I following is an easy way to ensure that WordPress file permissions are correctly set using the find and xargs commands. I learned this technique from Dan Miessler’s excellent Find command primer.
Ensure each directory has the correct permissions set:
find . -type d -print0 | xargs -0 chmod 755
Ensure that each file has the correct permissions set :
find . -type f -print0 | xargs -0 chmod 644
I’ve recently discovered DD-WRT, the free Linux firmware for many network routers. My wife just got an old iMac G4 without wireless capability and I was looking for a wireless solution for it. I already have a wireless router at home and thought that the best way to wirelessly connect the iMac would be by creating a wireless bridge.
I have good experience with Linksys routers in the past, so I bought a WRT5GS assuming that it would have bridge mode capability. However, I was surprised to find out that the WRT54GS didn’t have this functionality and that I would have to spend much more for a Linksys model designed to be a bridge.
I remembered reading about DD-WRT, a third-party, open source Linux firmware for routers. With DD-WRT, an ordinary router suddenly gains the features of much more expensive routing equipment. I’ve been very impressed. The interface is very professional, and my little wireless router now has an amazing feature list.
DD-WRT doesn’t work on most Linksys routers on the market now, as Linksys has successively reduced their router’s flash memory to the point that DD-WRT can no longer be installed. Fortunately, there are many other routers on the market that are DD-WRT-friendly. The returned the Linksys router for a Buffalo router that the DD-WRT wiki recommend. It works great. I don’t think I’ll buy a networking gear again that can’t run third-party Linux firmware.
My favorite podcast currently is FLOSS Weekly, which stands for Free as in Libre Open Source Software. The hosts are Leo Laporte and Chris Dibona. Chris Dibona is the open source program manager at Google and is in charge of Google Code, the Summer of Code, and keeping up good relations with the OSS community.
The format of the show is an interview with a prominent member of the OSS community, and because of Dibona’s contacts, the interviewees are top notch. Recent podcasts have featured Guido Van Rossum (creator of Python), Rasmus Lerdorf (creator of PHP), Randal Schwartz & Chromatic (key Perl developers/gurus), and Miguel de Icaza (creator of GNOME, and the Mono project).
The latest podcast interviews Eben Moglen, General Counsel of the Free Software Foundation, who talks about the history and significance of the GPL, and the importance and potential world impact of GPL v3. Really fascinating stuff. If you have any interest in Linux or OSS in general, I highly recommend it.
Today I attended a lecture on privacy given by Les Seagraves, Chief Privacy Officer at Earthlink. During the Q&A, I asked him if he had noticed a rise in the usage of anonymization tools like TOR. He replied that he had noticed a rise in the use of tools like TOR, and attributed the growing popularity to customer’s increasing concerns for privacy.
I’ve written before about TOR–a means of accessing the Internet anonymously. Whereas typical web browsing can be easily tracked by Internet Service Providers or governments, TOR sends traffic through a random, encrypted mesh of routers so that data is very difficult to track. Until now, TOR has required some technical know-how to set up. However, a new web browser, Torpark, has made anonymous web browsing easy and transparent.
Torpark is a modified version of the excellent Firefox web browser. It has TOR technology built into it so all you have to do is use Torpark to browse the web and you will do so anonymously. Plus, Torpark doesn’t need to have components installed on a computer, so it can be stored and run from a USB key at public kiosks. Below is a screenshot of Torpark accessing the Hidden Wiki, a web page that can only be accessed through the TOR network. As of now, Torpark only runs on Windows.
This week Ethereal, one of the most popular security and network tools, has had its name changed to WireShark. As this article explains, Gerald Combs, the creator of Ethereal, has moved to a new company and the former employer holds the copyright for the name Ethereal. Because the two parties couldn’t come to an agreement, Combs changed the name to WireShark.
WireShark is a packet sniffing tool that allows people on a local area network (LAN) to “eavesdrop” on other users’ Internet activity. WireShark is a real eye-opener for those unfamiliar with the inherent insecurity of Ethernet-based LAN’s (by far the most dominant LAN technology). For example, a person using WireShark (or a score of similar tools) could easily “listen” to the network traffic in a hotel or wireless hotspot and capture people’s emails, passwords, or other sensitive information.
WireShark and others like it take advantage of the openness of the Ethernet protocol, which was designed for a friendlier computing era, as were so many other network technologies. Fortunately, packet sniffing can be protected against by using a VPN.
I have recently discovered TrueCrypt, a great open source data encryption tool that has recently gained the attention of security experts Bruce Schneier and Steve Gibson. TrueCrypt is cross-platform, meaning it runs on various versions of Linux and Windows (an OS X version is in the works). With TrueCrypt, you can create a folder or volume that encrypts/decrypts data on the fly in a seamless way. Further, TrueCrypt volumes are platform independent, so you can encrypt a volume in Linux and then decrypt it in Windows.
Data encryption is useful for many situations. I use it to encrypt my research data and documents on my laptop. As a researcher, I am required to keep confidential any personal data I may collect in my studies. With TrueCrypt, I can store potentially sensitive data on my laptop without fear of data theft. There are many other practical reasons why someone may wish encrypt his/her documents.
The fact that TrueCrypt is open source is a strong benefit. One advantage TrueCrypt has over Microsoft’s optional encryption scheme for Windows and other commercial solutions is the peer review of source code. The security and encryption communities have full access to the TrueCrypt source code, making any vulnerabilities or errors in the implementation of encryption algorithms plainly visible and more readily remedied.
For information about TrueCrypt, check out Steve Gibson’s “Security Now” podcast (or read the transcript). You can download TrueCrypt here.
I’ve recently found a great new podcast on open source software, FLOSS?or Free (as in Libre) Open Source Software (hence the acronym). The show is hosted in part by Chris DiBona, a long-time member of the open source community. You can access the RSS feed for the podcast here.
I’ve gained an admiration of tech publisher Tim O’Reilly from several interviews and speeches I’ve heard him give. I find Tim’s insights to be forward-thinking and yet very cogent and well-reasoned.
In the latest interview I read on NerdTV, Tim commented on how his company’s goal has been to create more value than they capture. After reviewing the history of O’Reilly, it is easy to see how this has been the case. Aside from their excellent books, O’Reilly helped evangelize the World Wide Web (and created the first Internet Portal, GNN), and has greatly raised the awareness and perceived legitimacy of open source software.
I’ve recently discovered TOR (The Onion Router), an anonymous Internet communication system. The name references an onion’s multiple peel layers. In a TOR network, data sent from one router to the next is encrypted with an added layer of encryption. Using TOR, data sent or retrieved is untraceable. While this offers a substantial measure of anonymity to those who wish to communicate freely, it also posses several security concerns (this technology seems tailor made for terrorism).
For an example of the power of TOR, install TOR and check out the Hidden Wiki. This web server resides in an unknown site and is nearly impossible to locate. At this site, TOR users can post information and files without fear of being sued. For example, someone posted Mike Lynn’s recent Cisco router vulnerability presentation and pictures. Other sites have been forced by Cisco legal to remove the information, but because the Hidden Wiki is untraceable, Cisco lawyers have no one to sue. Definitely a two-edged sword.