Unix: Beyond owner, group, and everybody else

By Sandra Henry-Stocker

Thank you

Your summary has been sent.

Sorry

There was an blunder emailing this page.

ITworld |
October 26, 2014

‘);//–”;
var adDivString = “”;
placementDiff = applyInsert($(this), adDivString);
if (debug) {
console.log(“Just placed an ad and a placementDiff is: ” + placementDiff);
}
placementTarget = cumulativeHeight + placementDiff + interModuleHeight + adHeightBuffer;
}
else {
var moduleDivString = “”;
var elementId = “drr-mod-”+moduleCounter;
moduleDivString = “”;
modules.push(elementId);

placementDiff = applyInsert($(this), moduleDivString);
if (debug) {
console.log(“Just placed a procedure and a placementDiff is: ” + placementDiff);
}
placementTarget = cumulativeHeight + placementDiff + interModuleHeight + moduleHeightBuffer;
moduleCounter++;
}
loopCounter++;
}
// Avoid fixation elements too shortly due to non-large total inflating a accumulative height
if ($(this).is(“figure”) !$(this).is(“figure.large”)) {
cumulativeHeight += grafHeight;
}
else {
cumulativeHeight += $(this).height() + grafHeight;
}
}
});

// counterpart Related Stories procedure m-15 to come in after 2nd para in essay physique for mobile breakpoint display
var $relatedStories = $(‘.related-promo-wrapper’);
if ($relatedStories.length) {
var $relatedStoriesClone = $relatedStories.clone();
$relatedStoriesClone.insertAfter( “#drr-container p:eq(1)”);
}

var $insiderPromo = $(‘.insider-promo-wrapper’);
if ($insiderPromo.length) {
var $insiderPromoClone = $insiderPromo.clone();
$insiderPromoClone.insertAfter( “#drr-container p:eq(1)”);
}

//place left side element
cumulativeHeight = 0;
var leftPlacementTarget = tagHeight = leftPlacementTarget) {
if (debug) {
console.log(“congratulations… we’ve upheld a initial start point”);
}
if (leftPlacementIndex == null) {
//it’s not good adequate to not be a left equivocate – it also shouldn’t be a

with an immediately preceding tiny or middle picture left avoid.
if (!isLeftAvoid($(this)) noPrevFigures($(this)) ) {
leftPlacementIndex = $(this).index();
$leftPlacementElement = $(this);
leftPlacementLookaheadStart = cumulativeHeight;
if (debug) {
console.log(“is not a left equivocate and no prev figures. ########## set placementIndex (“+leftPlacementIndex+”) and lookaheadStart (“+leftPlacementLookaheadStart+”) ##########”);
}
} else {
if (debug) {
console.log(“is a left equivocate or has prior figures. continue”);
}
}
} else {
if (debug) {
console.log(“#### leftPlacementIndex already set to “+leftPlacementIndex+”. looking ahead…”);
}
//not null; has been set
if ((cumulativeHeight – leftPlacementLookaheadStart) leftIntervalHeight) {
if (debug) {
console.log(“###### THRESHOLD REACHED. LOOKAHEAD COMPLETE. END ###### (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) leftIntervalHeight (“+leftIntervalHeight+”).”);
}
return false;
} else {
if (debug) {
console.log(“threshold not reached: (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) tags
if (!(isLeftAvoid($(this)) ($(this).hasClass(‘small’) || $(this).hasClass(‘inline-small’) || $(this).hasClass(‘medium’) || $(this).hasClass(‘inline-medium’) || $(this).hasClass(‘apart’) ))) {
cumulativeHeight += $(this).height() + grafHeight;
}
if (debug) {
console.log(“——————– set cumulativeHeight(“+cumulativeHeight+”) —————”);
console.log(“”);
}
}
});
}

if (leftPlacementIndex != nothing elementNotNearEnd($leftPlacementElement, leftPixelWindow)) {
if (debug) {
console.log(” insert into index “+leftPlacementIndex);
}
$(“#drr-container”).children().eq(leftPlacementIndex).before(“

“);
}

IDG.GPT.trackOmniture();

// Add Right rail procedure content
for (var i=0; i= 0) {
var a = document.createElement(‘a’);
a.href = document.referrer;
var uriParts = a.pathname.split(‘/’);
a = ”;
if (typeof uriParts[3] == ‘undefined’) {
epoParams += “typeId=” + defaultTypeId + “referrer=home”; // default is ‘home’ behavior
}
else {
var refCatSlug = uriParts[3];
epoParams += “catSlug=” + refCatSlug + “referrer=article”;
}
}
// From SEARCH: Show essay with catId same as stream article
else if (document.referrer.indexOf(“google”) = 0 || document.referrer.indexOf(“yahoo”) = 0 || document.referrer.indexOf(“bing”) = 0) {
var categories = [3042, 3353];
if (categories instanceof Array categories.length 0) {
var primaryCatId = categories[0];
epoParams += “catId=” + primaryCatId + “referrer=search”;
}
else {
epoParams += “typeId=” + defaultTypeId + “referrer=home”; // default is ‘home’ behavior
}
}
// Default is to uncover like entrance from homepage
else {

epoParams += “displayId=11referrer=home”;

