2/02/2010

Training@Munich

Next week I will bee in Munich, teaching SCB, syslog-ng and SSB. From three country (Germany, UK and Switzerland) in two turns 12-13 colleges are coming. I am preparing the slides, because we have only two days for syslog-ng and SSB insted of three. So I will skip a few less important parts and we will have some overtime too. I'll post some pictures. Bye.

2/01/2010

Kick-off 2010

As my colleges already posted we kept our annual (almost traditional) kick-off conference. We had two sections for Hungarian and foreigner partners/guests. I gave three speaches (syslog-ng in Hungarian and about the trainings in English and Hungarian). I almost know everybody on the very successful event. At least we have changed some mails and a lot guys already attend my trainings. In addition to meeting a lot of partners we kept a brainstorming about the future of Zorp what I liked very much. We asked our partners opinion about Zorp and we learnt a lot important facts about us. Sometimes it is very useful to see how outsiders see us. We also have many guests from abroad (from Dubai, Germany, Italy, UK, US, Thailand and even from Kenya!). A very funny thing happened. In Budapest now there is a lot of snow. In Thailand and Kenya it is not very frequent;-) therefore I asked them if they have ever seen any snow. The guy from Kenya said he is not willing to go out from the Hotel at all. (Finally we managed to persuade him to ho to a site-seeing tour finally -- Hope he did not regret!). So I asked him if he have aver seen snow. And he answared: Yes! In Dubai at the Mall of the Emiartes, but only throughout glass! LOL!

1/22/2010

CISSP learning group

We start a self training group next Wednesday. Our goal is to prepare ourselves to a future CISSP exam (probably this autumn). Thi ida came that it is so uncomfortable to prepare alone. There is always something more important than reading the book, watching the DVD or filling the tests. So I asked some colleges to join and set a learning group. Fortunately a log guy are interested. So a few people from Kürt, Balabit, Invitel and Rubin have joined. At this moment we are mor than 10!;-) We will use the book and the DVDs by Shon Harris. In addition we are planning to read the official ISC(2) CISSP CBK. Feel free to join the group, just drop me a mail. I plan to write some posts about the preparation process.

1/06/2010

Happy New Year!

And Happy New Trainings in 2010! We have published the training schedules for Q1-2. (trainings in Munich soon - SSB-SCB 9-12/02/2010). We have changed a few little things:
  • We offer Zorp Non-GUI trainig.
  • Parts of Zorp Expert trainig (BCZE1-2) are not held on the same week therefore we can have a rest between them.
We are also plan the year. A few idea we have:
  • Online exams therefore we do not need papers and local presense.
  • Online SSB, SCB and syslog-ng PE training.
  • New screencasts.
In addition we steel visit universities and we give lectures this year too:
  • BME-TMIT
  • BME-AUT
  • BMF
  • Széchenyi István Egyetem, Győr
I am glad to see this year seems to be very busy year again:-)

12/16/2009

Private life in the shoping cart

I have seen an interesting video on indexvideo (sorry, it is hungarian) a few days ago. An intelligent shopping cart was developed in a research institute of BME (the Hungarian University of Technology). It has the capability of recognizing all the products in it and can write the sum you pay. A lot people likes this amazingly comfortable product and there is no doubt it could speed up the shopping (the payment) process. For me breadline is one of the most boring "activity" I can imagine. However a few people think it could be a new threat to our privacy. Is that possible we slowly get use to living without private life?

In the begining we lived in small villages and we really meet each other when we really needed it. During the times we slowly moved closer to each other. Because of the pressure a few people moved so close (I mean blocks of flats) that they even know everything about happenings in the neighbor, like who went to the toilette and who are hungry. A friend of mine said its the "beehive feeling", one of his observation was threat during the TV ads hundreds of lights are up in the kitchens or on the toilettes.

The next revolutionary development was the telephone, which provided a direct connection between the outside world and the living room. Of course it is not mandatory to answer, but when I was a child there were no caller ID display neither mute function. Then the power of telephony was extended by mobile technology. Wifes, husband family and our boss can reach us at every moment of the day. Even with the cell information there is a possibility to track where were you. If you are lucky enough your activity is recorded by hundreds of public camera.

