08.10.07
Posted in IT, Operating Systems at 10:40 am by Tyler Reguly
The LinuxWorld Conference and Expo recently ended, and related headlines are filtering into the press. One of these headlines, 'Vista Aiding Linux Desktop, Strategist Says', makes me wonder what it takes to be a strategist. Cole Crawford, an IT Strategist for Dell, spoke at the conference and, based on the article, did nothing but hurt the Linux community... unless the Linux community is looking to promote Linux via idiocy and drivel.
The article mentions a few things which drove me nuts, some more than others... so let's start at the top.
"A number of companies have moved back to Windows XP after deploying Vista"
How many is "a number" given just how many companies exist? There are still companies running Windows 2000 because they don't feel XP is up to par, there were companies waiting for XP SP1 before they would switch and there were companies that still didn't feel comfortable doing it after XP SP2. Companies that made the jump to Vista were probably i) purchasing new computers that came equipped with Vista or ii) jumping in the water without checking for sharks first. This is why companies wait, you don't throw a brand new product into an organization and any company with an IT staff worth their salt would know this.
"The Linux desktop can do all of that. It can be interoperable with earlier versions of the operating system, is generally interoperable with Windows, can ship with an enterprise kernel and can be remotely managed by existing management solutions"
I have to question what any of this really means. Are products interoperable, or just the OS itself? Generally on Linux there are fairly severe dependencies and requirements and that's why, unless you're working from source, every distribution, and (generally) version of distribution, has it's own package. Are we talking about "standard" commands being the same across the board? If that's the case, I'd point out that configuring the firewall changes with almost every major kernel version (ipfwadm, iptables, ipchains). What is an enterprise kernel? How do we define an enterprise kernel and how is it different from a "non-enterprise" kernel? Lastly, what is this form of management? Is it SSH or telnet because that isn't really remote management... not enterprise quality remote management. Windows would never have succeeded if Terminal Services was the only form of enterprise management. Every Linux distro has it's own GUI config tool as well, and none of them have anything close to Active Directory and Group Policy for managing computers in a domain. Every time you want to install a new package, are you supposed to write a script to push out the tarball via scp and log in via ssh and execute all required commands? Lastly, and I can realize what this wasn't addressed, we have the issue of enterprise applications. They don't exist. There's no debating the subject... We don't have something to fully replace Exchange yet, nor do we have replacements for the Office line of products, including Project, Visio, Outlook, etc... We don't have a Sharepoint replacement, we're missing a lot of enterprise applications, which is really the reason why Linux isn't enterprise ready.
Now for my favourite comment... and yes, I do believe Mr. Crawford was serious when he said this.
He said Linux is a lot more secure than Windows as it has no registry, since everything is a file, which needs permissions to execute. There is also no such thing as a DLL, which Crawford described as the second most evil thing in Windows behind ActiveX.
I'm trying not to laugh as I type the rest of this but it's difficult. Linux is a lot more secure than Windows because there's no registry?!?! I hope this is some sort of joke, even the rationale behind it fails, mostly because it's unrelated. I would argue that you need permissions in Windows as well... the difference is the "default" level of security that exists... Vista does a lot to address this and make execution much more Linux like. Wireshark is actually a prime example. On my Ubuntu laptop if I don't run Wireshark as root then I don't have access to the interfaces, yet in Windows XP, it doesn't matter how I run Wireshark, I can see the interfaces. In Windows Vista, the response is similar to Ubuntu... I'm required to "Run As Administrator" in order to see the interfaces in Wireshark. I also get a huge kick out of the second part of the comment, that "DLLs are the second most even thing in Windows", and more so the thought that Linux doesn't have DLLs. Now Linux may not use the extension DLL but seriously... who would attempt to speak as a subject matter expert and not recognize that Dynamically Linked Libraries (DLL) are the same as Shared Libraries (Shared Objects) in the Linux world. How about a quote from the IBM website:
"a shared object has nothing to do with object-oriented technology! What we're talking about are dynamically linked libraries on the Linux platform (analogous to DLLs on Windows)."
Now do you see why I can't help but laugh? However this all brings me back to the title of this post? What is an IT Strategist? Are they required to have an understanding of IT? I'm really curious... but I have to say thanks to eWeek for publishing the article... I needed the humour to kick start my morning.
Permalink
Digg this post
Posted in IT at 2:54 am by Tyler Reguly
I can across this post today on the Official Google Blog. If you are running out of storage space in Picasa or GMail, you can now purchase additional storage space... and over at Google Blogoscoped, they think that Google Docs is a likely addition to the Google Storage program.