// default is ‘home’ behavior
}
return epoParams;
}

/**
* @param jqo Original jquery intent target
* @param divString The div to be inserted.
* @return Difference in tallness between strange chain aim and final target.
* Checks initial 6 elements for an acceptable chain (600 pixel window).
* If none, check circuitously for elements that are not right avoids.
* If none, place component before stream target.
*/
function applyInsert(jqo, divString) {
if (debug) {
console.log(“applyInsert during tip and jqo index is: ” + jqo.index());
}

for (var i=0; i 0) {
children = $(“#drr-container”).children().slice(jqo.index(), allowElement.index() );
}
else {
children = $(“#drr-container”).children().slice(allowElement.index(), jqo.index());

}
if (children != null) {
children.each(function(i) {
if (debug) {
console.log(“About to supplement this element’s tallness to heigh diff offset”);
console.log($(this));
}
height += $(this).height() + grafHeight;
});
}
if (offset 300) {
if (debug) {
console.log(“isRightAvoid: found pre. lapse true”);
}
return true;
}
if (jqo.is(“figure”) jqo.hasClass(‘large’)) {
if (debug) {
console.log(“isRightAvoid: found figure.large lapse true”);
}
return true;
}
if (jqo.is(“figure”) jqo.hasClass(‘medium’) jqo.hasClass(‘inline’)) {
if (debug) {
console.log(“isRightAvoid: found figure has category middle and inline.”);
}
return true;
}

if (jqo.is(‘div’) jqo.hasClass(‘table-wrapper’)) {
if (debug) {
console.log(“isRightAvoid: found div with category table-wrapper”);
}
return true;
}
if (jqo.is(‘aside’)) {
if (jqo.hasClass(‘sidebar’) !jqo.hasClass(‘medium’)) {
if (debug) {
console.log(“isRightAvoid: found aside with category sidebar, though category medium”);
}
return true;
}
if (jqo.hasClass(‘statsTable’)) {
if (debug) {
console.log(“isRightAvoid: found aside with category statsTable”);
}
return true;
}
}
if (jqo.hasClass(‘download-asset’)) {
if (debug) {
console.log(“isRightAvoid: found category download-asset lapse true”);
}
return true;
}
if (jqo.hasClass(‘tableLarge’)) {
if (debug) {
console.log(“isRightAvoid: found category tableLarge lapse true”);
}
return true;
}
if (jqo.hasClass(‘reject’)) {
if (debug) {
console.log(“isRightAvoid: found category reject. lapse true”);
}
return true;
}
if (jqo.is(‘table’) jqo.hasClass(‘scorecard’)) {
if (debug) {
console.log(“isRightAvoid: found div with category scorecard”);
}
return true;
}
}
return false;
}

// Return loyal if component has category ‘reject’: will not place drr modules/ads subsequent to these elements
function isRightReject(jqo) {
console.log(“in isRightReject”);
if (jqo != null) {
if (jqo.hasClass(“reject”)) {
if (debug) {
console.log(“isRightReject: found ‘reject’ class”);
}
return true;
}
return false;
}
return false;
}

// Returns loyal if tallness of all elements after this one is some-more than 500; fake otherwise
function elementNotNearEnd(element, pixelWindow) {
if (pixelWindow == null) {
pixelWindow = 500;
}
if (element == null) {
return false;
}
var remainingHeight = 0;
var children = $(“#drr-container”).children().slice(element.index());
if (children == null) {
return false;
}
children.each(function(i){
remainingHeight += $(this).height();
});
if ( remainingHeight pixelWindow) {
return true;
}
else {
if (debug) {
console.log(“Element too tighten to end. Remaining tallness is: ” + remainingHeight + ” and window is ” + pixelWindow);
}
return false;
}
}

/**
* Return loyal if need to equivocate this component when fixation left module.
*/
function isLeftAvoid(jqo) {
if (jqo.is(“figure”)) {
if (debug) {
console.log(“isLeftAvoid: found figure. lapse true”);
}
return true;
}
if (jqo.is(“aside.pullquote”)) {
if (debug) {
console.log(“isLeftAvoid: found pullquote. lapse true”);
}
return true;
}
if (jqo.is(“pre”)) {
if (debug) {
console.log(“isLeftAvoid: found pre. lapse true”);
}
return true;
}
if (jqo.is(“div.gist”)) {
if (debug) {
console.log(“isLeftAvoid: found github formula block. lapse true”);
}
return true;
}

if (jqo.is(“aside”) jqo.hasClass(“sidebar”) jqo.hasClass(“medium”)) {
if (debug) {
console.log(“isLeftAvoid: found middle sidebar. lapse true”);
}
return true;
}

if (jqo.hasClass(“statsTable”)) {
if (debug) {
console.log(“isLeftAvoid: found category statsTable. lapse true”);
}
return true;
}
return false;
}