For those it is not enough, we have many social networking sites we can join. You can "contact" to your relatives, friends and business partners. You can upload pictures and share many intimate parts of your life. In my opinion this is the point we loose the idea of intimacy. A lot people write blogs or micro blogs (like me:-), where they share with whom and where they have lunch together and what they though about their boss on the morning meeting, maybe the count the day until the summer holiday. To do that you do not need to wait until the and of the meeting because your phone app can do the job and the messages is flying to the information superhighway. Of course some bad guys on the net can hardly wait for your blogpost 'cause they would like to visit you flat. Maybe they can find some useful gadgets they could use.

Finally the most paranoids throw up the sponge as soon as the start using the biggest search giant's apps like mail, health, gallery, video share, OS, blog engine;-) and so on. Of course these are comfortable but we hardly think about our privacy. And now comes the shopping cart!

Shops uses RFID stickers against shoplifting, which identifies the the product you buy. The base of the mechanism is there is a chip in the stickers and an antenna. It receives energy from the radio waves and the code is responded by the antenna (that is the passive transponder). We need no galvanic connection just an antenna. That is the wide spread defense against shoplifting but it is used for different purposes. Modern passports (even the Hungarian) contains RFID chips which speeds up the administration. The data stored in the chip can by anything. EU in the future will store biometric informations too (after 9/11 it was not too difficult to make politicians to vote it). I do not know if I have to be happy that terrorist can make a better score, decreasing collateral damage. Everything for the effectiveness!

The indexvideo I mentioned contains the same RFID chip. On the Defcon a few guys showed an antenna the even from 20 meters (around 70 feet) these signals can be received. With this capability well equipped people can exactly tell what we carry home in our bag, which is my car even they do not have to break in to my flat to know which kind of TV I have. (Guys who read me! It is not the last model... does not worth it!)

http://blog.makezine.com/archive/2005/07/_defcon_rfid_world_record.html
http://blogs.pcworld.com/staffblog/archives/000798.html

Thats is why I am a bit doubtful abut such new technologies. Am I the only who thinks the world is so bizarre? I do not makes me calm that a big part of it are completely voluntary. Believe me I am not paranoid. They are really about me.

10/28/2009

Free Software Conference 2009

Free Software Conference is coming next saturday at BME I. It starts at 10 o'clock. I am talking about syslog-ng OSE, topic is parser/rewrite/pattern-db questions. I will take my notebook so there will be a workong environment. Let's meet there!

UPDATE: Uppon the votes of the audience, I got (shared) the best presenter/presentaion award. Thx to the audient and FSF.hu.

10/09/2009

Let's compare syslog protocols

Here is a small comparsion of syslog protocols. I hope it is userful!

Standard solutions

RFC3164:
pro:
  • wide spread;
con:
  • UDP;
  • not authenticated;
  • not ecrypted;
  • no application level acknowledgement;
  • no transport level acknowledgement (UDP;
  • incomplete format;
  • not supported utf8;
  • not supported multi line messages;
RFC3195:
pro:
  • authenticated (SASL);
  • encrypted (SSL);
  • applicaltion level acknowedgement;
con:
  • achknowledgement by messagese (big overhead);
  • XML format (big overhead in small devices);
  • incomplete format (same as RFC3164);
  • not supported utf8;
  • not supported multiline messages;
  • not wide spread;
RFC5424 (only format definition):
pro:
  • complete format (timestamp, fqdn, strucutred);
  • supported serial numbers;
  • supported utf8;
  • supported multiline messages;
RFC5425 (aka RFC5424 over TLS):
pro:
  • RFC5424 format;
  • authenticated (mutual authentication in SSL/TLS);
  • encrypted;
con:
  • no application layer acknowledgement;
RFC5426 (aka RFC5245 over UDP):
pro:
  • same as 5424;
con:
  • not authenticated;
  • no transport layer acknowledgement;
  • no application layer acknowledgement;
  • not encrypted;
Non standard solutions

RFC3164 over tcp:
pro:
  • uses TCP insted of UDP (transport layer acknowledgement);
con:
  • not authenticated;
  • no application layer acknowledgement;
  • not encrypted;
  • uses RFC3164 (with all the drawbacks);
  • non RFC;
RFC3164 over tls:
pro:
  • encrypted;
  • authenticated (mutual authentication in SSL/TLS);
con:
  • no application layer acknowledgement;
  • uses RFC3164 (with all the drawbacks);
  • non RFC;
RELP:
pro:
  • application layer acknowledgement;
con:
  • version: 0.0.1;
  • not wide spread;
  • non RFC;