Category Archives: Security

Windows, Reviewed

Posted on by
Reply

Mr. T’s post jibed with something that was in the back of my head. I can’t sleep right now, and have sent my friends enough meandering e-mails, so I’ll post here.

For at least the past month, I’ve been in Linux exclusively. I have a 160 GB, 5400 RPM drive with Linux, and a 60 GB, 7200 RPM drive with Windows. (I also have a combination of network storage and external drives for moving/storing data.)

My roommates have been big into Orange Box lately, so I figured I’d give it a try. (It can apparently be made to run under Wine, actually, but I didn’t want to bother.) I swapped out disks, booting into Windows. And it was just one thing wrong after another after that. Admittedly, many of the problems weren’t directly the fault of Windows, but it was truly the worst experience I’ve had in a long time. (Steam was even more badly-behaved than Windows.)

Here are some things that really bug me:

  • Performance. Windows has my ‘fast’ hard drive. I scan regularly for viruses and spyware. (But I’m so OCD that I’ve literally never had any viruses, or even any malware, on this machine.) I disable unnecessary crap from starting up. I run a lean, mean machine. And with a dual-core processor and 2 gigs of RAM, it should fly. Especially on the 7200 RPM drive. And yet I can be in Firefox browsing the web under Linux in less than it takes Windows to finish logging me in. I don’t really understand what’s going on, really.
  • Fragmentation. Maybe this partially explains the above point. Most operating systems don’t make a big deal about disk fragmentation. It’s (supposedly) just a non-issue on both Linux and MacOS filesystems. I suppose I wouldn’t know, not having a defrag tool. But my Windows drive is laughably fragmented. I have more fragmented files than non-fragmented. And, when I was using Windows regularly, I’d run a pull-out-all-the-stops defrag every week or so, scheduling a boot-time defrag to make sure it also got my paging file and the MFT. Having successfully “fixed” my heavily-fragmented paging file, I thought it a done deal. But it’s again in about 300 pieces. What the hell? I thought it was one file. Where did it go? I know it stays between sessions because I tried to get rid of it when shutting down and couldn’t. So what happened?! And really, shouldn’t that be permanently mapped out?
  • Bizarre errors. I never thought I’d see the day when I was criticizing Windows and not Linux for this. Linux still has its share of bad errors. But what’s with the “The memory cannot be ‘read'” errors? (BTW, Memtest finds nothing.) What’s with rtvscan.exe crashing?
  • Slow performance. Not just bootup, mentioned earlier. When I go to start an application, I usually sit there waiting for several seconds. Just sitting, waiting. I’ve never had this problem under Linux. Maybe it’s just that Linux isn’t a fan of big ‘suites’ of programs, preferring to have lots of little lean applications. But I click on the Firefox icon in Linux and Firefox pops up. I click on the IE icon in Windows and my disk churns and, five seconds later, it pops up. Why?!
  • Disk mounting. Again, I never thought I’d see the day when I thought Linux had this better than Windows. It used to be that you’ve have to pull up the command line and su to root and mount a device manually, specifying the device name and a mount path and the file format and various other parameters. Unplugging the device without unmounting it would usually lock up the system and/or cause a kernel panic. Now in Ubuntu I just plug in external devices and they show up on my desktop. They’re comparable that way. (Although Linux doesn’t give me five little bubble icons in a row about “Unknown device” and searching for drivers.) But what about when I want to remove something? In Linux, I right-click and select “Unmount,” and the icon disappears and I remove it. I forget periodically and nothing bad happens. I consider myself to be a very advanced ‘power user’ of Windows, and I’m still not sure. Do I click on that little icon in the system tray? Why is it so hard to use? I’ll find something that sounds like what I want, and I click on it, and it brings up this hierarchy of devices, ranging from the name of the physical disk to a ‘mass storage device,’ and asks which I want to stop. And honestly, I know a lot about Windows and I know all about the hardware, and I’m still never sure. Rusty informs me that Vista’s the same way.
  • Updating. I guess it’s not as practical since Windows has a whole different environment, but MacOS and Linux both have a centralized package manager. An automated daily check might inform me that my word processor and graphics editor have new versions, and let me choose what to do. In Windows, each application does this on its own. It’d be kind of nice if Windows had a central package manager, just so that I wouldn’t have constant headaches when running Windows for the first time in a month with everything I start going out and downloading new updates.
  • File copying sucks! I’ve long-complained about how copying a group of files shouldn’t abort completely when it hits one bad file. But I discovered something else. I was getting low on disk space, so I was moving things over to another drive. I had about 3 GB free, and was going to move a DVD ISO over to the external drive, too, for 7-8 GB free. But it wouldn’t work, due to insufficient disk space. I was confused, because there was plenty of space on the target disk (like 400 GB free). It’s apparently that the Windows drive didn’t have enough space. Which for a second almost made sense: it’s a big file, so it needs room to work. But wait… Why? It can move it, chunk-by-chunk, over to the new disk. I can’t think of any other way of doing it, in fact. And there’s enough room to copy it at least 75 times.

