DOCSLIB.ORG

Linux Journal | June 2016 | Issue

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Linux Journal | June 2016 | Issue HACK AND / Secure Desktops with Qubes: KYLE RANKIN Kyle Rankin is a Sr. Systems Administrator Compartments in the San Francisco Bay Area and the author Figuring out how to compartmentalize your of a number of books, desktop across VMs can be daunting, so I’ve including The Official provided an example of how I do it to help Ubuntu Server Book, Knoppix Hacks and you get started. Ubuntu Hacks. He is currently the president NEXT of the North Bay Linux PREVIOUS Users’ Group. Shawn Powers’ V V Dave Taylor’s The Open-Source Work the Shell Classroom THIS IS THE THIRD ARTICLES IN MY SERIES ABOUT QUBES. In the first two articles, I gave an overview about what Qubes is and described how to install it. One of the defining security features of Qubes is how it lets you compartmentalize your DIFFERENT DESKTOP ACTIVITIES INTO SEPARATE 6-S 4HE IDEA behind security by compartmentalization is that if one OF YOUR 6-S IS COMPROMISED THE DAMAGE IS LIMITED TO JUST THAT 6- 50 | June 2016 | http://www.linuxjournal.com LJ266-June2016.indd 50 5/18/16 12:58 PM HACK AND / 7HEN YOU FIRST START USING 1UBES YOU MAY NOT BE QUITE SURE HOW BEST TO DIVIDE UP ALL OF YOUR FILES AND ACTIVITIES INTO SEPARATE 6-S ) KNOW WHEN ) FIRST started using it, I found inspiration in Joanna Rutkowska’s (Qubes’ creator) paper on how she used Qubes (HTTPINVISIBLETHINGSLABCOMRESOURCES Software_compartmentalization_vs_physical_separation.pdf). In this article, ) DESCRIBE HOW ) ORGANIZE MY ACTIVITIES INTO 6-S ON MY PERSONAL COMPUTER Although I’m not saying my approach is perfect, and I certainly could secure things even further than I do, I at least will provide you one example you can use to get started. Summary of Qubes Concepts In my previous article, I elaborated on overall Qubes concepts like the DIFFERENT 6- TYPES TRUST LEVELS AND OTHER FEATURES BUT SINCE ) REFER TO those concepts in this article as well, here’s a brief summary. (If you want TO KNOW MORE READ MY COLUMN IN THE !PRIL AND -AY ISSUES 4HE FIRST CONCEPT TO UNDERSTAND WITH 1UBES IS THAT IT GROUPS 6-S INTO different categories based on their use. Here are the main categories of 6-S ) REFER TO IN THE REST OF THE ARTICLE Q $ISPOSABLE 6- THESE ALSO ARE REFERRED TO AS DISP6-S AND ARE DESIGNED FOR ONE TIME USE !LL DATA IN THEM IS ERASED WHEN THE application is closed. Q $OMAIN 6- THESE ALSO OFTEN ARE REFERRED TO AS APP6-S 4HEY ARE THE 6-S WHERE MOST APPLICATIONS ARE RUN AND WHERE USERS SPEND MOST of their time. Q 3ERVICE 6- SERVICE 6-S ARE SPLIT INTO SUBCATEGORIES OF NET6-S AND PROXY6-S 4HESE 6-S TYPICALLY RUN IN THE BACKGROUND AND PROVIDE YOUR APP6-S WITH SERVICES USUALLY NETWORK ACCESS Q 4EMPLATE 6- OTHER 6-S GET THEIR ROOT FILESYSTEM TEMPLATE FROM A 4EMPLATE 6- AND ONCE YOU SHUT THE APP6- OFF ANY CHANGES YOU MAY have made to that root filesystem are erased (only changes in /rw, USRLOCAL AND HOME PERSIST 'ENERALLY 4EMPLATE 6-S ARE LEFT POWERED off unless you are installing or updating software. 