UNIX Administratosphere

Sun’s ZFS is, by all accounts, the most revolutionary file system to come along in years. The Wikipedia entry on ZFS has some details, and Sun has a ZFS Learning Center where you can learn how to use it.

Of course, ZFS is in OpenSolaris, but it is also being introduced into FreeBSD as well.

The Solaris Internals site has a beautiful ZFS Best Practices Guide.

What does all of this have to do with Apple’s MacOS X (Snow Leopard)?

Just this: early in the development of MacOS X 10.6, Apple announced that they would use ZFS in the new MacOS X Snow Leopard. The ability to read ZFS volumes had been put into MacOS X Leopard Server. However, ZFS is missing from MacOS X Snow Leopard and Snow Leopard Server entirely. Robin Harris over at ZDNet has an excellent article that explains it all. He then went on to expand on his ZDNet article with more details.

The one detail in particular I wanted to note is the lawsuit between NetApp and Sun over ZFS and related patents. Groklaw has been following the lawsuit, but the last update from Groklaw is October 2008; Sun has more details on their lawsuit page. Way back in 2007 when the patent lawsuit erupted, CompuerWorld had an article suggesting that Apple might be forced into the lawsuit since it had been courting ZFS – or could be sued next if NetApp won. Neither Apple nor NetApp would comment.

It would also be worth noting that when IBM was in talks to buy Sun in March 2009, there were articles about how the ZFS lawsuit would affect such talks – especially given that IBM and NetApp had a strong partnership already (IBM remarkets NetApp hardware for instance). AMLawDaily had a nice article about it, as did CNET. It wasn’t much more than a month later – in April 2009 – that Sun announced it was being bought by Oracle.

Powered by ScribeFire.

If you have information in “the cloud” instead of on your personal computer, there is a dark side that you should be aware of.

The information that you save to the cloud resides on servers elsewhere, such as California or Korea or Canada. Wherever those servers reside, there are laws that govern them and the corporation that controls them. These laws may permit access to that information that is much looser than where you are.

Even within the United States, there is a big difference between the data stored on your personal computer or laptop and the information stored on external servers. The United States government must get a warrant signed by a judge before searching your home (and home computer); however, a warrant is not necessary to get a corporation such as an Internet Service Provider (ISP) or others to give the police your data. Companies such as Google and others can be forced to give the police data without notifying you.

This data is not just on the servers, but can also be found on backup tapes as well. Some services – either by their nature or by design – will keep multiple versions of your data, so all past versions can be scanned.

Cloud computing can be brought in-house to some extent, most notably by using open source projects such as eyeOS (which provides a remote desktop). If you are truly concerned by leaving your data open, do not use unsecured network protocols, and do not set up a server with a hosting service: you must run your own server internally.

Other services will provide a key which encrypts the data on their servers – such that the hosting service cannot read any of your data. These are the best services to use, although they may be harder to find. The most likely cloud computing services to do this are backup services as well as those specializing in privacy.

For example, SpiderOak keeps all data on their servers encrypted – so even they can’t read it. Mozy appears to offer the same capability.

Password storage sites also have security built-in; both Clipperz and PassPack have encrypted all of the data on their servers, preventing anyone from reading your data.

However, Google Docs, Zoho, and Thinkfree Office all appear to keep data on their servers readable by anybody – thus, your data could be subponeaed by a court of law if necessary.

It’s unlikely that any of the “micro” services would offer encryption of your data – services like del.icio.us or Joe’s Goals or Zotero.

There is also the possibility of losing all of your data due to a site shutting down. Some sites, polished though they may be, are run by individuals or tiny companies; thus one should not rely on cloud computing alone. Backups should be replicated internally – including backups of all data stored externally.

One good example of this would be the service Magnolia – the service suffered a total data loss stemming from a disaster that took place in February.

Thus, like RAID, cloud computing alone is not a backup!

This is incredible news. The behemoth Cisco has apparently not been in compliance with the GPL License (in relation to their Linksys routers for one), and one problem after another seems to have been cropping up as the Free Software Foundation (FSF) tried to resolve each one.

Finally, the FSF saw no recourse but to finally file a lawsuit to get them to resolve all of the issues and released a press release to that effect. The FSF gives more details in this article. The complaint filed by the Software Freedom Law Center (who announced the filing on their on site) on behalf of the FSF is also available.

The news is spreading far and wide: already, there are articles in InformationWeek, InternetNews, and NetworkWorld. It’s also already on Slashdot, and a Wikipedia page is aging nicely already. (Side note: it’ll be interesting to see how gnu.org handles the slashdot effect…. but I digress.)

