SSH is one of the most widely used network protocols. Much more than a replacement for telnet, SSH has many tricks up its encrypted sleeve and harnessing them is a rite of passage for any keyboard cowboy. In this talk, Aaron will discuss the core protocol itself, the history of development and how you can use OpenSSH to better secure your packets through the tubes.

The U.C.S.C Long Marine lab includes the ‘costalab’, where I work taking care of 4 servers, mostly Ubuntu, and a few windows desktops.

The costalab studies marine mammals and birds all over the world. Google on ‘costalab’ to find out more about what we do.

About half of the talk will be specific to the costalab work - what information the researchers collect, how it is stored and analyzed, the benefits to the world from this research, etc. This should be of interest to a much wider audience than linux gurus.

The rest of the talk will be about our Ubuntu servers, how they are configured, how they are used, and particular tools that get heavy use (including Python, rsync, NX, rsnapshot,geany, Ksplice, and Postgres). A Q&A session will follow.

This month we are going to do something a little different. Instead of having a formal presentation, we are going to experiment with a “Hackfest.” What this means is that we will have free-form lightning talks for up to the first half of the meeting, and then reserve the last half of the meeting so everyone can hack on things or just sit around and chat about Linux. The lightning talks are open to anyone so if you have something interesting you have been working on and could present on it for 5-10 minutes, we will have a sign-up sheet for you at the beginning of the meeting.

Just when you had gotten used to using GRUB instead of LILO, Ubuntu goes and changes GRUB to GRUB2. It turns out that the similarities between the two boot loaders end at the name. In this talk Kyle will go over the differences between GRUB and GRUB2 and discuss the new configuration files, which files you should and shouldn’t touch, and why the Esc key no longer works at boot time. There will be a group counseling session at the end of the meeting for disaffected users.

Joomla is a content management system (CMS), which enables you to build multi-user Web sites quickly. Many aspects, including its ease-of-use and extensibility, have made Joomla the most popular free and open source Web site software available. Joomla, which operates on top of a LAMP stack (Linux/Apache/MySQL/PHP-perl), is designed to be easy to install and set up even if you’re not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes. If your clients need specialized functionality, Joomla is highly extensible and thousands of extensions (most for free under the GPL license ) are available in the Joomla Extensions Directory.

In the talk, Doug Bierer, founder of unlikelysource.com, which maintains an open source Joomla extension, will cover:

• what is Joomla and why it may be useful to you
• rapid website development using Joomla
• expanding beyond the core by installing extensions
• how you can write your own Joomla modules

Second Life (SL) is like a MMORPG (Massively Multi-player Online Role Playing Game), although many of the people hanging out there will be offended if you called it a “game”. It is a 3D virtual environment created between a database on a huge farm of Linux servers and viewer programs running on home PCs. But besides the bare simulated ground, everything in SL is created by one of the “residents” there. Objects in SL can have snippets of code inserted in them to add behavior. I have found this to be a fascinating environment to program in. I’ll start this talk with an overview of what SL is like and briefly touch on the organization of the servers. I’ll describe the scripting language, data types, programming environment and the foibles of the API library. We should be able to go “in-world” live and show some projects I’m working on in Second Life.

Every year or so you hear about how the Internet is about to run out of IPv4 addresses. When that happens we will all need to be able to migrate to IPv6. In this talk Owen will discuss what IPv6 is and cover how to use IPv6 from a sysadmin perspective.

This talk is a continuation of my previous talk on localhost troubleshooting. In this talk, however, I will discuss common methods to troubleshoot networking problems on Linux. I will work from Layer 1 (physical connection) all the way up to routing and if time permits, some DNS troubleshooting as well.

At 23 years, gnuplot is one of the oldest free and open source programs out in the wild world. It runs anywhere and everywhere. It’s an interactive, text-based plotting program that’s quite easy to use, and yet can produce surprisingly complex plots. Many features of gnuplot are shown in a live demo.

Slides and notes available at https://nblug.org/presentations/gnuplotTalk/

Linux is everywhere these days, including in devices many non-Linux users carry around with them every day: smartphones. In this talk Kyle and Aaron will discuss two Linux smartphone platforms: Android and Maemo5 and talk specifically about the G1 and Nokia N900 devices.

Cross Site Scripting is the #1 form of attack used in the web world today. The attack vector usually comes in the form of some sort of enticement in forum posting with a bogus link, or a bogus email which fools the victim into thinking they’re doing something to protect themselves (i.e. changing their online banking password, etc.).

Cross Site Forgery is in the Top 10 but is insidious in that the victim is the website. This form of attack hijacks valid user credentials and, unknown to the user, performs actions in their name which benefit the attacker.

SQL Injection is also in the Top 10. In this form of attack the cracker exploits vulnerabilities in how the input statements are formed to gain, first of all, detailed knowledge of a database, and secondly, the ability to extract sensitive information, or even to corrupt the database.

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s SSLstrip tool. I will explain and demonstrate this attack.

Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth—one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers.

I will hand out complete instructions so that anyone can easily set up both these attacks on their own machines.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.