Half-jokingly, I pondered over e-mail, “Why do people ask if Linux is ready for the desktop? The question, I think, is ‘Is Windows ready for the desktop?’ And I’m not sure.” But really, if I have constant headaches, I can only imagine how the people with 75 IE toolbars and lots of spyware and viruses and no idea how computers work must feel. I think my computer is slow? I have bizarre, unexplained errors? I’m confused by technobabble messages that pop up?

Of course, in the interest of fairness, there are two things that I’m liking about Windows:

  • I can put my laptop into standby / suspend. It’s been possible under Linux for years, but doesn’t work properly out of the box for me, and I don’t feel like jumping through hoops to make it work.
  • There’s this one insidious bug (I’m running the “bleeding edge,” Ubuntu’s Gutsy Gibbon, so I suppose I can’t complain too loudly) where the logout/shutdown button locks up the machine for 30 seconds before it displays. This is apparently a known problem with several different causes, but it seems pretty pathetic that it’s still an issue.

Oh, see, this is exactly what I hate! As I’m writing this, I can hear my hard drive going. And the disk activity light is on solid. What’s going on? I have no clue! All I have open is Firefox. Some background process is apparently accessing my disk. What is it? I’m not quite sure!

Fun with Shell Commands

Posted on by
6

I’m now running a mailserver, and I was trying to set up Mailman to handle a mailing list. I was having some odd behavior causing Mailman to barf up a fatal error, so I used a trailing monitor on the log file with tail -f.

In the course of doing that, I noticed several hosts connect attempting to deliver mail (presumably spam) to “bumttwagnerfor@domain…”, a bizarre address that definitely doesn’t exist.

It’s not a big deal, because the mail’s just bouncing. But it got irritating watching them all in the log file.

I wanted to ban them. It turns out that Linux makes this easy: there’s a hosts.deny file, and anyone in it is banned from connecting. I already have a script that watches for repeat failed login attempts on ssh and bans them. (And I have something like 200 IPs banned, although I suspect that it’s not purging them appropriately.)

All the log entries are in a common format, and look like this:


Oct 8 05:41:31 oxygen postfix/smtpd[23212]: NOQUEUE: reject: RCPT from unknown[62.233.163.250]: 550 5.1.1 <bumttwagnerfor@ttwagner.com>: Recipient address rejected: User unknown in local recipient table; from=<kqcwglupoqb@bonairenews.com> to=<bumttwagnerfor@ttwagner.com> proto=ESMTP helo=<250.248/30.163.233.62.in-addr.arpa>

We can see (actually, guess, in my case) that the IP is the 10th ‘column’ (using a ‘space’ as a delimiter). So we can begin a rudimentary script to print out just that:

# grep bumttwagnerfor /var/log/messages  | awk '{ print $10}' | head
unknown[211.49.17.175]:
81.202.185.36.dyn.user.ono.com[81.202.185.36]:
host-89-228-234-224.kalisz.mm.pl[89.228.234.224]:
LSt-Amand-152-32-14-78.w82-127.abo.wanadoo.fr[82.127.29.78]:

But there’s an obvious problem: the hostname is rammed up against the IP. I want to just ban the IP, and strip out the hostname. The correct way is to write a lengthy regular expression to match just whatever’s between the [ and ]. (Note that you can’t just write a regular expression to match IPs: the very first one has an IP in its hostname, for example, which would throw you off.)