I can’t wait until the folks at Groklaw get their hands on this; will be interesting (and will update with the results when it happens).

Lastly, if you believe in what the FSF has been doing, why not join today?

I saw this article from Ken Starks, the maintainer of the Helios Linux distribution, about a letter he received. It is from a teacher who confiscated a number of live Linux CDROMs from a student and then accused the Helios maintainer of illegal activities. The teacher’s letter is astounding in its misunderstanding of the true nature of open source.

Setting aside the audacity and ignorance of the teacher for this article…. It goes to show that not everyone is as well-informed as many of us. The teacher in this case perhaps has never heard of Edubuntu, a distribution formed just for education – nor of OLPC, a nonprofit organization trying to get laptops (Linux laptops mind you) into the hands of all of the children of Africa and the third world.

We must be prepared for educating our supervisors, users, and others that rely on us as to why this or that open source project is worthwhile. In many cases, the fact that a product is open source (or not) is not a selling point: many folks will not use something because it is open source, but would rather pay for something which is better – or meets their needs – or is “what everyone uses.”

Examples of this abound: Linux v. Windows – Linux v. UNIX – Red Hat Enterprise v. CentOS – OpenOffice v. Microsoft Office – OpenSSH v. SSH – GNUCash v. Quicken – and more. Put aside the open source nature of the product and explain why it is better than the commercial product. Does it have more features? Does it work in more places? Is it easier to use? Does it cost less? (Okay, the last is not free of the open source movement – but freeware is there too…) Does it have a lighter footprint? Is it more widely used than the commercial product?

All of this must be explained to those who have no idea what open source is about – and perhaps have no technological background, much less an understanding of technical history.

Let’s get out there with our heads held high and educate the masses!

Update: this story has a happy ending. I’m also glad he didn’t name the teacher involved, and I can just imagine the vitriol that flew his way. The fact that he stood his ground speaks tremendously to his character. Kudos, Ken!

There is a very interesting article about the GPL copyright license and the BSD copyright license, and this author’s view that the public domain is the only way to go. This is a very interesting take on both licenses.

His (her?) view is that both licenses place restrictions on the user (as he suggests all licenses do). However, I would beg to differ with the assessment on both licenses…

The GPL license does place restrictions on the user; however, those restrictions are there to preserve the freedom to change, modify, and give away the source code. That’s it. The restrictions are there to preserve freedom.

The BSD license places restrictions that basically say the user is responsible for the software, and says nothing about anything else. The BSD license was designed to preserve the freedom to do whatsoever you will with the software (including putting it into proprietary systems and not releasing source code).

However, the public domain basically places no restrictions whatsoever on your software. Thus, someone can appropriate the software, start selling it, claim they wrote it, and more – without any recourse for you, the original author. It is for this reason that the Public Domain is not where you want your software.

I just can’t believe all of the birthdays in the recent weeks.

The Debian Project celebrated 15 years on August 16th. There is a nice wiki page about the celebration (known as Debian Day) which occurs every year around the world.

FreeBSD also celebrates 15 years. The announcement of the celebration was made in the freebsd-announce mailing list by Matt Olander. The celebration will be at Meet BSD California ‘08 on November 15-16 in Mountain View, California (and at Google no less!).

The GNU project turns 25 in September. There is a delightful film by Stephen Fry describing GNU and what it is and what it’s done (and an article about the film), and there is an article by Matt Lee about GNU and how it will celebrate.

Google turns 10 on Sep. 7. There are photos of what the Google computing center looked like over the years from a talk by James Dean give at the 2007 Seattle Scalability Conference.

One more birthday (though not one to celebrate!) is the one-year anniversary of the RIAA’s legal campaign against on-campus file sharing. Ars Technica has a nice article about it, and there is a nice response by Bill Wyman. It’s also the four-year anniversary of the RIAA’s general legal strategy against file sharing; this is covered nicely in an article by David Kravets at Wired. That article starts with an impressive number indeed: 20,000 lawsuits? Astounding…

Any other anniversaries I missed?

A lot of software out there that admins use, perhaps especially security software, comes with a license – and often not a standard license like the GPL, the BSD license, the Artistic License, or the Mozilla License. In a corporate setting, each of these licenses should be vetted by the corporate legal department before we as admins can use the software.

The more different licenses there are, the more headaches there are for the admins that must get these licenses okayed by the legal department. Possibly the worst is creating one’s own license on the fly, instead of using a commonly used and accepted license.

