OpenSource.Cipto.US

Time and again, a common concern that is often reported about the cloud is that public clouds are insecure due the fact that they are multi-tenant. At the Interop conference last week InternetNews.com caught up Rackspace CTO John Engates to get his views on the cloud.

According to Engates, the multi-tenant cloud security risk is a concern that isn’t rooted in reality and one that has a lot of F.U.D. (Fear Uncertainty and Doubt) attached to it. In a conversation with eSecurityPlanet.com, Engates stressed at some level all modern networking is multi-tenant sharing the same basic cables, switching and networking infrastructure.

Watch the video interview below:

Read the full story at eSecurityPlanet:
Multi-Tenant Public Clouds: Security Risk or FUD?

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

InternetNews.com All News

Catalyst is the latest in the evolution of open-source Web development
frameworks. Written in modern Perl and inspired by many of the projects
that came before it, including Ruby on Rails, Catalyst is elegant, powerful
and refined. It’s a great choice for creating any Web-based application
from the simple to the very complex.

Like many other popular Perl-based projects, Catalyst has a strong focus on
flexibility and choice. Catalyst is especially powerful because it provides
an abundance of features and the core environment, structure and
interfaces on which virtually anything can be built without forcing you to
do things in any particular way.

Writing applications in Catalyst is fast too. Just because you can tackle
any aspect of application design yourself, doesn’t mean you have to.
Catalyst provides a wide array of refined, high-level, drop-in solutions to
all kinds of problems and needs without limiting access to the nuts and bolts.
Templating, ORM, authentication, automatic session management and all the
other high-level features you’d want from a Web framework are available in
Catalyst—and more.

Catalyst’s approach is to provide these high-level features as optional
plugins and modules. This is one of the greatest strengths of Perl—a
tremendous number of refined modules and libraries are available. So,
instead of re-inventing all this functionality, Catalyst provides a
framework to bring together seamlessly what already exists.

Catalyst is bigger than itself—it is also everything that’s available in
CPAN. That alone makes it one of the most feature-rich frameworks there
are.

In this article, I provide an introduction to Catalyst and how to use it
for rapid application development. I cover the basics of how to
create and lay out a new application as well as how to write the actions
that will handle requests. I explain how to define flexible URL dispatch
logic and some of the APIs that are available. I focus on the
fundamentals, but I cover some of the popular available components as well, such as Template::Toolkit. I also talk about how you can
extend Catalyst itself, and how you can deploy an application with Apache.

Background Knowledge and the MVC Architecture

Catalyst and Catalyst applications are written in Perl, so some basic Perl
knowledge is necessary to use Catalyst effectively. You also should have
some experience with object-oriented programming concepts, such as classes,
methods, inheritance and so on.

Like Rails, Django, CakePHP and many other Web frameworks, Catalyst follows
the venerable Model-View-Controller architectural pattern. MVC is a
proven approach to structuring and segmenting application code for
efficiency, flexibility and maintainability.

Plenty of tutorials and resources are available for MVC, so
I won’t spend too much time covering it here. If you’ve
worked with other Web frameworks, chances are you’re already familiar with
MVC. If not, the most important thing to understand is that it is more
about best practices than anything else.

The focus of this article is to explain the core details of how Catalyst
operates, but since Catalyst made most of its layout decisions according to
MVC, you’ll still see it along the way.

Getting Catalyst

Before you can install Catalyst on your system, you obviously need Perl.
Most Linux distros already have Perl installed out of the box, but if not,
install it with your package manager.

Catalyst itself is a Perl library that you can install with cpan:

cpan Catalyst::Devel

The previous command installs Catalyst with development tools along with
its many dependencies. For production/hosting systems that will run
only applications without the need for development tools, you can install the
smaller Catalyst::Runtime bundle instead.

Because Catalyst has so many dependencies, it can take quite a while to
install on a fresh system. By default, CPAN asks if it should install each
dependency individually, which can become redundant really quick. You can
configure CPAN not to ask, but instead, I usually just cheat by holding
down Enter for a few seconds to queue up a bunch of default (“yes, install
the module!”) keystroke/answers.

