Jono Bacon, community manager of Ubuntu has just announced the 8.04 release with LTS support.
Jono’s Growing Ubuntu speech @ LinuxTag 2007
By now everyone schould be getting the connection between the release names and the date of release, so obviously.. it will be released in April 2008
I am delighted to have the pleasure of announcing the Hardy Heron (Ubuntu 8.04), the next version of Ubuntu that will succeed Gutsy Gibbon (Ubuntu 7.10, due for release in October 2007). Not only will the Ubuntu community continue to do what it does best, produce an easy-to-use, reliable, free software platform, but this release will proudly wear the badge of Long Term Support (LTS) and be supported with security updates for five years on the server and three years on the desktop. We look forward to releasing the Hardy Heron in April 2008.
Just came back from FrOsCon, what a weekend…
The Conference was a lot smaller than Linuxtag but the social event was very cool.
Some food and drinks were sponsored by Google and O’Reilly and the overall prices were pretty cheap
The lectures were interesting and i returned with a new bag of tricks and tools which will come in handy at work.
Another event on my yearly event schedule.
I took a few photos that can be found here
I allways thougth the 8th amendment of the US bill of rights protected anyone from cruel and inhumane punishment.
Well i guess legaly forcing an open source user into using Windows because the government is incapable of writing tracking software to monitor him perfectly fits the label Bullshit made in the USA.
Whats next? The DOJ forcing american citizens into using Windows because CIPAV may have problems spying on secure operating systems?
Besides all this and the discussion whether a non-violent crime as copyright infringement should be punished by jail time and confinement and if this sentence about forcing such criminals into using proprietary software if they want to use a computer again there is actually only one point i want to make in this post:
Is the fact that the US government is not able (or not willing) to write tracking software and other forensic foo for Linux to spy on people good marketing for Linux and other open source operating systems?
If you want to keep your computer and your data private take some time and stop by here for a good start
The DesktopLinux.com survey results about the most favored Linux Desktop solution were published today.
The big winners of the Destkop environment are:
- Distribution: Ubuntu
- Destkop: Gnome
- Browser: Firefox
The Ubuntu/Kubuntu and Firefox thingie were pretty sure to win, i am sort of surprised that Gnome outbeats the Windows Like KDE. Standard Ubuntu ships with Gnome – so i guess this is the reason why Gnome takes the lead….
Btw. my prefs are Ubuntu / Gnome / Firefox / Evolution (so pretty close to the winner)
Here is the raw data
Just tried to play around with the permalink features of WordPress and immediately was kicked out with a 500… Since i have have never been in need of mod_rewrite i didnt realize that this feature was not available by my host provider (Strato)
So in case this should ever happen to you:
1. Remove the .htaccess file in your wp root
2. You will know regain access to your WP site, but all the links are still messed up
3. Login to the Administration panel and set the permalinks to default
4. Once you update the permalink setting, you will be kicked out again immediately
5. Leave the browser window with the error open and remove the newly generated .htacccess file again
6. Now reload the error page and you should be back to your default permalinks
FrOSCon is a two day conference that is all about free and open source software. There is quite a resemblance to the LinuxTag but FrOSCon is targeted more around free and open source Software independent of the operating system its running on.
As it was to be expected, several Linux and six BSD project groups will be present…
Check out http://froscon.de/?L=1 for further information…
If we get wireless access at the convention, the first pics will be up on Saturday
Note: The initial IP and Domain have been replaced by x.x.x.y in order to spare the shame and keeping anybody from doing something stupid
Today i ran a routine check on my Apache logs….the same as usual…
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/mysqladmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/db
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/dbadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/web
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin2
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin1
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/myadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.2.3
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.6
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.7-pl1
This goes on forever … big deal….
But the host was pretty aggressive so i decided to take a closer look:
7 somebody.something.net (bla.bla.bla.bla) 18.017 ms 17.852 ms 17.231 ms
8 somedomain.de (x.x.x.y) 16.701 ms 16.391 ms 16.322 ms
So i take a look at somedomain.de and find this:
Looks like someones Windows Server was compromised or so to say…. owned.
Conclusion: Dont use XAMMP on the web, it may be superb for testing your stuff before sending it to the real world but not meant to survive in hazardous environments, especially with Windows up your back…
The least thing you could do is make sure your webservices aren’t running on blank or default passwords!
The final data & score is is available online.
Well not much infiltrating from our Side (Drunkensheeps) we only had 6 out of originally estimated 12 hours of time. Big props to gophers retserv exploit and phantom for his leet erlang skills (:
One thing is certain – letting users pick their own passwords is a major security risk.
As an administrator you can simply test your passwords by running john the ripper over your passwords.
If john spits out passwords in single mode immediately this is an indication that your passwords suck!
This is where password generating tools come into play.
APG is a simple tool for random password generation. I recommend at least 8 characters for efficient passwords.
So here is an example on setting up a random 8-character password:
apg -m8 -x8
This will deliver a 8 charcter password. The m/x parameters indicate the minimum/maximum characters
If you want to make a password pronounceable (thus easier to remember):
apg -a1 -m8 -x8
User shell access
While checking your users passwords you might also consider checking if any users have shell access they dont even need.
You can list all users that have somesort of shell access by greping your passwd file:
cat /etc/passwd | grep -v /bin/false
Note: Some Services use /usr/sbin/nologin which is the same as /bin/false