Thursday, May 23, 2013

Unix: Book Review -- Absolute OpenBSD: Unix for the Practical Paranoid by Michael W. Lucas, Open Starch Press, 2013

 I don't know which should come first -- why you should look at OpenBSD or why you should buy this book, but these questions seem tightly wound around each other. For those of us who have settled into one of the most popular Unix/Linux systems -- Red Hat, Debian, Fedora, Ubuntu, Mint, Suse, Solaris et al, OpenBSD may seem like a Unix from long ago, but there are aspects of this OS that set it apart from other popularly used Unix systems and this book by Michael W. Lucas and published by no starch press will help you understand, not just those differences, but how to install, deploy, manage, troubleshoot and thrive with an OpenBSD system.

To begin with, let's start with the subtitle -- "Unix for the Practical Paranoid". There's a lot in that title. These days, anyone who manages servers that interact in any way with the Internet are probably somewhat paranoid. In fact, the author says "If you're not paranoid on the Internet, you're in trouble". And why is OpenBSD "for the paranoid"? For one reason, it's because OpenBSD is regarded by many as the most secure OS (yes, even without the benefit of SELinux). Its focus on security borders on the fanatical. OpenBSD pays a lot of attention to the "baked in" kind of security -- auditing their source code with a keen eye toward routing out bugs that could represent an eventual compromise, rather than waiting for flaws to be discovered through successful exploits and addressing them then.

OpenBSD also has built-in cryptography, the systrace system call and the pf packet filter. Due to its ground up dedication to security, it is often used as the OS basis for intrusion detection systems, firewalls, VPN gateways and secure web sites. It's open source, yet it touts some of the highest quality documentation.

The first edition of Absolute OpenBSD: UNIX for the Practical Paranoid was published 10 years ago in 2003 -- ten years ago! It was so well thought of that it became something of a collector's edition and a lot of people have been hungrily waiting for this second edition. I was deeply entrenched in Solaris in 2003, though I still clearly remembered that "SunOS" prior to the birth of "Solaris" was a BSD-based operating system. About the same time that BSD and System V were merged to create Solaris, OpenBSD shot off from NetBSD, providing a clear option for those who wanted to remain in the BSD camp.

This book, in its nearly 500 (490) pages, covers nearly everything I can imagine stuffing into a book on OpenBSD and provides nearly a total immersion on the OS. Yet the author is not so arrogant as to presume you won't need to reach out to other information sources as well -- Chapter 1 is actually devoted to additional sources of information. Even so, you won't get through this book without acquiring a solid grounding in OpenBSD.

Monday, May 13, 2013

Is Unix Now The Most Successful Operating System Of All Time?

A fascinating little point made in a much longer piece about the smartphone wars. One that makes me wonder whether Unix can now be considered to be the most successful operating system of all time. Which is certainly a change from when I first entered the computing industry when Unix boxes were vast behemoths and the Windows based PC was what was used by the masses.

Within that, roughly 1.1bn had ‘smartphones’ at the end of 2012, of which around 900m ran either the iOS or Android versions of Unix. (As an aside, it is pretty striking that almost a fifth of the earth’s adult population has a Unix box in their pocket.)

Yes, it is true that both Apple AAPL +0.39%‘s iOS (and OSX come to think of it) and Google GOOG -0.28%‘s Android are variations of the basic Unix operating system. And 900 million concurrent users might indeed be the largest number of people using an operating system yet.

The only viable contender is of course Windows. DOS was never a large enough marketplace before Windows took over from that. And I agree that Windows sales numbers are, over time, much higher than of these Unix variants. Windows 7 for example sold 450 million copies all told. Windows 8 so far 100 million. So I’m willing to agree that Microsoft MSFT +1.05% has, over all the generations of Windows, sold more licenses than the current usage of the two Unix variants, Android and iOS.

But I’m really not sure whether the installed base of Windows has ever been 900 million units. Not all operating at the same time. And we are indeed saying that the current, today’s installed base of Unix is that 900 million. Even if that were shown to be wrong, that there are, or have at some time been, more than 900 million operating PCs running Windows, I don’t think that Windows would keep the crown for very much longer. For the growth rates are wildly divergent.

Almost all tablets and smartphones now run some variant of Unix (yes, I know, Windows Phone and Surface but really, volumes here are pretty small) and those markets are still growing by leaps and bounds. And the PC market is actually shrinking. So even if Windows might, just, still be the world’s leading OS I don’t think that that will last for very much longer.