If the install fails on the first attempt, don’t fret. Whatever the problem
may be, it probably will be explained in the scrollback along with what to
do to solve it. Typically, this involves nothing more than
installing/upgrading another module that wasn’t automatically in the
dependency tree for whatever reason, or just running the
cpan command a
second time.

Catalyst Application Layout

Every Catalyst application is a Perl module/library/bundle—exactly like
the modules on CPAN. This consists of a package/class namespace and
standard structure of files and directories. The Catalyst::Devel package
comes with a helper script to create new “skeleton” applications and to
initialize the files and directories for you. For example, to create a new
application called KillerApp, run the following:

catalyst.pl KillerApp

This creates a new application structure at KillerApp/ with the
following subdirectories:

lib/: this is the Perl include directory
that stores all the Perl
classes (aka packages or modules) for the application. This is added to
the Perl lib path at runtime, and the directory structure corresponds to the
package/class namespaces. For example, the two classes that are initially
created have the following namespaces and corresponding file paths:

These directories also are created but initially are empty:

• lib/KillerApp/Model/

• lib/KillerApp/View/

root/: this is where other kinds application-specific files are
stored. Static Web files, such as images, CSS and JavaScript go in the
subdirectory static, which usually is exposed as the URL /static. Other
kinds of files go in here too, such as templates.

script/: this contains application-specific scripts, including the
development server (killerapp_server.pl) that you can use to run the
application in its own standalone Web server, as well as scripts to deploy
the application in a “real” Web server. The helper script
killerapp_create.pl creates new model, view and controller component
classes.

t/: this is where “tests” go. If you follow a test-driven
development process, for every new feature you write, you also will write an
automated test case. Tests let you quickly catch regressions that may be
introduced in the future. Writing them is a good habit to get into, but
that’s
beyond the scope of this article.

The created skeleton application is already fully functional, and you can
run it using the built-in test server:

cd KillerApp/
script/killerapp_server.pl

This fires up the app in its own dedicated Web server on port 3000. Open
http://localhost:3000/ to see the default front page, which initially
displays the Catalyst welcome message.

The Request/Response Cycle

All Web applications handle requests and generate responses. The
fundamental job of any Web framework/platform/environment is to provide a
useful structure to manage this process. Although there are different ways of
going about this—from elegant MVC applications to ugly, monolithic CGI
scripts—ultimately, they’re all doing the same basic thing:

In Catalyst, this happens in special methods called “actions”. On every
request, Catalyst identifies one or more actions and calls them with
special arguments, including a reference to the “context”
object that
provides a convenient and practical API through which everything else is
accomplished.

Actions are contained within classes called “controllers”, which live in a
special path/namespace in the application (lib/KillerApp/Controller/). The
skeleton application sets up one controller (“Root”), but you can create
more with the helper script. For example, this creates a new
controller class KillerApp::Controller::Something:

script/killerapp_create.pl controller Something

The only reason to have more than one controller is for organization; you
can put all your actions in the Root controller with no loss of features or
ability. Controllers are just the containers for actions.

In the following sections, I describe how Catalyst decides which actions
to call on each request (“dispatch”) and then explain how to use the
supplied context object within them.

Linux Journal – The Original Magazine of the Linux Community

From the ‘Mozilla Isn’t a Linux Vendor’ files:

While Mozilla is a leading light in the open source community, every so often I’m reminded that the same isn’t always true in the Linux community.

There has been an ongoing thread over the course of the last week about Mozilla’s lack of initial support for the Web Apps Marketplace on Linux.

That’s right folks, the same group that is now (rightly) attacking Microsoft over the initial lack of access for browsers on Windows RT, isn’t initially supporting Linux for Web Apps.

Mozillian have tried to defend, Mozilla lack of initial support for Linux.

“Linux support for apps is a nice to have because most of our users are not running Linux,” Mozilla staffer Dan Mills wrote. “I think we’re supportive and absolutely willing to accept patches to make something work on Linux, but it’s just not something that affects the 80% (I don’t think it’s even 10%, though I don’t have any data handy). By definition, this is a nice to have, not a stop-ship feature. Remember that we are making software for a lot of people, and staff and community are actually a tiny slice of the userbase. I know it’s hard, but we need to focus on the userbase at large, not on us.”

