nzoss

Using vnc to do remote tech support over high-latency networks

pIf you ever find yourself doing a bit of technical support for relatives
over the phone, there's nothing like actually seeing what they are doing on
their computer. One of the best tools for such remote desktop sharing is
a href=https://en.wikipedia.org/wiki/Vncvnc/a./p

pHere's the best setup I have come up with so far. If you have any
suggestions, please leave a comment!/p

h1 id=Basic_vnc_configurationBasic vnc configuration/h1

pFirst off, you need two things: a vnc server on your relative's
machine and a vnc client on yours.

Hardening ssh Servers

h1 id=Basic_configurationBasic configuration/h1

pThere are a few basic things that most admins will already know (and that
a href=http://savannah.nongnu.org/projects/tiger/tiger/a will warn you about if
you forget):/p

ul
lionly allow a href=http://en.wikipedia.org/wiki/Secure_Shell#Version_2.xversion 2/a of the protocol/li
lidisable root logins/li
lidisable password authentication/li
/ul

pThis is what code/etc/ssh/sshd_config/code should contain:/p

precodeProtocol 2
PasswordAuthentication no
PermitRootLogin no
/code/pre

h1 id=Whitelist_approach_to_giving_users_ssh_accessWhitelist approac

Running your own XMPP server on Debian or Ubuntu

pIn order to get closer to my goal of reducing my dependence on centralized
services, I decided to setup my own XMPP / Jabber server on a
a href=https://www.linode.com/?r=4f882417aa3809652b227d6d9c25b2a0472c6cffLinode VPS/a
running a href=http://www.debian.org/releases/wheezy/Debian wheezy/a.

Creating a Linode-based VPN setup using OpenVPN on Debian or Ubuntu

pUsing a
a href=https://en.wikipedia.org/wiki/Virtual_private_networkVirtual Private Network/a
is a good way to work-around
a href=https://en.wikipedia.org/wiki/GeolocationgeoIP/a restrictions but also to
protect your network traffic when travelling with your laptop and connecting
to untrusted networks./p

pWhile you might want to
a href=http://feeding.cloud.geek.nz/posts/things-that-work-well-with-tor/use Tor/a
for the part of your network activity where you prefer to be anonymous, a
VPN is a faster way to connect to sites that already know you./p

pHere are my instructions for setting up a h

Things that work well with Tor

pa href=https://torproject.orgTor/a is a proxy server which allows its users to
hide their IP address from the websites they connect to. In order to provide
this level of anonymity however, it introduces latency into these
connections, an unfortunate performance-privacy trade-off which means that
few users choose to do all of their browsing through Tor./p

pHere are a few things that I have found work quite well through Tor.

The Perils of RAID and Full Disk Encryption on Ubuntu 12.04

pI've been using disk encryption (via
a href=https://en.wikipedia.org/wiki/Linux_Unified_Key_SetupLUKS/a and
a href=https://en.wikipedia.org/wiki/Dm-crypt#cryptsetupcryptsetup/a) on Debian
and Ubuntu for quite some time and it has worked well for me.

Presenting from a separate user account

pWhile I suspect that professional speakers have separate presentation
laptops that they use only to give talks, I don't do this often enough to
justify the hassle and cost of a separate machine. However, I do use a
separate user account to present from./p

pIt allows me to focus on my presentation and not stress out about running
into configuration problems or exposing private information.

How many Australasian banks use HSTS?

pa href=https://developer.mozilla.org/docs/Security/HTTP_Strict_Transport_SecurityHTTP Strict Transport Security/a
is a simple mechanism that secure sites can use to protect their users
against an a href=http://www.thoughtcrime.org/software/sslstrip/sslstrip/a-style
HTTPS-to-HTTP downgrade attack./p

h1 id=Typical_attackTypical attack/h1

pThe typical HTTPS-to-HTTP downgrade attack looks like this:/p

ol
livictim connects to a compromised wifi access point/li
livictim connects to bank.com using attacker's DNS resolver/li
liattacker directs victim to a local server proxying the bank.com homepag

Server Migration Plan

pI recently had to migrate the main a href=https://www.libravatar.orgLibravatar/a server to a new virtual
machine.

Debugging Gearman configuration

pa href=http://www.gearman.orgGearman/a is a queuing system that a href=http://packages.debian.org/search?keywords=gearman-job-serverhas been in Debian/a for a long time and is quite reliable./p

pI ran into problems however when upgrading a server from Debian squeeze to wheezy however.

Syndiquer le contenu