DOCSLIB.ORG

Securing Your Daemons Using Systemd

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securing Your Daemons Using Systemd Securing your daemons using systemd Zbigniew Jędrzejewski-Szmek [email protected] cba FOSDEM, Brussels, 2020.2.2 1 / 43 About me systemd upstream Fedora (FESCo, systemd maint., Python SIG, Rust SIG) 2 / 43 Numbers: $ dnf repoquery --releasever=32 -l --whatprovides \ '/usr/lib/systemd/system/*' \ rg -i '^/usr/lib/systemd/system/[a-z0-9_@.\\-]+$' | \ sort -u | wc -l 1740!!! Before we begin... Why use systemd for this at all? I centralization I abstraction of hardware architecture / kernel version I unprivileged operation 3 / 43 Before we begin... Why use systemd for this at all? I centralization I abstraction of hardware architecture / kernel version I unprivileged operation Numbers: $ dnf repoquery --releasever=32 -l --whatprovides \ '/usr/lib/systemd/system/*' \ rg -i '^/usr/lib/systemd/system/[a-z0-9_@.\\-]+$' | \ sort -u | wc -l 1740!!! 4 / 43 # /etc/systemd/system/mydaemon.service [Service] ExecStart=/usr/local/bin/mydaemon $ sudo systemctl start mydaemon.service $ sudo /usr/local/bin/mydameon $ sudo systemd-run /usr/local/bin/mydameon $ sudo systemd-run -t /usr/local/bin/mydameon Before we begin... Unit files 5 / 43 $ sudo /usr/local/bin/mydameon $ sudo systemd-run /usr/local/bin/mydameon $ sudo systemd-run -t /usr/local/bin/mydameon Before we begin... Unit files # /etc/systemd/system/mydaemon.service [Service] ExecStart=/usr/local/bin/mydaemon $ sudo systemctl start mydaemon.service 6 / 43 $ sudo systemd-run /usr/local/bin/mydameon $ sudo systemd-run -t /usr/local/bin/mydameon Before we begin... Unit files # /etc/systemd/system/mydaemon.service [Service] ExecStart=/usr/local/bin/mydaemon $ sudo systemctl start mydaemon.service $ sudo /usr/local/bin/mydameon 7 / 43 Before we begin... Unit files # /etc/systemd/system/mydaemon.service [Service] ExecStart=/usr/local/bin/mydaemon $ sudo systemctl start mydaemon.service $ sudo /usr/local/bin/mydameon $ sudo systemd-run /usr/local/bin/mydameon $ sudo systemd-run -t /usr/local/bin/mydameon 8 / 43 User= $ systemd-run whoami root $ systemd-run --uid=zbyszek whoami zbyszek $ systemd-run -p User=zbyszek whoami zbyszek Basics 9 / 43 $ systemd-run whoami root $ systemd-run --uid=zbyszek whoami zbyszek $ systemd-run -p User=zbyszek whoami zbyszek Basics User= 10 / 43 Basics User= $ systemd-run whoami root $ systemd-run --uid=zbyszek whoami zbyszek $ systemd-run -p User=zbyszek whoami zbyszek 11 / 43 I InaccessiblePaths= I ReadOnlyPaths= I ReadWritePaths= I BindPaths= I ReadOnlyBindPaths= Limiting access to the file system I ProtectHome=yes|read-only I ProtectSystem=yes|full|strict 12 / 43 I BindPaths= I ReadOnlyBindPaths= Limiting access to the file system I ProtectHome=yes|read-only I ProtectSystem=yes|full|strict I InaccessiblePaths= I ReadOnlyPaths= I ReadWritePaths= 13 / 43 Limiting access to the file system I ProtectHome=yes|read-only I ProtectSystem=yes|full|strict I InaccessiblePaths= I ReadOnlyPaths= I ReadWritePaths= I BindPaths= I ReadOnlyBindPaths= 14 / 43 Limiting access to the file system I PrivateTmp=yes 15 / 43 /run/foo/ I RuntimeDirectory=foo I StateDirectory=foo /var/lib/foo/ I CacheDirectory=foo /var/cache/foo/ I LogsDirectory=foo /var/log/foo/ I ConfigurationDirectory=foo /etc/foo/ Limiting access to the file system a better way 16 / 43 Limiting access to the file system a better way /run/foo/ I RuntimeDirectory=foo I StateDirectory=foo /var/lib/foo/ I CacheDirectory=foo /var/cache/foo/ I LogsDirectory=foo /var/log/foo/ I ConfigurationDirectory=foo /etc/foo/ 17 / 43 $ sudo systemd-run -t -p User=zbyszek \ -p RuntimeDirectory=foo \ ls -ld /run/foo I automatic creation and ownership I automatic removal 18 / 43 I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? 