Squid is a popular open source web proxy server and web caching software. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for groups of people sharing network resources and (which is of most interest to us for the purposes of this post) by aiding security via traffic filtering. It was originally inteneded for Unix/Linux but has been ported to a number of platforms.

Squid has powerful ACL (access control list). The primary use of the ACL system is to implement simple access control. This can be used to deny a user from accessing particular site.

In order to do this we have to edit the Squid configuration file.

e.g. # vi /etc/squid/squid.conf

Search for `Access Controls’ and append the following lines (in this example we are blocking access to ‘nastysite.com’):
acl badsite dstdomain .nastysite.com
http_access deny badsite

Save and close the file, and then restart Squid:
# /etc/init.d/squid restart

 If required, you can specify more than one site to be blocked:
acl badsite dstdomain .nastysite.com  .anothernastysite.com
http_access deny badsite

You can also use regex expressions to block access to more than one website. for example,  if you would like to deny access for any sites where the URL contains the word “twitter”, use the following ACL lines:
acl badsitegroup url_regex -i twitter
http_access deny badsitegroup

More information on Squid commands can be found at: http://wiki.squid-cache.org/FrontPage

Examples of Ping

Windows
ping google.com

Pinging google.com [64.223.167.99] with 32 bytes of data:
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=75ms TTL=57
Reply from 64.223.167.99: bytes=32 time=40ms TTL=57

Ping statistics for 64.223.167.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 75ms, Average = 47ms

Linux
ping -c 5 itresource.com.au

PING itresource.com.au(203.88.118.177) 56(84) bytes of data.
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=1 ttl=57 time=36.6 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=2 ttl=57 time=36.5 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=3 ttl=57 time=37.0 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=4 ttl=57 time=36.9 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=5 ttl=57 time=36.6 ms

— itresource.com.au ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 9000ms
rtt min/avg/max/mdev = 35.918/36.638/37.106/0.400 ms

Mac OS X
ping -c 10 itresource.com.au

PING kookaburra.cbr.hosting-server.com.au (203.88.118.177): 56 data bytes
64 bytes from 203.88.118.177: icmp_seq=0 ttl=53 time=40.019 ms
64 bytes from 203.88.118.177: icmp_seq=1 ttl=53 time=47.502 ms
64 bytes from 203.88.118.177: icmp_seq=2 ttl=53 time=43.208 ms
64 bytes from 203.88.118.177: icmp_seq=3 ttl=53 time=50.851 ms
64 bytes from 203.88.118.177: icmp_seq=4 ttl=53 time=46.556 ms

— ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.019/45.575/50.851/3.588 ms

Useful links:
http://en.wikipedia.org/wiki/Ping

http://www.computerhope.com/jargon/p/ping.htm

Aspire One features an 8.9″ CrystalBrite LED backlit display (resolution of 1024×600 pixels), CrystalEye webcam and 802.11b/g WiFi built-in as standard for access to available wireless networks.

Aspire One will be available with Linpus Linux Lite or Windows XP Home, and comes with 512MB or 1GB of memory respectively. There are two alternatives for data storage: a NAND flash module of 8GB or an 80GB internal HDD. In addition the Aspire One reads 5 different types of memory card.

The bundled OneMail application integrates up to five email accounts into one central inbox. Similarly, users can have multiple instant messenger accounts via a single point of access.

Available in a range of colours, the Aspire One has a RRP of $599AUD (linux version).

• Linux version weighs less than 1kg
• Windows XP version weighs 1.1kg
• Up to 3 hours battery life with standard 3-cell battery
• Up to 7 hours battery life with optional 6-cell battery

The record-chasing firm will apparently unveil its 5,376 Intel Xeon quad-core processor blade system later on today. Computer World claims the system is able to reach an impressive 46 sustained teraflops on a beta version of Windows HPC Server 2008, with each chip apparently running at 2.5GHz and using 50 watts.

What makes the achievement particularly noteworthy is the fact that it is a relative rarity for an HPC system to be built on Windows rather than exclusively on Linux, which makes up around 85 percent of all HPC systems in the world.

Microsoft has long been interested in catching up with its rivals in the HPC field, and mow it looks like it might finally be making inroads.

