Dmitry - January 19, 2006 on 6:43 pm
It’s cold and gloomy outdoors. I’m feeling pretty faded (errr, jaded) right about now. I’m sure all you corporate hangers-on have seen the Big-whatever companies come in with their pen-testing or audit teams. Some of them call themselves pen-testing, some Tiger, some white-hat hacker, whatever. They should just state that they are inept p0sers. But, that gets me thinking (on just such a day) what it would take to get hired at one of these Big-whatever companies. So, without further adieu:
Rule 1 - You can’t run Windows. Seriously, don’t even consider showing up to a Con|interview|class|etc with Windows. Even if you have to run a CD distro, or OpenBSD at runlevel 3, you must do it. You will be scoffed at and not taken seriously with a Windows machine. For bonus points, put con stickers or anti-microsoft stickers on the laptop. You get extra bonus points if you’re running a MAC. Just pull up Safari and browse over to slashdot. Yeah, you’re rolling hardcore now.
Rule 2 - You must have complete and utter disdain for any authority figure. You’re the rebel - the misunderstood creative genius. Act the part.
Rule 3 - You must be a coder of some sort (’Hello world’ is sufficient). Ruby and Python are pretty cool right now. C is an old standard and always well respected. If you’re running one of those GUI APIs that really makes things much easier, STOP. It’s not cool. gcc or death.
Rule 4 - You’ll have to be a Goth, punk, or (less bonus points) a long-hair. You must dress and look the part. Yes, Dave Aitel showed up to Defcon wearing a shirt and tie…but, hey, he’s Dave. If you’re not Dave, you have to look like a meth junkie, sorry. There *are* bonus points for piercings and tattoos.
Rule 5 - On some elite mailing list, you must have gotten a wink (both ‘;)’ and ‘;-)’ are acceptable) from some security guru. !wink == !cool (incidentally, I just satisfied rule 3 - Go me!)
Rule 6 - You must have a ‘Niche skill’. Not only must you have the niche skill, you must talk about it a LOT. Certain skills are worth more than others, so I’ll do a quick rundown on which skills generate the most bonus points. If it’s not on this list, then it’s worth negative points and you should avoid it at all cost.
Reversing - Crank up IDA Pro, put on that “I’m so busy doing really, really important reversing that you dare not ask me any questions” look and watch those bonus points ROLL IN!
Writing exploits or shellcode - Still very cool. Try to be seen with either a .s file open (use vi editor, don’t make the mistake of using emacs or pico or, G-d forbid, a GUI editor) or gdb. In a crunch, you can have a .c file open, but don’t make it a habit. You’ll need to work on that “don’t bother me look”, lest someone ask you wtf you’re doing.
Fuzzing - Do NOT tell anyone that you use a commercial or open-source fuzzer. That’s like -500 bonus points. No, my friend, you write your own fuzzers. “Yeah, cuz like, SPIKE wasn’t doing enough pairwise-relationships between parameters so I had to like, write my own fuzzer that took advantage of like binary relations across multiple fields and stuff and like, I’d explain it to you but it’s really complicated and like …” ad infinitum.
TCP/IP Ninja - Really low on the spectrum. It used to be really cool but now, unless your name is Kaminsky, you’re not really getting much spin with this one. Maybe when people figure out that there are still bugs to be found at layers 2,3, and 4 of the stack this will get some rejuvenation…but, until then, I don’t recommend this one.
Rule 7 - You must be the project owner of some arbitrary project… Have some pet project that you supposedly work on all hours of the night. Send out emails at all hours of the night (use cron if you have to) telling your boss that you have a great idea for some cool new reversing/fuzzing/exploiting-shellcode_generating-morphing-inline-tcp-ip-ninja-death-ray machine that you are working on. If they ever ask to see a working demo, take the coders moral high road (i.e. make up some reason why you are so elite that you dare not try the tool until you’ve tweaked out some bugs…or whatever)
Rule 8 - Coherent statements are not for you. That’s right, even if you have to go back and add in typos, do it. I should probably give a few examples.
Bad email - Good evening Mister Jones, I was just working on my project for that Death Ray auto-pen-testing machine and wondered if you had any feedback regarding how we would handle shellcode delivery across SCADA or process control networks. Further, as I am putting in so much time with this project, I may need to be a little late tomorrow morning.
Good email - hey. so, im rewrking the shellcode delivrey mechanism for teh scada and pc networks and if you had anyhthing to add before I commit thes to CVS then can you shoot me an email. I might be in late tomorrow depeending on how son I get thes bugs worked out.
That’s about it. Good luck, I’m sure I’ll be seeing you soon.
!Dmitry
Wednesday, January 25, 2006
Saturday, January 07, 2006
10 things you should know about every Linux installation
By Jeffrey G. Thomas
Linux is not Windows, and although there are some similarities, you must realize that there may be a few "new ways of doing things" to learn before you can be comfortable in Linux. Linux is an open-source clone of UNIX, a secure operating system (OS) that predates DOS and Windows and is designed for multiple users. The items in the following list generally apply to any UNIX-based *nix system, such as Linux and the various BSD's. For the purposes of this article, assume that it's all Linux.
Here are the 10 things to know
Editor's note: As part of a recent IT Soapboxblog post I asked Linux users and evangelists in the TechRepublic community to step up to the plate and take a crack at producing some informative articles and downloads on the Linux operating system. This document is just one of the submissions inspired by that challenge. Just click the Linux challenge tag to track other published submissions stemming from this grass roots project.
1. File hierarchy
Unlike some other OS's that have a file tree for each drive, the Linux file system is one big tree. At the top you have / (Root) and every folder, file, and drive branches off of this Root.