Thankfully, I’m not the only one that finds that view somewhat — distasteful. Mozilla community member Ruben Martin wrote: 

Linux is not another platform, it’s the platform which shares our values about being open and the reason most people gets involved with mozilla, because they believe in libre software and in the open web. Not supporting linux is not supporting a big group of people that empowers mozilla, and not supporting them/us is not supporting mozilla.

The discussion led to an equally disturbing comment from Mozilla’s Asa Dotzler who seemed to imply it’s a resource issue that Mozilla (with its millions of Google dollars) doesn’t have the people to allocate for Linux development. Dotzler wrote:

What we need most, I suspect, is available Linux coders, people who know Gnome, Unity, GTK, etc. to do the platform integration work. I don’t know who those people are. Looking around the sub-set of community members employed by Mozilla who could help on this, I don’t see any available resources or even any resources I would move from their current work to this work.

Thankfully, Mozilla is not made up of people that share the same world view of Linux as Dotzler. Mozilla CTO, Brendan Eich knows how important Linux is to Mozilla’s wider efforts and in my view he has been the voice of reason on the subject of Linux support. Eich wrote:

Indeed the whole apps, marketplace and web runtime plan is too large to do at one step, or even with platform parity at the first step. That does not mean we give up our cross-platform commitments.

We support Linux as you say, because of our cross-platform principles first, and because of lead users in the Linux community and among our top Gecko hackers. There’s a nexus: B2G is based on Linux and Gecko, but of course without any Linux desktop (and without X-Windows. This is a good thing!).

So what does this all mean?

It means that Linux is not the number one priority for Mozilla (today) and it’s likely a third class citizen behind Windows and Mac. That said, I know full well that Red Hat (and likely other Linux distros too) have some dedicated resources that are focused on Firefox as it is the primary browser in use by default on Linux today. I just wish that Mozilla, instead of focusing on the world as it is, also took aim at helping to advance Linux for the open desktop world that we want. Perhaps with B2G, that will happen…

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

InternetNews.com All News

Pwnie Express has recently upgraded their Pwn Plug pentesting device, greatly improving the capability and usability of the device. This guide will show you how to get your Pwn Plug up and running with the latest software release as quickly as possible.

While this guide was written for the newest release (as of this writing, version 1.1), the process should be the same for future system updates as well.

Warning

Upgrading the Pwn Plug’s hardware involves manually erasing and writing to its internal flash storage. This will require you to enter commands exactly as they are written, and to make vitally sure that the device is not disturbed while it is performing these tasks. If the Pwn Plug loses power, or the serial connection to your computer is broken, the hardware could end up being irrecoverably damaged.

Getting the Update

To get the actual update file for your Pwn Plug, you need to go on the Pwnie Express website to register your hardware:

http://pwnieexpress.com/commercialregistration.html

Once you have registered your hardware, you should get an email with the unique login credentials required to download the update file itself. For the purposes of this guide, we will assume you have downloaded the update file (pwnplug_1.1_Elite_5-3-2012.tar.gz) to the “~/Downloads” directory.

Upgrade Preparation

The official Pwn Plug documentation shows you how to update your hardware using a TFTP server over the network. This is a perfectly valid method, but personally I found it more convenient to upgrade my hardware with a USB flash drive. This method has fewer steps and therefore less prone to errors if you are not accustomed to this type of operation.

For this method, you’ll need a USB flash drive that you don’t mind formatting, your Pwn Plug, and a computer. The operating system on the computer is not important, so long as you are able to format the USB drive and establish a serial connection with the Pwn Plug. That said, this guide will assume you are running some version of Linux.

To begin, insert your USB flash drive, and format it with the following command:

bash$   mkfs.vfat -F 16 /dev/sdX

Where “sdX” is the device node for your flash drive. This will reformat the drive to FAT16, which seems to work better with the Pwn Plug’s bootloader. I tried using a drive formatted to FAT32, but found there were problems reliably reading the files it contained.

Once the flash drive is formatted, you can mount it and extract the Pwn Plug update file to it:

bash$   mkdir /mnt/pwndrive
bash$   cd /mnt/pwndrive
bash$   tar xvf ~/Downloads/pwnplug_1.1_Elite_5-3-2012.tar.gz
./
./u-boot.kwb
./sheeva-2.6.37-uImage
./pwnplug_1.1_Elite_ubinized_5-3-2012.img

With your update drive now ready, you need to boot your Pwn Plug up into bootloader mode to perform the upgrade process.

Pwn Plug Bootloader Mode

To put your Pwn Plug into its bootloader mode, first start with the device completely powered off. Then connect the USB cable between your computer and the Pwn Plugs mini USB port. Enter the following command into the terminal, but don’t hit Enter:

bash$   screen /dev/ttyUSB0 115200

Now, with the devices connected and this command waiting in the terminal, power up the Pwn Plug. As the Pwn Plug has no power switch, I find the easiest way to do this is by using a standard power strip that has a switch on it.

Regardless of how you do it, after the Pwn Plug has had power for a second or so (don’t wait too long), hit Enter in the terminal to connect over the USB serial link. Once the command has run and the screen has turned black, hit Enter a few times until you see the bootloader prompt:

Marvell>>

All of the commands in this guide, unless noted otherwise, are to be run at this bootloader prompt.

Checking Bootloader Version

Depending on when you purchased your Pwn Plug, you may need to upload the bootloader before continuing with the installation. To check your current bootloader, enter the command “version” into the bootloader prompt:

Marvell>> version

U-Boot 2011.12 (Jan 08 2012 - 21:53:47)
Marvell-Sheevaplug - eSATA - SD/MMC
gcc (Debian 4.6.2-9) 4.6.2
GNU ld (GNU Binutils for Debian) 2.22

This output shows your Pwn Plug is running the latest version of the bootloader software, and you can skip ahead to the kernel upgrade step. If you see anything else, you will need to continue on with the bootloader update.

Update Bootloader

To upgrade your Pwn Plug’s bootloader, enter in the following commands (in bold) exactly as they are written:

Marvell>> usb start
(Re)start USB...
USB:   Register 10011 NbrPorts 1
USB EHCI 1.00
scanning bus for devices... 2 USB Device(s) found
       scanning bus for storage devices... 1 Storage Device(s) found
Marvell>> fatload usb 0:1 0x0800000 u-boot.kwb
reading u-boot.kwb

372512 bytes read
Marvell>> nand erase 0x0 0x60000

NAND erase: device 0 offset 0x0, size 0x60000
Erasing at 0x40000 -- 100% complete.
OK
Marvell>> nand write 0x0800000 0x0 0x60000

NAND write: device 0 offset 0x0, size 0x60000
 393216 bytes written: OK

These commands start up USB on the Pwn Plug, load the file “u-boot.kwb” file from it, erase the devices internal flash, and finally write the file to flash. This output shows a successful installation, any deviation from this output could indicate a very serious problem. If you get any errors while reading or writing to flash, make sure you have entered in the commands exactly. If necessary, copy and paste the bold commands directly into the terminal to prevent any possible mistakes.

With the bootloader written, you will now need to reset the Pwn Plug by entering in “reset”, waiting a few seconds until the bootloader has restarted (you will see information about the version and hardware) and then hitting “Enter” again to get back to the prompt:

Marvell>> reset
resetting ...

U-Boot 2011.12 (Jan 08 2012 - 21:53:47)
Marvell-Sheevaplug - eSATA - SD/MMC

SoC:   Kirkwood 88F6281_A1
DRAM:  512 MiB
WARNING: Caches not enabled
NAND:  512 MiB
In:    serial
Out:   serial
Err:   serial
Net:   egiga0
88E1116 Initialized on egiga0
Hit any key to stop autoboot:  0
Marvell>>

The bootloader upgrade will clear out some environment variables which are required for the Pwn Plug to properly function. Specifically, you will need to restore the hardware MAC address. To do this, first verify the devices MAC (located on the Pwn Plug’s sticker), then write it to the bootloaders storage with the following commands (entering your MAC for XX:XX:XX:XX:XX:XX):

Marvell>> set ethaddr XX:XX:XX:XX:XX:XX
Marvell>> saveenv
Saving Environment to NAND...
Erasing Nand...
Erasing at 0x60000 -- 100% complete.
Writing to Nand... done

Pwn Plug MAC and serial number label

With this step complete, your Pwn Plug is now running the latest bootloader and you are ready to move on to the next step.

