Dibbler's Net


Sunday, December 28, 2008

End of Year Updates

End of year thoughts, links, and general ramblings.

It’s that time of year again. The time when the major care and feeding of servers, notebooks, and desktops gets done. Cleaning up the hard drives, checking on software updates and finding time to install new items.

First I saw over on my favorite Solaris blog that LDOM 1.1 is now out with nice new features I have been waiting on.

Then Hsphere (or Psoft or Parallels) Finally released hsphere with support for FreeBSD 7. That then spawned the process to update one of my FreeBSD boxes to FreeBSD 7 Release. I tried a new way of upgrading. That failed horribly. Won’t try that way again. Ended up doing a build world and portupgrade by hand to get the upgrade completed. Did learn about a cool FreeBSD feature called libmap. This was a great bit of help and something to remember in the future. I also used the /rescue/cp and ls which are nice non-linked files which are good if you accidentally break your elf library.

I am thrilled to see the ZFS support in FreeBSD but the push that you use 64 bit and a good chunk of memory makes me a bit concerned about how ready it is for everyday use. I am thrilled with ZFS on Solaris 10 and am glad to see it moving to other platforms. Now the big question as to if it will move to Windows.

I also updated a home machine to the new Opensolaris 2008/11 update. It’s working great and the gui for zfs snapshots is cool. I was kind of forced to do this as I broke the previous config. With Opensolaris and coming soon to Solaris is the removal of Root as an actual account. It is changing to a Role instead. This means that if you break you one and only admin account and accidentally remove the root role then you kind of ruin your own day. Word of advice, we were all used to having the root account as a backup, now it’s time to create a secondary account for your backup.

Rumor is that Syngress has finally fixed the web site for the online book information (which I now see under Companion Website when you login). Most of this was due to the timing of our book release happening at the same time as http://www.elsevier.com was moving everything from syngress to them. This caused some issues which is why we created the www.nagios3book.com  website just so we could get the data out there promised in the book. Along with that is the VMWare image as well.

Along with all this is the whole end of year time of reflection. What have we learned this year, done this year, and what get’s bumped to the list for next year. I am still a true believer that we are rapidly closing in on the 15 year mainframe cycle. As we see more systems and applications move to the cloud, or virtual systems, and away from the dekstops we are moving back along the circle of computer management. As we come back closer to where I started it is interesting to see how the lessons we learned from the days of mainframes are still applicable today and how so many people have forgotten what we learned back then. I have no doubts that as we move past this renewed mainframe era back to the desktop era it will look nothing like what the first desktop era did, but it will be fun to experience.

In an effort to cover all the subjects at once there is the issue of Security. The past year has been nothing but security nightmares. I personally believe that we are about 1-2 generations away from true personal security making a comeback. It seems that while today’s youth are more technically inclined they are also too willing to sacrifice their entire personal life without due regard. I am curios to see how the first true Myspace generation does when they become the majority of the workforce. We hear small stories every few weeks about employers that check possible applicants online. How will people react when that becomes the norm for everyone. How will we react when half the political candidates are fighting archives of their myspace and you tube videos from 10 and 20 years in the past. We haven’t had a generation yet that truly demanded the right to delete their content off the Internet and it’s now a question of will that even be possible or are we already too late.

It brings to light the numerous books, movies, and futuristic stories about everything online. Will this truly divide people between those who are online and those who avoid it out of fear or desire to maintain privacy. Shows like Ghost in the Shell, the Foundation Series of books, and pretty much half the stories you read in Analog deal with this in some form or fashion. What side of the fence will you land on. I recently read Oath of Fealty and I think it poses a very interesting view of some of the initial issues that a combined society will see.

So with that we end 2008. We welcome 2009 with an understanding that there will be more of the same, and at the same time some new and interesting times. The fun and gadgets should start early with CES but at the same time it will show us how bad the new recession is on the gadget hunters and on Vegas itself.

Derrick

 

Posted by derrick in • BloggingNagiosSecurityUnix
(2) Comments | Permalink

Thursday, September 11, 2008

Eventually Credit Monitoring is Free

Here in the US monitoring your credit report is an important thing to do. Sometime last year I canceled whatever bad service I was using ans was planning on finding a new one.

So recently I thought about looking for a new credit monitoring service. After about 2 minutes of searching I stopped. Why ? Because then I thought about it and decided why pay for something that I will most likely get for free. Well yesterday I won the security lottery and got a letter about my free 12 months of credit monitoring. As the letter stated, an employee of a company I use, was caught selling personal data of customers. So while they promise that everyone is safe, and they can’t see how this would be bad, they are doing the PC thing and providing free service for all customers for 12 months.

In today’s world I have given up on commercial company’s that care about profit ever being able properly secure data. It’s just not their main priority so it never gets done right. Based on this I would guess that most people will win this lottery over the next few years. Keep this in mind before spending money on monitoring services.

D~

Posted by derrick in • BloggingPersonalSecurity
(0) Comments | Permalink

Monday, August 11, 2008

Software with License dates (the VMware bug)

From http://www.deploylinux.net/matt/2008/08/all-your-vms-belong-to-us.html

Quoting “As of tomorrow morning, VM’s running on all hosts with ESX 3.5U2 in enterprise configurations will not power on.”

The current thought is that some beta/preview code got left into the application that basically is a nothing works past this data kind of thing. The workaround fix of setting your system clock back a few days only breaks a few Federal rules if you are in a corporate environment.

Not wanting to just repost someone elses blog entry and the fact the news is quickly jumping on this story I wanted to post my personal issues with this problem.

Way back when I was writing software widgets for Web servers licensing was a big issue. As a coder I wanted to protect my code. Make it so that anyone using it really did pay for it. We also needed a way for people to try it. This meant using a registration key with an expiration date. This was really the only choice to allow people to demo something and to help offset some of the easier widget stealing.  The problem was is that the real version also included this code so if you bought a full version we gave you a license key that was good till 2032. Now this was many many years ago and since then I have drastically changed my thoughts on this area. First I am generally opposed to any software that requires any call home function to stay alive and is any way dependent on licensing every year. I understand that there is more SAS type of licensing and certain subscription type services like Antivirus where yearly costs are part of the model, for the moment I am leaving those out of this thought.

When it comes to actual software, where I have paid full price for the software up front then that software should not have any type of date based restriction anywhere in the code. If I choose to not pay for maintenance a year from now then I should not receive product updates ( security patches yes, new functionality no) but the base product should still continue to work. There are too many documented cases where software expires and then customers are basically strongarmed into paying higher fees just to keep their doors open. Or in some cases the vendor gets sold or goes away and now you have an expensive door stop. When you are looking to buy that next big software application for your business make sure that you evaluate licensing in your product criteria and test for date based kills. Any software that requires this type of licensing should be last on your product selection list. Going back to when I wrote software we actually found this to be enough of an issue that we changed how we distributed demo software. We moved to a model where we compiled a special demo build that worked for 30 days. But this was a different set of code then what we sold which had no Date restriction code in it at all. In the end it was the only fair way to treat paying customers. Now if other vendors could start to understand that it’s wrong to extort your customers and this VMWare issue is a direct result of that attitude. The only way we can fix this is to start demanding that vendors treat us better.

D~

Posted by derrick in • BloggingPersonalSecurity
(0) Comments | Permalink
Page 1 of 2 pages  1 2 >