[SecurityRatty] tag: directories

Interop NY Keynotes: IBM

Wed, 17 Sep 2008 09:39:59 +0000

Day one of Interop NY began with an introduction from Interop Manager Lenny Heymann, then Bob Picciano, General manager Lotus software and WebSpehere Portal IBM took the stage.

IBM’s presentation was cleverly titled 2mor0@Wrk - Tomororow work and Web 2.0.

Overview

Web 2.0 is delivering a whole different paradigm of communication. The slide is Lotus Symphony - NOT PPT. Over 2 million downloads.

There is an information overload that impacts individual productivity in the workplace. It has a profound effect on organizational productivity. A more complex organization entity provides more pressure and more inefficiencies in workplace. Up to 70% of time can be used looking for the WRONG information.

Collaboration mitigates information overload. It allows you to identify experts and opinions.

The collaboration agenda. Enterprises are at the onset of exploring these features. Web 2.0 is giving us the capacity to do more. Collaboration optimizes business outcomes - global, secure and dynamic.The most progressive companies are looking at UNIFIED COMMUNICATIONS. Making sure that directories and profiles are fully mobile.

Collaboration should be a contextual part of the workflow, going directly into applications.

IBM’s collaboration strategy is to deliver these services through online or offline services.

Demonstration

Executive IT architect Ron Sebastian provided a demonstration of IBM’s collaboration strategy. IBM’s Web 2.0 solutions span delivery platforms:

Platform - web as platform
Application - development
People - social computing

Lotus Connections - a family of social computing software that provides profile lookup and community capabilities. Think of Facebook, Yahoo Groups, and delicious combined in one portal.

Ron demonstrated these social services embedded into a healthcare provider application. Semantic tagging is available, contact information and commenting. Not only are we providing service to customers, you can integrate sync capability to directly call the person you want.

The biggest aspect of Lotus Connection? It’s all integrated.

A new service - Project Bluehouse. This is a SaaS delivery of these collaborated capabilities. The store and share can manage and share documents within and outside the company. Access control is no longer an issue.

Collaborative Web 2.0 services available as standalone products that also work in a mobile environment.

Case Study: Natural Disaster Management Mashup

Boeing came up with twenty different scenarios that they could handle through their systems. The problem was the one they didn’t count on. One example was Katrina - how to deliver supplies to the area: what airports were open? Where could they land? The problem was they could not find one list of public, private and military airports, nor what was open. The mashup took different feeds to allow the deacon maker to make a more rapid and intelligent decision based on information on where they could fly in the appropriate supplies. From open information sites like AirNav.com and personal contacts, users were able to mashup the information to make better decisions.

Conclusion

IBM announced the IBM Center for Social Software, proving their commitment to connect, collaborate, and innovate. Users and academics can work together to how these innovations can be applied to businesses and provide value to the market.

There has been some question of whether or not IBM can pull this off and move into the collaborative Web 2.0 market. Despite some criticism, it looks like IBM has really taken a step forward in advancing their products and services to meet market needs.

People drive better business outcomes. Connecting, collaboration, and innovation is key. Having the right tools and information to do that eases pressure that many organizations feel and brings Web 2.0 technologies to the heart of businesses.

The Not-So-Sweet Life of Supplicants

Wed, 23 Jul 2008 11:23:00 +0000

There are plenty of integration and configuration challenges when we look at 802.1X, but one of the most notable issues is choosing the right supplicant to best serve your end users.

Some of the major obstacles we face with 802.1X center around creating a smooth end user experience. We, as integrators, have the distinct ability to make ‘whatever’ work- we find a way. But, what I hear most from my customers is “it has to be easy for the end user.” (Sometimes they go on a little further, but I’ll leave it at that.)

Why does it matter?

Wireless, wireless, wireless. Although wired 1X is popular with our customer-base, the world isn’t quite flocking to it yet. However, 802.1X is certainly the best way to increase security and ease management of wireless networks. It’s standard, it’s flexible, it’s widely-supported by devices and endpoints and it eliminates the need for pre-shared keys or secondary passwords. It’s what most enterprises, government and educational organizations are implementing now, so it’s important.

What are some of the problems?

The end user will have some adjustments to make, and network admins and support desks aren’t always thrilled with the propect of re-training users for these expectations.