/**
* lapse loyal if there are no total before a aim chain that competence drain down into chain element
*/
function noPrevFigures($originalTarget) {
var targetIndex = $originalTarget.index();
var numElementsLookBack = 5;
var figureIndex = null;
var figureHeight = null;
var startIndex = targetIndex – numElementsLookBack

open close rupert ganzerflickr / Ruprt Ganzer

The prevalent approach of assigning record permissions on Unix systems is so tied into how people consider of Unix that many of us seem to forget that this intrigue was stretched many years ago to accomodate some-more than usually record owners, groups, and everybody else. The setfacl (set record entrance control lists) and getfacl (get record entrance control list) commands were designed to concede some-more than a normal singular assignment of privileges. While not disturing a prevalent owner-group-other permissions, we could, for example, give another comment hilt a same permissions as a owners or concede some-more than one organisation to have special entrance while not giving that entrance to usually everyone. Everything comes during some cost, however, and to use a setfacl and getfacl commands, a record complement has to be mounted with a special choice that allows these commands and a underlying enlargement of priviledges to be used. After all, there is over compared with gripping lane of a additional permissions, so we have to opt in by adding an choice to a record complement in a /etc/fstab record — a acl option. If we don’t, anyone perplexing to use these commands will approaching be confronted with an “operation not supported” error. You competence also have to check either your heart provides support for this feature. To mountain a record complement with a acl option, we will need to use a authority like this:

# mountain -t ext4 -o acl /dev/hdb3 /data

In a /etc/fstab, this same operation competence demeanour like this:

/dev/hdb3    /data    ext4  defaults,acl     0    1

Indications that a extended permissions are in use are rather subtle. You’ll usually see a + pointer during a finish of a normal permissions field. For example:

-rw-r-----+ 1 soft   admins 22088 Oct 26 recipe

That small + during a finish of -rw-r—–+ tells we that there are some-more permissions than a rw-r—– permissions fibre is vouchsafing on. And, if we wish to know more, we usually have to use a getfacl authority to arrangement a finish permissions for a file. For a record with usually prevalent permissions, we will see something like this:

$ getfacl beerlist
# file: beerlist
# owner: smitten
# group: admins
user::rw-
group::r--
other::---

This shows us what we routinely see in a prolonged listing, though in a opposite format. For a record with a extended permissions, on a other hand, a getfacl authority competence uncover we any additional permissions that have been set — like this:

$ getfacl beerlist
# file: beerlist
# owner: smitten
# group: admins
user::rw-
user:tsmiley:rw-
group::r--
mask::rw-
other::---

Notice that we now see another user (tsmiley) with review and write permissions and a new margin — a “mask” margin that sets default permissions for a file. You can set extended permissions regulating a setfacl command. Here are some examples where we give a user read, write and govern or supplement write permission.

setfacl -m u:tsmiley:rwx /data/example
setfacl -m u:tsmiley:+w /data/example

The -m stands for modify. The “u” in u: stands for user. You can allot permissions to groups as good as to individuals. You would allot a organisation permissions with a “g” as in a examples shown below.

setfacl -m g:devt:rwx /data/testcase
setfacl -R -m g:devt:+x testcases/
setfacl -m d:g:admins:rwx /data/scripts

In a third line in this example, a d: before a g: creates a new settings (rwx) a default for this directory. When files or direcxtories are combined underneath a /data/scripts directory, a admins organisation will have rwx accede to them as well. After environment a default, we can design to see these values when we use a getfacl authority in a form of an additional line that looks like this:

default:group::rwx

One of a other complexities that we are approaching to run into is a thought of a effective facade setting. If a facade is some-more limiting than a permissions that we grant, a facade will take precedence. In a instance below, a facade is r– and reduces a privileges given to a groups to r–.

$ getfacl /data/jumping.jar 
# file: /data/jumping.jar 
# owner: dbender
# group: users
user::rw-
group::rwx          #effective:r--
group:devt:rwx      #effective:r--
mask::r--
other::r--

To mislay extended permissions for a record or folder, we can use one of these commands. Remove all ACLs from a file:

setfacl -b /data/example

Remove a default ACL:

setfacl -k testcases

The facade environment is interesting. It will be set adult whenever permissions over those of owner, group, and other are used. As you’d review in a male page for a setfacl command, a facade is a kinship of all permissions from a owning group, named user and organisation settings. It can extent a permissions that are accessible though we can change a facade with a authority like this:

$ setfacl -m mask:rw- /data/example

Note that facade can be spelled (mask:) out or shortened to m (m:). Generally, it will be set to whatever permissions are dictated for a approaching collections of users and groups. You can also overrule this environment when we allot permissions by requesting that no facade be used with a -n or –no-mask setting. The normal Unix permissions are easy to consider about, though can be severely restrictive when we need some-more coherence in defining what several users or groups on your servers should be means to do. The newer ACL commands give we a lot some-more space in last who gets what permissions. You usually have to work a small harder to be certain they’re right.

  • We’ve got 5 copies to give to some propitious ITworld readers. Enter now for your possibility to win!







Fuzix, a New Unix 5 like OS for Zilog Z80 by Alan Cox

Forgot Password · Register
Login to OSNews

UNIX greybeards bluster Debian flare over systemd plan

A beam to hosted VoIP

A organisation of “Veteran Unix Admins” reckons too most submit from GNOME devs is dumbing down Debian, and in response, is floating a thought of a fork.

