In my one-man crusade to make security news something useful, looks like the White House took my advice and decided not to call the position “Cybersecurity Czar”, but rather “Cybersecurity Coordinator”. Whew! Close PR shave for the Pres.

From the article “Obama Announce creation of cybersecurity coordinator position”:

The coordinator will not only run a new White House cybersecurity office, but will also be a member of the National Security Staff and National Economic Council.

In other security related news, I found this article especially interesting, Security and Regulatory Concerns Slow Some Virtualization Efforts. Specifically, it discusses how any regulated server or service, for example, card processing and HIPPA regulated systems and data, should not be implemented on a virtualized server.

Thought the article was particularly useful in drawing out the concerns of other stakeholders in an enterprise besides just the server guys whose concerns are mainly saving rack space and being green. One of those stakeholders was the security team – where do you position your taps and intrusion detection nodes in a virtualized network?

Last I checked Snort didn’t run on the backplane, but that’s where it needs to go next.

[update: 5/29, 2:50p - PC World picked up on the Czar-thing: Best quote:

Notably absent from Obama’s description of the position was the word “czar.”

“I’m really happy he didn’t use the word czar,” said Jeff Moss, director of the Black Hat information-security conferences. “We’re a democracy and we don’t have dictators. How could we have one person sweeping away all these problems?”

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org Twitter @esawdust

I fear for the state of computer and network security because the industry is becoming a lot like diet and nutrition news. One day, this food is good for you, the next day it’s not. After a steady barrage of security news, the average user can hardly pay attention.

Should Obama appoint a cyber security czar? No, some say. Instead, he should appoint a “federal chief of information security.” That certainly clears up the issue for me. If you’re still feeling fuzzy on the point, I suggest you keep reading.

Cybersecurity is an “operations issue”…all well understood, according to the Gartner group. Cybersecurity is just a lowly operations issue – old hat, we’re told. What we need to focus on instead: “improve security in cyberspace…” Ah, the light is now dawning on Marblehead. It’s all so clear now.

In case you were ready to pack it in on the hard-core security problems of our nation’s infrastructure, you may not ever want to search for anything that includes the words “free” – a free piece of advice proffered by our friends at ZDNet and McAfee in The Web’s most dangerous keywords to search for [sic]

Upon searching for 2,658 unique popular keywords and phrases across 413,368 unique URLs, McAfee’s research concludes that lyrics and anything that includes ‘free” has the highest risk percentage of exposing users to malware and fraudulent web sites.

Well, that pretty much takes the legs out from under Google since I suspect a fair number of people are looking for free stuff. And here we thought Wolfram Alpha was going to be the Google-killer.

To make matters worse, the CVE databases, instead of being a beacon of clarity, problem isolation, and direction, are evolving into a window into how muddled and complex some security vulnerabilities are, even for the developers themselves. (See OSVDB on Problems with Identifying Vulnerabilities.)

As Richard Bejtlich puts it in the article:

It’s really an problem of incentives. The group with the strongest incentive to fully comprehend the vulnerability is the group that seeks to exploit it. Once they understand the vulnerability they have a strong incentive to not tell anyone else so they can financially or otherwise benefit from their asymmetric knowledge.

So, in some sense, the news you hear about security issues is already pre-digested and potentially not a threat if the real vulnerabilities are those which are least well known and characterized, even by the developers themselves. Brian (jericho) from the article “if you can’t, how can we?”:

Lately, Mozilla advisories are getting worse as they clump a dozen issues with “evidence of memory corruption” into a single advisory, that gets lumped into a single CVE. Doesn’t matter that they can be exploited separately or that some may not be exploitable at all. Reading the bugzilla entries that cover the issues is headache-inducing as their own devs frequently don’t understand the extent of the issues. Oh, if they make the bugzilla entry public. If the Linux Kernel devs and Mozilla browser wonks cannot figure out the extent of the issue, how are VDBs supposed to?…

Is it just my perception, or is any government position with the word “czar” tacked onto the end of it bound to fail? I can’t think of any XYZ-czar we’ve touted that’s ever succeeded. So, just from a PR point of view, lets not talk in terms of a cybersecurity czar…that’s for sure the kiss of death, even if it’s superstitious.

Some real coordinated corporate, open source, and government leadership is needed – I wish I had the answer – but I’m not sure the latest hype about a cybersecurity czar is anything more than security theater.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org Twitter @esawdust

I’m always boggled by the number of things that exist under the open source umbrella. Recently, thanks to twitter @chrisindallas, I came across an open source rocket project, YikStik.

YikStik is the labor of love of Bdale Garbee who is HP’s Linux CTO and acting secretary of the Debian project.

YikStick is licensed Creative Commons Share Alike 3.0, so get going if you have your own 3-axis CNC milling machine.

Speaking of CNC milling machines, and carrying on the rich open source tradition of bad naming, check out the open source CNC, cupcake. Cupcake is another in the line of machines that can make machines like Reprap.

Finally, if you haven’t already seen it, check out the world’s largest model rocket launched by Steve Eves. It is a 1:10 scale Saturn V – 36 foot tall model rocket. Boggles my mind what people can accomplish in their “spare” time.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org Twitter @esawdust

This morning I was browsing my twitter stream and came across one of the many “life coaches” that seem to have found twitter like stink on a skunk and saw this little jewel:

ConnectSocMediaRT @lifesuccesstv One of the greatest gifts you can give to anyone is the gift of attention. Jim Rohn

I laughed out loud and thought “That has to be one of the most ironic, moronic, hypo-critic things I’ve ever seen on twitter.” What’s even more ironic was the fact it was a retweet (and what’s more ironic is that I’m effectively retweeting it now in this blog post.) How’s that for sick?

It reminded me of the Crosby Stills and Nash song Daylight Again and their lyrics “When everyone’s talking and no one is listening…how can we decide?”

I’m sure I’m like most grizzled veterans of the net who, when we first heard the hype of twitter, rolled our eyes and thought “Here we go again.” And like most grizzled veterans of the net, we’re doing what we all do best when given a huge network to play with, try to take advantage of it.

With that reluctant intro, take a look at Spaz, an open source twitter client. It’s an Adobe Air client that runs on Windows, Mac, and Linux…some might argue it can’t be open source if the tool used to build it isn’t, but there you are.

The first client that lets me do a good job of filtering X,000 followers (like I have that many), down to about 10, will get my vote. I’m realizing that as twitter supplies RSS feeds for each account, what I really need is an uber newsfeed reader for twitter. Lots and lots of twitter “productivity” tools popping up in the cesspool of social networks. How gross is that? The ultimate oxymoron: productive social networking. Seems less like evidence of a fertile and useful environment than one that’s systemically broken.

The problem with twitter is that every so often, a little jewel floats down the River Ganges like flotsam and it’s that which keeps some of us coming back for more.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org

If you really want to “follow me” (cough), you can find me at http://twitter.com/esawdust ( @esawdust )

Over the last several weeks I’ve been reading a lot of Richard Bejtlich’s material – books and blogs. Richard is a frequent Black Hat speaker and emphasizes network security monitoring. He officially lists himself has “Director of Incident Response, General Electric”, but has been a former Air Force intelligence officer (described as a soldier who protects national security data.)

He’s posted a good essay on using open source security tools and specifically open source infrastructure like OpenDNS in order to battle large malware threats like Conficker.

I really like Bejtlich’s way of thinking – particularly his NMS framework he writes about in The Tao of Network Security Monitoring. He’s got several other books which I own but haven’t plowed through yet, but I can highly recommend:

“The Tao of Network Security Monitoring: Beyond Intrusion Detection” (Richard Bejtlich)

I’ve bought a 3 foot stack of books on security tools over the last few months, but out of all of them, “The Tao” is by far the best money spent. So, if you need a crash course in how to think about network security and you could only buy one book, that would be it.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org

Here’s an nascent, but very interesting concept developing – open source gizmos:

They’re basically a design shop for embedded devices you want to create:

“All the ideas that are sold and designed here are OpenSource. Including Schematics, Mechanical Design, PCB Design, Programming Code.”

They have a few items for sale online such as GPS trackers, some gumstix daughter cards (gumstix is something I wrote about a long time ago – “worlds smallest linux computer”). Here’s their Gizmo For You shop. Go wild.