First of all, the time to authenticate and connect to the network is going to drastically increase. I say drastically- it’s only a few seconds- but I’m sure it feels like minutes to a new 1X end user.
In addition, we’re in a transition and growing period where we’re trying to integrate and authenticate multiple pieces- the machine and/or user as well as any other clients residing on the endpoint, so there can be single-sign-on issues. Not SSO in the traditional sense, but single-1X-sign-on vs logging in to authenticate and open the port, logging in again to get to network resources (such as Novell).
There may also be issues supporting multiple profiles, so end users may need to understand the concept of enabling 802.1X on an interface at their office, then disabling it when they go home.
Or perhaps, in a shared or lab-type environment, we may have multiple unique users logging in to the same endpoint device, so we have to make it easy for end users to log off so there’s a forced re-auth for the next user.

There are plenty more, but this hits on the major concerns of most organizations planning to implement 802.1X (wired or wireless).

How do we address the issues?

There are different ways to deal with the complexity of supplicant and end-user interactions. First and foremost, a good end user training program will be needed. There’s a learning curve, but eventually end users will get it- we just have to make sure the transition for ‘now’ to ‘got it’ is smooth and doesn’t overwhelm help desk resources.

As the operating systems and clients progress, we’re seeing more integration and the ability to share 802.1X information between disparate pieces of the endpoint.

In the meantime, there are also 3rd-party supplicants that can ease several of the pains. Cisco’s Secure Services Client (acquired from Meetinghouse’s Aegis supplicant) and Juniper’s Odyssey Access Client (acquired from Funk) both offer options and configurations not currently available in native OS supplicants. (For example, both offer the GINA shim for integrating Windows 1X login with Novell as well as multiple profile support.) Although I haven’t tried it, my understanding is you can still operate both of these clients independent of the controllers provided from the same vendor.

Is it a deal-killer?

It can be. The struggle to provide a smooth transition for end users is often a deal-killer for organizations looking at deploying 802.1X. Although there are ways to combat most of these obstacles; often the time, planning and money required to proceed make it unattractive enough to abandon the project. In most cases, the more heterogeneous the endpoint environment is, the less attractive the solution becomes. In an all-Microsoft environment, you can have an 802.1X framework up in a matter of hours. With a mix of authentication directories, endpoint OSs and user expectations, you could spend weeks or months ironing out the details.

The good news.

Yes, there’s some good news here. The increased adoption of 802.1X is continually leading to increased integration of the software, operating systems and clients on endpoints. While 802.1X may never reach ‘plug-and-play’ status, pretty soon the integration will reach a point where configuration is simplified enough for more wide-spread adoption, even in the most diverse environments.

Just hang tight, we’ll get there!

# # #

My Name......is......Neo!

Mon, 30 Jun 2008 12:35:39 +0000

As Keanu would say, "There's a bomb on the bus".

I mean, "Whoa". He might also have said "Excellent", but that was definitely the wrong film.

At any rate, here's an infection from China called "Agent.NEO", which probably has some deep seated relevance to the Matrix trilogy. Or maybe not. There aren't tons of screenshots of desktop fireworks, because by and large, this infection doesn't hit you with the pretty whiz-bang effects on your monitor. What it does do, however, is drop a ton of files onto your PC (many of which do strange things - here's a couple from various directories):

...slows everything down to a crawl, attempts to detect and disable security programs, contact a remote mail server with network sensitive data, hijack your IE:

Click to Enlarge

....and tries to show you a couple of Chinese popup ads (none of those pages were online at time of testing, otherwise there'd be multicoloured screenshots galore below).

I'm trying really hard to end this writeup with a really cheesy Matrix reference, but I can't think of any so in conclusion: avoid Agent.NEO at all costs (but watch the films again, they're awesome).

Mashup of the Titans

Wed, 25 Jun 2008 13:29:25 +0000

Information Security - an Oxymoron for the information age

“Always the beautiful answer who asks a more beautiful question.” e. e. cummings

...or why i am with Gelernter

This is a mashup of Saltzer & Schroeder's famous information security principles with David Gelernter's Manifesto.

The premise of this mashup is to examine the paper by Saltzer and Schroeder which was written in 1975 and serves as the basis for most information security programs against the Gelernter's manifesto as to where computing is actually going. Each of the eight principles in Saltzer and Schroeder's paper is listed in order, and followed by select excerpts of Gelernter's manifesto. This comparison is to examine theoretical information security principles vis a vis the actual utility of modern information systems. I will not make an attempt to reconcile theory and practice, but will point out where the two schools of thought agree. In fairness, Saltzer and Schroeder's paper was written 25 years before Gelernter's, however Saltzer and Schroeder's principles dominate the thinking about information security to this day and so its important to view them side by side with Gelernter's thinking on the direction of computing.