19 / 43 $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes 20 / 43 run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami 21 / 43 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 22 / 43 systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ 23 / 43 systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ 24 / 43 systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ 25 / 43 User creation on demand? I DynamicUser=yes $ systemd-run -p DynamicUser=1 -t whoami run-u215640 $ echo -e 'asdf\nasdf' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' | \ systemd-run --pipe -p DynamicUser=1 \ bash -c 'grep .; whoami' 26 / 43 I PrivateNetwork=yes “PrivateNetwork=yes is the recommeded way to run network services” What about the network? 27 / 43 “PrivateNetwork=yes is the recommeded way to run network services” What about the network? I PrivateNetwork=yes 28 / 43 What about the network? I PrivateNetwork=yes “PrivateNetwork=yes is the recommeded way to run network services” 29 / 43 Two types of socket activation: Accept=yes Accept=no → a single instance of the → a single instance of the service is started for each service is started for each connection connection → “wait” under inetd/xinetd → “nowait” under inetd/xinetd Socket Activation A daemon does not open a socket itself, it receives a socket from the manager 30 / 43 Socket Activation A daemon does not open a socket itself, it receives a socket from the manager Two types of socket activation: Accept=yes Accept=no → a single instance of the → a single instance of the service is started for each service is started for each connection connection → “wait” under inetd/xinetd → “nowait” under inetd/xinetd 31 / 43 Per-service network firewall I IPAddressAllow=10.20.30.0/24 1.2.3.4 I IPAddressDeny=* I IP{Ingress,Egress}FilterPath= BPF! 32 / 43 Low-level stuff 33 / 43 I MemoryDenyWriteExecute=yes I PrivateDevices=yes I NoNewPrivileges=yes I RestrictSUIDSGID=yes I ProtectKernelTunables=yes I ProtectClock=yes I ProtectHostname=yes I ProtectKernelLogs=yes I LockPersonality=yes 34 / 43 Capability limits I CapabilityBoundingSet= I Capability= I DropCapability= I AmbientCapabilities= 35 / 43 I SyscallFilter=... implemented using libseccomp I syscall1 | syscall2 | @group I @basic-io I @̃obsolete I SystemCallArchitectures=native|x86_64|i386|... I RestrictAddressFamilies=AF_UNIX|AF_INET|AF_INET6 |AF_CAN|AF_APPLETALK|... $ systemd-analyze syscall-filter @obsolete System call filtering “seccomp mode 2” 36 / 43 I SystemCallArchitectures=native|x86_64|i386|... I RestrictAddressFamilies=AF_UNIX|AF_INET|AF_INET6 |AF_CAN|AF_APPLETALK|... $ systemd-analyze syscall-filter @obsolete System call filtering “seccomp mode 2” I SyscallFilter=... implemented using libseccomp I syscall1 | syscall2 | @group I @basic-io I @̃obsolete 37 / 43 $ systemd-analyze syscall-filter @obsolete System call filtering “seccomp mode 2” I SyscallFilter=... implemented using libseccomp I syscall1 | syscall2 | @group I @basic-io I @̃obsolete I SystemCallArchitectures=native|x86_64|i386|... I RestrictAddressFamilies=AF_UNIX|AF_INET|AF_INET6 |AF_CAN|AF_APPLETALK|... 38 / 43 System call filtering “seccomp mode 2” I SyscallFilter=... implemented using libseccomp I syscall1 | syscall2 | @group I @basic-io I @̃obsolete I SystemCallArchitectures=native|x86_64|i386|... I RestrictAddressFamilies=AF_UNIX|AF_INET|AF_INET6 |AF_CAN|AF_APPLETALK|... $ systemd-analyze syscall-filter @obsolete 39 / 43 systemd-analyze security $ systemd-analyze security systemd-resolved.service 40 / 43 Fedora 32: systemd-analyze security * 41 / 43 Stacking the application systemd sandboxing selinux | apparmor | ... kernel 42 / 43 The End https://github.com/systemd/systemd docs: https://systemd.io/ https://www.freedesktop.org/wiki/Software/systemd/ this: https://github.com/keszybz/systemd-security-talk/ blob/master/systemd-security.pdf 43 / 43.
