Cafaro’s Ramblings

Excellent news for the Linux community, Judge Dale Kimball ruled late yesterday that SCO does not own the Unix and Unixware copyrights, that in fact Novell owns the copyright. This seriously guts SCO’s lawsuits with IBM, RedHat, AutoZone, and the Linux world in general. After having failed to provide any examples of code in Linux that infringed, then changing their case to a contract dispute with IBM over copyright, they have now been told they don’t even own that copyright. Doesn’t look good for SCO, hopefully this is the end of their FUD (why do I doubt that ).

Judge rules Novell owns Unix copyrights.

Well, looks like I won’t have to lug my heavy MacBook Pro 15″ to work anymore. I work with computers a lot, and it’s generally helpful to have a laptop with me on my commute in and out of work. It’s also nice to have a laptop at work in case I need to do some emergency work outside of the office. It’s also nice to be able to have a full size laptop at home to sit on the couch and catch up on tech news, newsgroups, mailing lists and chat with my friends who are scattered around the world.

I have two laptops, my old good friend the Sharp MM20 ultralight I bought new 3 years ago, and a nice MacBook Pro issued to me by work. Though I love the Sharp, it has a small screen and limited power for relaxing and playing on the net at home, hence I use the MacBook at home. I love the MacBook (Core Duo 2Ghz, 2GB RAM, 160GB HD), but the thing weights a ton (though it’s not much heavier than the smaller 13″ MacBooks) and is not much fun to lug around in a bag on my commute in and out of work. Ok, you might say that I should just leave the MacBook at home, catch is I need some of the admin tools and gui provide by the MacBook to manage Apple specific resources at work. So for the past year I’ve lugged the MacBook into work every day. It’s nice having the power, but it’s just too heavy (why did Apple not develop a 12″ MacBook Pro? The 13″ is just not a replacement for that).

Well, things have changed. My work replacement cycle computer has arrived and I now have a Mac Pro desktop at work. A nice one at that: Two Dual Core 2Ghz Xeon Chips, 4GB of Ram, Two GeForce cards for dual 1600×1200 displays, and a 250GB HD). Coupled with VMWare Fusion and it’s a great workstation for my needs. I can easily manage Mac and Linux resources from one machine, do development work, testing work, and I’ve got my trusty command line when I need it.

So out of retirement comes my old Sharp MM20 laptop (1Ghz Transmetta Efficeon CPU, 512MB RAM, 20GB HD, Ati Radeon Graphics 16MB Ram, 10.4″ LCD). It’s not a screamer but it’s very light, think 1.9lbs! That’s with the normal battery! Barely even feel it in my bag. I decided it was time that I see what Fedora 7 had to offer. All my personal machines currently have Fedora Core 6 installed and since I was bringing this back to active service I wiped it and started fresh with Fedora 7. The install went smooth (I’ll do a write up later) and, with some minor tweaks, looks and runs well. Now this laptop doesn’t have incredible 3D acceleration ability, but I couldn’t help giving the “Enhanced Desktop” ie compiz a try. Wow, it’s perfect. That is what this little laptop need to make it more effective. Though it’s not perfectly smooth on transitions, I think it’s smoother than without compiz enabled. Also, the small screen isn’t as limited with access to the mac expose like affects. A quick mouse pointer to the upright corner brings a collage of all open windows, allowing easy and quick selection and navigation. With a refreshed standard battery, this should be a great travel companion as I commute or walk around work outside of office. Not to mention, even though it is three years old, people are amazed at how small, light, and slick looking the Sharp is. Too bad they don’t make them like they used to.

The latest version of Pidgin (used to be gaim) was released. I haven’t found any nice rpm’s for Fedora Core 6 yet (that would install) so I went ahead and made my own. No warranty whatsoever on anything about them. They work on my FC6 box, and that’s about all I know.

The rpm files are here.

UPDATE: Ok as many are well aware of Fedora Core has now switched over to Pidgin and the pidgin group now has a YUM repo setup and working for Fedora. So my rpm’s aren’t needed, just go to pidgin.im and use their YUM repo.

Here is a good article on what SELinux in RHEL 5 has brought to the table. Some cool new features and a lot more protection:

http://www.redhatmagazine.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/

There is also some interesting points in the comment section. Basically, a reminder that NO security mechanism is 100% safe, but it’s better than nothing and should always be considered when looking at what you need for your deployment.

– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

Ok, been a busy busy couple of months, two conferences down, two scheduled.

