Saturday, June 30, 2007


Years ago, before I was a High Paid IT Security Dude and UT99 Server Jockey, I was a High Paid Computer Consultant Geek. This was way back in pre-millennial times (1995-2000). For the most part, it was a decent job. I worked for a "Value Added Reseller". A gig here, a gig there. Replace parts, install software, get a new network up and running, that kind of thing. None of that long-term "body shop" bullshit where they sit your ass down in a cubicle and you're expected to mine for opportunities to get more billing bodies on-site (although, sadly, it eventually degraded down to that level).

I fixed broken computer shit and told people what to do and how to do it.

I also told them what not to do.

One of the things I evangelized against to every customer I ever had was the pure evil that was PCAnywhere. They never listened.

Ah, the horror stories I could tell you.

Like the Hospital IT staffer who decided to install PCAnywhere on a "mission-critical" Windows NT4 billing system at 4:30PM on a Friday afternoon. I didn't get out of there until 3PM the next afternoon. Good times, good times.

Everywhere you went, PCAnywhere was blue screening Windows servers. It didn't matter what version or which service pack. It simply blew up servers (in the NT 3.51 days, if you uninstalled a certain version of PCAnywhere it would delete every single file on the partition it was installed on - fun stuff!).

And everywhere you went the resident Windows honcho (the guy who convinced management to spend $50K on a PCAnywhere site license) always said "We've never had any problems with it."

All that disappeared after Windows 2000 and RDP (Remote Desktop Protocol) entered the stage. Some, like the dot-com I worked for before the bust, clung to PCAnywhere because it was somehow simply better than RDP (and they had already dropped the $50K on the site license). And they paid the price with server crashes, day after day.

While all that was going on, an Open Source project called VNC was maturing. In the Blue Screen of Death (BSOD) department, it had a similar track record. Sometimes, depending on your video driver, it was just plain fugly. But the site license was free.

I never cared for it much. To be fair, I never cared for any NTx remote control product. Sooner or later they all crashed servers.

Time went by and RDP took over. I haven't looked at another remote control product in the last five years, primarily due to the fact I work in a "Windows shop".

But VNC development marched on, unrelenting. Now it's up to version 4.1-ish. And now it's not entirely free anymore.

But it has certainly matured.

Although I'd never use anything but RDP on a Windows box these days (and I have seen a few extremely rare BSODs), the options for remote desktop control of a Linux box are more limited.

There's Cygwin X, but it's insecure, it doesn't do NAT (Network Address Translation), and they still have a problem integrating with the Windows clipboard (it worked for about two weeks several revisions ago but not since).

Then there's... well... not much else.

I tried VNC4 on a whim, since it was (is) available in Debian 4.0r0 and most if not all major Linux distros. I was prepared to be disappointed but in the end I was amazed at how well it performs, clipboard and all!

Now I have it on about seven Linux systems. It performs almost as well as RDP, even over an encrypted SSH (Secure Shell) tunnel over the 'Net. Absolutely astounding performance, compared to its earlier days. And the CPU footprint is barely five percent.

When used with VMWare Server (or VMWare Player for that matter), it's a much faster "desktop experience" than the native VMWare client.

And it absolutely leaves Cygwin-X in the dust.

There are a few drawbacks, mostly if you want a multi-user environment, in which case you have to decide how many users you want and which port to run them on (and then educate the end-users, a daunting task).

And of course there's that pesky site license issue.

Your boss'll get over it.

Trust me on that one.

Saturday, June 23, 2007

Security 3.0

The corposphere is all abuzz about Security 3.0!

Seems they just got back from a Gartner clusterfuck in Washington D.C. and they just can't stop talking about it. They gotta have it because it gets their corporate panties all tied up in a bunch just thinking about it!

Soon it will be Mr. HinkyDink's problem. I can only say "Bring it on suckaz!"

As you may or may not know, IRL the Dink is an Information Technology Security Whiz Kid. It's not a job I actively sought out. Rather I sort of fell into it during the dot-com days.

"Hey Dink! Wanna be the security officer?"

"I guess so."

And the job was mine. A few months later, at a burn rate of $1.7M per month the venture capital was drying up and it was obvious the place was sinking fast. I got out while the other rats were still in denial and finagled a job (for, sadly, much less money) at a large (9,000+ employees) organization as a programmer analyst. About two weeks later...

"Hey Dink! Wanna join my security team?"

"I guess so."

And the rest is... ummm... classified.

Anyhow, management reorgs and shakeups were the hallmark of the next few years and when the bits settled Dink was on top of the security heap. Not so high that he got to attend the Gartner clusterfuck personally, mind you. It's a very small heap, more properly described as a pile of crap.

Otherwise known as "Security 2.0"!

What is (was) "Security 2.0"? Funny you should ask. It was, according to Gartner, a pile of software and hardware security "point solutions". This translates to "a lot of small companies making money in a niche market". It turns out the Big Boys (IBM and HP in this case) noticed these small companies making money and bought them all up.

