smashedbug.com, tech music and geek news

eWeek has released their Top Products of 2004 list and WOW.. lots of open source software on there!

Hanging out at the #1 spot is Firefox .. the first web browser to take marketshare from Internet Explorer .. umm.. ever.

Plone,a Web content management & application platform, also made the cut. Given the ferce competition in the CMS market from both open source and commercial vendors, it is very cool to see Plone has faught it to the top of this list, not to mention, to top places on other reviews and lists. Plone is based on several FOSS tools, including Zope and Python and it integrates nicely with Apache, Linux, and FreeBSD.

Linux 2.6, was the only operating system to make it on the top products list. Improved process scheduling, threading and memory management has improved its scalability, performance and responsiveness across the wide gamut of Linux enabled devices (cell phones, handhelds, routers, desktops, servers, mainframes, embedded devices, etc..).

As the list was the top ten products, including servers, laptops, backend hardware, etc.. it is very cool to see that three FOSS projects made the cut. Whats particularly interesting is, regardless of price, these projects have risen to the top (or close to it) of their respective fields. With this level of recognition, these projects (and the many other at that level) should see increased deployments and heighten interest which should result in even faster development, better bug reporting and fixing, integration of features important to the wider range of users, etc..etc..etc… This is much cooler than the huge list of commercial programs that have received success and companies decided to REDUCE R&D in an effort to maximize profits.

Here are a few Christmas tunes .. done Unix style.. See if you can figure them out.

A popular christmas song using shell commands

better !pout !cry
better watchout
lpr why
santa claus \< north pole \> town

cat /etc/passwd \> list
ncheck list
ncheck list
cat list | grep naughty \> nogiftlist
cat list | grep nice > giftlist
santa claus \< north pole \> town

who | grep sleeping
who | grep awake
who | grep bad || good
for (goodness sake) {
be good
}

better !pout !cry
better watchout
lpr why
santa claus \< north pole \>town

Here are some christmas song titles .. some are easy, some are a bit more difficult..

• Ag \bs
• #ffffff Christmas
• 1100 Days of Christmas
• ^!L
• (137 i7 5n0/\/)^3
• \away in a manger
• O(n) Christmas Tree

Its getting close to end of 2004. Looking back over the year, it has been quite interesting for the tech industry…

Viruses

2004 represented by far the worse (best?) year for viruses and malware. The year started out with a bang from two new viruses — W32/MyDoom-A and W32/Bagle-A .. they showed up and quickly topped the charts. After the big outbreak of W32/MyDoom-A, I believed that admins would tighten their systems and users would start to understand the importance of keeping their anti-virus software updated.

I was wrong. Each month it got worse. February introduced Sober, Netsky along with variants.. By March, Netsky took 5 of the top 10 spots for the month. Bagle grabbed 4 leaving the 10th spot for MyDoom-A. In April, Bagle learned a new trick — it compressed it self in a password protected Zip file .. people fell for the trick and it placed 8th on the list.. Netsky took *7* of the top 10 spots.

In May, the W32/Sasser virus made its debut. This completely absolutely DWARFED all other viruses. It accounted for 51.1% of ALL VIRUS reports for the month.

If that wasn’t enough, June rolled around with W32/Zafi-B, accounting for 30.4% of all viruses reported (which at this time, there was over 30 variants of Netsky & Bagle, along with variants of MyDoom and others.. so 30.4% is HUGE). By July, it increased to 59.2%, an all-time high for reports for a single virus.

Through August and September it maintained the #1 spot … In October, Netsky-P battled it out and took 1st (35.2% vs 28.0% for Zafi-B) .. the Top 10 viruses at this time accounted for 92% of all viruses reported.

In November, a new virus appeared — W32/Sober-I. While it didn’t make nearly as impressive of a debut as Zafi-B, it did manage to place #2, behind Netsky-P and edging out Zafi-B. The top 4 viruses were 73.5% of all reported viruses. The top 10 accounted for 91% of all reports.

December, if my mail logs are any indication, will have W32/Sober-I at the top of the heap followed by Netsky.

It amazes me that even with a full year of virus issues, the problem is still as big as it is. With the majority of viruses propogating via email, I believe this shows poorly on many admins. Freely avaialble tools such as ClamAV and Amavisd-new have been very successful on my systems.

