LinuxJournal January 2016 VK Com Stopthepress
LinuxJournal January 2016 VK Com Stopthepress
LinuxJournal January 2016 VK Com Stopthepress
AUTOMATE
Full
Disk
Encryption
+
Since 1994: The Original Magazine of the Linux Community JANUARY 2016 | ISSUE 261 | www.linuxjournal.com
IMPROVE
File Transfer Enhance
Client-Side
Security Performance
for Users
Making
Sense of
Profiles and
RC Scripts
ABINIT for
Computational
Chemistry
Research
Leveraging
Ad Blocking
Console Access
V
GEEK GUIDES
http://geekguide.linuxjournal.com
DIY Combating
Commerce Site Infrastructure
Author:
Sprawl
Reuven M. Lerner Author:
Sponsor: GeoTrust Bill Childers
Sponsor:
Puppet Labs
FEATURES
50 Secure File Transfer 72 Transferring Conserver
Use RFC 1867, thttpd and Stunnel Logs to Elasticsearch
to improve security. Auditing serial console access in
Charles Fisher real time.
Fabien Wernli
32 Dave Taylor’s
Work the Shell
Planetary Age
36 Kyle Rankin’s
Hack and /
Full Disk Encryption
40 Shawn Powers’ 17
The Open-Source Classroom
Profiles and RC Files
IN EVERY ISSUE
8 Current_Issue.tar.gz
18
10 Letters
14 UPFRONT
24 Editors’ Choice
46 New Products
ON THE COVER
0TWYV]L-PSL;YHUZMLY:LJ\YP[`W
(\KP[:LYPHS*VUZVSL(JJLZZW
(\[VTH[L-\SS+PZR,UJY`W[PVUW
,UOHUJL*SPLU[:PKL7LYMVYTHUJLMVY<ZLYZW
4HRPUN:LUZLVM7YVMPSLZHUK9*:JYPW[ZW
()050;MVY*VTW\[H[PVUHS*OLTPZ[Y`9LZLHYJOW
3L]LYHNPUN(K)SVJRPUNW
24
LINUX JOURNAL (ISSN 1075-3583) is published monthly by Belltown Media, Inc., PO Box 980985, Houston, TX 77098 USA. Subscription rate is $29.50/year. Subscriptions start with the next issue.
Contributing Editors
)BRAHIM (ADDAD s 2OBERT ,OVE s :ACK "ROWN s $AVE 0HILLIPS s -ARCO &IORETTI s ,UDOVIC -ARCOTTE
0AUL "ARRY s 0AUL -C+ENNEY s $AVE 4AYLOR s $IRK %LMENDORF s *USTIN 2YAN s !DAM -ONSEN
Advertising
E-MAIL: ads@linuxjournal.com
URL: www.linuxjournal.com/advertising
PHONE: +1 713-344-1956 ext. 2
Subscriptions
E-MAIL: subs@linuxjournal.com
URL: www.linuxjournal.com/subscribe
MAIL: PO Box 980985, Houston, TX 77098 USA
break down
your innovation barriers
power your business to its full potential
When you’re presented with new opportunities, you want to focus on turning
them into successes, not whether your IT solution can support them.
Peer 1 Hosting powers your business with our wholly owned FastFiber NetworkTM,
solutions that are secure, scalable, and customized for your business.
2016: a
SHAWN POWERS
Long Year
I
know you’re expecting a sarcastic calculations this issue and explains how
comment about an election year in to determine your age on other planets
the US making it seem longer than programmatically. There’s more to it than
normal, but no, 2016 is literally a longer that, but whether you plan to stay on Earth
year than most. (Although that bit about or migrate to Mars, learning to calculate
it seeming even longer has some merit.) with the date command will be a useful
What better way to start this bonus-sized skill no matter where you live. Speaking of
year than with an issue of Linux Journal? time, Kyle Rankin gives a lesson in how he
I’m not a fan of resolutions, but I do have spent many hours saving a few minutes.
