Blogfrom Dr. Dirk Wetter
Note please that this blog is currently not maintained anymore.
03/17/08 First Aid in Digital Forensics: On this years annual conference (FFG) of GUUG I gave a presentation and wrote a paper about the first important steps in digital forensics... (read more)
12/12/07 Ever had contact with eBay's customer service? The deeper you look in security issues on eBay's site, the more you see. So I thought to give them (another) feedback on an issue... (read more)
3/12/07 OSDevCon 2008, CfP: After some work we put our 2008 OpenSolaris Developer Conference website online and announced the call for papers, during Sun Tech Days in Frankfurt (Thanks to Frank Curran again showing the two slides I prepared!). So folks, if you happen to have anything to report about OpenSolaris development topics: Submit your proposal! ;-)
09/20/07 BSI sued: German BSI (Federal Office for Information Security, a service provider for federal IT and subsidiary from BMI, i.e. the ministry of interior) was basically sued because providing the password cracker John the Ripper from their website. Providing those tools were forbidden by a recent law – the so called hacker paragraph 202c, see below. The driving force of passing the law was the ministry of justice (BMJ). The great manoeuvre and the irony is that one ministry is sued because of a security tool which the other forbade.
The idea behind it is to clarify (sorry, German) the point whether the distribution is unlawful or not (in legal terms: Rechtssicherheit/legal certainty). It'll certainly help all people involved in the IT security business in Germany.
08/12/07 A sad day for German IT security: Today a law has passed, criminalizing security researchers and potentially penetration testers. It's a federal offense now to use tools like sniffers, password crackers and every other not-regular means to get into systems. The wording of the so called hacker paragraph is not as clear as one wish to be for pen testers: The addendum to paragraph 202a and 202b includes the word unauthorized, so normally there should be no problems – depended on how a judge might read it. Politicians from one of the goverment parties had concerns about the clearness of chosen words, despite that the law was passed. More scary in paragraph 202c: distributing those tools or just passing them to somebody else will cost you one year in jail or a hefty fine.
As a result German tools provider – I rather avoid the term hacker here – removed their tools or put them to foreign websites: FX, kismac and the PoC exploits from months of PHP bugs by Stefan Esser.
06/11/07 Enigmail 0.95.1 for Solaris x86: Since I was missing it for myself, I compiled enigmail for Solaris x86 >= version 10. It's Mozilla Thunderbird extension which nicely handles e-mail encryption and signing with GnuPG. Since I used Sun Studio, not gcc, it should play nice with the all other Sun Studio builds of Thunderbird 2.X. There were some minor problems during compilation, besides "the usual stuff" (gmake=make, gcc in PATH, missing includes, wrong paths in some Makefiles) also a problem with the Sun Studio 12 compiler (ube binary). If you don't want to worry about this: feel free to download enigmail here or at the official site (click on "Show current versions for all operating system" and scroll down to the buttom). Update 6/27: Did the SPARC binary, too.
5/20/07 ZFS under Linux using FUSE: Judging just by the features of ZFS it looks like a leap forward in file system technology. It's available since Solaris 10 Update 2, OpenSolaris and its distributions. Since the source code is free there are also ports to other operating systems: FreeBSD, may be soon NetBSD. And it'll be probably integrated in the to be released version 10.5 of Mac OS X, aka Leopard. However it's not natively available under the most widespeaded Open Source operating systems: Linux. The main reason is a license incompatibility. However, there's FUSE which allows the filesystem to be in userspace and thus circumventing the license incompatibility. (read more)
4/19/07 It looks like the ZENworks client will be kicked out of the Opensuse distribution. Finally! More see entries about Opensuse 10.1 and Opensuse 10.2 below.
4/16/07 Came back from Sun Tech Days in St. Petersburg/Russia, great city! It surprised me that so many people attended the conference: more than 2000 for the whole event, for the last Netbeans/OpenSolaris Day more than 400 participants registered. I had the final presentation on Friday. Feel free to browse through flickr to get some impressions.
