Aaron Toponce

Debian – The Universal Operating System

2009-11-17T19:10:37-08:00

The other day, I blogged about the Debian Installer, and I stated that I find it to be one of the most flexible and possibly most powerful operating system installers. Well, continuing with a series of posts on Debian, I want to mention how flexible the operating system is by itself, from installing to running. The claim from the Debian project that it is “The Universal Operating System” is spot on, and I hope this post shows you really how universal it truly is.

First off, let me start by saying that Debian isn’t perfect. No operating system is. However, I find the flexibility of Debian extremely powerful. So powerful, in fact, that Debian can meet the needs of most individuals and situations. While it may not meet the needs of all individuals all the time, I’m confident that it can either meet the needs of all individuals some of the time, or some of the individuals all the time. Let’s take a look.

Installation
First, as mentioned in my previous post, the Debian installer is fantastic. I won’t cover everything here that I already covered in that post, but I will mention a few things. To start, you can download the entire 5-disk DVD set, in addition to a 1-disk DVD update to get you caught up to the latest stable release, and use this set as your software repository, keeping your system completely offline, should you so desire. You could also download 31 CDs, including 5 additional update CDs for the same thing, should you not have a DVD burner at your disposal.

Of course, not everyone is up do downloading 30GB of software, so, should you desire, you could download just the first DVD or CD to do a complete base “default” install. This way, you’ve only downloaded ~5GB if you grabbed the DVD, or ~700MB if you grabbed the CD. Much better than 30GB.

But, Debian doesn’t stop there. Even 700MB might be too much. So, you can download “net installers” which are substantially smaller images. These installers come in two flavors- businesscard and netinst. The businesscard images are designed to be burned on business card CDs, which only hold 50MB total. As a result, these are great to carry in wallets (I do myself) should you be a Debian system administrator. The netinst image is a bit bigger, roughly ~170MB, give or take. The different with these from the business card images is they contain the base software on the ISO, where the business card relies on an external software repository for that.

Aside from ISOs, you can install Debian from a USB drive, PXE or from a local hard disk should you desire. Debian ships expansive documentation covering how to do each of these in detail, so you’re not left stranded.

Releases
Part of what makes Debian GNU/Linux the universal operating system is the architecture itself. The developers of Debian want to reach as many people as possible with the widest array of hardware and software, while not compromising the philosophies in regards to software itself. As such, the developers of Debian have split the software repositories into 6 repositories:

oldstable: This is the release that was previously the “stable” release. This software is supported for one year by the security team after it has become “oldstable”. If a new stable release happens within that year, then this release will become “oldoldstable” for the remainder of the year, with the new oldstable receiving a new full year of security updates. This is currently aliased to “etch”.
stable: This is currently aliased to “lenny”. The stable release is the officially supported release by the security team, meaning that security updates and bug fixes are applied in a timely manner.
testing: This release becomes the test bed for the next stable release. It has filed against it a number of “release critical” bugs. This count must reach as close to zero as humanly possible, while still keeping the idea of a close release at hand before becoming the next stable. Packages enter this release from the “unstable” branch only after a stringent testing criteria. The testing criteria is:
- It must have been in unstable for 10, 5 or 2 days, depending on the urgency of the upload.
- It must be compiled and up to date on all architectures it has previously been compiled for in unstable.
- It must have fewer release-critical bugs than, or the same number as, the version currently in “testing”.
- All of its dependencies must either be satisfiable by packages already in “testing”, or be satisfiable by the group of packages which are going to be installed at the same time.
- The operation of installing the package into “testing” must not break any packages currently in “testing”.
A package which is said to pass 3 of the above criteria is said to be a “valid candidate”. Packages in this release do not get security updates from the security team. This release is currently aliased to “squeeze”. This release is also coined a “rolling release” as there are no release dates, but updates come in on a near daily basis, fixing bugs and preparing for the next stable release.
unstable: As the release name implies, packages here are not guaranteed to be stable. Packages could break other packages in this release, and regularly do. Security updates are not applied to packages in this release, however, due to the nature of the release, most packages here are bleeding edge with the latest versions. This release is permanently aliased to “sid”. It is also considered a “rolling release” like testing.
experimental: This release is not indented for installs. It is solely suited for package building, testing and signing. Packages entering this release have just come through the package queue, and are brand new, usually upstream as well. Quite often, packages here are still in development, usually alpha quality. Packages should not be installed from here, as they can be potentially dangerous to your system, even for experienced users.
volatile: The packages in the stable release sometimes get old out outdated, as the time between releases could be great. This not only includes binaries, but configuration files, libraries, databases and other pieces of software. As such, the volatile release is aimed at keeping things, such as configuration files, more up-to-date. For example, spam blacklists for SMTP servers. It is important for administrators to keep on top of their spam, so keeping up-to-date spam definitions is critical. This release supplies these definitions. Generally, binaries are not included in this release. All package dependencies in this release are satisfiable in the stable release.

Kernels
Aside from the 6 software releases, of which stable, testing and unstable are named after Toy Story characters from the Disney/Pixar movie, Debian GNU/Linux ships 4 kernels as well. This is part of the reason for the name “Debian GNU/Linux” as the name implies that Debian is an operating system that comprises of mostly GNU software with the Linux kernel. However, other kernels and software can be added. As such, the four kernels we have are:

Debian GNU/Linux
Debian GNU/kFreeBSD
Debian GNU/Hurd
Debian GNU/NetBSD

Debian GNU/kFreeBSD is the furthest developed of the three kernels outside of the Linux kernel mentioned above. Currently, the FreeBSD kernel has landed in the “testing” release, meaning it will be fully supported by the security team for the next “stable” release, codenamed “Squeeze”. Advantages of this bring the ZFS filesystem to the Debian userland, and the PF firewall from OpenBSD. Debian GNU/kFreeBSD will only be supported on two architectures out the gate, namely i386 and amd64. Debian GNU/Hurd and Debian GNU/NetBSD are still under active and heavy development. In fact, the Debian project seems to be doing more for the Hurd kernel than the GNU project itself, as most Hurd developers are also Debian developers.