Pages: 1 2

The Powerbase

VMware helped to lead the revolution that has transformed the data center server space with virtual nodes of compute server infrastructure. Now VMware wants to lead the way in virtualizing networking. It’s a movement that is aligned with the newly emerging trend of software defined networking (SDN) that enables programmable networks abstracting networking hardware.

Allwyn Sequeira, vice president and CTO of Security and Networking at VMware explained to InternetNews.com that it’s not possible to scale physical networking hardware to meet the on-demand needs of modern virtualized applications. From a product and technology perspective, the Software Defined Data Center architecture involves applications and specification available now, as well as work that is coming. With server virtualization there is now the concept of one vSwitch per host and, in that context, a VLAN is how VMs are networked. VLANs traditionally have been limited in their ability to stretch across data center domains, which is where the VXLAN standard comes into play.

The VXLAN specification was initially proposed in September of 2011, and is a multi-vendor effort that includes VMware along with Cisco, Arista Networks, Citrix and Red Hat. The basic idea behind VXLAN is to have a Layer 2 abstraction for virtual machines so they are not restricted to a particular LAN boundary.

“VXLAN is the basis for us untethering ourselves from current network limitations,” Sequeira said. “VXLAN is what enables end-to-end elasticity in the data center and allows you to build a software defined network.”

When it comes to OpenFlow, in Sequeira’s view there are a set of vendors that are now building monolithic stacks on top of the OpenFlow protocol, trying to establish control points. As such he expects that SDN silos will emerge over time that will require some form of federation to connect together.

“For us, SDN is a natural extension of our current product lines, extending what we already have for a VMware domain,” Sequeira said. “When do we see a world when there is a VMware SDN working with an OpenFlow SDN? I don’t think, that’s in the cards.”

Read the full story at EnterpriseNetworkingPlanet:
VMware Wants to be Your New SDN

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

InternetNews.com All News

The Wine development release 1.5.4 is now available.

What's new in this release (see below for details):
  - A new DirectSound resampler.
  - A Negotiate authentication provider.
  - OpenGL support in the DIB engine.
  - Beginnings of support for .NET mixed assemblies.
  - Support routines for Internationalized Domain Names.
  - Various bug fixes.

The source is available from the following locations:

  http://ibiblio.org/pub/linux/system/emulators/wine/wine-1.5.4.tar.bz2
  http://prdownloads.sourceforge.net/wine/wine-1.5.4.tar.bz2

For the complete bug fixes list follow this link:

http://www.winehq.org/announce/1.5.4

UGP (Ubuntu Gaming Project)

Over on the Pwnie Express blog, Dave Porcello has announced the release of Pwn Plug System Software 1.1, a massive update to the companies Pwn Plug product.

This update addresses many of the issues with the existing software, such as the outdated release of Ubuntu it was based on and the lack of latest security tools. It also adds some very unique new features like the ability to wardial via GSM modem and control the Pwn Plug device with nothing more than SMS messages from any cell phone.

In the next few days we will be publishing a full review of the 1.1 update, as well as a walkthrough for those looking to upgrade their own Pwn Plug or SheevaPlug devices to the latest and greatest build. In the meantime, users can download the latest release directly from the Pwnie Express site.

OS & performance improvements!

• OS upgraded to Debian 6 (Squeeze)
• 20-second boot up
• Faster file-system (UBIFS)

New tunneling features!

• SSH Egress Buster
• OpenVPN & SSH-VPN support
• New covert channels (udptunnel, iodine, etc)
• Support for authenticating HTTP proxies
• More resilient tunnels (thanks Lance Honer!)

New Plug UI features!

• Point-and-click SSH receiver (Backtrack) setup
• One-click NAC Bypass (Elite models)
• One-click Passive Recon
• One-click Stealth Mode
• One-click History Wipe

New wireless features!

