WSISBlogs.org

BPN 1600: Cyber poetry

Wed, 23 May 2012 16:00 GMT

Today the Dutch award for poetry will be handed out to Tonnus Oosterhoff. And this year it is going to be a special one, as it was awarded to moving poetry, according to the jury of the P.C. Hooft award 2012. The term moving poetry can be interpreted in this case as moving over a screen or cyber poetry. A look at his site of the poet makes things clear. It is not just a poet who delivers

On the Kolab Server 2.4 Release

Tue, 08 May 2012 02:56 GMT

So a while back I gave a primer and insight into what would happen with Kolab 3.0, and now we've released an out-of-schedule Kolab Server 2.4 – what's that?

There are a couple of reasons for this. Firstly, the Kolab 3.0 development cycle is well under way, and progressing nicely for the most part, even if we may have to do some feature triaging for the 3.0 release depending on how many contributors come to the task in the next month or two.

But even so it is going to be some time before that release is out after some testing, and simultaneously the OpenPKG set of packages of the Kolab Server is ageing. Quickly. Providing security updates is something that would be done in the ideal world, but it takes around two weeks to wrap a release, as even an individual component easily means the entire stack needs to be rebuilt.

That's a lot of effort for something that's been discontinued.

From a business perspective it is also completely wasted, as there are zero customers of Kolab Systems on that particular technology base. None. Some other service providers may have paying customers on that basis, which is fine. But in the way they have chosen to maintain those customers on that basis without upstream support, they have themselves chosen to become the upstream for the solution their customers are on. So we gladly give them everything they need to provide such updates for their customers, but they'll have to do the work themselves, I am afraid.

Naturally they could also hire us to do this for them. But I'd rather prefer if they didn't, because this packaging base and some of the technology contained within is fundamentally unmaintainable, while the new basis is much leaner, more modular and each component can be updated as required without affecting the entire stack. In other words: Up to date (release) engineering.

In any case, even if an employee of ours were hired for another OpenPKG release, that person would be missing from other activities, such as the native packages available through our software subscription for customers with upstream support. So I'd much prefer to have the employee work on that, to be honest.

At the same time, we do not want to let our community be without an update for too long, and we want to lower the barrier to becoming active in the Kolab 3.0 development cycle. The answer to all those questions was the intermediate Kolab 2.4 release. That release already gets so many things right that we really encourage anyone with interest in Kolab, Roundcube or Free Software Groupware to take a look themselves.

The fastest way to a running virtual machine is if you're on Fedora 16 or 17 and have the virtualisation packages installed & the service running.

Simply run the script below kindly provided by Jeroen van Meeuwen, our Systems Architect.

Or take a look at the quick installation instructions on the kolab.org web site.

Fastest way to Kolab, courtesy of Jeroen van Meeuwen

Assumptions to the script:

Purely demonstrative,
Assumes libvirtd managed ‘virbr0′ network,
Assumes no kolab-demo system already exists,
is to be executed with something like as follows:

sudo TMPDIR=/path/to/my/tmp/dir /path/to/setup-el6-k24.sh

Save the following as setup-el6-k24.sh and make it executable (e.g. chmod 755 setup-el6-k24.sh):

#!/bin/bash

virsh destroy kolab-demo
virsh undefine kolab-demo
rm -rf ${TMPDIR:-/tmp}/kolab-demo.img
qemu-img create ${TMPDIR:-/tmp}/kolab-demo.img 8G
virt-install \
--name=kolab-demo \
--ram=2048 \
--vcpus=2 \
--disk="path=${TMPDIR:-/tmp}/kolab-demo.img" \
--location=http://mirror.switch.ch/ftp/mirror/centos/6/os/x86_64/ \
--extra-args='ks=http://hosted.kolabsys.com/~vanmeeuwen/ks.cfg' \
--network='bridge=virbr0' \
--hvm \
--virt-type=kvm

A bridge leading nowhere: Outlook-centric groupware

Fri, 04 May 2012 03:12 GMT

I have a confession to make.

I do not believe that Windows is the future of the Free Software desktop.

Perhaps you wonder why I feel it necessary to make this point?