4/5/07 For a talk I was invited, I just wanted to get real numbers on the "Linies of Code" in the Linux kernel on one side and OpenOffice on the other side. The estimates I found in the web were rumors as it turned out. It looks like the Linux kernel as of 188.8.131.52 has 7.88, OpenOffice 2.2.0 11.946 mio LoC:
myhost:/data/oo # find OOF680_m14 -type f | egrep -vw "CVS|tar.gz|tar.bz2|template" > files
3/5/2007 Came back from 1st OpenSolaris Developer Conference which besides Martin Schulte and Wolfgang Stief I jumpstarted and helped organizing. Lots of good talks, e.g. understood better Solaris concept of RBAC and as time allows have to try Nexenta. The community-like feeling on the conference was surprising, too. Also: attendees and speakers were giving lots of positive feedback. Jim Grisanzio posted some nice photos, I also put some online.
1/25/2007 Darren Reed, IPFilter developer and since recent Solaris kernel engineer, escaped the Australian summer and is in unpleasent Europe during winter time. He is holding talks in Berlin, Prague and also here in Hamburg at "my" GUUG meeting. It's a good opportunity to get first hand information how the Solaris kernel does networking. Feel free to join his talk at February 1st, if you're around.
1/18/2007 Opensuse 10.2, the "distribution after": More than a month now that Opensuse 10.2 was released. It's not the time where big changes in the Linux world are taking place, so basically I thought "YASD" (Yet another Suse distribution). Anyway I was curious .. (read more)
1/8/2007 Whohoo: I actually won a machine through the Sun Open Performance Contest (see below). Some quotes on German and US web site.
10/7/2006 The Sun T2000 systems are interesting, at least. Their new T1 processor has a different design compared to commodity CPUs from AMD or Intel. There are multicored with 4 threads per core, energy saving on one hand, but only have one FPU on board and were in the beginning only available with 1.0 GHz clockspeed. More remarkable: Besides Solaris there are a couple of OS available: Ubuntu Linux (even "certified".. cough) and Gentoo Linux are supported, a FreeBSD port exists, too. Also there's a try and buy contest from Sun. What was closer to try to win a T2000 by benchmarking Ubuntu and Solaris?
9/23/2006 Since due to my biz I was involved in Solaris and help the German Unix User Group (GUUG) what was closer to jumpstart the idea of an international OpenSolaris Developer Conference? So after some discussions how we are going to organize it best – GUUG has 15 years experience organizing international conferences – we made a web site with content, put out a call for papers and spoke to a lot of people :-). Germany is not a bad place for this: There are quite some active OpenSolaris community members here and many others in Europe. We hope people from other continents will also come.
9/20/2006 Following my interest of the Suse 10.1 I finally got my hands on SLES 10 and SLED 10 which I tested thoroughly on a couple of machines in my lab. Since Xandros made a server distribution which they released a couple of months ahead it was interesting to see how they compete. A short version of the research was published in German iX magazine. You're welcome to read the full in-depth report. Again, there were not only minor problems I discovered.
6/11/2006 Suse 10.1 was released exactly a month ago. I did some research on it because it is supposed to be the basis of the soon-to-be-released enterprise products Suse Linux Enterprise Server 10 (SLES 10) and the Desktop (SLED 10) which is interesting for my business.
As it turned out there is a common misconception that the boxed product and the one available to download of Suse 10.1 are the same. I've compiled a complete list of the differences. Also what quite stunned me in a negative way is the new software update mechanism.
Update 7/19/2006:The full report is now online.
