Slashdot Mirror

In contrast, USENIX is actual security technology. Take the tutorials for in-depth learning on important issues, and the technical sessions for cutting-edge practical security research. We have a paper this year on the LSM (Linux Security Modules) project.

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

• Plan 9 security
• How to 0wn the Internet in your spare time
• Felten presents SDMI Research last year

People have mentioned ACM codes of ethics, and ICCM codes of ethics, but there is an actual code of ethics designed for and by sysadmins: http://www.usenix.org/sage/publications/code_of_et hics.html

It's always been a problem with the magnetic techniques of hard drives to actually erase data. Even after formatting and overwriting, you can still read old bits because of the inprecision in the writing techniques (see this article). Would this eliminate such a threat?

You are probably using the wrong job descriptions when hiring.
Try these. You probably have a bunch of "Novices". I would fire the lot of them. In this job market, good people are easy to find.

As I commented above, just because you have senior people doesn't make it cost effective to manage a network of multiple flavors of UNIX. There are issues (mainly duplication of effort) which are independant of sysadmin skill.

• Medicine is a field which requires certification. Writing code is not a profession in that sense. There is no body analagous to the American Medical Association or the IEEE that regulates best practices, standards,ethics. There is no journal of the American Coders Association
• Certification is a tricky business for technical, rapidly changing fields; any sysadmin aware of the SAGE Certification program should know about the long, hard road to determining what makes a certified sysadmin.
• Most coders don't even participate in the Association for Computer Machinery, the first computer professional organization.
• The low barriers to entry for coders make regualtion damn near impossible. It's a lot like the repeated attempts to unionize sex workers: there's always another eighteen year old waiting in the wings to take the work and do a miserable job. I have way more respect for the average sex worker than coders - competetion makes them good at what they do. Most coders get paid either way. But that's a different rant.
• Who determines the public good? This is ostensibly the work of the government, but occasionally falls to non-governmental organizations like the AMA. This is not a job for the self-righteous /. community. Is spyware harmful? I think so, but most people either aren't aware or are indifferent. This isn't a technocracy, which despite what some readers might think is a good thing - technical people can't govern any better than anyone else, and frequently do worse.

• Nice idea, but you can't get there from here.

  Some days it's horribly obvious that too many /. readers really don't know any serious computer professionals. These aren't new issues, but they've never been brought to the attention of this community.

People are going to learn what they needed to learn. Let them contribute to the material, in someplace where everyone can follow.

The World Wide Web was supposed to be writable; there are (at least) a couple of ways to make it so. One is to set up a Faq-o-matic (see also here); it lets people post questions and their answers. Another is to install a Wiki (link to the definitive book on the subject, proceeds help support the original Wiki). A Wiki is hard to describe; it's kind of a mix between a Web site and a graffiti wall. There are dozens of implementations and hundreds of installations; for example, here is one trying to build a (GFDL-licensed) online encyclopedia (and here is a page describing how to add to or modify the content there).

These aren't complete solutions, but they should provide good supplements.

People are going to learn what they needed to learn. Let them contribute to the material, in someplace where everyone can follow.

The World Wide Web was supposed to be writable; there are (at least) a couple of ways to make it so. One is to set up a Faq-o-matic (see also here); it lets people post questions and their answers. Another is to install a Wiki (link to the definitive book on the subject, proceeds help support the original Wiki). A Wiki is hard to describe; it's kind of a mix between a Web site and a graffiti wall. There are dozens of implementations and hundreds of installations; for example, here is one trying to build a (GFDL-licensed) online encyclopedia (and here is a page describing how to add to or modify the content there).

These aren't complete solutions, but they should provide good supplements.

See Robert Morris's presentation (6+MB PDF) from the USENIX File and Storage Technologies conference. The videos of the invited talks are also worth watching (if you can afford the b/width to get them).

See Robert Morris's presentation (6+MB PDF) from the USENIX File and Storage Technologies conference. The videos of the invited talks are also worth watching (if you can afford the b/width to get them).

I agree with you to a certain extent that not a whole lot can be done about the DoS problem. But that's not to say that nothing is being done.

Here's a few links to 'recent' publications on the issue.

MULTOPS: a data-structure for bandwidth attack detection

CenterTrack: An IP Overlay Network for Tracking DoS Floods

The Packetstorm DOS paper contest

(You may need to be a USENIX member for the first two. I didn't check. Sorry)

I agree with you to a certain extent that not a whole lot can be done about the DoS problem. But that's not to say that nothing is being done.