For example, say that you have two hard drives (named a and b), one floppy drive, and one CD-ROM. Let's say that the first hard drive has two partitions (named a1 and a2). In Windows, it would look like this:
+ hard drive a, partition one (hda1): C Drive
+ hda2: D Drive
+ hdb1: E Drive
+ floppy: A drive
+ CD-ROM: F Drive
In Linux, you have one file system, not the five listed in the Windows example. Each drive is mounted onto the tree and acts just like a folder. The drives could be placed like this:
+ hda1: / (our Root)
+ hda2: /home
+ hdb1: /home/user/music
+ floppy: /mnt/floppy
+ CD-ROM: /mnt/cdrom
Our D Drive and E Drive are attached within our C Drive and there is no need to go to the top to switch drives; the switching happens seamlessly as we move from one folder to another. The same is true with our Floppy and CD-ROM: they are just attached under /mnt as part of the one file system. These drives, in reality, can be attached almost anywhere in a Linux system, depending on how the installation (or user) set up the /etc/fstab file, which tells the computer where things get attached and how to handle them. See Figure A.
Figure A
File structure
2. Modular system
Think about the guts of Windows XP, Win2k, Win98, Win95, and Apple OS X. Each has different components inside and a different graphical look. What if you wanted the Media Player in XP, the File Manager in 98, the stability of Win2k, and the look of OS X all in one unit? In Linux, each aspect of the system is independent, so you can mix and match parts to make your very own Frankenstein OS. You can choose from a variety of programs to run as your firewall, another to play media, yet another to run your File Manager.
Unlike the "tower" OS's from Microsoft, where everything is interconnected and depends on each aspect of the system, the Linux OS is spread out like a Market: everything works together for the common good, but vendors (independent parts of the OS) can be excluded, and the OS will still function. Don't want a Media Player or File Manager? Take it out! Your OS will not fall like a broken tower.
This modularity is the reason for so many distributions of Linux (commonly called distros); any person or company can mix and match the programs they find most useful and slap a name on that collection. RedHat, Xandros, SimplyMEPIS, and Suse are all examples of distros.
Some of the larger distros have copycats that use their settings, but change the included programs. This is the Linux way, and the mix-and-match approach gives users more choice in the long run. DistroWatch.com currently lists over 350 distributions of Linux. Many on the list are specialized to serve a specific group of people, but all can be altered to run the same programs.
Because programs are interchangeable, the Graphical User Interface (GUI) is no exception. GUI's give you the look and feel of a modern OS with the mouse, program icons, menus, etc. Any Linux system (well, one that is running on a real computer, not a phone) can run one of many different GUI's, just like it can run many web browsers or different email client programs.
Want your system to look like Windows? Use FVWM with the XP theme. Want it to be fast? Try IceWM. Want it to be more "full featured"?; try GNOME or KDE. All of these GUI's have benefits and drawbacks, but they all present the user with an interface that can be manipulated with a mouse. Although this may result in every Linux screen looking different, all of the GUI's are still doing the same behind-the-scenes work for you; just use your eyes and often it is not hard at all.
3. Hardware, software, and everything in between
Linux has come a long way in the few short years of its existence. It is less than half the age of Microsoft Windows, and yet it is more powerful, more stable, less resource-hungry, and graphically equal (if not superior) to this costly, buggy OS from Redmond.
One thing that Linux doesn't yet have going for it is vendor support. If you really like Intuit's QuickBooks, for example, you cannot natively run it in Linux. There are projects to make Windows programs run in Linux, such as CrossOver Office and Wine, but these work with varying success, depending on the Windows program. Until software companies decide to port their programs to Linux, you will not be able to run them natively.
Not all is lost, however. Open Source software has upward of 15,000 of programs that run natively in Linux. Because these programs are (usually) free of charge, they vary in quality, but the majority of programs are wonderfully written and constantly improved. These programs can import and export non-native file types as well. GNUCash can read those Quickbooks files just fine, and OpenOffice.org can read MSWord *.doc files. If you dislike GNUCash, don't despair. There are other similar programs also available for free, and more and more software companies are releasing Linux versions of their software.
These same issues apply to hardware. Just as you cannot expect just any piece of hardware off the shelf to work with an Apple computer, the same can be said for Linux machines. Most standard hardware works perfectly; hard drives, RAM, flash drives, motherboards, NIC's, and digital cameras usually have little trouble under Linux. Newer, cutting edge hardware is a different story. Until hardware vendors choose to support Linux, the drivers needed to work these pieces of hardware must be written by the Linux community for free and in the community members' spare time.
Therefore, there is a lag behind Windows support since hardware companies often work directly with Microsoft to ensure compatibility, and tend to let Linux volunteers figure out the Linux hardware support on their own. Laptops are notorious for their non-standard hardware; it can be a challenge to map special keys in Linux. The good news here is that vendor support for Linux hardware, like software, is changing for the better as more and more companies see their future in Linux.
Everything in between the hardware and the software in a Linux machine is the kernel. This kernel is what connects the hardware to the software, and an updated kernel is made available via Internet every few weeks; the most current is 2.6.14. If you have hardware that isn't currently supported, there is a chance that a newer kernel could help you out. Installing this kernel yourself isn't always easy, however; that's where Package Managers come into play.
4. Package Managers - Program installation made easy(er)
There are many ways to install programs in Linux, but the easiest is with your distribution's Package Manager (PM). The PM makes sure that any missing files (called dependencies) are also installed so the program runs correctly. Choosing a distribution often comes down to which type of PM you like, but any Linux software can be installed on different distributions if you can find the corresponding Package.
These PM's usually have an on-line repository for their programs. Installing an application is as easy as searching through the program repository and clicking Install. Can't find IceWM or MPlayer in your Package Manager's list? There is always a way to add a new on-line repository that will have what you are looking for. Some examples of Package Managers include Synaptic (based on dpkg and Apt) for Debian (and derivatives); Yum for RedHat (and derivatives); YaST2 for SuSE (and derivatives); and Emerge for Gentoo.
5. Permissions
Linux is designed to have multiple users, and these users fall into groups. Every user has permissions to read, write, or execute (R/W/X) their own files, and permission to change those permissions. Because Linux is designed for multiple users, each user has their own password and may restrict access to their files. These are called User Permissions.
