DOCSLIB.ORG

Creating Ipsec and SSL/TLS Tunnels in Linux What's New

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Creating Ipsec and SSL/TLS Tunnels in Linux What's New FACEBOOK | WEBGOAT | TOR | DNS | SLEUTHKIT | PACKETFENCE LINUX JOURNAL ™ UU Getting the Most Out of GCC UU Securing Open-Source Phones SECURITY UU How to Store Passwords Safely UU New Column: Hack and / Since 1994: The Original Magazine of the Linux Community JANUARY 2008 | ISSUE 165 Facebook | WebGoat | Tor | DNS | Sleuthkit | PacketFence | GCC Qtopia SXE VPNs | DNS Sleuthkit PacketFence | Tor | WebGoat Facebook SECURITY UU Learn the Path to a More Secure System UU Use Autopsy and Sleuthkit to Analyse Security Breaches UU Discover Dangerous Flaws in Your DNS Infrastructure JANUARY www.linuxjournal.com 2008 Creating IPsec and SSL/TLS $5.99US $6.99CAN 01 ISSUE + Tunnels in Linux 165 What’s New with Eric Raymond? 0 74470 03102 4 lj023:lj018.qxd 11/12/2007 5:36 PM Page 1 The Straight Talk People SM SINCE 1991 ABERDEEN TRUE QUAD-CORE SERVERS. UP TO 16 INDIVIDUAL CORES. ABERDEEN STONEHAVEN A135 ABERDEEN STONEHAVEN A151 ABERDEEN STONEHAVEN A284 Four Quad-Cores 1U 3TB Quad Quad-Core HPC Server 1U 4TB Dual Quad-Core Server 2U 8TB Dual Quad-Core Server • Up to four Quad-Core AMD Opteron™ 8000 Series processors • Up to two Quad-Core AMD Opteron 2000 Series processors • Up to two Quad-Core AMD Opteron 2000 Series processors • nVIDIA nForce Pro Chipset with 64-Bit Support • nVIDIA nForce Pro Chipset with 64-Bit Support • nVIDIA nForce Pro Chipset with 64-Bit Support • Up to 64GB 667MHz ECC Registered DDR2 SDRAM • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 64GB 667MHz ECC Registered DDR2 SDRAM • Up to 3 x 1TB (3TB Total) Hot-Swap SATA Hard Drives • Up to 4 x 1TB (4TB Total) Hot-Swap SATA Hard Drives • Up to 8 x 1TB (8TB Total) Hot-Swap SATA Hard Drives • 1000W AC Power Supply w/PFC • 560W AC Power Supply w/PFC • 700W Redundant Hot-Swap Power Supply • 5-Year Warranty • 5-Year Warranty • 5-Year Warranty $ $ $ Starting at 3,789 Starting at 1,599 Starting at 2,059 ABERDEEN STONEHAVEN X314 ABERDEEN STONEHAVEN X418 ABERDEEN STONEHAVEN X526 3U 12TB Dual Quad-Core Storage Server 4U 16TB Dual Quad-Core Storage Server 5U 24TB Dual Quad-Core Storage Server • Up to two Quad-Core AMD Opteron 2000 Series processors • Up to two Quad-Core AMD Opteron 2000 Series processors • Up to two Quad-Core AMD Opteron 2000 Series processors • nVIDIA nForce Pro Chipset with 64-Bit Support • nVIDIA nForce Pro Chipset with 64-Bit Support • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 24 x 1TB (24TB Total) Hot-Swap SATA Hard Drives • Up to 12 x 1TB (12TB Total) Hot-Swap SATA Hard Drives • Up to 16 x 1TB (16TB Total) Hot-Swap SATA Hard Drives • Up to two Internal SATA Hard Drives for OS • Areca ARC-1231ML PCI Express 800MB/sec RAID Controller • Areca ARC-1261ML PCI Express 800MB/sec RAID Controller • Areca ARC-1280ML PCI Express 800MB/sec RAID Controller • 650W 2+1 Redundant Hot-Swap Power Supply • 650W 2+1 Redundant Hot-Swap Power Supply • 950W 3+1 Triple Redundant Hot-Swap Power Supply • 5-Year Warranty • 5-Year Warranty • 5-Year Warranty $ $ $ Starting at 3,359 Starting at 3,819 Starting at 4,959 ABERDEEN STONEHAVEN X633 ABERDEEN STONEHAVEN X840 Enhanced AMD PowerNow!