interests, presentations

11 views
Skip to first unread message

Ryan Snow

unread,
Mar 13, 2013, 11:31:36 PM3/13/13
to msla...@googlegroups.com

I'm also interested in diaspora and telephony, which especially would be nice to hear about since we have some experts within the group.

My top three interests probably are:

1. Linux history, philosophy, finance, and legal context. The softer side of linux...
  I'd love to hear more about Linux history; the philosophy behind gnu/Linux/foss development; how linux development is financed; and about legal issues behind, for example, the gnu general public license, etc. I understand there is an acquaintance of some of the members of the group that is an attorney and linux enthusiast, and it might be nice to hear from him.

2. How to set up a home computer for external access via ssh. I think this one is probably fairly simple for some of our members, but this would be pretty interesting and informative for myself at least. And home network security--how to monitor, etc.

3. Bitcoin. This is interesting because it has the potential to change modern currency, but it's somewhat dangerous in that hacked bitcoins are apparently gone forever. Security is a concern, as well as the possibility for money-laundering. Oh and bitcoin mining, whatever that is.


As far as presentations, I wouldn't be much help on most of the major linux topics. Aside from the mainstream applications, I only use scim (for Japanese input) and a bunch of scientific applications from basic stuff like gnuplot, grace, and gcc/gfortran to more advanced physics software like abinit (quantum simulation/density functional theory) or Socorro, and I do a bit of scientific programming.

It's not linux/foss-related, but I could talk about the physics behind some of the technology that's coming out right now. Memory is one of the more interesting topics for me, my favorite being MRAM, a magnetic non-volatile and fast memory which is beginning to be in production and could get big soon. The physics of the device itself is the coolest part though. Or I could probably cook something up on quantum computing, semiconductor device physics, transistors, superconductors, graphene, nanotubes, spintronics, photonic crystals, or the impending doom of Moore's Law, to name a few.

Do we have a meeting place/time in mind? I think we might be on track for a permanent fourth-Tuesday-of-the-month schedule. Does that work for most people?

I also want to say to the group members from out of town that I think we'd be willing to move the date around, perhaps to a weekend, to hear from you if you'd like to give a presentation as well.

In our last meeting we didn't get to discuss topics of interest each of us would like to hear about or that we could present on, so please chime in with your ideas here on the mail list or on facebook/MissoulaLUG, and let's see what we can put together. I look forward to hearing from you.

Ryan

Seth McClain

unread,
Mar 14, 2013, 12:09:19 PM3/14/13
to msla...@googlegroups.com
I could possibly present briefly about bitcoin.

It isn't strictly linux related, but it does work under linux.  I don't know much about mining with anything better than GPUs, and I'd love to potentially collaborate on a presentation of there are more knowledgeable folks out there ..

Seth

Mike

unread,
Mar 14, 2013, 12:31:18 PM3/14/13
to msla...@googlegroups.com
Hello all,

Sorry I missed the last LUG meetup but some exciting social opportunities took priority.  As far as things that would really interest me, most of them are not specifically Linux per se.  I'd love demos on any of the following topics.

*Exploration of Backtrack Linux
*Introduction to Metasploit
*Wifi Pineapples (anybody got one?)
*A simple, first-timer's MITM attack of some kind
*Alternative router firmware
*Android phone rooting and unlocking (did you know that the new law banning the unlocking of cell phones only applies to phones bought since the law went into effect?)
*Along with the last one, alternative phone OSs like Ubuntu and Cyanogen Mod
*Setting up and using pgp/gpg for email, IM, VoIP, SMS, and GSM
*How small, github hosted, collaborative open source development works.
*What the heck is Git?
Customizing your kernel for your specific machine without unneeded modules
Vi vs. Vim vs. Emacs vs. Nano -- Past, Present, and Future
Anyone know what's become of fglrx and how I can make my ATI card work better?
Using GPUs for things besides graphics (bitcoin, hash cracking, etc.)


Ryan, if no one demos the home ssh access for you I could help with that.  I could also try/help demoing:
*WEP and WPA cracking (although I bet others in MLUG are more proficient at this than me)
*All things Tor (Jacob Appelbaum is one of my heroes... and he's hot!)
*SSH access to a home computer over the Internet, plus proxies, VPNs, and Xming.