CPU Architectures
If this isn’t enough, when the Linux kernel initially released, it only supported Intel 386 back in 1991. Fast forward nearly 20 years later, and the Linux kernel supports a massive array of CPU architectures. The Debian project has strived hard to reach as many of them as they can. As such, under the current stable release, Debian GNU/Linux supports 12 CPU architectures, namely:

Alpha
AMD64
ARM
EABI ARM (“ARMEL”)
HP PA-RISC
Intel x86
Intel IA-64
MIPS (big endian)
MIPS (little endian (“MIPSEL”))
PowerPC
IBM S/390
SPARC

There are three additional CPU architectures that are under development, and will probably find their way into a “stable” release. They are:

Armeb (big endian ARM processors)
Atmel’s 32-bit RISC
Hitachi SuperH
PowerPC64
Renesas Technology’s 32-bit RISC

Now granted, not all of the software that is available for the Debian operating system is available on every architecture. The Intel processors get the most attention obviously, as they hold the largest market share. But, package support for each architecture is growing, and the heavy hitters in the packages selection are likely already compiled for that architecture, such as Apache, NFS, OpenLDAP, GNOME, etc. NetBSD might be the only other operating system in the world with more hardware support than Debian.

Repositories
Coupled with all this software and hardware that Debian GNU/Linux supports, you can choose your software based on your personal philosophies toward software freedom. The Debain project prides itself in being an operating system that ships Free Software as defined by the GNU project. As such, by default, a Debian operating system will only ship Free Software, leaving the proprietary software out. However, holding true to the universal operating system paradigm, they have made proprietary software available for installation, should you choose to use it. So, they’ve split out their software repositories as follows:

main: This repository holds the bulk of software installable from Debian. All software in this repository is deemed Free Software as defined by the Debian Free Software Guidelines (see Appendix). This is the only repository enabled by default on a new Debian GNU/Linux install.
contrib: This repository also contains Free Software, however, it might rely on proprietary counterparts, such as images or media codecs. This repository must be added by the user manually after install.
non-free: This repository contains only proprietary software, or software licensed such that it does not meet the Deian Free Software Guidelines. This repository must be added by the user manually after install.

Locality
Because the Debian project is a community-driven project run entirely by volunteers in many countries across the world, it also strives to provide package translation for as many languages as possible. Unlike Red Hat, who can say they support 19 languages out the box, Debian has provided package translation, mostly in part, for nearly 250 languages! However, most of these translations are works in progress, and are not considered complete. If you speak one of these languages, feel free to join in on translating packages to get Debian closer to complete in this area.

Conclusion
Outlining the vast array of software and hardware that Debian supports, coupled with the flexible installer, and package translation for hundreds of languages, truly makes Debian the universal operating system. Nevermind the fact that Debian also appeals to a large crowd of users. Everyone from complete “newbs” to the ultimate hardcore hacker can easily fit within the Debian ecosystem.

The Debian Installer – The Most Flexible Linux Installer

2009-11-15T15:53:23-08:00

I was just recently blown away by what I can accomplish with the Debian installer on getting Debian installed on a system. I used to think that the openSUSE installer was the most flexible Linux installer, with Anaconda running a close second, but I think I’m going to at least put the Debian installer in a 2-way tie for first with openSUSE. The only reason I would say that, is because the openSUSE installer uses a hub-and-spoke design to installing the operating system. This means you can pick and choose what you want to install, rather than going through the entire installer itself. Further, the openSUSE installer supports installing from a SMB share on a Windows network, with neither Anaconda nor the Debian installer support (that I can tell).

However, one thing that continues to impress me about the Debian installer is the extreme amount of choices in which to get Debian installed on your system. You can pick any path, ranging from the complete newbie-have-the-installer-choose-everything-for-you to total hacker control over what you want installed, and everything in between. Looking over the installer, here’s a quick list of what I’ve come up with, and how to get Debian installed on your system:

Text vs Graphical- The Debian installer supports both a text mode and a graphical mode for getting the operating system installed. When booting the installer, you are presented with a menu that allows you to choose which method you want to take.
Beginner vs Expert- Further, if you want total control over what gets installed on your system, you can choose to take the expert path. This will ask you many more questions on what you want to install and how you want it configured. As a result, the installations takes a bit longer to get through, but if you’ve done it several times, it’s no biggie.
Local vs Remote- An operating system installer wouldn’t be complete without the ability to do local as well as remote installations. The Debian installer supports setting up both a VNC server and an OpenSSH server for remotely installing the operating system. It also supports “bootstrapping”.
Manual vs Automatic- Installing the operating system here and there, one at a time is fine for manual installs. However, if you need many installations to take place, or you want the exact same install to go down on many machines, then you can do an automated install using preseed. There are other ways to do automatic installs, such as Kickstart, Kickseed and FAI.
Installation vs Rescue mode- Let’s not forget that you’re not installing Debian all the time. The Debian installer supports a rescue mode which will mount any filesystem on your local computer, and give you the ability to troubleshoot why your computer is in the trenches, and how to get it out. Windows, Mac, GNU/Linux, etc. If you can talk to the filesystem, you can rescue the computer.

So, now you’ve booted the installer. You’ve loaded the kernel and you’re ready to start an install. Most experienced Debian users will choose to do a network install. This means that you have access to a server acting as a Debian software repository, from which you’ll pull down the packages. Of course, if you don’t have access to a software repository, you can download all the CD images or DVD images, and do an install completely disconnected from any network. Once the installer is ready to go, you have a variety of options on getting Debian installed on your system. First, let’s look at different ways on getting the installer booted:

PXE- The Debian installer can be loaded through network booting via PXE using TFTP. If you have a TFTP server, and probably DHCP and DNS as well, setup, you can make installs rather painless using this preferred method.
CD/DVD- This is probably the most “tried and true” method for getting Debian onto your system. Downloading and burning bootable CDs or DVDs are a great way to get Debian installed, even if using optical media is the slowest method of doing so.
USB- I personally love this option, as I don’t have to waste CDs. I can create a bootable USB drive by downloading, uncompressing and copying over a boot.img.gz to the drive. Then, I mount the drive, and copy over an ISO image I want to use for the installer, and use this newly created bootable drive to install Debian.
Local Hard Disk- Lastly, you can start the Debian installer by booting from a partition on a local disk to your system. You just grab a Linux kernel and initial RAM disk, as well as an ISO image, copy it to the front of the disk, make some configuration changes, and reboot. This method is completely host operating system independent.

