Archive for the ‘software’ Category

Sourceforge Delays


For those wondering why it took soooooo long for SF mirrors to make Anonym.OS available:

Comment By: R L

Date: 2006-01-17 22:59


Logged In: YES



First off, I apologize for the inconvenience this has caused
you. It is *not* normal for new releases to take three days
to sync. The mirror system is at something of a cusp
point right now where many of our mirrors are starting to
run out of space. Because of this, we’re working on
restructuring our mirror system so the mirrors always have
at least the “newest stuff”, and as much of the older files
as possible. This isn’t in place yet, but in the mean time
I will manually sync your project. I’ll update this ticket
when I’ve finished this.

Technorati Tags:



Well, it’s been a busy three days. I’ve received dozens of emails following our first public beta release of Anonym.OS, and I hope everyone will be patient with me as I try to respond to each email. In the meantime, I can address a few of the more common questions:

1. Where can I download Anonym.OS?

There are currently two download sites — Sourceforge and LinuxTracker

2. Is there an MD5 digest for the ISO?

Don’t know how I missed posting this with the ISO, sorry. :-/ aa3907cbe3220f57e1c1a1bbaec062ef

3. What do I have to do to burn/boot the CD?

You do not have to extract the ISO. Just burn it right from Windows, Mac OS, Linux or BSD and boot right off the CD.

Everything else I haven’t addressed here, I will be addressing in individual email responses, and I will try to compile the more pertinent points into a FAQ that everyone can refer to in the future.

Technorati Tags: , , ,

100 TB of Anonymity


For those still having problems downloading, please accept my sincerest apologies. We had absolutely no idea how popular Anonym.OS would become, nor how quickly.

In roughly 36 hours since it’s release, we’ve now seen over 190,000 downloads of Anonym.OS via Sourceforge alone, amounting to roughly 110 TB served! One hundred and ten terabytes. Holy crap.

Additionally, we’ve had over 2800 successful snatches via Bittorrent and have had over 600 active seeders and up to 2500 total peers at peak. Therefore, if you’re having problems getting a copy, give it a while and try again; all of the mirrors that have a copy of the file are busy, and there are over 200 peers still downloading the torrent as I write this. Good luck, and safe surfing!

Technorati Tags: , ,

kaos.theory Responds


First of all, I’d like to take a moment to express, on behalf of kaos.theory, how excited and flattered we are by all of the attention that we and Anonym.OS have received. We always thought we were working on a cool project, but we really underestimated the overwhelming response that we’ve had. Scores of terabyte upon terrabytes of data have flowed and the hit counters keep on ticking. It appears that privacy is as big of a concern for a large segment of the population as it is for us.

That being said, there have been a few comments made and viewpoints published that we would like to address while we have the bully pulpit provided by the good folks at digg, Slashdot, Reddit, Wired News, and Ars Technica, among others.

Anonym.OS Slashdotted


Slashdot | Anonym.OS
Well, Anonym.OS just got Slashdotted. Guess we’ll see how well Dreamhost stands up to the challenge, eh?

Technorati Tags: , , ,

Anonym.OS in action


anonym.os screenshot
Since this picture didn’t seem to make it into the Wired article, I thought it would be nice to post it here for those who haven’t yet booted Anonym.OS.

kaos crew
I also really liked this picture from our photo shoot, though it didn’t make it to print. Great idea, decent execution. Kinda captures the spirit of Anonym.OS, wouldn’t you say?

Technorati Tags: , , ,

1001 ways to harden Linux


Saw this post about a “10 step approach to a secure server” and decided to sort through old courseware I’d written and filter through my bookmarks to provide readers with a fairly comprehensive list of resources for hardening a Linux box (regardless of flavor/distribution/vendor/purpose).

Bearing in mind that there are probably several hundreds of websites and whitepapers that talk to this topic, I’ve tried my best to filter the wheat from the chaff, leaving only those resources that I believe are valuable and offer some unique insight, perspective or technique…

I will also try to keep this page up-to-date by adding new resources as I find them.

Technorati Tags: ,


Hey, your SSH is showing


Saw an interesting submission by Chuck Talk at RootPrompt the other day about DenyHosts, a tool to prevent repeated attacks against public SSH services running on your servers.

Apparently someone had plenty of time to try to login, and was not deterred by repeated login failure. That set me on a course to find a solution that was simple, effective and enough of a barrier to the attacker that they would move on out of frustration, or simply be denied enough that they would find easier targets.

That search led me to find DenyHosts, a simple and elegant solution that works with a minimal configuration effort and is small, quick and clean. The ease of installation and operation make this an effective solution to annoying SSH attackers, and one that you should consider if you are using SSH services.

In essence, DenyHosts is a simple python script, watching logs for entries that might indicate obviously malicious and/or suspicious login attempts. From the FAQ:

DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is valid (eg. has a system account) or invalid (eg. does not have a system account).

When DenyHosts determines that a given host has attempted a configurable number of attempts (this is known as the deny_threshold), DenyHosts will add that host to the /etc/hosts.deny file. This will prevent that host from contacting your sshd server again.

Also, DenyHosts will note any successful logins that occurred by a host that has exceeded the deny_threshold. These are known as suspicious logins and should be investigated further by the system admin.

New Browser, Same Old Flaw

1 Comment

Not sure how this one was overlooked in the latest build… seems a trivial, though devastating, error.

Spoofing Flaw Resurfaces in Mozilla Browsers:

“GregThePaladin writes ”A 7-year-old flaw that could let an attacker place malicious content on trusted Web sites has resurfaced in the most recent Firefox browser, Secunia has warned. The flaw, which also affects some other Mozilla Foundation programs, lies in the way the software handles frames. The applications don’t check whether the frames displayed in a single window all originate from the same Web site.“ Commentary on this at whitedust as well.”

I really do like Firefox, though I must admit, it’s painfully slow on my Mac as soon I turn on any extensions. Considering that one of Firefox’s greatest strengths is it’s extensibility, I’ve once again reverted to Safari.

More on Quicksilver


In an earlier post, I made brief mention of a tool that I’ve come to depend on now that I’m using a Mac, but I spent no real time describing it, which does not do this extraordinary program justice. The tool of which I speak is Quicksilver, a tool that has brought me closer to my keyboard and virtually eliminated my dependence on a mouse in and of itself.

The program itself is sheer brilliance. It is, to put it simply, the most powerful search tool, application launcher, bookmark manager, addressbook assistant, file transfer application, folder browser, music player and email manager… all hidden behind a single-panel interface into which I type that which I desire. Not only does it find what I’m looking for, but it learns along the way, identifying those things that I request most often and delivering them to me with fewer keystrokes on each subsequent request.

The developers describe it as “An evolving framework for accessing and manipulating many forms of personal data,” and though I think the description is accurate, to someone who’s never experienced Quicksilver it’s probably inadequate.