A surprising number of Free Software (or Open Source, take your pick) companies, evangelists and journalists these days advocate some Open Core groupware solutions that focus on Microsoft Outlook as their primary client as “consequential” and “the best approach.” The term “pragmatic” is also quite popular among such comments.

Although some things could and should be said about this, let's ignore the fact that not everything that calls itself Open Source actually is. That is a case of deception and deceit, of misleading advertising where the users only notice they've been locked in at the time they try to make use of the freedoms they thought they had gained. It is not specific to the area of groupware, though, and not the focus for this article.

There is a set of technical and strategic issues that make this approach a dead end.

That is not to negate the strength of Microsoft Windows on the desktop, or to try and ignore it. We always need to take the prevalence of Microsoft on the desktop into account. But there are paths of action that reduce dependency, and there are paths that increase it. Samba, Mozilla Firefox, LibreOffice/OpenOffice.org are all excellent examples of solutions that create more degrees of freedom. These are bridge-building applications. But where do these bridges lead?

Their approach is to interoperate by basing themselves on Open Standards that are equally available on all platforms, and then do their utmost to ensure they also support the Microsoft specific formats and the deviations from Open Standards that were often deliberately introduced to create incompatibility in order to facilitate lock-in. So they bridge towards empowering the user with Free Software applications that can now interoperate, thus enabling multiple platforms and reducing dependency upon Microsoft.

A groupware application that focuses primarily around Microsoft Outlook may seem related, but where does this particular bridge lead?

For one interoperability is often achieved at tremendous cost, such as storing the binary blobs of Outlook that are based on the in-memory application specific data structure in SQL databases. A somewhat better approach is MAPI as the transport layer for Microsoft compatibility. As long as there is a truly open and interoperable communication and storage layer and mechanism underneath, that is. The inherent danger is that MAPI becomes the primary and most important protocol in such an application, genuinely turning things back into a “every platform as long as it is Microsoft Windows” situation.

But even more importantly: By building a deeper habitual and technological dependency on Outlook, which only runs properly on Windows.

So that bridge leads towards where users already are: An ever increasing dependency on Microsoft Windows, which is the opposite effect of applications such as Samba, Firefox or OpenOffice.org/LibreOffice.

Worse, even, they block in particular the office applications due to a quirk in Microsoft's licensing strategy which bundles Microsoft Outlook and Office. As a result, where one is already deployed, the other is already fully paid for. For the office suites that means LibreOffice / OpenOffice.org would have to pay users for using them. Everything else would be an added expense. Try getting this across the accounting department in a company that is struggling to stay within budget.

With groupware being a critical core functionality of any business, as long as MS Outlook stays firmly entrenched, the Free Software offices continue to have a much harder time catching up. So if your concern is to provide companies and users with more choice, investing into an Open Core groupware on the server can in fact strengthen the dependency on Microsoft Office if the deployment is predicated on Outlook as the client.

To make it worse the customer has now on good faith invested into something that promised openness and finds themselves deeper in the hole. Good luck getting that customer to trust in another solution that promises more degrees of freedom in a similar way and requires migration and further investment.

So while these Exchange competitors provide temporary relief in terms of cash flow, they do nothing to resolve the underlying problems, and companies that provide these kinds of solutions to their customers would be well advised not to oversell them as “Open Source Solutions with all the great advantages of Open Source” because they'd be misleading their customers.

Chances are the customer will anyhow harbour unjustified expectations even without the overselling, but overselling definitely increases the chance of leaving permanently scorched earth for Open Source / Free Software.

So what would be a sustainable approach?

Firstly, the solution should be based upon Open Standards as much as possible.

Secondly, it should be fully Free Software that is deserving of the name.

Thirdly, that solution should not predicate itself primarily upon Microsoft Outlook support. Support for Microsoft Outlook can clearly be a plus, but it should not permeate the design of the solution, nor should it be the only or even primary client of choice. So the client would be focused towards a truly heterogeneous client ecosystem, and ideally one that also assumes a multi platform world.

Then it should come with an up to date web client, mobile phone support and all the technical aspects users require, but it should not require a huge data centre to run it. In other words it should be able to scale up as well as down, to be installable on a single machine in an office as well as in a distributed cloud setup that can serve hundreds of thousands of users.

