Security

Security by obscurity — NOT!

by  • 

As you can see in the posts below I switched internet service providers on Monday of this week. As a result I received a different block of IP addresses than I had before.

I have always heard that it only takes a few minutes for an attack to start on a computer – or any other device like phones and tablets – that is newly connected to the Internet. I determined to see how many (not if) script-kiddie attacks via SSH took place on the first full day after the changeover.

During the full day after getting new IP addresses, I experienced a total of 1634 attack attempts from 37 different IP addresses. I obtained this information from the Logwatch tool which I describe in volumes 2 and 3 of my “Using and Administering Linux: Zero to SysAdmin” series of books.

The crackers behind these attempts are not just searching for new computers to attack. They make the assumption that there is a computer at every IP address and attack regardless. If there is no computer at one IP address they move on to the next.

The point is that your computer or device is not safe just because it was connected to the internet five minutes ago. There are constant attacks going on and your device needs to be protected before it is connected.

Note that this is only one type of attack. There are many others that I did not even consider in this post.

Outage

Network migration complete

by  • 

The migration to AT&T fiber is now complete and everything went very well. Of course that is not to say it was problem-free.

I have never been a fan of AT&T but my previous provider has been unable to resolve issues with the network just dropping out and the modem/router rebooting at frequent and inopportune times. But the speed of fiber and the fact that it is symmetric with upload and download speeds at 1Gb rather than uploads being so much slower as wih my old provider, and the fact that it is significantly less expensive, I decided to switch.

I wanted to go with residential service which is much less expensive but I had some concerns about needing static IP addresses and with issues I have seen with blocked ports like 25 for email. I run my own web and email servers so that was important to me. After a chat session with a fairly knowledgeable rep and talking with a sales person on the phone, they both said that the static IP addresses were not a problem and that the installation tech could help set that up as well as deal with blocked ports.

They were right. Which was a surprise to me.

Scott, the installation tech called me the morning of the installation to let me know he was on the way and he was delayed only slightly due to traffic. We discussed my needs for a few minutes and he assured me that we could do exactly what I needed. As a gamer, he was very knowledgeable and understood what I wanted and why.

After doing the physical installation of running the fiber from the street to my home office, we worked together to install the modem/router in my desired location and get it and the ONT plugged into a UPS, cabled together, and connected to the fiber. I would not let him into the narrow space available to do that so we worked together on it.

He installed updates to the Arris modem/router and we were ready to go. He showed my on his hand-held tester that the rates were both within a decimal point of 1Gb. We easily got the static IP addresses configured on the router.

I then reconfigured my own internal router. We did have some issues with blocked ports. Although I could browse the web and SSH to remote hosts, nothing was able to initiate connections to my router/firewall. After calling around to various support systems inside AT&T, Sctt and I figured out how to unblock the needed ports and everything was working fine.

I did have some issues with speeds, but those problems were with my own older Linux computer that I was using for my router/firewall. I moved the hard drive from that machine to a newer one, installed the needed network adapters, made a few configuration changes and all is now well.

It just took longer than I expected but everything seems to be working very well now. Thanks for your patience and I hope you were not inconvenienced by the outages during this time.

Information, Outage

Network migration Monday, January 20

by  • 

Outages through Monday

Due to a large number of intermittent outages with my current internet provider, I have decided to move to a new provider. These outages make access to my web sites with their information about my books, unavailable at random times. Please keep trying if you have problems and you should ultimately get through. The outages last several minutes at a time. This problem also delays both inbound and outbound emails.

The intermittent outages will continue though the weekend and there will be a fairly long outage of several hours on Monday as the new service is installed and I get DNS updated.

Thanks for your patience.

Event, Linux, Open Source 101, Speaking engagements

Speaking at Open Source 101

by  • 

I will be speaking at Open Source 101 in Columbia, SC, on March 3. I will present an extended 3 hour session entitled, “Configuring and Using Bash.” This session is intended for Linux users and SysAdmins of all experience levels.

Book signing

I will also be signing copies of all four of my books. There will only be a few copies of each of my books available so there is a limit of one book per person. However, during my session I will give away one full set of all four of my books.

Abstract

The Bash shell is the default shell for almost every Linux distribution. As the Lazy SysAdmin, understanding and using the available tools to configure the Bash shell can enhance and simplify our command line experience.

In this session, which is largely based on Chapter 17 of my book, Using and Administering Linux: Volume 1 – Zero to SysAdmin: Getting Started, you will explore the several Bash configuration files for both global configuration and for users’ local configuration. You will perform simple experiments to determine the sequence in which the Bash configuration files are executed when the shell is launched.

You will explore environment variables and shell variables such as $PATH, $?, $EDITOR, and more and how they contribute to the behavior of the shell itself and the programs that run in a shell.

In this session you will learn:

  • The difference between a login shell and a non-login shell. In the interest of clearing up any confusion we will also learn about the nologin shell.
  • How the Bash shell is configured
  • How to modify the configuration of the Bash shell
  • Which Bash configuration scripts are run when it is launched as a login shell and as a non-login shell
  • The names and locations of the files used to configure Linux shells at both global and user levels
  • Which shell configuration files should not be changed
  • How to set shell options
  • How to set environment variables from the command line
  • How to set environment variables using shell configuration files
  • The function of aliases and how to set them
  • How to have some fun on the Bash command line
Book, Using and Administering Linux: Zero to SysAdmin

Great first review

by  • 

I am really happy to get a great 5-star first review on my Linux self-study series, Using and Administering Linux – Zero to SysAdmin. Among other things, the reviewer says, “…these 3 books are a superb new resource for newbies, experienced users, and ‘front-line’ SysAdmins.” The full review.

Book, News, Using and Administering Linux: Zero to SysAdmin

“Using and Administering Linux – Zero to SysAdmin” to be translated into Korean

by  • 

This morning I learned from my editor that Apress has licensed all three volumes of Using and Administering Linux – Zero to SysAdmin for translation into Korean. This is a big deal and I am really excited about it.

Opinion, Security

High Anxiety

by  • 

Yesterday was a very challenging day for me. It involved winblowze 10 which is not a common thing for me to touch. Very uncommon, in fact, since I never use it myself.

It all started with a concerted, multi-pronged attack against a non-profit for which I do some volunteer work. It first gained our notice when the office manager thwarted an attempt to drain our bank account with a wire transfer, and an attempt to change the password on our financial account along with an email bomb designed to hide emails indicating that attempts had been made to do so. It then moved on to attacks against members of the institution requesting money for the director in the form of Google play gift cards.

Fortunately, the treasurer had put a hold on the account before funds went missing. So that was all good. I got involved with the mail bomb and soon discovered the emails from our financial institution.

So the bottom line is that, to improve security, we are upgrading some winblowze systems at the office to Linux. Don’t ask me why we had that OS on our systems because that is a very long story – more than I want to get into here.

Unfortunately we still have one bit of software that requires Windows. So my plan was to use VirtualBox and run w10 in a VM. I installed Linux and VirtualBox on a replacement computer and created the virtual machine. It was then time to install Win10.

Here are the problems with the closed and proprietary operating system from Redmond in this situation.

Privacy – not!

To do a normal installation with the VM – or any host – connected to the Internet, there is now no option to create local user accounts. M$ wants all your information including name and date of birth. I meant, seriously? What does this have to do with running a computer?!

Oh, wait. M$ just wants to force you into doing everything while connected to their servers. You have just lost every bit of on-line privacy you might have had left. All of your personal business is now available to M$, even the stuff you know enough not to put up on social media.

The circumvention

So after hours of internet searches I found what might have been a circumvention. Unfortunately M$ has closed that little loophole – no point in even telling what it is because it no longer works.

After even more internetting, I found another alternative. Don’t install Win10 while connected to the internet. It has to assume, at least for the moment, that you really do need a local accounts and can connect to the internet later, at which time they can suck up your data. Of course the installation forces you through multiple screens on which they first request you to connect to the internet, and then to try and determine whether you might be able to connect later.

I finally arrived a a screen that asked for my name and some other personal information, but not quite as much as the on-line account creation. Then – horrors – it asked me to choose three security questions and provide answers. After providing these – using easy to remember but bogus answers – I was ready to go. So I thought.

After waiting forever through the initial setup I was able to get to a point where I could create more accounts. Unfortunately I had reconnected to the internet and was again forced to create a M$ on-line account. So once again I disconnected from the internet and was barely able to add the other accounts I needed.

Needless to say, it was a long and frustrating day for me.

The real solution

Linux is the real solution to this invasion of your privacy that you have to pay for yourself.

First, Linux is free of charge and free to share with friends and family. Updates can be downloaded and installed without having to provide any personal data or any information about your computer. None. No way. Never.

Linux requires no on-line sign-ups or accounts. All of your accounts are maintained entirely on your computer where they are well protected by the uncompromising security of Linux. No one can get in unless you want them to. And you are free to create on-line accounts such as for the Firefox web browser – but only if you choose to do so. You retain complete control.

You can also create as many login accounts as you want. With no limitations of any kind. No tricks are required to do so.

Plus, Linux can do everything that other OS does and so much more while remaining free as in beer and free as in speech.

Did I mention that I hate Windows?

Book, Information

About ebooks for “Using and Administering Linux”

by  • 

All three volumes of my Linux self-study series of books, Using and Administering Linux – Zero to SysAdmin, are available in multiple formats. In addition to soft-cover hard-copy (sounds like an oxymoron, doesn’t it?), they can be purchased in Kindle format from Amazon. They can also be purchased in soft-cover and multiple electronic formats from Apress, the publisher.

The three electronic formats are:

  • mobi – This is Kindle format
  • epub – for other e-readers
  • PDF

All of these electronic formats can be used on your Linux or Windows computer with good e-reader software. The best PC e-reader I have found is Calibre which is available for multiple operating systems including both Linux and Windows. Calibre works with all three of the listed electronic formats as well as others, and it renders all versions very accurately. Calibre is open source, and free of charge.

I like Okular for a PDF reader but it does not render the other ebook formats nearly as well as Calibre.

So, if you want the ebook version of any of my books, my suggestion is to purchase the ebooks from Apress because you get PDF and epub formats for the price of one. Then copy the appropriate version(s) to your e-reader and use any of the versions on your PC with Calibre.

Purchase these volumes from Apress at the following links:

Book, News, Using and Administering Linux: Zero to SysAdmin

“Using and Administering Linux” now available on Amazon

by  • 

Updated 2019-12-23

The books in my three-volume series, Using and Administering Linux – Zero to SysAdmin, are just now becoming available on Amazon.

Book, Information, Opinion, Thoughts

Update on BookAuthority

by  • 

After some additional research, it turns out that BookAuthority is merely an Amazon “partner.” They advertise Amazon books and get a bit of money from Amazon for doing so. As near as I can tell, they create these “top X” categories and use that to attract potential purchasers whom they hope will click through and purchase from Amazon. They also provide meaningless graphics for us authors to place on our web sites to generate traffic to their web site.

They claim on their web site that the “ratings” they give each book are calculated using a “proprietary algorithm” from publicly available data. Whatever. This seems to be a way to prevent authors and purchasers from finding out how they really work.

I do not believe that they have any relationship with the people they claim recommend the books they list. That is not to say that those people don’t recommend those books, just that the don’t do it “for” this organization.

So my conclusion is that being on any of their lists is bogus and meaningless in terms of the value of my books. Such value would be impossible to determine because not one of the three volumes in my “Using and Administering Linux: Zero to SysAdmin” series is available yet so no sales figures can possibly be available for a few months at least.

You will need to determine for yourself whether my books are of any value to you or not. If you do find that they have some value – after you purchase and use them to learn how to be a Linux SysAdmin, please leave a legitimate review on Amazon, Barnes and Noble, or GoodReads. Thank you!

However, with all that said, it really did boost traffic on my personal web site considerably when I posted the article yesterday.

My source: https://www.linkedin.com/pulse/simple-secret-being-big-deal-online-john-nemo

Book, Linux, Using and Administering Linux

Finished!

by  • 

Late yesterday I finished proofing that last of the three books in my Using and Administering Linux: Zero to SysAdmin series.

Although there may be a few more email discussions to clarify various notes I made on the proofs, for me, this project is essentially done. It has taken almost two years from my initial conception of the Linux self-study course that grew into this three-volume set.

As far as I can tell, we are still on track to have all three volumes published before the end of the year.

If you are interested in learning to be a Linux system administrator, this is the self-study course for you. I hope you will check it out. The link above takes you to my page for all three volumes which has links to Apress and Amazon where they can be purchased.

Book, News

Book update

by  • 

I have been quite busy the last couple weeks working on the proofs for “Using and Administering Linux.” I have completed work on Volume 1 and am almost finished with Volume 2. I should receive Volume 3 for review early next week.

I think we are still on schedule to get all three books out before the end of this year.

Book, News, The Linux Philosophy for SysAdmins

“Linux Philosophy for SysAdmins” to be translated into Chinese

by  • 

I have just learned that China Machine Press, a Chinese company based in Beijing, has purchased the rights to translate my first book, “The Linux Philosophy for SysAdmins,” into Chinese. This is exciting news and means that my book will now be available to many new readers.

Although it will very likely be some time before the book is available in Chinese, my Apress editor is trying to make sure I get a copy. What a conversation starter that will be.

Book, News, Using and Administering Linux

Technical revisions completed

by  • 

This weekend I completed the technical revisions on Volume 3 of my definitive 3-volume self-study course, “Using and Administering Linux – Zero to SysAdmin.” This is a major milestone and clears the way for all three volumes to be released by the end of this year.

I want to thank both of my technical reviewers for working so hard to get this accomplished. Jason Baker and Seth Kenlon have done a fantastic job and the course as a whole is far better for their contributions than would otherwise be the case.

Of course there is still more work to do. I still need to check the proofs and I still have a bit of work left to generate the list of index words for Volume 3.

I will continue to keep you informed and will let you know as each of these volumes becomes available.