So they naturally turned to Gartner to "create buzz" over their new acquisitions. And that buzz is "Security 3.0"!

It will work out well for them. It always has. And I'll get a new budget that will end up in IBM and HP's deep, deep pockets.

Saturday, June 09, 2007


It's been a long time since my last post.

January, huh? Wow.

A lot has happened. Sometime in late January I put up EXPERIMENTAL I on an Ubuntu 6.04 VM I had on my desktop system. It ran surprisingly well. I had a couple of goals in mind:
  • Re-write Robo-Hinky to use a common code base across all running games
  • Implement a snort-based anti-cheat of my own design
  • Make a wireless UT server that I could toss into the garage, basement, attic, whatever, if and when I wanted.
This worked so well on the VM that I bought an ancient (circa 1998) IBM NetVista at a computer junk store (for about fifty bucks), installed Slackware 11.0 on it and moved EXPERIMENTAL I to its new home.

There were a few bumps in the Robo-Hinky transition but it went well, so I bought a Hiro H50069 802.11g Wireless Adapter from TigerDirect for the wireless part of the project.

After that, everything started to go to Hell.

I never really had any complaints about TigerDirect until I bought that card. Real tech specs are hard to come by, and many manufacturers will ship a variety of hardware products under a single model number. You never know what's under the hood until you rip it off and look.

BUT, at the time (they're out of stock now) TigerDirect had a "photo gallery" on this... thing... and the photographs clearly showed it was based on a RaLink chipset, which is A Good Thing™ for Linux tards such as myself. Native RaLink drivers exist, work well, and are under active development. I was looking for a RaLink card. And I thought I had found one. After all, there was a picture! And it showed the right chip!

caveat emptor

What I got was a card, same make and model number as the one advertised, but with a Marvell Libertas 88w8335 chipset.

WTF? Those bastards!

Don't get me wrong. It turns out Marvell makes marvelous (heh) wireless chips. Absolutely the lowest power consumption on the planet. In fact, a Marvell chipset has been chosen for use in the One Laptop Per Child (OLPC) project.

But there weren't any Linux drivers (not exactly true, but the drivers were only available to the OLPC development team - something to do with the proprietary ARM OS burned onto the chips).

So after a lot of bad feeling, negative reviews, support calls, RMAs, etc., etc., I said my final farewells to TigerDirect (sorry, fellas but someone else is getting my money from here on out) and bit the bullet.

I decided to keep the card because I couldn't find a RaLink card. I chalked the TigerDirect fiasco up to experience.

I used the NDISwrapper driver, which is a Linux user's driver of last resort. Through a bit of serious programming wizardry NDISwrapper allows you to use any network card you can find an... ugh... Windows driver for.

And it "sort of" worked for about six weeks. But I got tired of the hanging and the core dumps so I put it back on the wired network.

And the problems didn't go away.

As it turns out, Slackware 11.0 itself is a pile of crap. And I hate to say that because:
  • Slackware was my first experience with Linux (way back in 1994)
  • Slackware is blessed by (PRAISE HIS SWEET NAME!) Bob
In time it was also evident that using a wireless router as an access point is not a good idea. It "appears to work, but is not a good solution" (as they used to say in the Microsoft certification tests). My wireless router, a NetGear WGR614 sucked ass as an access point. It probably sucks as a router as well, but I use Linux and iptables for that anyway. It has since been retired (that is, trashed) in favor of a real access point, in my case a TrendNet TEW 430-APB.

In the middle of this entire driver/access point/OS fiasco I made a fatal error with fdisk (long story) and wiped out the BOT House server in the process. Since I had backups I put the whole shebang on the NetVista until I could rebuild the BOT House server. Performance was painful.

I thought I was going to rebuild with Ubuntu because it is a very, very slick Linux distro, but I have some serious problems with their basic philosophy (otherwise, if you can buy that drivel, I highly recommend it... not the drivel, the OS... Mrs.HinkyDink runs Ubuntu 6.04 and loves it). But Debian 4.0r0 came out in April, so I figured I'd give it a shot (BOT House was on an aging Debian Sarge distro before I trashed it).

And, as luck would have it, I found a GigaBit RaLink-based wireless NIC (VERIFIED!) at NewEgg.

Once BOT House was back on Debian I threw EXPERIMENTAL I on it as well, gutted the NetVista, wiped it, and replaced Slackware with Debian 4.0r0. The RaLink driver worked as expected (I never had any doubts about that) and the TrendNet access point proved to be rock solid (oddly, it too is powered by a Marvell Libertas chipset on an embedded Linux OS - go figure). I retired EXPERIMENTAL I and put EXPERIMENTAL II on the NetVista. I moved the NetVista to its new resting place where it is now doing double duty as a wireless print server. And a damned good wireless print server as well!

Everything works great now. It took six months and a lot of pain, but it works great. But what the Hell, I have too much free time as it is.