GeodSoft logo   GeodSoft

What Was New: Jan. 25, 2001 - Nov. 12, 2003

- What Was New: Jan. - Mar. 2007
- What Was New: July - Dec. 2000
- What Was New: April - June 2000

Grub's incompatibility (11/12/2003) with the new UFS2 filesystem introduced in FreeBSD 5 is discussed and a workaround provided.

The new FreeBSD Mirror part of (2/6/2002) is discussed on a new page in the part of /making/">Building GeodSoft section. The choice of FreeBSD rather than a second Linux distribution is discussed as well as why I put a web server on the oldest, slowest PC, I had available. The FreeBSD Power Pack boxed set is briefly reviewed as is the install process. Preliminary indications are that FreeBSD may be much more like OpenBSD than I'd hoped, and may not posses the ease of application setup that characterizes Linux and hoped to see in FreeBSD. Performance, from the perspective of what any of these open source systems can do with old hardware is discussed, and compared with Linux and OpenBSD on much newer faster PCs.

Setup a new FreeBSD Mirror site (2/4/2002). Unlike the other mirrors, this is not on comparable hardware but on the oldest and slowest machine I had (a P 133 with 128MB RAM and a 1.6GB disk), that hadn't been used regularly for almost 3 years. This is temporarily using the old NT server's DNS entries.

Dual and Multi Booting FreeBSD, Linux, and OpenBSD (1/23/2002) is a completely new section. It tries to be a comprehensive guide to putting two or more bootable FreeBSD, Linux, and or OpenBSD systems on a single drive in any combination of systems up to the limits imposed by the PC disk architecture and the inherent limits of each specific OS and of course available space on the disk. A single disk could have up to 31 systems mixing 20 FreeBSD systems with 11 Linux. The emphasis is on actual steps needed to boot dual and multiple systems from a hard disk. The GNU GRUB boot loader is an essential component of most installs and instructions are provided for all GRUB procedures necessary to boot FreeBSD, Linux and OpenBSD in any combination.

A Check List (12/23/2001) has been added to the Hardening OpenBSD Internet Servers section. This reduces all the steps discussed in this section and related items from other parts of the web site to short action items. Each is rated by importance from 0 (not recommended) to 5 (essential) based on the criteria from the new Priorities page. Items are presented in a suggested order of completion and a printer friendly version is also available to assist in making this a practical working form.

Priorities, Costs and Benefits (12/20/2001) is a completely new page in the Hardening OpenBSD Internet Servers section that ranks the techniques discussed in terms security payoff versus the effort and risks involved. Some background on the development of the section is provided. The importance of staying up-to-date with OpenBSD releases is discussed and how these techniques may make upgrades more difficult is a factor in the ranking. Techniques with the highest security benefits are ranked most highly but the variable amount of up front and or ongoing effort are considered as well of the risks of implementing some of the techniques.

Hardening OpenBSD Internet Servers (12/15/2001) has been updated to cover the changes from OpenBSD 2.9 to 3.0. The big change was the switch from IP Filter to Packet Filter. Though the concepts and most of the rules remain the same the mechanics are different and just about everything related to firewall logs changed. There were several Sendmail surprises as well. A variety of other edits and updates not directly related to the 3.0 upgrade were also made. The update included a new page that is an overview of the 2.9 to 3.0 changes as they relate to the hardening techniques discussed.

Moving a Red Hat Linux 6.2 Web Server to Red Hat 7.2 . (11/29/2001) I replaced my Red Hat 6.2 web server with a 7.2 server with less than 2 minutes down time. The old Linux server had been a rock with an 11 month uptime record broken by an accidental hardware reset. The migration process is described in considerable detail. The article is an eclectic mixture of a tutorial on migrating servers and partitioning disks, a historical record documenting an important GeodSoft site change, and an editorial on several Red Hat installation process deficiencies.

Bad Memory Caused the NT Server Failure. (11/19/2001) A recent install of OpenBSD on the machine that had been the NT server resulted in "segmentation fault" and "memory fault" errors that lead to the bad memory diagnosis and fix. Despite these errors OpenBSD continued to serve web pages without interruption. The NT Server Failure page has been updated to reflect the recent troubleshooting, including the fact that Linux installs failed, and provided no useful error messages leading to a problem fix.

Terms of Use (10/10/2001) have been completely revised to adopt an open content approach. Previously terms of use were highly restrictive in an attempt to force anyone wishing to use GeodSoft content to visit the web site. The new terms allow liberal content distribution provided that certain restrictions including retention of copyright notice and reference to the new "GeodSoft Publication License" are retained.

The new terms were very loosely modeled after the Open Publication License. While this works well for books and manuals, I did not think it worked well for a web site that is a content delivery application. Specifically, issues related to standard navigation aids were not addressed.

The GeodSoft Publication License allows web pages to be printed and photocopied or mirrored to other sites, where the appearance of the full web page is faithfully preserved, or to separate the unique page content and reformat it for other web pages or other media, where textual content is preserved, but the original web page design is discarded. This is a work in progress and is likely to be adjusted in response to future developments.

Linux, OpenBSD, Windows NT & 2000 Server Comparison (9/18/2001) This entirely new section is an in depth (over 120 printed pages) comparison of three operating systems used as servers. About one third is devoted to security issues. Other significant comparison topics are application support, stability and reliability, and usability. Also discussed are scalability, staffing issues and total cost of ownership.

The Limits of Open Source (8/23/2001) states that the open source software development model is not appropriate to all software. Government, schools, medical office/patient management, and jet engine control software are discussed. Why open source is appropriate to some and not others is considered. These pages were extensively modified between their initial display and Sept. 2, 2001.

NT Server Down, Won't Be Fixed (8/20/2001) Following the failure of my Windows NT 4, IIS 4 web server, triggered by a recent Microsoft security patch, I won't maintain it any longer. Restoring the system will require reinstalling NT and restoring from backups. Without substantial additional testing, I can't determine if I should restore the pre-patch system (with the Code Red / IIS Index Server patch applied in early July) and forego the rollup patch or restore the post rollup patch system.

Beginner's Guide to SSH (8/14/01) is the beginning of a new How-to section covering the basics of setting up Secure Shell or SSH connections between OpenBSD, Linux and Windows. The new material covers OpenBSD and Linux sshd servers and clients for all three systems. Later the additional commands and options and hopefully a Windows SSH server will be covered. I decided to put up useful material now and will add to it as I work through the issues. I wanted to avoid getting bogged down in every growing projects that never seem to get finished like some of the review projects I'm working on.

The Future (8/12/01) In late 1999 I wrote a piece in the Book section that predicted the demise of mass printing (newspapers and magazines) and eventually paper itself. Commentary prompted by the twentieth anniversary of the IBM PC, August 2001, and the technology doldrums of the past year and a half prompted me to review this piece. I concluded that the piece should be left exactly as it was originally written.

Bogus PHP DoS Attacks (8/02/01) looks at a basic PHP feature that was recently covered by the on-line press as some new security threat. I ask that some knowledge and analysis be applied, before the web press assists some publicity seeking miscreant, who claims to have found a bug where none exits.

Apply security updates to your systems (7/24/01) in the Ten Practical Security Steps section has been largely rewritten. Following a series of large scale (250,000 compromised systems) security vulnerabilities affecting Microsoft Windows NT and 2000 systems in the past few months, it's no longer acceptable for administrators to wait for the next service pack. Administrators need to stay informed and actively move to prevent threats where their systems may be used to attack others. Though I hate this waste of resources, today's hostile environment pretty much demands it. My own small LAN received more than 300 attempts to spread the Code Red Worm from infected systems all over the world and my NT server would have been infected many times if it had not already been patched.

Cracking "Good" Passwords (6/23/01) After showing how easy it is to crack passwords based on two short words separated by a non letter, a new section has been added titled Alternative Manual Passwords. Passwords derived from sentences, phrases and other personal algorithms are discussed. If the resulting passwords are sufficiently long and contain enough character diversity, some "personal" algorithms for creating passwords are likely to create passwords stronger than those created by combining two words with non letters.

Hardening OpenBSD Internet servers (6/18/01) has been updated to reflect the changes in 2.9. This is based on the official 2.9 release CD and includes IP Filter even though IP Filter has since been removed from the source tree due to licensing issues. The page of detailed OpenBSD hardening instructions which had grown unmanageably large has been split into several smaller pages. Each focuses on a specific aspect of the hardening process. Numerous subheadings were added in the process. Hopefully this will make it easier to find specific information related to hardening an OpenBSD system.

Installing NTP on Windows (6/16/01) has been largely rewritten with much new information. A reader, Dan Sydnes of Data Junction Corporation, suggested that I try the open source SNTP product, NetTime. I found this to be an excellent product that may be best time synchronization solution for most Windows PCs, both desktop and server. This necessitated a rewrite and along with new information regarding the Trimble port of ntpd, a re-evaluation of the available Windows time products. I added a new "Recommendations and Suggested Configurations" section that makes comparative evaluations of the different products in various environments and with different priorities. It includes some specific configuration setting recommendations.

Improving Password Security (6/8/01) - A new feature in the Windows based, LC3, password cracker allows multiple computers to participate in the same attempt to crack passwords. Distributed password cracking, making use of the untapped CPU power of desktop machines during off hours, has at least the potential to make cracking tools move valuable to the victims of crackers than to those who would use them for illicit purposes. If so, some previous conclusions regarding the value of password auditing might need revising. A new section discusses this.

NT's Poor Password Encryption (6/8/01) has been updated to account for the changed features of LC3 which has replaced l0phtcrack 2. The price is much higher and trial version weakened. There is a new multi machine feature, which if used, has significant implications and changes some previous conclusions.

Comparing Commercial and Open Source Licenses (6/6/01) discusses the essential characteristics of commercial product software licenses and compares these with the two very different types of open source licenses: the GNU General Public License (GPL) and Berkeley Standard Distribution (BSD) type licenses.

