OK so I posted before about my ordeal with MythTV and my Sony LCD. Well I moved on and am now trying to tweak the hell out of a Mac Mini and have been having little to no luck getting it up and running. Plus the resources have been sparse to say the least… but after hours (aka days) using DisplayConfigX and SwitchResX but had no luck. Then I ran across this useful thread here. Anyone with an A10 series Sony with a Mac Mini should pay close attention to the timings posted. Specifically of interest to us Mini users:

1232x696: HFP=112 HSW=128 HBP=192 kHz=48 VFP=45 VSW=5 VBP=50 Hz=60

Personally I’m sitting here struggling to get them to work. But I have a feeling that is due to the subtle nuances of my setup. I initially had the Mini going into my Pioneer VSX-82TSX Elite but couldn’t seem to get these timings working. I could write this off to the HDMI implementation in the Pioneer but unfortunately I’m still having without it… Since many report these settings as working with Minis I recommend people try them and please post a comment if they do/don’t work for you. And I’ll update this if I finally get these underscan issues solved.

UPDATE 2007-04-15
Read the complete article »

Two blogs ago I felt the urge to promote something my team was working on at Tresys that was only available for Red Hat Enterprise Linux 4. Well I’m pleased to announce Tresys has released a new version of our Brickwall Security Suite for Fedora Core 6. Not only our standard version, but our professional version as well!

The professional version adds additional SELinux targets, aka protects additional services and daemons, and adds the ability to create a custom policy with little to no knowledge of SELinux.

I highly suggest Fedora users start checking out Brickwall as opposed to listening to most bloggers that tell you to just “disable SELinux by setting the Grub command line to selinux=0″. This is a far superior solution since you have all the security benefits of SELinux with an amazing amount of configurability and ease-of-use.

Check it out.

I was watching MPT tonight and saw something I think is pretty cool. It was started by an ex-Paypal employee, Premal Shaw. The name of the organization is Kiva. So the deal is, using your credit card, you can make a loan to those with businesses in “third-world” countries. I use the term “third world” loosely here.

The loan requests are typically very small. Say a few hundred dollars. Typical requesters run cottage businesses that they are hoping to expand. The requesters must go through a review process before the organization adds them to their site. Then the collective we donates to meet the need of an individual. When the loan request is met the show said most money gets to the requesters in under a week. Looking at the website the average payback period is about 6-9 months. So within that period of time the collective we would have our money back and we could choose to continue to participate by moving on to another loan, or we could hold off until another time.

“Peer-to-peer micro-credit,” qw they call it, appears to be a great solution to a difficult problem. We make small donations, well not even small donations, did I mention the loan default rate is 0% to date, and help others at the same time. While I do encourage out and out donations as well… this is a pretty slick idea.

Been awhile but been busy.

The company I work for just released our first product. It’s an application that makes using SELinux much easier. There are three versions: standard, professional, and enterprise. I think enterprise is pretty damn cool. It allows you to remotely manage SELinux policy for groups of machines from a single location. So you can easily configure different security policies on your payroll machines, your student labs, your network admin boxes, and your web servers and mail servers.

Remember, security doesn’t have to be hard. Try Tresys Brickwall today!

</shameless promotion>

All I can say is word

Well I’ve had it up and running for a while now so it’s probably a good time to post some information. I already had an HD DVR rented from Comcast, a Motorola DCT6412 to be exact. Overall I’m pretty satisified with that box, but it isn’t capable of functioning as a full fledged medai center. So I decided to go with something slightly more free to build my real media center…I opted for MythTV. Just a heads up for those starting a MythTV project, be prepared for some surmountable problems. I ran into some issues that took me days to figure out. But once I got through those it was beyond worth it…. I would even go through it again to get what I have now.
Read the complete article »

Well I booted in XP Pro on my laptop about two weeks ago. I’ve always had the Windows partition and technically dual-booted but haven’t ventured into the “dark side” in about 6 months. While I was having great fun in Gentoo I was not exactly the most productive person while using it. Those of you that know me understand how I have to tweak things and how easily distracted I am. Then there is the whle can of worms that comes with rice burning (XGL, SELinux in enforcing, etc.) So I switched to XP to see how it would affect my productivity.
Read the complete article »

I realized after posting the first article in this series that I gave very little indication on where I plan to head with this subject. So perhaps a game plan is an order.

Errata: At the beginning I planned to focus on the environment and SELinux. I hoped to explain how certain types of applications still remain vulnerable to environmental contamination even in the face of MAC like SELinux. This would simply involve a discussion of the environment, the noatsecure permission (or lack thereof), and those environmental factors which are handled by this permission and those that are still capable of influencing execution. However, after starting the article I realized that such an explanation would stop short, probably being of little value to readers in the end and leaving me feeling slightly unsatisfied.

We started in the first article by exploring the environment, the linker, and the names of the environment variables that can influence the execution. In this article we will be discussing the kernel code that facilitates enforcement of some level of environmental protection in userland. After discussing the kernel the next article will jump back into the userland and glibc and delve into the similarities between suid/sgid protection and the SELinux noatsecure permission. Finally I would like to wrap up with what started all of this, a discussion about environment vulnerabilities that still exist even in the presence of strong MAC like SELinux; this will focus on scripting and interperted languages. I apologize for the administrative errata but I wanted to layout a road map. Now, onto the kernel discussion…
Read the complete article »

While working on the second article in the environmental contamination series I found that 1/2 of the article was spent wading through the security structure and Flask implementation in the kernel. Since this is an important and recurring topic I figured I would split it out into a separate article and just link to this from future articles. I want to warn you, as most shallow explanations of kernel mechanisms, this may seem confusing since some details are left out. I encourage you to explore these on your own until you have satisfied your craving.

When it comes to making certain security decisions the kernel makes use of capabilities or other mechanisms (such as SELinux) which render a decision that the kernel then enforces or passes off to userland for use there. The kernel asks for these decisions through function calls or “hooks”. We need to have a rudimentary understanding of how these hooks work if we’re to understand how the security mechanism behind SELinux.
Read the complete article »

Environmental contamination is a constant threat with conservatives in power (just kidding… seriously). Over the next few articles I will attempt to clarify the impact the environment has on the execution of a program. The environment is a fairly complicated subject so this article will be broken into several parts (I’m guessing about three). So without further ado…

We’re all familiar with the environment on a typical Unix system. The environment is full of “stuff” like variables, command line arguments, parent process ID, etc. Many of these are things you can look at by typing things such as export in a bash or env in csh or by just reviewing the arguments you pass to a program on the command line. Briefly all this information is stored in a section of memory that is persistent across execv()s. Something you may or may not be aware of is the impact that this can have on the execution path of a program. Perhaps, through experience, use, or instinct, you know that an application can read and utilize the information from the environment. A trivial example would be DISPLAY environment variable that we have all had to tweak at one time or another. When you run xterm that variable is used to determine which display device should be used. However, the environment is not only capable of changing the execution path in some trivial, often benign fashion, but is also quite capable of changing the entire application. If we view a running applications as a state machine, a candy vending machine for example, then we typically imagine the most someone can accomplish by tampering with the environment is perhaps getting a free candybar by kicking it hard enough. However, the environment offers so much more to a opportunistic and astute nare-do-well. By carefully contaminating the environment it is quite possible to turn that candy vending machine into an ATM, a complete change of the entire state machine.
Read the complete article »