stevedoria.net

Sure, traffic between an SSH client and server is enciphered, but how can certainty that the correct server is directly processing client requests be enhanced. A man in the middle attack occurs when an SSH server poses as the desired host, and forwards messages between the desired host and the client. The fake SSH server receives an enciphered message from the client that it can decipher, because the SSH server provides its own public key for the client to use. Then, the fake SSH server acts as a client to the desired SSH server, passing along messages to the desired server from the client. Respecting the fingerprint of a server’s public key helps minimize the efficacy of man in the middle attacks.

The following command gets the ssh key fingerprint on typical Unix-like system configurations:

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

The SSH protocol was intended to use a certificate authority (CA) for ensuring that clients were connecting to the desired server. Many SSH server and client installations currently do not rely on a CA to identify each to the other. This is why the SSH server’s key fingerprint is as important as login and password information when given to remote users. Without a good certificate authority in place, users should disallow connections to servers with unrecognized keys, and manually insert the key fingerprints into applications such as Putty. When a message indicates that a connection cannot be made or that the key fingerprint has been changed, attempts to connect should be discontinued, and the server’s administrator should be notified immediately.

July 16, 2005 – Hua and I set up the company’s very first server at Broadspire LA

The introduction of another full cabinet at a new colocation site in Downtown Los Angeles is evidence of the company’s progress and sustainability. I have heard from forgotten sources that eight out of nine companies fail within their first year, and only one in nine of the companies that make it through the first year become successful. The company has enjoyed stable and controlled growth since its inception, and the company’s investment in additional resources for future products evidences our anticipation of future growth.

During the past months, the company grew its customer base to include several companies that are publicly traded and held in equities markets. Our business development team is especially exceptional at discovering client needs and suggesting company products that can meet them. The technical team has made many accomplishments to cultivate the company’s success, and the entire team’s dedication to serving clients has instilled a great deal of client loyalty.

Success in business and the development of a company is significantly determined by the ability to gather, manage, and retain a pool of resources. Our success is also based on reciprocation from our clients. We care deeply about our clients’ online businesses, and they, in turn reward us. I look forward to continuing and expanding our success through the delivery of success for our clients, and I am driven to help perfect our processes to prepare us for the next level.

[00:16]* ae (steve@liss.loosebytes.com) has joined #gamedev
[00:34] <Decept404> anyone know of any decent offline/local network issue/bug tracking solutions?
[01:05] <ae> how about bugzilla?
[01:11] <Decept404> not offline ;P
[01:12] <ae> heh, you can always install a webserver and db server for use on the local host =)
[01:12] <ae> … and it has the added benefit of making online easily at a later time

I think frequently about the design of software while I drive between home and work. I frequently come across the problem of designing user-defined, compound types or classes. Determining a compound type’s member fields and methods requires a lot of effort. The problem’s complexity is increased when an instance of a class consists of fields drawn from multiple tables in a database. Designing a class that is used in a web application is made more complicated by the stateless nature between each request of a browser. The general problem is stated as designing a class that draws information from multiple sources and supports class instances with short lifetimes.

In practice, determining the interface of an object is difficult. The use of “accessors” and “modifiers,” functions that access and modify an object’s state or internal data, is common practice among software engineers. The use of these functions helps control the operations that can be performed on an object, and it it helps maintain consistency in an object’s state. It also allows the internal implementation of a class to be modified without affecting the code that operates on instances of the class. There may be problems, however, with the tying functions and data into classes too tightly.

An example of an original Person class design is presented below with several interface functions.

class Person
{
	private Name m_name;
	private Date m_birthdate;
	private String m_password;

	public function SetName( Name name );
	public function GetName();
	public function SetBirthdate( Date date );
	public function GetBirthdate();
	public function SetPassword( String password );
	public function GetPassword();
}

The m_password field of the Person object may be retrieved from a database table named User_Passwords while the other information is fetched from the User_Pedrigree table. In the example system, code that accesses or modifies user passwords is spread throughout the system, but execution of the code is infrequent. Although the password information may be used in only 5% of operations that deal with Person object, because the object’s consistency is maintained, the password is always retrieved. With this interface, “person->GetPassword()” and “person->SetPassword( new_password )” may be in multiple places of the code.

Assuming that retrieving the password information is later found to be an expensive operation and that expense is paid every time a Person object is created, a couple of modifications to the operations on the class may be used to improve system performance. The underlying operation of retrieving a password can be reworked, or the password information can be separated from the type definition. Two refactorings of the Person object are presented below. The first treats the object as a descriptor to a function. The second refactoring reimplements the class to delay the retrieval of the password information.

Separating the password information from the Person object may force the removal of the GetPassword() and SetPassword() functions, and this will further require updates to code that rely on these functions. The need would have been avoided, if these interface functions were not present in the original class and independent functions were implemented to provide the same functionality. Code that operated on Person objects would appear as “GetPassword( person )” and “SetPassword( person, new_password )” instead of “person->GetPassword()” and “person->SetPassword( new_password )” as mentioned above.

Separating the password functions from the class is problematic, because it is against the goal of tightly grouping data and functions with classes. The code becomes less cohesive with this approach.

Delaying the retrieval of password information until it is first requested improves the example system’s performance. Resources are not used to retrieve password information, until it is first used. This has the benefit of allowing the object’s state to continue appearing consistent, and it allows code to continue enjoying the benefit of using classes to group functions and data.

The second option described above appears to be the better solution that addresses the example problem. Considering the first option may still be desirable in cases such as when the degree of cohesion between the class and its member data is unstable.

I decided to make the move this weekend. Witnessing Kelly adopt GNU/Linux after being a long-time user of Microsoft solutions inspired me to transition away from Microsoft Windows. So, I bought an open-box 500GB Seagate FreeAgent external hard drive from Fry’s Electronics for 140USD, moved all my data files from my Windows desktop, and converted my desktop to one that runs CentOS 5.0.

The computers in my home currently run Mac OS X on a Mac Mini, CentOS 4.4 on an old PII 400MHz, CentOS 5.0 on a P4 2.6GHz, and Microsoft Windows XP Pro on a Dell Inspiron 8600 laptop with a Pentium M 2.0GHz processor. I was thinking about trying out Ubuntu, but after hearing that it was derived from Debian, I decided to stick with a distribution based on RedHat Enterprise Linux.