The quick and easy solution is to replace the [ with a space and the ] with a space, which gives you “hostname IP “. And then you use awk again to print it:

grep bumttwagnerfor /var/log/messages | awk '{ print $10}' | sed "s/[/ /g" | sed "s/]/ /g" | awk '{print $2}'

This is a pretty ugly command. Just the way I like it. 😉

But we’re not quite done! The format for hosts.deny is “Service: Address.” We’re just getting addresses here. I want the output to be something like ALL: 1.2.3.4 for each entry. (If they’re spamming me, I don’t want to allow them access to any other services.)

When it’s all said and done, here’s the command:

grep bumttwagnerfor /var/log/messages | awk '{ print $10}' | sed "s/[/ /g" | sed "s/]/ /g" | awk '{print "ALL", $2}'

You can just append a >> hosts.deny to deny them right away, or parse it through head or less to review first.

And viola. 440 IPs banned.

Seriously, though. wtf is going on? 440 different people have tried spamming this address that has definitely never existed.

Mint

Posted on by
4

Kyle was raving about Mint this morning. I just came across it on Digg and looked into a bit.

It’s got a very attractive website, and PC World raves about it. It’s sort like Quicken, only Web 2.0 based, and very, very spiffy. And free.

It’ll keep up to date for you and everything. All you have to do is put in all your bank account numbers.

I’m very eager to try this service. Except that I steadfastly refuse to put all of my bank account information into a website. Especially a startup one. If Paypal provided it, I might trust it. If my bank provided it, I’d definitely trust it. But a startup? Honestly, I think it’s safe and secure. It’s got some big names behind it, and it looks too ‘big’ for it to be one scammer. But that doesn’t mean I’m in a hurry to give them all my financial data.

Combo

Posted on by
Reply

Since we’re living somewhere else now, I think I can finally say what I’ve wanted to say for a long time:

The combination to our apartment last year was 12345.

We didn’t pick it. And it wasn’t quite 12345, you had to press two of the numbers at the same time. It was awfully unimaginative on the part of whoever set the combination, though.

My roommates looked at me like I was an idiot when I complained on the first day that there was no way I’d remember the combination. That was before I realized that it was 12345.

Suffice it to say, our combination next year is not 12345.

Horror

Posted on by
Reply

I’m not a big movie watcher. I probably watch half a dozen movies a year. That might be a high estimate. And probably not more than 10% of the movies I watch are horror movies. But I still like them.

You have to watch scary movies alone in the dark. There’s just no other acceptable way of doing it. So I just watched Disturbia. My parents described it as a modern version of Rear Window. So my expectations were pretty low.

I am now terrified. I’m lying in my bed with the covers almost pulled over my head. My closet door is partially open. I can’t really see in. Someone could very easily be lurking in there with a knife. I kind of want to shine my flashlight in, but that would almost certainly trigger them to come out. I also don’t know if anyone is under my bed. Little kids worry about monster under the bed. I’m worried that Mr. Turner might be under my bed, waiting to plunge a knife through the mattress and into my back as I lie here in utter terror.

I have my cell phone by my bed. I always keep it there since it’s my alarm clock. But tonight it’s so I can call 911 when Mr. Turner tries to kill me. Trust me, I’ll be sleeping with one eye open.

I keep a pocket knife around, as a handy tool. I kind of think I should get out of bed and get that for when he comes to kill me, but I don’t want to leave the safety of my bed.

