Tuesday, July 14, 2015

Adobe updates Flash/Shockwave (again); Mozilla auto blocks Flash; Facebook calls for its death;

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh.
Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.
You may review Adobe Security Bulletin APSB15-17 and apply the necessary update.

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player.
Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system.
Versions affected include Adobe Flash Player 9 through
You may review Adobe Security Bulletin APSA15-18 and apply the necessary updates.
Additional information can be found in Vulnerability Notes VU#338736 and VU#918568

A quick way to see if you’re vulnerable is to go to this Adobe website and run the check to see if they need to update.
If you need the update you’ll get a Sorry, your computer doesn’t have the latest Flash Player installed.
You can then click the download the latest version of Flash Player link below.
If you get the Congratulations, your computer has the latest Flash Player installed, no further action is required.

I should mention that as of about 11:30 AM, Microsoft has yet to release an updated version of Flash for IE 11 on Windows 8.1
I’d expect a release either later today or early tomorrow morning.
Windows 7 users and all other browsers (e.g. Firefox) should be able to update using the links above.
Since Chrome uses Pepper Flash, it will update itself.

Mozilla’s Firefox browser is now blocking Flash across the board, until such time that Adobe can assure the product is safe.
The same article also mentions that Facebook’s security chief would like to see an End-of-Life date for Flash and all browsers to agree to stop supporting it.

FWIW, there is still too much Flash content and HTML5 isn’t being as widely embraced as content creators would hope.
However, IMHO, it may be only a matter of time before CDNs embrace the change to HTML5 or find some other DRM laden software to replace Flash altogether.
At least we can be happy that whatever does happen, CDNs won’t choose Silverlight anymore.

Wednesday, January 21, 2015

How I got started with BSD

I watch the BSDNow show, and a little while back they asked people to submit stories for how they got started with BSD.  I didn't submit my own story, but listening to the stories submitted by others I figured I'd share it on my own crappy blog.

So back in late 2001 or early 2002 I started looking into Linux and at the time the distribution I decided to use was SuSE. An uncle at the time worked for a university that actually mirrored SuSE (this was before the Novell acquistion and the creation of OpenSUSE). I want to say SuSE 7.3 was my first version and I remember he got me 3 burned CDs. I had at the time a Gateway with a Celeron, 40GB Hard Drive and 1 GB of Ram that came pre-loaded with Windows XP.  However I wanted to try Linux and decided to install it over the whole thing.  I didn't know about Gnome or KDE and I think SuSE defaulted to gnome so that's what I installed.  I used SuSE for quite some time and kept my system pretty up to date and as the releases came out I downloaded them, usually via torrent.  I think the last version I used was 10.2 or possibly 10.3 although it was OpenSUSE at that time.

Now I was in University at that time, and had been playing around with other systems. Briefly Ubuntu, but frankly I hate that and will never use it again. I had an old laptop I ran Linux Mint and it was pretty fun, but had no practical purpose other than giving life to an older laptop.

Then my junior and senior year I came work for the computer science department, as a lab assistant. Basically I just helped people print, login and a few other things, but hey it paid money.  Well the guy in charge was for a while actually running the department behind an OpenBSD firewall.  I had never heard of OpenBSD before this, and well decided to look into the world of BSD.  I tried to figure out OpenBSD, but I'll be honest I was a little scared because I was used to the GUI filled linux world.  However I also stumbled into FreeBSD and it's installer reminded me of something like slackware which I also played around with a little before then.

I didn't however end up running any BSD systems until I got into my current position.  I mostly had Windows knowledge and some Linux knowledge and they mostly used Windows and had some CentOS systems and not much else.  However then came a problem that needed an immediate fix.  A Cisco 7206 (I think that's what it was) was being DDOS'd or otherwise kept getting knocked offline and other than restarting the equipment Cisco wasn't any help because as I understood someone let the smartnet lapse and well Cisco doesn't help you much without that.  One of the other guys had this great idea - or idea anyway - he suggested getting some hardware that was just laying around  and putting OpenBSD on it.

They basically took the config of the Cisco device and made a similar config in PF and the 7206 basically became a glorified media converter for some DS3s.  Over time I eventually become more involved in the networking where I work and started learning OpenBSD.  We also started using FreeBSD leveraging the awesomeness of ZFS for storage servers, everything from email archiving to backup systems (using bacula) and even just web servers, dns servers and mail servers.  We also replaced a bunch of Cisco 2801 devices with OpenBSD firewalls mostly because we did away with T1s and most of our customers now have Ethernet connections or are provided copper pairs.  We now maintain some 35 customers with OpenBSD firewalls, plus 8 core firewalls at various locations setup in CARP pairs, plus close to 70 Soekris based devices running OpenBSD using OpenVPN to connect back to our main campus.

Perhaps the most surprising thing is is that all of this is actually happening in East Texas, an area not known for being technologically forward.

Now we are still a Windows environment on the desktop and still use Windows servers for several purposes, but whenever possible BSD is the preferred OS for simplicity of setup and use, not to mention the ease of securing and the large community of support that is available should you have a question or need something resolved.


One of the more interesting things about ZFS is the raidz functions which are raidz, raidz2 and raidz3 - and are supposed to be technically equivalent or at least similar to RAID-5, RAID-6 and well there isn't anything comparable to raidz3 that I know of, anyway I recently had to setup a system using raidz, mostly because I don't trust the hardware RAID controller I am using anymore and just setup all the disks in what the card refers to as single disk mode, which is apparently different than JBOD at least the way this card does things.

I found this google doc that someone else made that explains all the cost involved in each raidz type as far as percentage of usable space afterwards.

If you want or need a crash course in raidz or zfs in general, this guide provides a lot of good documentation.

If you're just starting out with ZFS definitely look it over, especially the VDEVs section.

In case you're curious my new setup was 3 raidz vdevs of 5 1500GB disks in making one zpool which gave me 16T of space.

        vol         ONLINE       0     0     0
          raidz1-0  ONLINE       0     0     0
            da1     ONLINE       0     0     0
            da2     ONLINE       0     0     0
            da3     ONLINE       0     0     0
            da4     ONLINE       0     0     0
            da5     ONLINE       0     0     0
          raidz1-1  ONLINE       0     0     0
            da6     ONLINE       0     0     0
            da7     ONLINE       0     0     0
            da8     ONLINE       0     0     0
            da9     ONLINE       0     0     0
            da10    ONLINE       0     0     0
          raidz1-2  ONLINE       0     0     0
            da11    ONLINE       0     0     0
            da12    ONLINE       0     0     0
            da13    ONLINE       0     0     0
            da14    ONLINE       0     0     0
            da15    ONLINE       0     0     0

Also on the other side of this if you're using hardware raid it is probably always a good idea to use a third party utility such as Nagios, PRTG or whatever utility you may use to monitor it if possible. The good news for me is that the Nagios exchange shows several options for checking zfs and zpools so I'll be implementing that shortly. It seems that even PRTG can monitor ZFS via SNMP.