January 2013 Issue of Linux Journal: Security
Sticky Note of Doom
Years ago, I had the brilliant idea that all my users in the finance department should have complex passwords. This made perfect sense to everyone, since dealing with millions of dollars of revenue is something that should be secured. So, the passwords were changed with complexity requirements enforced. I slept better that night knowing our paychecks were no longer secured by passwords like "mustang" or "mrwhiskers".
I came in the next day only to find very complex passwords written on sticky notes and affixed to everyone's monitors. Security software is no match for a Sharpie marker and a Post-It. It was a lesson well learned. This month is our Security issue, and although we don't have an answer to the Sticky Notes of Doom, we do have some great articles on Linux-related security.
Reuven M. Lerner starts off the issue with an interesting column on real-time messaging over the Web. Back in the days when every user was in a terminal window, a quick
wall command would send everyone a message. Reuven describes a similar concept, but with Web users. Dave Taylor follows up not with Web programming, but with game programming. Using his talent for making learning fun, Dave shows how to write a script to play Cribbage.
Kyle Rankin returns to his PXE magic from a couple years back and explains how to leverage the network bootloader not only to install operating systems, but also to boot them directly. If you've ever been intimidated by PXE menus, or if you thought PXE was too limited, you'll want to read Kyle's column. It's a great followup to his last piece on the topic, and it showcases just how flexible PXE can be.
I joined the security bandwagon this issue and decided to talk about passwords. If you (or a "friend") use the same password for every Web site, or if you use your pet's name to secure your credit-card statements, you really need to read my column this month. Whether it's to pick up some hints on password creation or just get some pointers for convincing others to use good passwords, I hope you'll find my tips helpful.
If you're fascinated by data encryption, Joe Hendrix's article on Elliptic Curve Cryptography is more than just an interesting read. Joe not only shows how to implement this method, but also how to use it in real life with OpenSSH. With most encryption methods, people just keep making a bigger and bigger encryption key to improve security. Elliptic Curve Cryptography offers more security and smaller key sizes. When it comes to passwords, encryption is great, but even better is to destroy the password completely after using it. Todd A. Jacobs teaches how to configure one-time passwords on your servers. If you're working from an open Wi-Fi hotspot, a one-time password is a way to make sure you're safe even if your password is hijacked.
Speaking of Wi-Fi, Marcin Teodorczyk has a fun article on setting up a Wi-Fi honeypot. If you want to have fun with your neighbors, or if you're just curious about what people do to an open access point, Marcin shows you what to do. If you live near a place people tend to gather, your results should astound!
We've also got lots of other goodies for you this month. Mike Diehl discusses how to create smartphone apps with Phonegap. Joey Bernard takes a great look at Gnuplot. Our New Products section features a mention of Kyle Rankin's new book, and our Upfront section has useful tips to inform and entertain. So, in honor of the Security issue, maybe take this opportunity to remove sticky notes from monitors and challenge people to change their passwords to something other than their dogs' names. This was a fun issue for us, and we hope the same will be true for you!
Available to Subscribers: January 1
Practical Task Scheduling Deployment
July 20, 2016 12:00 pm CDT
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.Register Now!
- SUSE LLC's SUSE Manager
- My +1 Sword of Productivity
- Tech Tip: Really Simple HTTP Server with Python
- Managing Linux Using Puppet
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Non-Linux FOSS: Caffeine!
- Returning Values from Bash Functions
- Rogue Wave Software's Zend Server
- Doing for User Space What We Did for Kernel Space
- Parsing an RSS News Feed with a Bash Script