Here's a few links to 'recent' publications on the issue.

MULTOPS: a data-structure for bandwidth attack detection

CenterTrack: An IP Overlay Network for Tracking DoS Floods

The Packetstorm DOS paper contest

(You may need to be a USENIX member for the first two. I didn't check. Sorry)

> Come back up immediately after an unclean shutdown, but have a background task sucking up IO bandwidth for an hour or three.

FFS fsck's quite fast, actually. As for sucking up IO; background fsck can be ran at a higher nice value.

IO operations for niced tasks are reduced in favour of other tasks competing for IO; so, you *could* have fsck running for hours if your system's doing a lot of IO and fsck is running at a nice of +20, but you're unlikely to notice it on anything but an accurate IO benchmark.

See Running "fsck" in the Background, section 7.

More importantly, what exactly is Microsoft so "guilty" of in this situation (I assume Red Hat is bitching about the Kerberos extensions). Read this article by Theodore Ts'o, one of the Kerberos developers at MIT. Microsoft changed its Kerberos extension in response to feedback on its initial design. Now it is true that it did not document the extension fully, but if you think about that article, Ts'o is really saying that Microsoft is not doing a good enough job of embracing and extending...because if Microsoft documented its NT PAC, they would have eagerly helped make it a standard.

Anyway, what Microsoft is doing with Kerberos is perfectly legal and allowed by the standard. Sure it might hurt Red Hat -- so what? Red Hat is a competitor of Microsoft!! It's not clear what Red Hat really wants from this case. Would they be happy with anything less than Microsoft going open source, releasing all their intellectual property, and a government guarantee of X% market share for Linux? If so, they are dreaming and I have little sympathy for them.

- adam

Microsoft also announced a UNIX compatibility toolkit, based on MKS-UNIX tools for Windows. The toolkit includes MKS's version of the Korn shell, which prompted a gray-haired man, wearing a T-shirt with his own name on it, to stand up and approach a microphone. This person began to explain to the Microsofties that the MKS Korn shell was not compliant with even half the specifications in the two books published so people can write compliant Korn shells. The Microsoft engineer attempted to argue that their Korn shell was compliant, until someone pointed out that the man he was facing was Dave Korn.

Slideshow: http://www.usenix.org/events/usenix-win2000/invite dtalks/lucovsky_html/.

In there, you'll learn 'NT' was related to the first proc it was targeted to, the 860 of intel, codenamed 'N10', plus some juicy stuff about the development of NT3.1 and win2k, and some related notes to Unix and NT.

How can this article ignore two of the most important certifications on the market right now, LPI and cSAGE??

They're both platform-independent, they're both psychometrically valid, and they're both of paramount importance to anyone looking to run computer infrastructures that include *nix systems.

cSAGE is an entry-level exam designed to certify competence in the practice of systems administration, and it was developed by the community, just like LPI (in cSAGE's case, it was developed by the community of systems administrators and the folks at USENIX and SAGE - The Systems Administrators Guild.

Isn't everyone tired of taking exams designed to test your ability to memorize trivia about a vendor's products? Why would you want yet another certification just because vendor $FOO has cranked out a new version of their widget? Wouldn't you rather have certifications that are designed to qualify your ability to do your job, rather than your ability to memorize?

That's exactly what cSAGE is all about.

Or get the whole pdf (652kB) from usenix -- it's easier to add that to my library than the html. Thanks for a great link!

sounds more like a job for venti

the block level file server, blocks are hashed before storage, if the hash is already present no disk write need take place so duplicated data in the namespace doesn't duplicate data in the file store.

And that's just one feature.

the horse's mouth

I used to write large-scale multithreaded network servers, where somthing like three to four hundred threads could be running at any given moment inside the server. Java's class library made this really quite easy, and it's syntax is pleasant enough to work with.

They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.

They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.

• 114 moderator-approved posts to securityfocus.com mailing lists.
• 48 publications and citations to our work on the USENIX site.
• I served on the USENIX Security 1999 program committee.
• I was the publicity chair for the New Security Paradigms Workshop for three years.
• My first post to the Linux Security Audit Project in 1998.

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Available for purchase

You can learn a bit more about these results from our short paper (PDF) just presented at FAST, or wait for the June Usenix conference to see a longer paper.

Some of you may disagree with me, but Sun has contriubuted a lot to the OpenSource community. They have programmers working on the Mozilla, GNOME and most especially OpenOffice projects.

A few posts have mentioned the idea of wiping your disks mutiple times to safely get rid of data.