Why would you care about that level of scalability? Because it provides the grounds for ubiquity. And Microsoft has done a pretty good job at demonstrating how powerful ubiquity really can be. But that ubiquity depends upon a couple more factors. Such as the development process.

Does the solution you're looking at actually have public development mailing list, issue trackers, wikis and such where the actual developers of the company driving it participate and can the community participate in the steering of the solution on all levels? Is there transparency of the development process, and is there a development process to speak of?

But most importantly: You don't know your business requirements for the next ten years in advance.

What you do know, however, is that the domain of groupware is going to be a central part of that, because exchanging messages, planning your days and keeping track of the people you interact with is not going to become less important. Neither are the extended functionalities that are often associated, such as instant communication, telephony, video conferencing, collaborating on documents and so on and so forth. In all likelihood, its importance is going to increase as we move towards a more interconnected and cooperative world.

What does this mean for your decision right now?

You want technology that you can innovate upon and integrate into other technologies easily. That is partially covered by the Free Software & Open Standards points above. But there are also architectural aspects to consider here, and conceptual questions as to whether the solution is flexible enough to evolve with your needs.

Especially your groupware solution merits such in-depth analysis before you make a call.

Because lock-in starts at the application level this choice is an essential part of what you will be able to decide in the future. So next time you're thinking about your groupware strategy you might want to ask yourself: Do you think that Windows is the future of the Free Software desktop? Do you believe it is the only desktop you should ever be able to choose?

If you don't think so I would unsurprisingly suggest you take a look at Kolab. Good starting points might be the Kolab Story, the Kolab 3.0 Primer, and of course the Kolab Systems web page.

But perhaps even more importantly I believe this shows we need to be addressing groupware & office jointly if we want to displace Microsoft Outlook & Office.

So I invite everyone working on promoting the Free Software office solutions to get in touch and work together.

Non-commercial announcement

Thu, 12 Apr 2012 09:53 GMT

On April 28/29 at Bloomsbury in central London: two days of coding, creativity, challenges….and fun. The Spring Hackathon draweth near! (http://hackathoncentral.com/overview). The focus will be “Apps for the High Street”, in which developers will compete and collaborate to build web and mobile apps for small high street businesses located in the London Borough of Islington. We’ve

1599 Why I like Life Online

Tue, 03 Apr 2012 16:30 GMT

I became all exited when I discovered Life Online. I discovered that it was a permanent gallery of the National New Media Museum, which is part of the National Media Museum in Bradford (UK). I did not know that it existed and did not know that the National Media Museum consists of: - the National Photography Collection; - the National Cinematography Collection; - the National Television

BPN 1598 World's first permanent internet gallery

Sat, 31 Mar 2012 05:35 GMT

Life Online, the world's first permanent gallery dedicated to the social, technological and cultural impact of the internet and the web, opened at the National Media Museum in Bradford, UK last Thursday. The opening was embellished with a video interview with one of the “fathers of internet” Vint Cerf, in which he tells that he never believed the internet would be so popular when co-creating it

BPN 1597: Media Update Netherlands

Fri, 23 Mar 2012 04:47 GMT

Dutch online ad market: more than 1 billion euro In 2011 the Dutch online advertisement market gained a turn-over of more than one billion euro for the first time. That is a growth of 12 per cent compared to 2010, according to the Interactive Advertisement Bureau Netherlands (IAB Netherlands). For 2012 it expects a growth of 7,7 per cent due to the economic crisis. For the increase of sold

BPN 1596 De Pers stops

Tue, 13 Mar 2012 04:16 GMT

The Dutch freesheet De Pers will stop publication after five years by the end of March. The paper was appreciated as an originalquality paper. The Dutch market will be left with two throwaway freesheets: Metro and Sp!ts. De Pers was started by the millionaire and only Dutch press baron after the Second World War Marcel Boekhoorn. He gained his fortune, amongst others, by buying the telecom

