CSH Blog Network

Surprisingly enough, this post is not for my FOSS class.

Anyway, this article has been circulating around my network lately, and it led me to think about my stance on open source.

I love open source software, both writing it and using it.

Why?

First and foremost, I'm a student. Learning is quite literally my profession. And hopefully after I graduate in May, I'll continue to learn. I love technology because to be truly successful, you need to continue to learn throughout your career.  read more »

Over the last year, I've made the effort to get most of my passwords into 1Password. It's pretty nice to only have to remember one password, along with easily with increasing your overall online security. Whenever another bank or website gets their password list stolen, I'm not concerned because my password for that site was "0RLrA4GQeGlRZR" or some other gibberish that was unique to that specific site.  read more »

So, first, I royally messed this up when I first committed this blog entry, and wrote about 3 things I enjoyed doing, rather than writing about 3 Sugar activities. That post has been removed - largely out of embarrassment

That being said, here are my three favorite Sugar activities.

The first activity I find interesting is Wine. This isn't because I think the Wine project is particularly interesting by itself, but because I find it surprising that Wine has been "ported" to the OLPC as well as its reception.  read more »

It's my last quarter at RIT, and for some reason I decided to take a class called Humanitarian and Free and Open Source Software Development. I'm not entirely sure what the purpose of the class is (save for of course developing FOSS), but I'm excited for it nonetheless.

Anyway, for the class I need to write a bit of an introduction to myself on my blog, as well as talk about three activities that I enjoy.  read more »

Lets say you are in a domain, and you wish to access several different web services. How often do you find you have to enter the same username and password over and over again to get to each website? Wouldn’t it be nice if you could just enter it once and automagically have access to all the web services you need? Well guess what? You can!  read more »

Over the last few years, I've integrated and used many different open source projects, looking at a wide range of code quality, documentation, and project organization. Code is just one part of a project, first impressions matter, and especially when deciding to add a dependency to your project, you want to judge a project on many different metrics.  read more »

First let’s review how your traffic gets to it’s destination. You open up your favorite web browser and punch in “www.google.com”. Since your computer works with IP addresses, and not names (like people), you need to do a process of resolving the name. The Domain Name System (DNS) is the service that does this. Your ISP runs DNS servers, that are typically given to you in your DHCP lease. Your computer sends a query to this DNS server asking “what is the IP address of www.google.com”.  read more »

I have a shiny new VM server sitting in my dorm room. I have access to two networks, one operated by my dorm organization and the other provided to me by RIT. Both get me to the internet, but do so through different paths/SLAs. I want my server to be accessible from both networks. I also want to be able to attach VM hosts to NAT’d networks behind each respective network. This gives me a total of four possible VM networks (primary-external, primary-internal, secondary-external, secondary-internal).  read more »

If I am the requester or the requestee, it means that I have had a conversation with you (Not chat/texted. Actual person-to-person) on at least two separate occasions. (Occasionally this may be reduced to one depending on circumstances) Do not get this confused with what I consider a “dialog”. A dialog is nothing more than “Hi! How are you today? What’s up?”. A conversation entails we discussed and compared our thoughts on at least one topic at length >5min.  read more »

My organization stores user information in an OpenLDAP directory server. This includes contact information, shell preferences, iButton IDs, etc. The directory server does not store the users password and relies on a Kerberos KDC to provide authentication via SASL. This is a widely supported configuration and is popular because you can achieve SSO (Single Sign-On) and keep passwords out of your directory.  read more »

There are a number of useful Kerberos client utilities that can help you when working with authentication services.

kinit will initiate a new ticket from the Kerberos system. This is how you renew your tickets to access kerberized services or renew service principals for daemons. You can kinit interactively by simply running kinit and giving it the principal you want to init as:  read more »

Multipath routing is when you have a router with multiple equal-cost paths to a single destination. Since each of these routes carries the same weight, the router will distribute traffic across all of them roughly equally. You can read more on this technology on Wikipedia. This is more about the implementation of such a topology.  read more »

There are some things we need to set up prior to installing and configuring OpenLDAP.

You will need a working KDC somewhere in your domain. You also need to have the server configured as a Kerberos client (/etc/krb5.conf) and be able to kinit without issue.

There are two principals that you will need in your /etc/krb5.keytab:  read more »

Fix Me Maybe (parody of Call Me Maybe) Words by Grant Cohoe (cohoe) Music & original words by Carly Rae Jepsen

This was dedicated to Ross Delinger (rossdylan) because: “FIX THE DAMN IRC SERVER!” Like the original song, it then went a lot further than expected. What more might come of this?!

MP3 - Sung by Alex Howland (ducker)

Lyrics:  read more »

Using a couple of seed files, you can easily get started managing your own PKI for your network. You need to have OpenSSL and Make installed on the system you are working with.

First, pick a directory to store your certificates in. I am going to use /etc/pki/example.com since this is where all the other system SSL stuff is stored and for you SELinux people, will already have the right contexts. cd into that directory and create the Makefile:  read more »

Like most of my projects, it all started with CSH. RIT allocates us two /24 public-facing networks to distribute out to our users. These resources need to have some degree of accounting in the event a user does something stupid (piracy, kiddie-pr0n, etc). RIT handles this with their own internal application, referred to as “start.rit.edu”. Fun aside, Start.RIT was coded by an old CSHer, now RIT employee and CSH advisor.  read more »