Blog Made Lifehacker's 2011 Top Articles on Linux List! 9
I suppose that most of you know I’ve contributed a few articles over at Lifehacker in 2011.
- Linux System Maintenance
- How to Block Unwanted Ads in All Applications and Speed Up Web Browsing with the Hosts File
Well, one of those articles made their 2011 Top Articles on Linux List!
Sweet!
You probably want to look at the slightly updated version of the Linux Maintenance article instead.
Writing those articles took lots of time and I felt like most of my normal readers would know that stuff already. Still, for the LH crowd, it seemed right on target.
Are there any articles that you’d like me to attempt?
Perhaps a series on a less-trivial topic?
I’ve been doing lots of presentations lately, but those topics don’t really translate into blog entries. Actually, my blog entries feed into the presentations.
Congratulations, John! It is awesome that your article made the cut.
If you’re asking, I do have some topic suggestions:
I imagine that these would be quite tough to write about. I personally would think twice before asking an intermediate user-base what they would like to read about, let alone an advanced one. Kudos.
Keep up the good work !!!!
Thanks! Great suggestions …
Advanced networking concepts
Well, I’m simply not qualified to teach anything advanced when it relates to networking. Sure, I can do small office networking, but that is very different from running ATM, SONET, or internet backbone networks. All my network knowledge is self taught or from watching real experts perform complex designs and specify equipment for projects. Don’t misunderstand, I’ve worked with network experts on lots of projects with millions of dollars spent just on network equipment, but THEY were the experts in that realm, not me. I haven’t much a clue about RIP or BGP.
Real world Linux security
Most of this stuff is boring, especially for a desktop user. Real World Linux Security would need an entire book … I have met and spoken with Bob Toxen the author of Real World Linux Security. He comes to the local LUG often. He did a presentation here about the 7 Deadly Linux Security Sins or something like that a few months ago. I’ll search for a link. Well, I didn’t find his presentation, but I did find these related articles:
If you are link-lazy here are his 7 Deadly Sins:
As you can see, most of this is for corporate security, not for home users. During his presentation at the LUG, the entire audience had lots to say about password management. I was surprised how many were still rolling their own solutions instead of using KeePassX.
The Open Network Ports part was a duh moment, then one of the kids said that UPnP solved that completely! He was quickly corrected and learned that UPnP was a huge security liability. I just read the other day that many consumer router/firewalls act like bridges after a reboot for about 30 seconds before the firewall becomes active. Scary. I haven’t tested this, just be aware that your internal network may be open during this period of time and keep reboots to a minimal at home.
Most of my Linux security setup revolves around network security and staying patched. For example, I’m running a few publicly available services on some IPs. Those services are setup this way:
Someday soon, I expect this service to be available from almost anywhere on the internet, but right now it is only for specific developers and testers. They all know it will only work from a specific subnet that they provided to me.
For desktop users, most of my techniques are spelled out in these three articles:
Perhaps you have more detailed ideas or questions?
I just got an idea … how I physically deal with computers and networking at home. Photos will be mandatory.
Congrats, and thanks! But you’ve been consistently one of the best writers at LH for years, like it or not, so no surprise… The more you write, here or there, the better for us all. Thanks again, amigo!
The host file security article was one of the most impressive (and enabling) items I’ve ever read, John. Many thanks for taking the time to put it together.
Networking is a little hobby of mine. I’ve always wanted to learn more about it. It is too bad that you are not able to write more of those comprehensive posts of yours about that. I think, however, it is good to know that you are filtering yourself to ensure quality across your posts. Anyway, that is something I will have to find information about elsewhere then.
On the Linux security note; I was especially interested in corporate stuff, that is covered in the book. Thanks for linking to those resources. I added the book to my wish-list.
No problem, however, corporate security is very different from what small companies and home users do.
If you really want to understand IT Security, work towards a CISSP Certification, but be certain you get the hands-on experience too. Even a paper-only CISSP is valuable in large enterprises to help perform design reviews and system audits, but the hands-on guys are irreplaceable in finding secure ways to help business users do what they need.
It all starts with network security first. Then working towards system setup security, patching and lastly, account and access controls. Most home users start and end with account access, in my experience. Many home users don’t understand how critical network design is towards total security of systems.
In a corporation, end-users generally have zero responsibility for the security of their systems. IT policy, PC and server settings and network restrictions prevent undesirable access. Users, developers and managers are constantly cussing about IT policy restrictions that require they know exactly how to properly request the necessary access.
If you ask specific questions, I can attempt to explain what I’ve seen.
In the corporate world, there are a few books like Visible Ops [ link ] that explain how to get things done with predictable, measurable and reproducible results. If you can’t prove that something was done, then it wasn’t done correctly. For example, if you need to patch 21,000 desktops and laptops, you need a way to prove that they were all patched properly. When I had that as part of my job, I was shocked to learn that MS-SMS patching doesn’t always work even when desktops are powered on and connected to the network. There are lots of failure modes. My users were sometimes connected, so using MS-SMS wasn’t an option. Most of the time, my users were not connected to the corporate network with enough bandwidth to consider patching.
ITIL is a method used by world-class IT organizations to get things done.
There is a Visible Ops Security book too, but I haven’t read it. That isn’t my areas of expertise.
Congratulations!
I’ve read Lifehacker’s articles on password management as well as your own recommendation to use KeePassX.
I think a how-to guide for using KeePassX smartly and securely (implement a cross-platform solution, process of backups, etc) would be a great article to attempt.
I’ve written a few articles on using KeePassX for Password Management already:
I hope they help. For some of these things, a video showing the use would be much quicker than reading an article. Perhaps youtube already has some?
There are others.