In February, I helped with the new LinuxWorld/OpenSolutions World Summit in NY. The show did pretty well, but the weather really messed it up (warning to others, don’t schedule a conference during a massive snow/ice storm, really messes things up LOL). I missed most of the first day when my 4 hour drive turned into around 8 hours, and I didn’t get to leave until 4 hours later than planned. The show’s presentation are are being pod casted here:

http://www.linuxworld.com/events/

Next on the list was the FOSE 2007 show where I helped organize the Tux.org non-profit booth. We handed out over 1,000 issues of Linux Journal with an intro to Linux flier, over 1000 CD/DVD Linux Distros, a couple dozen live FreeBSD CDs, and numerous other giveaways. We had some generally interested people talk to us and it’s nice to see more and more people actually know what Linux is and what OpenSource really means. Here’s some information on what we were doing:

http://www.cyberigor.com/fose/

Well, that takes care of what’s been happening, Now coming up this week is the ShmooCon conference:

www.shmoocon.org

I love this conference, has some great speakers, Bruce Potter and the rest of the Shmoo Group do an amazing job with it. Starts in about 3 hours, going to be a fun weekend!

Finally LinuxWorld/OpenSolutions World San Francisco 2007 is starting up. Hoping to get some real good speakers lined up for the Security track (which I’m track chair for). Anyways, not much to see, but here’s the site for that:

http://www.linuxworldexpo.com/live/12/events/12SFO07A

Well, I just got back from LinuxWorld and have to say I had a great time. This was a much better show than Boston was. Actually, after attending this show I realized how much the Boston show lacked for attendance and things happening. I still think part of what killed the Boston show was the move out of New York to Boston, but now that that the Boston show has been dropped and the LinuxWorld Summit in New York set as a replacement, hopefully it will get back on track.

Anyways, had a lot of fun at a couple of the booths, notable were the Fedora guys, who willingly let me hose the FC6 test 2 box in the name of experimentation, the USENIX booth for some good information, and the Trolltech booth with their cool developer phone coming out soon. Outside of the actual show, I had a good time hanging out with Joshua Abraham (pbnj developer) and Jon “maddog” Hall. Both of them were very cool, and introduced me to several other very cool people. Unfortunately, I’m terrible with names, and besides Pixel (aka “Bob”), can’t remember who I had the pleasure of having dinner and hanging out with Wednesday evening. Here is a rather bad picture taken with my Treo at dinner of some of the folks:

Ok, here is the actual interview that I had with Network World.  I really like how it came out, I think Phil Hochmuth did an excellent job taking what I had said and presenting it to the reader.  This is also the interview where they had taken the quote from for the previous article.   Well here it is if you are interested:

LinuxWorld experts: Securing Web-based application on Linux

A pretty good article about the upcoming LinuxWorld/OpenSolutions World Conference and expo came out in the online magazine Network World today. I was even quoted in it at the bottom of the second page. It was an interesting interview, and I believe I rambled on for way too long, but they managed to get my main point, that is, Security is about finding the right compromises, and there are good tools now and in the near future to help us get there.

Now there is one small issue, and I’m posting this as a correction. I am not currently working on development of SELinux technology. I am working on some policy stuff, but I am not active in the community development of the technology currently. I have worked on it in the recent past, and plan to continue in the near future (though I am thinking of helping out indirectly via SEDarwin). I just wanted to make that clear. I support SELinux, I’m trying to help promote and improve SELinux, but I’m not a core developer of the technology. There are others such as the NSA, Trusted Computer Solutions, IBM, Tresys Technology and several other groups and companies that are putting in the hard work to make this technology a reality in the production world.

Here is the article for those interested.

Interesting article, and I would love to see this presentation at the BlackHat conference. Jon Ellch and David Myanor will be showing off how they can hijack a MacBook laptop in about 60 seconds using vulnerabilities in the wireless card driver. There are a couple of things that make this interesting:

1. All that has to happen is that your wireless card be turned on. You don’t have to be connected to a network. If you wireless card is on, you are a target, period.

2. In theory, there is nothing to say that BlueTooth is safe from this either. I would imagine that similer vulnerabilities could be found in Bluetooth drivers as well.

3. This is not Mac OS specific! Though they used a Mac for the demo, they have also discovered vulnerabilities in Windows. And I see no reason that it couldn’t affect Linux/*BSD as well.

4. Firewalls and anti-virus programs won’t and can’t protect you from this. This is a much lower level attack and will always bypass this. The only way to protect against it is either through better device driver security or not using wireless. SELinux/SEBSD/SEDarwin may help this somewhat, but again drivers are usually in the OS kernel and once you’re in the kernel it’s hard to stop attacks. I’ll have to look into the SE* solutions and see if they might be used to help mitigate this attack (though I’m doubtful).

Currently, there isn’t much you can do to protect yourself. Just turn off wireless when you don’t need it. Apple’s patches just came out, but there was no mention of a fix for this. The researchers are talking to Apple, Microsoft, and others to get this fixed. Also, they are not showing how they did it, just that they did it, so no current “in the wild” exploits are known of at this point.

Well, I finally got around to posting up my instructions for installing FC5 on a sharp MM20 laptop. This is definitely one of the best versions yet to run on this laptop. It’s not perfect yet, as suspend modes aren’t 100% consistent, but it is getting very close. Anyway, you can read about it here:

Fedora Core 5 Linux install on a Sharp MM20 Laptopt.