krypted.com

Tiny Deathstars of Foulness

August 9th, 2016

Posted In: Articles and Books

Tags: ,

Mountain Lion Server comes with a few new alerting options previously unavailable in versions of OS X. The alerts are sent to administrators via servermgrd and configured in the Server app. To configure alerts in Mountain Lion Server, open the Server app and then click on Alerts in the Server app sidebar. Next, click on the Delivery tab. At the Delivery screen, click on the Edit button for Email Addresses and enter every email address that should receive alerts sent from the server. Then click on the Edit button for Push Notifications. Here, check the box for each administrator of the server. The email address on file for the user then receives push notifications of events from the server. Click on OK when you’ve configured all of the appropriate administrators for alerting. Then, check the boxes for Email and Push for each of the alerts you want to receive (you don’t have to check both for each entry). Options include:
  • Certificate expiration: One of the certificates installed on the system (including Push) will expire soon and needs to be updated.
  • Disk unreachable: A disk that was mounted on the server is no longer available (you will get these when you rotate offsite backup hard drives if using spinning or solid state disks)
  • S.M.A.R.T. status: A disk has an error with its S.M.A.R.T. What this really means usually is that it would be very smart to replace the disk that’s likely to fail soon
  • Disk space: The server is running out of hard drive space
  • Mail storage quota: A violation to the mail quota is exceeded
  • Virus detected: A virus was detected on the server
  • Network configuration change: The port state of the server changed, an IP address changed, etc.
  • Software updates: There are software updates available to be installed on the server computer
Some of these settings can be configured a little more granularly. For example, by default the disk space alert is sent when there is only 5% of the free space available on the server. To increase this to 10, edit the serveradmin settings to swap info:notifications:diskFull:freeSpaceThreshold with 10 rather than 5: sudo serveradmin settings info:notifications:diskFull:freeSpaceThreshold = 10 To see a list of all notifications options run: sudo serveradmin settings info:notifications Which provides the following: info:notifications:certificateExpiration:active = no info:notifications:certificateExpiration:who = _empty_array info:notifications:suAvailable:active = no info:notifications:suAvailable:who = _empty_array info:notifications:diskFull:active = no info:notifications:diskFull:who = _empty_array info:notifications:diskFull:freeSpaceThreshold = 5 Finally, as with previous versions of OS X Server, Mountain Lion Server has snmp built in. The configuration file for which is located in the /private/etc/snmp/snmpd.conf and the built-in LaunchDaemon is org.net-snmp.snmpd, where the actual binary being called is /usr/sbin/snmpd (and by default it’s called with a -f option). Once started, the default community name should be COMMUNITY (easily changed in the conf file) and to test, use the following command from a client (the client is 192.168.210.99 in the following example): snmpwalk -On -v 1 -c COMMUNITY 192.168.210.99

August 4th, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , , , ,

I’ve been involved with Brainbench for some time. There is now a new iOS development test available at http://www.brainbench.com/xml/bb/common/testcenter/taketest.xml?testId=2973. Also, we’re currently working on a Mountain Lion test and could use some reviewers if anyone is interested.  Let me know if you’d like to be involved with that.

July 30th, 2012

Posted In: certifications, iPhone

Tags: , , , , ,

“We’re too young and still under NDA, so please don’t talk about us publicly just yet!”