Right now GMail stands at ~2.82GB, or so my Storage Account Manager told me. Additional space can be purchased at various sizes and costs:
- 6GB @ $20/year
- 25GB @ $75/year
- 100GB @ $250/year
- 250GB @ $500/year
The Google Account Help page on the subject of storage space mentions that you can't allocate how much of your space is given to Picasa or GMail (or any future Google Apps that may be added) and that the storage is used on a first come first serve basis.
It's an interesting concept, I'm just curious to see how popular it will be as it seems slightly over priced to me. I'm sure that they are setting the foundation for a Google Storage app that allows direct access as an additional drive on your computer, but even so... If that's what they are attempting to do, they will really need to reconsider their pricing structure.
Permalink
Digg this post
08.08.07
Posted in IT, Personal at 10:40 am by Tyler Reguly
Yes, you read that correctly... the internet is safe. So safe that almost no one is actually taken advantage of, and only 0.08% of kids are meeting people off the internet without their parents approval. At least that's what a National School Boards Association report says. I would say that kids are smart enough not to mention that they are doing it... it's similar to surveys that ask teens if they drink, use drugs, or are abstinent. They give the "right" answer, not the real answer. The report goes so far as to suggest that perhaps social networking sites should be introduced to classrooms, after all businesses and higher education are using social networking sites...
That in itself leads to some interesting questions. Do these businesses know that their employees are using social networking sites for collaboration? Are these institutions of higher education using external sites or internal sites?
Do businesses know that their employees are using social networking sites for collaboration?
This is an interesting question for a couple of reasons. Primarily because social networking is anything but secure. If you are collaborating via public social networking sites you're risking disclosure of private and confidential information. The second issue is ownership. Many Web 2.0 collaboration sites "mention" in their EULA / Terms of Use that they own any work completed on their sites. There are exclusions to this (Google Apps for Business, at least I hope it has that exclusion) but there are others that do include it.
Do post-secondary institutions use internal or external social networks?
When I was in college I could get my grades, my tax paperwork (T2202A) and other confidential items from our internal social network. I don't think that I'd have been very impressed if this information was being passed to me via Facebook or MySpace.
These are questions that the report fails to answer. There are many others as well. They also call youth who excel on the internet non-conformists... essentially insulting the "geeks" and "nerds" and internet-literate people that enjoy the internet and prefer it.
I suggest everyone read the report, it's a sham that was co-funded by Microsoft, News Corp. and Verizon and I can't believe the drivel that was spouted in it. Social networking is the last thing that needs to be introduced to the classroom and I hope the dedicated teachers out there will see this. It will distract from class work, interfere with studies and be an all around hindrance to education. Sure students will know "how to use" social networks, but they are learning that on their own.. in their free time. Why not just provide students with Blackberries and allow their use during class time. That seems to be as intelligent of a choice as allowing them access to social networks.
If you really want to enable students to perform at a higher level in a technology dependent world, introduce them to a wider range of Microsoft products in the classroom. Access, Project, Visio... software that's used in all sorts of business that is never taught, unless you have a specific college class on subject. Schools should have Project and Sharepoint servers... this would benefit students... learning proper document check-in and check-out and "true" collaboration skills... Not throwing them on a social network because only 0.08% of students were honest about their actions regarding meeting strangers and how they spend their time.
Permalink
Digg this post
Posted in Personal at 9:36 am by Tyler Reguly
How does something like this. It links to a page that will "reportedly" crash IE6 and IE7 (although it fails to crash my IE7) (link here). This page has been picked up and reported by many sources, and has even appeared on Digg and Slashdot. I have to wonder why?!?!? There are tons of IE DoS floating around... why does this warrant appearing on Digg and Slashdot? I could see maybe Digg... given the people that frequent it, but Slashdot? I would expect better from a "geek" site.
Permalink
Digg this post
08.05.07
Posted in IT, Tools at 8:09 pm by Tyler Reguly
So I was surfing the net today, and a "sponsor site" on one of the random pages I was BananaSecurity.com. I had to check it out with a name like that, so I browsed on over. They advertise interesting software... essentially it's screen saver biometrics using a web cam. When your face is recognized the BananaSecurity screensaver unlocks your computer. Now in their "Notice" link they refer to themselves as BS, which leads me to "trust" the product. The concept seems interesting but is it really there.
So... has anyone been to BananaSecurity.com before? and better yet has anyone tried out the software? I'm looking for thoughts and opinions...
