JDPFu.com 2025

At CloudSlam’14, it has been presented that 1 of 3 companies experience data loss from their cloud providers. That’s 1/3rd of them!

• 64% is due to user error – we are our own worst enemy!
• 20% is due to malicious intent. Hackers, sometimes insiders are just being mean.
• 7% is due to application sync errors. These are integration providers that hook into other SaaS apps.

If you have an Acer C720 – GREAT! These are amazing systems. But some of the hardware support out-of-the-box from Linux isn’t perfect. What if running 1 little script can fix that?

Verified to work with Ubuntu 14.04 x64 on a C720.

I’ve been traveling overseas more and have discussed security issues with others in the IT security industry. Here is what I’ve decided.

With the recent HeartBleed issue in the openSSL libraries that impacted 80% of websites and the GnuTLS issue from last month, what should we do when security is needed most?

BTW, the NSA admitted to using the HeartBleed bug for years. My 20 yrs of professional experience with software tells me that there are probably 50 other issues like this in the openssl and gnutls software libraries. They are the best options for HTTPS traffic, but really shouldn’t be trusted when real security is needed.

What do I do?

Scripting 101

• always fully specify paths to all programs and files (input/output) inside any script. NEVER trust the PATH.
• always set any environment variables necessary to the script. Don’t trust the userid environment to be available during cron. JAVA_HOME is an example, but there are thousands of others – most scripts need fewer than 5 environment variables.
• use the -x to see what a script does. bash -x
• use built-in “verbosity” settings for any specific command; often -v or -vvvv for more output.
• Unix uses file permissions to control if a script is "executable or not. Extensions mean ZERO. Is your script permissions set to allow the userid trying to run it to see “execute” permissions?
• check the log files – client-side AND server-side.
• break down the problem inside the script to the simplest command.
• do NOT use GUI programs inside any scripts that need to run automatically. Look for the CLI version of the tool and use that instead.
• For scripting used by the public – websites – always review the code against the OWASP checklist for that language. They have a nice Top 10 list too. Guides for C, C++, Perl, Bash, Php, Python, Ruby …. try to learn from
• For bash scripting, the ABSG covers almost everything possible. For other languages, there are many, many books, websites, webpages to help.

Update: Jump to the “Better Article” header below. My stuff here isn’t as helpful as his.

Picked up an Acer C720 (2G RAM version-bummer) yesterday. I had ZERO intention of running ChromeOS … ever. The machine has a fairly powerful CPU – an Intel Celeron 2955U. That CPU is like an Intel E6600 Core2Duo desktop – inside a NETBOOK with 8+ hrs of battery! With the SSD – it should be FAST, very FAST!

That Phoronix article says this C720 is faster than an old MacBook Pro with a Core i5 520m CPU! I have a Dell laptop with that same CPU and I don’t think this netbook is faster. Then again, the full laptop has 6G of RAM, 500G HDD, GigE wired networking, and discrete ATI Radeon GPU w/ 1080p local and both HDMI and VGA out (driving 2×24″ 1200p monitors) – 6lbs. Different machine for a different purpose.

So I needed to learn a few things to get Ubuntu on the machine. Below are my notes.

I will point out that I never connected any gmail account to use the C720 and barely used ChromeOS in guest mode.

The network here has been ready for Jumbo frames on our GigE connections for years – many years. Network performance was always fine, so I never bothered to configure jumbo sized ethernet frames.

Until last week.

11/2018 Update

For Ubuntu 18.04, the commands have changed for network setup thanks to netplan, but the major ideas are still the same.
Hammond is active on the Ubuntu Forums. He has many server setup guides

6/2016 Update

Nothing major, just minor tweaks and a few details added.

4/2015 Update

Seems that lots of people are interested in extremely basic security of Linux systems and would like to see what others do initially on their fresh servers or VMs. So, I did a little googling (DRY, right?) to see what a few others are doing and to compare that with my setup steps. We all come from different places, backgrounds, and have different things we want out of our servers.

This is about basic, first-pass security, not securing Apache, MySQL, Tomcat, email, or any webapp. The box has an ssh-server, known login, DHCP IP and is ready for other stuff. That is our starting point.

Let’s get started.

If you want to boot from an ISO on the HDD, grub2 supports that. There is probably something related to the installed OS supporting it too – Ubuntu 12.04 does.

/etc/grub.d/40_custom contains:

#!/bin/sh

exec tail -n +3 $0

\# This file provides an easy way to add custom menu entries.  Simply type the

\# menu entries you want to add after this comment.  Be careful not to change

\# the ‘exec tail’ line above.

menuentry “Fedora 20 LXDE (i686 bit)” {

    set isoname=“Fedora-Live-LXDE-i686-20-1”

    set isofile=“/ISO/${isoname}.iso”

    loopback loop (hd0,5)$isofile

    linux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=${isoname} rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}

    initrd (loop)/isolinux/initrd0.img

}

A few notes:

• The loopback line (hd0,5) correlates to /dev/sda5. It cannot be encrypted.
• The /ISO part of the location is just a directory off / on the partition.
• Different distro ISO files have different internal layouts which determines the linux and initrd locations.
• After saving the update for your specific needs, run sudo update-grub

For internal layouts of other distro ISO files, this AskUbuntu article has examples. Could be very handy.

Started watching Dale and Tucker vs Evil this morning IMDB link. I’m less than 30 minutes in and needed a break from laughing so hard.
I haven’t laughed that hard in at least 10 yrs, maybe 15 yrs.

It is a comedy/horror movie, so there is lots of blood, over-the-top blood and many quotable lines.

If you’ve ever lived in the country, see this movie, provided you are an adult. ;) Definitely not for the kids.

Best line in the movie:

He looks like he’s gonna walk it off, he’s gonna be fine.

Others suggest NOT watching the trailer first. I didn’t. Great movie. I don’t want to ruin it for you with any more details.

Plus it has Alan Tudyk in it!

I should have mentioned this – it is free with Amazon Prime now.

Got a Google Chromecast for Xmas. Played with it for about 2 hrs, then unplugged it. Seems the things I wanted to use it for … youtube streaming … isn’t supported.

Update Feb 2014: In the last few days, the Chromecast has become useful to some level here. It is still mainly useful to people with Netflix and HuluPlus Paid subscriptions, but there is hope.

Let me explain.