Each user belongs to one or more groups, and a user can set their file/folder permissions so that others in the group can read but not write the files, or any other combination of R/W/X. These are Group permissions. For example, Joe and Susan are both in Accounting. They can allow the Accounting group access to each other's files, but they can restrict that access from those in the Sales group.
The Others permissions can allow or deny access to these files for anyone outside the Group. These permissions are for the safety of the overall system, as well as for each user's data. Most home users are fine to leave the default permissions alone on their files. (See Figure B)
Figure B
Permissions
The Root user (not to be confused with the / Root of a file system), as the Administrator, has rights to all files and is the only user who can alter system-wide settings. The Root user has their own password, which is used for system maintenance. This distinction prevents a regular user from installing harmful spy ware on the system or deleting important files.
6. Home directory
Windows has My Documents, but where do you put files that aren't documents? Usually on the Windows Desktop! Linux can clutter the desktop too, but each of our users also has a Home directory, usually located at /home/user. Within that Home directory you often have Documents (/home/user/documents), program links, music (/home/user/Music), or whatever we want. We can create files and folders here, and organize or disorganize them as much as we want, just like it was our own personal Home. Depending on how our permissions are set, we can allow or prevent any other user access to these files (except the Root user).
7. Default installation differences
There are a few differences between Linux distributions, such as where some files are kept or what some of the default programs are named. Just knowing that the file system might be a bit different between RedHat and SuSE is a great start. Most users don't need to know what those differences are, but they should be aware that the internal file systems can be a bit different. When asking for help, make sure to let others know which distribution you are running. If you don't have troubles in your system or don't care to set up complex behind-the-scenes operations, don't worry too much about this.
8. CLI, or "how to run"
From the Start-type menu, the xterm program (also called Console) brings you to a Terminal, which looks a bit like a DOS window, but it actually predates and out-powers DOS. This is the Command Line Interface (CLI), the origin of our favorite OS which is present in every Linux distribution. We won't get into the finer details, which can fill books, but the CLI a powerful tool often needed to troubleshoot your computer. If you ask for help on the Internet and someone asks you to run lspci, they want you to start xterm, type lspci, hit enter, and then provide the screen's response.
When you start an xterm, you are your regular user-self with limited powers. To get into Root User mode (see Permissions above) in an xterm, type su [enter], then type the Root password [enter]. Now you have a lot of power so be nice. The Root user can destroy anyone's data, including the system files needed to run Linux. To leave an xterm or su mode, type exit [enter].
9. Ctrl-alt-escape
Clicking the ctrl-alt-escape key combination changes your mouse into an X, skull-and-crossbones, or some other sinister mouse-cursor. In this mode, clicking on a misbehaving or frozen application will kill it. It is similar to the End Process in Windows Task Manager, but use with care. If you don't want to kill anything, use the Esc key to back out of kill mode. Clicking on the wrong program (including the desktop GUI) can cause a serious headache.
10. The Internet is your friend!
Many distros have a User's Forum where questions, answers, and tips are passed around. LinuxQuestions.org is a great site for overall Linux knowledge and help. Remember, before posting questions on any forum, research your questions (both at LQ and on Google) to avoid asking about an issue that may already be solved. Also, check the age of any solution that you find, as old answers may no longer apply to this fast-changing world of Open Source software. When asking a question, be sure to include as much (applicable) information as you can about your system, such as:
* The processor type (Intel or AMD or Apple PPC?)
* Your distribution (SuSE? Debian?)
* The program with which you're having trouble, and
* Any other relevant information.
Keep an open mind
Linux and open-source software have made leaps and bounds in the last few years, but for users coming from the closed world of Windows, the internal workings of Linux may seem foreign. An open mind and a willingness to share knowledge helps the Linux community grow, and we welcome you to our ranks.
Linux is not Windows, and although there are some similarities, you must realize that there may be a few "new ways of doing things" to learn before you can be comfortable in Linux. Linux is an open-source clone of UNIX, a secure operating system (OS) that predates DOS and Windows and is designed for multiple users. The items in the following list generally apply to any UNIX-based *nix system, such as Linux and the various BSD's. For the purposes of this article, assume that it's all Linux.
Here are the 10 things to know
Editor's note: As part of a recent IT Soapboxblog post I asked Linux users and evangelists in the TechRepublic community to step up to the plate and take a crack at producing some informative articles and downloads on the Linux operating system. This document is just one of the submissions inspired by that challenge. Just click the Linux challenge tag to track other published submissions stemming from this grass roots project.
1. File hierarchy
Unlike some other OS's that have a file tree for each drive, the Linux file system is one big tree. At the top you have / (Root) and every folder, file, and drive branches off of this Root.
For example, say that you have two hard drives (named a and b), one floppy drive, and one CD-ROM. Let's say that the first hard drive has two partitions (named a1 and a2). In Windows, it would look like this:
+ hard drive a, partition one (hda1): C Drive
+ hda2: D Drive
+ hdb1: E Drive
+ floppy: A drive
+ CD-ROM: F Drive
In Linux, you have one file system, not the five listed in the Windows example. Each drive is mounted onto the tree and acts just like a folder. The drives could be placed like this:
+ hda1: / (our Root)
+ hda2: /home
+ hdb1: /home/user/music
+ floppy: /mnt/floppy
+ CD-ROM: /mnt/cdrom
Our D Drive and E Drive are attached within our C Drive and there is no need to go to the top to switch drives; the switching happens seamlessly as we move from one folder to another. The same is true with our Floppy and CD-ROM: they are just attached under /mnt as part of the one file system. These drives, in reality, can be attached almost anywhere in a Linux system, depending on how the installation (or user) set up the /etc/fstab file, which tells the computer where things get attached and how to handle them. See Figure A.
File structure
2. Modular system
Think about the guts of Windows XP, Win2k, Win98, Win95, and Apple OS X. Each has different components inside and a different graphical look. What if you wanted the Media Player in XP, the File Manager in 98, the stability of Win2k, and the look of OS X all in one unit? In Linux, each aspect of the system is independent, so you can mix and match parts to make your very own Frankenstein OS. You can choose from a variety of programs to run as your firewall, another to play media, yet another to run your File Manager.