The mega computer, which sits in the Umea University, about 680km north of Stockholm, is amongst the top 50 most powerful machines currently in existence.

Frederick Lee, a researcher at insecurity company Fortify, said that the flaw, which affects Ubuntu as well as Debian, had been “seriously underestimated ” as it makes the Secure Sockets Layer (SSL) of the two Linux sustems vulnerable to malicious attack.

“We’re calling this vulnerability ‘insecure randomness’ since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions,” he said.

Lee reckons that the flaw, which tinkers with the randomness engine used to encrypt secure transactions, could be used to intercept traffic between a user and supposedly secure connection between a user and, for example, an online banking site.

Debian, especially its stable branch, is widely regarded as perhaps the most bulletproof Linux distribution.

Debian also has the not undeserved reputation of being difficult for those new to Linux to install and manage.

The Debian maintainers apparently created the vulnerability by deleting code that seeded the random number generation used to calculate encryption keys.

The result was that the random number generator used in Debian’s OpenSSL package was predictable, leading to cryptographic keys that might guessable.

Debian Security Advisory DSA-1571-1 states: “Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.”

The advisory also publishes the URLs for a detector of weak encryption keys, as well as the location of instructions about how to implement key rollover.

The vulnerability only exists in Debian and Debian derived Linux systems, but those also include the Ubuntu versions of Linux that have lately become quite popular among casual desktop Linux users.

The problematic OpenSSL code appeared in the Debian unstable distribution on September 17, 2006 and has since been propagated into the current stable and testing distributions named Etch. The previous stable Debian distribution named Sarge is not affected.

Many Debian Linux desktop users shouldn’t be affected by this Secure Sockets Layer (SSL) bug unless they’ve generated cryptographic keys for Secure Shell (SSH) access between systems or digital signing or authentication certificates.

However, techies who administrate Debian based Linux systems that traffic in certificates might be scurrying about somewhat in coming days as they apt-get the upgraded OpenSSL package and regenerate and roll over cryptographic keys and certificates.

The following Release Notes provide an overview of the important changes from the last release of Fedora.

To download the new Fedora 9 OS click here.

BSD’s variants include OpenBSD, FreeBSD and NetBSD, and it forms the basis of Apple’s Mac OS X operating system. All BSD derivatives were found to contain the bug, according to Marc Balmer, a Swiss developer closely involved with OpenBSD.

“Much to my surprise, I not only found this problem in all other BSDs or BSD-derived systems, like Mac OS X, but also in very old BSD versions,” Balmer wrote in a Web site post on the issue. “The bug has been around for roughly 25 years or more.”

The discovery of the bug sheds light on the process of maintaining and developing open-source software, which is handled by distributed developers rather than centralised teams, as is usual in the case of proprietary software.

Balmer said he was alerted to the problem by an OpenBSD user who found that Samba, an open source networking protocol, would crash when serving files from a filesystem using Microsoft Disk Operating System (MS-DOS) formatting.

He found that the problem was not with Samba but with OpenBSD itself, and that the bug was known to Samba developers. “Samba… uses a workaround, or replacement code, to access directories on the BSDs, since the directory reading code in all BSDs was flawed,” Balmer wrote.

The problem was with the *dir() group of commands, such as telldir() and seekdir(), used to handle, open, read and interpret directories, according to Balmer.

After lengthy experimentation, he found that, if directory entries are deleted at a certain stage, the telldir() command returns errors and can crash programs. “This code will not work as expected when seeking to the second entry of a block where the first has been deleted,” Balmer wrote.

He cited an e-mail from Kirk McKusick, the author of the original *dir() library, indicating that the bug may have been in the library from its initial version.

The long delay in fixing the problem is probably due to the fact that it does not surface often and that other programs, such as Samba, have created workarounds, according to Balmer.

After the long discovery time, the fix itself was “surprisingly simple”, Balmer wrote, and will now be incorporated into OpenBSD and other operating systems using the same code.

“Sorry that it took us almost 25 years to fix it,” Balmer wrote.

The OpenBSD project released version 4.3 earlier this month, featuring a large number of new drivers, software packages and bug fixes.