February 24th, 2012

Posted In: Mac OS X, Mac OS X Server, personal

Tags: , , , , , ,

Google’s Android is a very small Linux distribution. Recently I needed to test some applications that were developed by a couple of friends of mine. Rather than run out to T-Mobile I figured I’d just install the new LiveAndroid disk and thought I would write up how to get setup using VMware Fusion and then go about doing some tasks with Android. To get started make sure you’re running the latest Fusion (or Parallels or Q or VirtualBox). Then download two ISO files from http://code.google.com/p/live-android/ liveandroidv0.2.iso.001 and liveandroidv0.2.iso.002. Once you have downloaded the two ISO files we’re going to need to join them.  To do so
cat liveandroidv0.2.iso.001 liveandroidv0.2.iso.002 > liveandroidv0.2.iso
That will take a few seconds to complete.  When it’s done, open up VMware and then click on the New button in the lower left corner of the Virtual Machine Library screen.  At the New Virtual Machine Assistant, first click on Continue Without Disk and then choose the Use Operating System Installation Disk Image File: option, selecting the ISO file from the browse screen.  Once selected, click Choose in the Browse dialog box and then back at the New Virtual Machine Assistant Screen click on Continue. At the Choose Operating System screen, leave the Operating System and Version fields set to Other and then click on Continue.  The Default memory and disk capacity should be fine (256MB of memory and 8GB of disk).  The default Shared networking (NAT) option will also have the Android instance able to boot with the network interfaces functional (unlike in my VirtualBox testing), so leave that as-is as well.  Click Finish and then the Android virtual machine will start. Once started you’re going to get an error about the battery.  This is not a big deal, click on OK to suppress it.  If you can’t find your cursor then look for the faint grey arrow.  You can then click on the default home screen applications (Messaging, Dialer, Contacts or Browser) or on the slider to the right of the screen for the rest of the applications (such as the Gallery or the Camera).  If you use the space bar you’ll open the dialer (not that you can dial out or anything) and if you use the the Escape key you’ll back out of an application, back to the home screen. To get to the command line you can use the fn-alt-F1 (the F1, when pressing the fn key is immediately to the right of the Escape key whereas the alt is the same as the option on Mac in that scenario).  The fn-alt-F7 combination will switch back from the command line to the home screen. When you’re at the command line you’ll have a number of options. Because LiveAndroid .2 supports DHCP there’s usually no need for configuration of the network stack, although I did have to configure it manually in VirtualBox.  To do so I started with ifconfig, which works similarly in Mac OS X.
ifconfig eth0 192.168.210.30 netmask 255.255.255.0
Then I setup a gateway with the route command:
route add default gw 192.168.210.1 dev eth0
You can also use setprop to define your DNS servers.  For example, to set 4.2.2.2 as a DNS server you would use the following:
setprop net.eth0.dns1 4.2.2.2
I also use a proxy so I had to configure that in order to be browsing the old interweb.  After a bit of noodling around I realized that Android stores a number of settings in a sqlite database stored in /dat/data/com.android.providers.settings/databases/settings.db.  If you remember, I did an article on using sqlite3 with Address Book on Mac OS X awhile back – this is all very similar to that, as sqlite doesn’t really change much (if any) from platform to platform.  To open the database in sqlite3, use the following command:
sqlite3 /dat/data/com.android.providers.settings/databases/settings.db
Then type .tables and you should see one called system.  We’re going to insert the proxy data into it, in this case inserting proxy.krypted.com:8080 using the command:
insert into system values(99,’http_proxy’,’proxy.krypted.com:8080′);
At this point I’m off to the races with the web browser.  Next I have a couple of applications friends have developed that I’d like to install.  From the command line this is pretty easy.  They put them up on their websites and then I go to /system/app using the following command:
cd /system/app
Next, I use wget to pull down the app (which is in the form of an apk file), assuming that the name of the server is my.server.org and the name of the app is myapp.apk:
wget http://my.server.org/myapp.apk
Once I’ve downloaded the app I’m going to go ahead and create a shortcut key just for that application by adding a line to /etc/bookmarks.xml that reads as follows (which would use the z key to open the app):
<bookmark package=”com.myapp” class=com.myapp.class” shortcut=”z” />
Next, I’m going to flip through all of the tables looking for any other settings back in the settings.db that I’d like to change.  To look at the options for each table use ‘select * from’ followed by the table name.  So if I wanted to look at the SYSTEM table I could use the following command from within the sqlite3 interactive mode for settings.db:
select * from SYSTEM
You can then find a value and edit it as we did earlier but with update instead of insert. Many of the common commands and tasks that you might be used to are exposed in android.  For example, you can edit the /etc/hosts file to force address resolution.  Also, while I’m testing my friends applications I’m also monitoring statistics within my Android instance.  This is fairly straight forward in some cases as I can simply cat many of the files located in the /proc directory, such as cpuinfo and loadavg. Looking at these files through VMware while launching an application exposes some of the underlying security framework.  Much like the iPhone, processing for a given application is halted when another application is launched.  In Android though, each application is written in Java and each runs both as its own Java virtual machine and with its own UID.  This isn’t to say that Android applications are sandboxed from one another as in the iPhone when the Activity (screen) is not in the foreground.  Instead, there is a framework for background processing with a service.  Many of the built in aspects of Android can run as services, although none of the third party applications I was looking at leveraged this component of the Binder (borrowed from BeOS).  Any information shared between different applications works via a Content Provider service.  If you look at the path for the sqlite3 database, it’s using providers in the path.  This isn’t meant to reference cell phone providers but instead the internal’s content providers. Each application can be considered a risk to install.  Therefore, each application has a corresponding AndroidManifest.xml file which provides the rules that the application has to follow along, permissions and a listing of all of the components of the application (binaries, libraries, scripts, etc).  Each application can therefore have a component of itself exposed to other applications (typically used for example if you have a chain of applications with permissions between them), with an additional permission of having an application that publicly makes its data available to others.  I could see uses for something like this with photo sharing applications but overall it leaves exposure for the manifest to open communications between applications if compromised.  I have not been able to thoroughly test whether input validation is available  here, but it’s theoretically possible for an application to either obtain elevated privileges from another or to influence the data in another.  Granularity of these permissions is possible but must be configured by the developer.  I was able to use one of the applications I was testing to access the contacts on the machine, a bit of a concern, but common.  Overall, it’s hard to conceive installing any application without a prior thorough review of the manifest if I were working on a production device. Android is just a trimmed down Linux.  I would expect a Chrome OS to be very similar.  I don’t even expect it to have much more or much less (although I would assume it will run gears and all of the dependencies of gears).  If you replace the Dialer application in Android with Google Voice and add support for an LDAP client then you would have much of what I might expect out of a NetBook OS.  If Android is to be tailored to be a NetBook OS I’d like to see Full Disk Encryption for Android as well, even if most data is stored in the cloud.  But then, I’d like to see that for all devices…  If Android does offer a snapshot into what Google Chrome will look like then it seems like applications written in Java, whether for Blackberry, Palm Pre or Android would likely fairly easily be ported into the platform and therefore be a sandbox worth pursuing assuming that is the case; because while people seem to love the idea of the cloud at the end of the day they seem to also be hooked on their fat clients.