Load more

Recommended publications
  • Program #6: Word Count
    CSc 227 — Program Design and Development Spring 2014 (McCann) http://www.cs.arizona.edu/classes/cs227/spring14/ Program #6: Word Count Due Date: March 11 th, 2014, at 9:00 p.m. MST Overview: The UNIX operating system (and its variants, of which Linux is one) includes quite a few useful utility programs. One of those is wc, which is short for Word Count. The purpose of wc is to give users an easy way to determine the size of a text file in terms of the number of lines, words, and bytes it contains. (It can do a bit more, but that’s all of the functionality that we are concerned with for this assignment.) Counting lines is done by looking for “end of line” characters (\n (ASCII 10) for UNIX text files, or the pair \r\n (ASCII 13 and 10) for Windows/DOS text files). Counting words is also straight–forward: Any sequence of characters not interrupted by “whitespace” (spaces, tabs, end–of–line characters) is a word. Of course, whitespace characters are characters, and need to be counted as such. A problem with wc is that it generates a very minimal output format. Here’s an example of what wc produces on a Linux system when asked to count the content of a pair of files; we can do better! $ wc prog6a.dat prog6b.dat 2 6 38 prog6a.dat 32 321 1883 prog6b.dat 34 327 1921 total Assignment: Write a Java program (completely documented according to the class documentation guidelines, of course) that counts lines, words, and bytes (characters) of text files.
    [Show full text]
  • ENV-11 License Amendment
    CITY OF BURLINGTON ● DEPARTMENT OF PUBLIC WORKS ENV AMENDMENT TO SOLID WASTE LICENSE TO BE COMPLETED WHEN A VEHICLE FLEET CHANGES OR EARLY PICK UPS ARE REQUESTED PURSUANT TO CHAPTER 14, CODE OF ORDINANCES. (SEE INSTRUCTIONS ON BACK BEFORE COMPLETING) 11 IDENTIFICATION FEDERAL EIN ACCOUNT ID TRADE NAME (DBA, etc.) LEGAL NAME BUSINESS TELEPHONE NUMBER BUSINESS FAX NUMBER TAXPAYER REPRESENTATIVE YEARS IN BUSINESS FORM OF BUSINESS (check one) Sole Proprietorship Partnership/LLC Corporation BUSINESS ADDRESS CITY/TOWN STATE ZIP CODE CONTACT NAME CONTACT PHONE NUMBER CONTACT EMAIL ADDRESS AMENDMENT This is to amend the solid waste collection license for fiscal year 20____. EARLY PICK UPS Are you requesting early pick up? YES NO Are you requesting changes to an approved early pick up? YES NO Did you attach ENV-10B, Early Pick Up Requests? YES N/A CHANGES TO VEHICLE FLEET Has a vehicle been added to or removed from your fleet? YES NO Has the location of your parked vehicles changed? YES NO New Location: Did you attach ENV-10A, Vehicle Descriptions? YES N/A I certify that I have read the City of Burlington’s solid waste ordinance (Chapter 14, Burlington Code of Ordinances) and regulations. I understand that failure to observe the law and regulations could result in a revocation of my license to collect solid waste and recyclable material within the City of Burlington. I also certify that I understand the City of Burlington has a Noise Control Ordinance (Sec. 21-13, Code of Ordinances) and that I cannot begin the collection of solid waste or recyclable material before 7:00 a.m.
    [Show full text]
  • Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4
    SUSE Linux Enterprise Server 12 SP4 Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4 Provides information about how to manage storage devices on a SUSE Linux Enterprise Server. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xii 2 Giving Feedback xiv 3 Documentation Conventions xiv 4 Product Life Cycle and Support xvi Support Statement for SUSE Linux Enterprise Server xvii • Technology Previews xviii I FILE SYSTEMS AND MOUNTING 1 1 Overview
    [Show full text]
  • Security Assurance Requirements for Linux Application Container Deployments
    NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli Computer Security Division Information Technology Laboratory This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 October 2017 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology NISTIR 8176 SECURITY ASSURANCE FOR LINUX CONTAINERS National Institute of Standards and Technology Internal Report 8176 37 pages (October 2017) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. This p There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each ublication is available free of charge from: http publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.
