2013-07-12

Remembering Seth Vidal

I have been trying to write a memory of Seth, but like everyone else have been going through periods anger, denial, and depression. At this point I am at the depression side so figured I had better just post what I can and try to move on.

Seth was my best friend online. He would call and make sure I was handling stress, and he always seemed to be able to look at a bad situation and find a way we could make it better. That is something I really will miss in the months ahead.

I first met Seth Vidal in late 2001 except I didn't realize it until he told me years later. I had left Red Hat in May after 4 years of startup work and had taken a couple of months off to learn that I wasn't a freelance consultant (especially if I couldn't ask people to pay me). I needed a job but the dotCom crash had happened and no one was hiring for Linux or Unix administrators. Duke University had an opening in their physics department and since I had an Astrophysics degree.. I figured it was a good match. I got called in and sat in a room where people were being marched in and out at 15 minute intervals. When it was finally my turn, I walked into a room where a very weary Seth and someone else were sitting there looking like they had been doing interviews for days. Turned out that wasn't too far off. Seth's first words were pretty much:
"I will be totally honest with you. We had over a thousand applicants for this job, and after the University filtering process got it down to 400 interviews. We have been doing this for days. You like a lot of people are waaaay overqualified for this gig. So in 5 minutes or less, why should we hire you?"

Completely cut to the chase. I could tell that the other person in the interview wasn't comfortable with the "truthiness" of it all but was way too tired from doing interviews back to back to put up a fight on it anymore. Seth then went on about what the job really covered over what was advertised, and that mostly it was to be a buffer between various Phd's, grad students, and post-docs and scarce resources. "I can see you have done this before, but quite frankly you could get paid a lot more doing it somewhere else."

I don't remember much about the interview than that.. in fact Seth remembered more of what I said and what I did than I could when he told me about it years later. What I did remember was that by the end of the interview I realized that I wasn't being led around. I had gotten the straight dope and that I was probably not going to be happy in the position. [I further realized this when I went to work for a different University years later and how "layered" stories could be about conditions.]

Years later I would run into Seth in various places and would finally work with him on the Fedora Infrastructure Team. I learned a lot from him even when I infuriated him at times... we had our good times working together, we had our "Lets just agree to disagree and come back later on this." times, and we had out "Are me? Fan--tastic. Want me to quit now or after you finish that sentence." times. Always to the point which I will miss terribly.

That is all.

2013-07-02

Be careful of where you put your SSH private keys.

One of the semi-regular security checks we in Fedora Infrastructure do on various servers is to look for uploaded private .ssh keys. These are a problem because as much as we can not and do not guarantee the privacy of those keys on our servers.

In general we find 4-5 keys every couple of months and about 50% of the time they have no encryption key on them. This means that if the key had been found by a third party, they could use them without any problems in getting access to any server the public key has been placed in an .ssh/authorized_keys file. And while I have not tested the passwords on the encrypted id_rsa keys, I have tested some private created ones and found that the brute forcing is a lot faster than what is possible against the sha512crypt() used to encrypt Fedora passwords.

With this in mind, it is always important to make sure your SSH private keys remain

  1. on hardware that you control and not uploaded to services in the cloud.
  2. password encrypted with a password at least 10 characters in length and not easily guessable. [Using passwords like "fedoraproject", "password", "sshpassword", or the favourite "123456" are not hard to find or guess by an attacker]

If you have a hard time coming up with a password use the program pwqgen from the passwdqc package
[smooge@seiji-wlan ~]$ for ((i=0; i<10; i++)); do /usr/bin/pwqgen random=65; done bias Blaze Crook Primal Shore Borrow tilt Macro Beef leo Growth Reside Dolly prompt openly Crawl sigh Boyish thrill lake Past Urgent Carbon Orient Wrap root Arm Book Candy iowa chalk Plasma Champ Active motion Pause border Retina Mrs storm fault Mouth Xerox inward snatch advert apex Mature Akin play Chose the line you like the best.

Fedora 19 has been released

So Fedora 19 RC3 was made the official Fedora 19 release last week. I know I was going to post more about installs and such, but I really didn't find an install issue that was blog-worthy after the Beta. Not that they didn't exist (for the 2000 people about to reply "You missed Bugzilla #xxxx") they just didn't affect the 2->3 systems I have been reinstalling every week.

I had been wanting to do a set of blog posts on using GNOME Classic, but Stephen Gallagher covered that with a better series than what I had put into the "to be published when finished" sections.

I started to use KDE instead of GNOME Classic in order to get an idea of what other desktops are like. So far it has been a LOT easier to use than I expected and the people on Freenode's #fedora-kde  have been very helpful in getting me around various stumbling blocks. I don't know if it will be my permanent desktop... I am really not a big fan of 3 D effects and such and prefer just simple XFCE/FVWM2 window management.

Anyway please try Fedora 19. It is a very nice and polished release.