January 20, 2005
A Cure for the Common SSH Login Attack

A few months ago, I began seeing our 'secure' log files fill up with entries stating: "Failed password for illegal user [username]". I decided to search the Internet to find out if others were experiencing these attacks and, hopefully, find a solution. I did uncover a lot of information on the subject, but discovered only a few script-based solutions. None of these, however, seemed... well... elegant.

What I wanted was a way to stop the attacks altogether, yet allow ssh access from anywhere, when needed. In addition, I wanted to avoid using an approach that was so complicated it could lead to more pain than I was experiencing from the original problem.

Printing XML: Why CSS Is Better than XSL

Both camps agree that a printed document is, in many ways, more difficult to format than on-screen presentation. A printed document must be split into numbered pages, with added headers and footers. Page margins must be specified, and they may be different on left and right pages. References that appear as hyperlinks on-screen often include page numbers on paper.

The disagreement starts with how best to express all this. Walsh's solution is to write a 1000-line XSL transformation that generates XSL-FO, which is subsequently turned into PDF. We will argue that it's much easier for most authors to express styling in CSS; in the case of the WebArch document, one can reuse the existing CSS stylesheets (200 lines or so) and add some print-specific lines. And, although browsers tend to focus on dynamic screens rather than on printing, products like Prince happily combine CSS with XML and produce beautiful PDF documents.

Howto for UML

UML instances ("User Mode Linux") allow you to run multiple Linux servers on one physical machine. This can be handy for many different purposes. For example, you might want to give different people root rights, but prevent them from interfering with one another. Or, you might want to have several identically configured servers, one for production, one for development, and one for testing, but without investing in multiple physical machines.

January 18, 2005
Installing Debian From Scratch

Debian From Scratch (DFS) is not everyone's distribution. It's not an easy install. You need to know your hardware. You need to be prepared to take pains. And, at the end of the process, the result looks like any Debian system installed by another, usually easier and quicker, means. So why take the time?

January 11, 2005
For the Record on Social Security

In suggesting that 2018 is doomsyear, the president is reinforcing a false impression that the trust fund is a worthless pile of I.O.U.'s - as detractors of Social Security so often claim. The facts are different: since 1983, payroll taxes have exceeded benefits, with the excess tax revenue invested in interest-bearing Treasury securities. (An alternative would be to, say, put the money in a mattress.) That accumulating interest and the securities themselves make up the Social Security trust fund. If the trust fund's Treasury securities are worthless, someone better tell investors throughout the world, who currently hold $4.3 trillion in Treasury debt that carries the exact same government obligation to pay as the trust fund securities. The president is irresponsible to even imply that the United States might not honor its debt obligations.

January 10, 2005
Optimize Debian packages for your system

Since the arrival of the very first versions of Gentoo, some people have announced that