite natural to be defensive in the face of criticism. After all, the critic is often someone with an agenda that's different from yours. But advice, solicited advice from a well-meaning and insightful expert? If you confuse that with...         Seth Godin
Categories: thinktime

Clinton Roy: clintonroy

Planet Linux Australia - Sun 25th Jan 2015 16:01

Finished the Learning to Learn MOOC course. I missed a few of the deadlines due to lca2015, so I’m not not bothering to do the written parts, which does make me feel rather like I haven’t finished the course. It’ll be interesting to see if I can apply the techniques going forward. I’m pretty sure I’ll chase up their book at some point as well.



Filed under: diary
Categories: thinktime

Craige McWhirter: Craige McWhirter: A Little Vim Hack For Go

Planet Linux Australia - Sat 24th Jan 2015 21:01

After LCA2015 I've starting playing with Go(I blame Sven Dowideit). If you already use VIM-YouCompleteMe) then you should be right for most things Go. However I tinker in a few languages and you'll never guess that they have different rules around style and formatting of code.

Go is one out for me requiring settings unique to Go among the languages I tinker in. I made the below changes to my ~/.vimrc to suit Go:

function! GoSettings() set tabstop=7 set shiftwidth=7 set noexpandtab endfunction autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings()

Now when I edit a file with the .go extension, my Vim session will be formatting the file correctly from the start.

You can also configure Vim to run gofmt but I preferred this approach.

Categories: thinktime

Two kinds of hustle

Seth Godin - Sat 24th Jan 2015 20:01
There's the hustle of always asking, of putting yourself out there, of looking for discounts, shortcuts and a faster way. This is the hustle of it it doesn't hurt to ask, of what you don't know won't hurt you, of...         Seth Godin
Categories: thinktime

Clinton Roy: clintonroy

Planet Linux Australia - Sat 24th Jan 2015 17:01

Caught up with a friend in the morning.

Booked the local bowling place for my birthday celebration.

Caught up on the ‘learning to learn’ mooc. I’ve missed the deadline on the quiz and the written material, but I’m continuing through with everything else. I should be able to get through the final week of content tomorrow.

Watching more LCA2015 videos.



Filed under: diary
Categories: thinktime

Clinton Roy: clintonroy

Planet Linux Australia - Sat 24th Jan 2015 17:01

Work.

A very wet day, I was drenched only about fifty metres from home.

Watching and noting on more lca2015 videos.



Filed under: diary
Categories: thinktime

Pages

Subscribe to KatteKrab aggregator - thinktime