a challenge for you: learn something new More specifically, he teaches how to use
this year. Personally, I plan to learn more the Debian preseed procedure to automate
about development. I dabbled in 2015, disk encryption and partition creation. It
and it’s given me the urge to learn more. sounds like something that wouldn’t be
Reuven M. Lerner is the perfect author too complicated to automate, but Kyle
to join on a journey like that, and this found it was a messy rabbit hole. His
month, he teaches how to help improve column should at least provide a flashlight
client-side performance on your Web if you decide to delve into a similar hole.
applications. Sure, we could buy everyone I took a note from my own challenge
faster computers, but Reuven shows that this month and learned the exact way Linux
there are better (and cheaper) ways to systems deal with profile and RC files. It
accomplish client-side improvements. seems like a trivial thing to learn about, but
Dave Taylor does some really cool it turns out that the procedures for loading
profiles and such are fairly complicated. I
VIDEO: was tired of just copy/pasting information
V
some into RC files, so I decided to get to then goes on to describe the process for
the bottom of how those preference files consolidating log files into searchable
are loaded. This month, I share the fruit of archives and even shows how to integrate
my labor and hope to demystify the shell- console logs into a real-time monitoring
based config files for everyone reading. solution. If you manage a large number of
Encrypting filesystems and salting servers via console or serial (even over the
hashes are common ways to protect LAN), you’ll want to read his article.
DATA ON A SERVER 1UITE HONESTLY WERE Doc Searls finishes the issue by discussing
beginning to see the value in encrypting the ramifications of ad blocking on the
local data, and it’s becoming common modern Internet. If you browse the Web,
for servers to be secured more than ever chances are pretty good that you use an
before. Unfortunately, most security ad blocker to make your experience more
breaches aren’t happening on the local pleasant. Blocking ads means blocking
machines; rather, they’re happening over revenue for content creators, and rather
the network. It doesn’t matter how secure than pretending it’s not an issue, we need
your local filesystem might be, if you’re not to figure out how to respond in a way that
transmitting and receiving data in a secure is useful both to consumers and content
way, no amount of local encryption will creators. As usual, Doc has incredible
protect your data. Charles Fisher not only insight, and you’ll want to check it out.
exposes the weaknesses with traditional file This first issue of Linux Journal in 2016
transfer methods, but he also explains how may be brand new, but it still has all the
to shore up network transfers when sending tech tips, product reviews and helpful
and receiving data. Whether you consider information you’ve come to expect month
your data sensitive or not, there’s no after month. Whether the new year means
reason to adopt insecure methods in your ice and snow or sunshine and roses in your
environment. Charles shows how to make part of the world, we hope this issue helps
sure you keep your private data private, start it off on a good note. We’ll see you
even when you send it across the Internet. again next month, when February grows an
Fabien Wernli also discusses security this extra day and is almost a full-size month!Q
month, but rather than securing network
transfers, he covers how to manage log Shawn Powers is the Associate Editor for Linux Journal .
files for console connections. Keeping track He’s also the Gadget Guy for LinuxJournal.com, and he has
of serial connections to the server console an interesting collection of vintage Garfield coffee mugs.
can be challenging when your server Don’t let his silly hairdo fool you, he’s a pretty ordinary guy
number increases, but thanks to syslog-ng, and can be reached via e-mail at shawn@linuxjournal.com.
you’re able to log that information. Fabien Or, swing by the #linuxjournal IRC channel on Freenode.net.
Server Hardening, II
Greg Bledsoe missed one small thing
that can increase a server’s security:
reduce the amount of network traffic
a server must process:
iptables -t mangle -I PREROUTING -m state --state INVALID -j DROP
Linux Journal
Archive 1994–2015
NOW AVAILABLE!
www.linuxjournal.com/archive
text output of the Java CLI in that it ´| parallel aws ec2 create-snapshot
first day of his life. WRITING FOR US: We always are looking
for contributed articles, tutorials and
—Gaston real-world stories for the magazine.