For a more complete and viable explanation of this method check out the following paper published on this subject here

I'd really love to see better Ogg support tied into the iPod & iTunes myself.

I ripped 150 CD's into Ogg format early in this year from my FreeBSD box, and threw myself into the Ogg format totally.. hacking up a nice multi-queue ripper/encoder, and going at it. I was unhappy with how slow the Ogg encoder was (it was 0.7 at the time I believe), and artifacts that came onto some albums (Junkie XL comes to mind). I still dealt with it happily. When it came time to move from FreeBSD to MacOS X as my desktop, I simply began to use Audion as my

Then, I get an iPod. This throws my world upside down. Suddenly, everything I had ripped is useless. So, I begin re-ripping with iTunes. I don't care for iTunes for a player, but it's a DAMNED nice ripper/encoder for my albums. It's simultaneous rip/encode process means I can take a CD from insert to rip to encode to eject in 4 minutes (if I'm lucky and I score a 15X encode/rip time).. With it's auto-encode-on-insert and auto-eject-when-done modes, it makes it a real factory process.

Apple is making a very big deal about moving everything it can to a standards based form.. While Ogg is not really a standard, it'd be really nice if a future iPod firmware update would support Ogg's, being a first for a *publically available* portable audio device supporting Ogg.. it'd be keen, wouldn't it? :) Of course, it wouldn't actually be Apple doing it, since Pixo actually took care of this part of the software design I believe. A little strong-arming never hurt anyone though.

That and then I could theoretically store more albums on my little angel. I am worried about the extra firmware bloat on the iPod though. It's very saddening for me to say I won't ever go to Ogg's till my iPod has support for it now.. but we can keep on dreaming, can't we?

A better set of functions to use is the strl* functions invented by OpenBSD's Todd Miller.

Theo included a good link in his interview...

I just finished reading it and it is some wonderful information. Seriously, everybody who runs any of the BSDs or Linux should read this paper. It will give you a much deeper understanding of what's going on and why, and this will lead to better choices when you configure your next box (or maintain those you're running right now). As always, reliable operation of any machine (be it a computer, a car, or a nuclear power plant) depends heavily on knowledgeable use and proper maintainence.

Oh well.

• The article given does some comparisons:
  http://www.usenix.org/publications/library/proceed ings/usenix2000/general/full_papers/seltzer/seltze r_html/index.html

• Then we have the Matt Dillon Interview, where Soft Updates covered as well (point 3):
  http://www.osnews.com/story.php?news_id=153

• Here is a nice french article:
  http://www.freebsd-fr.org/docs/fr/others/systeme-f ichier/

• And this is a series of articles on file systems:
  http://www-106.ibm.com/developerworks/linux/librar y/l-fs7/

• This is the original FFS paper:
  http://docs.freebsd.org/44doc/smm/05.fastfs/paper. html

AES/Rijndael, which is a good algorithm.

2) Is a standard cipher used *correctly*? (e.g., no ECB mode!)

It encrypts the file offset and a per-file IV, XORs this with the plaintext, and then encrypts again. Thus the same block encrypts differently if it appears in two different files or at two different locations in the same file.

3) Does the same data in two blocks encrypt to the same ciphertext? If not, how are you randomizing them? What happens if you copy an encrypted FS from one media to another, e.g., via backups?

Same data encrypts differently, as described above. The IV is stored within the file itself. There is a 512-byte space overhead, but you can safely copy encrypted directories to back them up, etc.

4) How do you detect an incorrect encryption key?

There is redundancy in encrypted file names, so if you type the wrong passphrase you won't see any files. (Or you could have multiple passphrases for an encrypted directory, and see different files depending on which you typed.)

The system was described in a Usenix paper on user-level file systems last year (actually won best paper award).

But they don't own USENIX.

Has any open source company ever turned an actuall profit?

Sleepycat Software (makes of Berkeley DB) has maintained a profitable business based on open source since 1996. Cygnus Support (gcc, gdb) was profitable from its founding in 1989 through being purchased by Red Hat. Aladdin Systems (Ghostscript) made enough money for the author to retire.

Sleepcat Software's open source Berkeley DB has "been profitable since inception" in 1996

Using multiple licensing models L. Peter Deutsch is able to provide Ghostscript under the GPL and make enough money to retire.

Cygnus Support (now part of Red Hat), was founded in 1989 and was "profitable, increasingly profitable, every single year" before the Red Hat buyout.

It's very unconvential, O'Reilly must be happy enough with sales of books to pay Larry Wall to keep developing Perl.

