Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Submission + - Chinese Are Hunting Chinese Over POP3 In Fjord Country (blogspot.com)

badger.foo writes: Yes, you read that right: There is a coordinated effort in progress to steal Chinese-sounding users' mail, targeting machines at the opposite end of the Eurasian landmass (and probably elsewhere), with the attempts coming exclusively from Chinese networks. This weirdness of course turned up on Peter Hansteen's doorstep (or rather his servers), and it's the topic of his latest column.

Submission + - Have Google forgotten what a joejob is? Or is it bullying smaller operators? (blogspot.no)

badger.foo writes: Joejobs are a fact of life for everyone running a mail service. In his latest piece, Does Your Email Provider Know What A "Joejob" is? Peter Hansteen describes an investigation into why messages sent to Google hosted domains started disappearing into thin air. An unexpected bounce message provided clues, but the question remains, is this a matter of incompetence, bad luck or something more sinister like one operator trying to bully itself into dominance?

Comment Fixable with simple PF rules (Score 2) 265

To me this sounds like the main problem is the "security" device that's generating a lot of noise.

My solution would be to put something (very low power gear will do) running a recent OpenBSD and a PF ruleset with overflow rules modeled on the ones outlined here in front of that whiny device. The ruleset would need to be modified to fit the observed traffic, of course. Then anyone who fits the profile of unwanted traffic simply auto-LART themselves into the table of blocked addresses.

With a properly placed adaptive firewall like that, the noisemaker would likely not see enough of the traffic to trigger any of the useless warnings.

Comment Time for grownups and law enforcement to step in (Score 2) 618

In a country where law enforcement seems quite eager to use lethal force agains perceived threats, why are death threats like those mentioned numerous times here not at least investigated by relevant law enforcement agencies?

In all seriousness, violence or threats of the same are not part of 'debate'. If anyone is laboring under that illusion, it's high time grownups stepped in, preferably with law enforcement of the anti-terrorist kind in tow. In civilized countries, death threats could easily lead to jail time.

Comment Easy, make them less rich (Score 5, Insightful) 444

Most societies would be more than willing to help ease the terrible burden of an abundance of assets. Raising the taxes on high incomes and capital gains would help reverse the Reagan-era onwards trend of wealth redistribution towards the higher income and wealth segments of society. We now know that wealth did not start trickling downwards, and grownups need to step in to correct the mistakes.

Submission + - Coming Soon to OpenBSD/amd64: A Native Hypervisor (undeadly.org)

badger.foo writes: Earlier today, Mike Larkin (mlarkin@) published a teaser for something he's been working on for a while. Then a little later in the day, an announcement appeared on tech@:

TL;DR — a native hypervisor is coming. stay tuned.

For the last few months, I've been working on a hypervisor for OpenBSD. The idea for this started a few years ago, and after playing around with it from time to time, things really started to take shape around the time of the Brisbane hackathon earlier this year. As development accelerated, the OpenBSD Foundation generously offered to fund the project so that I could focus on it in more earnest.

See the full story over on the OpenBSD Journal news site.

Comment Code not available, will it ever be? (Score 2) 168

It's now August, the conference where they'll be presenting their work is in October, and the article is a tad short on specifics. They've done a formally verified formal verification of a filesystem. if it works, that's excellent news of course, but I'd wait until we have seen the thing work and with actual code to examine before making any comments or bets on how useful this is going to be. And this being an open source-oriented site, we should be asking whether the code will indeed be available under any kind of usable open source license.

Submission + - The OpenSSH Bug That Wasn't (blogspot.ca)

badger.foo writes: Get your facts straight before reporting, is the main takeaway from Peter Hansteen's latest piece, The OpenSSH Bug That Wasn't. OpenSSH servers that are set up to use PAM for authentication and with a very specific (non-default on OpenBSD and most other places) setup are in fact vulnerable, and fixing the configuration is trivial.

Comment Password guessing attacks are a fact of life, so (Score 1) 157

we hit the max title length, but the second part is "and so is the existence of bugs in any non-trivial piece of software".