Once the installer is up and running, you now have a slew of options on how to get access to the software for the install. This is where I think the openSUSE installer might have the upper hand, as it supports installing from a SMB share on a Windows network. However, your options are far from limited:

HTTP- Accessing a Debian software repository via HTTP is the preferred method, especially if the repository is local to your network. And setting up an HTTP software repository is rather trivial if you have the software to do an install.
FTP- Of course, you can do the same thing with FTP as you can with HTTP. It’s rather trivial to get software of an FTP repository for the install.
NFS- If you have an NFS server, you can export the repository over the network, and do an installation over NFS.
CD/DVD- As already mentioned, you can do a complete offline install by using the CDs or DVDs. This is a very slow method for accessing the software packages, but it is rather trivial.
ISO- As already mentioned, you can use ISO images for the software source. These can be placed on a CDROM or on an external USB drive. Setting either of these up is slightly different than just burning an image to disk, but it’s still rather trivial, and doesn’t take much time. Plus, it’s fast, and light.

Once the installer has booted, the kernel has been loaded, and other configuration parameters setup, the flexibility of the installer doesn’t stop here. You can install Debian on a RAID array using software RAID. You can setup LVM. You have full encryption support, with even determining the type of encryption you want to support (AES, Twofish, Blowfish, etc) and the key strength. When the drives are setup, with partitions, LVM or RAID, you now have the option to install software. You can choose to just do a “base install” which installs only the bare minimum for a bootable operating system. You can install necessary system tools, a desktop environment, with or without laptop support, and so forth. You can choose to have root login or not by using sudo. You have access to two TTYs during the install, from which you can add many users, setup groups, do additional configuration, and so forth before rebooting into your new install.

The options seem to be virtually endless! I was a Red Hat and SUSE trainer for a bit, and I really grew to love the Anaconda an openSUSE installers. They are powerful, flexible installers. However, after learning what was possible with Debian, it seemed clear to me that the Debian installer held the upper hand. Not because I prefer Debian for my default operating system on all my computers, but because of what was immensely possible with it.

If you are a Debian system administrator, either personally or professionally, I would recommend spending some time with the installer to get a feel for what you can do with it. I think you’ll find that it’s rather impressive, keeping up very well with the “enterprise” solutions that exist out there. Also, spending some time on Google will show you a vast array of documentation on how to use the Debian installer to its fullest. This document might be a good start for you.

Get Your Unix Beard On

2009-11-01T06:33:37-08:00

Today is the day, my friends. The day where the boys are separated from the men. The day tech support is separated from the system administrators. The day God smiles from on High. What am I referring to? Why, Whiskerino 2009, of course.

The concept is simple. Whiskerino is an Internet beard growing contest that happens biannually on the odd years. As a participant, you take a photo of yourself, and upload it to your account on the site. Other users of the contest will vote on the uploaded pics for the day. The pic with the most votes, becomes King Beard. However, not all is care free. There are some certain rules that you must abide by:

The contest runs from November 1, 2009 to February 28, 2010. You will be required to post a photo of yourself to your account at least once every 7 days.
You must start on Day One completely clean shaven. Sideburns can not extend beyond the earlobe.
You are required to grow a full beard. This means whiskers on the upper lip, cheeks, chin and neck.
You are not allowed to shave the beard until the end of the contest. Trimming, shaping or styling are highly discouraged.
The photo must be of the participant. It is not allowed to be altered in any way. Take the snapshot, and upload it.
Photos must be 4×3 aspect ratio, no smaller than 500px in width. No nudity, profane gestures hateful, imagery, or otherwise offensive content. No more than one image per day can be submitted.
Breaking any of the above rules results in the participant being placed into the Hall of Shame, from which he cannot return. You will be ejected from the contest.
The winner will be chosen by participation in the contest, not just beard growth necessarily. This includes ratings on photos, overall spirit of the contest, attendance and beard style.

So, I’m all in. My wife fully supports my decision (at least until my brother’s wedding in December, of which she might want some trimming or shaping done to the beard). I’ve managed to talk a few of my friends into it as well. So, it will be fun to participate with them, and also make new friends in the contest. I’ve never grown a full beard before. I’ve always been a fan of the circle beard. So, this will be a new experience for me.

Further, every Unix/Linux system administrator should be sporting full beard. It’s part of our culture. It’s who we are. Think of the Greats: Ken Thompson, Dennis Ritchie, Richard Stallman, Alan Cox, Brian Kernighan, and even Steve Jobs (back in the day) all sport beards (c’mon Linus, where’s your Unix beard?). I hope to be able to place my name among them. At least my coworker is fully bearded. Maybe I’ll be able to grasp some of the vast amounts of Unix knowledge from him.

I’ll later post the URL to my Whiskerino profile page. Because the photos are generally meant to be of the creative style for the contest, I’ll be taking that photo, but I’ll also be taking a photo that will suit well for a time lapse “camera”. This will probably go to my Picasa account, which I’ll also provide a link to later. Lastly, for those reading my blog via RSS, you won’t be able to get the benefit of watching the beard growth, unless Whiskerino provides an RSS feed to each profile page. I might post a photo here or there on the blog though. We’ll see. However, there will be a side bar on my blog showing the daily snapshot of my ugly mug.

In the immortal words of William Shakespeare in the play Much Ado About Nothing:

He that hath a beard is more than a youth, and he that hath no beard is less than a man.
~ Beatrice speaking to Leonato

Evil Maid

2009-10-23T06:10:51-07:00

Two weeks ago, we had the Utah Open Source Conference, and I gave a presentation on how to crack passwords when you have physical access to a box. You can find my slides and materials here (3MB tar.gz). As an overview of my presentation, I discussed that if you have physical access to a machine, you can easily get administrative rights (root on Unix-like machines), and as a result, get access to the password database and user accounts, and use software to brute force the passwords out of the database.

I then finished up showing how to break encrypted filesystems using the cold boot attack. The University of Princeton has an excellent white paper, video and software on how to make this possible. The idea is simple- read the contents of RAM immediately after a shutdown, then use software to search through that memory dump finding a passphrase used on the encrypted filesystem. The only problem with this attack, is the limited scope of software in which it is effective against.

Enter Evil Maid.

The idea is simple. Because you still have access to the target machine, rather than doing a cold boot attack, memory dumps and additional processing on the RAM dump, install a different boot loader that contains a key logger. When the target enters the encryption passphrase on his machine, the key logger will have grabbed every key stroke, either saving it somewhere on disk for later retrieval, sending it over the Internet to the attacker, or whatever is necessary to get the passphrase.

THIS WILL WORK ON ANY OPERATING SYSTEM AND IS EFFECTIVE AGAINST ANY FILESYSTEM ENCRYPTION SOFTWARE!

This is more effective than the cold boot attack, or even the “stoned boot” attack that Bruce Schneier covered earlier this year, but it’s still not without its weaknesses. This attack assumes that the target will power on the computer at a later time, and enter the passphrase for the encrypted filesystem. The attacker would not want to actually steal the powered down computer.

