Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
sysadmin

sysadmin

A room to share about system administration
imabonehead
Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA | Enterprise | WIRED - http://www.wired.com/2014...
Out in the Open: Inside the Operating System Edward Snowden Used to Evade the NSA | Enterprise | WIRED
"When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. But this month, we learned that Snowden used another technology to keep his communications out of the NSA’s prying eyes. It’s called Tails. And naturally, nobody knows exactly who created it." - imabonehead from Bookmarklet
imabonehead
"SigmaVPN is simple, light-weight and modular VPN software for UNIX systems, deploying the NaCl encryption library. It's easy to configure, has low overheads and is reliable. No longer is it necessary to waste precious time configuring overcomplicated tunnels." - imabonehead from Bookmarklet
imabonehead
"You may remember MEGACORE, the monster of a server we built for the FreeBSD Foundation. Recently one of our clients had specific networking requirements for a 2U/4 node solution, so we came up with a custom build that fit all of their needs. Meet "MEGAPORT". To get an idea of how impressive this system is, we have to look at it piece by piece. First, we outfitted a 2U with four compute nodes." - imabonehead from Bookmarklet
"Each of the four compute nodes is providing Dual 10-core Intel CPU's, resulting in a total of 80 physical cores packed in 2U of rack space." - imabonehead
"There’s 256GB of RAM in each of the 4 nodes, providing a total of 1TB of memory. With 6 x 10Gbe (4 x Intel SFP+ 10GbE ports and 2 x Intel X540 RJ45 10GbE ports) in each of the 4 nodes, that’s 24 x 10GbE ports in 2U of rack space." - imabonehead
imabonehead
Supermicro Releases 112 Node 6U Server | STH – Server and Workstation Reviews - http://www.servethehome.com/supermi...
Supermicro Releases 112 Node 6U Server | STH – Server and Workstation Reviews
"At CeBIT this week, Supermicro released a 112 node, 6U server that certainly ups density a considerable amount. The 112 node blade server is based on the Intel Atom C2000 family with up to 8 cores per node. This is a fairly significant achievement since that means about 18.6 nodes per U. (112/ 6) including networking." - imabonehead from Bookmarklet
"One can see that the front of the chassis has what appears to be two rows of 14 sleds. That would mean each sled has 4 nodes. The rear of the chassis appears to have 8x 1600w redundant power supplies, two chassis management modules and four switching modules." - imabonehead
That needs a significant amount of power still. I would not be able to fill a rack with those due to power. - Eric - Watch Me Now from iPhone
imabonehead
Microsoft reveals its server designs and releases open source code | Ars Technica - http://arstechnica.com/informa...
Microsoft reveals its server designs and releases open source code | Ars Technica
Microsoft reveals its server designs and releases open source code | Ars Technica
"Redmond joins Facebook's Open Compute, intends to make servers more efficient." - imabonehead from Bookmarklet
imabonehead
""kGraft is intended to be merged into the upstream Linux kernel and to become a living open-source project," Pavlik said. "It builds on and improves existing Linux infrastructure to fit seamlessly into the Linux kernel." Pavlik noted that a key difference between Ksplice and kGraft is the upstream kernel approach. Pavlik noted that Ksplice tried – and failed – to get upstream acceptance in 2008, primarily because of the complexity of the changes required." - imabonehead from Bookmarklet
imabonehead
Introducing kpatch: Dynamic Kernel Patching | Red Hat Enterprise Linux Blog - http://rhelblog.redhat.com/2014...
"In upstream development news, the kernel team here at Red Hat has been working on a dynamic kernel patching project called kpatch for several months. At long last, the project has reached a point where we feel it’s ready for a wider audience and are very excited to announce that we’ve released the kpatch code under GPLv2. kpatch allows you to patch a Linux kernel without rebooting or restarting any processes. This enables sysadmins to apply critical security patches to the kernel immediately, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows. It gives more control over uptime without sacrificing security or stability." - imabonehead from Bookmarklet
ↂGiorgiँ Zarrelliↂ
Si vede che sono un sistemista e non un programmatore: la parte più bella dello script che ho creato è quella che si occupa di generare i log dell'applicazione: sono chiari, precisi, formattati per benino e pure con un time stamp leggibile, tié. Ah, si poi il programma funziona, ma è un di più :-D
imabonehead
Video demo of live Linux Kernel Patching using kGraft - YouTube - http://www.youtube.com/watch...
