dkg's blog

Articles by Daniel Kahn Gillmor (dkg)

1. on limiting damage from a compromised ssh host

   An interesting thread on openssh-unix-dev points out a way that a compromised remote ssh account or host could potentially trick users into divulging the passphrase for their local secret key. Given that we're all dealing with the potential for compromised ssh hosts lately, i think this is an important consideration …

2. debhelper 7 and lintian disagree

   I'm excited by version 7 of debhelper, in particular the opportunity for debian/rules minimization. I suspect this will lower the barrier for rapid, reasonable packaging of simple software tools in a way that should be easy to audit and maintain.

   The most-minimized debian/rules possible with it is just …

3. GNOME and libpam-mount

   So i've been struggling with an Ubuntu 8.04 networked workstation. It uses libpam-mount to mount the user's homedir (actually, the mountpoint is one level up from the homedir) automatically at login over CIFS.

   One of the problems i ran into with this arrangement happened because i was following the …

4. success with goodbye-microsoft.com

   I finally got to try out goodbye-microsoft.com this past weekend. It uses similar principles as UNetbootin, which Utumno recently wrote about. I had a donated machine in a computer lab i volunteer at with a flakey CD-ROM which i couldn't get to netboot. Since it had Windows already on …

5. looking at contents of virtual terminal remotely?

   There is a machine i have remote superuser access to which i know has some interesting info on one of the VTs (/dev/tty2 in particular in this case). I can try to scare up someone physically on-site to plug in a monitor, and painfully transcribe the text there by …

6. xen NAT routing issues

   I have the unfortunate circumstance of a xen machine with a single static, public IP address that needs to host multiple virtual servers internally. I don't want to bridge the main physical NIC to the virtual hosts, so i've created a bridge over a dummy NIC, and am trying to …

7. Re-enabling Disabled IRQs?

   I'm seeing more instances with hardware recently where the linux kernel gets an interrupt that it doesn't like or recognize, and it disables the IRQ entirely. Is there a way to get that IRQ re-enabled without restarting? My web searches haven't turned up anything fruitful.

   To be clear, the error …

8. USB Infrared recommendations for debian?

   I just noticed that one of the bodegas in my neighborhood sells "universal remotes" for a few USD. These are designed to work with arbitrary televisions, and can be switched/programmed to emit various IR signals. I've got an NSLU2 running sid, which feeds audio to my stereo using mpd …

9. interrupt (IRQ) prioritization under debian?

   Does anyone have pointers for how to ask a modern debian system to prioritize certain interrupts (IRQs) ahead of others?

   irqtune is the historical option, but it hasn't been updated for 10 years, and looks like a serious mess in debian at the moment (it's not in etch or lenny …

10. You should restart apache2 after DSA-1379 (libssl)

    The recently announced patch for openssl does a good thing: it looks for services known to use libssl and offers to restart them for you.

    However, it doesn't seem to notice apache2, which relies heavily on libssl when mod_ssl is enabled. You can check to see what services still use …

« Page 10 / 13 »