™ technology delivers optimum power and performance for each core depending on core workloads, without compromising performance. 6U 32TB Dual Quad-Core Storage Server 8U 40TB Dual Quad-Core Storage Server • Up to two Quad-Core AMD Opteron 2000 Series processors • Up to two Quad-Core AMD Opteron 2000 Series processors • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 32GB 667MHz ECC Registered DDR2 SDRAM • Up to 32 x 1TB (32TB Total) Hot-Swap SATA Hard Drives • Up to 40 x 1TB (40TB Total) Hot-Swap SATA Hard Drives • Up to two Rear Hot Swap SATA Hard Drives for OS • Up to two Rear Hot Swap SATA Hard Drives for OS • Dual Areca PCI Express 800MB/sec RAID Controllers • Dual Areca PCI Express 800MB/sec RAID Controllers • 1350W 3+1 Triple Redundant Power Supply • 1350W 3+1 Triple Redundant Power Supply • 5-Year Warranty • 5-Year Warranty $ $ Starting at 6,399 Starting at 7,999 AMD, the AMD Arrow logo, AMD Opteron, and combinations thereof, are trademarks of Advanced Micro Devices, Inc. For terms and conditions, please see www.aberdeeninc.com/abpoly/abterms.htm. lj023 888-297-7409 www.aberdeeninc.com/lj023 SEE US AT ANY OF THESE SHOWS! Infrastructure Mgt. World Manage Any Data Center. Scottsdale, AZ - Booth TBD Sept. 10 - 12 Anytime. Anywhere. VM World San Francisco, CA - Booth 1113 Sept. 11 - 13 AFCOM Data Center World Dallas, TX - Booth 436 Sept. 17 - 18 High Perf. on Wall Street New York, NY - Booth 216 Sept. 17 IDC Enterprise Infra. Forum New York, NY - Booth TBD Sept. 20 Interface Salt Lake City Salt Lake City, UT - Booth 309 Oct. 4 GEOINT San Antonio, TX - Booth 374 Oct. 22 - 24 Interop New York Fall New York, NY - Booth 543 Oct. 24 - 25 AFCEA Asia-PAC TechNet Honolulu, HI - Booth 516 Nov. 4 - 9 Super Computing Reno, NV - Booth 164 Nov. 12 - 15 LISA Dallas, TX - Booth 200 Nov. 14 - 15 DaCEY Awards Atlanta, GA Nov. 15 Gartner Data Center Conf. Las Vegas, NV - Booth TBD Nov. 27 - 30 Interface Seattle Seattle, WA - Booth 206 Nov. 28 Avocent builds hardware and software to access, manage and control any IT asset in your data center, online or offl ine, keeping it, and your business, “always on”. VisitVisit us on our Remote Control Tour. For locations near Avocent, the Avocent logo and The Power of Being There, are registered yyou,ou, go to www.avocent.com/remotecontrol. trademarks of Avocent Corporation. ©2007 Avocent Corporation. Avocent_RemoteAd_issNov.indd 1 9/7/07 4:25:46 PM JANUARY 2008 CONTENTS Issue 165 FEATURES 40 THE TAO OF LINUX SECURITY: FIVE LESSONS FOR A SECURE DEPLOYMENT 60 PACKETFENCE REVISITED Tighten up your systems from the start using this simple plan. PacketFence’s extensive isolation mechanisms secure both your wired and wireless networks. Jeramiah Bowling Regis Balzard and Dominik Gehl 48 DIGGING UP DIRT IN THE DNS HIERARCHY, PART I Even when your DNS system is functioning normally, all ON THE COVER may not be well below the surface. • Getting the Most Out of GCC, p. 70 • Securing Open-Source Phones, p. 80 Ron