Open Source works. Maybe not as well as VA Linu... erm... Systems wants it to, but it does.

Why should we explain it when this and this do it so much better? Are you trolling, or can you educate yourself?

Market

Funding

Maturity

Facilities

Common facilities

Personal facilities

Remote facilities

Miscellaneous

Existing IT implementation

Redundancy/reliability/quality

Facilities

Due diligence

In-house authored documentation

Standardization

Support

Resources to support IT

Budget

Politics

Managerial philosophy/expectations

Technological bias

Fiscal realism

User management

Techies as "super glue"

Managerial style

Mid-level/Senior Techie management

User management

Proactive management

Micromanagement

Miscellaneous

Human Resources

Benefits

Legal

Policies

Miscellaneous

This "Systems Administration Survival Guide" questionnaire is currently at version 2.0 as a Microsoft Excel spreadsheet. I will email a copy FOR FREE to anyone who wants it. Send your requests here. Don't forget to remove the "removethispart" from the email address. It's an anti-spam measure.

I've personally found every job I've ever had from just meeting people in the hallway at that conference. The "hallway track" is the most important thing, because you get to rub elbows with Eric Allman, Tom Christiansen, Aeleen Frisch, Paul Vixie, etc.--you can ask them questions and get the real dirt rather than just speculating with your friends and coworkers. There are three days of tutorials where these same experts teach about sendmail, perl, dns, security, etc. And then there's three days of invited talks and papers, too!

It's in San Diego the first week of December this year. You can read about it here.

I've personally found every job I've ever had from just meeting people in the hallway at LISA. The "hallway track" is the most important thing, because you get to rub elbows with Eric Allman, Tom Christiansen, Aeleen Frisch, Paul Vixie, etc.--you can ask them questions and get the real dirt rather than just speculating with your friends and coworkers. Those same experts give all-day tutorials for three days teaching about Sendmail, DNS, sysadmin, security, etc. And then there are three days of papers and talks!

It's in San Diego the first week of December this year. You can read about it here.

(In the interest of disclosure I should say that I'm involved with SAGE, one of the co-sponsors of LISA.)

-jhp

If you're trying to get someone to move away from VSS, and are looking for more opinions on it (I haven't seen any actual *facts* yet, but there are plenty of opinions), a reasonably respected one would probably be Joel Spolsky's (from Joel on Software). He was the Microsoft "Program Manager" from VBA (the version of Visual Basic that Office uses for scripting).

Basically, MS doesn't use it internally - they don't trust it. Apparently they use a lot of their own stuff in development (for example -- Joel was on the Excel team, and they all used Excel for project planning, and added in project planning features, making it reasonably good for development planning. Here are the details). For NT (-> 2K -> XP) they used something called SLM, which was replaced by something else. Here's a USENIX paper on it.

His company has a bug tracking system ("FogBUGZ") too, and if you buy a site license ($1995) -- which covers the whole project team -- you get the source and are allowed to modify it and use your modified versions internally. See here for more info. It doesn't integrate with VSS, unfortunately ;-)

There are also significant differences in the boot procedure (one of the things that I prefer about SysV). BSD has one file (script) per runlevel. SysV has one script per service, organized in 1 directory per runlevel. Want to stop a service in sysv? ' stop'.

FYI, NetBSD has the script per-service (incl ' stop', and ' status') scheme. FreeBSD is experimenting with it as well (but have not decided for sure if they should adopt it). There is a Usenix paper about it, try the 2001 procedings.

Neither has the concept of runlevels though, other then single-user and multi-user that is.

Soft Updates holds the promise of providing stronger reliability guarantees than journaling, with faster recovery and superior performance

journaling alone is not sufficient to "solve" the meta-data update problem.

Rick Rashid was the principal investigator of the CMU Mach Project, which means the grant requests were filed under his aegis as a professor at CMU; it does not mean that he was the principal systems architect. He went to work for Microsoft Research.

Avadis Tevanian was one of the graduate students on the Mach project, but his name figured prominently in most of the papers given at various USENIX Technical Conferences (after the PI's name, of course!). He went to work for NeXT, and is now CTO at Apple Computer.

Microsoft doesn't get all the good people. They don't even end up with most of the good people.

The "secret APIs" are not a rumor. Notice the dates on these references, the secret APIs have been in NT all along.

• Using the NT API for file I/O
  
• Inside the Native API
  
• Do you need source? - go down the page about a third of the way: The conclusion was that Vogels's group used source code only as documentation (there is no other documentation for NT), examples, and to understand the behavior of NT. It turned out to be useful for debugging, and it led to the discovery of interesting APIs that are not documented or available in Win32.
  
