Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Sony Keeps Digging Itself Deeper

The furor over the rootkit technology used by Sony in their DRM software continues to grow. After Mark Russinovich unveiled the truth, Sony released a patch that supposedly allows for the DRM technology to be uninstalled. Of course, Mark reviewed the uninstallation, and he found it left a little bit to be desired (putting it mildly). Basically, it left you at risk of a blue screen of death. And Mark’s not the only one not satisfied—this article cites several other security experts as well who are not happy with this situation.

(Read more...)

Can Somebody Help Me With MapFS?

A pair of recent articles (this article at eWeek and this article at NewsForge) have me a bit perplexed. What’s the real value of MapFS? I know I have to be missing something here. Somebody send me an e-mail and explain it to me, or give me an example (other than the Live CD example mentioned in one of the articles above) of how this could be used effectively.

(Read more...)

It Was Bound to Happen

To a certain extent, I agree with the belief that operating systems and applications that don’t have a significant market share like Windows, IIS, and Exchange won’t get targeted as frequently and therefore will have a “better” security track record. I don’t agree that this is the only reason that Linux, Mac OS X, and others haven’t seen as many security vulnerabilities and the oh-so-fun network worms that invariably accompany them. But I will agree that as these alternatives gain in popularity, more hackers are going to target them.

(Read more...)

Current Tech Projects

Every now and then, I like to post out here a list of my current “tech projects.” These are the things that I’m working on for my own network, things that I may or may not start recommending to or supporting for customers.

(Read more...)

OpenBSD pcn0 Driver Issue Resolved

Well, sort of resolved. I was never able to make the pcn driver (from OpenBSD 3.8) actually work under VMware, but I did find information on how to disable the pcn driver and revert to the older le driver.

(Read more...)

Rootkit Technology in Sony DRM

A very in-depth article by Mark Russinovich unveiled that DRM technology shipping with recent Sony BMG CDs actually installs rootkit components onto your system. Now, I don’t know about you, but I don’t like the idea of a vendor unknowingly installing software on my computer(s) that contain rootkit components—especially when those rootkit components could be used by malicious software packages to hide themselves.

(Read more...)

Small OpenBSD 3.8 Speed Bump

My attempts to deploy the latest version of OpenBSD, version 3.8 (released yesterday), have run into what I hope is only a small speed bump.

(Read more...)

LSB Recognized by ISO

News surfaced today that the International Organization for Standardization (ISO) has approved the Linux Standards Base (LSB) as an international standard. The LSB 2.0.1 core specification has been accepted by the ISO and will be published as International Standard 23360.

(Read more...)

OpenBSD 3.8

It’s hard to believe that I’ve been posting articles here for this long, but it’s time for another release of OpenBSD. As I’ve mentioned here before, I do use OpenBSD for a few purposes on my network, and I’m confident that OpenBSD 3.8, due November 1, will find its way onto the network as well. (It’s fairly likely it will quickly replace OpenBSD 3.7.)

(Read more...)

Shelob (or Ungoliant)

This story about the University of Indianapolis and their home-grown system for quarantining PCs infected by spyware or viruses is really interesting. Named Shelob (and soon to be renamed Ungoliant to prevent a conflict with another open source project), this system really works. Today. How is it, then, that a group of IT staffers at a university can come up with a system for network access control, but multi-million dollar companies like Cisco and Microsoft can’t? I could say that this is a testament to the value of open source software, upon which the solution is built, but that seems fairly obvious.

(Read more...)