Michael W. Lucas's Blog, page 84

This is off my usual track, but it's my blog, so I'm free to do so.

Science fiction writer Colin Harvey died Monday, 15 August 2011, of an unexpected stroke, at age 50. He'd published several hard SF novels and edited a variety of anthologies.

I was lucky enough to have Colin in my writing critique group.

One of the ways to improve your writing is to exchange manuscripts with other people. By critiquing others' work, and getting critiques on your own, you see what works and what doesn't...

We have a network at the office without a firewall. Several of our technical folks run a whole mess of oddball network protocols, and maintaining a network firewall would take more manpower than it's worth. We hand these techs a network cable and tell them to not let their gear get broken into, and then heckle them mercilessly when their server becomes a haven for Eastern European porn.

But the boss just got back from ClueCon, where he learned about a whole bunch of nasty exploits for older...

Like last week's How to Lose your Job with SSH, Part 1, a less dramatic title for this would be Dynamic Port Forwarding with SSH, but that's dreadfully dull.

Many corporations try to tightly secure their network. Connections to the outside world are strictly limited. If you have a single open TCP/IP port to the outside world, however, you can leverage this into blanket Internet access by using your SSH client as a SOCKS proxy. This is called dynamic forwarding.

SOCKS is a generic TCP/IP proxy. ...

The second edition of Chris Sanders' Practical Packet Analysis is about twice as large as the first edition and twice as useful.

I learned Wireshark in the traditional manner: got annoyed with tcpdump, installed Wireshark, and started poking menus and buttons until I got a result. Chapters 1-5 of PPA takes you through the important menus and buttons. There's not much you can do to make descriptions of software options interesting, but Sanders demonstrates real-world uses as he goes along...

A less sensational title for this post would have been "SSH Remote Forwarding," but that's not nearly as fun.

I used to be responsible for one of the few entry points into a global network. The company had actual manufacturing secrets — their products included various machines of war. We had internal firewalls to protect sites from each other, even when the site didn't have Internet access. All Internet connections had to go through proxies. We did not allow external DNS to reach the desktop. ...

I didn't find an up-to-date tutorial on how to set up a FreeNAS 8 iSCSI target, so I took notes as I set one up. Figuring this out by brute force is fairly straightforward: just keep adding iSCSI stuff until you can actually discover iSCSI targets. But for those of you who value your time, here's how you do it.

1) Go to services, enable iscsi. Under iSCSI, choose Target Global Configuration. In Discovery Auth Method choose CHAP. Leave all other settings unchanged

2) It seems that FreeNAS...

Get PuTTY 0.61 at http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. Or you can get the PuTTY suite installer here.

The new PuTTY release has turned off SSHv1. My previous rant on the subject is now obsolete. I am well pleased. (Of course, had I waited a month to write that rant, I wouldn't have needed to.)

Lots of bug fixes. Lots faster. New features. Get it now.

I'm at a publishing workshop, learning how to write pitches, blurbs, and promotions. That drove home that my SSH book title might not be the best choice.

I've been planning to use the title "OpenSSH: Your Next Steps." The book will take you to SSH competence, making sure that you use basic security precautions, master using keys for authentication, SSH tunneling, and so on. That title's fine. As far as it goes.

But I think I can do better. I'm pondering calling it "SSH with OpenSSH and PuTTY" ...

You can find me on Google Plus. The short link is http://gplus.to/mwlucas.

No real content there yet. No idea what if anything I will do with it. But I've put a blanket down on my little patch of park, at least.

Today, I learned that FreeNAS 8.0′s SNMP isn't quite all one could hope for. The good news is, the bugs will be fixed in 8.0.1. I'm posting this in the hope of saving others the annoyances I had.

To SNMP query a FreeNAS 8.0 host, you must force the client to use SNMPv2.

# snmpwalk -c public -v 2c freenashost

Additionally, you can't change the community name (at least on the amd64 version). You must use public.

This is fixed in 8.0.1. Still, it makes me glad I hacked a firewall into my FreeNAS...