Sun Country's Weblog archive
Category : Open Source

InfoQ: And It All Went Horribly Wrong: Debugging Production Systems

by alan
Published on: March 30, 2012
Comments: No Comments
Categories: Open Source

~ 1 hour – MP3s and the Slide Deck are available at the link above.


The Magic of Editable PDFs

by alan
Published on: March 27, 2012
Comments: No Comments
Categories: Computerworld / IT World / IDG, Open Source

The desktop and server: oil and water.

by alan
Published on: March 24, 2012
Comments: No Comments
Categories: Open Source

Nagios and check_mk

by alan
Published on: March 3, 2012
Comments: No Comments
Categories: Open Source

From a presentation I went to on using check_mk and OMD with Nagios from the Unix Users Association of Southern California.

From the follow-up e-mail:

Thanks to Kelvin Vanderlip to put on a great OMD/check_mk/Nagios presentation last night.

The presentation started with a good description of Nagios, the supporting tools, and then how the Open Monitoring Distrbution and
check_mk specfically makes it easy to get installed and configured.

I am sure at least 5 people of the 20 or so in the audience are already apt-get’ing omd.

He should be posting his link to his slides real soon.

The slides are at:

Life on the OutSide: Complete Webserver on a USB stick running on Windows (sorry)

by alan
Published on: February 26, 2012
Comments: No Comments
Categories: Open Source

Introduction to Git

by alan
Published on: January 28, 2012
Comments: No Comments
Categories: Open Source

InvisibleCRM Announces Release of IDE for Oracle’s CRM Desktop

by alan
Published on: January 25, 2012
Comments: No Comments
Categories: Open Source, The Wall Street Journal


PostgreSQL flies into the cloud

Go hack yourself

by alan
Published on: January 22, 2012
Comments: No Comments
Categories: No Starch Press, Open Source, Tutorial

One of the things that IT never seems to take seriously is securing systems.  Whether the system can be reached over the Internet or is on an internal only network it never seems to be something that is taken seriously.  It always feels like an after thought.

One of the things you can do is to use some of the same tools that a cracker might use to gain access to your system.  Then you’ll see what they would see.  And if you see nothing and they’re using the same tools then they’ll see nothing and move on.

Just as in real life the objective is to make it hard enough so that they lose interest and move on to someone else.

When I used to do penetration testing we basically just setup and ran Nessus scans over the Internet.  Then we’d produce a report and collect the cash for running an open source tool against their servers.  Nessus ran nicely over an internal network but could take days when running over the Internet to a remote site.   Didn’t matter.  It did it’s job and found ways to penetrate a remote server and let me do things that I shouldn’t have been able to.  Although I never did anything malicious I always did have a signed contract in front of me allowing me to do so.  Doing this kind of thing without the owners permission can get you into some serious legal hot water.

The techs on the other end usually knew it was coming and most were good-natured about it.  A few got mad.  Oh well.  Such is life.

The big kid on the block is now Metasploit.  And if you’re an old time Nessus user such as myself then you’ll be glad to learn that Metasploit can interface with nmap, Nessus, and a few other tools.  It can also store things in a database if you need it to.

Metasploit is written in the Ruby programming language.

The good news if you’re running Solaris 11 is getting Metasploit installed and running is a very painless process.

pkg install runtime/ruby-18

as root or equivalent will get you the environment that you need to run Metasploit.

Then you just need to download the framework from:

and you’re set to go.

As with most software packages getting it installed is the easy part.  Getting it to do something useful is the hard part.  The documentation that comes with Metasploit leaves a lot to be desired.

Rather than trying to recreate the wheel I’ll point you at some excellent documentation for how to use the framework.

Is an awesome book for learning the nuts and bolts of how to use the tool in front of you.

Syngress has their own book on this subject as well.

The one from No Starch tries to “future proof” you to changes in the user interface.

The types of exploits that it can scan for my change on a monthly, weekly, or even a daily basis.  However, how you use the tool should be pretty static.  And that’s what the book tries to teach you.

It also introduces you to the how.  How does a browser attack work?  How does a jiggered e-mail attachment work?  Even if you have no desire to try to crack a system you may gain insight into how it is done.

So the next step, if there is one, is up to you.  Get a copy of the book and start reading.  And then you’ll understand things that you did not understand before.

Nexenta Raises $21 Million in Series C Funding

by alan
Published on: January 18, 2012
Comments: No Comments
Categories: Open Source

Google fixes Checkout bug that leaked customer data

by alan
Published on: January 17, 2012
Comments: No Comments
Categories: cnet, Open Source, Oracle


Consumerization of IT is more than using an iPad at work


Symantec says source code stolen in 2006 hack


OpenJDK Wikis have moved


Live Webcast: Simplified, Anywhere, Applications Access with Oracle Secure Global Desktop

Flattr Me
Welcome , today is Tuesday, April 22, 2014