Unlike the "tower" OS's from Microsoft, where everything is interconnected and depends on each aspect of the system, the Linux OS is spread out like a Market: everything works together for the common good, but vendors (independent parts of the OS) can be excluded, and the OS will still function. Don't want a Media Player or File Manager? Take it out! Your OS will not fall like a broken tower.
This modularity is the reason for so many distributions of Linux (commonly called distros); any person or company can mix and match the programs they find most useful and slap a name on that collection. RedHat, Xandros, SimplyMEPIS, and Suse are all examples of distros.
Some of the larger distros have copycats that use their settings, but change the included programs. This is the Linux way, and the mix-and-match approach gives users more choice in the long run. DistroWatch.com currently lists over 350 distributions of Linux. Many on the list are specialized to serve a specific group of people, but all can be altered to run the same programs.
Because programs are interchangeable, the Graphical User Interface (GUI) is no exception. GUI's give you the look and feel of a modern OS with the mouse, program icons, menus, etc. Any Linux system (well, one that is running on a real computer, not a phone) can run one of many different GUI's, just like it can run many web browsers or different email client programs.
Want your system to look like Windows? Use FVWM with the XP theme. Want it to be fast? Try IceWM. Want it to be more "full featured"?; try GNOME or KDE. All of these GUI's have benefits and drawbacks, but they all present the user with an interface that can be manipulated with a mouse. Although this may result in every Linux screen looking different, all of the GUI's are still doing the same behind-the-scenes work for you; just use your eyes and often it is not hard at all.
3. Hardware, software, and everything in between
Linux has come a long way in the few short years of its existence. It is less than half the age of Microsoft Windows, and yet it is more powerful, more stable, less resource-hungry, and graphically equal (if not superior) to this costly, buggy OS from Redmond.
One thing that Linux doesn't yet have going for it is vendor support. If you really like Intuit's QuickBooks, for example, you cannot natively run it in Linux. There are projects to make Windows programs run in Linux, such as CrossOver Office and Wine, but these work with varying success, depending on the Windows program. Until software companies decide to port their programs to Linux, you will not be able to run them natively.
Not all is lost, however. Open Source software has upward of 15,000 of programs that run natively in Linux. Because these programs are (usually) free of charge, they vary in quality, but the majority of programs are wonderfully written and constantly improved. These programs can import and export non-native file types as well. GNUCash can read those Quickbooks files just fine, and OpenOffice.org can read MSWord *.doc files. If you dislike GNUCash, don't despair. There are other similar programs also available for free, and more and more software companies are releasing Linux versions of their software.
These same issues apply to hardware. Just as you cannot expect just any piece of hardware off the shelf to work with an Apple computer, the same can be said for Linux machines. Most standard hardware works perfectly; hard drives, RAM, flash drives, motherboards, NIC's, and digital cameras usually have little trouble under Linux. Newer, cutting edge hardware is a different story. Until hardware vendors choose to support Linux, the drivers needed to work these pieces of hardware must be written by the Linux community for free and in the community members' spare time.
Therefore, there is a lag behind Windows support since hardware companies often work directly with Microsoft to ensure compatibility, and tend to let Linux volunteers figure out the Linux hardware support on their own. Laptops are notorious for their non-standard hardware; it can be a challenge to map special keys in Linux. The good news here is that vendor support for Linux hardware, like software, is changing for the better as more and more companies see their future in Linux.
Everything in between the hardware and the software in a Linux machine is the kernel. This kernel is what connects the hardware to the software, and an updated kernel is made available via Internet every few weeks; the most current is 2.6.14. If you have hardware that isn't currently supported, there is a chance that a newer kernel could help you out. Installing this kernel yourself isn't always easy, however; that's where Package Managers come into play.
4. Package Managers - Program installation made easy(er)
There are many ways to install programs in Linux, but the easiest is with your distribution's Package Manager (PM). The PM makes sure that any missing files (called dependencies) are also installed so the program runs correctly. Choosing a distribution often comes down to which type of PM you like, but any Linux software can be installed on different distributions if you can find the corresponding Package.
These PM's usually have an on-line repository for their programs. Installing an application is as easy as searching through the program repository and clicking Install. Can't find IceWM or MPlayer in your Package Manager's list? There is always a way to add a new on-line repository that will have what you are looking for. Some examples of Package Managers include Synaptic (based on dpkg and Apt) for Debian (and derivatives); Yum for RedHat (and derivatives); YaST2 for SuSE (and derivatives); and Emerge for Gentoo.
5. Permissions
Linux is designed to have multiple users, and these users fall into groups. Every user has permissions to read, write, or execute (R/W/X) their own files, and permission to change those permissions. Because Linux is designed for multiple users, each user has their own password and may restrict access to their files. These are called User Permissions.
Each user belongs to one or more groups, and a user can set their file/folder permissions so that others in the group can read but not write the files, or any other combination of R/W/X. These are Group permissions. For example, Joe and Susan are both in Accounting. They can allow the Accounting group access to each other's files, but they can restrict that access from those in the Sales group.
The Others permissions can allow or deny access to these files for anyone outside the Group. These permissions are for the safety of the overall system, as well as for each user's data. Most home users are fine to leave the default permissions alone on their files. (See Figure B)
Permissions
The Root user (not to be confused with the / Root of a file system), as the Administrator, has rights to all files and is the only user who can alter system-wide settings. The Root user has their own password, which is used for system maintenance. This distinction prevents a regular user from installing harmful spy ware on the system or deleting important files.
6. Home directory
Windows has My Documents, but where do you put files that aren't documents? Usually on the Windows Desktop! Linux can clutter the desktop too, but each of our users also has a Home directory, usually located at /home/user. Within that Home directory you often have Documents (/home/user/documents), program links, music (/home/user/Music), or whatever we want. We can create files and folders here, and organize or disorganize them as much as we want, just like it was our own personal Home. Depending on how our permissions are set, we can allow or prevent any other user access to these files (except the Root user).