This is why it is called “Evil Maid”- you leave your computer in the hotel room, the housekeeping maid comes in to clean your room, but while there, installs the boot loader and key logger, then repowers down your computer. When you return to the hotel room, you power on, enter the passphrase, do you work, or whatever. The next day, when the maid returns, she returns, most likely to either retrieve the key and restore the previous boot loader, erasing her tracks. Now she has access to your data, can image the drive for offline analysis and have all sorts of nasty fun.

This should say something about encrypted filesystems. They really only protect you if the drive is stolen, and the computer has been powered down. Other than that, there is an important security lesson to learn here. If someone has physical access to your computer, with the intent to do harm, there is no stopping them from getting administrative rights on the machine, installing software, archiving data, imaging drives, etc. As a result, this should tell you something valuable: if possible, as in the case with laptops, keep your computer with you in untrusted environments.

There are possible protective measures to protect yourself against such an attack. Storing your computer in a strong box under lock and key might work. Although the attacker only needs to be proficient with lock picks, this is a good first safe measure. Many hotels offer such strong boxes. Second would be hardening your BIOS to help prevent such an attack. Again, just a “speed bump” do a dedicated attacker, but it could be enough to deter. Lastly, because this attack assumes installing software on non-encrypted boot partitions or sectors, getting a hash of the non-encrypted boot partition and storing on a separate USB key could be valuable. Thus, when you travel, before you boot the machine from the hard disk, you could boot from a live CD, and check the hash of the boot sector against the hash stored on your key. Of course, if the attacker ever gets access to your USB key, the hash could be corrupted or modified.

Long story short- don’t leave sensitive data on your machine in untrusted environments, such as hotel rooms. Take your computer with you whenever you can and shut it down when not in use.

A Case For HTML Email – Mashups

2009-10-17T06:09:13-07:00

You know, I had this massive post all typed up arguing why HTML email isn’t inherently evil. Seriously, it was approaching 2000 words. Then I realized something- I’m over complicating the issue. Everything I was trying to say in the post, can be summed up in this video, showing off Ubiquity from Mozilla Labs. Basically, what you are about to see in a couple examples in the video, you can’t do with “plain text” email. This is a video for Ubiquity, which does a lot more, but I think you’ll get the idea.

Ubiquity for Firefox from Aza Raskin on Vimeo.

Now, here’s the funny thing. For those arguing the case for plain text email- you are explicitly putting yourself in a “plain text world”. When someone sends you something, say a mashup of a restaurant review, and you can’t view it with mutt, who’s problem is that? The sender, or the receiver? Think about that for a second. It’s 2009. We should be able to do so much more with email than we’re currently doing, as Aza states, but the plain text folks aren’t interested in that. “Gimme the text, remove the bloat. The web belongs on the web.” they’ll say. Well, I guess the world is interested in passing them by.

Full disclosure- I have been a heavy plain text email advocate in the past. Post 0 and post 1 demonstrate that. Let’s just say I’ve had a change of heart. I want to do more with my email. Also, I’ll be sending all my emails in both plain text and HTML encoding, for those who insist on living in the past as well as for those who actually want to enjoy their email.

Dear Qwest

2009-10-15T21:30:14-07:00

A friend of mine just recently signed up for your land line telephone residential service. Within days, he has already been getting a slew of solicitation phone calls. He hasn’t even had the chance to hand out his number, and already, he’s getting quite the barrage of solicitors. Yet, I have a Google Voice number that hasn’t seen a single unwanted call. I’ve only had it for a few months, but it’s certainly been much, much longer than my friend’s, and I’m handing it to anyone and everyone. I gave it to my school, a car repair shop, Apple Computer, a number of retail shops, friends and family, and so forth. I call tons with it too.

So, can you explain that to me? Why is his fresh number getting spammed, while mine remains completely spam-free? Is selling personal information part of your business plan too? Just curious. Oh, and by the way, I’m not a customer. I left your “Spirit of Service”, because it wasn’t any good.

More ZSH Prompt Love

2009-10-14T07:51:24-07:00

Ever since discovering ZSH 3 years ago, I’ve been addicted, but it wasn’t until a good 2 years into using the prompt on a daily basis that I decided to do some radical work with my prompt. I’ve blogged about this before a couple times, making improvements along the way: post 0, post 1, post 2, post 3. Check out those posts if you’re interested in what I’ve done to the prompt, and extra screenshots.

At the Utah Open Source Conference, I gave a BOF on Unix shells. The turnout was good, and we had a great discussion. I presented on my default prompt for ZSH, showing all the hidden features of the prompt. However, I had forgotten that I had removed battery status from my prompt, because I was depending on APM, which is no longer compiled in the kernel. A couple people have asked me since then why I’m depending on APM and not ACPI. I don’t have an answer, other than that was just what I coded. So, last night, I put up an ACPI implementation, and it works great. As with the APM implementation, if the battery percentage is less than 15%, the percentage display is red. If it’s less than 50% but greater than 14%, it’s yellow, and if it’s less than 100% but greater than 49%, it’s blue. If it’s 100%, or the tool “acpi” is not installed, then it doesn’t show up. Here’s a screenshot below:

While hanging out in our local LUG channel for the Ogden Area Linux Users Group, I got talking with Seth about prompts. He decided to change his, including adding the dog from Nethack randomly “moving” in the prompt. He also mentioned changing the color of the path if the present working directory was not writable. I really liked this idea, and decided to implement it in my prompt. Here’s a screenshot of that in action:

I change the path color to yellow if the present working directory is not writable, as it’s noticeable enough to catch your attention, but subtle enough to not get in the way, and be distracting.

As usual, if you want the source, here it is. Yes, it’s public domain, as mentioned in the code, so have at it.

7 Reasons Why I Have NOT Switched To Google Chrome From Firefox

2009-10-12T21:45:04-07:00

I just finished reading 7 Reasons Why I Switched to Google Chrome from Firefox. I found the article a bit on the fanboy side, and I’ll address each of his points here, while also saying my reasons why I’m still holding on to the Firefox browser as my default browser.