Saltzer and Schroeder:

"a) Economy of mechanism: Keep the design as simple and small as possible. This well-known principle applies to any aspect of a system, but it deserves emphasis for protection mechanisms for this reason: design and implementation errors that result in unwanted access paths will not be noticed during normal use (since normal use usually does not include attempts to exercise improper access paths). As a result, techniques such as line-by-line inspection of software and physical examination of hardware that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential."

Gelernter:

"9. The computing future is based on "cyberbodies" — self-contained, neatly-ordered, beautifully-laid-out collections of information, like immaculate giant gardens."

Conclusion(gp): So far, so good

Saltzer and Schroeder:

"b) Fail-safe defaults: Base access decisions on permission rather than exclusion. This principle, suggested by E. Glaser in 1965,8 means that the default situation is lack of access, and the protection scheme identifies conditions under which access is permitted. The alternative, in which mechanisms attempt to identify conditions under which access should be refused, presents the wrong psychological base for secure system design. A conservative design must be based on arguments why objects should be accessible, rather than why they should not. In a large system some objects will be inadequately considered, so a default of lack of permission is safer. A design or implementation mistake in a mechanism that gives explicit permission tends to fail by refusing permission, a safe situation, since it will be quickly detected. On the other hand, a design or implementation mistake in a mechanism that explicitly excludes access tends to fail by allowing access, a failure which may go unnoticed in normal use. This principle applies both to the outward appearance of the protection mechanism and to its underlying implementation."

Conclusion(gp): A conservative design principle that puts the object's owner in control of permissions. This makes a lot of sense from the object point of view, but does little to address the use case in which it executes.

Saltzer and Schroeder:

"c) Complete mediation: Every access to every object must be checked for authority. This principle, when systematically applied, is the primary underpinning of the protection system. It forces a system-wide view of access control, which in addition to normal operation includes initialization, recovery, shutdown, and maintenance. It implies that a foolproof method of identifying the source of every request must be devised. It also requires that proposals to gain performance by remembering the result of an authority check be examined skeptically. If a change in authority occurs, such remembered results must be systematically updated."

Gelernter:

"8. The software systems we depend on most today are operating systems (Unix, the Macintosh OS, Windows et. al.) and browsers (Internet Explorer, Netscape Communicator...). Operating systems are connectors that fasten users to computers; they attach to the computer at one end, the user at the other. Browsers fasten users to remote computers, to "servers" on the internet.

Today's operating systems and browsers are obsolete because people no longer want to be connected to computers — near ones OR remote ones. (They probably never did). They want to be connected to information. In the future, people are connected to cyberbodies; cyberbodies drift in the computational cosmos — also known as the Swarm, the Cybersphere.

13. Any well-designed next-generation electronic gadget will come with a ``Disable Omniscience'' button.

17. A cyberbody can be replicated or distributed over many computers; can inhabit many computers at the same time. If the Cybersphere's computers are tiles in a paved courtyard, a cyberbody is a cloud's drifting shadow covering many tiles simultaneously.

20. If a million people use a Web site simultaneously, doesn't that mean that we must have a heavy-duty remote server to keep them all happy? No; we could move the site onto a million desktops and use the internet for coordination. The "site" is like a military unit in the field, the general moving with his troops (or like a hockey team in constant swarming motion). (We used essentially this technique to build the first tuple space implementations. They seemed to depend on a shared server, but the server was an illusion; there was no server, just a swarm of clients.) Could Amazon.com be an itinerant horde instead of a fixed Central Command Post? Yes."

Conclusion(gp): Complete mediation provides the underpinning for Saltzer and Schroeder's system, but does not appear to scale to the desired itinerant horde at least in common interpretation.

Saltzer and Schroeder:

"d) Open design: The design should not be secret. The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords. This decoupling of protection mechanisms from protection keys permits the mechanisms to be examined by many reviewers without concern that the review may itself compromise the safeguards. In addition, any skeptical user may be allowed to convince himself that the system he is about to use is adequate for his purpose. Finally, it is simply not realistic to attempt to maintain secrecy for any system which receives wide distribution."