But my gut feel for this is that Unix is indeed the world’s most successful operating system ever. 900 million concurrent users? I don’t think even Windows has managed that.

Monday, April 29, 2013

Physical Layer SW Engineer-PHY,Algorithms,C,Linux,Unix,DSP

Physical Layer SW Engineer, Layer 1, PHY, Algorithms, C, Linux, Unix, DSP, IOT, Embedded Systems, Debug

WANTED! I am currently seeking a Physical Layer Software Engineer to join a world-leading team working on physical layer embedded software.

Required Skills and Experience:

- Excellent Knowledge in wireless embedded systems;
- Proficient in C coding;
- Excellent knowledge of real-time SW programming;
- Extensive DSP understanding;
- MUST be eligible to work in the UK.

Do you have the above skills and experience? Would you like to be part of a world-leading company? Don't hesitate to get in touch for the full job description and details!

I look forward to hearing from you!

Physical Layer SW Engineer, Layer 1, PHY, Algorithms, C, Linux, Unix, DSP, IOT, Embedded Systems, Debug 

Wednesday, April 3, 2013

Oracle brings data center fabric to Sparc systems

Oracle has extended its data center fabric to its Sparc-based Unix platforms, promising to let enterprises tie more servers and applications into the high-speed infrastructure.

The fabric technology, which Oracle acquired in its purchase of startup Xsigo Systems last year, connects servers and storage over Ethernet and Infiniband and allows for thousands of virtual network interfaces. That saves IT departments from having to install multiple network interface cards and host bus adapters in its physical servers, while tying together the resources in the data center at speeds up to 80Gbps (bits per second).

The addition of Unix support is the first change Oracle has made to Xsigo's technology since the acquisition, apart from rebranding it as Oracle Virtual Networking, said Charlie Boyle, senior director of marketing for Oracle's data center division. The company added Oracle Virtual Networking support to its Sparc T5, T4 and M5 servers and for the Oracle Solaris 11 OS on both Sparc and x86 hardware. Connecting Unix servers to the fabric will give users, as well as other servers, faster access to the critical applications that often run on those platforms, he said.

Oracle expanded the Sparc-based T and M server lines last week with the T5 and the M5-32, both of which are based on new processors. It's the first time the company has built M-class servers based on its own chips.

Oracle Virtual Networking is designed to deliver the benefits of software-defined networking (SDN), including rapid application provisioning, detailed quality-of-service controls and simplified movement of virtual machines from one physical server to another. It's built around the Oracle Fabric Interconnect hardware platform, which provides the high-speed connectivity. The company claims Oracle Virtual Networking can boost application performance by four times while cutting LAN and SAN capital expenses in half.

Monday, March 18, 2013

Unix: Rooting out the kits

 Rootkits are both tricky and stealthy, but there are still some things that you can do if you suspect that one of your Linux system has been infected. After all, a rootkit is going to be doing something if it's to be of any value to the miscreants that deployed it. In addition, its authors will have had a hard time trying to engineer their tools to avoid everything that detection tools are going to throw at it to identify and remove it.

The bad news is that detecting rootkits takes far more insight than noticing and identifying your typical virus. Many are designed to resemble device drivers so that it's possible for them to run at a more privileged level in the operating system. Rootkits often replace a keyboard or network driver, for example. The way that modern operating systems are broken into distinct privilege "layers" and numerous modules, loaded when needed and each of which manages a distinct function within the OS, makes this possible.

Sometimes root kits will replace commands such as netstat, du, find, ifconfig, netd, killall and lsof while they will just provide support for other malware -- allowing it to run undetected or providing access to the system through backdoors. The flexibility and modularity of operating systems is, thus, also something of a "weak link" as far as security is concerned.

When you suspect a rootkit has been installed on a system, the first thing you need to decide is what the first step ought to be. Some will say that you should immediately detach it from your network, isolating it for further analysis. Others will say that you may lose valuable insights into what the rootkit is doing if you move too quickly. Besides, depending on the role the system is playing, pulling it off the network could have drastic implications if provides a critical service. On a well designed network, your critical services will be set up in such a way that you can roll them over to another system.

If your aim is to learn as much as you can about the rootkit, rebooting the system might be a bad idea. The rootkit might be one that is confined to memory and your evidence may be gone if you reboot too soon. In any case, this – how to proceed when a rootkit is suspected -- kind of decision is one that should be made long before you have to act.