Other Malware

Ahh.. the joys of spyware, adware, phishing schemes, browser exploits and other fun. 2004 was again, top of the heap. Spyware got much smarter, able to attach itself to regular executable files, automatically install additional spyware and generally cause havoc with the system. Spyware tools such as adaware and s&d spybot have simply not been able to keep up. As the year progressed, I was less and less successful at zapping the spyware from systems..

Luckily, most spyware uses one of the many holes in Internet Explorer and by not using Internet Explorer, it drastically reduces the problem. In addition to this, I wrote an article outlining how to utilize md5sum and gnupg to audit files and empower the user to know when files have changed (spyware attachments). While a bit geeky (perhaps I should write a front end?) it does underline a HUGE issue with the entire Windows default security model.

Open Source

While I think I can safely say that 2004 was not “the year of Linux on the desktop”, it was quite a year for open source. The late 2003 acquisition of SuSE and Ximian by Novell gave Novell the needed resources to become competitive. Novell outlined a plan to move its customers (Netware) over to Linux. Novell released Novel Linux Desktop (NLD) which is aimed at corporate desktops running Novell/Linux on the backend.

In addition to this, Novell helped Open Source by releasing several key components to the open source community.

While IBM and SCO were still at it in 2004, SCO’s case continued to fall apart.

Deploying FOSS solutions in the workplace proved much easier in 2004 than previous years. Many people turned to FOSS for the fix to many of Windows issues (viruses/malware/etc..). Growth of anti-virus/anti-spam projects grew exponentially. People were eager to get rid of Internet Explorer on the desktop and Firefox, in the first month of its official release, had over 10,000,000 officially counted downloads and dropped Internet Explorer’s market share under 90% .. the first time in many years.

Operating systems such as FreeBSD, NetBSD and Linux all had major releases (5-Stable, 2.0 and 2.6 respectively). These releases introduced major gains in hardware support, scalability, multi-processor support, 64-bit support and more.

For FOSS desktops, XOrg overtook XFree86 as the standard X-implementation. This has brought many enhancements to the desktop and (so far) has turned out to be a great example of how FOSS development is clearly superior (If a project stagnates, another project can come along and pick up and ball and run with it..)

Microsoft

Perhaps the biggest news out of Microsoft for all of 2004 was WinXP SP2 .. The update was designed to provide fixes to many of Windows security issues. While it did help, many security experts believe it does not do nearly enough. Infact, since SP2 was released, there have been several exploits against it. Yikes. I honestly believe that Windows needs a complete rewrite and it needs to axe-backwards compatibility (or atleast sandbox it) with a priority on security.

Back in July, the Department of Homeland Security recommended against using Internet Explorer (which I concluded equated to stop using Windows.. Well when 90% of all desktop computers are running Windows and the department of homeland security comes out with an advisory to NOT use it .. yikes.

I do congratulate Microsoft on keeping me busy. While cleaning viruses & spyware off computers is tedious, it does take quite a bit of time .. since I work hourly, its been nice. It also helped me get mail gateways and other FOSS backend solutions installed. Hurray!

Conclusion..

Compared to other years, this year wasn’t all that exciting. I can’t think of anything that was released that made me go “wow!” .. well umm, atleast anything that was originally released in 2004 (I did learn a lot about various UNIX tools that impressed me .. though some of them reach back to the 70’s and 80’s.. ). I was pleased to see the explosive growth of Firefox. This year was the first that I found FOSS on computers (ie people using firefox, gaim, etc..) without my recommendation. The word is getting out, which is cool. While I found that talking about FOSS was still difficult (for many, it doesn’t fit in their worldview of paying for goods and services) I did find it was easier to articulate many of the reasons behind FOSS and how it is better than traditional development models. Perhaps with peoples computers being bombarded with viruses and spyware, they were more interested in learning.

If your IT infrastructure crumbled, how would you handle it? How quickly it can be brought back online? What happens if key people are unable to address the issue when it occurs? Have you conducted a risk assessment on your network?