-Mike



--
You received this message because you are subscribed to the Google Groups "Missoula Linux User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to msla-lug+u...@googlegroups.com.
To post to this group, send email to msla...@googlegroups.com.
Visit this group at http://groups.google.com/group/msla-lug?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Michael Loftis

unread,
Mar 14, 2013, 1:59:01 PM3/14/13
to msla...@googlegroups.com
On Wed, Mar 13, 2013 at 8:31 PM, Ryan Snow <rjs...@gmail.com> wrote:
>
> I'm also interested in diaspora and telephony, which especially would be
> nice to hear about since we have some experts within the group.
>
> My top three interests probably are:
>
> 1. Linux history, philosophy, finance, and legal context. The softer side of
> linux...
> I'd love to hear more about Linux history; the philosophy behind
> gnu/Linux/foss development; how linux development is financed; and about
> legal issues behind, for example, the gnu general public license, etc. I
> understand there is an acquaintance of some of the members of the group that
> is an attorney and linux enthusiast, and it might be nice to hear from him.
>
> 2. How to set up a home computer for external access via ssh. I think this
> one is probably fairly simple for some of our members, but this would be
> pretty interesting and informative for myself at least. And home network
> security--how to monitor, etc.

The one thing I will put in here, and hopefully someone would've
mentioned it in person if this gets covered, is don't become a GWF.
Thats the term network operators use for people who report "attacks"
based on absolutely no information, and what was probably a drive-by
port scan at best. GWF stands for "Goober With Firewall" - There is a
constant background "hum" or noise of attempts on everyone all the
time. An attempt to establish a connection is NOT an attack. Worse
some of these GWFs even if they're getting attacked omit any
information that might help us as network admins to resolve the issue.
Like source IPs and *ACCURATE* timestamps WITH TIMEZONE. 99.9% of
"reports" from end users we have no choice but to file into /dev/null,
even assuming there's anything actually going on.

One of the most common examples is one I get every day, dozens a day
of, from people who connect to IRC servers. The email usually goes
something like this:

YOU ARE COMMITTING ILLEGAL ACTIVITIES AGAINST MY NETWORKS STOP IMMEDIATELY!

Which is completely useless, meaningless, and gets binned as a GWF report.

If it's an unusually highly functioning GWF they might include that
"YOU TRIED CONNECTING TO PORT 113 ON MY NETWORK, STOP THAT!" -- port
113 is Ident - it's pretty uncommon now, but, IRC still attempts to
use it. When you connect to an IRC server it will try to verify the
reported username by connecting back to the IP you came from at TCP
port 113, give it the port number that it sees from you. Ident is
then to respond with the username that established that connection.
Windows has no such service unless your IRC client runs it. And many
Unixen/Linuxen no longer run the service either, but for legacy
reasons most IRC servers still perform the check.

My point is that not every connection attempt is an indication of an
attack. One has to understand the context. A single port open
attempt doesn't mean an attack. And information gathering (such as
port scans and ping sweeps) also don't necessarily qualify as an
attack or actionable item. If they're extremely frequent, or causing
network outages somehow, then a report is probably appropriate. But
if it happens once, and then basically never again, you're just going
to get your report labelled as GWF.

What a lot of us have started to do is insist people talk to their ISP
first and foremost...and then let the ISP talk to the other ISP if
necessary. This would work great if it weren't for the fact that 3/4
of all ISPs seem to share the same small thimbleful of clue between
them.

End of the day, your defense is your own responsibility. Firewalls
really don't protect you against much. Attackers almost always get in
via weak passwords, default passwords, or users doing Stupid Things -
like clicking on links in emails and then becoming a victim of some
other browser based attack or higher level attack at sat Outlook.

If you're going to put an ssh server in the wild, ensure you're
keeping track of all OS updates. It's also not a bad idea to decrease
your visibility by putting the ssh server on a non-standard port -
however thats just security through obscurity - it's kleenex. It'll
help you feel better but if you've a cold (an insecure system) it sure
isn't going to do anything about it.


> 3. Bitcoin. This is interesting because it has the potential to change
> modern currency, but it's somewhat dangerous in that hacked bitcoins are
> apparently gone forever. Security is a concern, as well as the possibility
> for money-laundering. Oh and bitcoin mining, whatever that is.

