YetAnotherPersonalHomepage

We’re back after a vacation in Italy and we began catching up today. All very mundane: laundry, food shopping, digging the car out of the snow, snail mail, bills, over a dozen phone calls to return.

Sorted through the pictures from the trip and chose some for printing. I have a number of photos to upload and found dozens from earlier in the year that I never did anything with. Expect them to show up over the course of a few weeks. I wrote notes while on the trip and they’ll (probably) show up as back-dated blog entries over the next several days.

Two weeks away reveals something about my reading habits. I have waiting for me:

• 2 books. 3 if you count a Haynes service and repair manual.
• 14 periodicals. Makes me glad we stopped the newspaper delivery.
• 2778 personal email messages. That includes my list subscriptions after spam filtering and reading some the other evening.
• 6153 (and growing) messages at work. That should be all kinds of fun since I’m also on call next week.

Expect a number of entries soon. Ciao!

If you own an Apple product and buy into the whole gadget as lifestyle then iProduct is for you.

More seriously, that MacMini is really interesting. At 6.5″x6.5″x2″ and three pounds it might fit in the dash or trunk of a car in place of a CD jukebox. Rig up a touch screen vga panel as an interface. Judging from the picture of the connectors on the back it has a power brick inverter that they don’t show so you could probably hack it to run right off the car’s DC.

Another idea, four of them would fit in less than the rackspace taken up by my old Sun Ultra-1E. Just one would likely kick the tar out of the U1E as a webserver. For a little over $2000 you could have a small cluster of little webservers that run a decent Unix and they’re cheap enough to be almost disposable. Interesting.

I find that everything is easier on OpenBSD when it comes to security. The tools are already present and properly integrated in the base install. They even have good documentation. This one is right out of the FAQ…

As root, create the /etc/skey directory: skeyinit -E Next as a normal user on a secure console, setup your skey passphrase, one different from your system password: skeyinit Then to use OTP with your login, just tack ‘:skey’ onto your username: ssh joeuser:skey@host.example.com

Done!

As root install the packages:

  apt-get install libpam-opie opie-server opie-client

My systems only permit ssh, so I ignore the other services. Enable it by editing /etc/pam.d/ssh. Comment out the inclusion of common-auth and add the lines so the file reads:

  #@include common-auth
  auth    sufficient      pam_opie.so
  auth    sufficient      pam_unix.so nullok_secure
  auth    require         pam_deny.so

It might be incovenient but you can enable it globally by editing /etc/pam.d/common-auth:

  #auth    required        pam_unix.so nullok_secure. 
  auth    sufficient      pam_opie.so
  auth    sufficient      pam_unix.so nullok_secure
  auth    require         pam_deny.so

Enable it for the non-root account, by running on a secure console:

  opiepasswd -c

That’s it, you’re done! On your next attempt to log in with ssh you should see similar to:

  $ ssh myhost.example.com
  otp-md5 495 wi01309 ext, Response: