Tag Archives: open source

commerce geek linux

HOWTO defend databases from SQL attacks with GreenSQL

December 10, 2009 – 5:26 pm

green_logoUPDATE: as if to underscore the importance of this tool and approach, yesterday a story hit about a SQL Injection attack infecting over 132,000 systems in short order.  Net-Security have the full details on this attack, including how it probes the host via JavaScript to check for known vulnerabilities, how it exploits them, and how it ultimately downloads a back-door trojan to get the game going.  It’s really amazing to see how complicated and professional these things have gotten, and just adds to the reasoning that we have to step up to the plate and learn how to better defend against them.

I’ve been privy to some log dumps showing real, and successful, SQL attacks on some MSSQL servers before, and they weren’t pretty.  Of course a SQL injection attack has little to do with the database (well, as long as it’s still SQL based at least (nod to CouchDB and MongoDB)), and more with the code that calls it, and how that code deals with sanitizing inputs.   For this reason MySQL is just as vulnerable, after all, bad code is bad code.  While a client of mine opted for a firewall ‘module’ they had to buy an additional licence for, that set them back many thousands of dollars (annually!) I knew there had to be cheaper/better ways to address this kind of vulnerability.  One way of course is to fix the code, but with legacy sites that no one has touched for years, this may be impractcal (I didn’t say this, I only heard it as reasoning from management), and the other idea is to proxy the SQL and ‘clean’ it before it hits the database.  The advantage of this approach is that it protects against known attacks, as well as unknown attacks, since it limits so much of what an attack is allowed to accomplish when trying to get its’ foot in the door.  This approach is what the folks over at GreenSQL have done, and it’s very impressive.  They sum things up nice and sweet with, “GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.”

This is a preview of HOWTO defend databases from SQL attacks with GreenSQL. Read the full post (987 words, 2 images, estimated 3:57 mins reading time)
Tags , , , , , , , , , | Permalink | Comments (8)
geek howto linux

HOWTO build your own open source Dropbox clone

September 14, 2009 – 11:21 pm

I KAN HAZ OPEN-SRC DROPBX?

UPDATE #4 It’s 2012, and this project is still alive, although I haven’t worked on lipsync as much as I should.  I want to, and have new ideas to implement and try out in the next few months. The two way sharing is a bit hacky, and I don’t like it, the installer creates a cronjob:  that checks for server changes to sync back every minute – and it tries to avoid conflicts by not running if a sync the other way is happening. Yes, if you’re using 2 computers at once it could get confused, but so far, it’s pretty good – but something I want to improve. I’m also very interested in ownCloud  and using remote storage auth protocol like Unhosted proposes – these are two things I’d love to integrate into lipsync over the next few months. I really think having something that is all owned by the user, and in full control of the user, is still the ultimate way. Watch the lipsync.it site for more details, thanks.

UPDATE #3: Ok, a long, overdue update on this project. I’ve worked on the next version of this ideal that I encourage everyone to checkout and try for themselves. You can get it on Github, and the project’s name is lipsync. My goal is to make something that is trivial for anyone to setup and use, providing them a ‘Dropbox-like’ experience. As before I’ve focused on the backend, server side, part of the game to get that working, but would be happy to work with anyone that wanted to work on a GUI, or integrate this with existing projects, such as Sparkleshare, which seems to have a great GUI, but a backend that relies on things like Github for storage. So give it a look and remember, the more feedback the better; and as always don’t worry about offending me! Thanks.

UPDATE #2: There was a big influx of new hits/posts on this article last week thanks to Lifehacker Australia linking to it, plus they even came up with a pretty sweet logo. It’s very cool that so many are (still) interested in this project – and that’s what it has become; a project. I’ll be releasing code to setup a complete command-line Dropbox like implementation on Linux in about a week. Code will be hosted on github.com and I’m hoping it will spur others to work on cross platform front-ends to talk to it. So far the technology is there, I’m just using what others have built, it’s just a matter of hooking it all up! After all, why reinvent the wheel? (not that I could ;) ) Thanks again for all the comments and support!

UPDATE: Thanks to everyone who has contributed to this, and the Reddit thread, as it has provided some great ideas building off of my concept.  I’m starting to rethink about how we could have version control on top of things, and I’ll update things when I have more to share.  Also, does anyone have iFolder (thanks for the proper link salubrium) working?  It looks like you need SUSE Linux, which I don’t have access to, plus I know most Novell projects need a *ton* of Mono dependencies installed to have any of their stuff working, at least on the server side; but it sounds like they have Mac, Linux and Windows clients, which is encouraging.  While for my needs something a bit more ‘close to the bone’ (as below) might be better for the server side, having it be inter-operable with something like iFolder could provide a lot more functionality for others.