First, Andrew mentions that Google Chrome has a “much faster loading time”. I have Google Chrome installed on both my work laptop running Windows XP and two of my GNU/Linux machines, one running Ubuntu 9.04, the other running Debian Sid. In all three cases, Google Chrome does launch from cold boot noticeably faster than Firefox, but the daily web browsing is not so noticeable. Unless I’m benchmarking the two browsers side-by-side, which is really only good for showing benchmarks, I don’t see any recognizable differences in speed when rendering HTML, CSS or JavaScript. I’ve used both Chrome and Firefox with Gmail, Google Wave, and many, many other processor-intensive sites, and I see no such conclusion that Chrome has a “much faster loading time” versus Firefox, who is making the web a slow experience.

Second, he addresses that Chrome doesn’t crash. Funny you say that. I’ve had both the stable version running on Windows XP and the unstable version running on GNU/Linux tank very recently. It only happened once, in both operating systems, and I have not been able to reproduce it, but it wasn’t just a tab failure. The whole browser went south. I honestly don’t even know what happened, but I do know what I was doing, and what was lost, but I’ll address that in a second.

Thirdly, he likes some of the snazzy tab features with Chrome. It’s apparent though, that the features he addresses in Chrome also exist in vanilla Firefox 3.5, such as the ability close all tabs other than the open tab (right-click the open tab, select “Close other tabs”). I do wish Firefox would get closing tab order and tab placement correct though. It does bother me that when I open a link in a new tab, it doesn’t open the tab right next to the current, and when closing tabs, it doesn’t do so in oldest to most recent opened tab. However, that’s the beauty of Firefox- extensions, which again, I’ll cover in a minute.

Fourth, I do like the default home page in Chrome, and I wish Firefox had it. I’m hoping we’ll see it in 3.6 or maybe 4.0. However, it’s hardly anything new. As usual, Opera pioneered the feature, Safari followed suit, then Chrome. It is a leg up on Firefox, however.

Fifth, the Omnibar in Chrome is no different than the AwesomeBar in Firefox, except for the search functionality. But, seeing as though the search box in Firefox is just a tab keystroke away, I hardly find this inconvenient, and worthy of a reason for switching browsers. Further, it’s limited in its search scope- it can only search from one engine, Google by default. The search bar in Firefox is much more customizable, giving you the option to add virtually any search engine to the browser. Google, Wikipedia, eBay, Ubuntu packages, and so forth. Sure, you can change the default search in the options in Chrome, but you have to change the option by opening the options dialog every time you want to make the change, rather than just do it on the spot ad hoc.

The sixth option is just silly. Known more widely as “porn mode”, every major browser comes with this feature, even in Firefox 3.5. A mere “ctrl+shift+p” will put Firefox into “Private Browsing”, not saving an ounce of history to disk. Further, rather than opening a new window, it caches off your currently open tabs, closes them, and puts the new porn mode tab as the current tab, all in the same window. When you’re finished, stopping private browsing will restore your tabs from the saved cache, including any text you might have typed in any form field. Sorry, but this point I found rather silly.

The seventh point is likely just as silly. Firefox has had a bright future from the outset. It truly is the poster child for a grass roots open source project that becomes mainstream. Version 3.6 is looking up, and 4.0 has a bright future as well. According to the browser market share trends, Firefox has been up, up, up.

Now, here are seven reasons why I won’t be switching from Firefox to Google Chrome as my default browser in the foreseeable future:

Extensions- I know this is “in the works” for Google Chrome, but I can’t ditch Firefox just yet. I have a must set of extensions for every install of Firefox I ever make. I used to keep an updated list of such extensions, but I haven’t updated in a while. Maybe I should do so. But, on every install, I need AdBlock Plus, FoxyProxy, FireFTP, Firebug, Web Developer, Tab Mix Plus, Weave, NoScript and Flashblock, just to name a few. Again, I understand it’s only a matter of time with Chrome before extensions appear, and they will sand-boxed too, increasing the stability and security of the browser. However, Chrome isn’t there yet, and as such, Firefox remains my browser.
Caching- Firefox is the only browser that I know of that gets caching right. If, for any reason, my browser crashes, and I was typing an email, when I pull the browser back up, not only are my tabs restored, but the data in the tabs as well, including each tab history, and the text in any form fields that I was editing (provided I’m keeping a history of everything, as is default on a new install). I can’t even begin to tell you how valuable this feature is. Yes, the whole browser crashes with Firefox, versus single tabs with Chrome, but when Firefox comes up, my data is in tact. When I restore the tab with Chrome, form fields and text boxes that were once populated are now blank.
Cross Platform- Even though I have Google Chrome installed on my Debian and Ubuntu machines, Google Chrome is still very much a Windows application. It just hasn’t reached prime time for Mac OS X or GNU/Linux. So, unless I’m ready and willing to take the rolls with the punches, I’m stuck on Windows. Yes, Google Chrome is getting more and more usable every day on GNU/Linux, but it’s still unstable and comes with bugs.
Portable Firefox- Being a college student, I’ve come to love Portableapps.com. I can take so many applications with me on a USB stick, plug them into a Windows machine at school, and off I go. Firefox is no exception. I can have all my extensions, plugins, settings, bookmarks and so forth with me on a single USB stick. This way, I don’t have to worry about installing Firefox should it not be installed, and I don’t have to prep it installing and configuring it the way I like. So, until Chrome becomes a portable app as well, which I don’t think should take long, Firefox is here to stay.
Speed- Firefox is still a fast browser, and 3.6 is looking to up the ante even more. Tracemonkey is comparable to speed with V8 in terms of JavaScript engines, and HTML/CSS rendering is also snappy. In fact, I noticed a great improvement from 3.0 to 3.5 in terms of speed. And when browsing the sites I do from day-to-day with Firefox and Chrome, I honestly can’t tell if one is faster than the other. Yes, from a cold boot, Firefox is a second slower. Maybe two. Other than that, IMO, it’s neck and neck, and as a result, I see no reason to switch browsers if speed is a factor.
Configurability- Firefox is the only browser I know of that tinkering under the hood is a snap. Just pulling up the “about:config” URI, and I can tweak to my hearts content, and I have. I’ve modified the way DNS is handled. I’ve modified the way proxies are setup. I’ve changed the backspace key behavior, and much more, and it’s easy. Further, if I don’t like the setting I’ve made, I just change it back, all while it’s running in a tab in the browser. No need for open dialog windows, or taking you away from your work.
Support- This might seem like somewhat of a weak point, but Google Chrome has a bit to go before the community reaches the masses that Firefox has amassed. Support forms, IRC channels, wikis, mailing lists and on and on. If I need help with the Firefox browser, I’m likely to get the support I’m looking for, regardless of the platform. As Google Chrome increases it’s market share, there’s no doubt that it will increase it’s support options and community as well. However, it’s not there yet, and literally pales in comparison to Firefox. There is strength in numbers.

