Hmm. Need to find a good, clean (and hopefully libre) method of getting Reflection X to work with SSH. Right now, it is heavily dependent upon Telnet or the r* commands.. blech. PuTTY is great for just being an SSH client, but if you need to tunnel X sessions, forget it. Perhaps I should just avoid tunnelling and go for direct X connections (ie. Set $DISPLAY to point to the client system rather than server:10 or whatever)..
Anyway, my boss gave me an Internet Security Scanner report about our servers yesterday. ISS guessed the SNMP community name and could change the system configuration. Oh yay. I went through and disabled quite a bit of stuff. At some point, I need to find all of the potentially sharp objects on the servers and make sure that they are safe. (mostly SUID root executables, but perhaps compilers and assemblers as well..)
We have a Linux Mandrake box that had some pretty nifty security stuff built in. I wish RedHat would do that.. However, Mandrake seemed to go a little too far in some places. I mean, should the /usr mountpoint only be readable by root? *shrug* At least it didn't start every service on the planet when I first booted it up. Of course, that system is the fallback fallback. Well, it will be primarily serving NFS shares. Secondary function is being a fallback NIS server. Tertiary function is being the fallback fallback shell server.
Anyway, the security report wasn't terrible, but not as nice as I had hoped. Of course, my Unix boxen were the only ones that didn't have the problem of predictable TCP sequence numbers (if they are not predictable, it is very hard to do complex IP address spoofing). The Novell servers were the worst, with ISS getting 100% of it's guesses correct about the sequence numbers. Most of the NT boxes were around 60%
I still want to work on my bus schedule proggie, but I don't know when I'll get the time. I can't live without my 8-9 hours of sleep (compared to most techies, I'm a total weenie). I might be able to live with less, but then I'd need to be able to sleep in until late (11AM or so). I'd also love to do some work with weather-related programs. You know, something that would send me a message if there's a Tornado Warning or something. I guess I just need to find a decent data source first.. Also, I hope the (U.S.) government will make NEXRAD radar data available publically when the radar contracts expire later this year. Getting hour-late images from Yahoo and other places just sucks. Besides, wouldn't you like to be able to zoom in on the images just like your forecasters do on TV? Or maybe make your very own 3-D flythrough?
Posted by mike at July 28, 2000 01:05 PM | Old Advogato Diary , Software , Weather , Work | TrackBack