True, though they do contract out some of these tasks to cleared third party defence-focused organisations, who definitely DO pay market rates.
With a focus on graduate recruitment, a culture of esprit de corps, access to awesomly cool geeky tech stuff, and good working conditions, and they tend to hang on to people for a fair bit longer than the government pay grades they are saddled with, would normally imply.
The brain drain does happen eventually.. but that's government, unfortunately.
However, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.
Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.
The Snare/Epilog open source agents will get you part of the way there; they'll handle the log forwarding side for you. They're coded over the ditch in Oz.
Kiwi syslog might be another step in the process; locally made and supported in NZ; it'll manage the collection side of things, but not the analysis.
From there... sorry - I only have commercial stuff to suggest for the analysis side, so I'll let others bring up some options. [Disclaimer: I'm a snare developer, so take comments in that context]
The "Snare Server" software can automatically archive to optical media, and receives data from the snare agents in real time. Unfortunately, it's commercial though.
However, the agents are open source, and we provide a bunch of open source tools that might help you throw your own custom system together to do something similar. The agents (Windows / Solaris / AIX / Irix / Apache / Squid / ISA / IIS... and a whole bunch of others) can also write data to a remote syslog server (eg: kiwi syslog, syslog-ng) in real-time.
Won't mention the company web site - this is a comment rather than an Ad, but the code's on sourceforge if you'd like to go looking.
Regulatory compliance is a fun process isn't it - whether it's PCI, HIPAA, DCID/DIAM, ACSI33, GLBA, NISPOM... or a whole heap of others that people need to cover these days.;)
Probably a coincidence, but every time I cross the equator in a plane, my 'sense of direction' gets completely screwed up. Coming from Australia to LA, after crossing the equator (approximately), my brain starts to scream at me that I'm heading southish, rather than northish.
I never really noticed a sense of direction, until it started to go haywire. Normally takes me 12-24 hours to adapt back to 'normal'.
As I mentioned, it probably has absolutely nothing to do with inbuilt compases, but it's certainly slightly freaky when you experience it.
Farmers Union iced coffee (http://www.farmersunion.com.au/fu_icedcoffee.aspx ) is my choice. Made from low-fat milk, a reasonably low sugar concentration when compared with other alternatives, and probably the best tasting IC on the market in Australia. (Though, the Pauls "Ice Break" is a close second, Dairy Farmers "Dare" a reaonable third, and the OAK Iced Coffee a distant, but acceptable fourth).
In my trips to the US/England, I haven't been able to find anything that is reasonably comparable in terms of taste (usually, way too sugary) - does anyone that has tried Farmers Union, have any suggestions for US-Based comparable alternatives?
I guess all the organisations that are using the GPL'd Snare for Windows, Snare for Solaris, Snare for (Linux|AIX|Tru64|etc..). to help them meet their Sarbanes-Oxley audit-related objectives (or GLBA / DCID / DIAM / ACSI 33 / NISPOM / HIPAA / etc..) will be laughing their collective asses off then;)
At the risk of echoing other comments, I'd actually recommend considering a 'real' computer.
I took the plunge for our 3-year-old, and picked up a 2nd-hand system for $160 (australian). I configured it to auto-login, and play a segment of a wiggles tune on startup. I put up a few nice big icons on the screen that lead to tuxracer, and web sites for: BBC Kids, the wiggles, and the fimbles. There are also a couple of MP3's of his favorite music on the desktop that he just has to hover the mouse over to play (gotta love nautilus preview). A squid proxy stops him from accidentally wandering away from the 'sandbox zone'.
I'm also considering nfs mounting (read-only) the mythtv box, so he can access bob the builder, or whatever he wants to watch, when it's raining outside, and the TV is otherwise engaged.
It constantly amazes me how quickly they pick things up. The little bugger will be hacking my root password in no time.;)
Drop me an email (contact details: Google intersectalliance, find contact.html) for more info if you're interested.
