Jul 25 2012

Revisiting screen lockers and patching a security risk

Recently, I posted about two screen lockers that I’ve used in the past (xtrlock and slock). There has been some great discussion about these lockers, and some potential security problems that come along with using them. One very prominent issue regarding using screen lockers without login managers was raised by a reader, and I want to address it in this separate post.

Just as some background information, many people prefer to use login managers (also known as display managers) in order to be greeted by a graphical login prompt. To use these managers, the X Window System must be started as one of the final steps of the boot process (either by setting the default runlevel to 5 in inittab, setting the display manager to start via the rc system / a daemon, or another method). Some people don’t like the idea of a login manager starting automatically at the end of the boot process, and would prefer to simply be greeted with a terminal login prompt. For those users, it is obviously still necessary to log in as a valid user, but then to start an X session (for their respective graphic environment), one must issue the startx command.

The problem with screen lockers and the startx method of starting Xorg is that it presents a large security flaw. I mentioned in the previous post that one can switch to a different virtual terminal (by using the CTRL+ALT+F# key combination) and log in as a different user. Unless that user can become root and kill the screen locker, though, there’s no problem. However, when Xorg is started using startx, a person can switch to the virtual terminal that issued the startx command, and just hit CTRL+C to kill it. They will then be at the prompt for the user that issued the command, and won’t have to log in. Oops…

A good workaround for this problem is to start Xorg and make sure that the terminal is locked if X is killed. This workaround relies on the package vlock, which is a terminal locking application. For it to work properly, instead of issuing the standard startx command, one needs to issue startx ; vlock. That way, if a person switches to the virtual terminal that started the X session, and hits CTRL+C, it will kill X, but that will automatically start vlock, and subsequently, present the person with nothing more than a login prompt. What’s more, that person will have to enter the password for the user that started the X session.

There might be more elegant methods for fixing this problem, including a script to disable virtual terminal switching when the screen locker is called, and I’ve been looking into such methods. If anyone has further suggestions regarding workarounds, or more permanent solutions, please feel free to comment.

Cheers,
Zach

Jul 24 2012

Countdown to the job transition

If you frequent the Z-Issue, you may have noticed that there is now a counter in the sidebar. I received some news recently, and to me, it’s really exciting (enough for me to put a countdown widget on the ol’ blog). 🙂 I’ve been a Senior Linux Engineer for quite some time, and my current employer has decided to transition my role from Systems Engineering at the Lab level to a completely new position focusing on various needs of the organisation. Some of my responsibilities will be: maintenance and improvements to our internal systems (primarily Linux); internal documentation of our technologies and procedures; training of our newly-hired employees, as well as ongoing training for our current staff; working with our various development teams on streamlining their processes, and a lot of other fascinating areas.

Along with this great promotion, I get to move back to a city that I really enjoy, and think of as one of my home towns–Saint Louis, Missouri, United States. A have a lot of family and friends there, and really can’t wait to get back to see all of them on a regular basis. The combination of the new responsibilities, new title, being home, and getting to work remotely makes for an ideal situation toward which I’ve worked for many years.

Not all that much longer now. 🙂

Cheers,
Zach

Jul 23 2012

Greek yoghurts: Dannon Oikos versus Voskos

I’ve always been a big fan of yoghurt (or yogurt, if you prefer), but wasn’t ever really fond of the Greek yoghurt. I think that the primary reason that I don’t find like the majority of Greek yoghurt is due to its extremely thick, and sometimes dense texture. That being said, Greek yoghurt has some outstanding nutritional value (such as having double [or more] the protein of “regular” yoghurt, and also being fat-free [some of it, anyway]). It also serves as a decent source of calcium and potassium (although you will certainly need more of each in your daily regime).

Anyway, I’ve tried many different brands of Greek yoghurt, and though I was able to get through a container, it wasn’t enjoyable in the least. A couple weeks ago at the local grocer, they had a special on all varieties of Voskos Greek Yogurt. Seeing as I can’t really pass on a good deal, I grabbed a few different types (some with fruit, some with honey, some with granola mix-ins), and took them with me as a snack.

Voskos Greek Yogurt with fruit

As I had guessed, though, the yoghurt was incredibly thick and almost had a grittiness to it. It didn’t have a mouth feel that I liked, and the flavours were quite tart, even though a few of them had sweet fruit bits mixed in. Now, just because I didn’t care for it doesn’t mean it wasn’t well made. I believe that Voskos produces a high-quality product, but that it is just one that is unappealing to me.

The next week, interestingly, the same grocer was featuring Dannon Oikos Greek Yogurt in their sale. Being determined to find a Greek yoghurt that I enjoyed (or just incredibly stubborn; however you want to look at it), I picked up a few of them as well. I thought that these cups might be different than most of the others that I had tried, because they had the fruit on the bottom of the cup, instead of blended into the yoghurt itself.

Dannon Oikos Greek Yogurt - Fruit on the bottom

I picked up a couple different flavours, including black cherry, blueberry, vanilla, and strawberry. I’ve had the black cherry and blueberry thus far, and they are great! Surprisingly, they don’t have nearly the viscosity as the other Greek yoghurt that I’ve had in the past. Instead, the yoghurt is incredibly smooth and creamy. It is certainly still thicker than a “traditional” yoghurt, but I would say that the difference is slight. The fruit on the bottom is more of a compote, with a nice light syrup mixed with the fruit. When that fruit compote is mixed together with the yoghurt, it further lessens the viscosity, and adds a sweetness that just isn’t present in the varieties that mix the fruit before packaging.

After trying several different types and brands of Greek yoghurt, I have finally found one that I like as much (if not more so) than the standard yoghurt brands that I’ve enjoyed for years. Try it for yourself, and see what you think. If you’re like me, and have previously stayed away based on texture, the Dannon Oikos with the fruit on the bottom might be a winner for you too. 🙂

Cheers,
Zach