7. Default installation differences
There are a few differences between Linux distributions, such as where some files are kept or what some of the default programs are named. Just knowing that the file system might be a bit different between RedHat and SuSE is a great start. Most users don't need to know what those differences are, but they should be aware that the internal file systems can be a bit different. When asking for help, make sure to let others know which distribution you are running. If you don't have troubles in your system or don't care to set up complex behind-the-scenes operations, don't worry too much about this.
8. CLI, or "how to run"
From the Start-type menu, the xterm program (also called Console) brings you to a Terminal, which looks a bit like a DOS window, but it actually predates and out-powers DOS. This is the Command Line Interface (CLI), the origin of our favorite OS which is present in every Linux distribution. We won't get into the finer details, which can fill books, but the CLI a powerful tool often needed to troubleshoot your computer. If you ask for help on the Internet and someone asks you to run lspci, they want you to start xterm, type lspci, hit enter, and then provide the screen's response.
When you start an xterm, you are your regular user-self with limited powers. To get into Root User mode (see Permissions above) in an xterm, type su [enter], then type the Root password [enter]. Now you have a lot of power so be nice. The Root user can destroy anyone's data, including the system files needed to run Linux. To leave an xterm or su mode, type exit [enter].
9. Ctrl-alt-escape
Clicking the ctrl-alt-escape key combination changes your mouse into an X, skull-and-crossbones, or some other sinister mouse-cursor. In this mode, clicking on a misbehaving or frozen application will kill it. It is similar to the End Process in Windows Task Manager, but use with care. If you don't want to kill anything, use the Esc key to back out of kill mode. Clicking on the wrong program (including the desktop GUI) can cause a serious headache.
10. The Internet is your friend!
Many distros have a User's Forum where questions, answers, and tips are passed around. LinuxQuestions.org is a great site for overall Linux knowledge and help. Remember, before posting questions on any forum, research your questions (both at LQ and on Google) to avoid asking about an issue that may already be solved. Also, check the age of any solution that you find, as old answers may no longer apply to this fast-changing world of Open Source software. When asking a question, be sure to include as much (applicable) information as you can about your system, such as:
* The processor type (Intel or AMD or Apple PPC?)
* Your distribution (SuSE? Debian?)
* The program with which you're having trouble, and
* Any other relevant information.
Keep an open mind
Linux and open-source software have made leaps and bounds in the last few years, but for users coming from the closed world of Windows, the internal workings of Linux may seem foreign. An open mind and a willingness to share knowledge helps the Linux community grow, and we welcome you to our ranks.
Wednesday, January 04, 2006
10 New Year's resolutions for net admins
By Rick Vanover
As 2005 rolls to a close, many IT professionals are deciding what to make a priority in 2006—as well as what to relegate to another burner because the back burner is still full.
Develop security strategies for enterprise wireless networking
Our reluctance to embrace WLANs isn't going to make the issue go away. Now's the time to develop the protections at software and authentication levels, treating the office wireless network like the Internet from the security point of view.
IT professionals, users, and everyone in between can benefit from the wireless workplace. However, we need to accept that yes, our office now extends to Panera Bread. Our task is what can we do to make it secure?
Put a moratorium on buzzwords and phrases
I dread hearing buzzwords and overused phrases as much as any of you. Here are my top three:
What can we do to move forward? How many times have you had meetings that involved too many nontechnical people and that concluded with this statement, which lead to another meeting, which lead to the same conclusion… but yet brought no results?
We don’t have the bandwidth for … Sorry to hear that. I guess this isn’t us asking for such resources, but us telling you that we need such bandwidth. Whether it be staff resources, computing horsepower, or a fat pipe on the LAN, if the case and need are presented well, we need that bandwidth.
There needs to be some accountability… This is the worst. What's funny is that the people (management) who use this term don’t really exact any accountability. It’s a word that's more visible in the early stages of a project. However, it mysteriously stops popping up later on—even when results warrant some accountability!
Make a decision on leasing vs. purchasing IT equipment
Many organizations have blanket rules to lease or purchase IT equipment. A better approach may be a standard set of criteria that's applied to systems during planning to determine their scenario. Consider making a provisioning chart that will help determine whether a system is a candidate for leasing or direct purchase. This will lay forth specific criteria that, depending on your IT climate, will more clearly identify candidates for leasing. Here's a sample system provisioning chart to determine whether a lease is appropriate:
Of course, there are always many factors (like price and money!) that will influence how assets are procured. But a planned implementation with the end in mind (such as a lease return) can simplify the ongoing support of systems, especially as they become more complex.
Avoid 5eCuR1TY & P@sSW0rD Ov3Rk1!!
What's worse than working with your own security requirements? Easy: It's dealing with another party that has security requirements at your level or higher. Sure we’ve got to be secure, but how many times has security locked out an authorized party? I’ve had it happen to mission-critical systems for silly things like a MAC address not authorized to participate on a network (in the case where a secondary system has a different MAC address).
Or how about this complex password requirement: 10 characters, including five special characters and mixed case for the remnants, and use of numbers. The password is: 8$4rR#Z@! . Don’t bother counting, it is that way by design. (Yes, there is a space at the end of the password.) That was fun to troubleshoot after it was assigned.
Really, wouldn’t investments in brute force detection, lowered bad password thresholds, and automated password reset utilities be worthwhile?
Take a stand against the off-brand!
How much time have you spent working with inferior equipment? It can be viewed as pennywise and pound foolish to skimp on the equipment dollars. Using top-tier quality, branded equipment provides a superior support channel for drivers, issues, and spare parts. This applies to servers, networking equipment, PDAs, mobile phones, and even cables and tools.
Great efficiencies can be made by consolidating vendors of equipment (more on that later) as well as gaining a professional appearance by having the equipment represent an extension of the service provided by the technology. Besides, if the equipment fails, this is too easy a point to get burned on.