BPN 1595 Elsevier bows for scientists

Sat, 03 Mar 2012 09:43 GMT

Elsevier has retracted its support for the Research Works Act, the US legal proposal which was to impede access to scientific publications. The publishing company does so after protests of almost 8000 scientists. They signed a petition on internet indicating that they would not cooperate with lsevier any longer in providing articles, editing and peer reviewing as long as Elsevier would support

BPN 1594: Digital entertainment market in the Netherlands improves

Thu, 23 Feb 2012 08:20 GMT

The Dutch entertainment association (NVPI) has published figures on the entertainment industry in the Netherlands. It concludes that consumption of music, television series, movies and games was higher than ever in 2011. However, as the average price for digital products is lower than those for physical CDs and DVDs, the total turnover was lower. Expectations for 2012 are positive, but the fight

More Storage Please!!!

Wed, 22 Feb 2012 23:16 GMT

(Part 1)
The business Development arm of the company just won a huge contract. The CEO announced it last week and there was a small-chops party to celebrate the win. It is going to be a good year after all. This week the Applications Development and Integration teams are hovering around your department, they need new servers with heavy specifications. This is not a problem, what bothers you however is the large amounts of disk space they have required, totaling into terabytes. And no, you cannot use your magic wand to reduce their specifications like you have done in the past.

The last inventory you did showed just a few gigabytes of space left all over your data center. Trouble is brewing.

This is an all too familiar scenario for Infrastructure teams of IT departments. There is this constant need for more storage. Terabytes used to be very very large a couple of years ago, but today, they never seem to be enough anymore, for anyone. This is not one of those realizations you shove off as being peculiar to only large organizations, enter the data center of any medium company today and you see the rate at which storage is being consumed. Even personally, I have 1.5 terabyte worth of external storage at home and it does not seem to be enough anymore. Phew!

What is to be done? The most logical solution is to get more storage, or better still, a data management solution. However, before you call your supplier to bring in another batch of SAN storage you should carefully plan for expansion since data will continue to grow. IT departments need to have a carefully planned strategy for data management. The last thing you want to do is to be reactive. Below are some of the things to consider before buying a data management solution.

Scalability

Scalability is the ability of a system, network, or process be enlarged to accommodate growth. With respect to storage systems, there is a need to acquire storage solutions that can scale over time. A storage that is not scalable will require users to copy out old data into a new bigger storage before they use it. On the other hand, a scalable system is expandable in a plug-and-play manner such that, old data will expand into the new storage, transparently, without hassles. A scalable system enables users to acquire storage as needed, rather than buying a mass of it and leaving it redundant till there is a need for it. A simple example. Your 1GB flash drive is not scalable. If you need to copy 1.1GB of data, you will need another flash drive bigger than 1GB. On the other hand, a scalable flash drive (if one exists) will provide an interface to extend the 1GB flash drive with any additional space to be able to accommodate your 1.1GB file.

tbc…

BPN 1593 Royal Dutch Library prefers e-books for deposition

Sat, 11 Feb 2012 06:23 GMT

The Royal Dutch Library (KB) in The Hague has indicated in a policy statement The KB future is digital, that it rather prefers e-books above printed books for the legal deposition of a book. The move will shorten the cataloguing process and save space; besides ebooks will speed up the digitisation process in the national library but will also have an effect on the national book distribution.

BPN 1592: Researchers taking a stand against Elsevier

Fri, 03 Feb 2012 09:23 GMT

Academics have called into action against the academic publisher Elsevier, part of the Reed-Elsevier company. The online petition thecostofknowledge.com, has been signed by more than 1.900 academics in the past week. The academics signing this petition will no longer publish in the 2000 Elsevier journals with quality publications like The Lancet and Cell. The criticism of the academics is aimed

BPN 1591: CEO WK: mobile is more profitable than online

Tue, 31 Jan 2012 09:06 GMT

Yesterday I attended an award ceremony of the Dutch media association of professional and scientific information providers. Part of the program was a speech by Nancy McKinstry, the CEO of Wolters Kluwer. Of course when a CEO of a publically listed company speaks at such an occasion you should not expect news as company information is stock-sensitive. However Ms McKinstry spoke in the framework

When you go to FOSDEM…

Mon, 30 Jan 2012 11:43 GMT

…don't forget to pack your résumé.

