Zeltus

If someone can help me identify these bugs, I’d would be most appreciative. A number of these nurseries appeared in the Autumn, mostly on our Mallow shrubs.

I started off by assuming that they were nursery colonies of Firebugs (or Gendarmes, as the French generally call them – « masques-nègres » "Masked Nigger" is the local non-PC name for ‘em) – English children prefer the more socially acceptable but coarser "Bonking Bugs" – and indeed, it is all they ever seem to do!

But now I’m really not so sure – yes, they are on my Mallows, the seeds of which Pyrrhocoris apterus enjoys eating. But Firebugs have the typically flattened bodies of Hemiptera whereas these show the more rounded shape that indicated true beetles. Unless it’s simply that these are immature forms of some other Hemiptera. I also believe there are a few adults shown in the photo and, if so, they certainly are not Firebugs. And finally, Firebugs are a very bright red whereas these are a rather darker blood-red colour.

Anyway, if anyone can help me identify these bugs, it’d be one less thing for me to puzzle over.

Technorati Tags: beetle, firebug, france, gendarme, hemiptera, Pyrrhocoris apterus

Up to now, I’ve been mildly amused at the attempts of script-kiddies to break into one of my servers. I’ve no idea why they are targetting that one specific server – it’s an important one to me but then, all my servers have that category. What with my regime of backups and replication, it’s a particularly easy one for me to rebuild.

Not that it will ever come to that. I do use strong passwords.

Nevertheless, I think it’s reached a stage where I have better things to do than watch my logs autorotate. Like the majority of my Systems Administration peers, I’ve decided to opt for the superior protection of RSA or DSA keys, rather than rely on passwords.

A few pre-requisites. I only access this server via ssh. All other services are turned off. So the script-kiddies were always on to a hiding to nothing anyway. I access the box mostly from a Windoze workstation – so I use PuTTY for command line access and WinSCP for file transfer.

The beauty of this is that I can use the extremely easy PuTTYgen to create my public key/private key pairs.

PuTTYgen allows me to create both the Public & the Private keys that I need for this hardening exercise. The Private key I hide away in a safe location on my workstation. I like to use Truecrypt volumes or similar schemes for this side of things. The Public key needs to be moved to my server. Sometimes this is the hardest bit to achieve! But in this case, I already have sshd running, albeit with password access, so I can use WinSCP to get the key across.

Under FreeBSD (and pretty much most other main-stream distros) the key is in ~/.ssh and is called authorized_keys. As I only have the one key all I need to do is rename the Public key accordingly and then [IMPORTANT]set it’s permissions to 644[/IMPORTANT]

Now, to enable key-based authentication, I need something like the following in the system /etc/ssh/sshd_config file.

Protocol 2
PermitRootLogin without-password
PasswordAuthentication no
ChallengeResponseAuthentication no
ClientAliveInterval 60
ClientAliveCountMax 30
UsePAM no
AllowUsers user1 user2 user3 user4 user5
DenyUsers root {all other userids in /etc/passwd}
Port 12345

1. Force use of SSH 2 – much more secure.
2. Don’t allow passwordless root logins. In fact, I don’t allow root to login at all – see DenyUsers.
3. Don’t allow passwords at all. For anybody. It’s all keyfiles for this server.
4. I don’t use skey type authentication. You probably don’t either.
5. Lines 5 & 6 – stop non-responding connections from clogging up the system.
6. These will timeout and closedown any such attempts.
7. PAM can bypass ssh login settings. Unless this line is set.
8. The next two lines only allow those users specified to use ssh to login. Everyone else is banned. In particular, root.
9. In fact, DenyUsers has precedence over AllowUsers. So be a bit careful about overlaps.
10. Finally, some obscurity to back up my security – use a non-standard Port.

A few notes before re-starting the sshd daemon, which will activate all this.