You should consider detaching from your network and, at some point, shutting down the system and booting in single user mode. The key question is what's more important -- figuring out what happened or getting the system up and working again. If you must get it online again as quickly as possible, are you prepared to make an image of the infected system for analysis? If you can, that image might provide you with important insights after the fact.

It's a good to have a rescue CD or DVD on hand so that you can look at an infected system (or a potentially infected system) without depending on tools or commands that are installed on the system.

Tuesday, February 12, 2013

Use OS X services to reveal or open file paths

Apple's Spotlight offers a quick way to find user files and resources like applications or system preferences. However, it does not locate items in the system folder or in hidden folders, though at times you might need to access them. This limitation may be especially cumbersome to deal with if you are troubleshooting a problem in OS X or helping someone do so, meaning you may need to ask them to locate a specific hidden file and remove it or modify its contents.

For some system resources you can simply navigate through the Finder; however, in its default view the Finder does not show a number of hidden files and folders such as the user library. So, for example, if you tell someone to access his or her user library to locate the Fonts folder, since the user library is hidden he or she might instead erroneously access the global library at the root of the hard drive.

Even if you are familiar with standard Unix file path notation and direct someone to open the ~/Library folder, if that person doesn't know what the tilde character means then he or she might go to the wrong directory in the Finder.

To get around these potential areas of confusion both for yourself and when instructing others, you can make use of some services and features in OS X that make possible quick access to any file or folder based on a typed path you provide, which can help avoid confusion and make it straightforward for anyone to open a specified Unix-compliant path.

The first option is to use the system's contextual services: if you have a full Unix-compliant path typed out, then you can simply highlight it, right-click the selected text, and then choose either Open or Reveal from the Services contextual menu, and the system will then display the item in the Finder or try to open it with its default handling application.

For example, you can triple-click the following folder path examples or otherwise select each in its entirety, and try opening the items in the Finder (note that if you use the Open service the system may ask for confirmation before opening the path):

If you come across a file path as part of an instruction for tweaking your system or troubleshooting it, you can use these services to access it by selecting the file path and right-clicking in this way. Additionally, if you are attempting to help others access parts of their systems and you know the exact file or folder path they should use, then you can likewise send it to them and have them perform this procedure to quickly open it.
Open and Reveal services in OS X

These contextual services are built into OS X and should be enabled by default, but if they aren't then they can be enabled in the Services section of the Keyboard system preferences, under the Keyboard Shortcuts tab.

While useful for opening a full file path from a text document or Web page, these options are also convenient in other areas. If you are a power user and access the Terminal regularly, then you probably have a number of file paths listed in your command history that you previously acted upon. If you need to open one of these paths in the Finder, you can use these services to quickly select and open it.

A last and related way to navigate through a full file path is to use the OS X Go to Folder feature that is available in the Finder's Go menu (and can also be invoked by pressing Shift-Command-G). With this option, you can copy a full file path or even a partial one with respect to the directory of the current Finder window, and then paste it in the Go to Folder field instead of using the Open or Reveal services, which should open it for you in the Finder. For example, select and copy any of the file paths listed above, and then paste it in the Go to Folder field to have the system open it in the Finder.

Monday, February 4, 2013

I.B.M. Slims Down Its Big Data Offerings

 I.B.M. is cutting the price on its least-expensive Power server computers by 50 percent, to under $6,000. The pricing move is one of a series of hardware and software announcements on Tuesday intended as a strategic push more broadly into the fast-growing market for Big Data technology and to tailor offerings for smaller businesses.

The overall market for Big Data technology — hardware, software and services — is projected to increase to $23.7 billion by 2016, from $8.1 billion last year, according to IDC, a market research firm. Every major technology company including Oracle, EMC, Microsoft, SAP Hewlett-Packard and SAS Institute, as well as an entire generation of start-ups, is chasing the opportunity to supply the tools of advanced data analysis and discovery to business.

I.B.M.’s Power servers run the company’s Power microprocessors. These chips were originally designed for big computers using I.B.M.’s proprietary version of the Unix operating system, AIX. Over the years, the company has developed specialized chips using the Power technology for other markets like video game consoles. The I.B.M. chips can be found in the game machines made by Sony, Nintendo and Microsoft.

The I.B.M. Power servers also run Linux, the open-source version of Unix. And Linux is the preferred operating system for much Big Data software, notably Hadoop, the foundation layer that manages many distributed, data analysis applications.

But the hardware challenge for I.B.M. is that most Hadoop software is running on industry-standard servers, powered by chips from Intel or Advanced Micro Devices.