An author’s guide, a list of topics and
due dates can be found on-line:
http://www.linuxjournal.com/author.
http://www.linuxjournal.com/contact.
diff -u
What’s New in Kernel Development
There’s an ongoing impulse among heavy, inefficient battery technology,
a diversity of developers to be able there’s a big incentive to figure out
to compile some or all of the Linux ways to save power. One possibility
kernel as a library, so that a piece of is to turn off portions of hardware
software could use kernel services when they’re currently not in use,
and APIs while running under a like a phone’s touchscreen when the
different kernel entirely, or a different phone is in your pocket.
operating system. The difficulty lies in knowing exactly
This time, the impulse came which piece of hardware to turn off,
from Octavian Purdila, creator of and when. If there’s a clear user action,
the Linux Kernel Library (LKL), like flipping closed a flip-phone, the
essentially an entire kernel compiled problem is simplified. Irina Tirdea
as a static library. He distinguished LKL recently tried to recognize such actions
from projects like User Mode Linux and come up with mechanisms to
(UML), saying that LKL was more respond to them properly. She posted
lightweight, having no infrastructure some patches to do this.
REQUIREMENTS OR NEEDING ANY PARTICULAR Octavian Purdila, also working
sort of runtime environment. on the project with Irina, described
A bunch of folks expressed interest, a target scenario as being when a
especially in terms of interacting touchscreen has been blanked but is
with similar projects like libOS still aware of the user’s touch—through
and libguestFS. And, Richard the fabric of a pocket, for example.
Weinberger remarked that LKL The goal of the patches, he said,
seemed to solve UML’s biggest pain would be to save power by turning off
points: the need to use ptrace() to all the hardware associated with that
handle system calls and to do virtual screen, and turn everything on again
memory management using SIGSEGV. when the user activates the device.
In a device-centric world with The problem with this sort of feature
Non-Linux FOSS:
Open-Source Windows?
I have mixed emotions
about ReactOS. It’s
open source. It’s freely
available. But, its goal is
to be binary-compatible
with Windows! ReactOS
is not a Linux operating
system. In fact, it
doesn’t share the UNIX
architecture at all. It
looks like Windows NT,
and it behaves much like
Windows NT.
It’s just odd!
The best way I can
think to describe it is to imagine if code. I’m personally not convinced
Wine evolved into an entire operating that ReactOS is a better idea than
system that booted on hardware Wine running inside Linux, but I’m sure
instead of running inside Linux. running it as its own operating system
That’s basically what ReactOS feels will provide possibilities that just can’t
like. It’s not ready for prime time happen in a Wine environment. The
(and the developers make that very folks at ReactOS provide installers
clear—it’s alpha software), but it’s AND PREBUILT 6- INSTANCES THAT CAN BE
worth checking out. Since it’s early in launched in order to try it out on your
the development process, if you get existing system. Whether you are just
involved now, you can have a say in morbidly curious about a non-Windows
what compatibilities get priority. Windows or are interested in getting
ReactOS is the perfect solution for involved in the development, go to
folks who need to run Windows apps, http://reactos.org for more details.
but absolutely refuse to run Microsoft —SHAWN POWERS
Android Candy:
Quality Time, or Not?
This is the season of resolutions,
and in the technological world we
live in, spending time off-line is a
difficult but healthy activity. The
problem is our lives have become so
intertwined with our phones that
it’s easy to whip out our cell phones
inadvertently to check our social
NETWORKS QUICKLY
4HE 1UALITY4 IME APP IS DESIGNED
to help curb the habit just a bit.
Ironically, it’s an Android app
designed to help you stop using
Android apps so much. Still, it’s
just geeky enough to make limiting (Photo from http://qualitytimeapp.com)
technology time a fun endeavor.
If you like graphs, data, numbers TO GIVE 1UALITY4 IME A TRY )F YOU
AND GOALS 1UALITY4 IME CAN HELP just want to see how much time
you identify where you spend most you spend on various applications
of your time on-line and then on your Android device, you
assist in lessening your face time SHOULD TRY 1UALITY4 IME AS WELL )
with FaceT ime (okay, not actually found the data alone worth the
FaceT ime, since that’s an Apple installation, and it inspired me to
app, but the word play was too spend a little less time texting my
fun to leave out). kids and a little more time talking
If you’re forgetting what your to them (while they text their
family members actually look friends—baby steps...).
like, or if you’re surprised to see Check it out at
your friends as anything but their http://qualitytimeapp.com.
on-line avatars, you really need —SHAWN POWERS
your own input files, you probably access to all of the source code
will want to be able to check them and can investigate exactly how
somehow. Luckily, you can use the calculations are being done.