Video demo of live Linux Kernel Patching using kGraft - YouTube
Play
Better than ksplice? - Julian
imabonehead
Supermicro A1SAM-2750F Review finally a mATX dual PCIe slot platformSTH – Server and Workstation Reviews - http://www.servethehome.com/Server-...
Supermicro A1SAM-2750F Review finally a mATX dual PCIe slot platformSTH – Server and Workstation Reviews
Show all
"The Supermciro A1SAM-2750F is a larger micro ATX form factor measuring 9.6 in x 9.6 in. The Marvell Ethernet transceiver sits just behind the quad Gigabit Ethernet ports. This is a standard feature on Supermicro’s Intel Atom C2000 line at this point and has worked well in the five or so months we have been testing these motherboards. The third large IC on the motherboard is the ASpeed AST2400 BMC which provides features such as out of band management and video out." - imabonehead from Bookmarklet
imabonehead
▶ AT&T Archives: The UNIX Operating System - YouTube - http://www.youtube.com/watch...
▶ AT&T Archives: The UNIX Operating System - YouTube
Play
"This film "The UNIX System: Making Computers More Productive", is one of two that Bell Labs made in 1982 about UNIX's significance, impact and usability. Even 10 years after its first installation, it's still an introduction to the system. The other film, "The UNIX System: Making Computers Easier to Use", is roughly the same, only a little shorter. The former film was geared towards software developers and computer science students, the latter towards programmers specifically. The film contains interviews with primary developers Ritchie, Thompson, Brian Kernighan, and many others." - imabonehead from Bookmarklet
imabonehead
Change Mellanox ConnectX-3 VPI Cards between Infiniband and EthernetServeTheHome – Server and Workstation Reviews - http://www.servethehome.com/change-...
Change Mellanox ConnectX-3 VPI Cards between Infiniband and EthernetServeTheHome – Server and Workstation Reviews
Show all
"One popular model we are using is the Mellanox MCX354A-FCBT which is a dual port ConnectX-3 VPI model. Each of the two QSFP+ ports can easily be configured either to run in Inifiniband or Ethernet mode. In Infiniband mode the cards run well at 56gbps (FDR) or 40gbps (QDR) speeds. In Ethernet mode the cards can run in either 40 gigabit or 10 gigabit speeds. The net result is that these cards are excellent RDMA capable cards which is an important feature for fast networking." - imabonehead from Bookmarklet
imabonehead
Creating a low power Hyper-V based ZFS napp-it pfsense / vyatta AIOServeTheHome – Server and Workstation Reviews - http://www.servethehome.com/low-pow...
Creating a low power Hyper-V based ZFS napp-it pfsense / vyatta AIOServeTheHome – Server and Workstation Reviews
Creating a low power Hyper-V based ZFS napp-it pfsense / vyatta AIOServeTheHome – Server and Workstation Reviews
"Recently I decided to embark upon a project of creating a Hyper-V based ZFS backup target with napp-it web GUI plus either a pfsense or vyatta virtual machine running router and firewall services. The other aspect to this is that I wanted to use a minimal amount of power since this would be an always on appliance. On the Hyper-V side the decision was driven by a few factors bit it did complicate the setup significantly over the standard VMware ESXi 5.5, OpenSolaris derivative and pfsense or vyatta all-in-one formula that I had tried and is well documented. Likely not a fully production ready setup as of now, but instructive as to what one may accomplish at least for lab environments." - imabonehead from Bookmarklet
imabonehead
HonSSH - A high interaction honeypot solution for Linux based systems - BruteForce Lab's Blog - http://bruteforce.gr/honssh-...
HonSSH - A high interaction honeypot solution for Linux based systems - BruteForce Lab's Blog
"Honeypots have been hard to deploy. Many techniques required you to install software on the honeypots themselves that send information about what is happening on the system back to a collector/sensor. This strategy has worked most of the times, but the reporting software have in some cases rendered the honeypots unusable and the attackers have sometimes been able to detect it." - imabonehead from Bookmarklet
"Late summer of 2013, I came across a Python project that – while far from being a “silver bullet” – had great potential and worked amazingly well. It was easy to deploy and configure and solved a lot of issues with the de facto way we deploy honeypots. The project is called HonSSH. As described on its project page (https://code.google.com/p...)..." - imabonehead
imabonehead
NYC Tech Talk Series: How Google Backs Up the Internet - YouTube - http://www.youtube.com/watch...