51 | June 2016 | http://www.linuxjournal.com LJ266-June2016.indd 51 5/18/16 12:58 PM HACK AND / 7HEN YOU CREATE NEW 6-S OF ANY TYPE YOU CAN ASSIGN THEM A COLOR based on your level of trust on a continuum from red (untrusted) to orange and yellow to green (somewhat more trusted) to blue and purple and grey (even more trusted) to black (ultimately trusted). The window BORDERS AND ICONS FOR A PARTICULAR 6- ARE COLORIZED BASED ON THEIR TRUST level, so you get visual cues that help prevent you from, for instance, PASTING TRUSTED PASSWORDS INTO AN UNTRUSTED 6- !LTHOUGH BY DEFAULT ALL NEW 1UBES 6-S YOU CREATE HAVE UNLIMITED network access, Qubes allows you to create firewall rules to restrict what A 6- CAN DO )F YOUR 6- DOESNT NEED NETWORK ACCESS SUCH AS FOR THE HIGHLY TRUSTED VAULT 6- YOU CAN USE TO STORE '0' KEYS AND PASSWORD vaults), you even can remove the network device completely. )N A DEFAULT INSTALL 1UBES PROVIDES A FEW APP6-S TO HELP YOU get started: Q UNTRUSTED APP6- RED Q PERSONAL APP6- YELLOW Q WORK APP6- GREEN Q VAULT APP6- BLACK 4HE IDEA IS FOR YOU TO PERFORM ANY GENERAL PURPOSE UNTRUSTED ACTIVITIES LIKE GENERAL 7EB BROWSING IN THE UNTRUSTED 6- AND NOT STORE ANY personal files there. Then you can perform more trusted activities LIKE CHECKING YOUR E MAIL OR ANY 7EB BROWSING THAT REQUIRES PERSONAL CREDENTIALS IN THE PERSONAL 6- 9OU CAN CHECK YOUR WORK E MAIL AND STORE YOUR WORK DOCUMENTS IN THE WORK 6- &INALLY YOU CAN STORE YOUR '0' keys and password manager files in the vault (which has no network at all). Although this is nice for getting started, as you can see, you may want to isolate your activities and files even further. 4HE INSTALLER ALSO CREATES A SYS NET SYS FIREWALL AND SYS WHONIX SERVICE 6- TO PROVIDE YOU WITH NETWORK ACCESS A FIREWALL FOR APP6-S AND A 4OR GATEWAY RESPECTIVELY 9OU ALSO OPTIONALLY CAN ENABLE A SYS USB SERVICE 6- THAT IS ASSIGNED ALL OF YOUR 53" CONTROLLERS TO PROTECT THE REST OF THE 52 | June 2016 | http://www.linuxjournal.com LJ266-June2016.indd 52 5/18/16 12:58 PM HACK AND / SYSTEM FROM 53" BASED ATTACKS My Personal Computer -Y PERSONAL COMPUTER IS A 0URISM ,IBREM AND MY GENERAL DESKTOP USE is pretty basic. Here’s my normal list of activities in order of risk: Q Web browsing. Q #HECKING E MAIL Q Chatting on IRC. Q 5SING MY $ PRINTER Q Writing articles. 'ENERALLY SPEAKING 7EB BROWSING AND E MAIL ARE THE RISKIEST ACTIVITIES I perform on my computer each day, as they can expose me to malicious file attachments and other compromises. On the other end, all I need to write articles is a text editor with no network access, so that’s a pretty SAFE ACTIVITY "ELOW ) LIST THE DIFFERENT APP6-S )VE CREATED BASED ON THIS TYPE OF USE ORDERED FROM LEAST TRUSTED TO MOST TRUSTED ) ALSO SHOW WHAT COLOR ) ASSIGNED THE 6- AND DESCRIBE HOW ) USE EACH APP6- dispVM—red: ) USE DISPOSABLE 6-S WHENEVER )M DOING SOMETHING PARTICULARLY RISKY SUCH AS WHEN ) WANT TO VIEW A SKETCHY LOOKING 52, For instance, my mail client is configured to open all attachments AUTOMATICALLY IN A DISPOSABLE 6- BASED ON THE OFFICIAL 1UBES MUTT guide: HTTPSWWWQUBES OSORGDOCMUTT). That way, even if someone were to send me a malicious Word document or PDF, I can read it in the DISPOSABLE 6- AND THE ATTACK IS ISOLATED INSIDE THAT 6- 7HEN ) CLOSE the document, any malicious program it is running goes away and in the meantime, the attacker had no access to any of my personal files. untrusted—red: -Y UNTRUSTED APP6- IS WHERE ) PERFORM ALL OF MY GENERAL PURPOSE 7EB BROWSING BUT NOT ANY 7EB SITES THAT REQUIRE A USER name and password. It has unrestricted access to the Internet. I’ve set UP SOME OTHER MORE TRUSTED 6-S SUCH AS THE ONE WHERE ) CHAT IN )2# 53 | June 2016 | http://www.linuxjournal.com LJ266-June2016.indd 53 5/18/16 12:58 PM HACK AND / In this way, any tracking cookies are limited to the Web browser inside this appVM; Tor prevents any other servers apart from Facebook from