Aitchison • How to Store Passwords Safely, p. 76 • New Column: Hack and /, p. 34 54 INTRODUCTION TO FORENSICS • Learn the Path to a More Secure System, p. 40 Hit the ground running on your first forensics project • Use Autopsy and Sleuthkit to Analyse Security Breaches, p. 54 • Discover Dangerous Flaws in Your DNS Infrastructure, p. 48 with Autopsy and Sleuthkit. • Creating IPsec and SSL/TLS Tunnels in Linux, p. 90 Kyle Rankin • What's New with Eric Raymond?, p. 66 2 | january 2008 www.linuxjournal.com COVER IMAGE ©ISTOCKPHOTO.COM/YANNIS NTOUSIOPOULOS JANUARY 2008 CONTENTS Issue 165 COLUMNS INDEPTH 16 REUVEN M. LERNER’S 66 INTERVIEW WITH AT THE FORGE ERIC RAYMOND Working with Facebook Eric Raymond on open source. Glyn Moody 20 MARCEL GAGNÉ’S COOKING WITH LINUX 70 GCC FOR EMBEDDED Security’s Front Door ENGINEERS A look at how GCC works and how to get the most out of this marvel of modern software engineering. Gene Sally 76 GPG-BASED PASSWORD WALLET Forget your passwords. Carl Welch 80 SECURITY IN QTOPIA PHONES 80 SECURITY IN QTOPIA PHONES Open source doesn’t mean insecure. 24 MICK BAUER’S PARANOID PENGUIN Lorn Potter Next Month Getting a Clue with WebGoat 84 SEPARATE THE STATIC FROM THE DYNAMIC WITH TOMCAT VIRTUALIZATION AND APACHE Next month, we’ll take a look at Efficiency tricks with Apache using the GPL’d Open Source Edition and Tomcat. of innotek’s VirtualBox, with a focus Alan Berg on virtualization for home enthusi- asts. And for enterprise users, we 90 CREATING VPNS WITH show you how to migrate a large IPSEC AND SSL/TLS number of servers to virtual machines The two most common and current with around only 30 minutes of techniques for creating VPNs. downtime using VMware. Rami Rosen And, as always, there’s much more. 30 DAVE TAYLOR’S We review Zonbu, the Earth-friendly WORK THE SHELL IN EVERY ISSUE Gentoo-based desktop computer with on-line storage and automated Numerology, or the Number 23 8 LETTERS backup and updates. We continue 12 UPFRONT looking at techniques for diagnosing KYLE RANKIN’S 34 36 NEW PRODUCTS and auditing your DNS systems. And, HACK AND / 81 ADVERTISERS INDEX we tackle the “How small can you Browse the Web without a Trace make it?” question typically asked by embedded engineers. 96 DOC SEARLS’ EOF Why to Build on FOSS in the First Place USPS LINUX JOURNAL (ISSN 1075-3583) is published monthly by Belltown Media, Inc., 2211 Norfolk, Ste 514, Houston, TX 77098 USA. Periodicals postage paid at Houston, Texas and at additional mailing offices. Cover price is $5.99 US. Sub scrip tion rate is $25/year in the United States, $32 in Canada and Mexico, $62 elsewhere. POSTMASTER: Please send address changes to Linux Journal, PO Box 980985, Houston, TX 77098. Subscriptions start with the next issue. Canada Post: Publications Mail Agreement #41549519. Canada Returns to be sent to Bleuchip International, P.O. Box 25542, London, ON N6C 6B2 4 | january 2008 www.linuxjournal.com Executive Editor Jill Franklin jill@linuxjournal.com Senior Editor Doc Searls doc@linuxjournal.com Art Director Garrick Antikajian garrick@linuxjournal.com Products Editor James Gray GO SOLID.
