For all things rockin' about life. Continued from:

Catamari wrote:Truth be told, I've never seen her name spelled out, before.


I got my fan fixed. The speed control board decided to shit on me. Turns out it wasn't needed. I just slapped in a MOV, a fuse, and a big, sexy paddle switch. Bob's my uncle.

Maru wrote:Out of curiosity, how often and for how long do you practice drumming? Literally every day?

Every day for an hour. Since I play tenors, I stand in one place and constantly bang out new beats. Occasionally, I'll hook up a snare drum and do some exercises.

I've finished the first draft of my novel. It took me three years to get to this point. RML

Let the editing process begin.

Good job. I once wrote a 36000-word piece, but it was crappy. Since then I have never been able to produce any complete work over 500 words in length. How long is your novel?

^Thanks. This is a bit over 48k words, so it's around the shortest limit of what seems to be the generally agreed upon minimum length of a novel; a final draft may end up being 4-5k words longer or shorter, though. The last piece I finished of any worth was a ~30k-word novella back in February, and I'm honestly more proud of that than I am of this. This thing is so haphazard and arbitrary that I'm not sure it can be saved. Editing is going to be interesting, to say the least.

I mean, it is my first actual novel that I've attempted to write, so mistakes are naturally part of the learning process. But at the same time, given the experience I've had with short stories, I still hope I can make this thing better than it is right now.

I recently got tired of being up until 4-5 am and then sleeping until 1-2 pm and then spending half of the afternoon doing things that should and could have been done much earlier in the day with a lot less stress involved. I have no clue whats been causing this but, like I said I have become very weary of it.

So today I forced myself to get up at 10 am. Granted, I did get around 6 hours of sleep which used to be what I would normally get and not have a problem with. I am a little drowsy which is probably due to my sleep schedule being so messed up, but today was the first step in getting my sleep schedule back under control and I am hoping that this upward trend continues.

Merridian wrote:I've finished the first draft of my novel. It took me three years to get to this point. RML

I'm proud of you man. I wish I had the resolve to go and actually create something like that. This is fantastic.

I got CopSSHD working semi-properly. Let me tell you, getting an SSH server running on Windows was a bitch.

I have a rather complicated setup to allow me to access data at work from school. The SysAdmin (my supervisor) is concerned that directly opening port 22 on our work network would be a PCI compliance violation, because of this, we are improvising. We had to take this approach of onion-routed SSH connections for two reasons. Firstly, we needed to be set up quickly. We couldn't wait a week for me to figure this out, I leave for my apartment exactly one week from today. Secondly, Linux (specifically the Samba client) was being an asshole and not working with me. I would have simply mounted the shares I need on Cathedral Terra and just SSH'd into there to access what I need. That didn't work.

Basic idea.


Here's a more detailed map of the network. (Mislabeled the Application/File Server node, the "Port 22 Open" label should be on Cathedral Terra)

Catamari wrote:I got CopSSHD working semi-properly. Let me tell you, getting an SSH server running on Windows was a bitch.

I use WinSSHD, and it's not a bitch, at least for anything I've needed to do. (I use it mainly for SFTP, and have closed down my FTP server and simplified my firewall rules as a result.)

concerned that directly opening port 22 on our work network would be a PCI compliance violation, because of this, we are improvising.

I don't know any of the details of PCI Compliance, but if it allows SSH at all, why not simply put it on another port? Granted, it will be no more secure, because the bad guys know to scan other ports for SSH, but it'll get less hammering than it would on 22. If you have a fixed IP address at home and access to the work firewall, you could restrict the SSH access to your IP, and stop worrying (I do that to give myself secure unlimited access to my work systems).

Or you could have traded money for time and taken out a GoToMyPC subscription -- and avoided opening any ports at all. /salesmode

I prefer not to rely on a third party's system security when setting up my own secure links to meet regulatory standards (from the MHRA in my case; roughly equivalent to FDA in the US), and so I forbid the use of GotoMyPC in my workplace for that reason. I don't know if the PCI compliance standards say anything on the matter.

