This Blog Is Not For Reading

A blog, just like any blog, only more so

System Administrator Appreciation Day Dinner, 2014 Edition

Posted by Bob Jonkman on July 15th, 2014

Pictures of SysAdminDay Dinner 2014 are up!

New Venue!

The Lai Lai Chinese Restaurant, 175 West Avenue, Kitchener, Ontario Map

Sysadminus WindowservusHi Everybodeee! Every year, the last Friday in July is System Administrator Appreciation Day. A SysAdmin is the person who keeps your servers serving, your network working, and your backups, um, backed up. Most people only deal with their SysAdmin when things go wrong, but on the last Friday in July they shower their SysAdmins with gifts, chocolate cake and ice cream.

If you’re a SysAdmin, aspire to be one, are friends with or married to one, or just want to see what SysAdmins look like, come to this special Ubuntu Hour and celebrate with us.

Sysadminus Windowservus

Sysadminus Windowservus

Sysadminus Emailservus

Sysadminus Emailservus

Sysadminus Databasus

Sysadminus Databasus

Sysadminus Linuxservus

Sysadminus Linuxservus


What SysAdmins look like


Usually, we celebrate SysAdminDay in Kitchener-Waterloo with Egg Rolls and Guy Ding at the Egg Roll King Restaurant, but this year Tony and his family will be on vacation so we have to find another venue. I’ve received some good suggestions already; let me know of any others in the comments.

CrankyOldBugger writes:

I know of a perfect place in St. Jacobs (Harvest Moon), seating-wise, but
no wi-fi.

What about the Williams at University Plaza? I’m just tossing out names
here…

This might be a bit out of the ordinary, but maybe we could use my house in
St. Jacobs. If it’s nice out, we could have a pool party. The pizza joint
around the corner is makes good stuff. Just a thought….

Tim Laurence suggests:

If Chinese food is in order I am a big fan of Lia Lia.

Otherwise we could grab some space at the Rum Runner. Their rooms are just
perfect for groups.

Nathan Fish offers:

Kam Yin is an excellent Chinese restaurant, family-run I believe. They don’t have a party room, though. How many are we expecting?

I don’t know, Nathan… So, Everybodeee, please register for the SysAdminDay Ubuntu Hour in Kitchener-Waterloo event on the Ubuntu LoCo Team Portal, or let me know you’re coming in the comments.

–Bob.

Tags: , ,
Posted in Events, System Administration | 5 Comments »

More GNU/Linux Resources

Posted by Bob Jonkman on May 15th, 2014

Drawing of Tux the Penguin, mascot of the Linux kernel

Tux the Penguin

In addition to the GNU/Linux Resources in Kitchener-Waterloo there are several other places to look online if you need support. Here’s a list of the GNU/Linux Resources I use.

Do you have additions? Do I have errors? Leave a comment or send me e-mail.