First off, if you haven’t tried Dropbox, you should check it out; sync all of your computers via the Dropbox servers, their basic free service gives you 2Gigs of space and works cross-platform (Windows, Mac, Linux).  I use it daily at home and work, and just having a live backup of my main data for my work workstation, my home netbook, and any other computer I need to login to is a huge win.  Plus, I have various ‘shared’ folders that distribute certain data to certain users that I’ve granted access to, this means work details can be updated and automatically distributed to the folks I want to review/use the data.  I recommend everyone try it out, and see how useful it is, it’s turned into a game changer for me.  So a few months ago they made headlines on supporting Linux as they released the client as open source. While this got hopes up for many, it was only the client that was open source, the server is still proprietary.  While slightly disappointing, this is fine, they’re a company trying to make money.  I don’t fault them for this, it’s just that a free, portable service like that would be a killer app.

This is a preview of HOWTO build your own open source Dropbox clone. Read the full post (2165 words, 1 image, estimated 8:40 mins reading time)
Tags , , , , , , , , | Permalink | Comments (321)
geek howto linux

HOWTO: serve jpeg2000 images with a scalable infrastructure

January 27, 2009 – 12:47 am

page1At the Biodiversity Heritage Library, we have replaced a proprietary jpeg2000 image server, that was straining under the load, with a new, open source jpeg2000 server, djatoka. Chris Freeland and Chris Moyers cover the background in far more detail on the BHL Blog, so here I’ll cover my rationale and decisions I made to provide a scalable, stable infrastructure to provide the images as efficiently as possible.

When I started sketching out how I wanted to run djatoka, I knew I wanted it to provide security, caching for performance and scalability and fault tolerance. Our server runs Tomcat, which I didn’t want to be public facing. Because of this I proxy Tomcat requests through Apache with the use of ajp_proxy, the successor to the old mod_jk. Initially I was using nginx in place of Apache, but after reading about all the functionality and performance improvements ajp_proxy offered, it was a no brainier; this is how to present Tomcat in a production environment.

This is a preview of HOWTO: serve jpeg2000 images with a scalable infrastructure. Read the full post (1360 words, 6 images, estimated 5:26 mins reading time)
Tags , , , , , , , , , , , , , , , , | Permalink | Comments (4)
geek

Distributing biodiversity data globally

October 9, 2008 – 12:00 pm

My current project at work will take me far into next year, and that’s good because I’m facing an unprecedented amount of data, that will only continue to grow.  Because of this I’m finally getting to put my money where my mouth is.  For years I’ve talked about my ideas and theories about how I could network disparate systems together and have them leverage each other to keep everything in sync.  So, while working with Open Source to push boundaries I seem to find more ways to do more complex things.  One basic idea that I’m working on now is that data sets are huge, and are only going to get huger (and hugerer) as time goes on, how to handle this has been solved a few different ways.  Usually it’s someone like the Internet Archive who have 1000s of computers networked together to share the data (they are using some parts of hadoop for the distributed file system, and then nutch for search indexing) – but it’s still working from one central point of failure.  I started doing research to find out how this has been solved before, and if my idea of building a BitTorrent network was sound – and I found some great information to build on.  As I’m setting up my demo BitTorrent tracker in Debian, this info keeps me thinking of the best ways to implement my ideas.  Much of my progress is due to the very helpful advice of Paul at Geograph Torrent Archive, a project that has somewhat similar goals.

This is a preview of Distributing biodiversity data globally. Read the full post (1119 words, 1 image, estimated 4:29 mins reading time)
Tags , , , , , , , , , | Permalink | Comment (0)
featured geek howto

How to become a hacker

October 1, 2008 – 5:26 am
Glider - ESR's hacker emblem

The Glider: A Universal Hacker Emblem

There has long been a movement in the geek community to expunge the negative thoughts attached to the word hacker, the image to the right The Glider, being one of the latest and most visible. In the beginning there were hackers (people who worked on computers, programmed and made things work) and crackers (people who would use computers for nefarious purposes, crimes, viruses, etc), these were two distinct camps, with some miscreants jumping the fence back and forth to confuse the issue. Regardless, somewhere along the way popular culture (movies, news, your teachers probably) began to equate hacking as being the bad, crime ridden activity that cracker was supposed to cover. I think it’s a moot point now, as even my Dad was shocked when he learned my annual DefCon trip is billed as “largest hacking conference in the world”.  I gave him the above explanation, but I’m unsure if he really believes it. Regardless, the original “How to become a hacker” paper written by Eric S Raymond is always cited as the quintessential word on the use of the word hacker. I found it mirrored online, and it’s a worthwhile read if you have any interest in the topic, or want to cement your own views of your hobby.  For now, if you don’t want to read the entire verbiage, here’s the intro to learn and take with you.

This is a preview of How to become a hacker. Read the full post (549 words, 1 image, estimated 2:12 mins reading time)
Tags , , , , , , | Permalink | Comment (1)
Page 1 of 212

Next Page »