March 12th meeting - Geographic Information Systems

2009-05-18

WHAT: March TriLUG meeting WHEN: Thursday, March 12th, 7:00pm WHERE: Red Hat HQ, NCSU Centennial Campus MAP: http://www.redhat.com/about/contact/ww/americas/raleigh.html

This month, our very own Doug Newcomb will give us an introduction to the fascinating world of Geographic Information Systems. It's the ultimate form of representing the world around us using computers. Literally, we're mapping out our entire planet for use online.

We've all used Google Maps and Mapquest. But have you heard of the collaborative effort at OpenStreetMap.org [1] to produce a complete map of the world, entirely from user-contributed data?

Closer to home, we might use the local land records web sites: Wake County IMAPS [2], Durham GIS web [3] or the Chatham County GIS [4]. See how open source software and free-license data fit into these systems (or not).

And now, consumers with TomTom GPS's can share map updates with other users using TomTom Home "map share" [5]. Again, people helping people, correcting the data that they know about best, close to their homes.

On Thursday night, Doug will tell us about a variety of GIS projects, both commercial and open source, with proprietary and open sources of map data.

See you all there.

Alan

[1] http://openstreetmap.org/ [2] http://imaps.co.wake.nc.us/imaps [3] http://gisweb2.ci.durham.nc.us/sdx/ [4] http://www.chathamgis.com/ [5] http://www.tomtom.com/page/mapshare/


April 9th meeting - Lightning Talks

2009-05-18

The April meeting will be a chance for members to share tips and tools with each other, in the form of "Lightning Talks". Each speaker will be given 10 minutes to discuss an indispensable tool to the group, including time for questions. Bring your ideas, and be ready to "share and enjoy".


So you think you've been rooted...

2009-03-01

Since we had a break-in on pilot recently, I thought I would bring up a couple of points.

(1) WHAT HAPPENED

First of all, it appears that what happened to pilot was that a vulnerability in "RoundCube", a fancy web mail package, was exploited by a script that installs a "bot" (part of a botnet).

As far as I can tell, no files or emails were damaged. Everything appeared to be intact. It looks to me like it was just talking to a lot of other machines via an IRC channel (and that's how we noticed it).

The bot was running as user 'www-data'. So technically, we were not 'rooted'... we were 'apache-ed'.

(2) KEYS AND PASSPHRASES

But since we have had a break-in, it makes me think of what damage could have been done.

Personally, I was thinking about my SSH keys. On any semi-public machine like pilot, I encrypt my SSH keys with a passphrase (see "ssh-keygen -p"). So if someone were able to read my private key in ~porter/.ssh/id_rsa, all they would get was a load of DES-encrypted bits. In this case, it's doubtful that they could have read the file, since it has 700 perms.

But if an attacker had read these files, and if my key were not encrypted, then now would be a good time to go onto all my other accounts and make sure that my TriLUG SSH key was not listed in the ~/.ssh/authorized_keys files. This would keep one break-in from leading to a series of break-ins. This is left as an exercise for the paranoid reader.

As it stands, it looks like your SSH keys were never at risk. At least not from the bot... remember that myself and the other sysadmins can read these files. So the extreme paranoid users (you know who you are) might want to look into SSH key passphrases.

(3) BACKUPS

I also wanted to make a note here that our unofficial policy on backups is that users are responsible for backing up their home directories (and now that your mail is stored in ~/Maildir, that means email, too). We currently do not back up /home. Remember, we're a group of volunteers, and we're doing "best effort" service. We try, but we're not guaranteeing anything.

I am VERY happy that we did not lose anything in this latest incident.

In the meantime, I am making daily backups of everything EXCEPT /home. And I am also entertaining the idea of putting a larger disk on dargo so we can back up /home, too. Donations are gladly accepted.

Alan


February 12th meeting - CA Cert

2009-01-13

CAcert.org is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates).

At the February TriLUG meeting, we will learn about certificates and certificate authorities, and we will have a chance to become "certified" to issue our own certificates through CA Cert. These certificates can be used to enable SSL on a web server or a mail server.

