One of my old(er) USB-connected disks started to make a noise. So, it’s time to replace it.

Here are the steps I took to create an encrypted USB volume that I can attach to my laptop.

I have previously disabled modelines in my vimrc, but had turned them on recently only to learn today that they are subject to another vulnerability.

I’ve seen this before. Enough is enough. :)

Fortunately, this sparked a debate on vim-dev mailing list. One of the outcomes is a vim script that replaces the modeline parser in vim. It is said to be a lot more strict about what it permits as valid modeline components and allows the user to control that in the vimrc.

Long time ago, I wrote a brief howto on SSH + PPP = VPN (don’t use it). Today I found out that as of version 3.4 OpenSSH supports VPN features. That is, you can create a tun device and route packets through your ssh connection.

That’s pretty neat if you only have ssh to go with. But pretty crappy because you need root on both ends, and if you have root on both ends you can gowith IPSEC or OpenVPN/tinc/cipe/etc.

Debiean-heads might find it interesting that Joey Hess has produced a detailed SecureApt article on how to use security features of apt-get.

The particularly interesting bits are:

• details about the security levels put into packages
• examples of how apt-key aught to be used
• timeline that the debian pgp keys will adhere to
• problems to be avoided and symptoms you will see if you have ’em
• links to relevant documentation

This will show you the IP addresses that have failed to login as well as the number of attempts that failed.

grep ‘Failed password ’ /var/log/auth.log | sed ’s/^.* ([0-9]+.[0-9]+.[0-9]+.[0-9]+) .*$/\1/’ | sort | uniq -c | sort -n | tail -n 10

You can safely ignore a few failed attempts, but I was getting close to 3000 over the last week from one IP. I decided that warranted some action. :)