In a nutshell, hype driven development (HDD for short) has been a long-standing buzzword — or anti-buzzword? — that’s been humming around for years, but Kirejczyk — the VP of Engineering at a small dev shop — tried to capture it with a definitive essay.
HDD happens when a development team picks the “newest, hottest technology” to use on a project, based on how the technology is trending on Twitter, or on a number of enthusiastic blog posts or conference talks.
Sysadmins, no matter what platforms they work on, are awash in great open source software tools. In this article, we highlight well-knownand not-so-well-knowntools that have released new versions in 2016. …
Vim
Just because the Windows/Linux battle has been laid to rest, that doesn’t mean the editor wars are over, too. The venerable Vim editor, which celebrated its 25th birthday in November, is still under active development. This year saw the release of version 8, the first major release in a decade. Vim 8 brings features such as support for GTK+ 3 and DirectX, asynchronous I/O for plugins, and jobs.
I was in Google Docs collaborating on a resume for a Resume Raiders client the other day when a comment popped up regarding soft skills. The client was a highly accomplished mobile developer with many years of experience, and he wanted to be sure that his “abilities to communicate with clients, present ideas, and collaborate on designs and specifications” were prominently featured on the resume.
It’s incredibly difficult to demonstrate soft skills on a resume, and spending significant amounts of resume space in an attempt to do so is typically ineffective.
This week in open source and Linux news, Steven J. Vaughan-NIchols challenges the critics of the new Linux Foundation-Microsoft membership news, Fedora 25 is easy for newbies to use, and more. Keep reading for all the latest top OSS news!
1) Steven J. Vaughan-Nichols challenges the Microsoft challengers.
Fedora 25 makes Linux easy for n00bs. Read what else Alex Campbell has to say about the distro in his article for PCWorld.
2) “The Fedora community created one of the smoothest Linux Installation experiences ever [with Fedora 25.]”
4) “The Node.js Foundation announced major milestones toward allowing the solution to work in a wide variety of VMs at the Linux Foundation’s Node.js Interactive conference this week.”
Network and security administrators rely heavily on their tools. Without the right tools, that brilliant mind can only do so much. But what tools are the best for the job of forensics or testing? As you probably know, the list of such tools is extensive and often times it’s a matter of experimentation, review, and guesswork.
That’s where the likes Parrot Security come in. Parrot Security is a complete distribution, based on Debian Jessie core, which includes software for cryptography, cloud, anonymity, digital forensics, programming. The software list alone should be enough to have security and network admins rushing to download a copy.
Anonymous mode start
I2P
Two Cents Crypto
ZuluCrypt
EtherApe
Ettercap
King Phisher
Tor Browser
TorChat
Wireshark
XHydra
Zenmap
debmod builder
Parrot Cloud Controller
Spectrum Tool
And that’s just from the standard menu entries. Dive into the Parrot submenu (Figure 1) and you’ll find an astonishing array of tools.
Figure 1: The Parrot submenu of the main menu.
Parrot as distribution
Beyond the testing, auditing, and programming tools, what you’ll find in the Parrot distribution is a rock solid system. Parrot is based on Debian 9 and includes a custom hardened Linux 4.6 kernel. This is a rolling release upgrade distribution that uses the MATE desktop and the Lightdm display manager…all presented with custom icons and wallpapers. It’s pretty and it’s powerful.
The system requirements for Parrot are:
CPU: x86 with at least 700Mhz
Architecture: i386, amd64 (x86-64bit), 486 (legacy x86), armel, and armhf
RAM: At least 256MB for i386 and 320MB for amd64. 512MB recommended
GPU: No graphic acceleration required
HDD: ~16GB required for installation
BOOT: Legacy bios preferred
Parrot can be run as either a live distribution or installed on a standard desktop. When you first fire up the image, you will see a boot screen unlike any you’ve ever seen (Figure 2).
Figure 2: The Parrot Security boot screen.
From the boot screen, you can start Parrot as either a live instance, run it in text mode, run it live with persistence (any configurations you make will be saved), Live with encrypted persistence (so your configuration options cannot be viewed by others), a non-invasive forensics mode, an aggressively anonymous mode, or a failsafe mode. You can also install directly from the boot menu.
If you run Parrot as a live instance, you can then install the distribution to your hard drive by going to Applications > System Tools > Install Parrot Security OS.
One of the issues I discovered is, out of the box, the screen will lock after five minutes. It took me a while to discover that the default live credentials are root/toor. Before discovering those credentials, I had to unset the screen locking (otherwise I was having to constantly reboot after five minutes of inactivity).
The installation of Parrot can hiccup out of the gate. After using Parrot as a live instance, I went to install, only to discover the kernel had upgraded from 4.6.0 to 4.7. The Parrot installer can only be used if the kernel versions of the live system and the installer are the same. The best way to successfully install Parrot Sec is to go directly to Install from the boot menu. This will ensure your kernels match. You can run the standard installer (an NCURSES installer) or a GTK installer (GUI). Either installer will work like a charm and installation is fairly fast. NOTE: Installing Parrot Security on as a VirtualBox instance failed every time, so your best bet is to either run the distribution live or install it on a standalone system.
Once installed, you’re ready to take advantage of the Parrot Platform.
One really nice feature of Parrot Sec is the anonymous mode. While running either a live session or from a fully installed sesion, go to Applications > Anon Surf > anonymous mode start. Once in anonymous mode, Parrot Security will automatically route all of your traffic through TOR (including your DNS requests so to prevent DNS leaks).