If you would like to be certified, bring 2 forms of government-issued ID. You might also want to do some homework on the CA Cert web site beforehand.

Time: Thursday, 12 February, 7:00pm Place: Red Hat HQ, NCSU Centennial Campus Directions: http://www.redhat.com/about/contact/ww/americas/raleigh.html


(UPDATE - 2009-02-04 - How you should prepare)

The February TriLUG meeting is rapidly approaching (next week), and I wanted to send out a quick note that might help you get the most out of the talk.

First of all, some background. What is "CAcert"?

It is a certificate authority, just like Verisign or Thawte or GoDaddy. You can generate certificates to use on your web server or mail server, and they will sign it.

Many people use self-signed certificates on their web servers and mail servers. This provides HTTPS/IMAPS (SSL) encryption, but it is trivial to spoof. An attacker just sits in between you and your server, providing you with his own self-signed certificate.

YOU <---encrypted---> SPOOFER <---encrypted---> WEBSERVER

For this reason, on Firefox 3, you get the screen with the yellow passport man icon saying "Secure Connection Failed". And then they make you jump through several hoops before you can accept the certificate and see the page. In theory, you're supposed to verify fingerprints and what-not, but who does?

If you want to avoid this problem, you can get your certificate signed by somebody: Verisign, Thawte, GoDaddy, or CAcert.

There are two main differences between these CA's:

(1) price... CAcert is free, the others are not

(2) ease-of use... most browsers already know who the other guys are, but you have to tell it who CAcert is (by downloading their root certificate and importing it into your browser).

We'll talk a lot about these points at the meeting.

BUT... if you follow these steps, you will be able to generate your own certificates, and then have your certs signed by CAcert.

I did it today, and it was very easy.


THE STEPS -- DO THIS BEFORE THE MEETING

0) See the detailed instructions here:

http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP

If you have a concern or spot a conflict between those instructions and these in this email, contact Cristóbal Palmer, cmp@cmpalmer.org

1) SIGN UP with CAcert here:

https://www.cacert.org/index.php?id=1

2) PRINT out a CAP form. See here:

http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP Click on item #4.

3) BRING two forms appropriate government-issued ID.

Examples: passport, id-card, driver's license

The names should match on both. One must have a photo, but both is ideal.

4) COME to the meeting! Enjoy the show! Get assured!

Alan and Cristóbal


January 8th Meeting - VMware

2008-12-14

In January, we will welcome Justin Parker into the LUG in the harshest way we know how... by inviting him to be a speaker.

Justin recently moved to the Triangle. His previous job was with VMware, one of the pioneers of virtualization. He will give us an overview of virtualization, and the features of the various VMware products. And he will guide us through setting up a virtual server. All of this, he says, without trying to sound too much like a "fanboy".

Slides available here (OpenOffice ODP format).


December 11th Meeting - Holiday Social

2008-11-21

Following the TriLUG tradition, the December meeting will be a social event, with no formal program. Members and friends are invited to gather, eat, and blow each other to bits (in bzflag or any other game of your choice).

Dinner will be potluck. Bring a dish to share. Sign up on the wiki.



October 9th Meeting - Linux at NASA

2008-09-23

Robert Singleterry, a researcher from NASA Langley Research Center will be speaking on his discovery of open source software in his quest to study space radiation.

Robert will discuss the trials and tribulations of a Student / GPC / EI International / Grad Student / ANL-W / NASA engineer, and his trip from sole source software to the open source world. There were mountains to climb, holes to watch out for, and eventually smooth sailing ahead for this engineer's usage of open source software at NASA, all while doing his real job of space radiation research.

Robert will share his experiences of sole source and open source software, and how the two interact with each other. And he will describe the environments in which he made the open source transition, which range from a single work laptop to high performance computing clusters.


[TriLUG]

The Linux Users Group of the Triangle. Serving Raleigh, Durham, Chapel Hill, and RTP.

Sponsors

Our monthly meetings are hosted by:



Dr. Warren Jasper



Hosting Sponsor

Hosting for TriLUG's infrastructure is provided by:

NetActuate


3D Printed "TriTuxes" provided by:
Brian Henning