If you're looking for a job working on Free Software/Open Source, or want a change of positions, that is.

At the current point in time I am aware of existing openings for all sorts of profiles, including, but not limited to:

Red Hat/RHEL Systems Engineer
Debian Systems Engineer
Developers for Python, Qt, C, C++, Qt, KDE; PHP and Java with experience in solutions such as KDE PIM, Akonadi, Roundcube, Cyrus IMAP, OpenERP, TYPO3
Support Engineer
Technical Sales & Support
Marketing & Sales (of Free Software, mind you)

some of them positions we'll be looking to fill in our own company, Kolab Systems, some time this year. Some of them are in our company group, some in befriended companies that keep asking me for viable candidates in various areas.

Naturally for Kolab Systems candidates with community experience, connection and participation will be preferred. For some of our partner companies it's not that important. Some of these jobs would offer the opportunity to relocate to Switzerland, some of them would offer the opportunity to work from home, most of them are located in Europe.

And while I cannot promise that I'll find jobs for everyone, or that I'll have your dream job for you, I may just know an interesting place for you and will be happy to pass your résumé along.

So don't hesitate to get track me down to have a chat!

Starting a startup? The essence of building a complete team

Mon, 30 Jan 2012 10:18 GMT

I was late in getting the details of Google's sales stunt in Kenya where they essentially were feeding fat on another company's data.

Though Google have since apologized for the behavior and have had some heads roll, it occured to me that there is a lesson for Nigerian Startups or any Internet startup for that matter, especially those dealing in potentially useful data.

Reading Mocality's CEO's description of how they got wind of Google's activities on their data, I began to imagine how long this would have gone unnoticed (if ever noticed) had the team at Mocality not have as much technical knowledge of their business.

It is one thing to have a great idea for an Internet business, it is another to have the required technical skills to manage the nitty gritty of it. It is important for startups to build teams that can look after the nitty-gritty of the business. I imagined if the team at Mocality were just a bunch of Web designers with little knowledge of any form of data analytics, they would have lost out on potential sources of revenues.

This is from the Mocality's blog post

“Our database IS our business, and we protect and tend it very carefully. We spot and block automated attacks, amongst other measures. We regularly contact our business owners, to help them keep their records up-to-date, and they are welcome to contact our call centre team for help whenever they need it”

It is not enough for a start up to want to solve a problem. It is also very important for startups to know what their valuable assets are and to have knowledge teams to protect such. This oversight is one of the many reasons why some startups die after failing to realize potential source of wealth leakages .

BPN 1590 Entertaining Europe in the Electronic Age

Tue, 24 Jan 2012 15:45 GMT

On January 24th, 2012, Ms Neelie Kroes, Vice-President of the European Commission responsible for the Digital Agenda, addressed the European Parliament Intellectual Property Forum, at the European Parliament in Brussels on the subject of Entertaining Europe in the Electronic Age. Thank you for inviting me to speak on the opportunities for the creative sector in the online age. It's an

Beyond IT policy, why we need a Government CTO

Tue, 24 Jan 2012 09:04 GMT

A new draft IT policy has just been released by the Nigerian Ministry of Communication Technology. Brilliant document if followed up by the appropiate will. The document has done a good job at harmonising the different IT policies that exist in different sectors of the Industry, what needs to follow now is a holistic approach to ensure that these policies translates to an increase in initiatives, connectivity and adoption.

I believe an action plan should follow this document stating what will be achieved, how it will be achieved and when, at least before the end of the Minister's tenure in office. Such document will detail the different initiatives of the Ministry of Communications in line with achieving the objectives of the policy. Collaboration with the private sector will breed the ideas of what needs to be done for Industry growth. Within Government however, I believe time is now for the Nigerian government to have a Chief Technology Officer (CTO) or Chief Information Officer (CIO).

The role of the CTO will be to drive technology adoption initiatives within Nigerian Government agencies, its Ministries and its parastetals. These agencies already have IT heads or like technical directors who work in silos and adopt technology as they see fit for their agencies. This should change. To push the country towards a common goal of e-Governance, there is a need to have a CTO that will define the the country's IT direction.