• Inside Windows NT Disk Defragmenting - MSFT gave one company access to the defragmenting APIs, and never bothered to document them to anyone else.
  

MSFT hasn't hesitated to use the secret APIs either. From the July 10 InternetWeek: Microsoft has historically achieved market dominance by controlling APIs and forcing competitors to write software to Microsoft's APIs, then changing the APIs. "Instead of satisfying their own customers' demand, competitors are busy catching up with Microsoft," said IDC analyst Dan Kusnetzky.

From the October 8, 1998 NY Times: And Microsoft, the people added, did what it has always denied it does -- used access to its technology as a powerful lever in business negotiations, by offering Netscape preferential access to the Windows "application program interfaces," or A.P.I.'s, the links that enable other companies' programs to run smoothly on the Windows operating system. By turning down the deal, Netscape, they say, would not have that preferred access to Microsoft technology -- a threat that Microsoft fiercely denies making.

Think about it - can you, using only Win32, write all of the stuff that MSFT provides with NT/W2k? No. Clearly, MSFT keeps APIs to themselves. MSFT wants to allow itself the latitude to write faster, more functional programs than the ordinary developers can write. MSFT has proven time and time again that it will use secret APIs to its own advantage, or to the advantage of selected partners (Executive Software, for example). This practice is certainly bad for the consumer. Secret APIs raise the cost of entry into the NT system software market, which will keep out competitors, raise prices, and reduce choice.

As a side note, Greg Bear is also scheduled to be the Keynote Speaker at this year's LISA conference in San Diego. The speech is titled "Slime vs. Silicon--Life's a Bitch, But Would You Want to Be a Computer?" -- sounds like great fun :)

Don't sort through 300 random Slashdot trolls. Join the System Administrators Guild and get their booklet on Hiring System Administrators. That should answer all your questions in one hit.

Ade_
/

Don't sort through 300 random Slashdot trolls. Join the System Administrators Guild and get their booklet on Hiring System Administrators. That should answer all your questions in one hit.

Ade_
/

For a fairly exhaustive paper regarding the secure deletion of data, see the Gutmann paper on USENIX.

Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann

This covers a series of 22 overwrite patterns that are formulated to ensure proper destruction of any trace information on RLL- and MFM-encoded hard drives. It goes into some detail about the ways electron microscopy may be used to recollect trace information. Other patterns exist, and I'm expecting the DoD or NSA has even more rigorous schemes.

Unfortunately, raw degaussing of a whole hard drive device often disables the device's ability to operate in the future, or is not strong enough to ensure the destruction of the data.

It would be nice, though, if Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems were made available to everyone, not just Usenix members.

Sorry, forgot it is less then a year old. Try the 1999 paper Soft Updates: A Technique for Eliminating Most Synchronous Writes in the Fast Filesystem, I think you can get that one.

I don't really think the Usenix membership is worth $50/year to get the lame newsletter, access to the proceedings is pretty valuable, and their conferences are quite good. In addition to learning about soft updates the 1999 conference taught me a lot about how select sucks, how to make it suck less, and that not all of CA is a warm paradise.

Could they be a little more specific ? How was it analyized ?

I doubt that number was. For some real benchmarks you can look at Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems from the 2000 Usenix Procedings. In addition to having useful info in and of itself it has references to other information. You can also try McKusic's home pages he may have newer info that, and does have some info about the experimental checkpointing.

I don't know about dirperf though. Never seen a paper on it.

Could they be a little more specific ? How was it analyized ?

I doubt that number was. For some real benchmarks you can look at Journaling Versus Soft Updates: Asynchronous Meta-data Protection in File Systems from the 2000 Usenix Procedings. In addition to having useful info in and of itself it has references to other information. You can also try McKusic's home pages he may have newer info that, and does have some info about the experimental checkpointing.

I don't know about dirperf though. Never seen a paper on it.

Crispin - Where have you guys been? I was wondering when you would re-release the 7.0 version.

• Dell is now shipping a WireX product.
• Counterpane has licensed Immunix security technology for their internal use.
• We have two papers that will appear this summer at USENIX Security describing "FormatGuard" and "RaceGuard".

Does this release take care of the compilation problems of RH7?

Can I build a 2.4 kernel with this?

I would really like to use XF86 4.03

Crispin
----
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc.
Immunix: Security Hardened Linux Distribution
Now available for purchase