knowing I’m using Facebook, and even Facebook itself doesn’t know my IP. TO OPEN UP 52,S IN THIS 6- AUTOMATICALLY BY SETTING THE DEFAULT 7EB BROWSER IN THAT APP6- TO BE THE QVM OPEN IN VM COMMAND LINE TOOL ) DONT STORE ANY PERSONAL FILES IN MY UNTRUSTED 6- SO IF ) FEEL LIKE A 52, ) OPENED LOOKS PARTICULARLY SKETCHY ) CAN JUST DELETE THE 6- AND RE CREATE IT AND IN LESS THAN A MINUTE )M BACK WITH A CLEAN UNTRUSTED 6- 3INCE ) BROWSE RANDOM 7EB SITES WITH THIS 6- AND MIGHT OPEN OBSCURED 52, SHORTENED 52,S IN IT ITS ONE OF THE 6-S MOST LIKELY TO BE compromised. That said, because I don’t store any personal files in the 6- AND ) DONT BROWSE TO ANY 7EB SITES THAT REQUIRE A USER NAME AND PASSWORD THE MOST AN ATTACKER COULD DO BESIDES JUST USE THAT 6- FOR ITS network and CPU resources is view my general browsing habits. fb—orange: It may surprise some readers to know that I have a Facebook account. I personally don’t post to my account all that much (and when I do, I post only things I’m fine with the whole world seeing), but like many of you, I have friends that I don’t see often who post about what’s going on with their lives only on Facebook. I’m concerned about the privacy issues surrounding Facebook tracking my every move on the Web, but I still want to be able to view my friends’ posts, which I can’t do without logging in. -Y COMPROMISE HAS BEEN TO CREATE A SPECIAL APP6- JUST FOR &ACEBOOK AND NOTHING ELSE 4HIS APP6- IS CONFIGURED TO USE THE SYS WHONIX PROXY6- FOR NETWORK ACCESS SO ALL OF ITS TRAFFIC GOES OVER 4OR AND ) USE Facebook’s Tor hidden service at https://facebookcorewwwi.onion to access the site. In this way, any tracking cookies are limited to the Web BROWSER INSIDE THIS APP6- 4OR PREVENTS ANY OTHER SERVERS APART FROM Facebook from knowing I’m using Facebook, and even Facebook itself doesn’t know my IP.
Load more

Recommended publications
  • FY 2011 Annual Report
    We're software roadies. Software Freedom Conservancy is a public charity that acts as a non-profit home for dozens of Free, Libre, and Open Source Software (FLOSS) projects. Conservancy©s charitable mission is to help improve, develop, and defend FLOSS, and we do that by providing business, legal, and administrative services to our member projects. We have the honor of working with member projects comprised of, in our humble opinion, many of the best software developers in the world. Some of our member projects develop system software so ubiquitous that it permeates virtually every part of our society©s electronics-driven lifestyle. Other member projects are redefining how software will be written and even how computer science will be taught to the next generation of developers. Still others find their niche by solving a small-but- persistent problem better than anyone else ± and attract a cult following of users because of it. And, best of all, all of our member projects release their software under a license that allows the public to study, use, improve, and share the source code. Conservancy provides all of our ªrock starº member projects with a comprehensive suite of services, and then we get out of their way to let them do what they do best: write great software for the public©s benefit. Our structure. Conservancy acts as a fiscal sponsor to our member projects. We©ve engaged the leadership of each member project©s developer community and executed a fiscal sponsorship agreement that allows us to adopt that project as an official part of Conservancy©s corporate structure.