As a insurgent greybeards put it, “… stream care of a plan is heavily shabby by GNOME developers and too most disposed to cruise desktop needs as essential to a project, notwithstanding a fact that a infancy of Debian users are tech-savvy complement administrators.”


The unknown rebels’ says “Some of us are upstream developers, some veteran sysadmins: we are all endangered peers interacting with Debian and derivatives on a daily basis.” Their beef is that “We don’t wish to be forced to use systemd in transformation to a normal UNIX sysvinit init, since systemd betrays a UNIX philosophy.”

“Debian currently is condemned by a bent to misuse a possess mandate, a bottom element of a Free Software movement: put a user’s rights first,” they write during debianfork.org. “What is function now instead is that by a so called ‘do-ocracy’ developers and package maintainers are commanding their choices on users.”

The authors also disagree that “… we see systemd being really disposed to goal climb and grow and expected to spin into a nasty hairball over a longer term.”

“We like determining a startup of a complement with bombard scripts that are readable, since readability grants a certain turn of energy and alertness for those among us who are literate, and we trust that centralizing control services, sockets, devices, mounts, etc., all within one daemon is a slap in a face of a UNIX philosophy.”

The organisation would rather not flare Debian, preferring an arrangement underneath that “sysvinit stays a default for now, systemd can be optional.”

The rebels indicate out that they’re not alone. Sites like boycottsystemd.org/ and The universe after systemd share their dislike of systemd and opinion that it creates some-more problems than it solves.

“If systemd will be substituting sysvinit in Debian, we will flare a plan and emanate a new distro. We wish this won’t be necessary, though we are good prepared for it,” a putative forkers’ post concludes.

Game on! ®

Maximise a efficacy of collaboration

Shellshock: How to strengthen your Unix, Linux and Mac servers

The usually thing we have to fear with Shellshock, a Unix/Linux Bash confidence hole, is fear itself. Yes, Shellshock can offer as a highway for worms and malware to strike your Unix, Linux, and Mac servers, though we can urge opposite it.

Cybersecurity
If we don’t patch and urge yourself opposite Shellshock today, we might have mislaid control of your servers by tomorrow.

However, Shellshock is not as bad as HeartBleed. Not yet, anyway.

While it’s loyal that a Bash shell is a default authority interpreter on many Unix and Linux systems and all Macs — the infancy of Web servers — for an assailant to get to your system, there has to be a approach for him or her to indeed get to a bombard remotely. So, if you’re regulating a PC though ssh, rlogin, or another remote desktop program, you’re substantially stable enough.

A some-more critical problem is faced by inclination that use embedded Linux — such as routers, switches, and appliances. If you’re regulating an older, no longer upheld model, it might be tighten to unfit to patch it and will expected be exposed to attacks. If that’s a case, we should reinstate as shortly as possible.

The genuine and benefaction risk is for servers. According to a National Institute of Standards (NIST), Shellshock scores a ideal 10 for intensity impact and exploitability. Red Hat reports that a many common conflict vectors are:

  • httpd (Your Web server): CGI [Common-Gateway Interface] scripts are expected influenced by this issue: when a CGI book is run by a web server, it uses sourroundings variables to pass information to a script. These sourroundings variables can be tranquil by a attacker. If a CGI book calls Bash, a book could govern capricious formula as a httpd user. mod_php, mod_perl, and mod_python do not use sourroundings variables and we trust they are not affected.

  • Secure Shell (SSH): It is not odd to shorten remote commands that a user can run around SSH, such as rsync or git. In these instances, this emanate can be used to govern any command, not usually a limited command.

  • dhclient: The Dynamic Host Configuration Protocol Client (dhclient) is used to automatically obtain network pattern information around DHCP. This customer uses several sourroundings variables and runs Bash to configure a network interface. Connecting to a antagonistic DHCP server could concede an assailant to run capricious formula on a customer machine.

  • CUPS (Linux, Unix and Mac OS X’s imitation server): It is believed that CUPS is influenced by this issue. Various user-supplied values are stored in sourroundings variables when cups filters are executed.

  • sudo: Commands run around sudo are not influenced by this issue. Sudo privately looks for sourroundings variables that are also functions. It could still be probable for a regulating authority to set an sourroundings non-static that could means a Bash child routine to govern capricious code.

  • Firefox: We do not trust Firefox can be forced to set an sourroundings non-static in a demeanour that would concede Bash to run capricious commands. It is still advisable to ascent Bash as it is common to implement several plug-ins and extensions that could concede this behavior.

  • PostfixThe Postfix [mail] server will reinstate several characters with a ?. While a Postfix server does call Bash in a accumulation of ways, we do not trust an capricious sourroundings non-static can be set by a server. It is however probable that a filter could set sourroundings variables.

So many for Red Hat’s thoughts. Of these, a Web servers and SSH are a ones that worry me a most. The DHCP customer is also troublesome, generally if, as it a box with tiny businesses, your outmost router doubles as your Internet gateway and DHCP server.

Of these, Web server attacks seem to be a many common by far. As Florian Weimer, a Red Hat confidence engineer, wrote: “HTTP requests to CGI scripts have been identified as a critical conflict vector.” Attacks are being done opposite systems running both Linux and Mac OS X.