> 1. I've never encountered corrupted data with > mysql (It seems to be urban legend)
It's not, unfortunately. But I suspect that it has a LOT to do with the way you use the database. If you're doing the traditional 'shove lots of data in occasionally, and do plenty of regular queries', I doubt you'll see any corruptions as the number of index updates is pretty small, but if you're doing something like:
* Insert 2-300 rows per second, constantly * Run queries occasionally (batch mode, about 3-5 hours worth, every 24 hours, and maybe a dozen interactive queries throughout the day) * Delete around 1/20th of the database every night... then you'll see the occasional corruption.
MySQL 3 was horrible - from a pool of around 10 diverse systems, we'd get a corruption a week on average. (Variety of hardware, so unlikely to be memory/disk problems - and I'm not counting power failures). Mysql 4 seems better though.
Actually, during a period of 'heightened awareness' at an organisation I used to work at (ie: A national television program that discussed the organisation at length), we did something like this for real.
"Ethereal activity" was "a change in any MD5 signature or file-size for any file on the web server".. "trained monkey" was a bunch of 24x7 operators (no offence guys.. I'm not making the comparison - just emphasising the distinction).. "shell script" and "flash the screen red" were still a shell script, and a red flashing screen.... but yes, the instructions were to pull the cat-5 cable out of the back of the router as soon as things started flashing.
> Jesus! That's a whole lot of Perl.. > Surely you could get it down to one line
True. I'm too lazy to obfuscate my perl this early in the morning.;)
> Besides, you're opening yourself up to a followup > question along the lines of; Outlook won't run > your program, what should I do?
Ick.. very true. Of course, my geek rating is now rock bottom because people will assume that I actually USE a program like that (or outlook, for that matter).. so with all the stigma & the fact that geek friends may now walk to the other side of the street to avoid me, I'd probably appreciate the attention that questions like that might bring;)
Since you're on MS, you'll probably want to: * Install activestate perl * Use appropriate MS compatible directories (c:\path\to\somewhere rather than/usr/share/sounds) * swap out the `cp...` for `copy...`.. probably worth chucking a closedir in there somewhere too.
Bah, ahh well - can't expect much for 20 seconds of coding and no debugging I guess.
With a bit of stuffing around, you can access the content under linux by the looks of things..
* Install vlc, or mplayer (you'll probably need the mplayer codec pack too..) * wget -O temp the link referenced by the blue 'arrow' for the video you're interested in. (eg: wget 'http://video.google.com/videopreviewbig?q=ps3&tim e=0&page=1&docid=-1557613506005379193&urlcreated=1 119913159&chan=Uploaded&prog=+sonycon+E3+05+ps3+ro ckstar+s+West+game+trailer&date=Tue+May+17+2005+at +3%3A43+AM+PDT' * search for the vp.video.google.com reference, grab the URL, and mangle the %xx codes into something more reasonable (eg: http%3A%2F%2Fvp.video.google.com becomes http://vp.video.google.com/ * Zap that link into mplayer or vlc (eg: gmplayer 'http://vp.video.google.com/videoplayback?id=ef075 b4a049447b1&begin=30000&len=25733&itag=w320&docid= -1557613506005379193&urlcreated=1119913606&sigh=KF Dp2d7FaxUQC-GdGGOTBTjPskk')
Unfortunately, I suspect that the slashdot comment mangler will kill those links, but you should be able to rebuild them.. (btw: the video is some ps3 thing at E3)... it's a start, anyway.
For the linux machines, have a peek at firestarter (www.fs-security.com). It's easy to configure, has a nice GUI, and provides a reasonably simple method of configuring IPTables.
If your requirements are a little more complex (eg: DMZs, VPNs, etc.), you might want to have a peek at firehol instead. Text-based configuration, but greatly simplifies the process of wrangling with iptables.
I tend to recommend zonealarm for windows for most people, but that's more out of apathy (ie: I haven't reviewed the options lately) than anything else.
