Felipe Alvarez's blog

There is a great thread about endianess, Unicode, BOM (byte order marks), and other interesting topics.

UPDATE: I changed ‘>’ (erase file, then write to file) to ‘>>’ (append to file). This avoids you overwriting your, or other peoples’, public keys.

Setting up password-less logins is both dangerous, and mighty. It allows one to authenticate to an OpenSSH server without typing in a password. Authentication is gained via knowledge of a private key.

Generate a Public/Private Key Pair

$> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/felipe/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/felipe/.ssh/id_rsa.
Your public key has been saved in /home/felipe/.ssh/id_rsa.pub.
The key fingerprint is:
d7:79:c3:01:ce:90:71:a2:a2:3d:83:26:fb:9a:1f:5b felipe@linux.local

You will then find two files inside your directory. Keep them safe, secure, and secret. The public key (the one with .pub at the end) can be widely disemmindated. It represents the antonym of secrecy and privacy. The private key, however, must remain private and secret at all times.

Copy the PUBLIC key to a remote OpenSSH server

You must copy your public key to a remote host. The host will verify that you own the private key by encrypting a “challenge” and forcing your ssh client to decrypt it. If successful, you are authenticated, and admitted entrance. A password isn’t required.

$> cat /home/felipe/.ssh/id_rsa.pub | ssh felipe@remote-host.com \
"cat - >> .ssh/authorized_keys"
felipe@remote-host.com's password: <PASSWORD>

This copies your public key the authorized_keys file (NB: authorized_keys2 is deprecated and no longer recommended for use. OpenSSH checks both).

Testing Phase

‘logout’ or ‘exit’ and try:

$> ssh felipe@remote-host.com

It should not ask you for a password. You should automatically be logged into the remote system.

Works with scp and rsync too!

‘scp’ and ‘rsync’ both use a ssh client at the backend, and so will also authenticate automatically utilising your public and private key pair. Try:

$> scp file_a felipe@remote-host.com:file_b

This should transfer without pausing to ask for your password. Likewise try:

$> rsync -r /backups/2010/Jan felipe@remote-host.com:/backups/2010

This should backup your entire directory to remote-host.com without pausing to ask for a password. You can put a line similar to this one in a shell script, and run it with cron once a week or so. It will automatically backup your system, using OpenSSH, and proven secure and safe method for authentication of human and machines across an untrusted public network, away from curious eyes.

I will never again buy a RAID Controller card from Promise again! They claimed to support GNU/Linux, and they don’t. They said they didn’t have drivers for Windows 7, and then suddenly they magically appear on their Downloads page. We weren’t even notified.

I’m going to go with mdadm and try my luck with software RAID on Mint. If I must buy another card, for whatever reason (namely software RAID is much too slow, and hardware RAID will offload the work to the card itself) I’ll go with Adaptec.

I just ripped some of my CD’s to MP3, but I was just curious what OGG would do for me. I had never actually compared the two encoding formats, side-by-side, but today, I was simply stunned.

A song compressed with MP3 (VBR 128Kbps Normal Quality) was around 5.1 – 5.8 MB. It sounded good, but ‘clearly’ inferior to the actual CD Quality sound.

The OGG rip (VBR 128Kbps), on the other hand knocked my socks off! It was around 3.0 – 3.1 MB and sounded ‘nearly’ as good as the original CD!

I hesitated, at first, to rip them all to MP3, in case I wanted to share them (!gasp!) with others. However, now that I can see a 17% – 20% compression gain using OGG over MP3, I no longer feel that way. I wholeheartedly endorse the use of OGG Vorbis for ALL compressed lossy compression.

Most [good] audio/multimedia players already support OGG (except, MS programs, obviously!) so you should have no problem listening to them.

If you have a portable media player (PMP) without native OGG support there are two options

1. Contact the manuafaturer and demand (request?) that they support OGG in future versions of their players
2. Ask them to create a firmware update to include OGG support on currently supported players
3. Install Rockbox: a Linux-based GNU open-source free software suite which allows many major PMP’s to play a huge variety of free and proprietary (i.e. non-free, patented, or otherwise ‘encumbered’) formats, such as OGG. It also allows you to play wide variety of video formats, as well. It included a bunch of interesting features such as backlight dimming, battery-saving features, audio enhancement features, and plenty of games (plays DOOM too!)

I’ve been having some problems with charsets (character sets) when using FreeNAS, rsync, deltacopy, and cygwin.

The filenames on a Windows box are either in UTF-8 or ISO-8859-1 (Latin1). The FreeNAS uses rsync to backup the files on the windows box, and saves them to a RAID array. I wasn’t sure if it was rsync, or FreeNAS causing the problem, but all characters with more than 7 significant bits (8 or more) were being “escaped” such as \#303 instead of Ñ.

I found the solution by using the “-8″ flag in rsync. Also, I overwrote the cygwin.dll file supplied by DeltaCopy with a UTF-8-modified cygwin.dll, restarted DeltaCopy, and the filenames appeared correctly and in UTF-8 (instead of ISO8859-1).

As always, remember to BACKUP before journeying on with this! Good Luck!

As part of National Cyber-security Awareness Month, Googleblog posts some important tips regarding password security.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger. — Choosing a smart password.

New BSD magazine, available in stores or online at bsdmag.org

How new issue includes:

• Installing FreeBSD 7.1 with Enhanced Security Jails…
• Getting a GNOME Desktop on FreeBSD…
• Packaging Software for OpenBSD – part 2…
• A Jabber Data Transfer Component…
• Building a FreeBSD Wireless Router…
• CPU Scaling on FreeBSD Unix…
• LDAP Authentication on OpenBSD Boxes…
• FreeBSD and Snort Intrusion Detection System…
• Building an Embedded Video Web Server with NetBSD…
• FreeBSD Tips…
• Maintaining System Configuration Files Using Subsversion…
• Q&A about Dtrace…

In an historic move, Microsoft Monday submitted driver source code for inclusion in the Linux kernel under a GPLv2 license.

The code consists of four drivers that are part of a technology called Linux Device Driver for Virtualization. The drivers, once added to the Linux kernel, will provide the hooks for any distribution of Linux to run on Windows Server 2008 and its Hyper-V hypervisor technology. Microsoft will provide ongoing maintenance of the code.

Linux backers hailed the submission as validation of the Linux development model and the Linux GPLv2 licensing.

Microsoft said the move will foster more open source on Windows and help the vendor offer a consistent set of virtualization, management and administrative tools to support mixed virtualized infrastructure.

Kroah-Hartman said Microsoft’s submission was routine. “They abided by every single rule and letter of what we require to submit code. If I was to refuse this code it would be wrong,” he said.

Sam Ramji, who runs the Open Source Software Lab for Microsoft and is the company’s director of open source technology strategy, called the Linux kernel submission the company’s most important Linux/open source commitment ever. Read more…

Since I don’t have an iPhone, and I don’t use windows, I’m not quite sure what to make of free long distance phone calls with iCall. If you want to download it, install it, and use it, let me know how it functions. Or if you already have experience with it, give me a little feedback. Is it worth it? How is the call quality? Do they spam you? Is it really ‘free’? What restrictions does it have? Does it cut off your calls after 30 mins?

How can this be free?
iCall uses Voice Over IP (VoIP) technology which utilizes your existing Internet connection (cable, DSL, wireless, or dial-up) and your PC to plug you directly in to the regular telephone network. Stick it to the man – you already pay for your Internet connection, and the Internet is changing everything!

theodp writes “On Tuesday, Microsoft was granted US Patent No. 7,536,726 (it was filed in 2005) for intentionally crippling the functionality of an operating system by ‘making selected portions and functionality of the operating system unavailable to the user or by limiting the user’s ability to add software applications or device drivers to the computer’ until an ‘agreed upon sum of money’ is paid to ‘unlock or otherwise make available the restricted functionality.’ According to Microsoft, this solves a ‘problem inherent in open architecture systems,’ i.e., ‘they are generally licensed with complete use rights and/or functionality that may be beyond the need or desire of the system purchaser.’ An additional problem with open architecture systems, Microsoft explains, is that ‘virtually anyone can write an application that can be executed on the system.’ Nice to see the USPTO rewarding Microsoft’s eight problem-solving inventors, including Linux killer (and antelope killer) Joachim Kempin, who’s been credited with getting Microsoft hauled into federal court on antitrust charges.” Sounds like the mechanism by which Microsoft sells one version of Vista to all users, and lets users upgrade to higher-tier flavors of the OS after cash changes hands.

Key concepts to take out of this:

1. limiting the user’s ability to add software applications or device drivers to the computer
   • Don’t you own your own computer? Aren’t you permitted to add whatever you feel like? Who has the right to revoke this right on your behalf?
2. functionality that may be beyond the need or desire [of the end user]
   • What I want, or what are need, are none of your business unless I ask for it.
3. virtually anyone can write an application that can be executed on the system.
   • Why is that so bad?
4. Move to free software!
   • It feels good.