HR Geeks

ShmooCon is this weekend in Washington, DC. Tickets are all sold out, but a few HRGeek-ers may have extras they can part with (hit them up on the mailing list.
There is a huge HR crowd going this year – if you’re one of them, make sure you stop in to see Ethan give a 20 minute presentation on the infamous UAV. His slot is immediately following the Matt Blaze keynote at 4PM on Friday afternoon.

Also check out the SkeeBall Machine (SkeetBall) in the Hacker Arcade. Skeetball is being brought to you on the hardworking backs of a few HR Geeks, so be sure and donate to play!

I assume Ethan, Erik, or MattD will write up a post on OpenVulture, SkeetBall, etc., so I’ll leave more about that to them!

Meeting at Kellys, once again!
Be there for the Post-ShmooCon rundown!

Just a reminder – HR Geeks is meeting at Kelly’s Tavern at Pembroke Mall in Virginia Beach.
People begin arriving at 6:30-7:00PM, and the party goes on until around midnite most times!

Tonight is the same as the TWUUG meeting, so anybody who wants to go to both, feel free to attend TWUUG first, as HR Geeks goes much later than 9PM; we’ll still be there when you’ve got your Linux fill!

See everybody there!

We’re now running on fully updated software! It only broke…everything! No more 2 years between updates.
If you see something not functioning (web, db, jabber, mailman, etc.) let me know, and I’ll try to make sure it gets fixed.

Setting up a new workstation with Ubuntu and Firefox to use a DoD CAC is suprisingly easy.

These instructions work for Ubuntu 8.10 on my hardware.  My card reader is built into a USB Dell Keyboard.  It takes only a couple of steps to enable it for use in Firefox.

1. Install libccid (which requires pcscd as a dependency)
2. Install coolkey
3. Tell Firefox to use coolkey’s pkcs11 library
4. Profit!

To cover these steps in more detail:
(continue reading…)

After the recent Apple update, which included ‘security fixes’ for Safari, Little Snitch popped up a warning message when I attempted to visit my banks website.  A process called ocspd wanted to visit “EVSecure-ocsp.verisign.com”.  Needless to say, I was instantly curious as to what in the world ocspd was, and why it was trying to talk to Verisign when I was visiting my banks webpage.

It turns out, ocspd is part of Apples new ‘safe surfing’ update to Safari.  Online Certificate Status Protocol (OCSP) is the functional replacement for the old school PKI Certificate Revocation List (CRL).  It allows the Certificate Authority (CA) (in this case, Verisign) who signed the websites certificate, to authenticate the presented certificate in real time.  This is a much more ‘elegant’ solution than the old, crummy CRL, which had to be manually updated (or pushed down with OS patches, etc) and did not allow certificates to be rejected in anywhere near realtime if they were deemed fradulent.

Despite being a more elegant solution, it also creates a number of new problems.  

First, it places a big new load CAs, who went from being trusted certificate issuers to being real time certificate verifiers.

Secondly (and more importantly), it seriously breaches the privacy of every user using the service.

(continue reading…)

I’ve been looking around at what some new storage would cost me – looking for a few TB of space to cover all of my digital media, as well as to allow for easy growth in the future.  As part of this, I spent some time figuring out what is currently most cost effective, from a dollars-per-gigabyte perspective.  This isn’t always obvious, as there are a range of drive sizes, and variations within each size between different manufacturers.  

This stuff changes pretty substantially year to year, so it’s worthwhile to go back and see exactly where the sweet spot is.  Today, from a cost-per-gig standpoint, the Seagate 1.5TB and the Samsung 1TB discs barely nudge ahead, coming in at a mere $0.12/GB.

 Here’s a quick break down of that statistical information, as of October 21, 2008:

(edit: fixed messed up pricing for Samsung disks).

(continue reading…)

I bought a 1TB Apple Time Capsule today. I plan on replacing my Linksys WRT54G and a Dell Linux Samba server I have.

As usual, Apple nails the out-of-box experience. Pop the CD in, run the utility, follow the directions presented, and the Time Capsule was up and running in about 5 minutes (3 of which were spent rearranging cables to accommodate the new machine).

The utility software picked up the un-configured Time Capsule and walked me through the configuration in just a few simple steps. After confirming that my cable modem used DHCP, entering a password for disk access, and entering a WPA2 password, everything was up and online.A nice little touch, the utility software that configured the Time Capsule’s wireless network automatically reconfigured my Airport card to connect to the WPA2 secured 802.11N network on the Time Capsule.

After getting online, I opened up the Time Machine configuration setting pane, selected ‘Change Disk’, picked the Time Capsule out of the list, and that was it – it’s now doing DHCP, Wifi, NAS, TimeMachine hosting (for both Macbooks), and routing/NAT’ing my cable modem, with a grand total of 5 minutes of configuration and maybe half a dozen clicks. Fairly impressive!

We’re meeting up at Kelly’s Tavern at Pembroke mall tomorrow night (March 13th).Hope to see everyone there!View Larger Map

I’ve discovered a neat SSH trick / timesaver. You can create per-user ssh configuration files – ~/.ssh/config – which can contain host aliases.

For example, I SSH to ‘host.long.stupid.domain.com’ a lot. I can shorten this by putting:

Host myserv
HostName host.long.stupid.domain.com
User myDomainUser

into the configuration file. Now, I can do:

user:~>ssh myserv

and ssh will effectively run:

ssh myDomainUser@host.long.stupid.domain.com’

without having to type it all. Combine that with ssh keypairs (~/.ssh/authorized_keys2), and you can save a serious amount of typing!