    [Show full text]
  • Modern Programming Languages CS508 Virtual University of Pakistan
    Modern Programming Languages (CS508) VU Modern Programming Languages CS508 Virtual University of Pakistan Leaders in Education Technology 1 © Copyright Virtual University of Pakistan Modern Programming Languages (CS508) VU TABLE of CONTENTS Course Objectives...........................................................................................................................4 Introduction and Historical Background (Lecture 1-8)..............................................................5 Language Evaluation Criterion.....................................................................................................6 Language Evaluation Criterion...................................................................................................15 An Introduction to SNOBOL (Lecture 9-12).............................................................................32 Ada Programming Language: An Introduction (Lecture 13-17).............................................45 LISP Programming Language: An Introduction (Lecture 18-21)...........................................63 PROLOG - Programming in Logic (Lecture 22-26) .................................................................77 Java Programming Language (Lecture 27-30)..........................................................................92 C# Programming Language (Lecture 31-34) ...........................................................................111 PHP – Personal Home Page PHP: Hypertext Preprocessor (Lecture 35-37)........................129 Modern Programming Languages-JavaScript
    [Show full text]
  • Course Outline & Schedule
    Course Outline & Schedule Call US 408-759-5074 or UK +44 20 7620 0033 Suse Linux Advanced System Administration Curriculum Linux Course Code SLASA Duration 5 Day Course Price $2,425 Course Description This instructor led SUSE Linux Advanced System Administration training course is designed to teach the advanced administration, security, networking and performance tasks required on a SUSE Linux Enterprise system. Targeted to closely follow the official LPI curriculum (generic Linux), this course together with the SUSE Linux System Administration course will enable the delegate to work towards achieving the LPIC-2 qualification. Exercises and examples are used throughout the course to give practical hands-on experience with the techniques covered. Objectives The delegate will learn and acquire skills as follows: Perform administrative tasks with supplied tools such as YaST Advanced network configuration Network troubleshooting and analysing packets Creating Apache virtual hosts and hosting user web content Sharing Windows and Linux resources with SAMBA Configuring a DNS server and configuring DNS logging Configuring a DHCP server and client Sharing Linux network resources with NFS Creating Unit Files Configuring AutoFS direct and indirect maps Configuring a secure FTP server Configuring a SQUID proxy server Creating Btrfs subvolumes and snapshots Backing-up and restoring XFS filesystems Configuring LVM and managing Logical Volumes Managing software RAID Centralised storage with iSCSI Monitoring disk status and reliability with SMART Perpetual
    [Show full text]
  • How SUSE Helps Pave the Road to S/4HANA
    White Paper How SUSE Helps Pave the Road to S/4HANA Sponsored by: SUSE and SAP Peter Rutten Henry D. Morris August 2017 IDC OPINION According to SAP, there are now 6,800 SAP customers that have chosen S/4HANA. In addition, many more of the software company's customers still have to make the decision to move to S/4HANA. These customers have to determine whether they are ready to migrate their database for mission-critical workloads to a new database (SAP HANA) and a new application suite (S/4HANA). Furthermore, SAP HANA runs on Linux only, an operating environment that SAP customers may not have used extensively before. This white paper discusses the choices SAP customers have for migrating to S/4HANA on Linux and looks at how SUSE helps customers along the way. SITUATION OVERVIEW Among SAP customers, migration from traditional databases to the SAP HANA in-memory platform is continuing steadily. IDC's Data Analytics Infrastructure (SAP) Survey, November 2016 (n = 300) found that 49.3% of SAP customers in North America are running SAP HANA today. Among those that are not on SAP HANA, 29.9% will be in two to four years and 27.1% in four to six years. The slower adopters say that they don't feel rushed, stating that there's time until 2025 to make the decision, and that their current databases are performing adequately. While there is no specific order that SAP customers need to follow to get to S/4HANA, historically businesses have often migrated to SAP Business Warehouse (BW) on SAP HANA first as BW is a rewarding starting point for SAP HANA for two reasons: there is an instant performance improvement and migration is relatively easy since BW typically does not contain core enterprise data that is business critical.