    [Show full text]
  • Linux Journal | August 2014 | Issue
    ™ SPONSORED BY Since 1994: The Original Magazine of the Linux Community AUGUST 2014 | ISSUE 244 | www.linuxjournal.com PROGRAMMING HOW-TO: + OpenGL Build, Develop Programming and Validate Creation of RPMs USE VAGRANT Sysadmin Cloud for an Easier Troubleshooting Development with dhclient Workflow Tips for PROMISE Becoming a THEORY Web Developer An In-Depth A Rundown Look of Linux for Recreation V WATCH: ISSUE OVERVIEW LJ244-Aug2014.indd 1 7/23/14 6:56 PM Get the automation platform that makes it easy to: Build Infrastructure Deploy Applications Manage In your data center or in the cloud. getchef.com LJ244-Aug2014.indd 2 7/23/14 11:41 AM Are you tiredtiered of of dealing dealing with with proprietary proprietary storage? storage? ® 9%2Ä4MHÆDCÄ2SNQ@FD ZFS Unified Storage zStax StorCore from Silicon - From modest data storage needs to a multi-tiered production storage environment, zStax StorCore zStax StorCore 64 zStax StorCore 104 The zStax StorCore 64 utilizes the latest in The zStax StorCore 104 is the flagship of the dual-processor Intel® Xeon® platforms and fast zStax product line. With its highly available SAS SSDs for caching. The zStax StorCore 64 configurations and scalable architecture, the platform is perfect for: zStax StorCore 104 platform is ideal for: VPDOOPHGLXPRIILFHILOHVHUYHUV EDFNHQGVWRUDJHIRUYLUWXDOL]HGHQYLURQPHQWV VWUHDPLQJYLGHRKRVWV PLVVLRQFULWLFDOGDWDEDVHDSSOLFDWLRQV VPDOOGDWDDUFKLYHV DOZD\VDYDLODEOHDFWLYHDUFKLYHV TalkTalk with with an anexpert expert today: today: 866-352-1173 866-352-1173 - http://www.siliconmechanics.com/zstax LJ244-Aug2014.indd 3 7/23/14 11:41 AM AUGUST 2014 CONTENTS ISSUE 244 PROGRAMMING FEATURES 64 Vagrant 74 An Introduction to How to use Vagrant to create a OpenGL Programming much easier development workflow.