Conclusion(gp): both seem to agree, hard to get the itinerant horde moving in a swarm without open standards.

Saltzer and Schroeder:

"e) Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key. The relevance of this observation to computer systems was pointed out by R. Needham in 1973. The reason is that, once the mechanism is locked, the two keys can be physically separated and distinct programs, organizations, or individuals made responsible for them. From then on, no single accident, deception, or breach of trust is sufficient to compromise the protected information. This principle is often used in bank safe-deposit boxes. It is also at work in the defense system that fires a nuclear weapon only if two different people both give the correct command. In a computer system, separated keys apply to any situation in which two or more conditions must be met before access should be permitted. For example, systems providing user-extendible protected data types usually depend on separation of privilege for their implementation."

Gelernter:

"37. Elements stored in a mind do not have names and are not organized into folders; are retrieved not by name or folder but by contents. (Hear a voice, think of a face: you've retrieved a memory that contains the voice as one component.) You can see everything in your memory from the standpoint of past, present and future. Using a file cabinet, you classify information when you put it in; minds classify information when it is taken out. (Yesterday afternoon at four you stood with Natasha on Fifth Avenue in the rain — as you might recall when you are thinking about "Fifth Avenue," "rain," "Natasha" or many other things. But you attached no such labels to the memory when you acquired it. The classification happened retrospectively.)"

Conclusion(gp): Information Security models tend to look at things statically through information classification lenses, but its how information is used that makes it valuable. In practice this is how information security theory breaks down in the face of reality - what does an access control matrix look like for a mashup? What does it look like for a data mining app?

Saltzer and Schroeder:

"f) Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur. Thus, if a question arises related to misuse of a privilege, the number of programs that must be audited is minimized. Put another way, if a mechanism can provide "firewalls," the principle of least privilege provides a rationale for where to install the firewalls. The military security rule of "need-to-know" is an example of this principle."

Gelernter:

"28. Metaphors have a profound effect on computing: the file-cabinet metaphor traps us in a "passive" instead of "active" view of information management that is fundamentally wrong for computers.

29. The rigid file and directory system you are stuck with on your Mac or PC was designed by programmers for programmers — and is still a good system for programmers. It is no good for non-programmers. It never was, and was never intended to be.

30. If you have three pet dogs, give them names. If you have 10,000 head of cattle, don't bother. Nowadays the idea of giving a name to every file on your computer is ridiculous."

Conclusion(gp): Least Privilege is the point where the practical matter of applying Saltzer and Schroeder's principles breaks down in modern systems. Its a deployment issue, and a matter of insufficient models and modes.

Saltzer and Schroeder:

"g) Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users [28]. Every shared mechanism (especially one involving shared variables) represents a potential information path between users and must be designed with great care to be sure it does not unintentionally compromise security. Further, any mechanism serving all users must be certified to the satisfaction of every user, a job presumably harder than satisfying only one or a few users. For example, given the choice of implementing a new function as a supervisor procedure shared by all users or as a library procedure that can be handled as though it were the user's own, choose the latter course. Then, if one or a few users are not satisfied with the level of certification of the function, they can provide a substitute or not use it at all. Either way, they can avoid being harmed by a mistake in it."

Gelernter:

"6. Miniaturization was the big theme in the first age of computers: rising power, falling prices, computers for everybody. Theme of the Second Age now approaching: computing transcends computers. Information travels through a sea of anonymous, interchangeable computers like a breeze through tall grass. A dekstop computer is a scooped-out hole in the beach where information from the Cybersphere wells up like seawater.

16. The future is dense with computers. They will hang around everywhere in lush growths like Spanish moss. They will swarm like locusts. But a swarm is not merely a big crowd. The individuals in the swarm lose their identities. The computers that make up this global swarm will blend together into the seamless substance of the Cybersphere. Within the swarm, individual computers will be as anonymous as molecules of air.

55. Software can solve hard problems in two ways: by algorithm or by making connections — by delivering the problem to exactly the right human problem-solver. The second technique is just as powerful as the first, but so far we have ignored it.

56. Lifestreams and microcosms are the two most important cyberbody types; they relate to each other as a single musical line relates to a single chord. The stream is a "moment in space," the microcosm a moment in time."

Saltzer and Schroeder:

"h) Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user's mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification language, he will make errors."