The price cut helps make the case for Big Data computing on I.B.M. Power servers, which are designed to juggle many computing tasks efficiently and reliably, a potential advantage in the data-analysis market. “I.B.M. is bringing the actual price down to be very, very competitive,” said Jean S. Bozman, an analyst at IDC. “And they have to do it.”

The lower price is also a bid for the small- and medium-size business market, as these companies seek to adopt Big Data computing. “This brings the entry point down quite a bit and opens the way for more businesses to use Power technology as a preferred environment,” said Steven A. Mills, senior vice president for software and hardware systems at I.B.M.

One small company looking at using the I.B.M. technology for advanced data analysis is Westside Produce, which harvests, packs and markets cantaloupes for growers in California. The company, with 15 full-time employees and many seasonal contract workers, already runs its accounting, inventory and operations-management software on an I.B.M. Power server.

But Justin K. Porter, director of technology at Westside Produce, said his company would like to be able to more closely track and analyze all kinds of data, including harvest practices, weather patterns, shipments, melon sizes, and prices paid by specific supermarket chains and distributors. The goal, he said, would be to fine-tune operations and marketing to trim waste and improve profits.

“It’s definitely something that we’re going to look into,” Mr. Porter said.

Sunday, January 27, 2013

Stephen Watt, a.k.a. “The UNIX Terrorist,” to Keynote Infiltrate Con, April 11-12 - First Public Talk Since Conviction in World’s Largest Financial Cyber-Heist

 It was the biggest identity theft case in U.S. history - between 2005-2007, 170 million credit card numbers were stolen from Heartland Payment Systems, TJX and other national companies. The operation - known as Get Rich or Die Tryin’ - was led by convicted hacker Albert Gonzalez. But the U.S. Attorney’s Office would later convict former rogue DefCon speaker and Wall Street programmer Stephen Watt of complicity in the crime for writing the packet-sniffing program “blabla” that was used by Gonzalez.

Now, after two years of incarceration in SeaTac Federal Detention Center, a $171.5 million restitution and still on probation, Stephen Watt a.k.a. ‘The UNIX Terrorist’ will be giving his first public talk at this year’s Infiltrate offensive security conference in Miami Beach, April 11-12, 2013.

“We’re happy that Stephen’s lawyer was able to get him approval to keynote at this year’s conference,” said Dave Aitel, CEO of Immunity Inc. and organizer of Infiltrate. “Stephen has a formidable reputation as a programmer and an original thinker, and we’re looking forward to his talk on the criminal justice system as it pertains to com-puter crime. This talk is especially relevant given the recent death of Aaron Swartz, who also faced the same prosecutor as Stephen.”

The title of Watt’s keynote presentation is, “Turning Down an Offer You Can’t Refuse.”

“My talk will be a journey through the legal system; essentially, what to expect if you don’t snitch on your friends,” said Watt. “I’m going to tell people the truth about what it’s like to be prosecuted under today’s computer crime laws - from the overzealous tactics of prosecutors to the near-impossibility of thriving in a post-conviction life. Federal litigation exponentiates fines and sentences by stringing endless amounts of charges together. Most notably, in the case of file-sharing charges. So basically, this talk will cover everything from pretrial, to the courtroom, prison and probation.”

On probation since February 2012, Watt is currently prohibited from using a non-Windows operating system on his government-monitored laptop. He’s also banned from using an iPhone or Android device. “I’m allowed to use a BlackBerry, but they’ve told me ‘there’s just too much you can do on an iPhone,’” he said.

In spite of the severity of his punishment, Watt never benefited financially from his involvement with Gonzalez. While in prison, he also turned down a movie studio offer to option his life story for the big screen. Eric Eisner has since optioned the rights to Rolling Stone’s story on the group, “Hackers Gone Wild: The Fast Times and Hard Fall of the Green Hat Gang.”

Watt remains an opponent of computer vulnerability disclosure and the commercialization of exploit development. He has since developed a passion for discussing matters such as free speech, as well as prosecutorial and investigative tactics as they apply to cybercrime cases.