It might be an idea to open up Telnet access just while this is being tested. A small mistake here can lock you out of your server until a friendly, local SysAdmin can get at the server and correct the errors for you. Très embarassing! Telnet means you can fix your own mistakes. Just don’t forget to turn it off again when you’re happy with your ssh set-up.

As I have said, I use PuTTY for CLI access and WinSCP for file transfer. All I have to do is amend these to use the keyfiles and the ports I have specified and as far as my perception of things is, I just log in as before (umm, I suppose I do have to type in a rather longer passphrase rather than a password – but that’s the only change I see)

So, in order of security, more or less, I have

• Obscurity – I use a non-standard Port. If a script-kiddie does discover it, I can change it quite easily.
• If the Black Hat does discover the Port I am using, he then has to work out what userids are allowed to login
• …at which point he has the problem of cracking a very powerful asymmetric key mechanism. If that’s you, the NSA want to hear from you!
• I also have numerous rules set up in the TCP Wrappers’ hosts.allow file. So there is plenty of scope to trip up there and have the connection aborted
• And finally, I use Packet Filter combined with sshguard-pf just in case.

If there is any overkill in here I don’t really care. It’s all pretty easy to set up and in the few days I have been running this configuration, my logs have reported that hacking attempts have dropped from several thousand attempts per day to a big, fat zero.

Technorati Tags: authentication, freebsd, hardening, password, security, ssh, sshd

After receiving a number of e-mails from a variety of people offering more information and details on the DICE Trials at Portland Bill in 1975, including a few corrections. But I’m quite pleased they were just a few corrections – my memory is still in pretty good nick then!

Anyway, I’ve edited my original web-page to include a few amendments and a couple of, I hope, interesting downloads. I found them interesting anyway.

Technorati Tags: dice, M.R.E., porton, spray, trial, weymouth

Well, cellar rather than belfry, in our case. I only go into our cellars in our French house once or twice a year – mostly to either shut off and drain the water pipes or else to open them up again.

So it was a pleasant surprise when entering our first cellar to find a small clutch of Pipistrelle bats dozing the daylight hours away. I guess it must have been a really good year for wildlife generally here in the glorious Dordogne.

We often see them in the evening hours as our garden is essentially surrounded by out-buildings and what with the garden lighting, insects are attracted in and have difficulty getting out – and the bats know this all too well. I’m pretty certain we get the odd grey-coloured Daubenton’s bat and we certainly see some larger bats – but they fly so fast it’s hard to identify them. These Pipistrelles roosting like this make the job of identification much easier!

They seemed quite unalarmed at my presence and even the flash on the camera left them completely unfazed. Nevertheless, I tried not to take too many liberties and left them in peace as soon as I got my shot.

Unfortunately, entering our second cellar was a less fun experience. A pipe had sprung a leak, God knows when, and it was our side of the meter – so we have to pay for whatever water leaked away. It’s not that serious – we have the cheapest water in the Dordogne AND it’s spring water to boot. Fortunately, plumbing, like electrickery, holds no fears for me and it was soon fixed. I guess the higher pressure caused when the street piping was renewed in the summer sought out the weak points.

Technorati Tags: bat, bats, cellar, dordogne, pipistrelle, pipistrelles, wildlife

Despite all the clever-clever Colour Studios and Colour pickers out there, I always have trouble deciding what colours to use in any particular theme. It never used to be this bad – Web-safe colours were the norm (all 216 of ‘em!) and before that, UNIX X11 windowing systems relied on a simple flat file called "rgb.txt" – which is still distributed with modern Linux distros today.

So I figured that if I looked for I would find a .css file of these X11 colours, ready for me to pick’n'choose some well-known favourites such as cadetblue or indianred. I am used to cut’n'pasting rather than using fancy IDEs, so although I do use Dreamweaver, I certainly don’t use all of it’s cleverer functions – one day maybe.

But a search failed to find any such file. It’s not surprising on reflection, as it really is of limited use – a .css file that size would simply slow the whole page load process down to a crawl – something Internet Explorer users already seem to find tolerable but us Firefox, Chrome, Opera and yes, Safari users certainly don’t.

