This Week: Notes, Names and New Sites

08 April 2008

This is the latest installment in my regular(ish) series looking at some of what I have read online since last time.

23 December 2007

So a couple of weeks ago, I challenged all you warriors, well at least those of you using Linux on your laptops, to encrypt your /home directory by Christmas.

07 December 2007

Hello everyone, welcome back to our occassional series about what I have read online since last time. Without further ado, let's dive in to the next installment.

Another reason why Linux is better for the environment

23 November 2007

Hello, this is my regular look at what I have read online since last time.

13 October 2007

Welcome to 'This Week', my occasional series about what I have read recently. You are encouraged to tell me if you have written or read something cool that I should notice. Another person to do just that is Rich McIver:

> Hi Zeth, ><br> We recently published "`Linux for Business: 50 Apps to Get your Office on Open Source`_". I figured I'd bring it to your attention in case you think your readers would find it useful. ><br>Either way, keep up the great blogging!

Reading through the list I was reminded how much great stuff there is available from the Open Source community. Are there any businesses of significant size that do not use at least any free/open-source software somewhere in the organisation? I doubt it. It just shows how far we have come. It won't be long before we will be at the point where no computer user will be without some free software on their PC, even if they do not realise that it is there. We are winning, just very subtly and quietly.

Calling all in transit - Radio Free Europe Amarok

Docutils System Messages

System Message: ERROR/3 (<string>, line 5); backlink

Unknown target name: "linux for business: 50 apps to get your office on open source".

25 September 2007

Here is another dose of what I have read online in the last week or so.

Fun and Freedom

17 September 2007

Hello! So this is what I have read out on the web in the last week. As always, if I have missed something cool, then let me know in the comments.

17 August 2007

As regular readers will know, this is my occasional series of what I have read this week on the supersized interwibble.

Charting your command history

11 August 2007

So I continue my regular series of what I have read this week. Not a lot in fact as there is near silence in my RSS reader, it seems that everyone is on holiday and people are not blogging too much. However, a few people had some interesting things to say.

Organisations for Britain's first ever Python conference are continuing and seem to be going well, see you in September if you are going.

12 July 2007

I was at the LugradioLive 2007 conference this last weekend which was fab, see here for my take on it.

I am famous, well no, but at the end of the JakAttack podcast 55 [ogg | mp3], they read out my email, rock on!

06 May 2007

Hello everyone, it has been a little while since I last did a round up of random blogs I have read. So lets get started.

Freedom of speech

30 March 2007

Long time readers will know that I occasionally do a Friday round up of selected things that I have read on blogs and so on since the last time. Hope you enjoy it!

Fixes and tips

04 November 2006

It has been a while since last time, so lets do this. 'This week on the command line' is my look at what I have read online in the past seven days. If you have read or written anything cool then leave a comment below and tell me about it.

Phill has taken up Ruby on Rails which is kind of scary. Learning Python is quite enough for me right now, however I am just a humanist while but Phill is a proper computer scientist.

11 February 2006

At the end of each week I round up what I have been reading online. If you discover an interesting link that you think should be covered then please drop me an email using warrior at commandline dot org dot uk.

Automatic Custom Linux Isos

03 February 2006

Package Management in Mac OS X... in Japanese!

A user has featured one of my posts with comments/criticisms in a post in a Japanese blog, I have no idea what he is saying, however Google Translator does attempt to make sense of it.

09 September 2005

Here is a round up of what I have noticed in the blog world about the command-line recently, if you know anymore good new links then let me know!

cURL tips

cURL is one of my favourite command-line applications. It is similar to wget but with all the features a modern browser would have, e.g. cookies, ssh, etc. You can use it to do anything a browser would do and script routine tasks that you may need to do.

World O' Matty has many posts of interest to those using the command-line. 'Grabbing a protected webpage' was a nicely-written practical example of how to use cURL:

> Ever needed to grab a password protected page from the command line? This can be accomplished with curlâ€™s â€œ-uâ€? option:

$ curl -k -i https://www.daemons.net/secret -u me:somethingstrong |more

System Message: WARNING/2 (<string>, line 20); backlink

Inline substitution_reference start-string without end-string.

The username and password can be passed as an argument to the â€œ-uâ€? option. If you are paranoid about your password being visible on the command line, you can omit the password, and curl will prompt you for it:

$ curl -k -i https://www.daemons.net/secret -u me password:

In case you are curious, the â€œ-kâ€? option forces curl to dump the HTTP headers. I use both options to debug web server issues.

I have been using cURL a lot myself, and I plan to do a series on it in the future.

Introduction to ImageMagick

Another great tool that we have not yet touched on here is ImageMagick which is a great tool that allows you to work with images at the command-line.

Himal, the Essex boy that runs the Optimus blog, has a useful introduction, imagemagick and the strengths of the command line:

> Most people donâ€™t think of the command as a place to do image manipulation. They are wrong.

Letâ€™s say I have a situation where Iâ€™ve got about 50 images at 1024Ã—768 in png format that I need to quickly turn into small jpg thumbnails. I could use Photoshop Actions, or perhaps some other tool. But that would be reinventing the wheel, why not do it all with the UNIX command line and ImageMagick?

Himal goes on to give practical examples of how to resize images. He also points out that ImageMagick can be used in server-side web-scripting to create image galleries 'on the fly'. The first example that he gives is the a simple one image job:

> convert someimage.png -resize 25% someimage.jpg

The above will take a png image called someimage.png and turn it into a jpg, scaling it down 25% from itâ€™s previous size. Or this:

convert someimage.jpg -resize 640x480 -quality 40 someimage_1.jpg

That will create a scaled 640Ã—480 image from someimage.jpg and save it as someimage_1.jpg, with jpg compression of 40%.