    [Show full text]
  • Securing Server Applications Using Apparmor TUT-1179
    Securing Server Applications Using AppArmor TUT-1179 Brian Six Sales Engineer – SUSE [email protected] 1 Agenda AppArmor Introduction How to interact and configure Demo with simple script Can AppArmor help with containers Final thoughts 2 Intro to AppArmor 3 What is AppArmor? Bad software does what it shouldn’t do Good software does what it should do Secure software does what it should do, and nothing else AppArmor secures the Good and the Bad software 4 What is AppArmor? Mandatory Access Control (MAC) security system Applies policies to Applications Access to files and paths, network functions, system functions 5 What is AppArmor? Dynamic for existing profiled applications Regardless of the “user” the process is running as, the policy can be enforced. Root is no exception. 6 What is AppArmor? 7 Architecture Logging and OS Component Application Alerting AppArmor AppArmor Interface Application Profile AppArmor Linux Kernel 2.6 and later LSM Interface 8 How To Interact And Configure 9 How To Interact With AppArmor Apparmor-Utils First Install package 10 How To Interact With AppArmor Used more often 11 What Do Some Of These Do aa-status: Display aa-genprof : Create aa-logprof: Update aa-complain: Set a aa-enforce: Set a status of profile a profile an existing profile profile in complain profile in enforce enforcement mode mode 12 Common Permissions r – read w – write k – lock ux - unconstrained execute Ux - unconstrained execute – scrub px – discrete profile execute Px - discrete profile execute – scrub ix - inherit execute cx - local security profile l – link a – append m - mmap 13 Profile At-A-Glance https://doc.opensuse.org/documentation/leap/archive/42.3/security/html/book.security/cha.apparmor.profiles.html # a comment about foo's local (children) profile for #include <tunables/global> /usr/bin/foobar.
    [Show full text]
  • Praat Scripting Tutorial
    Praat Scripting Tutorial Eleanor Chodroff Newcastle University July 2019 Praat Acoustic analysis program Best known for its ability to: Visualize, label, and segment audio files Perform spectral and temporal analyses Synthesize and manipulate speech Praat Scripting Praat: not only a program, but also a language Why do I want to know Praat the language? AUTOMATE ALL THE THINGS Praat Scripting Why can’t I just modify others’ scripts? Honestly: power, flexibility, control Insert: all the gifs of ‘you can do it’ and ‘you got this’ and thumbs up Praat Scripting Goals ~*~Script first for yourself, then for others~*~ • Write Praat scripts quickly, effectively, and “from scratch” • Learn syntax and structure of the language • Handle various input/output combinations Tutorial Overview 1) Praat: Big Picture 2) Getting started 3) Basic syntax 4) Script types + Practice • Wav files • Measurements • TextGrids • Other? Praat: Big Picture 1) Similar to other languages you may (or may not) have used before • String and numeric variables • For-loops, if else statements, while loops • Regular expression matching • Interpreted language (not compiled) Praat: Big Picture 2) Almost everything is a mouse click! i.e., Praat is a GUI scripting language GUI = Graphical User Interface, i.e., the Objects window If you ever get lost while writing a Praat script, click through the steps using the GUI Getting Started Open a Praat script From the toolbar, select Praat à New Praat script Save immediately! Save frequently! Script Goals and Input/Output • Consider what
    [Show full text]
  • Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners
    Novell SUSE Linux Package Description and Support Level Information for Contracted Customers and Partners Definitions and Support Level Descriptions ACC: Additional Customer Contract necessary L1: Installation and problem determination, which means technical support Configuration designed to provide compatibility information, installation assistance, usage support, on-going maintenance and basic troubleshooting. Level 1 Support is not intended to correct product defect errors. L2: Reproduction of problem isolation, which means technical support designed to Potential Issues duplicate customer problems, isolate problem area and provide resolution for problems not resolved by Level 1 Support. L3: Code Debugging and problem resolution, which means technical support designed Patch Provision to resolve complex problems by engaging engineering in resolution of product defects which have been identified by Level 2 Support. Servicelevel Package Short Name Package Description SLES10 SP3 s390x 844-ksc-pcf Korean 8x4x4 Johab Fonts L2 a2ps Converts ASCII Text into PostScript L2 aaa_base SUSE Linux Base Package L3 aaa_skel Skeleton for Default Users L3 aalib An ASCII Art Library L2 aalib-32bit An ASCII Art Library L2 aalib-devel Development Package for AAlib L2 aalib-devel-32bit Development Package for AAlib L2 acct User-Specific Process Accounting L3 acl Commands for Manipulating POSIX Access Control Lists L3 adaptec-firmware Firmware files for Adaptec SAS Cards (AIC94xx Series) L3 agfa-fonts Professional TrueType Fonts L2 aide Advanced Intrusion Detection Environment L2 alsa Advanced Linux Sound Architecture L3 alsa-32bit Advanced Linux Sound Architecture L3 alsa-devel Include Files and Libraries mandatory for Development. L2 alsa-docs Additional Package Documentation. L2 amanda Network Disk Archiver L2 amavisd-new High-Performance E-Mail Virus Scanner L3 amtu Abstract Machine Test Utility L2 ant A Java-Based Build Tool L3 anthy Kana-Kanji Conversion Engine L2 anthy-devel Include Files and Libraries mandatory for Development.
