Linux: Ubuntu security

Ubuntu does an interesting thing. It doesn't give root a password, instead you create an account with administrative privileges. This turns out to have a lot of advantages:
  • Every cracker trying to brute-force their way into your box will know it has an account named "root" and will try that first. In Unbuntu's system the root account is disabled, you have to login to your account then run 'sudo' to do root like things. This means a cracker has to guess your user name and password.
  • It avoids the "I can do anything" interactive login by default--you will be prompted for a password before major changes can happen, which should make you think about the consequences of what you are doing.
  • Allows easy transfer for admin rights, in a short term or long term period, by added and removing users from groups, while not compromising the root account.
  • If root were enabled during install, the user would be required to forever remember the password they chose--even though they would rarely use it. Root passwords are often forgotten.
  • By using sudo, you reduce the amount of time you have root privileges plus sudo records all the actions that you do in a log.
I really like this model, it has a nice balance of power yet compromizes nothing.

Comments

Post a Comment

Popular posts from this blog

Shortest Sudoku solver in Python

Mark Byer's site has some more Sudoku solvers here's a short one in Python that's only 178 bytes long: def r(a):i=a.find('0');~i or exit(a);[m in[(i-j)%9*(i/9^j/9)*(i/27^j/27|i%9/3^j%9/3)or a[j]for j in range(81)]or r(a[:i]+m+a[i+1:])for m in'%d'%5**18] from sys import*;r(argv[1]) On the site is also shown a longer Perl version at 185 bytes: use integer;sub R{for$i(grep!$A[$_],@x=0..80){%t=map{$_/27-$i/27|$_%9/3-$i%9/3&&amp;amp;amp;$_ /9-$i/9&&($_-$i)%9?0:$A[$_]=>1}@x;R($A[$i]=$_)for grep!$t{$_},1..9;return$A[$i]=0} die@A}@A=split//,<>;R I think the Python version is slightly easier to understand, although they are both quite cryptic. I'm not sure why I find these programs fascinating. I think it reminds me that any program can be written in such a way that it's cryptic, even in Python. In addition, the code is small enough that you should be able to figure out how it works, and may learn something the process. Related is
Read more

Seven Segment Display in Inkscape

Image
Today I got a little sidetracked while working on my key-train (keyboard training) project.  I thought I might spruce it up a little by using a seven segment display for the digits (say for the words per minutes), similar to what kTouch has.  I found an open source font, but it appears to be difficult to just use a ttf font in GTK. So I figured, it's only 10 images, I'll just make them in svg. I vaguely remembered a heathenx inkscape podcast  describing how to make an LCD display and decided to use that at my base. Unfortunately, they didn't provide any source files in the show-notes (as far as I could see) so I had to watch and redo the drawings myself! By naming each of the seven segments I could create the 10 digits simply by deleting a few elements in one template svg file .  I can create the template as beautiful as I like and quickly create the 10 derived images with these programs . Unfortunately, both ImageMagick and GraphicsMagick don't handle
Read more

Dot to Png

Image
For fun I wasted some time creating diagrams using the dot language. It's pretty fast to get a diagram out, except that there are a lot of things you can't do, like make shadows or rounded and filled rectangles. With this dot code: digraph "User Clicks" { node [ shape="rectangle" style="filled" ] server [label="Server"] java [shape="ellipse" label="Java\nCode"] provider [label="Service\nProvider"] browser [label="Firefox"] browser->server[label=<&#9312; AJAX Sends Session ID>]; server->java[label=<&#9313; Confirms Session ID>]; java->provider[label=<&#9314; Makes HTTPS call>]; provider->java[label=<&#9315; Results>]; java->server[label=<&#9316; Results>]; server->browser[label=<&#9317; Results>]; } You can click on the image to see the SVG rendered in Firefox, if you use that. I wrote a little python program to call t
Read more