Make sure you know what you're getting for the money
Price is always important, but remember to consider what you get. For example, on the server platform, analyze items like standard warranties as well as price-per-Gigahertz or -Gigabyte. Of course, we are all dealing with shrinking budgets as well as increased service responsibilities, so price is definitely a factor that will not go away. Sure, an easy solution is to buy up and overprovision systems at the start—but that goes too far. A delicate balance needs to be met.
Recognize that it's time to retire NT
You would be surprised how many installations still have Windows NT Server 4.0 systems running vendor -provided mission-critical applications, legacy Windows domain controllers, and government systems. Some organizations still have it as the standard.
Core support for NT has stopped, and driver support is soon to follow on server-class systems. You can live without service packs—but not drivers.
Reap the benefits of platform standardization
Let’s all take a page from the Southwest Airlines playbook as a good example of how to keep overhead low. By having all equipment, operating systems, and software versions standardized, you'll realize savings. For example, consider the small to midsize enterprise that has a single server platform. This greatly enhances the internal support options. With a single server platform, you can:
• More quickly build a server (standardized process)
• Maintain fewer spare parts or systems (less unused inventory)
• Reduce staff training knowledge requirements (less training expenses)
• Build a higher competency on the standardized platform (better service)
• Manage fewer baseline images, if used (less storage requirements)
For software title and version standardization, a big expense in compatibility testing is reduced to a single instance. Having lower overhead without compromising the result of the IT server is achievable for many organizations. It may be difficult to migrate to a standardized environment across the board (notebook, desktop, server, operating system, productivity suite, etc.), but the long-term benefits are habits of successful organizations. Even if a system is "over-provisioned" to meet the standard, that may be better than an array of oddball systems in the enterprise.
Just say No!
Is it that tough? Well, sometimes it is. The common plight of the IT professional: Here is the functionality, now make it happen. And of course you don’t get any more resources (money).
When using the No! card, be sure to cite business rules, fundamental standards, resource requirements, or other major obstacles to substantiate your decisions. It's difficult to judge when to pull the No! card. IT should use it if they simply can’t do what's requested. The easy answer is to outsource it or contract some help for the task, but even that can warrant the No! card. There's no “Easy Button” in IT, but the No! card can be fun.
Address ownership roles
One of the biggest issues that arises in IT is ownership, specifically for an entire system that has shared use with vendors and many internal departments. For example, take a vendor-provided system that interfaces with operations and IT. Does the vendor own it? Does operations? Does IT? It is mission critical, but no one wants to touch it—at least not when there is an issue.
When systems are incepted, there should be a clear chain of command. IT doesn’t generally want to deal with operational topics, operations doesn’t want to (and usually can’t) deal with IT topics, and the vendor gets frustrated with all the IT groups and operational differences for a system. It's a good investment to get premium support from vendor-provided systems. This keeps IT groups in the best position by having their infrastructure and security topics met, operations dealing with the vendor for support, and the vendor having ultimate ownership of the system—especially if there is an issue! One less fire to deal with.
As 2005 rolls to a close, many IT professionals are deciding what to make a priority in 2006—as well as what to relegate to another burner because the back burner is still full.
Develop security strategies for enterprise wireless networking
Our reluctance to embrace WLANs isn't going to make the issue go away. Now's the time to develop the protections at software and authentication levels, treating the office wireless network like the Internet from the security point of view.
IT professionals, users, and everyone in between can benefit from the wireless workplace. However, we need to accept that yes, our office now extends to Panera Bread. Our task is what can we do to make it secure?
Put a moratorium on buzzwords and phrases
I dread hearing buzzwords and overused phrases as much as any of you. Here are my top three:
What can we do to move forward? How many times have you had meetings that involved too many nontechnical people and that concluded with this statement, which lead to another meeting, which lead to the same conclusion… but yet brought no results?
We don’t have the bandwidth for … Sorry to hear that. I guess this isn’t us asking for such resources, but us telling you that we need such bandwidth. Whether it be staff resources, computing horsepower, or a fat pipe on the LAN, if the case and need are presented well, we need that bandwidth.
There needs to be some accountability… This is the worst. What's funny is that the people (management) who use this term don’t really exact any accountability. It’s a word that's more visible in the early stages of a project. However, it mysteriously stops popping up later on—even when results warrant some accountability!
Make a decision on leasing vs. purchasing IT equipment
Many organizations have blanket rules to lease or purchase IT equipment. A better approach may be a standard set of criteria that's applied to systems during planning to determine their scenario. Consider making a provisioning chart that will help determine whether a system is a candidate for leasing or direct purchase. This will lay forth specific criteria that, depending on your IT climate, will more clearly identify candidates for leasing. Here's a sample system provisioning chart to determine whether a lease is appropriate:
Of course, there are always many factors (like price and money!) that will influence how assets are procured. But a planned implementation with the end in mind (such as a lease return) can simplify the ongoing support of systems, especially as they become more complex.
Avoid 5eCuR1TY & P@sSW0rD Ov3Rk1!!
What's worse than working with your own security requirements? Easy: It's dealing with another party that has security requirements at your level or higher. Sure we’ve got to be secure, but how many times has security locked out an authorized party? I’ve had it happen to mission-critical systems for silly things like a MAC address not authorized to participate on a network (in the case where a secondary system has a different MAC address).
Or how about this complex password requirement: 10 characters, including five special characters and mixed case for the remnants, and use of numbers. The password is: 8$4rR#Z@! . Don’t bother counting, it is that way by design. (Yes, there is a space at the end of the password.) That was fun to troubleshoot after it was assigned.
Really, wouldn’t investments in brute force detection, lowered bad password thresholds, and automated password reset utilities be worthwhile?
Take a stand against the off-brand!
How much time have you spent working with inferior equipment? It can be viewed as pennywise and pound foolish to skimp on the equipment dollars. Using top-tier quality, branded equipment provides a superior support channel for drivers, issues, and spare parts. This applies to servers, networking equipment, PDAs, mobile phones, and even cables and tools.
