One of the most important parts of the computer is the Master Boot Record (MBR). This little known hero is responsible for starting our operating systems – without it your Windows or Linux operating systems would not start. In this post one will attempt to explain how the Master Boot Record is structured and how it works. The post is an education for me, as what I’m about to write has been freshly researched due to my odd impulse to give the MBR its five minutes of glory. Continue reading “Overview of the Master Boot Record”
SSH is the preferred method for providing remote shell services such as command execution. Designed as a replacement for the old-school insecure Telnet protocol SSH provides an encrypted secure connection between client and server. Although, far more secure than its for-farther, there are some extra steps you can take to increase out-of-the-box setting to increase the level of security.
The following assumes a fresh installation of CentOS 6. By default the SSH service is not enabled. To enabled the service you need to start the service. To do this run the following command as the root user within a terminal:
service sshd start
To configure the system to start the SSH service at start-up you can run the following:
chkconfig sshd on
The service will now accept connections from clients. The configuration of the service is controlled by the contents of a configuration file called ‘sshd_config’ located within the folder ‘/etc/sshd/’. Open this file using the editor of your choice. Read more
It’s fair to say that the quality of your code has a direct correlation to the success of your product. Products crafted to a high quality using proven techniques and industry accepted standards have a better chance of succeeding. This applies to any field; be it. car production, joinery and most certainly software development. Read more
<breakfast_menu><food><name>Belgian Waffles</name><price>$5.95</price><description>two of our famous Belgian Waffles with plenty of real maple syrup</description> <calories>650</calories></food><food><name>Strawberry Belgian Waffles</name><price>$7.95</price><description>light Belgian waffles covered with strawberries and whipped cream</description><calories>900</calories></food><food><name>Berry-Berry Belgian Waffles</name><price>$8.95</price><description>light Belgian waffles covered with an assortment of fresh berries and whipped cream</description><calories>900</calories></food><food><name>French Toast</name><price>$4.50</price><description>thick slices made from our homemade sourdough bread</description><calories>600</calories> </food><food><name>Homestyle Breakfast</name><price>$6.95</price><description>two eggs, bacon or sausage, toast, and our ever-popular hash browns</description><calories>950</calories></food></breakfast_menu>
<breakfast_menu> <food> <name>Belgian Waffles</name> <price>$5.95</price> <description>two of our famous Belgian Waffles with plenty of real maple syrup</description> <calories>650</calories> </food> <food> <name>Strawberry Belgian Waffles</name> <price>$7.95</price> <description>light Belgian waffles covered with strawberries and whipped cream</description> <calories>900</calories> </food> <food> <name>Berry-Berry Belgian Waffles</name> <price>$8.95</price> <description>light Belgian waffles covered with an assortment of fresh berries and whipped cream</description> <calories>900</calories> </food> <food> <name>French Toast</name> <price>$4.50</price> <description>thick slices made from our homemade sourdough bread</description> <calories>600</calories> </food> <food> <name>Homestyle Breakfast</name> <price>$6.95</price> <description>two eggs, bacon or sausage, toast, and our ever-popular hash browns</description> <calories>950</calories> </food> </breakfast_menu>
xmllint --format foo.xml
This is the final part of “Getting involved with Fedora”. Parts one to four covered the steps required to install Fedora into a virtualization system running on Windows 7. Part four also explained how to register an account with Fedora’s bug-tracking system. In this post one intends on testing the Fedora system with the hope of finding a defect in one of its software packages.
What to Test?
One of the hardest parts of testing a huge system such as Fedora is being focused. In my experience it’s best to focus your attention on one software package at a time. The more you tinker with the same package the more knowledge you gain about that package. As knowledge is power I would expect your bug finding skills to benefit from knowing the inner workings of any given package.
In order to test a package it is essential to understand the expected behaviour. This normally means understanding the inputs and outputs. Take for example the user and groups management utility system-config-users. This software package aims to provide system administrators with an interface for creating and maintaining users and groups. Therefore, if we can make it fail its goal we’ve found a bug!
Finding a bug?
I’ve already found a few bugs with the system-config-users utility. Here are the steps I performed to uncover one such bug:
Start system-config-users by selecting the GNOME menu option Application->Other->User and Groups:
This is part four of a series of posts which explains how to get involved with the Fedora project. In the previous three posts (1, 2 and 3) one has explained how to install and configure Oracle’s VirtualBox software and how to install Fedora as a virtual machine. In this post one will explain how to register an account with Fedora’s bug-tracking system. This will allow us to feedback our findings when we start testing.