Jaime Blasco, labs executive during AlienVault, a confidence government services company, ran a honeypot looking for enemy and found “several machines perplexing to feat a Bash vulnerability. The infancy of them are usually probing to check if systems are vulnerable. On a other hand, we found dual worms that are actively exploiting a disadvantage and installing a square of malware on a system.”

Other confidence researchers have found that a malware is a common sort. They typically try to plant distributed rejection of use (DDoS) IRC bots and try to theory complement logins and passwords regulating a list of bad passwords such as ‘root’, ‘admin’, ‘user’, ‘login’, and ’123456.’

So, how do we know if your servers can be attacked? First, we need to check to see if you’re regulating a exposed chronicle of Bash. To do that, run a following authority from a Bash shell:

env x=’() { :;}; relate vulnerable’ whack -c “echo this is a test”

If we get a result:

vulnerable this is a test

Bad news, your chronicle of Bash can be hacked. If we see:

bash: warning: x: ignoring duty clarification try bash: blunder importing duty clarification for `x’ this is a test

You’re good. Well, to be some-more exact, you’re as stable as we can be during a moment.

Special Feature

Why business leaders contingency be confidence leaders

Why business leaders contingency be confidence leaders

Why do many play leave IT confidence essentially to confidence technicians, and because can’t techies remonstrate their play to spend wanting money on safeguarding stakeholder information? We offer superintendence on how to tighten a IT confidence governance gap.

While all critical Linux distributors have expelled rags that stop many attacks — Apple has not expelled a patch yet — it has been detected that “patches shipped for this emanate are incomplete. An assailant can yield specially-crafted sourroundings variables containing capricious commands that will be executed on exposed systems underneath certain conditions.” While it’s misleading if these attacks can be used to penetrate into a system, it is transparent that they can be used to pile-up them, interjection to a null-pointer exception.

Patches to replacement a last of a Shellshock confidence hole are being worked on now. In a meantime, we should refurbish your servers as shortly as probable with a accessible rags and keep an eye open for a next, fuller ones.

In a meantime, if, as is likely, you’re regulating a Apache Web server, there are some Mod_Security rules that can stop attempts to feat Shellshock. These rules, combined by Red Hat, are:

Request Header values:
SecRule REQUEST_HEADERS “^() {” “phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”

SERVER_PROTOCOL values:
SecRule REQUEST_LINE “() {” “phase:1,deny,id:1000001,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”

GET/POST names:
SecRule ARGS_NAMES “^() {” “phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”

GET/POST values:
SecRule ARGS “^() {” “phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”

File names for uploads:
SecRule FILES_NAMES “^() {” “phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:’CVE-2014-6271 – Bash Attack’”

It is critical that we patch your servers as shortly as possible, even with a current, deficient ones, and to set adult defenses around your Web servers. If we don’t, we could come to work tomorrow to find your computers totally compromised. So get out there and start patching!

Related Stories:

Apple updates OS X to strengthen ‘advanced UNIX users’ from Shellshock

Although OS X is among a systems listed as exposed to a recently-uncovered Shellshock / Bash confidence flaw (still not certain what that is? Let us explain.), Apple has said it isn’t a problem for many users. For those potentially exposed due to enabling certain UNIX services, 9to5Mac reveals a association has just pushed rags for a Mavericks, Lion and Mountain Lion versions of a desktop handling system. You can download a updates from Apple’s website now, and it should be accessible around program refurbish soon.

[Image credit: Robert Graham, Twitter]


 Hide Comments
0Comments

Apple Mac OS X Lion thumbnail image

Apple Mac OS X Lion

Apple: Most Macs Not Threatened by Bash Bug (and iOS Devices Are Safe)


The MacBook Air and other Apple computers using OS X aren’t unprotected to a whack bug, unless users have incited on modernized Unix settings.
Drew Evans/The Wall Street Journal

Apple might be protected from during slightest one panic unconditional a tech universe this week. A Unix bug known as whack or shellshock, that threatens a confidence of many Web servers and other mechanism systems, doesn’t put a standard Mac owners during risk, nor does it poise a hazard to inclination using iOS.

“The immeasurable infancy of OS X users are not during risk to recently reported whack vulnerabilities,” an Apple orator said. “Bash, a Unix authority bombard and denunciation enclosed in OS X, has a debility that could concede unapproved users to remotely benefit control of unprotected systems. With OS X, systems are protected by default and not unprotected to remote exploits of whack unless users configure modernized Unix services. We are operative to fast yield a program refurbish for a modernized Unix users.”

The good news is, if we don’t know what “advanced Unix services” are, you’re safe. If we do know and have intent them, hit Apple support immediately. If we possess a selected Mac that is still using System 9 or earlier, it isn’t unprotected to a Unix bug. (Also, good done!)

In addition, Apple reliable that iOS, a handling complement that powers iPads, iPhones and iPods, isn’t influenced since it doesn’t have a bombard that can be tranquil by users.

Read more:

 

______________________________________________________

For a latest violation and personal-tech news,

Get a Personal Technology columns delivered right to your inbox.

More from WSJ.D: And make certain to visit WSJ.D for all of a news, personal tech coverage, research and more, and add a XML feed to your favorite reader.