GNU/Linux Organizations and User Groups
  Website Mailing List Microblog Internet Relay Chat
KWLUG: Kitchener-Waterloo Linux Users Group http://kwlug.org KWLUG-disc @KWLUG and !KWLUG in the !Fediverse #KWLUG on Freenode.net
KWLUG-help
@KWLUG on Twitter
KWLUG Announce
Ubuntu Canada https://wiki.ubuntu.com/CanadianTeam Ubuntu-ca !Ubuntuca in the !Fediverse #ubuntu-ca on Freenode.net
Ubuntu Waterloo Region https://launchpad.net/~ubuntu-waterloo-region Ubuntu-Waterloo-Region @UbuntuWaterloo on Twitter #ubuntu-ca-kw on Freenode.net
GNU/Linux Distributions
  Website Mailing List Blog / Microblog Internet Relay Chat Download
Ubuntu http://www.ubuntu.com/ Ubuntu Community Mailing Lists @Ubuntu on Twitter #ubuntu on Freenode.net Download Ubuntu Desktop
Official Ubuntu Documentation !Ubuntu in the !Fediverse
Linux Mint http://linuxmint.com/   @Linux_Mint on Twitter #linuxmint-chat and #linuxmint-help on mibbit.com Download
The Linux Mint Blog
!Mint in the !Fediverse
Debian https://www.debian.org/ About Debian Mailing Lists debian@identi.ca #debian on Freenode.net Getting Debian
@debian on Twitter
Documentation debian-user
@debian and !debian in the !Fediverse
gNewSense http://www.gnewsense.org/ gNewSense-users gNewSense Blog #gnewsense on Freenode.net Download
gNewSense GNU/Linux – News
Documentation
!gNewSense in the !Fediverse
GNU/Linux Web Forums
  Website Microblog Login/Register
Ubuntu http://ubuntuforums.org/ @UbuntuForums on Twitter Login/Register
Canada Team Forum
Ask Ubuntu http://askubuntu.com/ @AskUbuntu on Twitter Signup
Ubuntu Discourse http://discourse.ubuntu.com/    
Linux Questions http://linuxquestions.org/ @LinuxQuestions on Twitter Register
Linux Mint Forums http://forums.linuxmint.com/ @Linux_Mint on Twitter  
openSUSE Forums http://forums.opensuse.org/forum.php    
SUSE Forums https://forums.suse.com/forum.php    
GNU/Linux Magazines
  Website Microblog Subscription
Linux Pro Magazine http://www.linuxpromagazine.com/ @linux_pro on Twitter Subscriptions
Linux Voice http://www.linuxvoice.com/ @LinuxVoice on Twitter Subscriptions
Podcasts
Full Circle Magazine http://fullcirclemagazine.org/ @FullCircleMag on Twitter Back Issues
Podcasts

Posted in GNU/Linux, KWLUG, Operating System | 3 Comments »

Tools to survive with WinXP

Posted by Bob Jonkman on April 16th, 2014

WinXP logo

Windows XP

On Wednesday, 16 April 2014 I helped give a presentation to the Bits & Bytes Computer Club, along with Jim Reeves and Brian Bentley.

Microsoft Windows XP finally reached its End Of Life on Tuesday, 8 April 2014. It was a good run, starting in 2001. And, WinXP is still being used by many people who can’t, won’t, or haven’t yet upgraded.

Of course, now that WinXP is EOL there will be no further updates. Any vulnerabilities discovered after 8 April will go unfixed, leaving WinXP computers vulnerable to attack. What can you to do minimize your risk?

First, and most important: If you haven’t already run the Microsoft Update, do so now. Click on Start, All Programs, Microsoft Update.

Screenshot - Microsft Update

Select “Microsoft Upate”

On the Microsoft Update window select Express Update

Screenshot showing Microsoft Update selecting Express Update

Select “Express Update”

After that’s complete you’re on your own. But even if the WinXP operating system will no longer be updated, it’s still good to keep your applications updated. These software utilities will help keep your system up-to-date and tuned-up:

Microsoft Security Essentials
Microsoft logo

Microsoft Security Essentials

  • Anti-virus and Malware checker
  • Will be updated until April 2015


CCleaner
CCleaner logo

CCleaner

  • Cache cleaner
  • Frequently Used Paths and Files cleaner
  • Registry repair
  • Startup application manager
  • Remove Installed Programs


File Hippo Update Checker
Filehippo logo

File Hippo Update Checker

  • Checks for the most recent version of software hosted on File Hippo Free/Gratis software repository
  • Provides download links
  • Manual installation
  • Stays in Notification Area (System Tray)


Secunia Personal Software Inspector
Secunia PSI logo

Secunia Personal Software Inspector

  • Checks for outdated software
  • Checks for known vulnerabilities
  • Provides link to upgrade solution
  • May fix registry errors
  • Stays in Notification Area (System Tray)


Tags: , , , , , , , , , , , ,
Posted in Microsoft Windows, Operating System, security | No Comments »

The cost of long GnuPG/PGP keys

Posted by Bob Jonkman on March 25th, 2014

Never Eat That Green Food At The Back Of The Fridge

Never Trust Anyone Over Thirty

and

Never Sign A GnuPG/PGP Key That’s Older Than You Are

Face peeking into fridge

Looking for green food at the back of the fridge

OK, only one of those is true, and it’s not the last one. At the University of Waterloo Keysigning Party last fall, some of the people signing my key were younger than the key they were signing!

At the keysigning I was having a discussion with someone about key lengths. In particular, choosing 4096 bits instead of 2048. I was reading that GnuPG has a limit of 4096 bits, but that 4096 should be enough for all time to come.