Network commands

Frank Teegelbeckers has a blog called Network+ and it has an interesting ` ">post about basic network commands: Ping, Traceroute, ifconfig/ipconfig, netstat, Telnet, and FTP.

Most of these utilities have been ported over to DOS and so Teegelbeckers gives both Unix/Linux and MS-DOG based explainations for them all. For example:

> Ping can tell you if the TCP/IP stack of another system on the network is functioning normally. The ping program generates a series of Echo Request messages using the Internet Control Message Protocol (ICMP) and transmits them to the computer whose name or IP address you specify on the command line. The basic syntax of the ping program is as follows:

ping target

Bash with pepperoni

I am a bit fan of providing custom interfaces to Internet applications and sites. This website explains how to order Pizza using Bash!

The application works with Dominos' website and I found that the command-line modifiers in the man page were quite amusing!

I have not tried this yet so do not know if it will work with Dominos' non-us sites; if you try it out then do let us know if it worked, and of course whether it tasted any good!

Hello, my name is Zeth, I'll be your host here.

Command Line Warriors is about taking control of your own technology, it looks at our experiences of computing; especially using GNU/Linux, the Python programming language, the command-line and issues such as techno-ethics, best practices and whatever is cool now. If you take control of your technology then you are a Warrior too!

This site is your site too which means that you can contribute and get involved. You can leave comments using the facility provided. For me, the comments and discussions are by far the best part of the site. So please do have your say!

Latest Discussions

Zeth

May 16, 2008
To Anonymous, I tried your script with some old SSH keys and it did not manage to break into an apparently vulnerable system. 1. The script requires a known username. My system did not allow root logins. 2. After failed three logins, the script's IP address got added to deny hosts.
→ Swap out your ssh keys

Zeth

May 16, 2008
To Anonymous, I said to do three things: 1. Accept the update. 2. Replace your keys. 3. Don't *have a panic attack about it.* And I still stand by that. Most non-technical users won't even be using openssh-server. While the update, blacklists and instructions on how to regenerate comes down automatically for those that do. Indeed, I think this episode shows how fast the free/open source community can move. Everytime the open source software has a panic attack over an in-theory, technically possible, but not actually being used, 'exploit', then proprietary software people say "Look their software is no better, it is just as insecure as ours". However, that is not true. There is a range of exploits, from theoretically possible with some serious preparation and knowledge about the target system, through to automated attacks that will work against any machine without the need for knowledge about it.
→ Swap out your ssh keys

Anonymous

May 15, 2008
Like stefano says, you are being VERY irresponsible by downplaying this as only "theoretically possible with a supercomputer". Linked on the page stefano mentioned is this: http://milw0rm.com/exploits/5622 That will break into your computer in a couple hours is you're using public-key logins, which are considered the safest kind, and are used on many, many machines that are supposed to be extra secure. This is a horrible, horrible problem, and dismissing it does nobody any favours. I'd really suggest you re-write this article to accurately portray how serious the problem is.
→ Swap out your ssh keys

Ryan

May 15, 2008
Yeah, good layout too. Very clear. :) Better than the last, in fact! I'm another python/django nerd, so I'll be listening even more now. I guess one of the things that's inspiring about Django is they're concerned pretty hardcore with security fixes. Just this week, an email came out and they released new sub-versions for each major Django release to include the fix. Very awesome. For your blog post model, what did you do for entering posts? Do you still use the default admin interface, or did you make your own views for posting and whatnot? I haven't looked into it much, but does django automatically include much in the way of wysiwyg text editors for text fields?
→ How not to program WSGI

stefano

May 15, 2008
Apparently the bug makes a brute-force attack much easier than "theoretically possible with a supercomputer". http://metasploit.com/users/hdm/tools/debian-openssl/ It looks that the buggy code used the process ID as seed for generating the key, and there might only be 32,768 process IDs. Furthermore not all process ID are equally possible and one could use a range of 1000-3000 seeds and having a very high chance of producing a valid key.
→ Swap out your ssh keys

Bug

May 15, 2008
@txwikinger: Thing is, I don't use Ubuntu and I can't remember where did I generate my key [I'm using Archlinux]. @Zeth: You should add the number of comments to the front page.
→ Swap out your ssh keys

Kennon

May 15, 2008
The openssh-blacklist debian package (now available, and required for the latest version of openssh-client and openssh-server) is now available. You should: apt-get update apt-get install openssh-blacklist apt-get upgrade After that you'll have the ssh-vulnkey utility and can check.
→ Swap out your ssh keys

Krispy

May 15, 2008
mkc: debian only provided blacklists for 2048 bit RSA keys and 1024 bit DSA keys. If your key isn't one of those two types, then the blacklist isn't provided in the package. You can download one here: http://metasploit.com/users/hdm/tools/debian-openssl/ but it is nearly 100MB
→ Swap out your ssh keys

Ed

May 15, 2008
@Cristian: it applies to keys. If you generated a key on Ubuntu and then put it in authorized_keys on Fedora, it's possible that someone could brute force their way in to the Fedora server.
→ Swap out your ssh keys

Cristian

May 14, 2008
This vulnerability only applies to ssh servers, right? Aren't they the ones that generate the keys? So if my client is Ubuntu and the server is Fedora everything's okay?
→ Swap out your ssh keys

Taking Control of your Own Technology

08 April 2008

23 December 2007

07 December 2007

23 November 2007

13 October 2007

Docutils System Messages

25 September 2007

17 September 2007

17 August 2007

11 August 2007

12 July 2007

06 May 2007

30 March 2007

04 November 2006

11 February 2006

03 February 2006

09 September 2005

About

Hello, my name is Zeth, I'll be your host here.

Latest Discussions

Zeth

Zeth

Anonymous

Ryan

stefano

Bug

Kennon

Krispy

Ed

Cristian