These may or may not be your reasons for sticking with Firefox, but they are certainly mine. Firefox is a solid browser that is showing tons, and tons of potential. While it might not have some bells and whistles that Chrome has, such as a process per tab, or sandboxing extensions, it’s still a robust and stable browser, and as a result, still remains my default browser.

WIFI FAIL

2009-09-09T06:28:48-07:00

While taking the bus home yesterday from work, I needed to login to work over the VPN and get some stuff done, before the next day started. The express bus I take home has free WIFI on the bus. Unfortunately, it’s anything but reliable or stable. I kept losing the connection, then I would have to reconnect, then it would drop, then reconnect, etc. While going through this, I noticed in the WIFI applet for Windows XP that it tells me I currently not connected, but if I wish to disconnect, I need to click the disconnect button. So which is it? Am I connected, or not? If I click the disconnect button, I guess it disconnects me, but when I click the button again to connect, it says again that I’m currently not connected, and if I wish to disconnect, click disconnect. Confusing as hell, I figure it’s loaded with FAIL, and that it would be fun to show.

Scrubbing Hard Disk Data

2009-08-31T18:52:26-07:00

I’ve recently had the opportunity with wiping 13 SCSI drives. The drives are small- 36 and 18 gigabyte drives, and they do contain sensitive data. They will be sent off to a third party for physical destruction, but we need to make sure that the data is completely overwritten on the disk in a secure manner. This means using a utility that can overwrite bit-for-bit on the disk level. Fortunately, there are many utilities for making this possible.

The most popular of these, is DBAN, or Darik’s Boot and Nuke. It comes as a CD or USB image that you boot from, rather than the disk, then choose in a menu which wiping method you wish to choose. Of the choices, there are:

Quick Erase- One pass, writing nothing but zeroes.
RCMP TSSIT OPS-II- Eight passes using random writes and compliments on each pass.
DoD Short- Three pass version of the stronger seven pass below. Each pass is random data written.
DoD 5220.22-M- Sever passes using random data at each pass.
Gutmann Wipe- 35 passes across the hard drive as described by security expert Peter Gutmann and Colin Plumb.
PRNG- Arbitrary number of passes specified by the user using a pseudo random number generator for writing random data on each pass.

For most secure scrubbing purposes, a quick erase is more than good enough. There have been no published papers to date on recovering overwritten date after a single pass. Is that to say it’s not possible? No, of course not. For what it’s worth, all the drives that leave my possession only get a single pass. However, if you or or organization is more paranoid about getting the data off the platters, there are other options available that will do more passes on the drive.

The next option in the DBAN menu is the RCMP TSSIT OPS-II wipe. This pass uses a source for a pseudo-random number generator as the first pass, then produces the compliment of that first pass as the data for the second. The idea behind this method is switch the bit on the disk platter from one to zero as often as possible. By using a random source for the initial pass, then writing the compliment, we’ve successfully written two passes on disk. At this point, it should be “good enough” for even the most seasoned data recovery company. However, this pass does that dance three more times, for a total of eight passes.

The Department of Defense, in the United States of America, has established a standard for sanitizing disks that contain TOP SECRET data. They have two standards. The first is the “DoD Short” wipe. This is a short three pass wipe. Nothing fancy about it. Each pass uses a pseudo-random number generator as the source for the overwriting data, and makes three passes with this source. The “DoD 5220.22-M” is the more secure DoD sanitization method, which uses seven passes across the disk instead of three. Each pass uses a pseudo-random number generator for the source of the data.

The next method is for the ultra-paranoid company or individual. This wipe is known as the “Gutmann Wipe”, and it’s built to take advantage of different hard disk encoding mechanisms. Essentially, there are two main encoding schemes for storing the data on your disk: MFM and RLL. All modern drives today use the RLL encoding scheme. Essentially, RLL is a lossless compression encoding scheme, making it possible to fit more data on the disk platters. Because MFM and RLL store data differently on the drive, using a certain method might be optimized for MFM encoded drives, but won’t work well with RLL and vice-versa.

The method behind calculating the data to the disk is rather simple: generate a unique list of one-bit numbers (zeros and ones), then two-bit numbers, then a three-bit numbers, then finally four-bit numbers uniquely. After this list of numbers has been generated, begin writing. This list is as defined in hexadecimal:

1-bit: 0×000, 0xFFF
2-bit: 0×555, 0xAAA
3-bit: 0×249, 0×492, 0×942, 0×6DB, 0xB6D, 0xDB6
4-bit: 0×111, 0×222, 0×333, 0×444, 0×666, 0×777, 0×888, 0×999, 0xBBB, 0xCCC, 0xDDD, 0xEEE

If you want to convert this list to binary, then think about it in terms of the “number of bits”. For example, with one bit, you only have two options: a zero or a one. With two bits, you have a possible combination of 4 numbers: all zeroes, all ones, zero then one or one then zero. Because we’ve already defined “all zeroes” and “all ones” in the one-bit number, we don’t need to repeat them in the 2-bit, 3-bit or 4-bit representation. Now, why repeating that bit 3 times? Well, the least common denominator of three and four is twelve. The idea is that I’m writing patterns, not necessarily static data. So, the pattern needs to repeat through the 12-bit number. For example, take the 4-bit number

0x999

What is this in a 12-bit binary representation? Isn’t it:

100110011001

or if you were to separate it out:

1001 1001 1001

Do you see the pattern of two ones followed by two zeroes, followed by two ones followed by two zeroes, etc? That’s the idea. Writing patterns to the disk.

So, how do we put all these numbers together, so we can sanitize the data securely for both RLL and MFM drives? Wikipedia has a good article on it, and explains that the first and last four writes are random data from a secure random number generator. Then, at pass five through pass 31, we use the 1-bit through 4-bit numbers we came up with, and begin writing, some of them used two or three times, based on the drive encoding scheme it’s targeting.

Lastly, if this isn’t enough, you have one last option, where you can specify the number of passes for wiping the data. The pseudo-random number generator that is used for the other passes is chosen here, and each pass writes random data to the disk.

This is a great utility for sanitizing disks, however, I’ve found DBAN to be spotty on certain hardware configurations. For one, it’s x86-based only, which means you won’t be able to boot this on Sparc or HPPA-RISC hardware. Also, even on some x86-based hardware, I’ve found DBAN to hardlock, not ever getting to the menu for me to begin wiping. So, what can I do? Am I up a creek without a paddle? Most definitely not!