I’ve read online that GnuPG does actually support larger key sizes but that there is a const in the source code limiting it to 4096. The reasons for doing so are supposedly speed, 4096 would be very slow to generate and use, and comparability with other implementations that may not support larger keys. Personally I think it’s an inevitability that this will be increased in time but we’re not there yet.

In 1996 when I started with PGP a 1024 bit key was considered adequate, by 1999 a 2048 bit key was still considered large.

Consider Moore’s Law: every 18 months computing capacity doubles and costs halve. I’m not sure if that means that over 18 months x flops increases to 2x flops at the same price, or that in 18 months the cost of x flops is half of today’s cost, or if it means that in 18 months the cost of 2x flops will be half the cost of x flops today. If the latter, then today’s x flops/$ is x/4 flops/$ in 18 months. That factor of four is an increase of two bits every 18 months, or four bits every 3 years.

So, the cost in 1996 to brute-force crack a 1024 bit key is the same as the cost in 1999 to crack a 1028 bit key. And in 2014, 18 years later, it’s the same cost as cracking a 1048 bit key (an additional 24 bits).

An increase in key size from 1024 bits to 2048 bits buys an additional 768 years of Moore’s Law. And going from 2048 bits to 4096 bits buys an additional 1536 years of Moore’s Law.

Is Moore’s Law overestimating the cost of cracking keys? Are there fundamental advances in math that have dropped the cost of cracking 1024 bit keys to near-zero? What’s the economic justification for crippling keysizes in GnuPG, anyway?

–Bob, who is not trolling but really wants to know.

Day 57 / 365 – refrigerator by Jason Rogers is used under a CC BYCC BY license.

This post is based on a message to the KWCrypto Mailing List.

Tags: , , , , , , , , ,
Posted in Crypto, PGP/GPG | 1 Comment »

@OpenDataWR hosts Open Data Day Event — Saturday, 22 Feb 2014 at @Kwartzlab #ODD2014

Posted by Bob Jonkman on February 21st, 2014

Open Data Waterloo Region

 

Continuing with the theme of my personal social calendar — On Saturday, 22 February 2014 I’ll be at Open Data Waterloo Region‘s Open Data Day Event, held at Kwartzlab again this year. There’s a schedule, suggested projects, dataset lists and more on Waterloo Region‘s page on the International Open Data Day Hackathon wiki.

Last year William and I started a project to add OpenStreetMap links to Thunderbird’s Lightning calendar. We didn’t finish, so that’s one project to work on this year. Also, since last year I’ve been dabbling with the Food Premise Inspection Data to add the restaurant location data to OpenStreetMap. And I hope to be taking lots of pictures and video of the event.

Come join us! Here’s the bumf:

Event: Open Data Day Hackathon
Date: Saturday, 22 February 2014 10:00am to 4:30pm


Location: Kwartzlab Makerspace, 33 Kent Avenue, Kitchener, Ontario [Map1]
Organizer:
Open Data Waterloo Region
Online: WebRTC Video Chat on https://chatb.org/#OpenDataDay
Register: Ubuntu Canada Event Portal (optional)
ODD2014: Open Data Day Wiki – Waterloo Region

There’s an Open Data Hackathon in Guelph too, 24 hours long with a contest and prizes and everything!

Event: Open Guelph Hackathon
Start: Saturday, 22 February 2014 at 9:00am
Finish: Sunday, 23 February 2014 at 1:00pm
Location: Atrium, Science Complex, U of Guelph, 50 Stone Road East [Map2]
Website: Open Guelph Hackathon – City of Guelph
Register: Guelph Hackathon Registration, Guelph – Eventbrite
ODD2014: Open Data Day Wiki – Guelph

Be sure to register before Saturday to get in.