• Support for 802.11n and hundreds of new wireless devices
• JP Ronin’s Bluetooth pentesting suite
• Kismet new-core with Ubertooth support
• Zigbee support (thanks Travis Goodspeed!)
• 4G cell network support (Elite models)
• War dialing via GSM modem (Elite models)
• SMS text-to-bash (Elite models)

..and of course, more tools!

• Over 50 new pentesting tools!
• Web app testing tools, including w3af
• Database/SQL testing tools
• THC IPv6 toolkit
• VoIP testing tools

The Powerbase

LAS VEGAS. Cisco CTO Padmasree Warrior took the keynote stage at the Interop conference today to detail where the world of networking has been and where it is going. It’s a world where the network’s value is about individual users.

Warrior began by explaining that the first phase of the networks evolution was just about getting access. The second phase was the digital revolution, where ecommerce and IP telephony took root. In the third phase, which is what we are in today, the network economy with social networking mobile and cloud are the key driving factors. Looking forward, the next phase is the so-called human network, which will deliver a fully immersive digital world where experiences will all be more contextual.

he future and the present of IT is also about the cloud, which requires secure access.

“We believe the network provides a huge role in connecting people to both private and public clouds,” Warrior said. “In June, we’re announcing Cisco Cloud Connect, which will allow for secure connections to data centers.”

Overall, Warrior noted that networking is now in a period of transition.

“This is an important time in the industry, where we’re about to re-invent the fundamentals,” Warrior said.

Read the full story at Datamation:
Cisco CTO: The Network Is Evolving

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

InternetNews.com All News

LAS VEGAS. Allan Leinwand, CTO of Zynga is not the typical kind of CTO to take the keynote stage at the Interop networking conference. Instead of representing a networking vendor, Leinwand works for an application vendor that makes games.

Leinwand noted that there are now 292 million monthly active players that play Zynga’s games. The way those games get to users, is something that has changed over the last few years as Zynga has built out its’ application delivery infrastructure. It’s an infrastructure hats to deliver some very big data. On ‘gifting’ alone across Zynga applications, Leinwand said Zynga players had 36 billion gifts, that produced 24.5 trillion rows, database and 1.4 petabytes of data in their database.

“That’s the equivalent of every movie in Netflix in HD, times 10,” Leinwand said. “We’re bigger than Santa Claus.”

To meet that demand, Zynga has a hybrid cloud deployment that they have built out after trying different approach to delivering their application. The first Zynga game in 2007, was deployed in a retail data center and it worked ok for the initial game. Farmville debuted in 2009 and grew from 0 to 10 million active users in six weeks.

“It was explosive growth andwe couldn’t get servers fast enough and couldn’t scale to match the needs of Farmville,” Leinwand said. ” Public cloud then became a critical part and allowed us to scale.”

Then in June of 2011, Leinwand realized that Zynga was renting what they could own.

“We wanted to own the base and rent the spike,” Leinwand said.

So, Zynga built their own internal cloud called zCloud. At the beginning of 2011, 20 percent of Zynga players were on zCloud and 80 percent were playing in the public cloud.

“At the end of 2011, the number flipped with 80 percent playing on zCloud,” Leinwand said.

Read the full story at EntepriseAppsToday:
Zynga’s Cloud Journey: Delivering Apps in the Hybrid Cloud

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

InternetNews.com All News

From the ‘When Proprietary Doesn’t Matter’ files:

I’m a big believer in open source and open standards, which is why Juniper’s QFabric is something that I have struggled with. QFabric is Juniper’s proprietary fabric for data centers, one that kinda/sorta compete against Shortest Path Bridging and TRILL.

The fear with anything proprietary is always the lack of choice and vendor lock-in.  It’s a fear that I heard in at Interop this year in a multi-vendor panel about alternatives to Spanning Tree in a loud and clear way.

That’s why my discussion with (former IDC analyst) Juniper’s Abner Germanow was such an eye opener for me. Sure QFabric is proprietary but it doesn’t necessary inhibit or preclude openness on top.

InternetNews.com All News