Great efficiencies can be made by consolidating vendors of equipment (more on that later) as well as gaining a professional appearance by having the equipment represent an extension of the service provided by the technology. Besides, if the equipment fails, this is too easy a point to get burned on.
Make sure you know what you're getting for the money
Price is always important, but remember to consider what you get. For example, on the server platform, analyze items like standard warranties as well as price-per-Gigahertz or -Gigabyte. Of course, we are all dealing with shrinking budgets as well as increased service responsibilities, so price is definitely a factor that will not go away. Sure, an easy solution is to buy up and overprovision systems at the start—but that goes too far. A delicate balance needs to be met.
Recognize that it's time to retire NT
You would be surprised how many installations still have Windows NT Server 4.0 systems running vendor -provided mission-critical applications, legacy Windows domain controllers, and government systems. Some organizations still have it as the standard.
Core support for NT has stopped, and driver support is soon to follow on server-class systems. You can live without service packs—but not drivers.
Reap the benefits of platform standardization
Let’s all take a page from the Southwest Airlines playbook as a good example of how to keep overhead low. By having all equipment, operating systems, and software versions standardized, you'll realize savings. For example, consider the small to midsize enterprise that has a single server platform. This greatly enhances the internal support options. With a single server platform, you can:
• More quickly build a server (standardized process)
• Maintain fewer spare parts or systems (less unused inventory)
• Reduce staff training knowledge requirements (less training expenses)
• Build a higher competency on the standardized platform (better service)
• Manage fewer baseline images, if used (less storage requirements)
For software title and version standardization, a big expense in compatibility testing is reduced to a single instance. Having lower overhead without compromising the result of the IT server is achievable for many organizations. It may be difficult to migrate to a standardized environment across the board (notebook, desktop, server, operating system, productivity suite, etc.), but the long-term benefits are habits of successful organizations. Even if a system is "over-provisioned" to meet the standard, that may be better than an array of oddball systems in the enterprise.
Just say No!
Is it that tough? Well, sometimes it is. The common plight of the IT professional: Here is the functionality, now make it happen. And of course you don’t get any more resources (money).
When using the No! card, be sure to cite business rules, fundamental standards, resource requirements, or other major obstacles to substantiate your decisions. It's difficult to judge when to pull the No! card. IT should use it if they simply can’t do what's requested. The easy answer is to outsource it or contract some help for the task, but even that can warrant the No! card. There's no “Easy Button” in IT, but the No! card can be fun.
Address ownership roles
One of the biggest issues that arises in IT is ownership, specifically for an entire system that has shared use with vendors and many internal departments. For example, take a vendor-provided system that interfaces with operations and IT. Does the vendor own it? Does operations? Does IT? It is mission critical, but no one wants to touch it—at least not when there is an issue.
When systems are incepted, there should be a clear chain of command. IT doesn’t generally want to deal with operational topics, operations doesn’t want to (and usually can’t) deal with IT topics, and the vendor gets frustrated with all the IT groups and operational differences for a system. It's a good investment to get premium support from vendor-provided systems. This keeps IT groups in the best position by having their infrastructure and security topics met, operations dealing with the vendor for support, and the vendor having ultimate ownership of the system—especially if there is an issue! One less fire to deal with.
Tuesday, January 03, 2006
Third of January, 2006
Qoute for the day
Fear is the path to the dark side.
Fear leads to anger.
Anger leads to hate.
Hate leads to suffering.
today ..i miss somebody ...but she didn't contact me at all ..huhu
but i believe ..patience is all i have ..and being patience is a bless ..but there's limit for it ...
Fear is the path to the dark side.
Fear leads to anger.
Anger leads to hate.
Hate leads to suffering.
today ..i miss somebody ...but she didn't contact me at all ..huhu
but i believe ..patience is all i have ..and being patience is a bless ..but there's limit for it ...
Sunday, January 01, 2006
laws of geek
the ten laws of geek
so, you want to be an elite hacker, huh? why not? geeks are a very interesting specimen. the following are what i believe to be ten of the most popular geek laws, un-written laws, mind you (until now).
i. thou shalt not syn (synchronize), only ack (acknowledge).
geeks are typically known as quiet, reserved people. therefore the first step to becoming a geek is to stfu (shut the f--- up) and start paying attention.
ii. thou shalt have seen the movie "hackers" and knoweth it well.
i have never met a geek in my life that hasn't seen this movie. it's quite an exaggeration on real life, but is a classic none the less. it is not uncommon to hear quotes from this movie in everyday geek conversation.
iii. thou shalt rtfm (read the f---ing manual) before asking questions.
nothing is more annoying than someone who just wants the solution to a problem when the answer can be located in the most obvious place. always attempt to learn for yourself. show a little effort.
iv. thou shalt help guide those who seek answers, so long as they have complied with law three.
with respect to the open-source state of mind, always share information with those who are curious; don't hide it.
v. thou shalt not discriminate against nationality, skin color, sex, age, mental hindrances, physical flaws, sexual preferences, religious beliefs, personal taste in appearance, or music (w/ the exception of metallica).
discriminating against anything other than someone's annoying personality is simply ignorant. the band metallica is known amongst geeks for their dispute against napster, a file sharing program allowing you to download and freely share music. as far as i am concerned, music was meant to be free. i can understand having people pay to be entertained at a live concert or for merchandise, but people have always been sharing music (they always will) and trying to stop them now just because "everyone" is doing it is pretty arrogant. i don't care how passionate you are, it's not a job; it is a form of expression. i'm sure there are a lot of musicians/radio stations out there who will disagree with me and you're welcome to your own opinion on this. just don't be surprised if you're looked down upon for liking or even listening to bands that share your opinion, especially metallica.
vi. thou shalt not place thyself above thine fellow geeks within the geek chain; thou canst only lower thyself. only via election canst thy rank be promoted, and thou art otherwise equal.