Gelernter:

"7. "The network is the computer" — yes; but we're less interested in computers all the time. The real topic in astronomy is the cosmos, not telescopes. The real topic in computing is the Cybersphere and the cyberstructures in it, not the computers we use as telescopes and tuners.

27. Modern computing is based on an analogy between computers and file cabinets that is fundamentally wrong and affects nearly every move we make. (We store "files" on disks, write "records," organize files into "folders" — file-cabinet language.) Computers are fundamentally unlike file cabinets because they can take action.

31. Our standard policy on file names has far-reaching consequences: doesn't merely force us to make up names where no name is called for; also imposes strong limits on our handling of an important class of documents — ones that arrive from the outside world. A newly-arrived email message (for example) can't stand on its own as a separate document — can't show up alongside other files in searches, sit by itself on the desktop, be opened or printed independently; it has no name, so it must be buried on arrival inside some existing file (the mail file) that does have a name. The same holds for incoming photos and faxes, Web bookmarks, scanned images...

32. You shouldn't have to put files in directories. The directories should reach out and take them. If a file belongs in six directories, all six should reach out and grab it automatically, simultaneously.

33. A file should be allowed to have no name, one name or many names. Many files should be allowed to share one name. A file should be allowed to be in no directory, one directory, or many directories. Many files should be allowed to share one directory. Of these eight possibilities, only three are legal and the other five are banned — for no good reason.

53. Your car, your school, your company and yourself are all one-track vehicles moving forward through time, and they will each leave a stream-shaped cyberbody (like an aircraft's contrail) behind them as they go. These vapor-trails of crystallized experience will represent our first concrete answer to a hard question: what is a company, a university, any sort of ongoing organization or institution, if its staff and customers and owners can all change, its buildings be bulldozed, its site relocated — what's left? What is it? The answer: a lifestream in cyberspace."

Conclusion(gp):

The Saltzer and Schroeder principles of Open Design and Economy of Mechanism hold up well in the face of modern computing realities, and to a certain extent Fail Safe Defaults does as well; however if we information security people are to be effective we need to re-think the other principles.

Last word: Gelernter:

We'll know the system is working when a butterfly wanders into the in-box and (a few wingbeats later) flutters out — and in that brief interval the system has transcribed the creature's appearance and analyzed its way of moving, and the real butterfly leaves a shadow-butterfly behind. Some time soon afterward you'll be examining some tedious electronic document and a cyber-butterfly will appear at the bottom left corner of your screen (maybe a Hamearis lucina) and pause there, briefly hiding the text (and showing its neatly-folded rusty-chocolate wings like Victorian paisley, with orange eyespots) — and moments later will have crossed the screen and be gone.

BlackBerry Pearl 'Proper' Keypad Cheatsheet

Sat, 07 Jun 2008 11:37:00 +0000

It wasn’t long after I switched from a long history of traditional cell phones to a BB Pearl that I realized there was a big problem. I was up a creek without a paddle… or should I say, I was up to remote voicemail access without a proper keypad.

You see, phone systems everywhere- my office, your office, the banks and any alphanumeric-driven automated system- use the letters that correspond to a standard desk set number. The number ‘2’ represents ‘ABC’, etc.

The problem is… the BlackBerry Pearl keyboard is the bastard child of a standard 9-key cell keypad and a full QWERTY keyboard that BB usually sports… making it match… well… nothing!

So a ‘G’ on my office system to Give it to another user is number key 4, on my Pearl it would be 5, which would be ‘K’ to my phone system to save the message and tuck it back in the depths of vm storage never to be found again. Over the past months, I’ve accidentally erased things I wanted to forward, forward things I wanted to save… you get the picture.

It’s not just voicemail access. I also found I couldn’t make use of dial-by-name directories or even access my banking by phone. It gets to be quite frustrating at times, and driving down the road at 70mph is not really a good time to try and work out the mental puzzle of which number ‘should’ be what.

The solution… I decided to make a BlackBerry Pearl ‘Proper’ Keypad Cheatsheet. It’s a convenient 2x3.5” business-card sized piece that you can print and slip right into your wallet, phone holster, or wherever you need it.

And here it is, available for your enjoyment- in both his and hers colours.