3/30/2006 The translated and revised edition of Brian Ward's How Linux Works is now available in (at least German) bookstores. It took me quite some time (surprise, surprise) to do all the work, therefore it's more up to date which is a hard battle to fight: Linux evolves, so does the PC hardware. I did my best to deliver at least at the time of publication a new book. Besides lot's of small details (German) I couldn't resist to add, one and a half chapters were added: NFS/automount, and one about the new Linux-hotplug based on udev, sysfs, HAL and D-BUS. The network chapter was more improved. So besides the solid original issue Brian Ward wrote I hope with what was put on top of it makes more attractive.
3/24/2006 The slides of my talk I gave on this years meeting of the German Unix User Group (GUUG) – the German counterpart of USA's USENIX – are now online.
10/15/2005 For the 12th time the Linux-Kongress took place, an international congress which discusses actual kernel and brandnew development topics. This time the venue was Hamburg, the beautiful main building of the university of Hamburg. The main organizer was as usual the German Unix User Group (GUUG). Happy and not innocent that this high profiled conferenced took place in Hamburg, I took the opportunity to support organization and moderation. In the final panel discussion with people from Red Hat, Suse/Novell, Debian and IBM future of Linux distributions were discussed.
There was also an exihibition, where we took part presenting console servers and OOB management solutions.
9/9/2005 The flaw on the Avocent CCM is comparable to the one on the MRV albeit less "sophisticated" to exploit as you might realize. It's just another normal way of accessing the serial devices. Vendor was very fast to come up with a beta update after my discovery, however it took 2.5 months to come up with an official version of the (presumable – I didn't tested it) fix.
8/22/2005 The review about console servers published in the August issue of the German iX magazine is online @ drwetter.org available. The review goes far beyond a datasheet comparison but included a few weeks testing in our lab. Stay tuned, there might be hopefully an English version soon.
7/18/2005 Found another bug on console servers, this time on a MRV In-Reach. Not as severe as the other ones, but still has a potentially bad impact: Using SSH pub key authentication It allows unprivileged access to ports and as a consequence adminstrative access to equipment connected to those ports. According to vendor it's fixed with the latest firmware 3.5.1. Upgrade is recommended.
7/7/2005 On the Lantronix SLC I discovered another severe bug during my research. Vendor said they currently have other priorities which stunned me. I posted it. Hopefully vendor reconsiders internal schedule (ETA: end of August) for the bugfix. Background: Private SSH-keys are retrievable via Web-Browser, log files too.
7/4/2005 A more clear description of the paragraph below: The Raritan Dominion SX had two unprotected accounts, i.e. they were w/o passwords. Login and research the system was possible, once one moves the ~/.bashrc away.
6/28/2005 Without looking too deep into it I discovered three servere and three medium level security bugs on the console server appliances (see below). I am still in the process resolving the issues with the vendors. One bug was supposedly fixed, but as it turned out it only cured one issue. [Update: The remaining account is now locked].
Bottom line: Because of those discoveries I am still stunned. Console servers are a vital part of a data center infrastructure and provide administrative access to up to 48 devices. How come that some vendors are forgetting to do their homework?
6/23/2005 Been to LinuxTag, biggest Linux conference with this year 12k visitors. Great to be there and getting in touch with people I only see on random occasions or knew before through e-mail. Wished only my task as a session chair would have eaten up less time. ;-)
6/22/2005 A review about console servers for the German computer magazine iX is almost finished and to be published in the middle of July. I tested top models from Avocent, Cyclades, Digi, Lantronix, Thinklogical, MRV, Raritan. Stay tuned for an english version of it. [Update: There's a (German) introduction of the review available.]
It puzzled me a little bit that five of seven Linux appliance manufacturers were clearly not GPL-compliant. No hint of the usage of GNU software or the GPL. The good thing (or is it an achievement due to the upcoming publication?): One manufacturer complied by himself (but the German branch wasn't initially aware about it) and the remaining four promised to be GPL-compliant in the future. However there were distinct differences how the answer was phrased and with two vendors I had to follow up on this issue more than two times. It'll be as interesting as important to know how and when the verbal commitments will be implemented. More soon here or at Harald Welte's gpl-violations.org.