Speaking of open source gizmos, awhile back I wrote about an open source microcontroller platform called Arduino (see: “The Many Faces of Arduino”.) Arduino has continued to morph. I don’t have time right now to catalog the new Arduinos that have hit the market since that article, but one in particular made me chuckle when it was brought to my attention – the one-chip Arduino. It might be the first ever open source 3D circuit board? I love that thing and all it represents.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org

Today’s NYT has an article in its Business Computing section on R the open source data analysis language that’s starting to put a dent in SAS. Read the SAS spokeperson’s comments – looks like a case of open source denial in full bloom.

Secondly, a new book on Gnuplot is available for pre-release in PDF from Manning – Gnuplot in Action. I would highly recommend the book even though it’s not in final form and you have to buy the PDF from Manning directly. It’s basically complete and very usable – tons of good examples in it – and I first learned of R from this book’s mention of it.

I used Gnuplot extensively recently when I built test software for a wifi RF signal strength vs distance/terrain field study I did for a major construction equipment manufacturer. After getting into it, I wanted to write a blog entry called “Oldies but Goodies” and Gnuplot was going to be on the list.

Gnuplot has been around for a long time, and considering its maturity has continued to keep boundaries on itself so it’s not trying to be all things to all people. It’s not trying to be an R, for example. It’s a mark of a good OSS project when it can maintain that type of discipline.

FYI – here’s a quick glimpse of a Gnuplot that came from my wifi field study. Nothing fancy, but just nice, clean charts.

The beauty of using Gnuplot is how scriptable it is and how many output formats it can support…everything from ASCII art, to all the major bitmap graphic formats, to SVG, PS and PDF. I used Ruby to drive Gnuplot results for dozens of charts of different RF experiments done for that study. All the charts where generated by Gnuplot into PDF format so I could scale them easily. They could then be sucked into Mac Pages to build a very professional looking report. As PDFs, every chart was scalable once in the page layout program, so it was a perfect output format and could be quickly generated. As data changed during the experiments, I regenerated dozens of resulting charts effortlessly.

Gnuplot was a wonderful tool for RF data analysis and a reminder that not everything that’s great has to be hot and new.

[update: found this presentation on using Gnuplot and R together]

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org

I wanted to share a fix for something that has been driving me insane on an Ubuntu Fiesty box (though don’t think it’s at all limited to that distro). This fix may be common knowledge, but, if you’re like me and you don’t know about it, then it’s not common, eh?

I have a 500G Maxtor USB drive as a backup drive for a Dell pizza box running Ubuntu Fiesty. I formatted it ext2, got it mounted, ran backup data to it, no problems. I made a daily cron job to do backups, but every morning when I’d look at my cron notifications, I would discovery that the backup failed because the file system was read-only which is not how I left it.

I would log in to my box, try to make a file on the backup drive and sure enough, couldn’t because it was read only. I’d unmount it, then remount it and it would be fine. By the next morning it was read-only again.

I reformatted the drive to ext3, reiserfs…no matter what, I had problems. Looking at log messages I would see things like this:

Nov 19 07:29:54 hurricane kernel: [724306.332761] sd 4:0:0:0: Device not ready: : Current: sense key: Not Ready
Nov 19 07:29:54 hurricane kernel: [724306.332771] Additional sense: Logical unit not ready, initializing command required
Nov 19 07:29:54 hurricane kernel: [724306.332781] end_request: I/O error, dev sdb, sector 10706
Nov 19 07:29:54 hurricane kernel: [724306.332785] printk: 4 messages suppressed.
Nov 19 07:29:54 hurricane kernel: [724306.332797] lost page write due to I/O error on sdb1

where sdb1 was my USB backup drive partition. After digging I finally found a thread:

http://ubuntuforums.org/showthread.php?t=494673

that talked about a similar issue. Some people saw it on NTFS, FAT32, etc – it has nothing to do with the drive format as far as I can tell.

The problem is that some drives will spin down (I suppose to save energy), but that hoses up the filesystem and kernel for writing to it.