Her BB Pearl Keypad Cheetsheet (in pink)

His BB Pearl Keypad Cheetsheet (in blue)

# # #

Its about the kids, stupid

Thu, 08 May 2008 11:52:44 +0000

Matt Asay has a blog up on "OLPC's capitulation to Windows...". In it Matt waxes poetic about what a mistake Nicholas Negroponte is making by embracing Windows for the OLPC laptop project. Matt points to Groklaw, Richard Stallman and the rest of the Redmond revolutionaries who want to see Negroponte tarred and feathered and question his vision. Hey, lets face it the "m" word is toxic to that crowd. But I really think Matt is just plain twisted about this and about what OLPC is really about. Here is what Matt has to say, "OLPC is rather about liberating developing nations from their vassal status that continually keeps them at the mercy of the pricing and licensing of Microsoft and other proprietary vendors." No Matt, that is not what OLPC is all about and that is what the problem is! OLPC is about getting a laptop in the hands of every kid in the world. It is about giving these kids a chance to learn and grow up to compete in the global economy with the same tools that kids in this country have. It has nothing to with your views of Microsoft being a 21st century imperialistic empire.

Matt both of my boys have OLPC laptops, I know what it is like using them. The Sugar interface is tough. As Negroponte says, it is a amorphous blob. The command line structure of the laptop made it hard for me to retrieve and install files. File names are truncated and kept in non-standard directories. When kids are learning windows in school, this is difficult for them. The laptops are a tool for them to learn, it shouldn't be about learning the tool. It needs to be more main stream for kids to be able leverage it across the world. It needs to be more standards based. I don't care if it is open source standards or closed source standards but it has to be better. Windows will give it that.

But ultimately Matt, I feel that the OLPC project was hijacked by the open source movement as a "Trojan horse" to overthrow Windows. If that was your intention great. Me, I was a lot more humble and noble in what I thought it was. I thought was about getting a computer in the kids hands and having them learn and contribute.

ICQ Messenger Controlled Malware

Mon, 14 Apr 2008 03:28:05 +0000

IM me a command, master - part two. Diversifying the command and control channels of malware is always in a permanent development phrase, with malware authors trying to adapt their releases in order for them to bypass popular detection mechanisms. IM controlled malware is a great example of such a development, and now that I've already covered a Yahoo Messenger controlled malware in previous post, it would be logical to come up with more evidence on alternative IM networks used as a main C&C interface, such as ICQ in this case. The ICQ controlled malware's pitch :

"With this program, you will always be able to access the necessary functions of your computer using ordinary ICQ. It has the opportunity to add their scripts and commands, thus becoming a universal tool for controlling the computer - it all depends on your imagination and skills. Through the program operations like the following can be run by default - viewing directories, displaying messages, lauching programs, killing processes, shutdown, view active windows, and much more."

Released primarily as a Proof of Concept, its source code is freely available which as we've already seen in the past results in more innovation added on behalf of those using the idea as a foundation for achieving their own malicious purposes.

The whole concept of abusing third-party communication applications for malware purposes, has always been there, in fact two years ago, there were even speculations that Skype could be used to control botnets. A fad or a trend? The lone malware author who's not embracing malicious economies of scale and looking for reliable and efficient ways to infect and control as many hosts as possible, is taking advantage of this, the rest are always looking for ways to port their botnets to a different C&C without loosing a single host in order to benefit from what a web application C&C can provide in respect to the old-fashioned IRCd command line commands.

Identity vendor Ping adds to wares to support SaaS

Mon, 10 Mar 2008 21:00:00 +0000

Ping Identity Tuesday added to its tools for supporting single sign-on to online services by acquiring appliance-based technology from Sxip Identity for integrating hosted applications and corporate directories.

Protecting the Enterprise Network Through Web Security	Advertisement
New focus is being placed on securing Web-based threats.

Enabling hierarchical nant builds

Fri, 07 Mar 2008 09:49:00 +0000

In a recent post, I talked about my experience enabling continuous integration for the internal builds here at Pluralsight. I recently worked with Craig to restructure our nant build. As part of that, I wanted to ensure that I could run the build from anywhere in the source tree. We use a typical hierarchical build where each project has a build script that knows how to compile, test, deploy, etc. based on the specified target. Then at the top of the tree, there's a build script that runs all the other ones. That root build script is what gets run automatically by Cruise Control.

