Archive for November, 2005

Xen and Debian Sarge

Some useful hints for running Debian/domU from the Xen Wiki:

I encountered the following problems when setting up Debian 3.1 as a DomU on Xen3.0 Unstable for the XenDemoLaptop:

  1. When booting, I get “Couldnt get a file decriptor referring to the console” about 100 times.
    • Fix: Remove /etc/rcS.d/S05initrd-tools.sh
  2. When booting, I get lots of “FATAL: Module blah not found”
    • Fix: Remove offending modules from file /etc/modules
  3. When booting, after it says “Starting hotplug subsystem:” some of the say “[failed]”
    • Fix: Move offending modules out of /etc/hotplug/

Comments off

ZFS

Sun’s released ZFS for OpenSolarias and it looks very cool. Couple of flash demos show how easy it is to manage and its selfhealing abilities.

It would be very interesting to see the possibilities of this combined with OpenSolarias acting as a dom0.

Comments off

v20z slow booting on Debian

My new v20z was taking an annoying amount of time to boot. Checking the console and a quick google I discover this hint.

The following works well:

title Xen 3.0 / XenLinux 2.6.12.5 / Unstable
kernel /xen-3.0-devel.gz dom0_mem=262144
module /vmlinuz-2.6.12-xen0 root=/dev/sda3 ro console=ttyS0,9600 console=tty0 hda=none hdb=none

The same thread had a link to this interesting site that produces boot charts.

Comments off

Samba and Auto-install Windows Printer setup

Point and Print in Samba is a nice short article about how to install print driver into samba, Windows clients pick this driver up correctly. I had to do some additional fiddling with force user and changing the readonly setting, so I could actually get the drivers installed, but it worked eventually.

Something I should have figured out many years ago.

Comments (1)

The Printable CEO

The Printable CEO a clever self-management method.

Comments off

WiKID – Two Factor Authentication

WiKID is another project I’ve been checking out recently.

WiKID is a two-factor authentication system. It consists of: a PIN, stored in the user’s head; a small, lightweight client that encapsulates the private/public keys; and a server that stores the public keys of the client’s and the user’s PIN. When the user wants to login to a service, they start the client and enter their PIN, which is encrypted and sent to the server. If the PIN is correct, the account active and the encryption valid, the user is sent a one-time passcode to use instead of a static password. You can think of WiKID as ‘certificates on steroids’. It is more secure than certificates because the required PIN is only stored on the server, so it is not susceptible to offline passive attacks.

From reading a couple articles about how WikiD works, it seems it is a form of two factor auth, where the something you have is a software client with a trusted key.

How I read it, is kinda like having a GPG key, encrypting and signing you PIN with that. Sending that to the server which has both your key and pin. It checks and then encrypts and sends back a OTP token with the same key. So the token is useless without the PIN and vicevesa. However I’m not sure how save the system is to a man in the middle attack, where the attacker has stolen a copy of the key. Would this allow a) the attacker to encrypt the key on the way to the server to be authed, or b) steal the OTP token on the way back to the user and thus create an auth race condition.

Also given there are now some python bindings, I’m wondering if there might also be some ruby bindings around the corner. It could be a useful system to build into easy use for rails.

Comments (1)

iFolder

iFolder is one of the useful technologies that is coming out of Novell. Its something that looks very useful for both personal and business use. At the moment though its not that straight forward to use:

When we decided to build the Simias Store on the Flaim database, we partially did it because we were hoping Flaim would follow suit and become open source. Opening Flaim has not yet happened, but Simias is being kept out of distributions today, like Ubuntu, because of a proprietary license on Flaim.

There are a guides out there for Debian, but nothing aptable at the moment. So for the moment its on my todo list, and maybe once I have my new v20z Xen machine up I’ll try it out in a SuSe guest domain.

Jorge Castro has quite a few interesting comments on how he current uses iFolder and ideas about future direction. The revision control mechanism, I think, would be the most useful.

As people and business become more mobile, with tools such as SIP and WiFi making the work and living place more generic, the means by which we manage the data we drag around needs to become easier as well.

Comments off