Oracle Q1’15 Preview: Key Trends We Expect

The world’s largest database program vendor, Oracle Corp., is scheduled to recover a mercantile Q1’15 formula on Sep 18, after markets close. (Fiscal years finish with May.) Last entertain (Q4’14), Oracle missed estimates on a sales as good as earnings. Revenues stood during $11.3 billion opposite a accord guess of $11.5 billion while a quarterly bottom line (Non-GAAP EPS) stood during $0.92 opposite accord of $0.95.

For a stream quarter, Oracle guides revenues to grow between 4% and 6% year to year. Consensus researcher estimates for Q1’15 revenues mount during $8.77 billion, indicating a 4.7% year-on-year expansion rate. Oracle’s bottom line (Non-GAAP EPS) superintendence for a entertain ranges between $0.62-$0.66, opposite a accord EPS guess of $0.64.

Below, we yield a brief refurbish on Oracle’s FY14 opening and take a demeanour during pivotal trends for Q1’15.

See Our Complete Analysis For Oracle

FY14 Review:

Last mercantile year, Oracle reorganized a stating format, and has begun stating a cloud subscription and on-premise businesses separately, both on revenues and expenses. Revenues from Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) grew 24% in consistent banking terms, channel $1 billion in FY14. However, Infrastructure-as-a-Service (IaaS) sales flat-lined via FY14, during $456 million. Total cloud revenues stood during approximately $1.6 billion, augmenting about 15.4% over FY13. We design a identical opening in cloud from Oracle in Q1’15.

On a on-premise front, new licenses revenues continued to drag down altogether program sales over a full mercantile year period. However, a cyclical inlet of new permit sales formula in larger permit sales towards mercantile finish for Oracle. Last mercantile year, new permit sales as percent of sum quarterly revenues increasing from 20% to 33% by a Q1’14 – Q4’14 period. Given a comparatively smaller bottom in Q1, sales expansion is expected to he aloft compared to other quarters. Over a march of an whole mercantile year, this cyclicality in new permit sales is averaged out and hence, macro factors that change direct for new on-premise licenses have some-more suggestive impact. Software permit updates and product support sales continued to facade a altogether debility in new permit sales, flourishing 7% in FY14 to strech $18.2 billion.

Oracle’s hardware business displayed initial signs of certain expansion final mercantile year, driven by flourishing direct for a high-performance Engineered Systems. New hardware product revenues stood during $2.98 billion, 1% reduce than revenues from full FY13. However, this decrease in new product sales was many improved than allied total from FY13 and FY12, where sales slumped 19% and 14% respectively. Bookings from Oracle’s SPARC super cluster height clocked a triple number expansion rate in Q4’14 while other systems such as Exalytics, Big Data Appliance and Oracle Database Appliance all grew double-digits. Oracle reports to boat a 10,000th Engineered System in Q1’15.

Key Trends for Q1’15:

1. New License Sales to Trend Lower

New permit sales have been on a downward trend for utterly sometime, quite due to gaining seductiveness in on-demand program adoption. This trend is expected to eat into new permit sales for vast top program vendors such as Oracle, SAP, Microsoft and IBM going forward. In a new statement, SAP Chief Financial Officer Luka Mucic settled that he expects on-demand subscription sales from SAP to outgrow on-premise permit sales by 2020. At FY13 end, SAP had new program sales of €4.7 billion opposite cloud subscription revenues of €800 million. This highlights a strength of a ongoing cloud emigration opposite a IT industry.

2. Oracle’s Cloud Subscription Sales To Lag Salesforce and SAP

As remarkable above, Oracle’s cloud subscription sales in FY14 grew 15.4% on a year-on-year basis. Comparatively, Salesforce and SAP have reported cloud subscription sales expansion of over 30%. Oracle’s altogether SaaS sales expansion was dragged down by diseased opening from a IaaS product offering. Barring a prosaic IaaS performance, cloud subscriptions in SaaS and PaaS purebred a sales expansion rate of 24% in FY14. Although this is reduce than expansion rates from Salesforce and SAP, Oracle has some opportunities to inorganically boost a expansion in SaaS and PaaS. On a IaaS front, we trust Oracle does not have clever prospects of growth, quite since of a huge marketplace share of Amazon’s Web Services in a IaaS marketplace and a cut-throat pricing. AWS has a market share of scarcely 5 times a subsequent fourteen competitors, indicating a scale it has built in a IaaS space.

3. Engineered Systems To Accelerate Hardware Product Sales

Over a past few years, Oracle aggressively promoted a extended operation of Engineered Systems that run on a Unix-based SPARC architecture. Despite a advantage of carrying a customary procession for a x86 architecture, many modernized program packages that are employed on high-performance servers were still concordant on a Unix system. After a merger of SUN Microsystems, Oracle shutdown a OpenSolaris plan and returned Solaris to a exclusive roots as a many entirely featured of a Unix-based handling system.