My root script defines a bunch of properties, like where the output directories for the overall build live, where the tools live, and so on. And that works fine when I run the build from the root. The properties get defined, all the child scripts are run with tasks, and they see those properties. But if I want to drill down into the tree and run one of the build scripts lower down, suddenly there's problems because it depends on properties that are only defined in the root script. I really like being able to run builds from anywhere in the tree for perf - if I'm trying to fix a particular project, I don't necessarily want to wait for unit tests on the entire tree to run in order to see if mine passed.

Craig made a great suggestion. Put the properties into a separate script (we named it properties.nant) and that script. Then to enable hierarchical builds, we'd create a properties.nant file for each folder in the tree, which would its parent. That way I could define properties anywhere in the tree, and they would be "inherited" by anything below it.

I took that idea one step further, because I didn't want to maintain a bunch of property scripts with nothing in them but an for the parent. I wrote an nant task that walks up the directory tree looking for the target file. So now I can do this:

This worked great! But now I ran into a problem. Many of my properties are defined like so in the root properties.nant file:

Do you see the issue? If I run the build with the root script, everything works fine, because it's the root nant project I'm building, and get-base-directory() refers to the root of the project, where the artifacts folder lives. But if I run from lower in the tree, it's a different project, and get-base-directory() refers to a subfolder, where the artifacts folder definitely should NOT be.

I needed a way to find the root of the project tree. So I build a second really simple nant task:

This task simply looks up the directory hierarchy until it finds the specified marker file, then puts the name of that directory (the "marked" directory) into a designated property (here I've called it root). With that in place, I rewrote my property definitions in terms of the base directory:

Voilà! I can now run builds from any of my build scripts. They inherit properties hierarchically like you'd expect, and the system is quite easy to maintain. If you'd like to use these tasks, I've included the code for them below (not much code, really). And if you've never written a nant task yourself before, here's the article I used to figure out how it's done (it's super easy). Here's what you should read to learn about the various options for deploying your custom task assembly so nant recognizes it.

Enjoy!

Here is FindMarkedDirTask.cs

using System;
using System.Collections.Generic;
using System.Text;
using NAnt.Core;
using NAnt.Core.Attributes;
using System.IO;

namespace PluralsightNantTasks {

[TaskName("findmarkeddir")]
public class FindMarkedDirTask : Task {

  [TaskAttribute("markerfile", Required = true)]
  [StringValidator(AllowEmpty = false)]
  public string MarkerFileName { get; set; }

  [TaskAttribute("property", Required = true)]
  [StringValidator(AllowEmpty = false)]
  public string PropertyName { get; set; }

  protected override void ExecuteTask() {
    string searchDir = this.Project.BaseDirectory;
    do {
      if (MarkerFileExistsIn(searchDir)) {
        this.Project.Properties[PropertyName] = searchDir;
        return;
      }
      searchDir = ParentOf(searchDir);
    } while (!IsRootDirectory(searchDir));
  }

  private bool IsRootDirectory(string path) {
    return Path.GetPathRoot(path) == Path.GetFullPath(path);
  }

  private string ParentOf(string directory) {
    return Path.GetFullPath(Path.Combine(directory, ".."));
  }

  private bool MarkerFileExistsIn(string directory) {
    return File.Exists(Path.Combine(directory, MarkerFileName));
  }
}
}

And here is IncludeFromParentTask.cs (note I derive from the built-in include task):

using System;
using System.Collections.Generic;
using System.Text;
using NAnt.Core;
using NAnt.Core.Attributes;
using NAnt.Core.Tasks;
using System.IO;
using System.Globalization;

namespace PluralsightNantTasks {

[TaskName("includefromparent")]
public class IncludeFromParentTask : IncludeTask {

  protected override void Initialize() {
    string fileName = BuildFileName;
    if (fileName.Contains("/") || fileName.Contains(@"\\"))
      throw new BuildException(string.Format(
        CultureInfo.CurrentCulture,
        "buildfile attribute must only be a filename"));

    string relativePathToFoundFile = SearchParentDirectory(
      Project.BaseDirectory, fileName, 0);
      
    if (null == relativePathToFoundFile)
      throw new BuildException(string.Format(
        CultureInfo.CurrentCulture,
        "Couldn't find a file named {0}" +
        " in a parent directory of {1}",
        fileName, Project.BaseDirectory));

    // have to use a relative path here
    // because  task uses
    // Path.Combine(projectDir, BuildFileName)
    // to get the full path
    BuildFileName = relativePathToFoundFile;

    base.Initialize();
  }

  private string SearchParentDirectory(string directory,
                        string fileName, int searchDepth) {
    ++searchDepth;
  
