Archive for February, 2005

Rugby Weekend

Monday, February 28th, 2005

Another big Six
Nations
rugby weekend over that saw Scotland beat Italy in the
dullest international game in a while, Wales beating France in a
breathtaking match in Paris and Ireland beating world champions
England in a tense, down-to-the-wire encounter in Dublin.

Its all looking like it’ll end with a grand slam showdown between
Ireland and Wales in Cardiff. Who would have thought it?

The most bizarre example of how professionalism has changed Irish
rugby is that Brian O’Driscoll, Ireland’s star centre, having strained
his hamstring was sent to this whole body
cryotherapy unit
where you get put in a freezer at below -120°C
(-184°F) for a few minutes so that you can train at four times the
inensity for the next few hours. Three weeks after an injury that
would have put players out for months and he’s back on the pitch
leading the team and scoring tries.

A Certain Rocking Vuntz

Friday, February 25th, 2005

So, I just plowed through a few hundred emails in my gnome-panel bugzilla.gnome.org folder. In one
sense it was incredibly boring, because I don’t think I actually
interacted with a single bug report, but in another sense its was just
incredibly awesome. The folder appears to be just full of bugs which
Vincent Untz has already
closed. Rocking!

I didn’t know Vincent had a blog, interesting. I’ll need to
polish my French a bit to understand it, though. About all I could
understand was "J'adore vim". I guess its a good thing he
uses vim, really. If he used emacs he’d put us all to even more
shame fixing even more bugs.

SSH, X Forwarding and Xauth

Friday, February 25th, 2005

Discovered something interesting yesterday while trying to figure out
why Sabayon wasn’t
working for jdennis over SSH:

  • With ssh -Y, the SSH server creates a proxy X server to
    your local display which is just like any other SSH tunnel. Then
    it points $DISPLAY at the tunnel,
    e.g. DISPLAY=:10
  • In order for you to have permission to access the local display,
    though, it also needs to add an xauth cookie your ~/.Xauthority on
    the remote host.
  • The interesting part is that it doesn’t do what you might assume
    and just forward your xauth cookie for the local display to the
    remote host. Instead it creates another cookie, sends that to the
    remote host and its that cookie which gets merged to your
    ~/.Xauthority. When you try and connect from the remote host to the
    local display over the tunnel, the SSH client compares the cookie
    in the first protocol message and if it matches the one it
    generated for the tunnel, it swaps that cookie with the original
    cookie and allows the connection to complete.

At first that might just seem like misguided paranoid delusional
crackrock, but it does actually make sense. With this cool trick, if
you SSH to a compromised machine (i.e. a machine where an attacker can
access you ~/.Xauthority), then your display is only vulnerable while
you remain logged in. Once you log out again, the compromised cookie
is useless.