This magnitude was meant to refocus a Unix Enterprise charity on a core users by formulating a closed, Unix-based, Solaris system. The aim was to accommodate patron upgrades and beget share gains from incremental Unix deployments and migrations. The standardization of Solaris by a shutting of a OpenSolaris plan helped Oracle de-emphasize a x86 line of products from SUN, enabling it to concentration on a high-end Engineered Systems. It continues to offer a full line of Sparc- and x86 formed systems, however. We trust these initiatives have helped Oracle stabilise a hardware products division, and should be a vital motorist in a division’s liberation going forward.

TCPdump Steps For Linux And Unix Users

Tuesday, Sep 02, 2014

TCPdump is a outline of a essence of packets on a network interface that matches a countenance specified on a authority line. This can also be run with a w dwindle that save a parcel information to a record for after analysis.

TCPdump, Tcpdump commands, Linux, Unix, tcpdump for linux, tcpdump for Unix, tcpdump process, tcpdump steps,  SIGINT signal,  SIGTERM signal,  SIGINFO signal

With a r dwindle it reads from a saved parcel record rather than reading packets from a network interface. Tcpdump continues to constraint packets until it gets disrupted by a SIGINT vigilance or a SIGTERM signal. If a run with a -c dwindle afterwards it captures packets before removing interrupted by a signals or a specified series of packets have been processed.

When capturing packets is finished by Tcpdump it reports depends of a packets ‘captured’, packets ‘received by filter’ and packets ‘dropped by kernel’. On platforms that support a SIGINFO vigilance it reports depends when it receives a vigilance and continues capturing packets. Reading packets from a network interface might need that we have special privileges though reading a saved parcel record doesn’t need any special privilege.

Here are a options:

1. You can imitation any parcel in ASCII as it’s utterly a accessible choice for capturing web pages.

2. You can imitation a AS series in BGP packets in ASDOT footnote rather than a ASPLAIN notation. You can also set your handling complement aegis distance to buffer_size.

3. After we accept a count packets we need to exit. Before we write a tender parcel to a savefile we need to check if a record is incomparable than file_size. If so afterwards tighten a savefile and open a new one.

4. You can now dump a gathered packet-matching formula in a tellurian entertaining form to customary outlay and afterwards stop. Then dump a packet-matching formula as a C module bit and also a packet-matching formula as decimal numbers. Then we take a imitation of a list of a network interfaces accessible on a complement and on that tcpdump can constraint packets. This can be useful on systems that don’t have a authority to list them.

5. Then we take a imitation of a link-level header on any dump line. Then we might use spi@ipaddr algo:secret for decrypting Ipsec ESP packets. This multiple might be steady with comma or newline separation.

6. Then we imitation ‘foreign’ IPv4 addresses numerically rather than symbolically. The exam for ‘foreign’ IPv4 addresses is finished regulating a IPv4 residence and netmask of a interface on that capturing is being done.

7. Then a dump record needs to be rotated with a -w choice privately and savefiles will have a name specified by -w that should embody a time format as tangible by strftime.

8. Then take a imitation of a tcpdump and libpcap chronicle strings, imitation a use message, and exit.

9. Then listen to a interface and if vague afterwards a tcpdump searches a complement interface list for a lowest numbered, configured adult interface (excluding loopback). Put a interface in “monitor mode” as it is upheld usually on IEEE 802.11 Wi-Fiinterfaces, and on some handling systems.

10. You have to set a time stamp form for a constraint to tstamp_type. Then we can list a upheld time stamp forms for a interface and exit.

11. Make a list of a upheld time stamp forms for a interface and exit.

12. Make a stdout line buffered. It can be useful if we wish to see a information while capturing it. For example, tcpdump -l | tee dat or tcpdump -l dat tail -f dat

13. Make a list of a famous information couple forms for a interface, in a specified mode, and exit.

14. Don’t modify addresses (i.e., horde addresses, pier numbers, etc.) to names and also don’t imitation domain name gift of horde names.

15. The packet-matching formula optimizer sould not be run as this is useful usually if we think a bug in a optimizer.

16. Don’t put a interface into random mode.

17. Always indulge in quick/quiet output. Print reduction custom information so outlay lines are shorter.

18. You can assume that ESP/AH packets are to be formed on aged selection (RFC1825 to RFC1829). Packets can be review from record (which was combined with the-w option). Standard submit is used if record is “-”.

19. You should imitation absolute, rather than relative, TCP method numbers.

20. Force packets comparison by “expression” to be interpreted a specified type. Don’t imitation a timestamp on any dump line and don’t imitation an unformatted timestamp on any dump line. You need to imitation a delta (micro-second resolution) between stream and prior line on any dump line.

21. Print undecoded NFS handles. If a -w choice is not specified, afterwards make a printed parcel outlay “packet-buffered”.

22. When parsing and printing, furnish (slightly more) prolix output.

23. Write a tender packets to record rather than parsing and copy them out.

24. When parsing and printing, we should imitation a information of any parcel (minus a couple turn header) in conjuration ans ASCII. The smaller of a whole parcel or snaplen bytes will be printed.

25. Set a information couple form while capturing packets to datalinktype.

26. If a and is used with a -C or -G options, afterwards tcpdump runs “command file” where record is a savefile being sealed after any rotation. If tcpdump is using as base afterwards we should change a user ID to user and a organisation ID to a primary organisation of user. This function can also be enabled by default during accumulate time.