For me, the fix was similar to that suggested in the link above:

1) create a file in /etc/udev/rules.d called 85-usb-hd-fix.rules and add this line to it:

BUS==”scsi”, SYSFS{vendor}==”Maxtor”, RUN+=”/usr/bin/usbhdfix %k”

(where you modify the vendor to be appropriate)

2) in /usr/bin add a file: usbhdfix and put this content in it:

#!/bin/bash
# http://ubuntuforums.org/showthread.php?t=494673

echo 1 > /sys/block/$1/device/scsi_disk:*/allow_restart

3) of course, chmod +x usbhdfix as appropriate for you.

After this, my backups never failed again due to the read-only issue.

Apparently a kernel fix is coming or is already there…I didn’t chase that down.

Hope this helps someone,

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org

Some time ago, I mentioned that I love MacFUSE which lets you access remote systems over secure shell as if they are local disk drives on your Mac. MacFUSE is a Google Code project under the new BSD license.

I just upgraded my VMWare Fusion to 2.0 and one of the things they bundled with it was MacFUSE (1.5, though the latest is 1.7.) MacFUSE was 1.3 in January of 2008, 1.5 in April 2008, and 1.7 in June of 2008. MacFUSE continues to rev rapidly and is now being integrated into a commercial product.

I was recently asked to evaluate virtual whiteboard solutions for a client and had the opportunity to look at the state of open source whiteboards. With one exception, it wasn’t a pretty scene.

By OpenLogic certification standards, nearly every open source whiteboard would have failed due to lack of activity, lack of community support and size (single developer.) If you’re reading this and have deployed an open source virtual whiteboard solution in your enterprise, please leave a comment – I would love to hear from you.

There was one notable exception in the wasteland of open source whiteboards, Dimdim.

Dimdim carries on a rich open source tradition of extremely bad product naming, but otherwise, looks like a jewel in the rough. In July 08, Dimdim announced receiving a $6M infusion, so theoretically, they should have some runway to really improve this product. Needless to say, it’s being actively developed.

Dimdim is an open source web-based meeting solution along the lines of WebEx, GotoMeeting or Raindance and is billed as a direct challenge to WebEx. While I’m not sure WebEx (or the others) have much to worry about yet, there are some compelling features of Dimdim that make it worth a look if you’re in the market for an alternative, especially an open source alternative.

First you can use the Dimdim service to freely host meetings with up to 20 participants. They also offer paid services for meeting sizes larger than 20 in their “Pro” edition ($99) and their “Enterprise” edition ($1998). Finally, if you want to host your own instance of Dimdim, you can download the GPL’d community edition and host it with no participant limitations or license fee.

Dimdim clients are Flash based and work on Windows, Mac and Linux, though initiating desktop sharing is only available on Windows and more recently, Mac. Linux users can see shared desktops, but can’t be the one sharing. If you have a webcam and/or microphone, those are supported pretty well by Dimdim. On my iMac, it picked up the camera with no fuss and the video feed is automatically integrated in the framework when you start a meeting.

Audio, like nearly all the commercial alternatives, is available embedded, but as with all the commercial alternatives, you’re better off not using it and calling in on a standard conference calling bridge. The sound will simply be much better if you don’t use the embedded audio.

Virtual Whiteboard

My main interest was in the virtual whiteboard feature for collaboration. I also wanted to make the whiteboard as natural as possible, so drawing with a mouse was out of the question.

I settled on using a Wacom tablet (Intuos 3) as an input device for the whiteboard since regardless of the whiteboard software, it could at least look like a mouse to the machine but be a much more natural drawing tool. The Wacom tablet has driver support for Windows, Mac, and Linux. The Wacom tablet Linux install is not the best and required some manual name editing of the xorg.conf file to get it working, but after that, it’s reportedly working like a champ from users I’ve talked to.

One of the things I really like about the Dimdim whiteboard was that it is multi-paged. You definitely need it, too, because it’s not resizeable and I think it is a shade too small for how a whiteboard is typically used. The second thing I really liked about the whiteboard is that when you leave a meeting or log out as a host and then resume that same meeting later, the whiteboard contents are still intact. You don’t need to explicitly save the contents. If you’re like most tech companies, your conference room whiteboards are constantly locked down in “Do not erase” mode, so having a virtually expanding, page-able whiteboard is nice.