    [Show full text]
  • Linux Journal | February 2016 | Issue
    ™ A LOOK AT KDE’s KStars Astronomy Program Since 1994: The Original Magazine of the Linux Community FEBRUARY 2016 | ISSUE 262 | www.linuxjournal.com + Programming Working with Command How-Tos Arguments in Your Program a Shell Scripts BeagleBone Interview: Katerina Black Barone-Adesi on to Help Brew Beer Developing the Snabb Switch Network Write a Toolkit Short Script to Solve a WATCH: ISSUE Math Puzzle OVERVIEW V LJ262-February2016.indd 1 1/21/16 5:26 PM NEW! Agile Improve Product Business Development Processes with an Enterprise Practical books Author: Ted Schmidt Job Scheduler for the most technical Sponsor: IBM Author: Mike Diehl Sponsor: people on the planet. Skybot Finding Your DIY Way: Mapping Commerce Site Your Network Author: to Improve Reuven M. Lerner Manageability GEEK GUIDES Sponsor: GeoTrust Author: Bill Childers Sponsor: InterMapper Combating Get in the Infrastructure Fast Lane Sprawl with NVMe Author: Author: Bill Childers Mike Diehl Sponsor: Sponsor: Puppet Labs Silicon Mechanics & Intel Download books for free with a Take Control Linux in simple one-time registration. of Growing the Time Redis NoSQL of Malware http://geekguide.linuxjournal.com Server Clusters Author: Author: Federico Kereki Reuven M. Lerner Sponsor: Sponsor: IBM Bit9 + Carbon Black LJ262-February2016.indd 2 1/21/16 5:26 PM NEW! Agile Improve Product Business Development Processes with an Enterprise Practical books Author: Ted Schmidt Job Scheduler for the most technical Sponsor: IBM Author: Mike Diehl Sponsor: people on the planet. Skybot Finding Your DIY Way: Mapping Commerce Site Your Network Author: to Improve Reuven M. Lerner Manageability GEEK GUIDES Sponsor: GeoTrust Author: Bill Childers Sponsor: InterMapper Combating Get in the Infrastructure Fast Lane Sprawl with NVMe Author: Author: Bill Childers Mike Diehl Sponsor: Sponsor: Puppet Labs Silicon Mechanics & Intel Download books for free with a Take Control Linux in simple one-time registration.
    [Show full text]
  • DM-Relay - Safe Laptop Mode Via Linux Device Mapper
    ' $ DM-Relay - Safe Laptop Mode via Linux Device Mapper Study Thesis by cand. inform. Fabian Franz at the Faculty of Informatics Supervisor: Prof. Dr. Frank Bellosa Supervising Research Assistant: Dipl.-Inform. Konrad Miller Day of completion: 04/05/2010 &KIT – Universitat¨ des Landes Baden-Wurttemberg¨ und nationales Forschungszentrum in der Helmholtz-Gemeinschaft www.kit.edu % I hereby declare that this thesis is my own original work which I created without illegitimate help by others, that I have not used any other sources or resources than the ones indicated and that due acknowledgment is given where reference is made to the work of others. Karlsruhe, April 5th, 2010 Contents Deutsche Zusammenfassung xi 1 Introduction 1 1.1 Problem Definition . .1 1.2 Objectives . .1 1.3 Methodology . .1 1.4 Contribution . .2 1.5 Thesis Outline . .2 2 Background 3 2.1 Problems of Disk Power Management . .3 2.2 State of the Art . .4 2.3 Summary of this chapter . .8 3 Analysis 9 3.1 Pro and Contra . .9 3.2 A new approach . 13 3.3 Analysis of Proposal . 15 3.4 Summary of this chapter . 17 4 Design 19 4.1 Common problems . 19 4.2 System-Design . 21 4.3 Summary of this chapter . 21 5 Implementation of a dm-module for the Linux kernel 23 5.1 System-Architecture . 24 5.2 Log suitable for Flash-Storage . 28 5.3 Using dm-relay in practice . 31 5.4 Summary of this chapter . 31 vi Contents 6 Evaluation 33 6.1 Methodology . 33 6.2 Benchmarking setup .
    [Show full text]
  • Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks Phuong M
    CAUDIT: Continuous Auditing of SSH Servers To Mitigate Brute-Force Attacks Phuong M. Cao, Yuming Wu, and Subho S. Banerjee, UIUC; Justin Azoff and Alex Withers, NCSA; Zbigniew T. Kalbarczyk and Ravishankar K. Iyer, UIUC https://www.usenix.org/conference/nsdi19/presentation/cao This paper is included in the Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’19). February 26–28, 2019 • Boston, MA, USA ISBN 978-1-931971-49-2 Open access to the Proceedings of the 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’19) is sponsored by CAUDIT: Continuous Auditing of SSH Servers to Mitigate Brute-Force Attacks Phuong M. Cao1, Yuming Wu1, Subho S. Banerjee1, Justin Azoff2;3, Alexander Withers3, Zbigniew T. Kalbarczyk1, Ravishankar K. Iyer1 1University of Illinois at Urbana-Champaign, 2Corelight, 3National Center for Supercomputing Applications Abstract While only a small fraction of such attempts succeed, they This paper describes CAUDIT1, an operational system have led to major misuses in 51% of 1,800 surveyed organi- deployed at the National Center for Supercomputing Applica- zations, with a financial impact of up to $500,000 per organi- tions (NCSA) at the University of Illinois. CAUDIT is a fully zation [7]. automated system that enables the identification and exclusion This paper describes the production deployment of of hosts that are vulnerable to SSH brute-force attacks. Its CAUDIT at the National Center for Supercomputing Ap- key features include: 1) a honeypot for attracting SSH-based plications (NCSA) at the University of Illinois over a period attacks over a /16 IP address range and extracting key meta- of 463 days.
