All posts by cormander

Flying a spaceship is hard

Growing up as a kid I always dreamt of flying around in space. I watched all the sci-fi shows, and had more make-believe sessions than I can count during my childhood. Never once did I think about exactly how to fly one; I just imagined that I flew one, and that I was damn good at it too.

Last week I came across a flight simulator called Orbiter. In it, you get to fly spacecraft in a realistic physics environment. Now, as an adult I know my chances of flying into space are pretty much nil, but the game basically shattered what glimpse of hope I had left about flying into space. I’ll state the obvious: flying a spaceship is hard. Just getting into orbit is a trick. Make it into a stable orbit? A geosynchronous orbit? Land on a moving target (flying to the moon)? You can’t just point your spaceship and “go” like they do in the movies, you really have to do the math, you really have to know what all the controls do, you really have to have the patience. This simulator may have a “time warp” feature to fast-forward, but real life doesn’t. Space is vast, and this simulator shows it real well.

Now, I knew all these things, I guess it just never hit me how difficult it is. Well, now the fantasy is over, and from this moment forward I’ll watch sci-fi media with even more humorous skepticism. People make entire careers out of flying spaceships, and even then a lot of them don’t get to go up into space. After flying in Orbiter, I have even more respect for those at NASA than I ever had.

Childhood (and adulthood) dream shattering aside, it’s a fun simulator. My only complaint is, when you crash, you ricochet off the ground into an out-of-control spin, there is no explosion. Oh well!

My presentation at LinuxCon 2012 in San Diego

Just under two weeks ago I gave a talk at LinuxCon 2012 in San Diego. It was a great experience, and I hope to do it again in the future. Too bad I could only stay for one day, as I could only break away from work for a short amount of time. Here is a link to my time slot.

The title of the presentation was “Distribution Kernel Hardening”. It talked about kprobes, ksplice, and my tpe-lkm kernel module.

I have uploaded my presentation slides and my speaker notes if you would like to have a look, since my session wasn’t recorded. Enjoy!

Cryptomentation

Ever had to read documentation that wasn’t well written, was full of gaps, or just didn’t make a whole lot of sense? I’ve created a word for documentation like this: cryptomentation. Because it’s documentation that’s cryptic.

A somewhat related random quote:

“Why would there be documentation? It’s called “code” for a reason.” -Unknown

AKARI – TOMOYO via LKM

I recently sent an abstract to LinuxCon / Kernel Security Summit, and the other day I heard back from one of the panel members. As I mentioned my thoughts on implementing AppArmor on CentOS/RHEL via LKM, he replied about a project that he threw together called AKARI. It’s a fork of TOMOYO, and inserts into the linux kernel in a very similar way to how I was planning on doing AppArmor, and have been recently been toying with in tpe-lkm.

All I can say is, that’s a whole lot of code I won’t have to figure out :) He’s already solved some of the problems I’ve been facing. I haven’t used TOMOYO before so I haven’t given this module a test yet beyond inserting it into one of my test systems, but so far it appears to work as advertised. As my time permits I’ll throw up a git repo called kmod-apparmor, which contains some of this code, and continue my work on it.

Updates to tpe-lkm dev branch for EL5

I previously talked about hijacking linux kernel pointers as an alternative method of implementing security features. At that point I had only tested it on my Ubuntu machine (linux-3.2.0) but I’ve since tested it on EL6 (2.6.32) and EL5 (2.6.18). While there weren’t any problems on EL6, EL5 had some problems and today I committed a bunch of fixes to address them. It looks like it’s stable now.

I’d like to have some other people test it though, and I’d like to expand on the regression testing some more. Once I’m confident that this other way to implement TPE won’t cause any issues, I’ll merge it into the main branch and cut a 2.0 release.

Judging a fish by its ability to climb a tree

You’re probably familiar with this quote:

“Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.” ― Albert Einstein (src)

This past week I’ve had to deal with windows servers, something I neither excel in nor do I have the desire to excel in. So, to put a bit of a geeky spin on an Einstein quote, I rephrased it as this:

Don’t judge a penguin by its ability to clean a window.

tpe-lkm version 1.0.3 released

I’ve started to version my tpe-lkm project as it’s stable now, and today I released version 1.0.3. You can download the files from sourceforge.net or from github. This release contains some code cleanup, and a few bug fixes.

As for the meaning of the version number goes, the 3rd # is for bugfixes, a 2nd # is if new features are added, and if I ever increment the first #, it’ll be a major rewrite of the code. I may do that some day.

Anyway, happy TPE’ing!

Password length limits

I understand being strict and having the usual rules; need an upper and lower case character, a number, a special character, and a minimum password length. It just makes good sense to have a complicated passwords.

However, I’ve ran into a few places that limit the length of the password. What? Limit the length of the password to 12 characters? Are you kidding me? If I want a 30 character password, then I damn sure should be able to have one. Things such as Password Safe exist for that very purpose.

You know what a password length limit screams to me? Storing it in plain text. The only logical reason I can think of to limit the length of a password to such a short length is the field in the database for it isn’t very big. Hashes can get quite long, even more than 30 characters, so if you ever run into an authentication system that doesn’t accept long passwords, don’t use it.