Now for some of the first impressions on using a virtual whiteboard. My litmus was “how natural is it compared to the real thing?”

If you’re prepared to practice a little bit, you can get decent results in short order, but it still won’t be the same as grabbing a marker and whipping out diagrams. Before you present the first time, you should practice to see what works best for you.

Here are some Dimdim whiteboard pitfalls and best practices I found which were helpful in achieving more whiteboard-like results.

Don’t use the geometric tools if you plan to annotate the shapes.

This warning comes from the issue of weak selection capability in the whiteboard editor. It’s most easily demonstrated with this example:

If you draw a small shape and then encapsulate it with a larger shape, you can no longer select the small shape without moving the larger shape away from it, selecting it and then moving the large shape back again. This is obviously a pain.

It gets worse when you try to annotate the shape with text because the text area they give you will not resize to the extent of the text and therefore can radically overlap multiple elements of your drawing as in this example:

The text in the box that’s selected is supposed to be in the upper left box, but the text area will overlap many other elements making them difficult or impossible to select without temporarily moving things out of the way.

For me, the Dimdim whiteboard came into its own when it was used with the Wacom tablet in a freehand mode (not using the geometric tools or text tools.) Despite the text tool’s limitations in annotating a shape, it can do quite well for forming tight, readable lists. Using this combination, you can quickly achieve very whiteboard-like results and it’s not clunky or frustrating to use.

Here’s an scenario. Lets say you’re whiteboarding a diagram and out of the discussion an issue comes up which needs further consideration, you can’t deal with it right now, but you don’t want to forget it. The typical method is to list it in a parking lot. Here’s a contrived example showing the start of a diagram using freehand methods with a Wacom tablet, but using the Dimdim text tool for what it’s good at, tight text – in this case the Parking Lot list:

You could even add another whiteboard page and put your parking lot items on it instead so it doesn’t clutter up your diagram, but you don’t lose the info. With the Dimdim whiteboard, it’s fast to flip back and forth between pages.

Whiteboard Limitations

Some limitations of the Dimdim whiteboard that I found were:

You can’t copy and paste between whiteboard pages
You can’t duplicate a whiteboard page

Both items are supposedly in development now according to the email I got when I submitted an enhancement request.

You can’t paste an image into a whiteboard. I would love to be able to do this because often you want to be able to collaboratively annotate an image of some sort – say a map, or existing diagram. The way you’d have to do this in Dimdim is to have a presenter share a desktop with a real application running – pull in an image and then annotate it. Again, not being able to hand control of the desktop to another participant remains a collaboration limitation.

Dimdim Limitations

Desktop sharing is still not up to par with the guys like WebEx and GotoMeeting who have been doing this gig for many years. I think this may be the #1 issue that will affect the rate of adoption of Dimdim. When I say it’s not up to snuff, I mean specifically that remote people who are looking at the shared desktop will hardly ever see any interaction, but rather slow screen paints of a screen once it has settled down on the presenter’s side. There’s significant latency. I also didn’t see a way to hand control of the desktop to another participant.

I think the best it could be used for currently is to present static slides (PPT or PDF) or very static screens. If you’re trying to present interactive pages or user interface ideas or interactions, I can’t see how Dimdim would possibly fill your needs.

Dimdim Strengths

The strengths of Dimdim are that 1) it’s very easy to start an account and host a meeting 2) the process to join a meeting could not be simpler 3) there are many hosting configurations to suit a variety of needs 4) It’s free to very affordable depending upon your meeting sizes.

Would I trust Dimdim to present a product rollout to 500 sales people? No. Would I trust it for an internal collaboration tool? Certainly. Perhaps over the next year or two, it will be a worthy competitor to the commercial web-conferencing tools.

About me

I’m an independent consultant who used to do a lot of work for OpenLogic. I greatly appreciate OpenLogic and the mission they are fulfilling as well as their willingness to let me contribute to this blog. Views expressed here are not necessarily those of OpenLogic and any mistakes are 100% attributable to me. You can contact me at: landon at 360vl dot com or visit http://sawdust.see-do.org