NYC Tech Talk Series: How Google Backs Up the Internet - YouTube
Play
"Systems like GMail and Picasa keep massive amounts of data in the cloud, all of which has to be constantly backed up to prepare for the inevitable. Typical backup and recovery techniques don't scale, so Google has devised new methods for securing unprecedented volumes of data against every type of failure. There are many unique challenges, both obvious and subtle, in delivering storage systems at this scale; we'll discuss these and their solutions as well as some alternatives that didn't make the grade." - imabonehead from Bookmarklet
Kevin Johnson
jq - command-line tool for slicing and dicing json files on the command line - http://stedolan.github.io/jq/
jq - command-line tool for slicing and dicing json files on the command line
imabonehead
29 Practical Examples of NMAP Commands for Linux System/Network Administrators - http://www.tecmint.com/nmap-co...
29 Practical Examples of NMAP Commands for Linux System/Network Administrators
"The Nmap aka Network Mapper is an open source and a very versatile tool for Linux system/network administrators. Nmap is used for exploring networks, perform security scans, network audit and finding open ports on remote machine. It scans for Live hosts, Operating systems, packet filters and open ports running on remote hosts." - imabonehead from Bookmarklet
imabonehead
"The first stable release was Bareos 12.4 in April 2013 (the version number stands for the year and the quarter of the feature freeze). The current beta is version 13.2. On September 25, 2013, at the Open Source Backup Conference, formerly known as the Bacula Conference, the Bareos project was introduced to an interested audience." - imabonehead from Bookmarklet
imabonehead
Creating a Captive Portal Using Linux and LDAP or Active Directory | Phil Allred - http://philallred.blogspot.com/2012...
"I came across some nice code on Andy Beverley's web page on creating a captive portal. We had the need for something like this at Brooklyn Law School. Brooklyn Law School uses two wireless networks with over 200 access points -- one in the residence halls, and one in the classrooms. They are both great systems, Unifi and Aruba. Each has its strong points, and by using a mixture, we saved the school about $200,000 over the aruba-only solution. However, neither one's captive portal technology could accept traffic from the other one. We had used Bluesocket for this purpose before, but an updated Bluesocket controller would have cost in the tens of thousands of dollars." - imabonehead from Bookmarklet
imabonehead
SFTP Jail (chroot) with Active Directory authentication - http://www.heitorlessa.com/sftp-ja...
SFTP Jail (chroot) with Active Directory authentication
"You may find loads of articles how to do a SFTP using SSH as well as a Jail, however only few websites provide a How To authenticate against an existent Active Directory. Moreover, you may find hard using winbind to join your Linux into the Windows domain, so this article here shows how to do the same thing in a simple manner." - imabonehead from Bookmarklet
imabonehead
[P]Delete: Configuring PEAP authentication with FreeRADIUS - http://phucnw.blogspot.com/2013...
[P]Delete: Configuring PEAP authentication with FreeRADIUS
Show all
"PEAP (Protected Extensible Authentication Protocol) is an authentication method based in two simple steps: The client establishes a TLS session with the server. The server authenticates the client over the same digital certified with a RADIUS server. This allows EAP use insecure authentication protocols like MS-CHAP v2 (Microsoft version of CHAP used in this tutorial because is the default type supported by windows clients) with a secure tunnel. RADIUS (Remote Authentication Dial In User Service) is a network protocol that provides Authentication, Authorization and Accounting to connect network services. I’ll configure a simple scenario with an access point authenticating the wireless access with FreeRADIUS..." - imabonehead from Bookmarklet
imabonehead
Eliminate banner grabbing in Apache Tomcat - http://www.ibm.com/develop...