Stephen Watt’s keynote isn’t the only noteworthy talk at this year’s Infiltrate. Here is a preliminary list of other talks at this year’s conference:

        Chris Eagle – Keynote Speaker
        Esteban Guillardoy - Jurassic Jar: Their World. Our Rules.
        Miguel Turner - Exfiltrate: Efficient Blind SQLi
        Matias Soler - The Chameleon: A Cellphone-Based USB Impersonator
        Alberto Garcia - Enterprise Malware, There Is Always a Way. (DNS/DNSSEC)
        Sergey Gordeychik - Siemens Under the X-Ray
        Ling Chuan Lee and Lee Yee Chan - TTF Font Fuzzing and Vulnerability
        S.A. Ridley and Stephen Lawler - Advanced Exploitation Of Mobile/Embedded De-vices: The ARM Microprocessor
        Josh Thomas - NAND-Xplore -> Bad Blocks = Well Hidden

The conference will also include advanced training classes for professionals:

        Unethical Hacking - Immunity’s most popular class focuses on teaching the fundamentals of Windows x86 exploitation by having students write exploits. This class attempts to teach a strategic approach to attack and penetration that goes beyond “penetration testing” to model how a real attacker targets your company. It’s recommended students be familiar with x86 assembler, some reverse engineering, debugging and Windows memory management.
        Immunity Master Class - Fun with modern exploit development and vulnerability discovery techniques. Intermediate to advanced exploit development skills are recommended for students wishing to take the Master class.
        Web Hacking - A favorite among developers as well as infosec professionals, this class focuses on understanding common web hacking techniques by having students exploit vulnerable systems.


Now in it’s third year, Infiltrate ( is an exclusive offensive security conference for the infosec community, focused on advanced hacks, exploits and all things offensive. Organized by Dave Aitel and Immunity Inc., the conference is April 11-12, 2013 at the Fountainbleau Hotel in Miami Beach. Past speakers at Infiltrate include Charlie Miller, Andrew Cushman, Thomas Lim, Dan Rosenberg, Cesar Cerrudo and Jon Oberheide.

For the original version on PRWeb visit:

Thursday, January 24, 2013

South Africa: Mobile Ubuntu - a Unix Powered Smartphone

Mark Shuttleworth, South African IT millionaire and Open Source Champion recently announced and demonstrated the planned release of the Linux-based Ubuntu operating system (OS) for smartphones. The Canonical boss revealed that future devices will not only run the new mobile OS, but will also boot the desktop variant of Ubuntu when docked to a keyboard, mouse and monitor. This would mean that you will literally be able to use your phone to power your PC.

It is planned that you would be able to install Ubuntu on most Android devices, and although it is a totally new OS (not just an Android skin), because it is built on Linux in the same way that Android is, there should be no problem installing it on modern Android phones.

Visually the phone interface is very clean and makes no use of permanent buttons, instead the system is totally gesture-based and different functions are triggered by swiping the phone from sides or top or bottom, similar to Windows 8. From an overall design perspective, Ubuntu looks to offer a pretty dynamic home screen experience that's quite a bit different to Windows Phone, Android, or iOS. It's focused more around recently used content - like contacts you've spoken to recently, music you've added, and apps you've used - rather than a static grid of content.

During his keynote address earlier this year, Shuttleworth continually referred to 'emerging' markets as the battleground on which an Ubuntu Phone would fight it out for impact... "It's this sector, the low-end, that the battle for the hearts, minds and hands of the less tech-savvy will take place."

However, while Canonical has plenty of experience hosting cloud-based services and app stores (a major hurdle for new entrants to the mobile space), it doesn't have a great track record in bringing physical products to market that use its software. Hopefully, application developers will take the lead in ensuring a stream of new and exciting applications.

So, although a low-cost platform has appeal for handset manufacturers, there's hardly a shortage of them to choose from right now, with Firefox OS and Tizen being the most recent examples of what can be achieved by fully embracing and supporting HTML5.

An Android alternative

Carolina Milanesi, mobile analyst at Gartner, feels that there is place in the marketplace for an alternative platform to Android.

Wednesday, January 2, 2013

Sr. Unix Administrator (Indians only)

Saudi Networkers Services - SNS Group

Our client is looking for a Senior Unix Administrator having no less than 10+ years experience, IBM P-Series preferably Indian nationals, a 6 month contract extensible based in Egypt.
Package is lucrative and availability should be within a month or so.


Unix Administrator - 10+ years experience, IBM P-Series, clustering experience, managing an environment of 80-100 LPARS, + AS/400 LPARS, Performance and Management etc.

Company Profile

Saudi Networkers Services (SNS) is a Telecommunications, Oil & Gas and IT Consultancy Services Provider, founded in 2001 and has excelled ever since in providing the biggest multinational companies in MENA regions with very high standards of quality service in the recruitment field.

Today, SNS Group is one of the leading consultancy services providers with more than 1500 employees worldwide, ISO 9001:2008 certified company and is highly regarded.