    [Show full text]
  • Linux Journal | January 2016 | Issue
    ™ AUTOMATE Full Disk Encryption Since 1994: The Original Magazine of the Linux Community JANUARY 2016 | ISSUE 261 | www.linuxjournal.com IMPROVE + Enhance File Transfer Client-Side Performance Security for Users Making Sense of Profiles and RC Scripts ABINIT for Computational Chemistry Research Leveraging Ad Blocking WATCH: ISSUE Audit Serial OVERVIEW Console Access V LJ261-January2016.indd 1 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M. Lerner Silicon Mechanics Sponsor: IBM & Intel Download books for free with a Linux in Apache Web simple one-time registration. the Time Servers and of Malware SSL Encryption Author: Author: http://geekguide.linuxjournal.com Federico Kereki Reuven M. Lerner Sponsor: Sponsor: GeoTrust Bit9 + Carbon Black LJ261-January2016.indd 2 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M.
    [Show full text]
  • Praise for the Official Ubuntu Book
    Praise for The Official Ubuntu Book “The Official Ubuntu Book is a great way to get you started with Ubuntu, giving you enough information to be productive without overloading you.” —John Stevenson, DZone Book Reviewer “OUB is one of the best books I’ve seen for beginners.” —Bill Blinn, TechByter Worldwide “This book is the perfect companion for users new to Linux and Ubuntu. It covers the basics in a concise and well-organized manner. General use is covered separately from troubleshooting and error-handling, making the book well-suited both for the beginner as well as the user that needs extended help.” —Thomas Petrucha, Austria Ubuntu User Group “I have recommended this book to several users who I instruct regularly on the use of Ubuntu. All of them have been satisfied with their purchase and have even been able to use it to help them in their journey along the way.” —Chris Crisafulli, Ubuntu LoCo Council, Florida Local Community Team “This text demystifies a very powerful Linux operating system . in just a few weeks of having it, I’ve used it as a quick reference a half dozen times, which saved me the time I would have spent scouring the Ubuntu forums online.” —Darren Frey, Member, Houston Local User Group This page intentionally left blank The Official Ubuntu Book Sixth Edition This page intentionally left blank The Official Ubuntu Book Sixth Edition Benjamin Mako Hill Matthew Helmke Amber Graner Corey Burger With Jonathan Jesse, Kyle Rankin, and Jono Bacon Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • Oral History of Linus Torvalds
    • Computer • History Museum Oral History of Linus Torvalds Interviewed by: Grady Booch Edited by: Dag Spicer Recorded: July 27, 2008 Portland, Oregon CHM Reference number: X4596.2008 © 2008 Computer History Museum Oral History of Linus Torvalds Grady Booch: Here we are on July 25th [2008] in the lovely home of Linus Torvalds, interviewing him for the Computer History Museum. So, thank you very much for joining us here. Well, actually not for joining us, we're joining you. So, thank you for inviting us in. Let's begin at the very, very beginning. You were born where? Tell us a little about your childhood. Linus Torvalds: I was born in Helsinki, 1969, and quite frankly, I don't remember much of my childhood. I'm told there are people who remember when they were small. My memory goes back to about when I was ten-years old and that's it, nothing very special, I'm afraid. Booch: And your parents? Tell us a little bit about that. Torvalds: My whole family is basically journalists. So my dad is a journalist, my mother is a journalist, my sister has become a journalist, my uncle on my father's side, my grandfather on my father's side. They're all journalists. So I'm actually the black sheep in the family, although there are a few scientists on my mother's side, so… Booch: Scientists of what nature, what field where they? Torvalds: My grandfather on my mother's side was a mathematician, statistics, and my uncle on that side is a physicist, so… Booch: And indeed, claims are that you were either named after Linus from the Peanuts strip or Linus Pauling.