    [Show full text]
  • High Velocity Kernel File Systems with Bento
    High Velocity Kernel File Systems with Bento Samantha Miller, Kaiyuan Zhang, Mengqi Chen, and Ryan Jennings, University of Washington; Ang Chen, Rice University; Danyang Zhuo, Duke University; Thomas Anderson, University of Washington https://www.usenix.org/conference/fast21/presentation/miller This paper is included in the Proceedings of the 19th USENIX Conference on File and Storage Technologies. February 23–25, 2021 978-1-939133-20-5 Open access to the Proceedings of the 19th USENIX Conference on File and Storage Technologies is sponsored by USENIX. High Velocity Kernel File Systems with Bento Samantha Miller Kaiyuan Zhang Mengqi Chen Ryan Jennings Ang Chen‡ Danyang Zhuo† Thomas Anderson University of Washington †Duke University ‡Rice University Abstract kernel-level debuggers and kernel testing frameworks makes this worse. The restricted and different kernel programming High development velocity is critical for modern systems. environment also limits the number of trained developers. This is especially true for Linux file systems which are seeing Finally, upgrading a kernel module requires either rebooting increased pressure from new storage devices and new demands the machine or restarting the relevant module, either way on storage systems. However, high velocity Linux kernel rendering the machine unavailable during the upgrade. In the development is challenging due to the ease of introducing cloud setting, this forces kernel upgrades to be batched to meet bugs, the difficulty of testing and debugging, and the lack of cloud-level availability goals. support for redeployment without service disruption. Existing Slow development cycles are a particular problem for file approaches to high-velocity development of file systems for systems.
    [Show full text]
  • Unique Identifier for Staff (UID Staff) Overview
    Unique Identifier for Staff (UID Staff) Overview The intent of this document is to provide an overview of the Unique Identifier for Staff (UID Staff) system prior to working in the UID Staff System. After reviewing this information, please review the training materials that are available on the UID Staff Training website (http://www.ncpublicschools.org/cedars/uniqueid/staff/training/) for instructions on how to complete the processes of the Staff UID System. Staff UID Overview • The Unique Identifier for Staff System (UID Staff) will assign a unique identifier to Staff who participate in the North Carolina public school system. • Unique IDs follow staff between school districts and remain valid even if they move out of state and then return to a NC public school. • Assigning unique identifiers is the first step in DPI’s multi-stage effort to create the NC Common Education Data Analysis and Reporting System (CEDARS). • UID Staff is built on the eScholar Uniq-ID® for Staff product. Overview of UID Staff Process The UID Staff process includes the following 8 steps: 1. Generate CEDARS Staff file from LEA/Charter School Payroll System • Instructions for generating this file can be found at: http://www.ncpublicschools.org/docs/cedars/uniqueid/staff/training/creating-extracts.pdf 2. Upload CEDARS Staff file into UID Staff and Initiates Data Validation • This file can be loaded into the Training Environment (https://cedarstrain.schools.nc.gov/staffid/) so that you can check for errors before loading into production. 3. Download Fix Errors Report (if data errors are found by the UID Staff System) 4.
    [Show full text]