KNOPPIX is a solid LiveCD that loads the Linux kernel and the Debian user-space utilities, giving you a live desktop, complete with all the tools you would need for rescuing and wiping machines. KNOPPIX has been soundly tested against a vast array of hardware, and it sees very active development with a vibrant community behind it. How can KNOPPIX securely delete the data off your drives? Well, GNU Shred from the GNU Coreutils package is a flexible package for choosing the number of passes against a drive. Because you’ve booted into a live Linux environment, you also have /dev/zero, /dev/random and /dev/urandom as a source of endless data for sending to your drives. In my specific situation of wiping the 13 SCSI drives, I booted into a KNOPPIX CD, executed ’shred’ and told it to do three passes, then one last pass of zeroes, hiding any evidence of data sanitization. Many other GNU/Linux distributions provide live environments (CD or USB) that you could take advantage of. Ubuntu, openSUSE, Debian and Fedora are just a few worth mentioning.

Of course, if you’re running an encrypted filesystem worth its salt, then there really is no practical reason for scrubbing the data off your drives, and the encrypted representation of your data doesn’t mean squat without the private key to that data.

Moving to Movable Type

2009-08-21T23:00:58-07:00

After weighing in the pros and cons, it looks like I’ll be migrating my blog, and all of it’s data to a Movable Type install, rather than a Wordpress install? Why? I’m hoping to take some strain off the server by removing the database on the posts.

Honestly, I don’t know why blog engines have databases for posts, when static HTML files can be produced rather effortlessly. I understand WP Cache does something similar, but I’ve had mixed results with that plugin.

Anyway, the blog migration will probably happen sometime this weekend, ready for a new life Monday. Also, I’m hoping that I can preserve date timestamps in the RSS feed, so as to not spam the planets that I currently push to. I’ll be testing in a development environment first, to make sure everything goes smooth, not like you care.

See you on the other side.

Mobile LVM

2009-08-16T02:16:56-07:00

Today, as my wife and I were headed into Target, I thought of the cheap USB thumb drives they usually have on sale, and I was tempted to purchase some. Then I got to thinking: what if I could use those thumb drives as one disk, using LVM, and have the ability to take that LVM structure from computer to computer? For example, say I have 6 2GB USB thumb drives. I have 12GB of storage total. Maybe I want to fit a DVD ISO or two on the disks. LVM would be perfect for this, if it remains on one computer. Wouldn’t it be nice if I could take those 6 drives to another computer, scan for the LVs, and mount them, keeping all my data in perfect order? Well, after a bit of hacking about, I figured it out, and it’s cleaner than you would think.

I’m not going to bother teaching you about the concepts behind LVM here. Suffice it to say, that LVM provides complete flexibility and control over your disk pools, where editing and manipulating partitions would be troublesome. The idea behind LVM is to create a pool of disk space, whether it comes from one drive, or many, and have the ability to chop up that pool to create mount points easily, as well as resizing the volumes, either larger or smaller.

So, to get started, let’s keep it simple. I have two 32MB USB thumb drives with me right now for this post. When I plug them into my computer, my Linux kernel might recognize them as /dev/sdy and /dev/sdz, for example. You can find these results by running “fdisk -l” as root, checking the end of the dmesg command, or checking the end of /var/log/messages.

If they have a filesystem on them, and your desktop mounts them automatically, like GNOME or KDE will traditionally do, then you’ll need to unmount the devices. Once unmounted, we’ll need to partition the devices, and label the partitions as “Linux LVM”. I’ll leave that step up to you. Some good utilities of making this happen are fdisk, sfdisk or parted. You will only need one partition on each drive. Make sure the partition covers the whole disk, and make sure the partition is labeled as “Linux LVM”. If the partition is not labeled appropriately, it could cause problems for you later down the road.

Now that you have your disks partitioned, and labeled correctly, let’s start building the LVM structure. This is done by creating physical volumes first, then adding them to a disk pool, and chopping up the disk pool as needed for our mount points. Caution: This next step will erase any filesystem, and as a result, any data on the drives.

Pull up a terminal, type as root, and pay attention to the output:

# pvcreate /dev/sd{y,z}1
  Physical volume "/dev/sdy1" successfully created
  Physical volume "/dev/sdz1" successfully created

Now, time to add these two physical volumes to a drive pool. This next step is important, because you will give a name to the volume group. This name must be unique! Reason being: if you take this LVM structure to another computer, and it already has LVM implemented with a volume group that has the same name as yours, you’ll run into snags. So, for me, I used my GnuPG keyID. I figure that will be unique enough, that I shouldn’t encounter it on any computers I plan on using this with. But, you can name it whatever you want. Name it something that is useful to you. Of course, name it something very unique.

So, continuing in your terminal, type as root and watch the output:

# vgcreate 8086060F /dev/sd{y,z}1
  Volume group "8086060F" successfully created

Cool, at this point, I have about 64MB of space that I can chop up any way I see fit. Maybe I want a 50MB volume and a 14MB volume. Maybe I want one massive 64MB volume. Maybe I want 64 1MB volumes. The point is, you decide. When I create my logical volumes, I’ll be using the “lvcreate” command, which is rather detailed, so spending some time in the man pages will be of value.

Before continuing, we need to find out exactly how much space I have in my pool. LVM is keeping some metadata on the disks, so I will be losing some space. But how much? This is important to know when I start creating my logical volumes. I can get this data by running the “vgdisplay 8086060F” command:

# vgdisplay 8086060F
  --- Volume group ---
  VG Name               8086060F
  System ID
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               52.00 MB
  PE Size               4.00 MB
  Total PE              13
  Alloc PE / Size       0 / 0
  Free  PE / Size       13 / 52.00 MB
  VG UUID               F0pWrc-030s-03Uo-SoLl-7Tvf-ZETc-3hcxfG

“Free PE/Size” is what we’re looking at. In this case, LVM is using 12MB of metadata stored on the disks for its operations. If each extent is 4MB and I have 52MB of space, then that means I have 13 physical extents that I can use. This is the “PE” number. So, I’m going to use that number when creating my logical volume. I’m also going to name it something personal; something that has some meaning to me. Because this will be holding my personal data, I’ll name it “personal”.

