HMC Mathematics Computing Weblog

We have discovered a compromise made through a less-than-secure CGI script on the math cluster. The compromise was originally made in early September, and includes password information.

Please change your password immediately!

I am currently running cracking tools to locate especially vulnerable accounts; accounts with weak passwords will be locked and will require you to stop by my office (Olin B159) with photo ID to get your account unlocked and start with a new password.

Good passwords are

• As long as possible -- 6 to 8 characters, minimum
• Obscure -- don't use dates, names, or words found in a(ny) dictionary
• Use a mix of upper and lower-case characters (A-Z, a-z), numbers (0-9), and symbols (!@#$%^&*()_+{}[]:;"'`~<>,./?|\)

Change your passwords using the passwd command on any math workstation.

If you need help generating an appropriate password, the mkpasswd command can generate strong passwords. Yes, they may look confusing, but type them a few times and you'll remember them.

Also, please be sure to let me know if you notice any strange activity, files, or directories in your account, or if you have problems logging in.

The CGI scripts responsible for the problem are being rewritten from scratch to make sure that they are secure.

A security hole that allows ssh servers to run arbitrary code on Windows machines connecting with ssh was discovered recently.

If you have a version of PuTTY older than version 0.56 or WinSCP older than version 3.7.1, you should upgrade immediately.

• PuTTY Home Page
• WinSCP Home Page

Eudora is a terrible e-mail client.

I don't just mean that in an abstract sense. I'm not that fond of graphical MUAs in general -- remember, I use nmh, a slight update to an e-mail system invented by the RAND Corporation back in the seventies. But I did use Netscape's mail client for about a year when I was stuck running Mac OS 7.5.X and Mac OS 8 and survived okay. (Then I started running Linux on my Mac and went right back to MH.)

But I had to use Eudora at one of my previous jobs, and I hated it. Something about the whole interface grated with me, although I was never quite able to put my finger on it.

But now I'm having problems when I send mail to people using Eudora. My mail is totally RFC 2822 compliant -- it uses MIME, the right formats, the right headers, and so on. But Eudora doesn't like it. Eudora thinks that MIME parts are attachments. And if it doesn't recognize a particular kind of attachment, it whines to the user, warning them about the dangers of opening attachments.

In contrast, the same message opened up in a more reasonable, but similarly pretty, MUA, such as Thunderbird appears exactly as you'd expect -- the MIME parts are displayed inline when they should be (such as when they're plain text) and appear as clickable icons otherwise.

Oh, yes, and then there's the fact that Thunderbird is free, and comes with no ads, whereas the college has people using the ad-sponsored version of Eudora (???!!!), so there are issues with the ads being hidden.

Also, Thunderbird leaves the message alone -- messages in a mailbox are just as they were received. Eudora, however, rewrites the message -- it splits out attachments as separate files (stored separately) and rewrites the message into a sort of pseudo-HTML, with links to the attachment files. So good luck moving your mail from Eudora to another MUA without some hoop jumping.

Evil.

So NanoBlogger appears to be somewhat similar to the weblog script I wrote for myself, only it's written in the Bourne Again Shell (bash) rather than Perl, and has more of an interface. (My script expects you to format the entries properly and save them in the right place -- all it does is format them.)

I think I'll try using this tool for a while. It might be a nice way to get some notes up and organized, as well as keep a bit of track of what I've been up to. On the other hand, it might be a big annoyance.

It might even inspire me to get off my butt and freshen up my own blog script....

Much to my surprise, Firefox 1.0 seems to work on my machine. I've been having problems getting any recent version of Mozilla itself to work -- rebuilding packages from Fedora has resulted in mysterious ``nothing happens'' errors, which have left me without a fully functional web browser, which is not a good thing.

But Mozilla's prepackaged Firefox seems to work fine, so I'm happy for now!

This message is the first post. Whoo-hoo!

The basic syntax is: nb [-b blog_dir] [options]

How to ...

• create a new weblog (directory) = nb -b [blog_dir] -a
• create a new entry = nb -a
• create a new category = nb -c new -a
• create a new entry for a category = nb -c [cat_id] -a
• list current entries = nb -l [current|all]
• list categories = nb -l cat
• list entries by category = nb -c [cat_id] -l [current|all]
• edit an entry = nb -e [entry_id]
• move an entry to a category = nb -c [cat_id] -m [entry_id]
• delete an entry = nb -d [entry_id]
• delete a category = nb -c [cat_id] -d cat
• delete an entry from a category = nb -c [cat_id] -d [entry_id]
• force update of weblog = nb -u [current|all|main]

Thank you for trying NanoBlogger. Please direct comments and suggestions to the mailing list or submit a bug report to the project page on sourceforge.net.