Load more

Recommended publications
  • Embedded Linux Systems with the Yocto Project™
    OPEN SOURCE SOFTWARE DEVELOPMENT SERIES Embedded Linux Systems with the Yocto Project" FREE SAMPLE CHAPTER SHARE WITH OTHERS �f, � � � � Embedded Linux Systems with the Yocto ProjectTM This page intentionally left blank Embedded Linux Systems with the Yocto ProjectTM Rudolf J. Streif Boston • Columbus • Indianapolis • New York • San Francisco • Amsterdam • Cape Town Dubai • London • Madrid • Milan • Munich • Paris • Montreal • Toronto • Delhi • Mexico City São Paulo • Sidney • Hong Kong • Seoul • Singapore • Taipei • Tokyo Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. The author and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein. For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales depart- ment at corpsales@pearsoned.com or (800) 382-3419. For government sales inquiries, please contact governmentsales@pearsoned.com. For questions about sales outside the U.S., please contact intlcs@pearson.com. Visit us on the Web: informit.com Cataloging-in-Publication Data is on file with the Library of Congress.
    [Show full text]
  • Smashing the Stack Protector for Fun and Profit
    Smashing the Stack Protector for Fun and Profit Bruno Bierbaumer1 ( ), Julian Kirsch1, Thomas Kittel1, Aurélien Francillon2, and Apostolis Zarras3 1 Technical University of Munich, Munich, Germany bierbaumer@sec.in.tum.de 2 EURECOM, Sophia Antipolis, France 3 Maastricht University, Maastricht, Netherlands Abstract. Software exploitation has been proven to be a lucrative busi- ness for cybercriminals. Unfortunately, protecting software against attacks is a long-lasting endeavor that is still under active research. However, certain software-hardening schemes are already incorporated into current compilers and are actively used to make software exploitation a compli- cated procedure for the adversaries. Stack canaries are such a protection mechanism. Stack canaries aim to prevent control flow hijack by detecting corruption of a specific value on the program’s stack. Careful design and implementation of this conceptually straightforward mechanism is crucial to defeat stack-based control flow detours. In this paper, we examine 17 different stack canary implementations across multiple versions of the most popular Operating Systems running on various architectures. We systematically compare critical implementation details and introduce one new generic attack vector which allows bypassing stack canaries on current Linux systems running up-to-date multi-threaded software altogether. We release an open-source framework (CookieCrumbler) that identifies the characteristics of stack canaries on any platform it is compiled on and we propose mitigation techniques against stack-based attacks. Although stack canaries may appear obsolete, we show that when they are used correctly, they can prevent intrusions which even the more sophisticated solutions may potentially fail to block. 1 Introduction Buffer overflow vulnerabilities are as old as the Internet itself.
    [Show full text]
  • Rmox: a Raw-Metal Occam Experiment
    Communicating Process Architectures – 2003 269 Jan F. Broenink and Gerald H. Hilderink (Eds.) IOS Press, 2003 RMoX: A Raw-Metal occam Experiment Fred BARNES†, Christian JACOBSEN† and Brian VINTER‡ † Computing Laboratory, University of Kent, Canterbury, Kent, CT2 7NF, England. {frmb2,clj3}@kent.ac.uk ‡ Department of Mathematics and Computer Science, University of Southern Denmark, Odense, Denmark. vinter@imada.sdu.dk Abstract. Operating-systems are the core software component of many modern com- puter systems, ranging from small specialised embedded systems through to large distributed operating-systems. This paper presents RMoX: a highly concurrent CSP- based operating-system written in occam. The motivation for this stems from the overwhelming need for reliable, secure and scalable operating-systems. The major- ity of operating-systems are written in C, a language that easily offers the level of flexibility required (for example, interfacing with assembly routines). C compilers, however, provide little or no mechanism to guard against race-hazard and aliasing er- rors, that can lead to catastrophic run-time failure (as well as to more subtle errors, such as security loop-holes). The RMoX operating-system presents a novel approach to operating-system design (although this is not the first CSP-based operating-system). Concurrency is utilised at all levels, resulting in a system design that is well defined, easily understood and scalable. The implementation, using the KRoC extended oc- cam, provides guarantees of freedom from race-hazard and aliasing errors, and makes extensive use of the recently added support for dynamic process creation and channel mobility. Whilst targeted at mainstream computing, the ideas and methods presented are equally applicable for small-scale embedded systems — where advantage can be made of the lightweight nature of RMoX (providing fast interrupt responses, for ex- ample).