Tags: , , , ,
Posted in Open Data | No Comments »

Ubuntu Hour Kitchener on Thursday, 13 February 2014

Posted by Bob Jonkman on February 11th, 2014

People at Ubuntu Hour at the Egg Roll King

Ubuntu Hour at the Egg Roll King Restaurant in August 2013

Seems this blog is turning into my personal social calendar 🙂

The first Ubuntu Hour of the new year for Waterloo Region will be at the Egg Roll King restaurant this coming Thursday. Here’s the details:

Event: Ubuntu Hour Kitchener
Date: Thursday, 13 February 2014 iCal
Time: 7:00pm to 9:00pm (yes, I know that’s not an hour)
Location: Egg Roll King Restaurant, 85 Courtland Avenue East, Kitchener, Ontario Map
Organizer: Bob Jonkman
Register: on the Ubuntu Canada LoCo Portal (optional, but appreciated)

Join !Ubuntuca in the Fediverse, or follow @UbuntuWaterloo on Twitter.

Picture of Ubuntu Hour by Darcy Casselman. CC BYCreative Commons — Attribution — CC-BY

Tags: , , , , , , , , ,
Posted in Ubuntu | No Comments »

Preparing for the Keysigning Cryptoparty, 2 Dec 2013

Posted by Bob Jonkman on November 24th, 2013

Key Pair

Cryptoparty like it’s 31 December 1983!

At the next KWLUG meeting on Monday, 2 December 2013 I’ll be demonstrating how to do e-mail encryption with Thunderbird and Enigmail. If you’ve never used e-mail encryption before then bring a laptop, and we’ll create keys and learn how to use them. We’ll save the lesson with pointy sticks for another day.

For those people who already have GnuPG/PGP keys I’m also hosting a Formal Keysigning. Participants will introduce themselves, read their GnuPG key fingerprint, then anyone else is invited to vouch for that person:

Bob: “I’m Bob Jonkman, and my GnuPG fingerprint is 04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA”

Andrew: “I’ve known Bob since the early days, and that’s really him”

This is a great way to expand your Web Of Trust to include people whose keys you might not otherwise sign (because you don’t know them very well, or they only have ID issued by an authority you don’t like). With all these introductions and vouchings the chance of someone misrepresenting their identity is vanishingly small, so you can trust that the key fingerprint they read is really associated with that person.

To make this process go smoothly I’d like to have a printout of all the participants’ keyIDs, UserIDs, and key fingerprints, which I’ll distribute at the keysigning. That way you can just check off each name/keyID/fingerprint as people read them, and then sign their keys later at your leisure. But to get that printout I’ll need the public key of anyone who would like to participate in the keysigning.

If you’re using Thunderbird and Enigmail then open the Key Management window, right-click on your key and select “Send Public Keys by E-mail”, and send it to me ( bjonkman@sobac.com )

If you’re a command-line weenie then use

gpg --export 0xYOURKEYID > 0xYOURKEYID-public-key-for-YOURNAME.pgp

and send that file 0xYOURKEYID-public-key-for-YOURNAME.pgp to me (substitute your actual keyID and actual name as needed).

Of course, I’d prefer signed, encrypted e-mail, but public keys are public (so encryption isn’t necessary), and public keys should already be self-signed anyway.

Unfortunately, if you’re creating your keys for the first time at the meeting you won’t be able to send me anything now. You can still participate in the vouching process, and we’ll have an informal keysigning after the formal keysigning, where all you need to do is read your fingerprint straight from your computer and those people who already know you can sign your key.

I’m still working on the procedures for the formal keysigning; you can see the work in progress (and contribute!) on the Formal Keysigning page on the Wiki.

Thanx, and hope to see you on Monday, 2 December 2013!

–Bob, who is the Keymaster. Who will be the Gatekeeper?

The Cryptoparty keypair logo from the Cryptoparty Artwork repository on GitHub is available in the CC0Public Domain.

Tags: , , , , , , , , , , , , , , , , , ,
Posted in email, KWLUG, PGP/GPG, privacy | No Comments »

NaNoWriMo 2013

Posted by Bob Jonkman on November 1st, 2013

Blacked-out NaNoWriMo crest

NaNoWriMo — Why so black?

For the last several years I’ve been hanging out with the Kitchener-Waterloo-Cambridge WriMos at various write-ins, trying to absorb some writing talent.

NaNoWriMo is National Novel Writing Month, in which people (the WriMos) try to write a 50,000 word novel during the 30 days of November. That’s not as ludicrous as it sounds — 50,000 words over 30 days is only 1667 words a day (with 10 days off for good behaviour, at least, 10 days with only 1666 words). 50,000 words is about the size of Brave New World, which someone once told me was the benchmark for NaNoWriMo (but TIL that Brave New World has 64531 words).

