Central Management: Worth I.T. or Not?

I’ve always been one to dislike central management systems. Monitoring systems are nice. If there wasn’t a central system to maintain servers it would make life a lot more busy. However, if you have a cluster and you decide to manage all the slaves, as well as the master, via control panel only, there’s one major flaw about this. That is…

Continued »

BrowserID Response

Yesterday, I wrote an article on Mozilla’s new BrowserID (aptly titled, “BrowserID“). When I woke up in the morning, someone on Twitter had responded to my Tweet announcing the post by basically saying that there isn’t two factor authentication involved (yet), and that most people do have JavaScript enabled. Click continue to find out why this strangely bothers me…

Continued »

BrowserID

Browsing through various articles, there was one on Linux.com that caught my eye. It talked about Mozilla’s new “security feature” that is meant to, what seems like, take over the (rather limited) market that OpenID has created. Granted, it doesn’t directly take aim at it, but is the best way to describe its purpose in the world. Not to mention, they are calling it BrowserID. If you’re wondering what makes this any different, please continue. Continued »

Distro Review: OpenSUSE 11.4 (1/2)

For the better part of two years now, I’ve been looking at various flavors of Linux, trying to see which one(s) are right for my needs.  For servers, I stopped after finding Arch Linux, as it gave me the freedom to use as much of my resources as possible, without the overhead of a GUI and such.  Desktop wise, I’ve been searching since 2005, when I first ventured into Knoppix and the like.  While I’m not going to review every distro I’ve used, or will use, there are some great things about OpenSUSE I would like to address.

Continued »

Improved Network Security

With Linux 3.0 coming up around the corner, I thought it would be good to discuss some (possible) future improvements and additions to the kernel.  While this is already in the 2.8 branch (which was created before the official 3.0 was announced), it’ll be interesting to see what is carried over.  One of the first things that caught my eyes was not so much a new feature, but a plugin that’s becoming a standard inside of the kernel itself, IPSets. Continued »

Encryption Strengths

There’s a lot of talk saying that you need to use at least 1024-bit keys for encryption to be beneficial now, due to the power of technology and what’s been developed. While I agree that the lower the bit strength, the easier it CAN be to break, I do not think there’s a set “standard” of sorts of what’s too weak or strong, and here’s why.

Continued »

I.T.: Meet, the Cloud

For a while now, I’ve been trying to think of what to write about on here. There’s the “new” Linux 3.0 kernel coming out later this year, but everyone’s already jumped on that bandwagon and rode it to high heaven. Lulzsec has broken up, but DDoS’ing is not considered a hack to me, just more of using a flaw in 20+ year old technology that’s only finally being fixed. There’s Cisco’s event going on right now, but personally I don’t really follow Cisco, and if I don’t enjoy what I’m writing about, it’s going to sound quite bland and boring.

Instead, I’m going to focus on the cloud again, but this time, with a little twist. As I’m sure quite a few people have heard (or even been apart of by now), Google released Google+, their social media network to fight Facebook. Being skeptical about this since Google’s problems with Buzz, I wasn’t expecting much. While I’m not going to write a review on Google+ (which, again, has been rode to high heaven), I will say this: Google is continuing what Facebook started.

What does this have to do with “the cloud”, and all that its bringing to the table, you ask? The cloud is like social media. It’s huge, a lot of people are flocking to it, creating all this buzz, and experiencing great technology. However, people are stuck in serious tunnel vision, in that they don’t see the flaws it present people as well.

There’s a fine line, especially in I.T., that seperates dependence and obsession. Everyone is dependent on I.T., social media, and to a lesser extent the cloud. All of Google’s services are (if not already) migrating to a pure cloud form, and so are many other services (i.e.: Dropbox). However, when we become so obsessed over technology, that it starts to consume the way we even think and behave, it gets to be a bit too much.

I’m not sure how many people who will read this will recall the movie “Anti-Trust”, but a movie that was made in the mid to late 1990′s is what we’re living in now. Every company is trying to create the next N.U.R.V., and develop an awesome Synapse. That’s awesome, I personally love having everything in a central location…especially considering I’m not the most organized person. However, are we really willing to give up our freedoms and security for what the cloud (i.e.: social networking) has to offer?

When it comes to websites such as Facebook, Google+, Twitter, etc… they give people a false sense of security. The content you post is only yours until someone else deems it unacceptable. Similar to the cloud, users can (if they have access to your files) report the file for being unacceptable, or otherwise breaking a terms of service.

Also, think about when the service goes down. The cloud is nothing more than RAID-0 for the Internet. The data is replicated across servers to ease the load balancing (which, unfortunately, RAID doesn’t do). While social media can’t act in the same manner, they tend to use the same technology. Which, this is genius when you look at it in the general scheme of things. When RAID fails, unless you’re lucky enough to notice the failure quickly, data across all the drives are going to be corrupted and lost (which you better hope at this point you have backups or the I.T. fellas are having a good day and you can recover data). Ultimately, storing data is not safe, nor secure. If it doesn’t get erased, there’s still no telling what its actually being used for.

Fetching real available memory

When running “free -m”, I would see my “Free” memory go down further, even after closing out programs and such. While I didn’t know why this was before (but knew that free also involved disk caching), I looked into it and saw that basically the “-/+ buffers” line was your actual used and free memory statistics. In short, so I don’t start making this mistake again, I wrote the following Bash script (yes, Bash and awk are my weapons of choice when scripting). Continued »

MongoDB PAM Module

I waited for a little bit to post this, but I recently ventured into the realm of writing PAM modules, and my first project has been finished. This is a MongoDB authentication module. In short, it allows you to authenticate users to a MongoDB database that the user has access to (for added security, the user should have read-only access to the database). This module requires libmongo-client, libpam, gcc and ld to compile (the last three should be on every system that allows for compiling programs). This module is written in strict C, and compiles without warnings. I’ve written a good how-to and such on GitHub, with the project officially supported by Zorveo (both links at the bottom of this post). Once you have libmongo-client downloaded and installed, set up is very quite easy. More modules will be released in the future as well.

Before asking for support, please read the README file on GitHub, as it was written to be as extensive as possible.

GitHub: https://www.github.com/ehzor/pam_mongodb/
Zorveo: http://www.zorveo.com/research/pam-mongodb

New checksum method

I got an interesting article in my inbox today in regards to using extended attributes to create checksums. While I don’t know if this will pick up to be a de facto standard way of distributing checksums, this is definitely a step in the right direction. Continued »