    [Show full text]
  • Computational PHYSICS Shuai Dong
    Computational physiCs Shuai Dong Evolution: Is this our final end-result? Outline • Brief history of computers • Supercomputers • Brief introduction of computational science • Some basic concepts, tools, examples Birth of Computational Science (Physics) The first electronic general-purpose computer: Constructed in Moore School of Electrical Engineering, University of Pennsylvania, 1946 ENIAC: Electronic Numerical Integrator And Computer ENIAC Electronic Numerical Integrator And Computer • Design and construction was financed by the United States Army. • Designed to calculate artillery firing tables for the United States Army's Ballistic Research Laboratory. • It was heralded in the press as a "Giant Brain". • It had a speed of one thousand times that of electro- mechanical machines. • ENIAC was named an IEEE Milestone in 1987. Gaint Brain • ENIAC contained 17,468 vacuum tubes, 7,200 crystal diodes, 1,500 relays, 70,000 resistors, 10,000 capacitors and around 5 million hand-soldered joints. It weighed more than 27 tons, took up 167 m2, and consumed 150 kW of power. • This led to the rumor that whenever the computer was switched on, lights in Philadelphia dimmed. • Input was from an IBM card reader, and an IBM card punch was used for output. Development of micro-computers modern PC 1981 IBM PC 5150 CPU: Intel i3,i5,i7, CPU: 8088, 5 MHz 3 GHz Floppy disk or cassette Solid state disk 1984 Macintosh Steve Jobs modern iMac Supercomputers The CDC (Control Data Corporation) 6600, released in 1964, is generally considered the first supercomputer. Seymour Roger Cray (1925-1996) The father of supercomputing, Cray-1 who created the supercomputer industry. Cray Inc.
    [Show full text]
  • A Port of the MINIX OS to the Powerpc Platform
    MinixPPC A port of the MINIX OS to the PowerPC platform Creating a programming model for architecture independency Master Thesis Computer Science Ingmar A. Alting September 15, 2006 First reader and supervisor: Andrew S. Tanenbaum Dept. of Computer Science Faculty of Sciences Vrije Universiteit De Boelelaan 1081A 1081 HV Amsterdam, the Netherlands e-mail: ast@cs.vu.nl Second reader: Herbert Bos Dept. of Computer Science Faculty of Sciences Vrije Universiteit Amsterdam De Boelelaan 1081A 1081 HV Amsterdam, the Netherlands e-mail: herbertb@cs.vu.nl Thesis by: Ingmar A. Alting Weth. W. de Boerstraat 18 1788AT Den Helder, the Netherlands email: iaalting@gmail.com Abstract The main goal of this project is to indicate what it means to port an operating system from one architecture to another, and provide a programming paradigm that would make future ports easy and fast. The “natively” supported architecture of MINIX is the IBM PC compatible, that's built around the Intel architecture. This is a CISC architecture with hardware support for easy stack usage. The choice for the POWER architecture could not have been further away as this is a RISC architecture, and completely” different in many ways. This thesis will focuses on the model created for creating portable system code. Not to be confused with portable programs using a “standard” API. It will describe the changes made and problems faced porting the MINIX code base. The places where changes are made can be viewed as hotspots. For every new architecture compatibility problems are to be expected there. Some hotspots are used as example and the solution taken for MinixPPC is presented to the reader.