I ran a quick test of the anonymous mode. Before starting the mode, I ran a ping on google.com to see standard results. Afters starting up the anonymous mode, I ran the same ping to see very different output (Figure 3).
Figure 3: The difference between a ping with Anonymous mode off and then on.
Parrot as testing platform
As a testing platform, Parrot excels beyond any normal expectations. All you have to do is venture into Applications > Parrot and you’ll immediately see how capable a testing platform you have in Parrot Security. This distribution comes with nearly every tool you could possibly need to test your network and systems. It is from this menu that you can tackle serious work: Information gathering with DNS analysis, IDS/IPS Identification, Live Host Identification, OSINT/Route/SMB/SMTP/SNMP/SSL analysis; Vulnerability analysis with Cisco Tools, Fuzzing Tools, OpenVAS Scanner, Stress Testing, VoIP Tools; Web Application Analysis with CMS & Framework Identification, IPv6 Tools, Web Application Proxies, Web Crawlers & Directory Bruteforce, Web Vulnerability Scanners.
Each tool in the Parrot menu is a full-blown application, ready to use. Take a look into Applications > Parrot > Exploitation Tools and you’ll see an impressive list of applications including the likes of armitage (Figure 4 — a scriptable collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework).
Figure 4: Scanning a host with armitage.
Parrot as programming platform
But don’t think Parrot Security is a distribution designed solely for those who want to audit the security of their network and systems. This Debian-based distro packs plenty of programming punch as well. You’ll find interpreters and compilers for the most popular languages. Programming tools include:
Arduino IDE
Atom
Ferret
Geany
GNU Emacs 24
GRC
Ipython
PyCrust
Qt Creator
SQLite database browser
USBprog
XRCed
Beyond that, programmers will find one of the handiest tricks to ever grace their desktops. If you right-click a blank spot on the desktop and click Create Document > prog, you’ll see that you can create documents from a number of programming-centric templates (such as, assembly, Bash-sh, C, C++, header, Java, ObjC, Perl, etc. — Figure 5).
Figure 5: Creating a new document from one of the programming templates is simple.
This will create a file with the necessary extension, for the language you want work with, on your desktop. Right-click that file and then click Open With and then select your tool of choice. The template you choose will include some basic elements necessary for that language.
This is what you’ve been waiting for
If you’ve grown frustrated with your testing platform of choice letting you down, you cannot go wrong with Parrot Security. It’s only been around since 2013, but it’s made some remarkable strides in those short three years. Spin up an instance of this testing/programming-centric distribution and see if it isn’t exactly what you’ve been waiting for.
Advance your career with Linux security skills. Check out the Linux Security Fundamentals course from The Linux Foundation.
This year, more than 20,000 tech professionals gathered at 150 Linux Foundation events worldwide to learn and share open source technologies and best practices. Held in 46 cities across 14 countries — from the U.S. and Canada, to Germany, Spain, China and Japan — Linux Foundation events are where the creators, maintainers and practitioners of the world’s most important open source projects meet.
As 2016 comes to a close, we have taken a look back at some of the highlights from this year’s events and compiled 10 great moments into a photo gallery, including the 25th anniversary of Linux Gala, the first Kids Day at LinuxCon, and Cory Doctorow speaking on FLOSS. Please share your favorite moments with us in the comments!
Thanks to all of the speakers, attendees, sponsors, and staff who made 2016 the best year yet for The Linux Foundation’s open source events. We look forward to seeing you all again in 2017.
Who is the market leader in IT monitoring? You won’t find the answer to that question in this article.
With a wide range of functionality being offered for multiple audiences, our priority is to provide clarity about who wants what. The New Stack is seeing two contradictory patterns. Many companies are trying to create a full stack of monitoring services, but there is also a desire to have a composable infrastructure.
We believe these trends will continue. The lines between infrastructure and application monitoring will continue to blur, but task-specific tools will gain prominence. Perhaps the biggest factor in how these changes unfold is the job roles of the people using the monitoring software.
“DevOps isn’t any single person’s job — it’s everyone’s job.” What does DevOps mean for Atlassian and what shapes the company culture? How do departments support DevOps and what are the usual DevOps aspects that aren’t part of the company values? We invited Ian Buchanan, Developer Advocate, Integration Specialist for Atlassian’s DevOps Ecosystem to weigh in on Atlassian’s road to DevOps and to debunk some of the myths surrounding this movement.
First described by Martin Fowler back in 2010, blue-green deployment is a release technique that reduces downtime and risk by running two identical production environments called Blue and Green.
Fast-forwarding to 2013, Danilo Sato from ThoughtWorks published on their blog a very insightful article that describes how to implement blue-green deployments using AWS. We, at Mitoc Group, are working primarily with serverless computing from AWS, and today we’d like to share our experience using blue-green deployment process for serverless powered applications.
OpenStack is on a six-month release cycle, with each release given a code name starting with consecutive letters of the alphabet. On October 7th, OpenStack Newton was released. Let’s look at a few highlights from OpenStack’s 2016 Newton release.
In addition to the usual enormous number of incremental improvements, the Newton release focused on ease of deployment and usability improvements, as well as improved container-management tools. It also added the Tacker project, for deploying and managing virtual network functions (NFV) on OpenStack.