Red Hat Bugzilla is a bug-tracking system and is used to submit and review defects that have been found in Red Hat distributions. This includes Fedora because it is a Redhat sponsored company. In fact, Fedora acts as an experimental arm that complements Redhat’s enterprise grade operating system. The goal of the bug-tracking system is to allow you to submit a defect which has not been reported yet. Defects will go directly to the engineer responsible for the component you filed the defect against. Engineers have many responsibilities and will get to your defect in due time; thus, don’t expect an instance response – unless you find a super-critical bug.
Registering an account
In part one and two of this series one explained how to download and install Oracle’s VirtualBox software, I then covered the steps required for downloading the latest Fedora operating system. And, finally I explained the steps needed to set-up VirtualBox in preparation for installing Fedora. In this post I’ll continue the series by showing how to install Fedora into the newly created virtual machine.
Installing Fedora into VirtualBox
Installing Fedora is pretty simple. Fedora provides a multi-step wizard approach. Within this post I’ll cover each step and explain the actions to choose during each stage. Before we can install Fedora we first need to start the virtual machine. Remember, we downloaded the Fedora Live CD which when started will load Fedora into memory. Therefore, we’ll be able to use Fedora in its ‘live’ mode; but, it is not installed. Therefore, I will explain how to permanently install Fedora from within the ‘live’ mode.
Powering on the Virtual Machine
Starting Fedora’s installation wizard
Eventually the installation wizard will confirm the completion. Before rebooting please ensure you remove the virtual CD/DVD from the drive. This can be done from VirtualBox’s menu by choosing the men option Devices->CD/DVD Devices->Remove disk from virtual device. Once removed hit reboot.
Although Fedora 16 is installed there are some final configuration screens to complete. After reboot the first of these screens is:
The installation and configuration is now complete. Fedora is now fully installed into our virtual machine. In the next step we’ll complete the last phase of our preparation prior to testing which is registering an account on Fedora’s bug tracking system. This will permit us to log any bugs we find.
In part one of this series one explained how to download and install Oracle’s VirtualBox software. Part two (this post) focuses on downloading the latest Fedora operating system and then explains the steps needed to set-up VirtualBox in preparation for installing Fedora.
Installing Fedora is pretty simple; however, you will first need to get a copy of Fedora. In my experience the easiest way to get a copy of Fedora is to download the latest version directly from the Fedora website. At the time of writing this post the latest version was Fedora 16 and the download page can be found at the following URL http://fedoraproject.org/get-fedora.
Creating a virtual machine in VirtualBox
I’ve dabble with open source involvement for a while and thought it would be beneficial to others to share one’s experience. Hopefully, this may inspire others to follow! In this post one intends to cover the steps I followed to get involved with the Fedora project. The path I have taken focuses on installing the latest Fedora release and testing it. In order to open this up to largest audience I will show how to install Fedora into a virtual environment within a Microsoft Windows environment. Once I have the latest Fedora operating system installed, I’ll discuss some basic testing techniques and hopefully spot a software bug. Once we’ve detected a bug I’ll cover the bug reporting tools used by the Fedora project. From this we’ll hopefully see our testing and bug reporting efforts be assigned to and fixed by one of the Fedora software developers. Heck! We might even open the source code ourselves and generate a software patch to fix the problem.
Getting set-up with a virtualization software package
VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. It’s important to note at this point that VirtualBox is not the only virtualization product on the market. Alternatives include VMWare Server, Xen, KVM and Microsoft’s Virtual PC. Before we delve any deeper, let me re-iterate that this routine assumes you are running Windows 7 and wish to installed Oracle’s VirtualBox. In theory, this routine should work on earlier version of Windows too.
Download VirtualBox. At the point of writing this post the download page could be found here.
In part one of this post we installed and configured MySQL and installed the required package for our web-server (http). In this post I intend on explaining how to configure the web server (httpd), ensuring the default httpd website is accessible to the public. Once httpd is configured we’ll replace the default page with a simple HTML login form and we’ll also code a simple PHP login processor which will be vulnerable to SQL injection. I’ll then demonstrate how to carry out the SQL injection attack and finally discuss how to prevent it!.
Installing a basic web-server with PHP support
In step one we installed the core web-sever packages: httpd, php and php-mysql. By default the web-server (httpd) is configured to not start at boot e.g.
chkconfig --list httpd httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
We’d like our web-site to be available after a reboot,so let’s modify this – again the chkconfig utility can be used:
chkconfig httpd on
In addition to the web-server starting automatically we also want the public to be able to access our web-site. By default the firewall on Linux (iptables) will not permit external access to the httpd daemon. Thus, we need to open up port 80. This is achieved by modifying the file /etc/sysconfig/iptables as follows:
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
In the example above I simply added the highlighted line which instructs the firewall to accept traffic on port 80. To activate this restart iptables e.g.
service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
We are now ready to start the web-server for this first time:
service httpd start Starting httpd: [ OK ]
Once started it is wise to ensure the default web-site is available. This can be achieve by browsing to your IP address. You should see the following: