Jason Spence | 1 May 02:10 2002

[PATCH] Re: ssh hygiene

On Mon, Apr 29, 2002 at 10:51:29PM -0700, Don Marti developed
a new theory of relativity and: 
> Should everyone stop using version 1.5 and previous of the ssh
> protocol?
> 
> When generating keys for SSH version 2 should you pick RSA or DSA?
> 
> Did they ever fix the "rsync over ssh hangs" bug?  I haven't seen
> it in a while but once saw it go away and then come back.
> 
> Any compelling reason to use Blowfish instead of triple-DES?
> 
> If you're going to go somewhere, set up a new account, and log in
> from there to your account back home, it makes sense to have the
> key fingerprints for your known_hosts on a piece of paper in your
> wallet -- right?
> 
> I am no good at either shell scripts or TeX, but will inflict this
> on those of you who are:
> http://zgp.org/~dmarti/warez/ssh-wallet.sh

Wow, what a neat script.  I looked at it and looked at it and then
something horrible happened:

--- ssh-wallet.sh.orig	Tue Apr 30 11:43:20 2002
+++ ssh-wallet.sh	Tue Apr 30 17:08:49 2002
 <at>  <at>  -1,19 +1,97  <at>  <at> 
 #!/bin/bash
+#
+# ssh-wallet.sh -- ssh wallet card script
(Continue reading)

Steve Beattie | 1 May 02:38 2002
X-Face
Picon

Re: [PATCH] Re: ssh hygiene

On Tue, Apr 30, 2002 at 05:10:56PM -0700, Jason Spence wrote:
> +
> +if ! [ -z "$DO_PDF" ]; then
> +    ps2pdf $CARD.ps
> +    echo "Print the file $CARD.pdf"
> +    exit 0
> +fi

ugh, ps2pdf produces horrid pdf files. You might have much better luck
emitting pdf directly from the .tex file via pdflatex.

--

-- 
Steve Beattie                               Don't trust programmers? 
<steve <at> wirex.net>                         Complete StackGuard distro at
http://NxNW.org/~steve/                            immunix.org
http://www.personaltelco.net -- overthrowing QWest, one block at a time.
Andrew L33tsmith | 1 May 02:34 2002

Re: MTA roundup

> And reasonably lucky people may have the same experience.  Or they may
> not.  The point is that public combination testing (let alone regression
> testing) is not feasible.

I agree.  I'm not typically known as being reasonably lucky, but that's 
neither here nor there.  :-)

> Somehow, we're miscommunicating, and I'm not sure exactly how.  You do
> know that modern implementations of UFS are called FFS = Fast
> FileSystem, right?  So, quoting:

> He doesn't approve of async, he particularly doesn't approve of async on
> ext2, and he doesn't even approve of async with softupdates.  (His rants
> specifically against ext2 have been on mailing lists.)

Ah...  I'm not on those mailing lists, which is why I had brought that up.  I 
read the page provided and came to the conclusion that he *prefers* that you 
use sync FFS, not that he dispises anything else, including journalled file 
systems.

> I hope this isn't going to be one of those things of violently arguing
> over interpretations of wording.  What Dan said on the matter is visible
> on the URL-referenced Web page, mostly, and I'll be delighted to leave
> it at that.

Oh hell no.  I'm not trying to start anything; I was just confused where you 
drew some of your conclusions from based on the same text I read.  What it 
turns out is that there are some other texts from DJB that I haven't read.

Regards,
(Continue reading)

Rick Moen | 1 May 09:02 2002

Re: MTA roundup

Quoting Andrew L33tsmith (akohlsmith-le <at> benshaw.com):

> Ah...  I'm not on those mailing lists, which is why I had brought that
> up.  I read the page provided and came to the conclusion that he
> *prefers* that you use sync FFS, not that he dispises anything else,
> including journalled file systems.

That's a pretty fair characterisation -- certainly of what he says on the
page.  He says the spool is reliable under those conditions.  Which does
stand to reason, though warning against softupdates sounds a bit
extreme.

> Oh hell no.  I'm not trying to start anything; I was just confused
> where you drew some of your conclusions from based on the same text I
> read.  What it turns out is that there are some other texts from DJB
> that I haven't read.

Yes, I've lurked a bit on the qmail list, and look in on its Web
archives from time to time.

--

-- 
Cheers,            "Please return all dogmas to their orthodox positions."
Rick Moen                                 -- Brad Johnson, in r.a.sf.w.r-j
rick <at> linuxmafia.com

Sean Neakums | 1 May 09:55 2002
Picon

Re: ssh hygiene

commence  Rick Moen quotation:

> Please note that it's not necessarily a _good_ thing to have all
> aspects of performance be fast and efficient:  One of the reasons
> Blowfish is attractive is that key-generation is _slow_.  Thus,
> brute-force attacks on a given keyspace are thereby impaired. 

How is generation of Blowfish keys slow?  Blowfish is a symmetric
cipher, so they're just random numbers.  Or perhaps I've misunderstood
your post.

--

-- 
 /////////////////  |                  | The spark of a pin
<sneakums <at> zork.net> |  (require 'gnu)  | dropping, falling feather-like.
 \\\\\\\\\\\\\\\\\  |                  | There is too much noise.

Seth David Schoen | 1 May 10:30 2002

Re: [PATCH] Re: ssh hygiene

Jason Spence writes:

> -if !(dvips --version &> /dev/null && latex --version &> /dev/null); then
> +if !(dvips --version &> /dev/null || latex --version &> /dev/null); then
>      echo "This script requires latex and dvips."
>      echo "Please install latex and dvips and try it again."
>      exit 1
>  fi

DeMorgan's Law is still your best entertainment value.

--

-- 
Seth David Schoen <schoen <at> loyalty.org> | Reading is a right, not a feature!
     http://www.loyalty.org/~schoen/   |                 -- Kathryn Myronuk
     http://vitanuova.loyalty.org/     |

Andrew L33tsmith | 1 May 15:02 2002

Re: [PATCH] Re: ssh hygiene

> ugh, ps2pdf produces horrid pdf files. You might have much better luck
> emitting pdf directly from the .tex file via pdflatex.

Try ps2pdf13; absolutely BEAUTIFUL .pdf output, IMO.  ps2pdf creates version 
1.2 pdf files which, in my experience, suck ass for screen output.  v1.3 pdf 
files are much nicer.

(With KDE I found that you also want to enable Type 42 (truetype) font support 
in qpsprinter.cpp -- just change the #undef near the top of the file to 
#define and you're golden.)

Regards,
Andrew

Rick Moen | 1 May 15:26 2002

Re: ssh hygiene

Quoting Sean Neakums (sneakums <at> zork.net):

> How is generation of Blowfish keys slow?  Blowfish is a symmetric
> cipher, so they're just random numbers.  Or perhaps I've misunderstood
> your post.

I believe that's covered in here:  http://www.counterpane.com/bfsverlag.html
The point is covered in _Secrets and Lies_, in any event.

--

-- 
Cheers,             The shortest distance between two puns is a straightline.
Rick Moen
rick <at> linuxmafia.com

Sean Neakums | 1 May 15:36 2002
Picon

Re: ssh hygiene

commence  Rick Moen quotation:

> Quoting Sean Neakums (sneakums <at> zork.net):
>
>> How is generation of Blowfish keys slow?  Blowfish is a symmetric
>> cipher, so they're just random numbers.  Or perhaps I've
>> misunderstood your post.
>
> I believe that's covered in here:  http://www.counterpane.com/bfsverlag.html

Ah, thank you.  I believe I understand your point now.

--

-- 
 /////////////////  |                  | The spark of a pin
<sneakums <at> zork.net> |  (require 'gnu)  | dropping, falling feather-like.
 \\\\\\\\\\\\\\\\\  |                  | There is too much noise.

Don Marti | 1 May 23:08 2002

Should software apologize?

I did a quick "apt-get install konqueror" (after seeing this...
http://sec.greymagic.com/adv/gm001-ns/ with no more detail) and
got the message:

Sorry, konqueror is already the newest version.

Sorry?  What is apt-get doing apologizing?

$ ls /usr/bin | xargs strings | grep Sorry | wc -l
    223

223 apologies?  A few of them are for exceeding compiled-in limits
or some such, which is something to apologize for, but why should
software apologize to you for _your_ mistake?

--

-- 
Don Marti                                          
http://zgp.org/~dmarti                       Help spread accurate information 
dmarti <at> zgp.org                      about Xenu and the Church of Scientology.
KG6INA           <a href="http://xenu.net/">Scientology</a> on your web site.


Gmane