For some selected applications, sure. For the average user? Probably not.
A couple of possibilities: * Getting openvpn to run, so that you can connect back to a linux gateway, whilst on the road. * Being able to share contact/appointment data between evolution and the handheld (multisync/synce is a bit touchy at the moment). * Being able to install applications without needing a windows box hanging around. * Wireless LAN sniffing for security evaluations (kismet, etc). * Coding on the road (if you're VERY desperate...) * Having control over your data, not having it stored in some wierd proprietary format, and potentially being able to import the stuff back into your linux box. * Custom applications (warehouse floor, inventory control, etc.) may be easier to code in some cases.
The IPAQ H1940/H1930 has also had some recent progress - Opie/GPE can now be booted via an NFS-mouted root, or from a ext2 loopback filesystem, mounted on a FAT16 SD card. Still a little work to be done, to replace the flash with a boot image though.
H1940/30's are pretty cheap 2nd hand these days, and would make a reasonable linux handheld.
I have a board from Australias first Cray X-MP 22 super computer framed on my wall... ok, so it doesn't exactly 'pull the chicks', but it's good for geek bragging rights.;)
Ok, see superpeach's post above - both klik, and this, use a bit of code that includes shell script in a C program: http://www.datsi.fi.upm.es/~frosal/sourc es/shc.htm l
At the risk of the post sounding like a discussion at a head-lice convention, everyone has their own personal itch to scratch.
Several posts thus far, have questioned the viability of establishing yet another secure-debian project, similar to other existing projects, and have indicated that there would be a better use of available resources if everyone would just get along and work together (or at least, form under a single project). Fair enough.
However, there are a whole range of reasons why diversity and natural selection w.r.t many competing projects can provide benefits over and above a single large project - organisational inertia, effective and efficient communication, and development priority differences, for example.
'Organisational inertia' in particular, whereby the larger a organisation/project gets, the slower it can react to changing requirements, is a good reason why this effort-amalgamation can potentially be a bad thing.
Each of these projects probably has a slightly different 'itch' to 'scratch'. There's no reason why, later on down the track, that the best elements of each of these projects cannot be merged into something cohesive.
A good example is the current situation in Linux Auditing (as in C2/CAPP style auditing and event logging, not code verification) and host-based audit-related intrusion detection. Over time, we've had Snare (http://www.intersectalliance.com), SLES (http://www.suse.com), and Riks Audit Daemon (http://www.redhat.com). Each project had a slightly different focus, and each development team have come up with some great solutions to the problems of auditing / event logging.
The developers of each of these projects are now communicating and collaborating, with a view to bringing a effective audit subsystem to Linux that incorporates the best ideas from each approach.
BTW: How about auditing in this project? Here's a starting point: http://www.gweep.net/~malk/snare_debian.sh tml
Slashdot Mirror
True, though they do contract out some of these tasks to cleared third party defence-focused organisations, who definitely DO pay market rates.
With a focus on graduate recruitment, a culture of esprit de corps, access to awesomly cool geeky tech stuff, and good working conditions, and they tend to hang on to people for a fair bit longer than the government pay grades they are saddled with, would normally imply.
The brain drain does happen eventually.. but that's government, unfortunately.
Yes; some very good people who evaluate products for use within the Oz government and Defence:
http://www.dsd.gov.au/infosec/epl/index.php
However, the process is usually long, often expensive, and generally targets a particular software/hardware combination; bump your version number, and there's potentially a fairly significant re-evaluation required.
Huawei could take advantage of this program now, but would either need to front up some dough, or have a sponsor to guide them through it.
The Snare/Epilog open source agents will get you part of the way there; they'll handle the log forwarding side for you. They're coded over the ditch in Oz.
Kiwi syslog might be another step in the process; locally made and supported in NZ; it'll manage the collection side of things, but not the analysis.
From there... sorry - I only have commercial stuff to suggest for the analysis side, so I'll let others bring up some options.