The kernel, which was released approximately 10 weeks after its predecessor, includes broader Wi-Fi hardware support and the integration of more Wi-Fi drivers, according to Linux developers. Among the drivers integrated is Ath5k, which is compatible with chips by semiconductor system Wi-Fi developer Atheros.

On the virtualisation front, the KVM x86 emulator has been updated with more instructions and components, designed to improve performance and compatibility. Virtual prototyping platforms framework Virtio has also been updated, while paravirt_ops now works on the x86-64 architecture.

Performance improvements were made to the Completely Fair Scheduler (CFS) real-time technology, which gets its first support for LatencyTop, a tool for helping track down latency problems.

The Ext4 file system also saw changes, and now uses checksums to ensure journal integrity. Ext4 is a journalling file system — a file system type becoming popular because of its resistance to corruption in the event of a system crash or power failure.

The kernel includes the Smack (Simplified Mandatory Access Control Kernel) security framework, which is based on a set of mandatory access control rules and is designed for simplicity.

Developer improvements to Linux have been showing up as significant reliability gains in the enterprise over the past two years according to a recent Yankee Group survey, which found Linux distributions from Red Hat and Novell have increased reliability by an average of 75 percent since 2006.

However, Linux 2.6.25 implements a policy that could cause problems for some administrators: forbidding proprietary USB drivers access to certain core functionality. Developers warned two years ago this change was coming, but many USB drivers nevertheless remain proprietary. The 2.6.25 kernel includes changes that could cause problems for proprietary USB drivers that take the form of kernel modules.

Such drivers can no longer be compiled with unmodified Linux 2.6.25, due to the fact that the licence of an important API is only compatible with drivers that carry a GPLv2 or compatible licence.

Developers included this feature for a time in the development of kernel 2.6.16 in 2006, but it was removed before the kernel was finalised in order to give driver makers an opportunity to produce open-source drivers. However, many drivers remain proprietary.

Source: ZDNet

Concurrent is a Linux distributor specializing in real-time technologies that can be utilized by some very serious businesses. For example, Concurrent is the key supplier of RedHawk Linux for the US Navy’s Aegis cruisers, which are equipped with anti-air, anti-surface, and anti-submarine weapons systems.

The company’s trademark architecture relies on the presence of multiple processors, and the ability to schedule threading between CPUs and cores to ensure higher reliability for user tasks, as opposed to hardware-specific tasks. One way it does this is through a mechanism Concurrent calls processor shielding, which grants higher priorities to selected cores that run user applications…such as anti-submarine algorithmic operations.

When the worst-case time measured for either executing a code segment or response to an interrupt is significantly different than the typical case, the application’s performance is said to be experiencing jitter. Because of computer architecture features such as memory caches and because of contention for shared resources, there will always be some amount of jitter in measurements of execution times,” reads a Concurrent white paper on the subject (PDF available here).

“Real-time applications are defined by the fact that they must respond to real world events within a predetermined deadline. Computations that are completed after this deadline are considered incorrect. This means that the worst-case jitter the operating system allows determines whether that operating system is suitable for hosting a given real-time application. Each real-time application must define the amount of jitter that is acceptable to that application.”

As the white paper goes on, high-priority tasks are granted to shielded CPUs, while hardware interrupts are assigned to the others.

In the multi-core era, it becomes possible to segment processor resources and architecture more granularly. So the most noteworthy new features of RedHawk Linux 5.1 is Intel and AMD quad-core processor support, plus support for non-uniform memory architecture (NUMA) used by AMD processors.

NUMA enables separate cores to access different segments of memory without having to utilize the same stream. Real-time processes are able to work faster using NUMA because all processes are local to a particular node and will not be shared or interrupted by another page trying to use the same node.

NUMA is more important for companies using real-time Linux operating systems because they need reliable access to time-critical environment situations that may not be met by a regular Linux OS. NUMA is used by AMD processors today, and will being integrated into the next generation of 45 nm Intel CPUs. Previous Intel Xeon and Pentium processors used a shared pool of memory that each processor was forced to access using a memory controller hub or front-side bus.

AMD’s official Web site provides several links detailing more about NUMA and its importance with multiprocessor computer systems.

Source: BetaNews