Source Guru

Tag: Linux

Why shouldn’t I login as root?

by on May.27, 2010, under Personal

I’ve recently gotten a lot of flack from a couple of people for an innocent comment I made about logging into a machine as root.
I’d like to think of myself as pretty savvy when it comes to security, and as far as I’m concerned, the reasons for not logging in as root are:-

  • Password could theoretically be sniffed
  • Unsecure connection could theoretically be hijacked
  • You don’t get an audit trail like you would with su or sudo
  • Password could be brute forced
  • You could easily run a command unintentionally which causes damage to your system

Ok, so we have the reasons not to – and they’re good reasons. This is why, generally, I don’t login to my boxes as root. However, the box in concern mitigates the above in the following ways

  • We only ever connect via SSH
  • Access to root is only allowable through SSH keys
  • Due to the nature of the server (local file storage) we don’t need an audit trail
  • Password login is only ever allowed from a secure TTY (aka the box itself)
  • The only reason we ever need to login to this machine is to perform maintenance which requires root access

Is there any good reason that I shouldn’t be logging in as root in the above circumstances?

33 Comments :, more...

I’m also a writer

by on Apr.14, 2010, under Personal

For those of you who don’t know, I occasionally write for Linux Format. As I’ve got an article coming out in the next issue (available on April 29th), I thought I’d have a check to see if the PDF’s are available in the subscribers area yet.

Unfortunately, they’re not, however, I did notice that my first article for Linux Format has now been released to the general public.

If you head on over to Issue 121, you’ll find my tutorial “Security: Protect your server” has a “Click here to read!” link underneath it.

One of my other articles for them, “Super Snooper”, has also found it’s way onto TuxRadar, and, while it doesn’t have the pretty artwork (or a mugshot, or any mention of me, it seems!) that the magazine does, it’s still well presented on the site!

Let me know in the comments if you’ve any feedback to either of them!

Along the same lines, I’m thinking that I want to write a book (mainly so that I’ll eventually come first in Google, rather than what used to be second and now for some reason seems 7th :( ). But what should I write about? I’ve a few thoughts, and the one that I feel like I want to write the most is about “becoming a Google Ninja” (using Analytics, Website Optimiser, etc etc to their full potential) – but – I don’t know – would people be interested in buying that?

3 Comments :, , , , , , more...

(UK) The Gadget Show – PC vs Mac

by on Nov.30, 2009, under Personal

Today, an episode of “The Gadget Show” aired in which they compared PC and Mac to put on their “wall of fame”.

I was shocked that there was no mention of Linux at all in their rundown.

Here is the email I just sent to them in response to the show:-

Date: Mon, 30 Nov 2009 22:16:28 +0000
From: Martin Meredith <mez AT debian DOT org>
To: gadget.show AT northonetv DOT com
Subject: PC vs Mac – Yes, you mention windows

But both PC’s and Mac’s have the ability to run a little thing called “Linux”

Linux is the base of an operating system that’s been around for years, often
making innovations BEFORE Windows or Mac are able to.

It’s an Operating system that’s written by the people, for the people, which
shows in the fact that there are hundreds (if not thousands) of distributions
available to download and use – for FREE!!!!

A large motive behind the Linux movement is the fact that it’s completely free.
Both in the sense of Free Speech, and in the sense of Free Beer.  You don’t have to pay for it, and you can do what you like with it.

Compare the above to a Mac.  With a mac, you’re limited to the hardware you can use, you’re limited in the functionality, etc etc.  Comparing to Windows, you can see the benefit of the price.  Constantly upgrading windows can cost a LOT of money.

Ok, Linux does have it’s flaws.  Some hardware isn’t supported correctly, and a lot of the software you’ll find on the shelves of your local shop probably won’t work with it.  But, nowadays, with the advent of the iPhone, and to a lesser extent, Android based Mobile Phones, people are coming to expect easily available software.

Enter the package Manager.  Most distributions of Linux now offer an easy way to find and install applications,  and some go a step further and give you an application that makes life even easier (See attached screenshot)

Linux also has the benefit that, like the Mac, the fact that it’s not Windows,
and something that 90%+ of people use, it’s not a target for Viruses.  Add that
to the fact that it has Least Privileged Access built in (Think Windows Vista
“are you sure that you want to run this program as an admin?”), and has done
since the very beginning, and it makes it one of the most secure operating
systems you can find.

Linux has come along in leaps and bounds in recent years, and is surely a
competitor for any operating system out there.  While it may be unfamiliar,
with the advent of new technology, it’s perfectly placed.  This has been shown
by the fact that until Microsoft made a sly move to relicence Windows XP for
netbooks, it was hard to find a netbook with anything but a Linux based OS on it (and all those who tried out my eeePC 701 when it was new and shiny out of the box tended to prefer what was on that than Windows!)


