NX machine, custom ssh configuration and on disk encryption for the faint of heart

di

Recently I switched an ubuntu test server running Precise Pangolin  from x11vnc to No Machine Nx server. I suppose (but haven’t tried) that those indications may also work for FreeNX (whose repository is unreacheable, at the moment)
As usual, it turns out that having a non-standard Ssh configuration or Ubuntu on disk encryption your mileage will vary, as NX machine relies heavily on OpenSSH. Also Ubuntu Precise  brings some issues of this own.

I recently detailed the length I had to go to ensure reliable ssh communication with home-directory-encrypting .
However I like to understand what happens under the hood so I decided to go ahead with the set up instead of just rolling back x11vnc.
It’s a test server, so let’s get over this.
Of course, I managed to do everything with the server “near” me. Doing this on a remote server is not a good idea, even  having something or someone with an alternative way of access on site. Things can go awry also after a reboot, because of the encrypted home file-system. Checking what happens after a full reboot before declaring ‘OK’ is a good idea.
Versions involved: nxclient,nxnode,nxserver  3.5.0-xx  running on Pangolin Ubuntu 12.04 LTS 64 bit.
Premise: I suspect a good deal of problems can be avoided installing and configuring Nx machine with the home directory (e.g the home of the user that is going to connect) mounted. One has only to remember then to cover all bases and modify the relevant directives and copy the relevant files outside the encrypted home. I did it without the home directory mounted.
Read everything before doing anything!

Leggi tutto

Volunia is alive and kicking

di
Whom the gods wish to destroy, they first call promising.
(Cyril Connolly, Enemies of Promise)

The Italian social search engine Volunia by Massimo Marchiori raised eyebrows during this launch of February 2012: some considered it  stillborn. The usual ill-fated comparison (e.g “the Google killer”) fuelled the debate further.
08/06/2012 Update: it seems there are some problems…read at bottom

Leggi tutto

Openssh and the perils of encrypted home

di

Let’s say you have just prepared a new server and you make all your stuff. Nowadays Linux distro have an option to enable home encryption for users, a feature I feel interesting for a system administrator as reduces the always present danger of leaving something valuable lingering around for an attacker.
It presents also a lesser know issue. If you use ssh Pubkey authentication (and you probably should by now) only, you may find yourself being out of the server in a subtle way, as OpenSsh will start refusing key intermittently, or SSH public key login  will fail for first login. It may seem a permission issue, at first. It may be not.

Leggi tutto

Germano Mosconi (1932 – 2012)

di

Germano Mosconi,  a well-known television personality, died today. We’d like to think that he’d finally discovered who’s that ‘mona che sbatte la porta’ (the prick that shuts the door loudly). Drawing by xoxtanianxox (Some rights reserved. This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License)

Cannot delete/modify protected access point on Symbian S60

di

I suspect there’s an issue between Wefi and Whatsapp on Symbian (specifically S60 3rd edition, tested on Nokia e51). I cannot unfortunately recover the Wefi version as I disinstalled it. That’s precisely how troubles began: with Whatsup always running, Wefi failed to delete the Automatic-Wefi access point during uninstall. Turns out that this access point … Leggi tutto