[Disclaimer: I'm a snare developer, so take comments in that context]
cat /usr/share/dict/words | egrep "^([zrx].gu.{2}r|.[xp][xp]..s{2,2}..n.|[DZQ].l.{2,99}a.e|.[wewewe][ewewew]..m.)$" | tr 'A-Z' 'a-z' | sort -r | sed 's/delaw//'
Big Disclaimer: I'm a snare developer!
... and a whole bunch of others) can also write data to a remote syslog server (eg: kiwi syslog, syslog-ng) in real-time.
;)
The "Snare Server" software can automatically archive to optical media, and receives data from the snare agents in real time. Unfortunately, it's commercial though.
However, the agents are open source, and we provide a bunch of open source tools that might help you throw your own custom system together to do something similar. The agents (Windows / Solaris / AIX / Irix / Apache / Squid / ISA / IIS
Won't mention the company web site - this is a comment rather than an Ad, but the code's on sourceforge if you'd like to go looking.
Regulatory compliance is a fun process isn't it - whether it's PCI, HIPAA, DCID/DIAM, ACSI33, GLBA, NISPOM... or a whole heap of others that people need to cover these days.
Red.
Probably a coincidence, but every time I cross the equator in a plane, my 'sense of direction' gets completely screwed up. Coming from Australia to LA, after crossing the equator (approximately), my brain starts to scream at me that I'm heading southish, rather than northish.
I never really noticed a sense of direction, until it started to go haywire. Normally takes me 12-24 hours to adapt back to 'normal'.
As I mentioned, it probably has absolutely nothing to do with inbuilt compases, but it's certainly slightly freaky when you experience it.
Red.
Farmers Union iced coffee (http://www.farmersunion.com.au/fu_icedcoffee.aspx ) is my choice. Made from low-fat milk, a reasonably low sugar concentration when compared with other alternatives, and probably the best tasting IC on the market in Australia. (Though, the Pauls "Ice Break" is a close second, Dairy Farmers "Dare" a reaonable third, and the OAK Iced Coffee a distant, but acceptable fourth).
In my trips to the US/England, I haven't been able to find anything that is reasonably comparable in terms of taste (usually, way too sugary) - does anyone that has tried Farmers Union, have any suggestions for US-Based comparable alternatives?
Red.
I guess all the organisations that are using the GPL'd Snare for Windows, Snare for Solaris, Snare for (Linux|AIX|Tru64|etc..). to help them meet their Sarbanes-Oxley audit-related objectives (or GLBA / DCID / DIAM / ACSI 33 / NISPOM / HIPAA / etc..) will be laughing their collective asses off then ;)
Red. (Disclaimer: Snare developer)
At the risk of echoing other comments, I'd actually recommend considering a 'real' computer.
;)
I took the plunge for our 3-year-old, and picked up a 2nd-hand system for $160 (australian). I configured it to auto-login, and play a segment of a wiggles tune on startup. I put up a few nice big icons on the screen that lead to tuxracer, and web sites for:
BBC Kids, the wiggles, and the fimbles. There are also a couple of MP3's of his favorite music on the desktop that he just has to hover the mouse over to play (gotta love nautilus preview). A squid proxy stops him from accidentally wandering away from the 'sandbox zone'.
I'm also considering nfs mounting (read-only) the mythtv box, so he can access bob the builder, or whatever he wants to watch, when it's raining outside, and the TV is otherwise engaged.
It constantly amazes me how quickly they pick things up. The little bugger will be hacking my root password in no time.
Drop me an email (contact details: Google intersectalliance, find contact.html) for more info if you're interested.
> 1. I've never encountered corrupted data with
.. then you'll see the occasional corruption.
> mysql (It seems to be urban legend)
It's not, unfortunately. But I suspect that it has a LOT to do with the way you use the database. If you're doing the traditional 'shove lots of data in occasionally, and do plenty of regular queries', I doubt you'll see any corruptions as the number of index updates is pretty small, but if you're doing something like:
* Insert 2-300 rows per second, constantly
* Run queries occasionally (batch mode, about 3-5 hours worth, every 24 hours, and maybe a dozen interactive queries throughout the day)
* Delete around 1/20th of the database every night.
MySQL 3 was horrible - from a pool of around 10 diverse systems, we'd get a corruption a week on average. (Variety of hardware, so unlikely to be memory/disk problems - and I'm not counting power failures). Mysql 4 seems better though.
Red.
Actually, during a period of 'heightened awareness' at an organisation I used to work at (ie: A national television program that discussed the organisation at length), we did something like this for real.
.. but yes, the instructions were to pull the cat-5 cable out of the back of the router as soon as things started flashing.
"Ethereal activity" was "a change in any MD5 signature or file-size for any file on the web server"..
"trained monkey" was a bunch of 24x7 operators (no offence guys.. I'm not making the comparison - just emphasising the distinction)..
"shell script" and "flash the screen red" were still a shell script, and a red flashing screen..
Red.
> Jesus! That's a whole lot of Perl..
;)
;)
> Surely you could get it down to one line
True. I'm too lazy to obfuscate my perl this early in the morning.
> Besides, you're opening yourself up to a followup
> question along the lines of; Outlook won't run
> your program, what should I do?
Ick.. very true. Of course, my geek rating is now rock bottom because people will assume that I actually USE a program like that (or outlook, for that matter).. so with all the stigma & the fact that geek friends may now walk to the other side of the street to avoid me, I'd probably appreciate the attention that questions like that might bring
Red.
Since you're on MS, you'll probably want to: /usr/share/sounds) ...` for `copy ...` .. probably worth chucking a closedir in there somewhere too.
* Install activestate perl
* Use appropriate MS compatible directories (c:\path\to\somewhere rather than
* swap out the `cp
Bah, ahh well - can't expect much for 20 seconds of coding and no debugging I guess.
Red.
#!/usr/bin/perl
$ DESTFILE="/tmp/sound.wav";) || die "Can't open $SOUNDDIR: $!\n"; /\.wav$/) {
$SOUNDDIR="/usr/share/sounds";
opendir(DIR,$SOUNDDIR
$count=0;
while(defined($file = readdir(DIR))) {
if($file =~
$files[$count]=$file;
$count++;
}
}
$arraysize=@files;
while(1) {
$rnd=int(rand($arraysize));
$filename=$files[$rnd];
`cp $SOUNDDIR/$filename $DESTFILE`;
sleep 10;
}
Mangle appropriately (source dir, sleep time, dest file, file-type).
Have fun.
Red.
With a bit of stuffing around, you can access the content under linux by the looks of things..
m e=0&page=1&docid=-1557613506005379193&urlcreated=1 119913159&chan=Uploaded&prog=+sonycon+E3+05+ps3+ro ckstar+s+West+game+trailer&date=Tue+May+17+2005+at +3%3A43+AM+PDT'5 b4a049447b1&begin=30000&len=25733&itag=w320&docid= -1557613506005379193&urlcreated=1119913606&sigh=KF Dp2d7FaxUQC-GdGGOTBTjPskk')
.. it's a start, anyway.
* Install vlc, or mplayer (you'll probably need the mplayer codec pack too..)
* wget -O temp the link referenced by the blue 'arrow' for the video you're interested in. (eg: wget 'http://video.google.com/videopreviewbig?q=ps3&ti
* search for the vp.video.google.com reference, grab the URL, and mangle the %xx codes into something more reasonable (eg: http%3A%2F%2Fvp.video.google.com becomes http://vp.video.google.com/
* Zap that link into mplayer or vlc (eg: gmplayer 'http://vp.video.google.com/videoplayback?id=ef07
Unfortunately, I suspect that the slashdot comment mangler will kill those links, but you should be able to rebuild them.. (btw: the video is some ps3 thing at E3).