There are a large number of already accepted licenses; if you use one of these for your software, then admins that want to use the software may find that the license has already been examined and approved. This makes it easier to get the software into corporations. It also means that all of the hard work that lawyers do to get the license crafted just so has already been done for you.

Here is a list of commonly used and accepted licenses:

• GNU Public License (GPL)
• Lesser GNU Public License (LGPL)
• The Artistic License
• The Mozilla Public License
• The BSD License
• The Apache License

The Open Source Initiative (or OSI) has a large list of open source licenses.

Why make it hard for software to be adopted for use in corporate environments when you don’t have to? Select a standard license.

When a server is hacked, what do you do? That is the question. There are several questions:

• Do you want to prosecute the offender?
• Do you want to analyze the attack?
• Do you want to preserve the evidence?

For the moment, we’ll assume that you want to preserve the evidence in order to prosecute. Once this decision is made, the system administrator’s role starts to enter the legal realm. In order to preserve the evidence, a chain of custody must be maintained and preserved.

At its simplest, the chain of custody is a legal phrase that describes the provable knowledge of every one who handled the evidence and a provability that this evidence is the same as the one that was present at the crime scene. The question that the chain of custody attempts to answer is: Is this evidence (hard drive) the same one (and unaltered) that was at the crime scene (in the server)?

Before preserving the evidence, make a copy of the hard drive in order to have a copy for forensic analysis. This process should be noted on the evidence’s chain of custody, more than likely.

To make the chain of custody (and preserve the evidence), there are a number of things that can be done:

• Once the hard drive is no longer needed, wrap it and seal it (possibly along with an initial document stating its origins) – then sign across the seal itself (to prove that it hasn’t been opened since).
• Put the drive into a safe with a very limited access.
• Each time the drive is touched (i.e., moved, relocated, or reassigned) fill out an entry on a form with date, action, by who, and why the action was taken.

All through the process, there should always be a witness to what occurs. For example, when the system administrator removes a hard drive from a server, there should be additional witnesses present. Likewise, if anyone moves the hard drive – or gives it to someone, then witnesses should be present also. In all these cases, note the witnesses and other information in the chain of custody log (always with date).

Another excellent tip is to photograph the removal of the hard drive – specifically, photograph the location of the machine, what was done to the machine, and where was the hard drive physically located. The person removing the hard drive may also want to sign the hard drive itself, in order to prove that this was the actual hard drive removed from the system.

The wrap should be some sort of wrap that will show evidence of tampering – shrinkwrap may fit the bill.

The chain of custody is a legal phrase with a legal definition. However, I am not a lawyer (sheesh, do I really have to say that?). So for best advice, seek that of a lawyer (or forensic specialist).

In a big enough company, certainly you should consult with your in-house corporate attorney before taking any unnecessary action.

Here are some further resources:

• How to Keep a Digital Chain of Custody from CSO Online
• Proof of a Chain of Custody in a Case
• Forensic Science: the Basics by Jay A. Siegel (chapter 2)
• Computer Forensics: Computer Crime Scene Investigation by John R. Vacca (pp. 247 and following)
• Laws of Evidence by Thomas Buckles (pp. 81 and following)

Some of these resources are directed towards the legal profession instead of the computer professions, but if you have the willingness to learn more, they can only help.

It appears from this article by ITWire that the Asus EeePC may be in violation of the GPL.  The GPL is the copyright that covers the Linux kernel and specifies the rights and responsibilities given to the receiver of the copyrighted product (the kernel in this case).

Turns out that Asus has utilized the kernel with some modifications but has not released any of the source code – a direct violation of the GPL.  And with the Software Freedom Law Center (SFLC) filing new lawsuits on behalf of busybox (another GPL-licensed product) after resolving the last one to the benefit of busybox, I can’t help but imagine that Asus will tread carefully and will negotiate.  We’ll see.

Mark Rasch, in his latest column for SecurityFocus, Don’t Be Evil, discusses quite eloquently the legal dangers of storing documents on remote servers.

With his usual clarity, he discusses the risks and explains why sensitive documents are better off being kept off such servers.

This doesn’t just affect Google Docs but also affects any other Web 2.0 site that offers remote storage, such as Thinkfree Office and Box.Net (all of which I consider to be splendid offerings).

The problem is that any documents stored on Google’s servers (for example) can be subject to discovery in a legal process, and Google likely can be subpoenaed for your documents even without your knowledge.