Open Source and Commercial Product Comparisons (6/6/01) is a preface to what will follow and explains why the reviews will be divided as they are. It discusses how the packaging and licensing of open source products complicates the comparison of competing open source and commercial products.

Terms of Use and Privacy Policy (5/27/01) have both been revised.

Corel Linux OS, Version 2, Review (5/26/01) is the first page in a new section Reviews and Commentary. This review explains why I do not think Corel Linux is an adequate Linux distribution and that users should try other distributions. I'm currently working on reviews of Red Hat Linux 7.1 and StarOffice 5.2 which are major products with much to recommend. Hopefully it won't be too long before these are available.

IP Filter on Non Firewalls (4/28/01) is a large new section in Hardening OpenBSD Internet Servers. The emphasis is on using IP Filter to protect the machine on which it is being used. Specifically discussed are using IP Filter on a host that is already behind a firewall or on a host that must be exposed to an Internet connection without the benefit of a dedicated firewall. Developing and testing a basic rule set is covered. Firewall networking issues such as routing and bridging and other issues related to multiple network interfaces are not covered.

Hardening OpenBSD Internet Servers updated (4/24/01): Includes two new sections on Immutable Files and Security Levels and Noexec, Nosuid and Nodev Mount Options. A number of Custom Kernel options have changed with several additional architecture independent features disabled as well as some I386 specific options. Most of the changes have been a result of reader suggestions. I'd like to thank Gregor Binder, Carson Harding, Tim Theisen, Christopher Witter and a couple others, whose e-mails I've mislaid, for their comments.

New NT Anomalies (4/9/01): Following a power outage, the NT server self destructed. This is a mild overstatement but the fact is, following a UPS initiated shutdown, the web and ftp servers would not run on the NT server and there were no NT errors or warnings that there was any problem. Considerable investigation found the definitive cause of the problem which can reasonably be described as NT trashing itself.

Good and Bad Passwords How-to (3/19/01) Is an in depth analysis of good, bad, strong and weak passwords, password cracking techniques and how-to reduce password vulnerabilities. It's probably has more than you ever wanted to know about passwords.

The new Password Evaluator (3/19/01) is closely related to the Good and Bad Passwords section. Think you know a good password? See what the evaluator tells you about it. It can quickly find keyboard shifted and rotated or reversed words that look like complete gibberish but that password cracking tools can quickly create from dictionary words to match that not so clever password you may have been using. These are only a few of the many word transformations and patterns looked for. If your password has no flaws (errors) that make it too weak to use, it's given a relative strength rating. A 2 is ten times stronger than a 1 and a 3 is ten times stronger than 2, etc.

Ten Practical Security Steps for Resource Limited IT Staffs (2/21/01) is a completely new section in the How-To area. In contrast to the Hardening OpenBSD section where significant effort is used to achieve limited security gains, the emphasis is on the basics, essentials and steps that have a large payback relative to the resources they require.

Cheap Backup Solutions (2/20/01) has been extensively updated and all scripts referred to are now included. Several visitors came to this page from different search engines. Their searches were appropriate to the page's subject but the page didn't deliver what the search results suggested it should. Hopefully it now will.

Home Grown Intrusion Detection (2/14/01) was updated to identify the kernel processes no longer listed by ps in OpenBSD 2.8 that were previously always listed.

The OpenBSD mirror (2/13/01) was moved to a new OpenBSD 2.8 server, installed and hardened as described in Hardening OpenBSD Internet Servers.

Detailed instructions (2/12/01) for, an automated password generator, were added. All options are explained.

Hardening OpenBSD Internet Servers (2/7/01) has been updated to cover OpenBSD 2.8. The OpenBSD Install Instructions are more detailed. The Custom Kernel section is significantly expanded with complete kernel configuration files and the deleted lines only for both the i386 architecture and the architecture independent kernel options. The Recovery CD ROM page has been substantially revised (2/8/01).

Time Synchronization: A Beginner's Guide to Network Time Protocol (NTP) (1/30/01) has been split from one very large page to several small ones. A several minor updates and corrections were made. (1/29/01)
I continued tinkering with the automated password generator until every control constant and variable that affects the structure and probabilities of generated passwords, is setable through the CGI interface. The original with source code remains available.

More Microsoft MMC Problems (1/28/01)
I had to reinstall Microsoft Management Console (MMC) again today because it could not find the IIS configuration data. Since the last update in September 2000, this "lost" / hidden IIS data problem has recurred. Routine would be an over statement but I think this about the third time I've reinstalled the Option Pack since September. (1/25/01) has a totally new password generation algorithm allowing user specified patterns to control the structure of generated passwords. Pseudo word patterns and unstructured, random passwords are now possible. The original State Department style passwords, cvc99cvc or consonant vowel consonant, digit digit, consonant vowel consonant, and variations remain as options. The original remains available as does the source code for a command line version of the original

- What Was New: Jan. - Mar. 2007
- What Was New: July - Dec. 2000
- What Was New: April - June 2000
transparent spacer

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in (or These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of (or cgi-bin/ from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.

Home >

What's New
Email address

Copyright © 2000-2014, George Shaffer. Terms and Conditions of Use.