Felipe Alvarez's blog

UPDATE: I changed ‘>’ (erase file, then write to file) to ‘>>’ (append to file). This avoids you overwriting your, or other peoples’, public keys.

Setting up password-less logins is both dangerous, and mighty. It allows one to authenticate to an OpenSSH server without typing in a password. Authentication is gained via knowledge of a private key.

Generate a Public/Private Key Pair

$> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/felipe/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/felipe/.ssh/id_rsa.
Your public key has been saved in /home/felipe/.ssh/id_rsa.pub.
The key fingerprint is:
d7:79:c3:01:ce:90:71:a2:a2:3d:83:26:fb:9a:1f:5b felipe@linux.local

You will then find two files inside your directory. Keep them safe, secure, and secret. The public key (the one with .pub at the end) can be widely disemmindated. It represents the antonym of secrecy and privacy. The private key, however, must remain private and secret at all times.

Copy the PUBLIC key to a remote OpenSSH server

You must copy your public key to a remote host. The host will verify that you own the private key by encrypting a “challenge” and forcing your ssh client to decrypt it. If successful, you are authenticated, and admitted entrance. A password isn’t required.

$> cat /home/felipe/.ssh/id_rsa.pub | ssh felipe@remote-host.com \
"cat - >> .ssh/authorized_keys"
felipe@remote-host.com's password: <PASSWORD>

This copies your public key the authorized_keys file (NB: authorized_keys2 is deprecated and no longer recommended for use. OpenSSH checks both).

Testing Phase

‘logout’ or ‘exit’ and try:

$> ssh felipe@remote-host.com

It should not ask you for a password. You should automatically be logged into the remote system.

Works with scp and rsync too!

‘scp’ and ‘rsync’ both use a ssh client at the backend, and so will also authenticate automatically utilising your public and private key pair. Try:

$> scp file_a felipe@remote-host.com:file_b

This should transfer without pausing to ask for your password. Likewise try:

$> rsync -r /backups/2010/Jan felipe@remote-host.com:/backups/2010

This should backup your entire directory to remote-host.com without pausing to ask for a password. You can put a line similar to this one in a shell script, and run it with cron once a week or so. It will automatically backup your system, using OpenSSH, and proven secure and safe method for authentication of human and machines across an untrusted public network, away from curious eyes.

I just ripped some of my CD’s to MP3, but I was just curious what OGG would do for me. I had never actually compared the two encoding formats, side-by-side, but today, I was simply stunned.

A song compressed with MP3 (VBR 128Kbps Normal Quality) was around 5.1 – 5.8 MB. It sounded good, but ‘clearly’ inferior to the actual CD Quality sound.

The OGG rip (VBR 128Kbps), on the other hand knocked my socks off! It was around 3.0 – 3.1 MB and sounded ‘nearly’ as good as the original CD!

I hesitated, at first, to rip them all to MP3, in case I wanted to share them (!gasp!) with others. However, now that I can see a 17% – 20% compression gain using OGG over MP3, I no longer feel that way. I wholeheartedly endorse the use of OGG Vorbis for ALL compressed lossy compression.

Most [good] audio/multimedia players already support OGG (except, MS programs, obviously!) so you should have no problem listening to them.

If you have a portable media player (PMP) without native OGG support there are two options

1. Contact the manuafaturer and demand (request?) that they support OGG in future versions of their players
2. Ask them to create a firmware update to include OGG support on currently supported players
3. Install Rockbox: a Linux-based GNU open-source free software suite which allows many major PMP’s to play a huge variety of free and proprietary (i.e. non-free, patented, or otherwise ‘encumbered’) formats, such as OGG. It also allows you to play wide variety of video formats, as well. It included a bunch of interesting features such as backlight dimming, battery-saving features, audio enhancement features, and plenty of games (plays DOOM too!)

As part of National Cyber-security Awareness Month, Googleblog posts some important tips regarding password security.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger. — Choosing a smart password.

Paula Carleton, CIO of the not-for-profit Baptist Community Services, told Computerworld she is investigating how to move its 850 Windows desktops to open source following Microsoft’s decision to force it to a full commercial licence.

Every dollar we are forced to spend on software is a dollar less spent on the charitable services like homeless and crisis care that we deliver,” Carleton said, adding that it is a public benevolent organization according to the tax office. Read more…

I was writing an assignment for a class on Information Security, when I came across this little gem. As soon as I read it I laughed and thought of all the times my Dad said that he never did anything to the computer, it just broke on its own.

Dad – you are great! And you make me laugh!

Typically, when you ‘delete’ a file, you are only detaching the link from your filesystem to the actually binary data on the physical platters of your hard drive. The data aren’t really gone. The filesystem declares this space as ‘free’ or ‘available’, and so only goes away when that space is overwritten by new data.

If you’ve ever desire to truly delete a file, then download file shredder. It allows you you select and right click any file, and it automatically overrights them with random data, stuffs it full of zeros, and then deletes it. This prevents anyone from ever recovering that file with forensic software. Larger files take longer to shred, but are usually shredded in under 1 minute. If I coulf find the author’s email, I’d ask him/her to add a right-click to “shred all files in the recycle bin.”

Microsoft fined US$11.9 million.

The fine, imposed by the German competition authority, the BundesKartellamt, came about after the body determined that Microsoft had illegally fixed prices with retailers for the Office Home and Student 2007 software suite.

The product in question was heavily advertised in the autumn of 2008 in stationary retail outlets,” said the BundesKartellamt in a statement.

Amongst others, a nationwide active retailer advertised the product with financial support from Microsoft. Even before the launch of the advertising campaign in mid-October 2008, employees of Microsoft and the retailer in question had agreed on at least two occasions on the resale price of the software package “Office Home & Student 2007”.

While it isn’t illegal for some contact to take place between the producer and retailer it is against German law for the seller to agree on future actions by the retailer.

Microsoft has accepted the fine and will pay it shortly.

http://www.itnews.com.au/News/NewsStory.aspx?story=100673

Have you ever wanted to compute MD5 or SHA-1 hashes for files on Windows? Well, search no more! Introducing CyoHash! The revolutionary new hasing program! Just right click and choose “CyoHash” and it automatically generates MD5 and SHA-1 hashes. This program is free to download.

Have you ever seen Microsoft churning out so many fixes and new versions of classic products such as Office, Windows, and Internet Exploder? No! Because of the fact that they are finally facing serious competition in the marketplace after decades of monopoly abuse, they are finally buckling their shoes and putting out some impressive software. Read more…