July 28th, 2009

Posted In: Ubuntu, Unix

Tags: , , , , , , , ,

I finally got around to taking that Final Cut Server exam this week.  It was pretty straight forward.  I think there is definitely a methodology to writing exams.  I wrote a few for Brainbench and because their structure was extremely laid out really got to learn a lot about the methodology to writing questions. I liked the fact that Apple is adding more and more questions where you click on the appropriate item on a screenshot, I look forward to scenario simulations. Microsoft exams mostly require you to get at least one simulator correct in order to pass the exam, some vendors have gone to simulation-only, but the closest Apple has gotten is click on the appropriate location on the screen… As is true with all vendor certifications there were a couple of questions that were more marketing than anything else. This is to be expected and honestly healthy in verifying that you know how to talk about and position a product. But I do think there should be less room for error in each question. There were at least 4 questions where multiple answers were potentially correct and while it didn’t say choose the closest answer you were left doing so. Anyway, I passed with plenty of breathing room, so woo-hoo!!! I think that brings 318 close to 10 people certified with Final Cut Server now, which I feel is a pretty darn healthy number. If you need to take that exam then you should strongly consider Matt Geller’s book on Final Cut Server. It’s going to be some good preparation material!

February 12th, 2009

Posted In: certifications, Final Cut Server

Tags: , ,

When getting ready for your certifications, it helps to know how prepared you are. Basically, there are two fairly basic ways to evaluate readiness. The first (and one of the most practical) is to do lots of exam simulation questions when possible to get comfortable with the testing format. Now, don’t go too far with this and cheat. Remember that for nearly every exam offered by nearly every vendor out there, buying a brain dump is considered cheating. Many of the organizations offering exams will plant incorrect answers into material to attempt to find people who study to the brain dumps. If you get caught doing so you will likely be stripped of your existing certs and potentially banned from life from pursuing further certs with the organization. But brain dumps only really help you to evaluate the practical level of mastery you have over material. You can also evaluate your cognitive level of the material. There is a quantifiable metric for this based on a framework called Levels of Cognition from “Bloom’s Taxonomy”. According to the framework, here are the Levels of Cognition:
  1. Knowledge Level – Includes the ability to recognize terms, sequences, definitions, facts, patterns, ideas, materials, principles, methods, etc
  2. Comprehension Level – Requires understanding directions, regulations, reports, tables, diagrams, descriptions, communications etc.
  3. Application Level – Knowing when, why and how to use the methods, theories, formulas, principles,  ideas, procedures, etc.
  4. Analysis Level – Includes the ability to break information into parts and recognize the relationship of each part to another.
  5. Evaluation Level – Indicates you are ready to make judgements based on ideas and prepare solutions.
  6. Synthesis Level – Means you are able to use the parts of the whole to realize what is not obvious and identify parts of a complex set for further examination.  I like to think of this as similar to when you are suddenly find yourself “thinking” in another language.
In IT certification and learning I fear that the whole “paper MCSE” phenomenon has spread throughout the industry.  Certain testing organizations go through great pains to provide a continued legitimate authority for their track, including Novel, Red Hat, SANS and Cisco while others continue to rely on pools of questions and rotating answers, which given the bevy of information available at web sites about certifications simply does not lend itself to learning at more of a synthesis level.  Instead most certified people that come through my desk are instead coming from a knowledge level or maybe just a little bit better. As the certification industry matures, it is worth noting that one of the items that is holding back a lot of organizations from adopting stiffer certification standards and practices is cost.  The organizations that give exams require higher and higher fees the more that the testing organization does.  If you want to build a large pool of questions so you can help make it harder to cheat for example, it is done at a high cost to the testing institution who at best is likely just breaking even or only spending a few dollars per test taker to run the program…

January 8th, 2009

Posted In: certifications

Tags: , , ,