Power outages, power surges, hardware failures, software failures, user error, admin error, crackers, script kiddies, viruses, theft, fires and spyware are just some of the potential sources of IT infrastructure failure.

I have experienced many of the above situations. Needless to say, there have been situations where the entire company was effectively “offline” until a major server or system was brought back online so work could continue. In these situations, every minute counts.

So the question ends up being, with so many possible sources of failure, what is the best way to structure an IT infrastructure to reduce downtime?

There is going to be a balance between the “what ifs” and the financial impact. For any network, it is important to first diagram the topology of the network. Outline your major servers, infrastructure points, gateways, routers, etc. Next, determine the importance of certain parts of the network. For example, if 90% of your business is via your website, then most likely the web server and supporting equipment connecting it ot the infrastructure (router, switch, uplink) are very important.

When assessing the cost of downtime, look at potential loss of revenue, loss of employee productivity, etc. In the above example, if the web server was down for a day, it could result in not only a day worth of loss sales, but the lost productivity of the workforce, potential loss of future sales, etc.

After this broad assessment of the infrastructure is conducted, prioritize the assets to separate non-critical, semi-critical and critical elements.

It makes sense to look at the most critical elements. Determine what is satisfactory downtime in the event of one of the above issues. Does the system absolutely require as close to 100% available as possible? Is a day of downtime acceptable? This will provide a foundation for evaluation.

A vulnerability assessment will provide insight into potential issues with the network. This involves evaluating the physical, social, logical and software levels of the network.

Physical: Where is the actual equipment located? Is it secure? What type of physical security? Are ports (RJ-45) enabled or disabled by default? Where is data and backups of data stored (off-site? where?)

Social: Are users of the network informed on social engineering exploits? Are they aware of IT policy regarding use of other peoples accounts and providing password information (answer: don’t).

Logical: Is they network setup to not allow unauthorized devices to be on the network? Is the system self auditing to find these devices and report in a timely manner? Is access to resources restricted? (Ideally only the resouces needed by a user should be made available to the user) What does the network traffic look like? Is data encrypted or unencrypted? What type of encryption?

Software: Is the software up-to-date? Are security patches applied? Are Internet facing systems & processes generally considered good candidates? (designed for security, minimal/non-existant security-issues history, etc..)

By evaluating the network as a whole, it can point out many of the weaknesses of the network. Utilizing tools such as Nessus, Jack the Ripper, nmap and other network scanning tools can provide a good starting point in assessing the software & logical layers of the overall vulnerability assessment.

After these issues are taken care of (note: this should NOT be a one time deal .. active monitoring and regularly scheduled assessments are crucial to meet new threats and find potential new issues) it is time to focus attention on downtime. For critical, high-availablity systems, it is generally necessary to look into clustering, load-balancing or mirrored servers — generally on different power feeds, battery backups, switches, etc. Testing for failure on a regular basis is crucial.

Other systems where downtime is perhaps allowable, having the necessary parts available can save a significant amount of time. Its much easier to switch out a failed hard drive if a replacement is already on location. In addition to this, having a ghost image of the core system is also ideal. For example, if a hard drive fails, it would be possible to replace it with a new drive, load the software image on the system, reload the data from the backup and the system is back online. Compare this to installing a system from original media, configuring the system, trying to remember how certain items were configured, loading up data from backup, etc.. a significant time savings.

This brings up another VERY IMPORTANT item –> Network administrators should be _REQUIRED_ to document their systems! This includes a list of software loaded on the system, how items are configured, purpose of the system, how it is connected to the network, what it relies on, and, perhaps, most important, a running log of changes made to the system. I’ve been in situations where one admin changed a setting on a server, there was an issue which required a power-cycle, the server did not come back online .. as no one knew this particular admin (not available at the time) made the change, it took a considerable amount of time to bring the system back online due to a mis-configuration on that admins behalf.

An IT infrastructure is vulnerable on many levels. When disaster strikes, it is important to have an infrastructure inplace that is able to still function or be made to function in an acceptable amount of time as per the requirements of the users. Use of vulnerability/security assessment, policies, documentation and either online spares or available spares for the most critical systems provides the tools necessary to minimize an issue and minimize the impact that the issue has on the entire infrastructure. Bottom line? Be proactive and know your network.