Regards,
Martin Meredith

Freelance Writer for Future Publishing
Debian Developer – http://www.debian.org/
Ubuntu Developer – http://www.ubuntu.com/
Deputy IT Manager for Mobile Fun Ltd. – http://www.mobilefun.co.uk/

12 Comments :, , more...

My Boss, with a little help, starts the conversion to Linux

by on Apr.09, 2009, under Personal

Ok, so at work, pretty much the whole company uses Windows, of some sort. The web team, however, are pretty adamant that they use the best tools available for them, and we use Ubuntu because of this (because it’s the easiest option that we all have the same distro, and as long as it’s Linux, we don’t mind)

Anyway, at the moment we’re working through the process of moving all our internal business applications from Visual Basic.NET (urgh!) to PHP + a web based app. The “Product Owner” for this is one of the bosses, who currently uses Windows Vista.

He has, however, seen us all using Ubuntu and it’s got him interested in using it. He’s said that he wants to try using Ubuntu, and see whether he can get his work done on that, and slowly transition to it, as obviously, he needs to be able to use Windows for the .NET stuff (which sadly, doesn’t work well under WINE).

So, we set him up a Virtual Machine, and he got to grips with what he was doing, great. Except for the fact that he had to allocate memory to it, switching back and forth between windows and Ubuntu was a pain. He eventually gave up on this idea, and got a spare machine, a spare monitor, and set it up next to his machine.

Still, however, it was a bit of a pain, he’d have to switch position on his desk, start using a different keyboard and mouse, and i was all a bit of hassle.

Recently, we’ve gotten a “big screen” (which isn’t actually that big!) for the Web Team to monitor the servers, our order download service, etc etc. We were showing our manager some of the stuff we could do with it, and he asked the question “So, how do you control it” – to which my response was to move my mouse off of the edge of my screen, and onto the big screen. “So is that a third monitor?” he asked. “No” I replied, it’s another machine.

Enter Synergy

So this is the point where I explained to our manager exactly what synergy is. Trying to explain it however, is a bit of a hassle, so I’ll try my best here. Synergy is an application that allows you to control another machine’s keyboard and mouse from your own PC. It’s a bit of a mix between a KVM switch, and Remote Desktop, but it doesn’t require extra hardware, and you dont have to relay the video across the network to show it on your screen too.

At this point, our boss got a glint in his eye

“Does it work in Windows?” he asked. At this point, I didn’t realise that he had a seperate machine for Ubuntu. I told him it did anyway, but I wasn’t too sure whether it worked with Vista

“Lets give it a go anyway”

So we went over to his machine, and I installed quicksynergy on his ubuntu box, while he downloaded the Windows installer for Synergy. 5 minutes later, he was grinning like a maniac as he moved his mouse from one machine to another.

Now he’s happily using Ubuntu without any hassle, it’s just a third screen to him – with different stuff on it.

I think the moral here is, there are different ways to get people to be able to use Linux, and Synergy is one of those great tools that enable people to use Linux without having all the hassle that comes with switching over.

I think also, a quote from m manager sums it up.

This is one of the best things I’ve seen all year. I thought it’d take forever to setup, but it was so quick. I can be so much more productive now

I hope that this will be one of the turning points for my manager, and we’ll have another convert by the end of the year

18 Comments :, , , , more...

Nifty commands

by on Jan.03, 2008, under Geeky

So, helping someone with an issue earlier (amarok had crashed and they couldn’t kill it properly), I told them to issue the following command

ps x | awk '/amarok/ {print $1}' | xargs kill -9

Now, this is a command I use a lot to kill programs that are being evil (generally, I use it to kill evolution!)

But the comment came back “That’s nifty!”

So I’ve got to ask, what are your favourite “nifty” commands? and what do they do?

<edit> So far, within 5 mins of posting this, I’ve had 2 people ask why I don’t just use killall

mez@apathy:~$ ps x -ocommand | grep [e]vo
evolution
/usr/lib/evolution/evolution-data-server-1.12 <snip>
/usr/lib/evolution/2.12/evolution-exchange-storage <snip>
22 Comments :, , more...

Learning IPTables

by on Oct.14, 2007, under Geeky, Linux

Generally, I’m pretty lax when it comes to Firewalls in Linux, for the simple fact that I use kubuntu/ubuntu, which opens no ports by default. So any open ports on the system, I generally know about.

Anyway, as I’ve recently had a new server setup for Radio Amarok (many thanks to BitFolk for this, who have provided this service for us) and I knew that it would be something that’s going to be in the public eye, I thought that I better get a firewall up and running

So yes, I’ve been learning how to use Iptables correctly, and having to learn more about how TCP/IP works. I knew the basics, but actually sitting down and learning more about it is definitely interesting. Though, I’ve still not much idea on some issues, like why Aaron Krill’s ISP can’t route him to the Radio Amarok server (Andy Smith tried explaining – but I still had no idea what was going on!)

On another note, Radio Amarok is still looking for help. So if you have anything to offer (we’re looking for sponsors, artists, DJs, and web developers/designers (and at some point we’ll be looking for a sysadmin)), so if you have anything to offer us, feel free to pop into IRC (irc.freenode.net #amarok.radio) or email me (mez AT radioamarok DOT com)

2 Comments :, , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!