nobody likes a cocky individual, and geeks are very respectful to one another regarding this issue. always realize that there is someone out there who is smarter than you. once u reach a certain level of education, other geeks will naturally grow more respectful of you, as if they instinctively sense ur a valuable resource.
vii. with respect to the sixth law, thou mayeth challenge the credibility of any self-proclaimed geek, and so mayeth thou invoke the power of the sixth law to deduct geek points from anyone who questions basic geek knowledge.
a lot of people call themselves a hacker when they're not, such as script-kiddies. there is no harm in a friendly duel to see whether or not someone is full of bs (bull sh--). losing geek points, for the record, does not make you more of a geek; it is not a good thing.
viii. thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.
hey, it is not your computer's fault that you made it run crappy. get with it or get off it. you certainly don't want to trade your every keystroke over to a geek to fix it for you, do you?
ix. thou shalt help to preserve history, ensure the protection of thine individual rights, and keep information free.
this also has to do with the open-source state of mind and the freedom of information. history (and the truth) is as important as much as it can be boring. at archive.org you can actually look up websites that don't exist anymore, kind of like a digital library. it is a very useful geek tool, especially for web developers who forgot to make a backup of their data before neglecting to pay their hosting bill.
x. thou shalt refrain from using thine geek powers for malicious purposes unless upon thyself, within a tolerated environment, or to fend off malicious invasions.
hackers are like jedis, crackers are like the sith: do not fall prey to the dark side. if you have no idea what i'm talking about, go watch the star wars movies.
there are many other laws which you will come to learn over time, but the preceding each deserves special notice.
so, you want to be an elite hacker, huh? why not? geeks are a very interesting specimen. the following are what i believe to be ten of the most popular geek laws, un-written laws, mind you (until now).
i. thou shalt not syn (synchronize), only ack (acknowledge).
geeks are typically known as quiet, reserved people. therefore the first step to becoming a geek is to stfu (shut the f--- up) and start paying attention.
ii. thou shalt have seen the movie "hackers" and knoweth it well.
i have never met a geek in my life that hasn't seen this movie. it's quite an exaggeration on real life, but is a classic none the less. it is not uncommon to hear quotes from this movie in everyday geek conversation.
iii. thou shalt rtfm (read the f---ing manual) before asking questions.
nothing is more annoying than someone who just wants the solution to a problem when the answer can be located in the most obvious place. always attempt to learn for yourself. show a little effort.
iv. thou shalt help guide those who seek answers, so long as they have complied with law three.
with respect to the open-source state of mind, always share information with those who are curious; don't hide it.
v. thou shalt not discriminate against nationality, skin color, sex, age, mental hindrances, physical flaws, sexual preferences, religious beliefs, personal taste in appearance, or music (w/ the exception of metallica).
discriminating against anything other than someone's annoying personality is simply ignorant. the band metallica is known amongst geeks for their dispute against napster, a file sharing program allowing you to download and freely share music. as far as i am concerned, music was meant to be free. i can understand having people pay to be entertained at a live concert or for merchandise, but people have always been sharing music (they always will) and trying to stop them now just because "everyone" is doing it is pretty arrogant. i don't care how passionate you are, it's not a job; it is a form of expression. i'm sure there are a lot of musicians/radio stations out there who will disagree with me and you're welcome to your own opinion on this. just don't be surprised if you're looked down upon for liking or even listening to bands that share your opinion, especially metallica.
vi. thou shalt not place thyself above thine fellow geeks within the geek chain; thou canst only lower thyself. only via election canst thy rank be promoted, and thou art otherwise equal.
nobody likes a cocky individual, and geeks are very respectful to one another regarding this issue. always realize that there is someone out there who is smarter than you. once u reach a certain level of education, other geeks will naturally grow more respectful of you, as if they instinctively sense ur a valuable resource.
vii. with respect to the sixth law, thou mayeth challenge the credibility of any self-proclaimed geek, and so mayeth thou invoke the power of the sixth law to deduct geek points from anyone who questions basic geek knowledge.
a lot of people call themselves a hacker when they're not, such as script-kiddies. there is no harm in a friendly duel to see whether or not someone is full of bs (bull sh--). losing geek points, for the record, does not make you more of a geek; it is not a good thing.
viii. thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.
hey, it is not your computer's fault that you made it run crappy. get with it or get off it. you certainly don't want to trade your every keystroke over to a geek to fix it for you, do you?
ix. thou shalt help to preserve history, ensure the protection of thine individual rights, and keep information free.
this also has to do with the open-source state of mind and the freedom of information. history (and the truth) is as important as much as it can be boring. at archive.org you can actually look up websites that don't exist anymore, kind of like a digital library. it is a very useful geek tool, especially for web developers who forgot to make a backup of their data before neglecting to pay their hosting bill.
x. thou shalt refrain from using thine geek powers for malicious purposes unless upon thyself, within a tolerated environment, or to fend off malicious invasions.
hackers are like jedis, crackers are like the sith: do not fall prey to the dark side. if you have no idea what i'm talking about, go watch the star wars movies.
there are many other laws which you will come to learn over time, but the preceding each deserves special notice.
New Year 2006
This year is "harvest" year for me ..hehe ..maybe some of u know what is it ..huhu
insya Allah ..i will try to strive for more ...more than previous year i did before ..
so many things i did in year 2005...huhu
frankly speaking ..i'm not a great guy ..but i will try and try and try, to achieve my vision, mission and excel.
thanks for your support, guys ..including ppl which is not stated here
Nan
Azwan
Amri
Amanyus
Rohanie
Aku_min
cik yan
Pisang
Nazri
insya Allah ..i will try to strive for more ...more than previous year i did before ..
so many things i did in year 2005...huhu
frankly speaking ..i'm not a great guy ..but i will try and try and try, to achieve my vision, mission and excel.
thanks for your support, guys ..including ppl which is not stated here
Nan
Azwan
Amri
Amanyus
Rohanie
Aku_min
cik yan
Pisang
Nazri
Subscribe to:
Posts (Atom)