    // see if we've traversed all the way to the root
    string currentPath = Path.GetFullPath(directory);
    if (currentPath == Path.GetPathRoot(currentPath))
      return null;

    // recurse until we find the file
    string parentDir = Path.GetFullPath(
      Path.Combine(currentPath, ".."));
    string path = Path.Combine(parentDir, fileName);
    if (File.Exists(path)) {
      StringBuilder sb = new StringBuilder();
      for (int i = 0; i < searchDepth; ++i)
        sb.Append(@"..\");
      return Path.Combine(sb.ToString(), fileName);
    }
    else return SearchParentDirectory(parentDir,
                          fileName, searchDepth);
  }
}
}

Enabling hierarchical nant builds

Fri, 07 Mar 2008 09:49:00 +0000

This worked great! But now I ran into a problem. Many of my properties are defined like so in the root properties.nant file:

I needed a way to find the root of the project tree. So I build a second really simple nant task:

Enjoy!

Here is FindMarkedDirTask.cs

using System;
using System.Collections.Generic;
using System.Text;
using NAnt.Core;
using NAnt.Core.Attributes;
using System.IO;

namespace PluralsightNantTasks {

[TaskName("findmarkeddir")]
public class FindMarkedDirTask : Task {

  [TaskAttribute("markerfile", Required = true)]
  [StringValidator(AllowEmpty = false)]
  public string MarkerFileName { get; set; }

  [TaskAttribute("property", Required = true)]
  [StringValidator(AllowEmpty = false)]
  public string PropertyName { get; set; }

  protected override void ExecuteTask() {
    string searchDir = this.Project.BaseDirectory;
    do {
      if (MarkerFileExistsIn(searchDir)) {
        this.Project.Properties[PropertyName] = searchDir;
        return;
      }
      searchDir = ParentOf(searchDir);
    } while (!IsRootDirectory(searchDir));
  }

  private bool IsRootDirectory(string path) {
    return Path.GetPathRoot(path) == Path.GetFullPath(path);
  }

  private string ParentOf(string directory) {
    return Path.GetFullPath(Path.Combine(directory, ".."));
  }

  private bool MarkerFileExistsIn(string directory) {
    return File.Exists(Path.Combine(directory, MarkerFileName));
  }
}
}

And here is IncludeFromParentTask.cs (note I derive from the built-in include task):

using System;
using System.Collections.Generic;
using System.Text;
using NAnt.Core;
using NAnt.Core.Attributes;
using NAnt.Core.Tasks;
using System.IO;
using System.Globalization;

namespace PluralsightNantTasks {

[TaskName("includefromparent")]
public class IncludeFromParentTask : IncludeTask {

  protected override void Initialize() {
    string fileName = BuildFileName;
    if (fileName.Contains("/") || fileName.Contains(@"\\"))
      throw new BuildException(string.Format(
        CultureInfo.CurrentCulture,
        "buildfile attribute must only be a filename"));

    string relativePathToFoundFile = SearchParentDirectory(
      Project.BaseDirectory, fileName, 0);
      
    if (null == relativePathToFoundFile)
      throw new BuildException(string.Format(
        CultureInfo.CurrentCulture,
        "Couldn't find a file named {0}" +
        " in a parent directory of {1}",
        fileName, Project.BaseDirectory));

    // have to use a relative path here
    // because  task uses
    // Path.Combine(projectDir, BuildFileName)
    // to get the full path
    BuildFileName = relativePathToFoundFile;

    base.Initialize();
  }

  private string SearchParentDirectory(string directory,
                        string fileName, int searchDepth) {
    ++searchDepth;
  
    // see if we've traversed all the way to the root
    string currentPath = Path.GetFullPath(directory);
    if (currentPath == Path.GetPathRoot(currentPath))
      return null;

    // recurse until we find the file
    string parentDir = Path.GetFullPath(
      Path.Combine(currentPath, ".."));
    string path = Path.Combine(parentDir, fileName);
    if (File.Exists(path)) {
      StringBuilder sb = new StringBuilder();
      for (int i = 0; i < searchDepth; ++i)
        sb.Append(@"..\");
      return Path.Combine(sb.ToString(), fileName);
    }
    else return SearchParentDirectory(parentDir,
                          fileName, searchDepth);
  }
}
}