Category Archives: Uncategorized

Preventing a “Denial of Service” (DOS) attack on a server is a major part of securing a server.

In a typical denial of service attack, the attacker logs into the server, starts a process that continuously forks a new process until all the resources on the server are used up. At that point the server has in effect been knocked out of service because all it’s resources are being consumed by one user’s dummy processes.

The code below is known as a fork bomb:

$ forkbomb(){ forkbomb|forkbomb & } ; forkbomb

Limiting the maximum resources available to users and groups is an important part of configuring a production system. To limit resources, you must add the user name, group or all users to /etc/security/limits.conf file and impose process limitations.

Understanding tne “/etc/security/limits.conf” file

Each line describes a limit for a user in the form:

Where:

can be:
a user name
a group name, with @group syntax
the wildcard *, for default entry
the wildcard %, can be also used with %group syntax, for maxlogin limit

can have the two values:
“soft” for enforcing the soft limits
“hard” for enforcing hard limits

can be one of the following:
core – limits the core file size (KB)

can be one of the following:
core – limits the core file size (KB)
data – max data size (KB)
fsize – maximum filesize (KB)
memlock – max locked-in-memory address space (KB)
nofile – max number of open files
rss – max resident set size (KB)
stack – max stack size (KB)
cpu – max CPU time (MIN)
nproc – max number of processes
as – address space limit
maxlogins – max number of logins for this user
maxsyslogins – max number of logins on the system
priority – the priority to run user process with
locks – max number of file locks the user can hold
sigpending – max number of pending signals
msgqueue – max memory used by POSIX message queues (bytes)
nice – max nice priority allowed to raise to
rtprio – max realtime priority
chroot – change root to directory (Debian-specific)

Login as the root and open configuration file:

# vi /etc/security/limits.conf
# The following will prevent a DOS fork bomb by user guest, group students, faculty or
# pusers

guest hard nproc 300
@student hard nproc 50
@faculty soft nproc 100
@pusers hard nproc 200

The configuration above will prevent anyone in the student group from having more than 50 processes, faculty and pusers group limit is set to 100 and 200. guest can create only 300 processes. Please note that both KDE and Gnome desktop environments launch many process.

At the coffee ghosts meetup today, Jacara gave me a new Bit Torrent site; “bitsoup.com”.

I also like “kickasstorrents.com”. Torrentfreak.com is the place to find out News about what’s happening in the Bit Torrent World.

uTorrent is my favorite Bit Torrent client for Windows. It’s super compact and efficient because it’s written in C. I like to use Transmission as my client on OSX and Linux.

Over pizza at the Olympia Restaurant on Denman Street with wet flakes of snowing outside, Frank Norman raved to me about the Samsung Galaxy Note. The Note has a 5.3 inch display between the size of a smartphone and tablet, runs Android 2.3.6 (Gingerbread) operating system with UI 4.0 touch interface and supports a stylus for sketching and hand note-taking.

The first distinctive feature is the 5.3 inch display compared to the 3.5 inch display on the iPhone 4S. The extra display size is a plus for me. Since I’m in my early 50′s, I have to take off my glasses to view things on either an iPhone or HTC Magic. The Note is too big to carry in your jeans pocket, but since I usually carry my phone in my oversize jacket pocket, laptop bag or backpack this isn’t an issue.

Every since university engineering days, I’ve wanted a portable device I could use to take notes or jot down a sketch. The Palm Pilot was a step in that direction, but you had to use a special graffiti language to enter notes. The UI 4.0 interface should be able to convert even my hen scratchings into text. The sketchpad sounds perfect for making engineering sketches.

Frank says I can try the Samsung Galaxy Note out this week at the Toronto Dominion Bank Centre near West Georgia and Granville so I’ll update the post once I’ve tried it out for myself.

Here are links to two reviews in Wired magazine.

Trilby, has a couple of European DVDs that are region-locked. It can be a major pain-in-the butt to get the European DVDs to work in North Anerica.

DVD region codes are a digital-rights management technique designed to allow film distributors to manage releases by region including release date, content (censored versions for different regions), and differential pricing by market (different prices for different regions). The region code restricts the area of the world in which the DVD can be played. The American DVD Copy Control Association in California requires that DVD-player hardware manufacturers incorporate the regional-playback control in retail DVD players.

The best way to get around the DVD-region lock is to use the excellent, free and open-source VLC media player. I have included a link to the free player on the Downloads page.

Wikipedia Reference recommending VLC.

VLC ignores region coding. Disable the annoying DVD player app that comes with OSX or Windows. Open the disc with VLC and it plays. No firmware zapping necessary.

This is a script that I use to automatically update non-critical Debian/Ubuntu servers.

sudo apt-get update -y && sudo apt-get install -y && apt-get upgrade -y && apt-get dist-upgrade -y && "Done Updating"

Notes
The && runs the following command only if the previous commands exits successfully.

The “-y” switch responds automatically answers yes to the shell prompts.

A developer installed some Ruby gems on a new install of Ubuntu 10.10. After a few failures trying to run the gems, he realised that they failed because his PATH value did not contain the directory for the new gems.

He then executed the following command in his current shell;

PATH=$PATH:/path/to/gem
export PATH