    [Show full text]
  • LINUX JOURNAL | Issue 284 | March 2018
    What’s New Shell Scripting Raspberry Pi in Qubes 4 Security Alternatives Since 1994: The original magazine of the Linux community DEEP DIVE BLOCKCHAIN PLUS POSTGRESQL 10 The Latest and Most Interesting Features BITCOIN AND TAXES Cryptocurrency and Uncle Sam LINUXBOOT FOSS Project Spotlight ISSUE 284 | MARCH 2018 www.linuxjournal.com MARCH 2018 CONTENTS ISSUE 284 DEEP DIVE: Blockchain 95 Blockchain, Part I: Introduction and Cryptocurrency by Petros Koutoupis What makes both bitcoin and blockchain so exciting? What do they provide? Why is everyone talking about this? And, what does the future hold? 105 Blockchain, Part II: Configuring a Blockchain Network and Leveraging the Technology by Petros Koutoupis How to set up a private etherium blockchain using open-source tools and a look at some markets and industries where blockchain technologies can add value. 2 | March 2018 | http://www.linuxjournal.com CONTENTS 6 From the Editor—Doc Searls Help Us Cure Online Publishing of Its Addiction to Personal Data UPFRONT 18 FOSS Project Spotlight: LinuxBoot by David Hendricks, Ron Minnich, Chris Koch and Andrea Barberio 24 Readers’ Choice Awards 26 Shorter Commands by Kyle Rankin 29 For Open-Source Software, the Developers Are All of Us by Derek Zimmer 32 Taking Python to the Next Level by Joey Bernard 37 Learning IT Fundamentals by Kyle Rankin 40 Introducing Zero-K, a Real-Time Strategy Game for Linux by Oflameo 45 News Briefs COLUMNS 46 Kyle Rankin’s Hack and / What’s New in Qubes 4 52 Reuven M. Lerner’s At the Forge PostgreSQL 10: a Great New Version for a Great Database 64 Shawn Powers’ The Open-Source Classroom Cryptocurrency and the IRS 72 Zack Brown’s diff -u What’s New in Kernel Development 76 Susan Sons’ Under the Sink Security: 17 Things 86 Dave Taylor’s Work the Shell Shell Scripting and Security 178 Glyn Moody’s Open Sauce Looking Back: What Was Happening Ten Years Ago? LINUX JOURNAL (ISSN 1075-3583) is published monthly by Linux Journal, LLC.
