BSD Archives

Home » BSD

Predicting the future, circa 2003

Dave Farquhar security, Windows September 26, 2014March 18, 2020BSD, discipline, podcast, SQL, unix, VPN, WAN, windows nt

In the heat of the moment, I searched my blog this weekend for quotes that could potentially be taken out of context and found something rather prophetic that I wrote in the heat of the moment 11 1/2 years ago:

Keeping up on Microsoft security patches is becoming a full-time job. I don’t know if we can afford a full-time employee who does nothing but read Microsoft security bulletins and regression-test patches to make sure they can be safely deployed. I also don’t know who would want that job.

Who ended up with that job? Me, about a year after I left that gig. It actually turned out I was pretty good at it, once I landed in a shop that realized it needed someone to do that job, and utilized that position as part of an overall IT governance model.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

Bash is worse than heartbleed! Oh noes!

Dave Farquhar security September 25, 2014September 24, 2014Blade, BSD, code execution, datacenter, debian, mac os x, os x, proprietary unix, SSH, unix, vulnerability

A really bad remote code execution bug surfaced yesterday, in Bash–the GNU replacement for the Unix shell. If you have a webserver running, or possibly just SSH, it can be used to execute arbitrary code. It affects anything Unixy–Linux, BSD, Mac OS X, and likely many proprietary Unix flavors, since many of them have adopted the GNU toolchain.

This could be really bad. Some people are calling it potentially worse than Heartbleed. Maybe. I’m thinking it’s more along the lines of MS08-067. But there’s an important lesson we must learn from this. Read more

Dave Farquhar

dfarq.homeip.net

Curious conspiracies… or maybe just progress all at once

Dave Farquhar security June 11, 2014October 5, 20191980s, 1990s, android, apple, atx power supply, BSD, chrome, IBM, intel, MBR, power button, TrueCrypt, UEFI, windows 8, Windows 9, Windows XP

In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.

What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain. Read more

Dave Farquhar

dfarq.homeip.net

How to be an Apple Genius

Dave Farquhar Uncategorized August 30, 2012apple, BSD, compaq, intel, macintosh, motorola, unix

Gizmodo got its grubby little hands on a training manual allegedly used in Apple Stores. It looks credible, and answers some questions.

Dave Farquhar

dfarq.homeip.net

Thanks for the misinformation, Disney

Dave Farquhar security August 21, 2012android, antivirus, apache, BSD, computer security, iphone, mac os x, os x, sony, spyware

In one of its throwaway kid’s sitcoms, Disney insinuates that open source software contains spyware and using it is a ‘rookie mistake’.

Open source software rarely contains viruses or spyware. Since it’s open for examination, changes to the code that have any funny business in them tend to be rejected. For that matter, code with unintended bad consequences tends to either be rejected, or quickly changed.
Read more

Dave Farquhar

dfarq.homeip.net

SCO v. IBM winds toward resolution

Dave Farquhar Linux, Retro Computing February 18, 2012October 30, 20181990s, AIX, AT&T, BSD, Digital Research, Gary Kildall, IBM, intel, SCO, unix, x86

Slashdot reported yesterday that SCO v. IBM is back on. Well, it is, sort of. The case never was fully resolved, due to SCO running out of money and filing for bankruptcy. Groklaw has the details.

If this sounds vaguely familiar, I’ll try to refresh your memory.

Dave Farquhar

dfarq.homeip.net

Open-source licenses, the CISSP, and the real world

Dave Farquhar Copyright, security February 4, 2012July 14, 2017BSD, buffer overflow, cissp, cissp exam, debian, demonstration, firewall, project management, vulnerability

You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.

And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.

Dave Farquhar

dfarq.homeip.net

Open sourcing code doesn’t necessarily mean people will rush to it

Dave Farquhar Retro Computing, Software June 23, 2004January 21, 20201980s, amiga, atari, atari st, BSD, Digital Research, freebsd, Gary Kildall, macintosh, mysql

John C. Dvorak wrote a nice layman’s introduction to open source on PCMag.com. But he makes at least one big false assumption.

Dvorak says he’d love to see old code open sourced. Some examples he sought, such as CP/M, CP/M-86, and GEM, have already been open source for years. Caldera, after buying the intellectual property of the former Digital Research from Novell, released just about everything that wasn’t directly related to DR-DOS, some of it as GPL, and some under other licenses. The results have hardly been earth shattering.

Dave Farquhar

dfarq.homeip.net

That PC wasn’t broken, it was just spyware

Dave Farquhar Software June 19, 2004November 11, 2024BSD, spyware

I “repaired” a PC this weekend. Actually it wasn’t much of a repair. It had problems: disk errors, applications crashed a lot, the computer crashed a lot, startup times were slow, and at times the computer was really unresponsive.

At first I suspected viruses, but I quickly found the virus software was up to date, which was a good thing.

Dave Farquhar

dfarq.homeip.net

Well, I’m a Slowlaris administrator now

Dave Farquhar Personal March 25, 2004BSD, debian, unix, x86

Let me run down <strike>my list of qualifications</strike> what I know about Solaris.1. They call it "Slowlaris" because it initially wasn’t as fast on the same hardware as its predecessor, SunOS.
2. I don’t know if Slowlaris 9 is faster than older versions of Slowlaris, so I don’t know if this counts as something I know about it.
3. Slowlaris is based on System V Unix. SunOS was based on BSD.
4. Slowlaris runs primarily on proprietary hardware from Sun, based on a CPU architecture called SPARC. A handful of Sun clones exist, but I think Fujitsu is the only big third-party manufacturer.
5. There is an x86 version of Slowlaris. Sun keeps going back and forth on whether to continue making it or not, since they don’t make much money off it. It’s being made now. Professional Slowlaris admins argue that its availability makes it easier for up-and-coming admins to learn the OS without buying expensive Sun hardware–they can run it on their six-month old computer that’s too slow to run Doom 3.
6. "Sun" was originally an acronym for "Stanford University Network."

So most of what I know about Slowlaris is either trivia, or holdover generic Unix know-how. But I told my boss since it’s System V, I should be able to adjust to it almost as easily as I could adjust to a Linux distribution from someone other than Debian. I’ll just be typing –help and grepping around in /etc even more than usual.

Yep, it’s been that kind of <strike>week</strike> month.

Dave Farquhar

dfarq.homeip.net

← Previous