• Home
• About

Archive for March, 2009

Slow Apache Starts on Ubuntu

An Apache server that I was working with was having an issue starting in a reasonable amount of time. This particular server was running on Ubuntu 8.04 on top of VMware ESX 3.5. The service would start eventually, but would hang for a fairly significant amount of time. In the Apache error logs it would show the following line:
[notice] Digest: generating secret for digest authentication ...

Eventually, the digest generation would finish and my websites would come back. Sometimes it would take just a few seconds and other times it would take about 30 seconds. After doing a little digging, I found that a number of people were having this issue, with very few answers.

The root problem, as I found out, was that the OS was running out of entropy. One can see how much entropy is available with the following command:
sudo cat /proc/sys/kernel/random/entropy_avail

My system was returning a value somewhere around 150-200 and went down to nothing while Apache was generating its digtest. When I looked at the same file on other systems, they were all 2000+, an obvious problem.

According to a couple of blog posts, installing rng-tools and running the rngd daemon seemed to be the answer.

I did a quick install of rng-tools:
sudo apt-get install rng-tools

However, rngd failed to start, reporting that it couldn’t find the hardware generator:
/etc/init.d/rng-tools: Cannot find a hardware RNG device to use.
invoke-rc.d: initscript rng-tools, action "start" failed.

After a little more searching, I found out that you simply have to change the source for the generation to /dev/urandom:
sudo vim /etc/default/rng-tools

And changed the line:
#HRNGDEVICE=/dev/hwrng

To:
HRNGDEVICE=/dev/urandom

Save the changes and start rngd:
sudo /etc/init.d/rngd start

Now, ‘catting’ my entropy_avail file displayed over 2000 like my other systems and Apache starts right up on a restart.

Tags: apache, linux, ubuntu
Filed under How-Tos / Tips : Comments (4) : Mar 17th, 2009

Another Important Password Management Reminder Courtesy of 8,000 Comcast Customers

Today news reached the media that Comcast had a list of over 8,000 usernames and passwords in a publicly accessible directory on a web server. The file apparently had been accessible for months and had been viewed 345 times and downloaded 27 times before someone notified Comcast. The list was discovered by a professor in Pennsylvania named Kevin Andreyo after reading an article on using search engines to dig up secrets about people. Andreyo decided to search for his email address, discovered the list and turned it in to Comcast and the FBI. Comcast has released a statement saying that the number was more like 4,000 accounts that had been compromised due to the list having lots of duplicate entries.

Regardless of the number or severity of the exposure, the fact is that lots of people had their username/password combinations stolen. A very large amount of people use the same password for all of their accounts as well as never, ever change their passwords. That means that this problem most likely exposed a large number of peoples’ bank accounts, email accounts, or other online accounts. As we become more and more dependent on online services, password management becomes very important.

While you can’t prevent your passwords being exposed in this way, there are some tips you can do to prevent your online accounts from being broken into:

Don’t use the same password for multiple services

This can be unmanageable for some without the use of a piece of password management software, which is a religious debate that I’m not going to get into here. Even having a set of 3 or 4 passwords that you use can help to minimize exposure should an event like the Comcast issue take place.

Use a complex password

Now, this won’t help you in this case when the password is listed in plain text, but if your password is not easily guessable, it won’t be subject to simple dictionary attacks.

Don’t use a guessable password

Often, in IT security, attacks come from within an organization. Someone who knows you very well is most likely to want to be breaking into your account than someone who doesn’t and they are a much more likely candidate to guess your password. Be sure not to use a simple word or phrase that a lot of people close to you would be able to guess.

Change your passwords frequently

In the case of the exposure today, changing one’s password is a quick and simple fix to ensure that an attacker won’t break in. It’s also important to keep changing your passwords if your passwords are particularly vulnerable to brute-force attacks. A lot of web services and SSH servers are not setup properly to stop a brute force attack. Also, a compromised system can have passwords contained on it cracked over time without the owner having any idea.

While these steps certainly don’t guarantee one’s security, they are a great step to protecting your identity and personal information online. While none of these are any sort of rocket science, often they are left undone even by those who work in the security field.

Tags: security
Filed under How-Tos / Tips : Comments (1) : Mar 16th, 2009

Apple to Take on the Nintendo Wii?

New rumors in the Apple rumor mill are suggesting that Apple is filing patents to take the Nintendo Wii head-on. The patent is for an infrared device for capturing an image to decipher the direction of the device. Much like a “Wiimote”.. The device of course, has Apple’s notorious single button for simplicity, but the device sounds much the same as the Wii remote control. Apple took the cell phone industry by storm and has done a great job with making games on the devices very fun. The device is smooth and very responsive to the touch and to motion which could be a great prerequisite to a gaming system for Apple. Only time will tell as to whether or not the device ever materializes, but if anyone besides Nintendo could make a great gaming experience integrating some of the tricks of the Wii with touch it would be Apple.

Tags: apple
Filed under News : Comments (0) : Mar 15th, 2009

Opera, Google Want More Than Just An Uninstaller for IE

If the European Union wasn’t heading down a slippery slope, Opera and Google seem to want to be. After its loss in the courts in Europe, Microsoft added functionality to the not-yet-released Windows 7 to allow IE to be uninstalled. Opera and Google don’t seem to think that allowing the browser to be installed is enough, however. The CEO of Opera, Jon S. von Tetzchner, recently told betanews in an interview that he thinks that the best way would be to present a list of browsers for a user to choose from during the Windows installation. Google also released a statement stating that the choice needs to be one that is continually being asked of its users.

All this choice of browsers is fine and dandy, but how does one decide which browsers are popular enough or should be included in the list of choices. In theory, there could be an indefinite list of choices presented to users. Then, why should this freedom stop at web browsers? The Windows explorer FTP client is all right, but I really like FileZilla better. Should Microsoft also allow users to choose which FTP client they want to use? Heck, should a user then get a choice of what OS to install? Clearly we’re trying to even the playing field a little and Linux is a great choice of OS. A choice of whether or not to install IE in the Windows installer would be great and is a step further in the right direction but it needs to stop there. Of course, once one does choose not to install IE, the next step is to install the browser of their choice with… uh-oh…

Tags: google, microsoft, opera
Filed under Tech Trends : Comments (0) : Mar 12th, 2009

The End of Internet Explorer?

Rumor has it that Internet Explorer 8 may be the end of the life for the most popular browser in the world. According to Infoworld, Microsoft will be ditching its Internet Explorer rendering engine after the next major release of their browser. The rumors have been conflicting thus far, ranging from saying that Microsoft will be taking on WebKit with their next browser or developing a new engine codenamed “Gazelle”. WebKit is the engine that Apple chose for Safari as well as Google for Chrome which has so far helped the two browsers be the fastest on the market.

Microsoft’s IE has struggled to adhere to web standards in the past, but has still been the most popular browser. Microsoft will have to offer some legacy support as a lot of applications are dependent upon IE, but I think the move would be a good one for Microsoft. They will, of course, need to somehow either keep the logo the same or similar in order to keep the investment they have made in the blue ‘e’ branding.

Tags: internet explorer, microsoft
Filed under News : Comments (0) : Mar 10th, 2009

Categories

• How-Tos / Tips
• Just for Fun
• News
• Rants
• Tech Trends
• Uncategorized

Search

Tags

Archives

• January 2012
• November 2011
• October 2011
• September 2011
• May 2011
• April 2011
• March 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008

Blogroll

• Brian in the Big City
• Silicon Grassland
• SugarCRM
• TheSysAdminLog
• Zimbra