Permalink
Digg this post
08.01.07
Posted in IT at 8:48 pm by Tyler Reguly
Recently I revamped my network, the wireless AP moved to the back of the network, eliminating an unnecessarily hop for my wired machines. It also put my primary wired network directly off the primary NAT router, instead of daisy chaining it through two NAT devices. This gives me a bit more freedom, so I decided to put my shell box online, so I can access it remotely.
The other day, I was looking through some logs and I noticed that /var/log/auth.d (authentication related logging such as console logins and ssh) was quite large. There were pages upon pages of logs similar to this:
Jul 30 09:47:00 localhost sshd[20675]: Failed password for invalid user shell from 24.190.183.178 port 33839 ssh2
Jul 30 09:47:02 localhost sshd[20677]: Failed password for invalid user server from 24.190.183.178 port 34325 ssh2
Jul 30 09:47:05 localhost sshd[20679]: Failed password for invalid user server from 24.190.183.178 port 34412 ssh2
Jul 30 09:47:07 localhost sshd[20681]: Failed password for invalid user server from 24.190.183.178 port 34886 ssh2
Jul 30 09:47:10 localhost sshd[20683]: Failed password for backup from 24.190.183.178 port 34971 ssh2
Jul 30 09:47:12 localhost sshd[20685]: Failed password for backup from 24.190.183.178 port 35447 ssh2
Jul 30 09:47:15 localhost sshd[20687]: Failed password for invalid user oracle from 24.190.183.178 port 35528 ssh2
Jul 30 09:47:17 localhost sshd[20689]: Failed password for invalid user oracle from 24.190.183.178 port 36003 ssh2
Jul 30 09:47:20 localhost sshd[20691]: Failed password for invalid user oracle from 24.190.183.178 port 36464 ssh2
Jul 30 09:47:22 localhost sshd[20693]: Failed password for mail from 24.190.183.178 port 36549 ssh2
Jul 30 09:47:24 localhost sshd[20695]: Failed password for mail from 24.190.183.178 port 37019 ssh2
Jul 30 09:47:27 localhost sshd[20697]: Failed password for mail from 24.190.183.178 port 37107 ssh2
Jul 30 09:47:29 localhost sshd[20699]: Failed password for mail from 24.190.183.178 port 37197 ssh2
Should I mask that IP... maybe but I'm not to happy with them auditing my system. Anyways... I'm a little curious... I'd like to know what passwords they are trying and I'm curious about the client version string that's offered... I doubt it will be "SSH-2.0-PuTTY_Release_0.60".
Since I'm lazy with this server and I've installed everything through apt, I had to go and grab the latest OpenSSH sources (The latest being 4.6p1). Now... let's log passwords and client version strings.
First logging passwords passed to sshd in plaintext. Remember that this is a security risk and you shouldn't do this on production machines, it should only be done for testing and lab purposes. Now that I've said that, open the file: auth-passwd.c
Around line 80 you should see:
int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
static int expire_checked = 0;
Place 'logit("Password: %s",password);' above struct passwd. My function looks like this:
auth_password(Authctxt *authctxt, const char *password)
{
logit("Password: %s",password); /* Password Logging added by HT */
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
static int expire_checked = 0;
Now let's do some client version logging. For this open the file sshd.c and look at line 454. You should see:
buf[sizeof(buf) - 1] = 0;
client_version_string = xstrdup(buf);
Add the line "logit("Client Version String: %s", client_version_string);" below the client version string line, so that you have something like:
buf[sizeof(buf) - 1] = 0;
client_version_string = xstrdup(buf);
logit("Client Version String: %s", client_version_string); /* Client Version Logging added by HT */
You can save your changes and you're all done. Now, in your log files, you'll see:
Aug 1 20:39:40 localhost sshd[18426]: Client Version String: SSH-2.0-PuTTY_Release_0.60
Aug 1 20:39:45 localhost sshd[18426]: Invalid user hack from 192.168.1.101
Aug 1 20:39:45 localhost sshd[18426]: Excess permission or bad ownership on file /var/log/btmp
Aug 1 20:39:45 localhost sshd[18426]: Password:
Aug 1 20:39:45 localhost sshd[18426]: Failed none for invalid user hack from 192.168.1.101 port 56233 ssh2
Aug 1 20:39:48 localhost sshd[18426]: Password: l33thax0r
Pay close attention to my upcoming blog posts as I plan to study the passwords and usernames that I receive, along with the client_version_string. Enjoy watching people provide passwords!
Permalink
Digg this post
Next entries »