Eliminate banner grabbing in Apache Tomcat
"In this article, I demonstrate a three-step procedure for securing your Tomcat web server against banner grabbing, the technique hackers use to discover valuable information about an application or enterprise architecture, which they may then be able to use in a cyber attack." - imabonehead from Bookmarklet
imabonehead
""Friends don't let friends use consumer networking equipment." This is a saying that many sysadmins and BSD/UNIX fans have probably heard. It's really easy to go to a store and pick up a cheap little plastic router, but you might regret it later. They're proprietary, have security issues and offer very little flexibility. Often times, these routers are severely limited in functionality because they're aimed at consumers who aren't very tech-savvy. We're going to show you how to build your own, and take back control of your network! Note that this will only be a wired router, not a WiFi access point. That may come at a later time." - imabonehead from Bookmarklet
imabonehead
BinaryPig: Scalable Static Binary Analysis Over Hadoop | Cloudera Developer Blog - http://blog.cloudera.com/blog...
BinaryPig: Scalable Static Binary Analysis Over Hadoop | Cloudera Developer Blog
BinaryPig: Scalable Static Binary Analysis Over Hadoop | Cloudera Developer Blog
"Our thanks to Telvis Calhoun, Zach Hanif, and Jason Trost of Endgame for the guest post below about their BinaryPig application for large-scale malware analysis on Apache Hadoop. Endgame uses data science to bring clarity to the digital domain, allowing its federal and commercial partners to sense, discover, and act in real time." - imabonehead from Bookmarklet
imabonehead
Network Hardening with Bastille - pfSense Setup HQ - http://pfsensesetup.com/network...
Network Hardening with Bastille - pfSense Setup HQ
"Bastille is powerful and can save administrators time from configuring each individual file and program throughout the operating system. Bastille is a set of Perl scripts that run as an interactive program, and instead of configuring files and programs individually, in Bastille the administrator answers a series of “Yes” and “No” questions through an interactive GUI. The program automatically implements the administrator’s preferences based on their answer to the questions, thus streamlining the network hardening process." - imabonehead from Bookmarklet
imabonehead
So you want some hardware suggestions. | FreeNAS Community - http://forums.freenas.org/threads...
"The following is some guidance on how to select high performance hardware suitable for heavy-duty home or small office use. The goal isn't necessarily to pick the smallest, cheapest things that can possibly be used to get the job done, but rather how to throw a reasonable amount of money at the problem and get a solution that won't have to be totally replaced in a year because you underestimated everything. ZFS is piggy! But vendor-based NAS devices can be slow and are usually expensive. This is probably cheaper and faster. If you do want a vendor-based NAS device, see our friends at iXsystems, developers of FreeNAS who make the commercial TrueNAS product." - imabonehead from Bookmarklet
imabonehead
Using FreeNAS' new full disk encryption for ZFS - http://www.openlogic.com/wazi...
"With encryption enabled, all the data written to a disk is inaccessible without the right credentials. The newest security features in the latest version of FreeNAS support full-disk encryption, meaning that the encryption is done at the disk level, below the ZFS filesystem. FreeNAS employs GELI, a block device-layer disk encryption subsystem written for FreeBSD, which makes it more efficient than any add-on encryption tools would be." - imabonehead from Bookmarklet
imabonehead
"In this video from the Lustre User Group 2013 conference, Josh Judd from Warp Mechanics presents: Lustre & ZFS go to Hollywood." - imabonehead from Bookmarklet
imabonehead
How to recover deleted files on Linux - Linux FAQ - http://xmodulo.com/2013...
How to recover deleted files on Linux - Linux FAQ
Show all
"In this tutorial, I describe how to recover deleted files on Linux. There are several file recovery tools on Linux. Among them is PhotoRec which is an open source file recovery software licensed with GPLV v2+. PhotoRec is available on Linux, BSD, MacOS X and Windows." - imabonehead from Bookmarklet
I guess they apply HDD paradigms to any storage, while SSD might give some interesting surprises. - непростые коротышки
SD card... /facepalm - непростые коротышки
imabonehead
FhGFS Wiki: Tips and Recommendations for Storage Server Tuning - http://www.fhgfs.com/wiki...
"Here are some tips and recommendations on how to improve the performance of your storage servers. As usual, the optimal settings depend on your particular hardware and usage scenarios, so you should use these settings only as a starting point for your tuning efforts." - imabonehead from Bookmarklet
Other ways to read this feed:Feed readerFacebook