The first year I participated I got a terrific start on my first novel. All 675 words. Last year I got as far as the novel description. 11 words. But this year I have better idea. I’ve got some unfinished blog posts queued up, so I’ll take their word count, flesh them out, count the word difference, and submit that as my daily writing quota. Of course, it’s possible that I’ll edit more out of an incomplete blog post than I’ll be adding, so there’s a very real possibility of a negative word count. If that keeps up I might end up with a deficit at the end of the month. Let’s see how the NaNoWriMo word counter deals with a Buffer Underflow.

Come join me in the Kitchener-Waterloo-Cambridge region pages. Here are some handy links for local WriMos:

  • See the KWC NaNo calendar, in plain HTML, suitable for printing and framing.
  •  

  • And if you want to include it in your own calendar software (like Microsof Outlook, Apple iCalendar or Thunderbird Lightning) use this iCal link (.ics file, 7.5 kBytes)
  •  

  • Or if you have an Atom/RSS feed reader and want new events to pop up in your news stream automatically there’s an Atom feed.
  •  

  • And if you’re looking to chat in these long, lonely November nights, I’m hanging out (all alone, I might add!) in the KW Nano Chat Room.
  •  

  • For those of you with an IRC program use the server irc.mibbit.com, select secure (SSL) port number 6697, and tune into channel #kwnano You might be able to click on (or copy’n’paste) the IRC link: irc://irc.mibbit.com:6697/#kwnano to have your IRC program connect automatically.

The NaNoWriMo crest has all rights reserved, and so couldn’t be used here. From their FAQ page: Logo: Please do not use our logo (or parts of our logo) on anything without our permission.

Tags: , , , , , , , , , , , , , , , , ,
Posted in blogging, copyright | No Comments »

Recovering from a WordPress hack

Posted by Bob Jonkman on October 29th, 2013

WordPress logo cleaved by axe

WordPress Hacked!

Last Friday I was finally getting around to upgrading the WordPress installations on the SOBAC server from v3.6 to v3.6.1. Surprise! WordPress v3.7 had just been released the night before!

WordPress upgrades are famous for their ease of installation. Surprise! After upgrading the first installation most of the plugins were missing, and the theme was broken. A quick look at a directory listing showed that the plugins and themes were still installed. A quick look with a text editor showed some peculiar PHP code at the top of every .php file in the plugins folders. Surprise! This WordPress installation had been hacked! Fortunately, of the five instances of WordPress on this server, only two appeared to be affected. This Blog Is Not For Reading was not one of them.

Each .php file started with something like this:

<?php $zend_framework="\x63\162\x65(…)\x6e"; 
@error_reporting(0); 
zend_framework("", "\x7d\7(…)

Injected, obfuscated PHP code at the top of every .php file, referencing the zend_framework

Searching the Internet for “wordpress plugin invalid header zend_framework” I found a reference that makes me think this may have been possible because of a flaw in an earlier version of the WordPress code that handles comments. Most likely one of the comment fields (user name, e-mail, web address or the comment text itself) wasn’t properly sanitized, and allowed some kind of code injection (probably PHP injection, not a MySQL injection; the contents of the databases appeared to be untouched).

From the backups of the server it appeared that the breach occurred in or before August — either just before the release of WordPress 3.6 on 1 August 2013 or just before the release of WordPress 3.6.1 on 11 September 2013. If I had not been slack in upgrading to WP v3.6.1 then this breach might have been identified much sooner.

The upgrade to WordPress identified the modified files because the injected code preceded (and corrupted) the WP headers, and so WP v3.7 disabled any affected plugins and themes.

The Fix Is In

I renamed the directory containing the WordPress code, installed a fresh copy of WP3.7, cleaned and copied the wp-config.php and .htaccess files, uploaded a small image to create the wp-content/uploads hierarchy, then copied the upload folder (which didn’t contain any .php files), and then re-installed and re-configured the themes and plugins directly from the WordPress site.