    [Show full text]
  • IT Acronyms.Docx
    List of computing and IT abbreviations /.—Slashdot 1GL—First-Generation Programming Language 1NF—First Normal Form 10B2—10BASE-2 10B5—10BASE-5 10B-F—10BASE-F 10B-FB—10BASE-FB 10B-FL—10BASE-FL 10B-FP—10BASE-FP 10B-T—10BASE-T 100B-FX—100BASE-FX 100B-T—100BASE-T 100B-TX—100BASE-TX 100BVG—100BASE-VG 286—Intel 80286 processor 2B1Q—2 Binary 1 Quaternary 2GL—Second-Generation Programming Language 2NF—Second Normal Form 3GL—Third-Generation Programming Language 3NF—Third Normal Form 386—Intel 80386 processor 1 486—Intel 80486 processor 4B5BLF—4 Byte 5 Byte Local Fiber 4GL—Fourth-Generation Programming Language 4NF—Fourth Normal Form 5GL—Fifth-Generation Programming Language 5NF—Fifth Normal Form 6NF—Sixth Normal Form 8B10BLF—8 Byte 10 Byte Local Fiber A AAT—Average Access Time AA—Anti-Aliasing AAA—Authentication Authorization, Accounting AABB—Axis Aligned Bounding Box AAC—Advanced Audio Coding AAL—ATM Adaptation Layer AALC—ATM Adaptation Layer Connection AARP—AppleTalk Address Resolution Protocol ABCL—Actor-Based Concurrent Language ABI—Application Binary Interface ABM—Asynchronous Balanced Mode ABR—Area Border Router ABR—Auto Baud-Rate detection ABR—Available Bitrate 2 ABR—Average Bitrate AC—Acoustic Coupler AC—Alternating Current ACD—Automatic Call Distributor ACE—Advanced Computing Environment ACF NCP—Advanced Communications Function—Network Control Program ACID—Atomicity Consistency Isolation Durability ACK—ACKnowledgement ACK—Amsterdam Compiler Kit ACL—Access Control List ACL—Active Current
    [Show full text]
  • Operating System Components for an Embedded Linux System
    INSTITUTEFORREAL-TIMECOMPUTERSYSTEMS TECHNISCHEUNIVERSITATM¨ UNCHEN¨ PROFESSOR G. F ARBER¨ Operating System Components for an Embedded Linux System Martin Hintermann Studienarbeit ii Operating System Components for an Embedded Linux System Studienarbeit Executed at the Institute for Real-Time Computer Systems Technische Universitat¨ Munchen¨ Prof. Dr.-Ing. Georg Farber¨ Advisor: Prof.Dr.rer.nat.habil. Thomas Braunl¨ Author: Martin Hintermann Kirchberg 34 82069 Hohenschaftlarn¨ Submitted in February 2007 iii Acknowledgements At first, i would like to thank my supervisor Prof. Dr. Thomas Braunl¨ for giving me the opportunity to take part at a really interesting project. Many thanks to Thomas Sommer, my project partner, for his contribution to our good work. I also want to thank also Bernard Blackham for his assistance by email and phone at any time. In my opinion, it was a great cooperation of all persons taking part in this project. Abstract Embedded systems can be found in more and more devices. Linux as a free operating system is also becoming more and more important in embedded applications. Linux even replaces other operating systems in certain areas (e.g. mobile phones). This thesis deals with the employment of Linux in embedded systems. Various architectures of embedded systems are introduced and the characteristics of common operating systems for these devices are reviewed. The architecture of Linux is examined by looking at the particular components such as kernel, standard C libraries and POSIX tools for embedded systems. Furthermore, there is a survey of real-time extensions for the Linux kernel. The thesis also treats software development for embedded Linux ranging from the prerequi- sites for compiling software to the debugging of binaries.