The CTO will work with these ministries IT heads to oversee technology, control and ensure due process in technology adoption across government. The individual will ensure that government IT follows a well planned path in a way to enable the e-Government initiatives of the Federal Government. This will ensure there is a common goal for buying and using technology in these agencies at any point in time.

For instance, one of the shortcomings identifed in the NNPC KPMG Audit report was that the NNPC does not have a working document management system and that key documents are scattered all over staff laptop and desktops. This probably is the scenario across other Government ministries too. A Government CTO will ensure this does not happen by making sure IT heads of these agencies are aware of what IT process to have in place.

A CTO with wide industry experience and deep private sector background is preferable for this role. Someone who is experienced enough to handle such scale of new and emerging technology across government, disciplined enough to ensure due process and young enough to push for change. I would think someone of the caliber of the CTO's managing technology in Nigeria's top banks or in telecommunications. The CTO will probably report to the Minister of Communications Technology.

While the minister will focus more on administration, policy and regulation, the CTO will handle the more technical issues like using locally developed software in government agencies, adopting Open standard technologies (so Government data is not vendor-locked in) and ensuring government data is kept secure.

Caught the Cloud computing bug yet?

Tue, 24 Jan 2012 03:37 GMT

Hopefully not, at least until you have taken time out to understand what it means.

Every few years, the IT industry comes out with a big buzz word. More often than not, it is the re-invention or re-packaging of an existing technology. Remember when Ajax was making the headlines? Off course at that time, Javascript pros came out to tell us it is nothing more than Asynchronous JavaScript they have been using. Then came Service Oriented Architecture (SOA), Enterprise Architects explained how it was never really new. Then came the Cloud, hyped to be the solution to a lot of IT infrastructure headaches. Cloud is not much different from your traditional web hosting on the internet, with additional steriods though.

Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network cloud (typically the Internet). – Wikipedia

The main keywords in this wikipedia defination are ‘service' ‘shared' ‘metered'.

Traditionally, for an IT department to implement a new business application, they would need to acquire compontents such as hardware, operating system, web/application server and database software. This is the product view of computing. The idea of cloud is to free organisations from the need to make all these purchases and rather purchase an Infrastructure service.

As such, the cloud is a massive computing facility (remotely, on the internet or on site), that already has all the Hardware & software components needed to deploy enterprise applications.

A typcial cloud facility is made up of very huge computing resources,thousands of servers, network and storage systems, different types of application servers, web servers and database servers. All that needs to be done is for users to upload their business software into the cloud, and click away the deployment. Selecting their preferred operating system, disk resources, RAM, application server, web server etc. That way, the time to deploy an application is drastically reduced.

The beauty of the cloud however is the fact that you only pay for the computing resources you use and you can pay as you grow. A traditional on site deployment requires you to buy massive hardware upfront in anticipation for future growth, this ties up a lot of IT cash. To move an application into the cloud, all an organisation needs to do is to purchase a cloud service, where they can buy slices of hardware and software resources as needed.

For example, to deploy a heavy financial system software. A business will traditionally buy servers, SAN storage, Application server, (JBOSS, Websphere…), database software & license (Oracle, Mysql), Operating system licence(RHEL, Windows, Unix). Add that to the cost of network devices, monitoring servers etc.

To deploy this same application in the cloud, all they need do is to find a cloud provider (Red Hat, Amazon, Azure) and create an account , through a private WAN or the Internet. They upload their software, then through a GUI, they select all the components they would have bought normally as products. They select their required disk space, desired application and database servers..and then click ‘deploy'…and life is good! Maybe I've made it overly simplistic, but that is the cloud.

One of the distinguishing factors of a robust cloud is self-service. With self-service, you logon to the cloud and click away what you need, all by yourself. You don't need to depend on an Infrastructure expert to add additional resources to your computing infrastructure or to enable additional capabilities. Most clouds today are very elastic, they expand and contrast as the need for computing resources changes. Remember those anonymous attacks on the companies that denied Wikilieaks access? It was said that Anonymous could not take down Amazon cloud with their DDOS attacks because it was elastic.