Aside from the additional PHP code, there didn’t appear to be any other damage to the system. So I used the original wp-config.php (but cleaned, and with the “Authentication Unique Keys and Salts” section refreshed), and the new installation just used the existing databases. If there’s any malcode in the databases then that could re-infect the system, so I’m keeping an eye on it.

I have no idea what the malcode was intended to do. It didn’t corrupt the databases or anything else, but it’s possible it was acting as a keylogger or phoning home some other way. If I feel inclined I might try to de-obfuscate the injected code, but right now I don’t really feel like doing forensics.

Someone suggested using AppArmor to make the WordPress directories read-only. I’m not sure that locking down the WP directory is a good idea. The big new feature in WordPress 3.7 is its automatic update feature. If the WordPress directories are locked down then future security updates won’t be applied automatically. If there is an exploit and WordPress issues a new release to fix it, then a locked-down site will experience a delay in upgrading until the SysAdmin notices and upgrades manually (which is what used to happen before v3.7, but it seems a bad idea to delay upgrades when that’s no longer necessary). Also, the plugin and themes directories would be locked down, and they still require fairly frequent manual upgrades.

I sent the users on the affected sites this message:

While doing upgrades on WordPress yesterday I saw that your blog had been hacked sometime during or before August. I’ve fixed it (re-installed the code, copied your media library, re-installed themes and plugins). I don’t think any damage was done beyond the insertion of malicious code in some of the WordPress files. I don’t know what the action of that code was intended to be, but you should change your WordPress password just in case the bad guys captured it. You can change your password on the “Users, Your Profile page” once you’ve logged in.

After spending some time on Saturday fixing the two hacked WordPress sites I’m a little paranoid, and making sure to implement updates quickly. But a little paranoia is good — it’ll ensure I won’t become complacent again.

–Bob.

WordPress Hacks by Rafael Poveda is used under a CC BY-NC-SACreative Commons — Attribution-NonCommercial-ShareAlike — CC BY-NC-SA license.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in code, How To, security, System Administration | No Comments »

Cryptography and Security Events in Kitchener-Waterloo

Posted by Bob Jonkman on October 9th, 2013

The months of October and November are shaping up to have some great lectures and presentations on cryptography, security and privacy.

Sheet of paper, strips of paper

Keysigning materials

Yesterday started off with an informal keysigning at the KWLUG meeting. The presentation was on the Scratch programming environment, nothing to do with GnuPG/PGP or cryptography. But a few of us exchanged little slips of paper with our key fingerprints, verified that the name with the fingerprint matched the person we knew, signed the keys, and so improved our standing in the Web of Trust. I hope that this becomes a regular part of all KWLUG meetings. The more people that participate, the more confident we can be about the validity of keys we may not have verified ourselves.

Today I attended the first UofW CSClub lecture on Security and Privacy by Sarah Harvey. If you’ve been following the news about the Snowden revelations you’ll know why security and privacy is important. The room was full of computer science, math and cryptography students, so the discussions were deep and technical.

Sarah Harvey shows a slide of Edward Snowden

Sarah Harvey shows a slide of Edward Snowden

There was a vacancy in the November KWLUG meeting so I asked Sarah if she would repeat her lecture. Let’s see what the KWLUG bosses have to say

There are more CSClub lectures scheduled, check the schedule on the CSClub site.


M-209 cipher machine

KWCrypto logo, the M-209 cipher machine

I’ve volunteered to do a presentation on Encrypting E-mail with GnuPG, Thunderbird and Enigmail, followed by a formal keysigning. I’m developing the presentation notes and keysigning procedure on the KWCrypto Interest Group Wiki that was set up after the Kwartzlab keysigning party last year. Please join me on the Wiki and the mailing list — I’d appreciate the help.

–Bob.

Keysigning Materials picture taken by Bob Jonkman and released under a CC BYCreative Commons — Attribution — CC BY license.

M-209 cipher machine by Greg Goebel used under CC BY-SACreative Commons – Attribution-ShareAlike 2.0 Generic – CC BY-SA 2.0

Picture of Sarah Harvey taken by Laurel L. Russwurm and used under a CC BYCreative Commons — Attribution — CC BY license.

Tags: , , , , , , , , , , , , , , , , , , , , , ,
Posted in KWLUG, PGP/GPG, privacy, security | No Comments »

 
Better Tag Cloud