Pull up a terminal, and as root:

# lvcreate -n personal -l 13 8086060F
  Logical volume "personal" created

Sweet! I have a logical volume that I can now put a filesystem on, mount, and start moving data to. So, let’s get to it:

# mke2fs -j /dev/8086060F/personal
... [Output snipped] ..
This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Next, let’s mount it:

# mount /dev/8086060F/personal /mnt
# echo "Testing file on LVM" > /mnt/file.txt

We now at this point have our LVM structure created, formated, mounted and data on it. Now, the key is to take these thumb drives out of the computer, take them to a separate computer, and rebuild the exact LVM structure keeping the data in tact. After all, that’s what we’re after, right? Mobile LVM?

Unmount the device:

# umount /mnt

If you get an error here, run fuser, with its various options, to find why the umount is failing.

Now with the logical volume unmounted, we need to deactivate it. This effectively takes the volume offline, so it can’t be accessed for data retrieval or storage. This can be handled with the “lvchange” command. Looking at the man page, in order to activate or deactivate a logical volume, you need to pass the “-a” switch. “-a y” would activate it, and “-a n” would deactivate it.

In your terminal:

# lvchange -a n /dev/8086060F/personal

No output will be there, but the device “/dev/8086060F/personal” should no longer exist. Now, we need to do the same thing with the volume group, telling LVM that we are finished with this group, and we no longer need its data. Surprise, surprise, this is done with the “vgchange” command, and we pass the same switch with its argument:

# vgchange -a n 8086060F
  0 logical volume(s) in volume group "8086060F" now active

At this point, it is safe to unplug the drives from your computer, and plug them into the new computer.

It’s typically best practice to notice how the Linux kernel identifies the drives when plugging them into a new machine. Knowing this information won’t necessarily be of vital importance to us during this tutorial, but it could be of importance when troubleshooting. Let’s say the kernel recognized the drives as /dev/sdk and /dev/sdl.

At any event, we need to have LVM2 and Ext3 installed on this new machine, if they aren’t already. Once those are installed, all we need to do is run pvscan to search the system for any new physical volumes. It should find our newly plugged in thumb drives, with all their metadata:

# pvscan
  PV /dev/sdk1   VG 8086060F   lvm2 [24.00 MB / 0    free]
  PV /dev/sdl1   VG 8086060F   lvm2 [28.00 MB / 0    free]
  Total: 2 [52.00 MB] / in use: 2 [52.00 MB] / in no VG: 0 [0   ]

Cool. It found them, and it’s telling me that they belong to a volume group called “8086060F”. If this volume group already exists on the new computer, LVM will let me know. This is why we needed to create a new volume group that had a very unique name.

All that’s left, is to activate the volume group, then activate the logical volumes, and I should be able to mount the volume, and access the data. Let’s give it a try:

# vgchange -a y 8086060F
  1 logical volume(s) in volume group "8086060F" now active

Sweet! So far so good. Notice too that I passed “-a y” to activate the group, where previously, I passed “-a n” to deactivate it. Now the logical volume:

# lvchange -a y /dev/8086060F/personal

No output, but can I mount it and access the data?

# mount /dev/8086060F /mnt
# cat /mnt/file.txt
Testing file on LVM

YES! WE DID IT! We’ve rebuilt the LVM structure on a completely different computer, and our data remained untouched. At this point, I can modify, add, remove data on the LVM to my hearts content. When I’m finished, as you’re already aware, I can unmount the volume, deactivate the LV, deactivate the VG and remove the drives for the next computer.

This process, as you have figured out, has quite a few steps to it, and it requires some knowledge about how LVM works. However, this pays off, I think, and it’s rather straight forward.

Not all is peaches and cream. You might have made a mistake during the process. Maybe you pulled out the drives before deactivating, and when you get to the new computer, it won’t build the LVM structure, or something equally as troublesome. LVM keeps a cache on all it’s operations in “/etc/lvm/cache/.cache”. You can safely remove this file, if it gets in your way. LVM will recreate it as necessary. That might fix your problem, it might not, but it’s worth pointing out.

I currently have 10 USB thumb drives, each of differing sizes as well as 3 mobile external hard disks. I’ve got roughly 200GB of raw storage at my disposal. With just flat filesystems, I can’t put down a 100GB file, unless I have a drive large enough to support it. The largest drive in my collection is a mere 80GB, so LVM fits the bill perfectly in making this possible, by combining all the disks. And because I can tear it down and rebuild it regardless of the computer I’m sitting at, as long as LVM2 and the Ext3 filesystem are supported, I can access the data.

Of course, you can choose any filesystem you want here. Just remember, however, that XFS does not support shrinking the filesystem. But, it’s your drives, so do what you want.

Further, if you really wanted to have fun, because you have multiple disks, you could totally take advantage of Linux software RAID. Because the structure we outlined above doesn’t cover redundancy, if you lose a disk, your data could be corrupted. So, RAID would make sense, however, it complicates the mobility, by making sure Linux software RAID is also installed on the target machine, and it adds an extra step to activating the drives by rebuilding the RAID array first THEN rebuilding the LVs. And of course, if you’re paranoid, you could add encryption on top of it with cryptesetup and LUKS. Again, though, another step getting to your data when tearing down and rebuilding. All thoughts for another post.

I don’t care what you say, this is just too cool for school.

The Official Root Certified, LLC Launch!

2009-08-11T21:34:11-07:00

Today is a big day. Christer Edwards and I have gone into business with each other starting a Linux and Unix company here in Utah. We’re named “Root Certified, LLC”. We specialize in Linux hosting, Linux and Unix consulting and auditing. You can find more about us at our page: http://rootcertified.com.

If your company is looking for consulting or auditing in security, backups, virtualization, network services, troubleshooting or virtually anything else Linux or Unix reliated, we are the company for you! We can help you achieve industry standards, tighten your physical and network security, setup and configure all sorts of services and more. Further, we offer fully managed Linux hosting for your company or organization. You give us the data, and we do the rest. We have different packages for different needs, and our packages are completely flexible.

And we’re not stopping there! This is just the tip of the iceberg. We have some exciting new corporate expansions that we’ll be working on in the near future that will engage the Free Software and Open Source communities, bring additional education to the masses, and overall increase Linux and Unix adoption in both the server and desktop markets.

We’re excited for what we can do for you. Contact us here to see how we can meet your needs.

It’s That Time Again

2009-06-09T05:12:55-07:00

1	echo 'by9+IEhhcHB5IEJpcnRoZGF5IHRvIHlvdSEgSGFwcHkgQmlydGhkYXkgdG8geW91ISBZb3UgbG9vayBsaWtlIGEgbW9ua2V5LCBhbmQgeW91IGNvZGUgbGlrZSBvbmUgdG9vISBvL34K' \| base64 -d