Courtesy: Computer Hope

Sanchari Banerjee, EFYTIMES News Network

RetroBSD: Run aged BSD Unix on a microcontroller

Icon

Modern microcontrollers are apropos utterly beefy. The Microchip PIC32 line is indeed an doing of a MIPS32 4K design – and with 512K of peep and 128K of RAM we can even run Unix! RetroBSD is a pier of BSD 2.11 for a PIC32. You competence not be means to run X11, though it is still really useful and a good sign of how tiny Unix used to be – and how distant it has come.

Alkaline Water Co. Meets Growing Demand by Adding Co-Packer UNIX …

SCOTTSDALE, AZ–(Marketwired – Aug 8, 2014) – The Alkaline Water Company Inc. (OTCQB: WTER) (the “Company”), developers of an innovative state of a art exclusive electrolysis libation process, finished and sole in 700 milliliter, 3 liter and 1 gallon sizes underneath a trade name Alkaline88, is gratified to announce entrance into a co-packing agreement with UNIX Packaging, Inc. of Montebello, California (“UNIX”).

The agreement will supplement over 40 truckloads per month to a company’s stream ability while dwindling costs and smoothness times to a critical Southern California market. The increasing ability is expected to go into full prolongation during a third quarter. Currently, a singular lorry bucket (depending on product mix) can beget adult to $11,000 in additional income for a company.

UNIX specializes in libation agreement wrapping from a 75,000 block feet state-of-the-art plcae that is home to one of a many modernized libation prolongation comforts in a US. The association offers all from finish turn-key prolongation lines including Blowing Mold Solutions, to CSD and Hot Filling, to finish of a line and multipack solutions. The considerable prolongation line speeds operation from an normal of 250-450 bottles per minute. In-house chemists safeguard regulation firmness and conduct tradition mixture permitting clients to say severe standards. Clients operation from vital grocery chains, selling firms, hotels and casinos, restaurants, and inhabitant libation brands.

Alkaline Water Co. President CEO Steven Nickolas states, “With a billboard selling debate entirely underway opposite Southern California we are already experiencing heightened direct in a marketplace. By adding a state-of-the art co-packer like UNIX, we can safeguard a stream and destiny business that combined final will be met efficiently. Adding co-packers opposite a nation is only partial of a efforts to be a many cost fit bottled H2O association in a country. We continue to govern a vital business devise and a increasing ability and reduced costs supposing by this agreement is another critical step along a way. We couldn’t be happier to be operative with a group of professionals during UNIX during this sparkling time for Alkaline88.” 

Additional sum of a Company’s business, finances, appointments and agreements can be found as partial of a Company’s continual open avowal as a stating issuer with a Securities and Exchange Commission (“SEC”) accessible during www.sec.gov. For some-more information, revisit a website during www.thealkalinewaterco.com.

The Alkaline Water Company Inc. (OTCQB: WTER)
The Alkaline Water Company Inc. has grown an innovative, state of a art, exclusive electrolysis routine that produces healthy alkaline H2O for a offset lifestyle. The association is focused on a business of distributing and selling a sell sale of a cost-effectively finished Alkaline88 H2O libation products. Visit us at:www.thealkalinewaterco.com.

About Alkaline Water Products
Alkaline88′s premier alkaline H2O is an 8.8 pH offset bottled alkaline celebration H2O extended with snippet minerals and electrolytes. The product offers consumers a singular event to squeeze alkaline H2O in conveniently finished 3 liter and one gallon sizes (plus 700ml in name markets). The Alkaline Water Company Inc. is now in a midst of a inhabitant mass markets enlargement module and is already accessible for consumer sales during a flourishing series of vital sell locations opposite many tools of a United States. Learn some-more about a scholarship behind alkaline H2O by visiting www.thealkalinewaterco.com.

Notice Regarding Forward-Looking Statements
This news recover contains “forward-looking statements.” Statements in this press recover that are not quite chronological are forward-looking statements and embody any statements per beliefs, plans, expectations or intentions per a future. Such forward-looking statements include, among other things, a further of over 40 truckloads per month to a company’s stream ability while dwindling costs and smoothness times, and that a increasing ability is expected to go into full prolongation during a third quarter, and that a Company can safeguard stream and destiny business that combined final will be met efficiently. Actual formula could differ from those projected in any forward-looking statements due to countless factors. Such factors include, among others, a fundamental uncertainties compared with building new products and handling as a growth theatre company, a ability to lift a additional appropriation we will need to continue to pursue a business and product growth plans, foe in a attention in that we work and marketplace conditions. These forward-looking statements are done as of a date of this news release, and we assume no requirement to refurbish a forward-looking statements, or to refurbish a reasons because tangible formula could differ from those projected in a forward-looking statements, solely as compulsory by germane law, including a bonds laws of a United States. Although we trust that any beliefs, plans, expectations and intentions contained in this press recover are reasonable, there can be no declaration that any such beliefs, plans, expectations or intentions will infer to be accurate. Investors should deliberate all of a information set onward herein and should also impute to a risk factors avowal summarized in a reports and other papers we record with a SEC, accessible during www.sec.gov.