Anyway, to cut a not-very-long story to a really-short story, I grabbed hold of a copy of an rgb.txt file and a few swift typically-arcane commands in vi, my favourite UNIX editor, I ended up with a humungous .css file containing all the X11 colours as simple class entries for both color: and background-color: properties.

And here it is…

As is ever the case, I did have some trouble with IE8 – it simply didn’t want to display the .css content the way I wanted to display it. So although the production of the file was a matter of minutes at most, I probably took over two hours to produce the page describing it! That’s the way the Microsoft biscuit crumbles I guess.

Anyway, I want to return to font handling now – the world has changed since my last post on this…

Technorati Tags: colours, css, rgb, rgb.txt, X11

The rain has brought out the salamanders in the forests. Yet another reminder as to why we own a house in France! Not native to the UK, they are slightly startling when first seen by us Brits. The ones around here are bright yellow and spotted, although there is a fair amount of variation around Europe (everything from pure black, to bars rather than spots and orange rather than yellow) Quite common (everything is here, it seems) they are not that often seen because they prefer to be mobile during the dusk and night time

Regrettably, the best chance of seeing one is probably when a car has run it over – like frogs and toads, they don’t hurry across nice warm tarmac.

I didn’t try to handle the one I spotted – nor did I let the dogs eat it! Their warning colours are there for a reason – the skin exudes a toxic substance that I prefer not to get on me. Although I am pretty confident that they are not that poisonous that they can’t be handled briefly. But why disturb the creature any more than I have to? I found mine by brushing the ground litter away with a stick – something I always do in the hope of finding some edible mushrooms – alas, after all this time, I never have. But the salamander was a much appreciated consolation prize.

Like the picture of the dormouse, I “borrowed” this photo from Google Images. I am ashamed to say I failed to carry a camera around with me yesterday – s’always the way, the one day you need a tool, it’s not to hand.

Technorati Tags: fire, france, salamander, salamandra

After far too long a break, I have found something I felt worth the effort of posting. One of the delights of owning property here in rural France is that we are surrounded with wildlife that back in the UK, is rarely, if ever seen. A young Hoopoe visits our garden most days for an evening meal, Buzzards abound, bats are all over the sky of an evening and even at the smaller scale of things, European stick insects and Praying Mantis’ are to be found if one looks carefully enough.

Of course, we also get less welcome visitors – particularly at harvest time, when mice are evicted from their field nests and come looking to us for a new home. Mostly field mice, rather more rarely, harvest mice and one memorable occasion, when a whole family of pygmy shrews moved in. In general, I use live traps when I can (that is, when we’re here) and simply move the critters I catch to the outskirts of the village and release them in a hedgerow. The incredibly aggressive but completely harmless pygmy shrews were very vocal in their disapproval of me evicting them but it’s that or the old-fashioned spring trap and rodent heaven as the alternative. I have resorted to killing traps on rare occasions – we have felt under siege once or twice and felt we needed to get rid of the uninvited guests asap. Fortunately, last night it was one of the live traps that did it’s job and this is what turned up in it.

I didn’t immediately recognise the beast – about the size of a gerbil and with a furry tail – well, that alone meant it wasn’t a mouse. I was rather confused as if the tail had been quite bushy, then I would have instantly have thought “Dormouse!” – but the Common Dormouse, Muscardinus avellanarius, is an attractive gingery brown colour and the Edible Dormouse, or (Glis glis) is a bit larger and more silvery-grey in colour. Whereas my specimen had a very attractive coat in grey, white and black. A quick look thru’ my books soon identified it as Eliomys quercinus, the Garden Dormouse, very common in the south of Europe and generally completely harmless. Not that commonly seen as they don’t often come into houses and they are nocturnal. The only problem that might occur is that they are communal creatures and tend to be quite noisy. So I’ve set a few more traps to see if we have more of them resident. I released this one as per normal but if we do have a glut, then I’m afraid the spring traps will be the next line of defence. Thankfully, it’s not a family of Glis glis – they can be a real nuisance, noisy, overly plentiful and quite happy to chew thru’ cables, wood pipes – anything really.