Re-using the existing connection is of course useful to fend off the traditional killing techniques for rapid-fire password guessers (such as http://home.nuug.no/~peter/pf/... and similar), but you still have to come up with the set of bytes that will let you authenticate. Which leads to the other thing --

The clowns I have been writing about ("The Hail Mary Cloud" -- http://bsdly.blogspot.ca/2013/... and links therein) used a totally different approach, but the general advice re passwords and other issues given in the conclusions apply here too.

Submission + - Solaris 11.3 Onwards Will Feature OpenBSD's PF Packet Filter (blogspot.no)

badger.foo writes: In his most recent article, Solaris Admins: For A Glimpse Of Your Networking Future, Install OpenBSD, Peter Hansteen points to leaked information (via a patch to a mailing list) that Oracle's Solaris from version 11.3 (expected this year) onwards is joining the ranks of OSes using the OpenBSD PF firewall. From version 12 onwards, PF will be the only packet filter, replacing the legacy IPF system. Which was the software PF was designed to replace, due to performance and rather nasty licensing reasons.

Submission + - Book Review: Networking for System Administrators (amazon.com)

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for writing a review.)

Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. "Networking for System Administrators", available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend.

Like the title suggests, this book explains networking to sysadmins — both juniors new to this career, and those who have been around for a while but don't understand how those network folks live or what they need to do their job. If you're one of the latter, you might think "Oh I've read 'TCP/IP Illustrated' — I don't need another networking book." And it's true that there is overlap between these two books. But Lucas also explains about how to work with network folks: dealing with areas of shared responsibility, how to understand where your side ends, and how to talk to a network admin so that everyone understands each other — and more importantly, is both able and happy to help the other. This is something that is out-of-scope for a network textbook, and it's valuable.

So what's in this book? Lucas takes us through all the network layers, explaining how everything fits together. From physical ("If you can trip over it, snag it, break the stupid tab off the plastic connector at its end, or broadcast static over it, it's the physical layer.") to transport and application, he shows practical examples of how the OSI model maps (or doesn't) to the world of TCP/IP. He shows the happy path and the sad path at each layer, explaining how to understand what's going on and troubleshooting failures. This is the part with the strongest overlap with those other network textbooks. If system administration is a side gig (maybe you're a developer who has to maintain your own server), you'll have enough in this book to deal with just about anything you're likely to trip over. But if you're early in your sysadmin career, or you find yourself making the jump to Ops, you will want to follow it up with "TCP/IP Illustrated" for the additional depth.

Since you'll be troubleshooting, you'll need to know the tools that let you dump DNS, peer into packets, and list what's listening (or not) on the network. Lucas covers Linux and Unix, of course, but he also covers Windows — particularly handy if, like me, you've stuck to one side over the course of your career. Tcpdump/Windump, arp, netstat, netcat and ifconfig are all covered here, but more importantly you'll also learn how to understand what they tell you, and how to relay that information to network administrators.

That thought leads to the final chapter of this book: a plea for working as a team, even when you're not on the same team. Bad things come from network and systems folks not understanding each other. Good things — happy workplaces, successful careers, thriving companies and new friends — can come from something as simple as saying "Well, I don't know if it is the network's fault...why don't we test and find out?"

After reading this book, you'll have a strong footing in networking. Lucas explains concepts in practical ways; he makes sure to teach tools in both Unix/Linux and Windows; and he gives you the terms you'll use to explain what you're seeing to the network folks. Along the way there's a lot of hard-won knowledge sprinkled throughout (leave autonegotiation on — it's a lot better than it used to be; replace cables if there's any hint of flakiness in a server's network connection) that, for me at least (and be honest, you too) would have saved a lot of time over the years.

Who would I recommend this book to?
  • If you're a sysadmin at the beginning of your career, this book is an excellent beginning; take it, read it, and build on it — both with practical experience and further reading.
  • If you're coming into system administration the back way (as a developer who has to manage their own server, say, or who shares responsibility for a networked service with other admins), I can't think of a better single source for the practical knowledge you need. You'll gain an understanding of what's going on under the hood, how to diagnose problems you encounter, and how to talk to either system or network administrators about fixing those problems.
  • If you're a manager or senior sysadmin, buy this book and read it through before handing it to the juniors on your team, or that dev who keeps asking questions about routing and the firewall; you may learn a few things, and it's always good to read fine technical writing.

Slashdot Top Deals

Truth is free, but information costs.