Mr. Tines wrote:Or you could have traded money for time and taken out a GoToMyPC subscription -- and avoided opening any ports at all. /salesmode

Paid Solution?
But...THAT WOULD MAKE SENSE. That can't happen.

pwhodges wrote:I use WinSSHD, and it's not a bitch, at least for anything I've needed to do. (I use it mainly for SFTP, and have closed down my FTP server and simplified my firewall rules as a result.)

I wanted a "free for commercial use" program. I originally went with OpenSSH, but that had trouble, as did FreeSSHD. I finally just said "fuck it" and did everything I could to get CopSSHD working properly. We handle a lot of credit card data, so we didn't want to risk being in violation of PCI rules. We had to jump through enough flaming hoops just to get the VPN to the house.

My trump card solution would have been to write up some glue code in Python with an SMB library and FUSE. I didn't want to do that, I prefer to use stock solutions unless there's no other choice.

Catamari wrote:I would have simply mounted the shares I need on Cathedral Terra and just SSH'd into there to access what I need.

Please tell me that this is a Gurren Lagann reference.

Nuclear Lunchbox wrote:Please tell me that this is a Gurren Lagann reference.

Next you're going to say that my database server, Kurama, isn't an Elfen Lied reference.

You're a man of good taste, Catamari. I knew you were a good man.

Finished tabbing Thanatos and have learnt a good chunk of Rainbow Tylenol.

Yus.

My parents got a new puppy! I want to name her April but I guess I'm the only one who likes that name.

Catamari wrote:I got CopSSHD working semi-properly. Let me tell you, getting an SSH server running on Windows was a bitch.

Port 22 brute force dictionary attacks have been rampant since the mid 90's with sshv1, there's dozens of ways to easily mitigate that and if it's a matter of 2 endpoints, you have stunnel/iptables and forget running ssh on your windows box and just rdp. Looking at your netmaps, I don't see what the issue is.

Ornette wrote:Port 22 brute force dictionary attacks have been rampant since the mid 90's with sshv1, there's dozens of ways to easily mitigate that and if it's a matter of 2 endpoints, you have stunnel/iptables and forget running ssh on your windows box and just rdp. Looking at your netmaps, I don't see what the issue is.

I was waiting for you to comment on this.

Truth be told, this was mostly a matter of getting something up quickly, my supervisor only allocated me about two hours, so the first "viable" solution was what I had to go with. The reason I went with SSH was because I'm familiar with how it works and how it is set up and used (well, compared to other protocols). I'm sure a more elegant and secure solution exists and I will probably migrate to it over time, but, at this point, I just need to be able to access network resources from a network without VPN access to the office. My supervisor was against forwarding any ports required for that, so I had to improvise by using my house/office VPN (so my parents can get to office data) as a sort of proxy.

Now that you mention iptables, though, I feel like a bloody idiot.

If you have 2 fixed endpoints, then creating an stunnel is really easy. With anything like this, even with VPN, there are various levels of how "secure" you want it to be, and it varies by quite a bit. And in a practical deployment, you're concerned with more than just being secure, things like "easy of use" or even "dummy factor" is part of a viable solution.

At the same time, if you have 2 fixed endpoints, using iptables instantly mitigates a large portion of attack vectors. So together with stunnel, you have a connected tunnel, that's encrypted, and only will ever allow a traffic from the 2 specific endpoints. The netmap you have doesn't list the OSes, but as a personal rule, no windows machine should ever be facing the internet, ever. Stick a linux machine in front with no open ports that uses iptables to DNAT or a per protocol proxying. It's centrally logged, controllable, lightweight, and you can stunnel if you need to. But it's not exactly horizontally scalable.

Windows implementations of SSH and Fuse has always left lots to be desired. Some of it costs money and a lot of the issue is more trying to stick a square peg into a round hole. This isn't to say that I've never used really comprehensive and fully featured SSH implementations on Windows. Back in the day SSH's tectia was actually pretty good. It wen hand in hand with an Xserver which I've forgotten the name of (and also costs a lot of $$$) that was seamless with the native windows OS. Even the price doesn't make up for the mostly short lifespan for such products. IMO, it's much easier to just use SMB.