L.
For the linux machines, have a peek at firestarter (www.fs-security.com). It's easy to configure, has a nice GUI, and provides a reasonably simple method of configuring IPTables.
If your requirements are a little more complex (eg: DMZs, VPNs, etc.), you might want to have a peek at firehol instead. Text-based configuration, but greatly simplifies the process of wrangling with iptables.
I tend to recommend zonealarm for windows for most people, but that's more out of apathy (ie: I haven't reviewed the options lately) than anything else.
Red.
For some selected applications, sure.
For the average user? Probably not.
A couple of possibilities:
* Getting openvpn to run, so that you can connect back to a linux gateway, whilst on the road.
* Being able to share contact/appointment data between evolution and the handheld (multisync/synce is a bit touchy at the moment).
* Being able to install applications without needing a windows box hanging around.
* Wireless LAN sniffing for security evaluations (kismet, etc).
* Coding on the road (if you're VERY desperate...)
* Having control over your data, not having it stored in some wierd proprietary format, and potentially being able to import the stuff back into your linux box.
* Custom applications (warehouse floor, inventory control, etc.) may be easier to code in some cases.
Red.
The IPAQ H1940/H1930 has also had some recent progress - Opie/GPE can now be booted via an NFS-mouted root, or from a ext2 loopback filesystem, mounted on a FAT16 SD card. Still a little work to be done, to replace the flash with a boot image though.
H1940/30's are pretty cheap 2nd hand these days, and would make a reasonable linux handheld.
Red.
Hmm.. no, ignore that - it's just a 'courtesy' link to a third party vendor.
http://www.i-flix.com/l oads/macosx/video/iflix. html
http://www.apple.com/down
Does this imply anything of significance?
Red.
I have a board from Australias first Cray X-MP 22 super computer framed on my wall. .. ok, so it doesn't exactly 'pull the chicks', but it's good for geek bragging rights. ;)
Red.
Ok, see superpeach's post above - both klik, and this, use a bit of code that includes shell script in a C program:c es/shc.htm l
http://www.datsi.fi.upm.es/~frosal/sour
Red.
The source code for inst.c seems to be very similar to the "Klik client" code from http://klik.berlios.de/client/klik-0.1.3.c
Everything but the comments at the top of the page, and the shellcode, is pretty-much identical.
Klik looks to be a "KDE-based Live Installer for Knoppix".
Still looking....
Red.
At the risk of the post sounding like a discussion at a head-lice convention, everyone has their own personal itch to scratch.
h tml
Several posts thus far, have questioned the viability of establishing yet another secure-debian project, similar to other existing projects, and have indicated that there would be a better use of available resources if everyone would just get along and work together (or at least, form under a single project). Fair enough.
However, there are a whole range of reasons why diversity and natural selection w.r.t many competing projects can provide benefits over and above a single large project - organisational inertia, effective and efficient communication, and development priority differences, for example.
'Organisational inertia' in particular, whereby the larger a organisation/project gets, the slower it can react to changing requirements, is a good reason why this effort-amalgamation can potentially be a bad thing.
Each of these projects probably has a slightly different 'itch' to 'scratch'. There's no reason why, later on down the track, that the best elements of each of these projects cannot be merged into something cohesive.
A good example is the current situation in Linux Auditing (as in C2/CAPP style auditing and event logging, not code verification) and host-based audit-related intrusion detection. Over time, we've had Snare (http://www.intersectalliance.com), SLES (http://www.suse.com), and Riks Audit Daemon (http://www.redhat.com). Each project had a slightly different focus, and each development team have come up with some great solutions to the problems of auditing / event logging.
The developers of each of these projects are now communicating and collaborating, with a view to bringing a effective audit subsystem to Linux that incorporates the best ideas from each approach.
BTW: How about auditing in this project? Here's a starting point:
http://www.gweep.net/~malk/snare_debian.s
Red. (Snare Developer)
No, but they do use elf binaries.