Cloud has simply commoditized computing. Adding more RAM or Storage to cloud applications is a matter of ”click here to increase your RAM or disk space by 10GB”, and then its done on the fly. That way, users deploy their application with as minimal resources as possible, then increase the resources seamlessly demand increase.

This saves a lot of money as cloud use is metered and users pay only for what they use. Businesses can invest cash wisely and grow their cloud infrastructure proportionately with their business growth instead of having to invest heavily in hardware only for the business to under utilize it. And because cloud resources are from a large pool of computing resources, it is way cheaper for cloud providers to maintain, hence making cloud services to be relatively affordable.

In future posts, I hope to talk about what you should consider before moving your application into the cloud.

Bitter SELinux

Sun, 22 Jan 2012 15:32 GMT

Security Enhanced Linux is a Mandatory Access Control (MAC) built to complement the traditional Discretionary Access control(DAC) in *nix based systems( Think of read, write, execute rwx). SELinux is fast gaining ground as the hack-proof security to mitigate the impact of system compromise by a rougue process or a rogue user. NSA recently launched SELinux prove Android and the demand for SELinux experts might grow.

Lately I have begun to play with the Red Hat implementation of the SELinux in Red Hat Enteprise Linux 5 & 6. I would begin an how-to on SELinux and will try to present it here in as simple way as possible. While SELinux is difficult compared to a lot of other technologies on Linux, I will try to present it in a less bitter way.

Domains & file types

The simple idea of SELinux is to isolate processes into separate domains. i.e running system processes in a confined space such that even if those processes are compromised, the damage done will be limited to the confines the process and files its has permission on. This same theory is why administrators are adviced to run their applications as non-root user, so that should their application be taken over by a rougue hacker, the hacker does not own the system as root. The same idea is applicable to ‘chroot jail' of web, dns and ftp servers amoung others.

Reasoning for SELinux is that in the lifetime of certain processes, there is a known number of files they modify. However, with the DAC in linux, it is often easy for administrators to give more than necessary permission to these processes. This is where MAC like SELinux comes in. So that despite an administrator's lax DAC(rwx) permission, a process will never be able to modify other files.

For instance, a default apache process (httpd) does not have a business modifying any other file apart from those in the web server /var/www/html directory. So even if the system owner allows rwx permision (DAC) for the apache user on the /etc directory (using discretion), SELinux knows this is a strange behaviour (through an SELinux policy) and prevents the apache user from modifying files in the etc directory (mandatory).

The restiction placed on the apache process mentioned above is gotten from domains. In SELinux, only entities in certain domains are allowed to modify certain files/object type.

Imagine for a minute that only people in America are allowed to touch the statue of liberty. If anyone wants to touch that statue what do they need to do? They need to first move or be moved to America. Here, America is the domain, people are the processes and the statue of liberty are the files to edit. SELinux is built around domains & file types.

Now, in relation to SELinux, the /etc/shadow file is the file that stores enrypted user password for users on the system. The following is an SELinux security context for the /etc/shadow file:

[acl@rhel6 ~]$ ls -lZ /etc/shadow ----------. root root system_u:object_r:shadow_t:s0 /etc/shadow

I will explain the breakdown of this a little later. But the format for the above is. user:role:type/domain:level. (Files have types, while processes have domains).

In the above, the /etc/shadow file is of type shadow_t. To edit this file, a process must be in the password domain called passwd_t (according to an SELinux policy)

Hence, when a user (acl) runs the password application to change his password:

[acl@rhel6 ~]$ /usr/bin/passwd Changing password for user acl. Changing password for acl. (current) UNIX password:

The passwd application will transition into the passwd_t domain to be able to edit the /etc/shadow file. This can be seen in the output below:

Context of the /usr/bin/passwd executable
[acl@rhel6 ~]$ ls -lZ /usr/bin/passwd -rwsr-xr-x. root root system_u:object_r:passwd_exec_t:s0 /usr/bin/passwd

Context of the /usr/bin/passwd process
[acl@rhel6 ~]$ ps -efZ | grep passwd unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 root 8155 8068 0 13:24 pts/6 00:00:00 /usr/bin/passwd

The implication of this is that, even if a process goes rogue, the process must first explicitly transition into the passwd domain. Any process outside of the passwd_t domain cannot modify the password file.