    [Show full text]
  • Chapter 1 - Describing Open Source & Free Software Communities
    PROTECTING THE VIRTUAL COMMONS Self-organizing open source and free software communities and innovative intellectual property regimes Ruben van Wendel de Joode Hans de Bruijn Michel van Eeten Delft September 2002 Draft version (official version to be published by Asser Press in 2003) For questions, suggestions or comments please contact: Ruben van Wendel de Joode at [email protected] © 2002 Ruben van Wendel de Joode, Hans de Bruijn and Michel van Eeten Table of contents ACKNOWLEDGEMENTS..............................................................................................5 INTRODUCTION.............................................................................................................6 Questions guiding the research...................................................................................6 Structure of the report .................................................................................................7 CHAPTER 1 - DESCRIBING OPEN SOURCE & FREE SOFTWARE COMMUNITIES...............................................................................................................9 1.1 - INTRODUCTION........................................................................................................9 1.2 - POPULARITY OF OPEN SOURCE AND FREE SOFTWARE.............................................9 1.3 - HISTORICAL DEVELOPMENT OF OPENNESS & FREEDOM.......................................11 The origin of the Internet ..........................................................................................11 Richard
    [Show full text]
  • LINUX JOURNAL (ISSN 1075-3583) Is Published Monthly by Belltown Media, Inc., PO Box 980985, Houston, TX 77098 USA
    SSH TUNNELS AND ENCRYPTED VIDEO STREAMING ™ WATCH: ISSUE OVERVIEW V APRIL 2016 | ISSUE 264 LinuxJournal.com Since 1994: The Original Magazine of the Linux Community + STUNNEL Intro to Pandas The Python Data Analysis SECURITY Library for Databases A Look at printf A Super- Protect Useful Scripting Your Desktop Command Environment What’s the with Qubes Kernel Space of Democracy? BE SMART ABOUT CREATING A SMART HOME LJ264-April2016.indd 1 3/22/16 10:12 AM NEW! Self-Audit: Agile Checking Product Assumptions Development at the Door Practical books Author: Author: Ted Schmidt for the most technical Greg Bledsoe Sponsor: IBM Sponsor: people on the planet. HelpSystems Improve Finding Your Business Way: Mapping Processes with Your Network an Enterprise to Improve !""#$!%&'"( Job Scheduler Manageability Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs Download books for free with a Get in the Take Control simple one-time registration. Fast Lane of Growing with NVMe Redis NoSQL http://geekguide.linuxjournal.com Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M. Lerner Silicon Mechanics Sponsor: IBM & Intel LJ264-April2016.indd 2 3/22/16 10:12 AM NEW! Self-Audit: Agile Checking Product Assumptions Development at the Door Practical books Author: Author: Ted Schmidt for the most technical Greg Bledsoe Sponsor: IBM Sponsor: people on the planet. HelpSystems Improve Finding Your Business Way: Mapping Processes with Your Network an Enterprise to Improve !""#$!%&'"( Job Scheduler Manageability Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: Skybot InterMapper DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M.
    [Show full text]
  • Linux Journal | June 2016
    RUN A FULL VERSION OF R ON ANDROID ™ WATCH: ISSUE OVERVIEW V JUNE 2016 | ISSUE 266 http://www.linuxjournal.com Since 1994: The Original Magazine of the Linux Community Automate Certificate Maintenance with LET’S ENCRYPT How to + BUILD Organize a Raspberry Your Pi Camera Qubes GETTING STARTED VMs with nginx LJ266-June2016.indd 1 5/18/16 12:58 PM NEW! Ceph: Linux on Open-Source Power SDS Author: Practical books Author: Ted Schmidt Ted Schmidt Sponsor: Sponsor: HelpSystems for the most technical SUSE people on the planet. SSH: a Self-Audit: Modern Checking Lock for Assumptions Your Server? at the Door GEEK GUIDES Author: Author: Federico Kereki Greg Bledsoe Sponsor: Sponsor: Fox Technologies HelpSystems Agile Improve Product Business Development Processes with Author: an Enterprise Ted Schmidt Job Scheduler Sponsor: IBM Author: Mike Diehl Sponsor: Skybot Download books for free with a Finding Your DIY simple one-time registration. Way: Mapping Commerce Site Your Network Author: to Improve Reuven M. Lerner http://geekguide.linuxjournal.com Manageability Sponsor: GeoTrust Author: Bill Childers Sponsor: InterMapper LJ266-June2016.indd 2 5/18/16 12:58 PM NEW! Ceph: Linux on Open-Source Power SDS Author: Practical books Author: Ted Schmidt Ted Schmidt Sponsor: Sponsor: HelpSystems for the most technical SUSE people on the planet. SSH: a Self-Audit: Modern Checking Lock for Assumptions Your Server? at the Door GEEK GUIDES Author: Author: Federico Kereki Greg Bledsoe Sponsor: Sponsor: Fox Technologies HelpSystems Agile Improve Product Business Development Processes with Author: an Enterprise Ted Schmidt Job Scheduler Sponsor: IBM Author: Mike Diehl Sponsor: Skybot Download books for free with a Finding Your DIY simple one-time registration.
    [Show full text]