equivocation: ambiguity or uncertainty of meaning in words; misapprehension arising from the ambiguity of terms; the using of a word or phrase in more than one sense. OED

The equivocation web site is primarily a set of personal notes about software, techniques, and other topics I find interesting or useful. Why is it called "equivocation"? Because descriptions of software and computer related techniques easily succumb to equivocation. I will endeavour to avoid this (although, I don't promise to succeeded).

Recent entries

SElinux and alternative ssh ports

It is quite common, and can be very effective, to use alternative/non-standard ssh ports to avoid port scans. Normally ssh listens for incoming connections on port 22. As this is its published port number it is easy for people and software to connect to this port and try random or typical user names and passwords (e.g. "root" user with password "password"). To make this more difficult ssh can be set up to listen to a non-standard port so that only those who know which port it is can connect quickly and easily. This technique is one I have used successfully for many years. With the release of Fedora 9 and the expansion of its SElinux policy, getting ssh to listen on alternative ports requires an additional step.

KVM and SELinux

In Fedora 9, kernel based virtual machines (KVM) are now constrained within SELinux. This is a good thing as it means any security bugs in the KVM/qemu infrastructure are less likely to impact on the host system. However, when moving from earlier versions of Fedora the KVM guest image files (e.g. of the form opensolaris.img) will probably be labelled with the wrong SELinux type which will prevent the guests from running on Fedora 9. To see the SELinux type labelling you can use the -Z option to the normal ls command:

Fedora 9 on a Dell XPS M1330

Upgrading from Fedora 8 to Fedora 9 is fairly straight forward on the Dell XPS M1330. During the Fedora 8 release the UVC driver for the integrated web cam became part of the standard kernel, so by the time Fedora 9 came along, all the hardware was working under Fedora 8 with no major tweaking required. Fedora 9, however, introduces a couple of new quirks.

Upgrading to Fedora 9 with preupgrade

The new preupgrade tool, available as a package on both Fedora 8 and 9, allows you to download and install all the necessary rpms required for upgrading from Fedora 8 to 9. This tool not only can save on media downloads, but also allows you to continue to use Fedora 8 while all the packages are being downloaded and prepared for Fedora 9.

KVM Virtual Manager Network Timeout

Small and simple guest operating systems (i.e. those not running many services) can tend to have network difficulties when using the default KVM and Virtual Machine Manager virtualization. I use a very small Debian etch guest that is a mirror of an identical small machine elsewhere. If the guest OS does not use the network connection for around 10 minutes, the idle network can become disconnected. This is actually a result of the iptables NAT setup by the Virtual Manager.

Syndicate content