ITIL v3 Foundations recommended
Last week I followed a course called ITIL v3 Foundations. During three days you get an overview of the ITIL principles and terminology.
If you're busy in the IT services world, I really advise you to follow the course. The things you'll see are usually logic and obvious but putting them all together give a more clear view over the whole process. Another useful extra is that you'll recognize and understand the terminology better. This terminology has become a kind of standard so it's not only 'yet new acronyms to learn' ;-)
Oh, btw, if you subscribe for this course at Dolmen during the summer you'll get the exam for free. More info here. Version 3 is currently given by Tom Segers, next to his daily consultancy for our customers he gives courses regularly and does a great job.
Hacking at Random 2009
Don't forget to reserve a week in your agenda around August 2009. After WTH and CCC2k7 HAR is coming. To stay updated don't forget to subscribe to their RSS feed.
In 1989 a great tradition started with GHP (Galactic Hacker Party), which continued four years later in 1993 with HEU (Hacking at the End of the Universe), HIP (Hacking In Progress) in 1997, HAL (Hacking At large) in 2001 and finally WTH (What The Hack) in 2005. We want to continue this tradition in 2009 with another great outdoor hacker event.
The name is HAR: Hacking At Random 2009.
5 years after a change in attitude
It has been approximately 5 years I finished using stolen or pirated software. I must admit: I love it!
I love the look on the face of others when they hear I have no illegal software on my machine.
I love the feeling of being legit with all that software.
I love to help others do their first steps in this uncommon world.
And no, I love my money and don't spend it when it's not necessary.
It's all about the attitude.
The most difficult part is the attitude that needs to change.
My previous attitude was to look for a well known brand, download the software, crack it and play with it. If it could do what I needed it for I kept using it. But what with all the unused features? What with the price of this software? That's not important, it's "free" says the thief.
Like with everything in this world there are different options you can choose from. But do we have the choice with software?
Sure we have. I usually see two different options: a) use open source software or b) find an alternative that is worth it's price.
Many (almost all) open source software packages are available for free. Many are even of a great quality, but finding the right packet is difficult. There is a great site around called osalt. It's a huge list with well known commercial software and their similar alternatives in the open source world. There is a short description and a list of supported operating systems. Be sure to check out this site and find what you need.
In the rare case it is possible that you can't find what you need, just look around for other software that is less expensive. Dare to try free beta's, usually when pre-ordering you get a reduction.
aether - Mac OS X
On my Mac I have three commercial software packages that need to be payed for. The first one is Mac OS X, but this one I payed for when buying the computer.
The second one is VMWare Fusion. When I was in then need for a hypervisor on my Mac the only open source alternative was Q. Unfortunately it had a huge performance impact on my machine. So I tried Fusion's beta program. The product worked very well and a few months before the final release there was a 50% off from the price of $80 making it $40 or €30 (by then).
Right now you can use VirtualBox as alternative, but that wasn't available yet when I needed it.
The third commercial software is called Bibble. I couldn't find a good open source alternative that ran on Mac and Adobe Lightroom 2 with it's $300 is really to expensive for me. So I bought Bibble that delivers the required features for $130 or €83.
What about the rest? It's fairly simple here's a short list:
- Browsing - Mozilla Firefox
- Email - Mozilla Thunderbird
- Office Suite - OpenOffice.org (or NeoOffice in the past)
- Chat - Adium
- Launcher - Quicksilver
- Notification - Growl
- Video - VLC
- Burning - Burn
- (s)FTP - Cyberduck
- Code editor - Smultron
- Backup - iBackup (not open source, free for personal use)
- ...
sws00448 - Microsoft Windows
This is the computer I have from my company. I'm 'forced' to use many commercial software but they do pay for it. So it's not really my problem. Let's skip that boring non-Office or administrative software if you want.
- Browsing - Mozilla Firefox
- Full-Disk Encryption - TrueCrypt
- Secure Erasing - Eraser
- Office Suite 2- OpenOffice.org
- PortableApps - Portable Apps
- Chat - Pidgin
- Launcher - Launchy
- Video - VLC
- Burning - Infrarecorder
- (s)FTP - FileZilla
- Code editor - Notepad++
- Shell - Cygwin
- ...
neptunus - Linux / Ubuntu
No need to make a list here. For all the software you want just got to the "Add/Remove Software" menu item. In contrary to some other Operating Systems you can really add software in this place.
Conclusion: I changed my attitude
Do I miss something on my machine? No, and I'm really happy with the things I use, and (almost) all for free.
Jump on the bus and try out free software.
Belgian eID to login on Mac OS X
This short howto explains how to use the Belgian eID to login on your Mac OS X machine. In this document I assume your cardreader is detected/installed and you are administrator of your machine. I am using Mac OS X 10.4.11.
Enable SmartCard authentication (only Mac OS X 10.4)
The happy owners of Leopard, Mac OS X 10.5, shouldn't change anything in their configuration file. Just jump to the part about access permissions.
Probably for performance reasons Apple didn't activate SmartCard login by default. So we will need to change a few configuration files to enable it. This procedure is explained on this page. Here's my own documentation with the examples for the Belgian eID.
The instructions in this part should be exactly the same on your system.
$ sudo -s Password: $ cd /etc/ $ cp authorization authorization.20080707.orig $ cp authorization /tmp/authorization.mod
Now edit the temporary file using your favorite editor or by using the graphical editor if you prefer.
$ vi /tmp/authorization.mod $ open -a "Property List Editor" /tmp/authorization.mod
Make the following changes to the mechanisms Array inside the system.login.console rights (Line 452):
After the string <string>builtin:auto-login,privileged</string> add the string <string>builtin:smartcard-sniffer,privileged</string>.
After the string <string>builtin:reset-password,privileged</string> remove the string <string>authinternal</string> then add string <string>builtin:authenticate,privileged</string>
Make the following changes to the "mechanisms" Array inside the "authenticate" rules (Line 649):
Add the following string to the beginning of the array <string>builtin:smartcard-sniffer,privileged</string>
After the string <string>builtin:authenticate</string> remove the string <string>authinternal</string> then add the string <string>builtin:authenticate,privileged</string>
Now copy the file to the right place on your system:
$ cp /tmp/authorization.mod /etc/authorization
You can check the differences here or download the original and modified file (Mac OS X 10.4.11)
$ diff -uN /etc/authorization /tmp/authorization.mod
--- /etc/authorization 2008-03-23 17:53:36.000000000 +0100
+++ /tmp/authorization.mod 2008-07-07 11:19:05.000000000 +0200
@@ -449,9 +449,10 @@
<key>mechanisms</key>
<array>
<string>builtin:auto-login,privileged</string>
+ <string>builtin:smartcard-sniffer,privileged</string>
<string>loginwindow_builtin:login</string>
<string>builtin:reset-password,privileged</string>
- <string>authinternal</string>
+ <string>builtin:authenticate,privileged</string>
<string>builtin:getuserinfo,privileged</string>
<string>builtin:sso,privileged</string>
<string>HomeDirMechanism:login,privileged</string>
@@ -645,8 +646,9 @@
<string>evaluate-mechanisms</string>
<key>mechanisms</key>
<array>
+ <string>builtin:smartcard-sniffer,privileged</string>
<string>builtin:authenticate</string>
- <string>authinternal</string>
+ <string>builtin:authenticate,privileged</string>
</array>
</dict>
<key>authenticate-admin</key>
Access permissions (everyone)
We now enabled SmartCard authentication. The question that remains open is: Who owns what SmartCard?
On the eID card there are two private keys present. One for signing purposes and one for authentication. We will use the authentication key of course.
Go back to your Terminal that was logged in as root and type the following command. This will list the hashes of the keys.
$ sc_auth hash 3F5C816C10AB60926E2E8A3CD9096C1F8AF34C9C PrK#2 (authentication) 35BDB8600FA219204D28FAD856380F6E06123B62 PrK#3 (signature) $ sc_auth accept -u chri -h 3F5C816C10AB60926E2E8A3CD9096C1F8AF34C9C
If desired, more than one smart card can be associated with a single user account by running the script again with the hash from the additional card(s).
We can check if it's OK:
$ dscl . -read /Users/chri ... AuthenticationAuthority: ;ShadowHash;HASHLIST:<SALTED-SHA1,SMB-NT,SMB-LAN-MANAGER> ;pubkeyhash;3F5C816C10AB60926E2E8A3CD9096C1F8AF34C9C ...
Test your configuration
That's it. Save all your open files, log out of the system and connect your SmartCard. You should see the Enter PIN when your card is connected:
Debug info
When entering the cardreader in /var/log/secure.log (open using Console). If you don't see these messages check that your cardreader is configured correctly on the system.
com.apple.SecurityServer: Token reader CCID Smart Card Reader 0 0 inserted into system com.apple.SecurityServer: token inserted into reader CCID Smart Card Reader 0 0 com.apple.SecurityServer: reader CCID Smart Card Reader 0 0 inserted token "BELPIC-534C494E336600296CFF2491AB111E14" (BELPIC-534C494E336600296CFF2491AB111E14) subservice 2 using driver com.apple.tokend.belpic
After a successfull login see these messages:
SecurityAgent[1994]: Showing Login Window SecurityAgent[1994]: User Authenticated: continue login process com.apple.SecurityServer: Succeeded authorizing right system.login.console by process /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app. com.apple.SecurityServer: Succeeded authorizing right system.login.done by process /System/Library/CoreServices/loginwindow.app for authorization created by /System/Library/CoreServices/loginwindow.app.
Links
Apple Smart Card Setup GuideMac OS X 10.4: Enabling smart card login