I’m afraid I had to steal this picture off’ve images.google.com. I didn’t see much value in trying to keep the animal until the next day simply to take a photograph of it. So I released it as soon as possible.

Technorati Tags: dormice, dormouse, edible, france, glis glis, harvest, mice, mouse

Our Wedding Photograph Album was pretty much the first HTML I ever wrote. And it certainly looked a bit frayed and tatty at the edges, what with the advent of Flash and mature Javascript technologies now in full use by, well, pretty much everyone.

It’s now coming up to ten years (yes, really, ten years!) since the happy day, So I have taken the opportunity to update the style of the album, to pretty much, more-or-less, match the style of my main “Zeltus” web-pages.

This is probably the last photo set I shall host directly – in future, all my albums will be hosted on Flickr.

Here’s hoping the reminder of the album’s existence, with it’s nice shiney new skin, will bring back happy memories for all of those who were there.

Technorati Tags: cameracraft, cornwall, falmouth, wedding

Today is St. Hilary’s Day. A long, long time ago he was a Bishop of Poitiers, not far up the road from here and he wrote some theological works considered to be quite important by those who care about such things.

Some posh Universities and Colleges name one of their teaching sessions Hilary Term, almost certainly because the start of the session is more or less somewhere around St. Hilary’s Day. You probably have to be posh and privileged for this to matter to you.

More interestingly, today is supposed to be the coldest day of the year.

On a down to earth level, this is patently untrue for this year but if it at least marks the turning of the tide and from here on in Spring beckons, then that’s fine by me. It’s the first day this year I’ve been able to get out of the house and potter about in the workshop and garden a bit.

Technorati Tags: coldest, foklore, hilary, spring

Summer gave way all to easily to Autumn and whilst it was a superb season while it lasted, Autumn is now gently allowing Winter to creep in. Time to start preparing to move out until the warm weather returns in Spring.

The leaves on the trees, after the best display we’ve ever seen, are now dropping rapidly, and it is time to pollard our Poplar trees.

The French are very enthusiastic about the practice of pollarding. And generally I am happy to believe they know what they are doing and follow their example. This decorative pollarding does mean that an otherwise large tree is kept to a reasonable garden size. The French leave a finger on each stump and I blithely follow their lead. I’ve no idea what it achieves but I would hazard a guess it’s to encourage the tree to sprout new growth as soon as possible in the Spring.

The newly pollarded trees look very bare and sorry for themselves. Not at all a pretty result. But in the Spring, they’ll all come good and look very attractive throughout the Summer.

Before coming across this form of pollarding, my understanding of the word was to describe a large mature Elm or Oak that had been completely decapitated in it’s youth as a source of a decent stave, long, long ago and had survived the experience by growing ever more lustily.

Indeed, many of the large, mature trees seen today (or rather, where Elms are concerned, the pictures of large mature trees ) quite probably underwent this treatment. Yet most of us think this is the normal and natural shape of a mature tree. Does anybody still remember the Umbrella Tree, near the bottom of Salford road on the hill up to Cranfield? A magnificent example that like so many, succumbed to Dutch Elm Disease in the 70’s, it was a classic mature pollard.

Finally, despite their love of the practice, the French appear to have no special name for it. They at best make use of the verb tailler – “to prune”. Sometimes, French is a romantic, expressive language. And at other times, it is quite earthy and plain – there seems to be very little middle ground.

This also highlights one of the benefits of the English language – very little of it is English, it’s all been stolen from other languages. And is all the richer for it. The French attempt to protect their language from external influence is, of course, a fool’s errand.

Technorati Tags: autumn, elm, oak, pollard, prune, tailler, winter