Also an apache (httpd) process within its httpd_t domain cannot modify files that only processes in the shadow_t domain are allowed to modify.

So essentially, processes are confined into domains so they do not do things they are not supposed to do.

Google takes out Nigeria from its 2 factor Authentication?

Fri, 20 Jan 2012 18:08 GMT

At around the launch of Google+, a friend, Tim Akinbo had written a blog post on why every gmail account owner should be using Google's 2 factor authentication to further reduce the chances of someone's email being hacked. As a Gmail user, I went on to activate 2 factor authentication on my account without any hassles.

I have been impressed with the service after using it for a couple of months, and I felt the need to refer a friend to do same. To my surprise however, my friend could not find Nigeria on the list of countries, preventing him from proceeding with enabling the security feature. Before crying foul, I logged into my account to verify what country is attached to my profile; it was back to the default, Afghanistan (starting letter A).

The 2 factor works by asking you to provide a phone number (and a corresponding country) with which to recieve a ‘code' to login to your email account, in addition to your password. The country you select determines what phone number pattern you should have. However, with Nigeria removed from the list of countries, Google has effectively denied new Nigerians users from using the service. My 2 factor authentication service still works though.

As I write this post, I'm appalled and at the same time worried on why Google would remove Nigeria from the list of countries that could use two factor Authentication. Was it a system mistake, an engineer's oversight, a deliberate attempt to alienate? Could this have been as a result of the conclusion in the “Mugged in Madrid” hacking story, where the author mentions that his gmail account hacker could have been from Lagos, Nigeria?

Google had better not be evil on this one! Google Nigeria note this!

Noting all other Google's strange behaviors

Update: Could Google just be human after all? They were definitely evil on this one. Update: Focus on the User

BPN 1589 No endless bankruptcy for Dutch e-reader manufacturer

Wed, 18 Jan 2012 06:58 GMT

The Netherlands based Endless Ideas, the company behind the Bebook line of e-readers, officially filed for bankruptcy on January 5, 2012. The company offered in less than two years the e-reader models Bebook Neo, One, Club, Mini, and the recently released Club S. The problem for the company was the worldwide competition, the stay in the middle price range, technical problems and bloating

Now blogging on my book blog at Consentofthenetworked.com

Tue, 17 Jan 2012 18:38 GMT

Please note that I have shifted my regular blogging activity over to my book's website at consentofthenetworked.com. Click here to subscribe to that blog's RSS feed, or subscribe to email updates by clicking on the link under "follow blog by email" in the right-hand column.

occupyNigeria Protests

Sun, 15 Jan 2012 13:18 GMT

When a people, being governed by a wasteful, corrupt and inept government, decide to take their country back, there is little you can do to stop them.

Throughout last week, Nigeria was on a nation wide strike. The Government suddenly kicked off its deregulation of the oil sector , by removing fuel subsidies, causing over a 100% increase in the price of gasoline (Petrol). Not that deregulation in itself is bad, what followed was a series of rhetoric on what the government plans to use the cash accruing from subsidy removal to do. Building roads, hospitals, etc… Nigerians are all to familiar with this promises and as such took to the streets to protest the unjust fuel price hike.

In the spirit of solidarity, I took side with the Nigerian people by joining the protest which is tagged #occupyNigeria. These are just a few of the numerous shots I took.

I also reconnected with the publisher of Technology Times , Mr. Shina Badaru

Gbenga Sesan and Shina Badaru

A short Rant about noise in the Data Center

Sat, 14 Jan 2012 19:48 GMT

Its the end of the month. Deadline is a day away for report submission. All departmental heads are getting ready for the month end meeting with the CEO. As everyone logs into the ERP application to generate report, the application drags as
massive data is being pulled left, right and center. The application performs heavy queries, the databases read the hefty data files on your disk storage, and all of a sudden the noise in your DC increases…

PS: Hopefully one day, I'd be able to finish this rant…sorry!

Non commercial communication: Hackaton for Olympic Games in London UK

Fri, 13 Jan 2012 07:55 GMT