I wish I was still in Missoula, because I'd love to actually do this
one. Not that I necessarily believe bitcoin will take over or
anything, or even that I necessarily believe in bitcoin itself, but
because I find it interesting...interesting enough that I'm one
of....hell might be the only one....attempting to produce an
independent full client that isn't actually a fork of the Satoshi
(bitcoind/bitcoin-qt) client. Bitcoin is definitely a start, and goes
in the right direction, but it has some flaws. None of which
presently involve the authentication/etc, but with the scalability of
the system.

Changing dates probably wouldn't make it any better. I'm all the way
out in Seattle so it's around $300 for me to come to Missoula...right
now I am next planning on being in Missoula around May 12th (mother's
day) - so... perhaps we could plan for that timeframe if people are
still interested by then...

But I have to say, right off, bitcoin is NOT ANONYMOUS. It's a very
stupidly terribly way to try to launder money. In fact it's I'd say
the polar OPPOSITE of anonymous. All transactions are easily
validated. Readily traced. Now - since a "bitcoin" doesn't travel as
a single unit, and can be divided up, and recombined at will, you
can't necessarily follow any individual unit of currency, but in each
and every transaction you can see where the amounts came from (what
transaction) and where they're going to (the requirements to claim the
coins) - usually these are requirements to produce public key
signatures. B/c of the way public key crypto works, given a public
key, you can validate a signature. So when you send coins to someone
you say to the entities later validating that claim "they must produce
a valid signature of this request to spend the coins with key C" - and
then anyone can validate someone later claiming that coin. The
claimant signs a statement "I claim the coins from this transaction -
sig C" and if it's valid the network will pass the transaction along,
each node performing this check.

So for money laundering it's probably a bad idea. This is a very
popular myth about bitcoin. Especially if LEOs get your private key
store, they can match things up to that key store (AKA wallet in
bitcoin). Encrypted it might be more difficult, I have not validated
the satoshi (bitcoind/bitcoin-qt) client approach to encrypting the
wallet. I don't know how much information it leaks, and neither does
anyone else I suspect. Bitcoin works maybe better than the real world
bank/sham business way of passing around cash it since they can't just
write down serial numbers of bills - theres absolutely no equivalent
to that in bitcoin, but, remember, a bank they have to subpeona for
recods...well...at least unless they declare you a terrorist. A sham
business they have to satisfy a judge to get the assets seized and
start looking closer. With bitcoin every transaction is public. This
is a requirement of bitcoin. You can't have secret transactions
inside of bitcoin.

mtgox/etc keep an internal ledger, separate from the bitcoin network,
so trades WITHIN mtgox (or any other exchange) are not public until
you withdraw or deposit.

I can go into a lot more detail in a separate email of people are interested.


--

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

Cliff

unread,
Mar 14, 2013, 2:22:42 PM3/14/13
to msla...@googlegroups.com
I can give you a "presentation" on one of those subjects right now.
 
The subject is about rooting phones.
 
The sole slide in my presentation reads as follows:
 
"Friends don't let friends root their phones."
 
End of presentation.  :)
 

Darrick Bova

unread,
Apr 10, 2013, 9:22:03 PM4/10/13
to msla...@googlegroups.com
Speaking of bitcoin.  Looks like it had a correction today.


I just happened to be browsing through deals on slickdeals and was looking at a video card and reading comments about it and somebody asked how well it would do with bitcoin mining.  That was at 1pm today, I spent the rest of the day reading about it.  Very interesting stuff, especially the purpose built ASIC "super computers" like these https://products.butterflylabs.com/ .  

I'd like put my GPUs at home to work just for the fun of it.  

- Darrick


From: Seth McClain <psy...@gmail.com>
To: msla...@googlegroups.com
Sent: Thursday, March 14, 2013 10:09 AM
Subject: Re: [MLUG] interests, presentations

I could possibly present briefly about bitcoin.

It isn't strictly linux related, but it does work under linux.  I don't know much about mining with anything better than GPUs, and I'd love to potentially collaborate on a presentation of there are more knowledgeable folks out there ..

Seth --
Reply all
Reply to author
Forward
0 new messages