How absurd is that? I legitimately feel much safer lying in bed, and am exponentially safer if I pull the sheets way up. My body’s natural reaction to someone (potentially) lurking in the shadows of my closet waiting to kill me isn’t to get up and get the knife just out of reach, but to pull some thin covers of me, to the extent that I can’t even see the threat coming. It’s probably the least safe thing you could do, second only to putting on a blindfold and then trying to on an offensive using styrofoam.

I tried rationalizing it. Mr. Turner isn’t real. But… I bet there are people like him in the real world. Maybe even worse. And surely, you couldn’t stick a knife through my bed and kill me, because it’s too thick. (And while a sword would do the trick, you couldn’t maneuver it underneath a bed.) But when was the last time you inspected the underside of your bed? He could easily have cut out a hole so he only an inch of mattress or so remains in one area. And, once I’ve dozed off comfortable that no one is trying to kill me, he’ll plunge the knife through my back.

It was nice knowing you all.

Besides his pasttime as a serial killer, BTW, Mr. Turner just radiated a really, really unlikable personality. He’s played by David Morse. You might recognize him. From House. He’s Detective Tritter. No wonder I disliked him.

Security

Posted on by
1

In the world of cryptography, people hate the concept of security through obscurity

In a nutshell, they argue that using a ‘secret’ means of securing something is no good. On some level, they have a valid argument. On another level, it’s more of a zealous ideal that doesn’t make any sense in the real world.

I’ve always preferred a more pragmatic approach: security through obscurity is a great way to buttress an already-secure system. If your non-obscurity approach (“security by design”) is complete rubbish, security through obscurity is only as good as your obscurity.

The government used a mode of encryption called Fascinator. You sometimes see radios with Fascinator encryption modules for sale on eBay. It’s very, very illegal to own Fascinator equipment, because it’s somewhat of a classified mode of encryption. Not much is known about how it works. Isn’t that security by obscurity?

Here’s a more simple argument: a business keeps its money in a safe. The safe is somewhat secure: you need the combination to open it, and you can’t really pick it. On the other hand, a stick of dynamite will also open it. I’m hardly a safe expert, but many businesses, at least in fiction and the olden days, kept their safes in pretty prominent locations, and, if not that, in easy-to-guess observations. If I visit an establishment a few times a week, I might become very familiar with where they keep their safe. If I decided to rob them, all I’d need was some dynamite.

But now suppose that the business is owned by someone who thinks outside the box a little, and who places the safe somewhere bizarre: say, the employee restroom, or in a restaurant’s kitchen. Those who visit the business probably won’t even know that there’s a safe, so someone who’s planning on some safe heists might not even bother with their business.

The argument against security through obscurity is that, if someone knew where the safe was kept–an employee, perhaps–would be able to get to it with no additional effort. And this is a valid point, but it misses what I think is the more important point: if you used it with a “secure by design” system (e.g., the safe), it’s far less likely that people would even know about it in order to break it.

In a computer setting, I thought about (but haven’t taken the time to accomplish) running sshd on a nonstandard port. sshd is a very secure protocol and I use strong passwords. But running it on a nonstandard port: hiding it: security through obscurity would provide me with an additional layer of protection.

In the past, I had an interface to directly manipulate the blog comments table, allowing mass deletion easily. It was something I hacked together one night, and never bothered password-protecting it. It was a ‘hidden URL’ with no links, and the URL was just a random, meaningless word. This is what the security through obscurity folks rightly condemn: anyone who looked through my browser history, or who guessed the URL (very unlikely?) would have been able to do serious damage to the database. But I was the only one who ever knew it existed, and the logs confirm that I was the only one who ever accessed it. Of course it’s a bad idea, and I agree that security through obscurity, as the only means of defense, is a horrible idea. (Despite it having worked perfectly for me.)

But I can’t stand when people go against anything that includes security through obscurity in any sort. It can only help, just don’t rely on it exclusively.