    [Show full text]
  • Anatomy of Cross-Compilation Toolchains
    Embedded Linux Conference Europe 2016 Anatomy of cross-compilation toolchains Thomas Petazzoni free electrons thomas.petazzoni@free-electrons.com Artwork and Photography by Jason Freeny free electrons - Embedded Linux, kernel, drivers - Development, consulting, training and support. http://free-electrons.com 1/1 Thomas Petazzoni I CTO and Embedded Linux engineer at Free Electrons I Embedded Linux specialists. I Development, consulting and training. I http://free-electrons.com I Contributions I Kernel support for the Marvell Armada ARM SoCs from Marvell I Major contributor to Buildroot, an open-source, simple and fast embedded Linux build system I Living in Toulouse, south west of France Drawing from Frank Tizzoni, at Kernel Recipes 2016 free electrons - Embedded Linux, kernel, drivers - Development, consulting, training and support. http://free-electrons.com 2/1 Disclaimer I I am not a toolchain developer. Not pretending to know everything about toolchains. I Experience gained from building simple toolchains in the context of Buildroot I Purpose of the talk is to give an introduction, not in-depth information. I Focused on simple gcc-based toolchains, and for a number of examples, on ARM specific details. I Will not cover advanced use cases, such as LTO, GRAPHITE optimizations, etc. I Will not cover LLVM free electrons - Embedded Linux, kernel, drivers - Development, consulting, training and support. http://free-electrons.com 3/1 What is a cross-compiling toolchain? I A set of tools that allows to build source code into binary code for
    [Show full text]
  • Design and Implementation of Embedded Linux System for Networking Devices
    Design and Implementation of Embedded Linux System for Networking Devices Hyun-Joon Cha Distributed Processing and Network Management Laboratory Division of Electrical and Computer Engineering (Computer Science and Engineering) tachyon@postech.ac.kr POSTECH Design and Implementation of Embedded Linux System (1/24) DP&NM Lab. for Networking Devices Contents • Introduction • Current Embedded Operating Systems • Requirements • Design of Embedded Linux System • Implementation • Conclusions • Future work POSTECH Design and Implementation of Embedded Linux System (2/24) DP&NM Lab. for Networking Devices Introduction • Networking Devices – Devices which has networking capability – Infrastructure of emerging information society • e.g.) Router, Switch, Gateway, Cache engine, Cellular phone, PDA, etc. – Network-capable devices will substitute current dummy and not- connected devices all around – Need more resources, processing power and OSs to coordinate it – Most networking devices use commercial Real-time OSs POSTECH Design and Implementation of Embedded Linux System (3/24) DP&NM Lab. for Networking Devices Introduction – cont’d • Embedded OSs for Networking Devices – Commercial: VxWorks, pSOS, QNX, Nucleus, LynxOS, VRTX, etc. – Free or Almost Free: Xinu, uC/OS, etc. • Frequently Raised Problems from Industry and Academy – No OS approach or using educational OS is harmful – High purchase price and royalty -> affect development cost and device price – Limited target and development platform – OS specific architecture and interface – Technology
    [Show full text]
  • Choosing System C Library
    Choosing System C library Khem Raj Comcast Embedded Linux Conference Europe 2014 Düsseldorf Germany Introduction “God defined C standard library everything else is creation of man” Introduction • Standard library for C language • Provides primitives for OS service • Hosted/freestanding • String manipulations • Types • I/O • Memory • APIs Linux Implementations • GNU C library (glibc) • uClibc • eglibc – Now merged into glibc • Dietlibc • Klibc • Musl • bionic Multiple C library FAQs • Can I have multiple C libraries side by side ? • Can programs compiled with glibc run on uclibc or vice versa ? • Are they functional compatible ? • Do I need to choose one over other if I am doing real time Linux? • I have a baremetal application what libc options do I have ? Posix Compliance • Posix specifies more than ISO C • Varying degree of compliance What matters to you ? • Code Size • Functionality • Interoperability • Licensing • Backward Compatibility • Variety of architecture support • Dynamic Linking • Build system Codesize • Dietlibc/klibc – Used in really small setup e.g. initramfs • Bionic – Small linked into every process • uClibc – Configurable • Size can be really small at the expense of functionality • Eglibc – Has option groups can be ( < 1M ) License • Bionic – BSD/Apache-2.0 • Musl - MIT • Uclibc – LGPL-2.1 • Eglibc/Glibc – LGPL-2.1 Assigned to FSF • Dietlibc – GPLv2 • Klibc – GPLv2 • Newlib – some parts are GPLv3 Compliance • Musl strives for ISO/C and POSIX compliance No-mmu • uClibc supported No-mmu Distributions • Glibc is used in
    [Show full text]
  • The GNU General Public License (GPL) Does Govern All Other Use of the Material That Constitutes the Autoconf Macro
    Notice About this document The following copyright statements and licenses apply to software components that are distributed with various versions of the StorageGRID PreGRID Environment products. Your product does not necessarily use all the software components referred to below. Where required, source code is published at the following location: ftp://ftp.netapp.com/frm-ntap/opensource/ 215-10078_A0_ur001-Copyright 2015 NetApp, Inc. All rights reserved. 1 Notice Copyrights and licenses The following component is subject to the BSD 1.0 • Free BSD - 44_lite BSD 1.0 Copyright (c) 1982, 1986, 1990, 1991, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. • All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. • Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
    [Show full text]
  • April 2006 Volume 31 Number 2
    APRIL 2006 VOLUME 31 NUMBER 2 THE USENIX MAGAZINE OPINION Musings RIK FARROW OpenSolaris:The Model TOM HAYNES PROGRAMMING Code Testing and Its Role in Teaching BRIAN KERNIGHAN Modular System Programming in MINIX 3 JORRIT N. HERDER, HERBERT BOS, BEN GRAS, PHILIP HOMBURG, AND ANDREW S. TANENBAUM Some Types of Memory Are More Equal Than Others DIOMEDIS SPINELLIS Simple Software Flow Analysis Using GNU Cflow CHAOS GOLUBITSKY Why You Should Use Ruby LU KE KANIES SYSADMIN Unwanted HTTP:Who Has the Time? DAVI D MALONE Auditing Superuser Usage RANDOLPH LANGLEY C OLUMNS Practical Perl Tools:Programming, Ho Hum DAVID BLANK-EDELMAN VoIP Watch HEISON CHAK /dev/random ROBERT G. FERRELL STANDARDS USENIX Standards Activities NICHOLAS M. STOUGHTON B O OK REVIEWS Book Reviews ELIZABETH ZWICKY, WITH SAM STOVER AND RI K FARROW USENIX NOTES Letter to the Editor TED DOLOTTA Fund to Establish the John Lions Chair C ONFERENCES LISA ’05:The 19th Large Installation System Administration Conference WORLDS ’05: Second Workshop on Real, Large Distributed Systems FAST ’05: 4th USENIX Conference on File and Storage Technologies The Advanced Computing Systems Association Upcoming Events 3RD SYMPOSIUM ON NETWORKED SYSTEMS 2ND STEPS TO REDUCING UNWANTED TRAFFIC ON DESIGN AND IMPLEMENTATION (NSDI ’06) THE INTERNET WORKSHOP (SRUTI ’06) Sponsored by USENIX, in cooperation with ACM SIGCOMM JULY 6–7, 2006, SAN JOSE, CA, USA and ACM SIGOPS http://www.usenix.org/sruti06 MAY 8–10, 2006, SAN JOSE, CA, USA Paper submissions due: April 20, 2006 http://www.usenix.org/nsdi06 2006
    [Show full text]