ABINIT itself to do this. The abinit When doing fundamental scientific
executable includes an option ( -d research, that can be very important.
or --dry-run ) to take your input You may be trying to do calculations
files and validate them without in a region where the available
starting the calculations. This algorithm is no longer valid. All of
allows you at least to catch major these calculations make assumptions
typos before wasting the time to try to simplify the calculations so
involved in doing a partial run and that they are actually doable, and
having it fail. it is very important to keep that in
Along with your own input files, mind. But, with access to the code,
describing the geometry and other you have the opportunity to make
descriptive variables, ABINIT needs changes to those algorithms to fit
input files that describe something the assumptions better that are valid
called the pseudopotential for for your problem. This open-source
your system. There are different code gives you the ability to build
types, such as Troullier-Martins on all of the past work and push
or Hartwigsen-Goedecker-Hutter it into new areas of research. Just
pseudopotentials, that can be used remember to pass these extensions
for different situations. Luckily, ABINIT and improvements on to the next
includes pseudopotentials for the group of researchers to keep pushing
entire periodic table. This means you our understanding forward.
simply can build up your molecule Interpreting the output from
by including the pseudopotentials ABINIT can be a bit of a job. There
for each of the different types of is a lot of output describing how
atoms in your system. Although it the calculated values progressed
isn’t necessary in most cases, you UNTIL THEY REACHED THE REQUESTED
can create your own for some very accuracy to the actual answer. For
specialized system if needed. example, if you are calculating
The other thing to be aware of the energy for a molecular
is that ABINIT is released under a configuration, you probably are
GPL license. This means you have interested in when the energy is
at its lowest value. This will be the This is just a very basic
most stable configuration for these introduction to what is involved
nuclei and electrons. But, how do when using ABINIT. Hopefully, you
you interpret this output? Several now feel a bit more comfortable
tools are available to take the digging in to the massive
geometric portion of this output documentation and using ABINIT
and plot it so that you can see what to solve whatever molecular
the configuration actually looks like. problem you have. When you are
There also will be output describing ready, you can move on to much
how strong the various connections larger problems by using the
are between the nuclei, which you MPI capabilities in ABINIT to use
can use to see how reactive your as many machines as you have
molecule may be. available. —JOEY BERNARD
LINUX JOURNAL
on your Android device
www.linuxjournal.com/android
For more information about advertising opportunities within Linux Journal iPhone, iPad and
Android apps, contact John Grogan at +1-713-344-1956 x2 or ads@linuxjournal.com.
Client-Side REUVEN M.
Performance
LERNER
help ensure that you’re actually doing HTML page. That is, instead of having
what you should be. your <script> tags, whether local or
remote, at the top of your page, you
Client-Side Considerations should put them at the bottom—
Client-side code is written in JavaScript. unless it’s vital to do otherwise.
The code, whether inline in <script> Even better, you should consolidate
tags or retrieved from a remote server, your JavaScript files into a single file.
executes whenever the browser’s parser This has a number of advantages. It
gets to that part of the page. If you means the user’s browser needs to
have JavaScript at the top of the page, download a single file, rather than
it’ll be executed when the parser gets many of them. If you include all of
to it, potentially delaying the rendering the JavaScript needed on your site in
of the rest of your page. By contrast, a single file, it also means that the
if your JavaScript is at the bottom, the file needs to be loaded only a single
parser will execute it only after parsing TIME /N EVERY SUBSEQUENT PAGE LOAD
and rendering the rest of the page. This the JavaScript will be mentioned, but
is why so many developers learned to it won’t be downloaded, because it’ll
put their JavaScript commands inside a already be cached in the browser’s
“document-ready” callback function; in memory. You can make things even
that way, the code was executed only better, of course, by compressing
once the entire page had been loaded. that single JavaScript file. This
Because so many modern Web turns out to be extremely effective,
applications take place in JavaScript, because compression algorithms
the fact that you’re often loading work well with text, and especially
JavaScript from remote servers means with text that repeats itself, as
that the time it takes to render a happens with program code.
page depends not just on the server Better yet, you can run JavaScript
speed, the network bandwidth and code through a minimizer (or
the page’s complexity, but also on the “minifier”), which removes comments,
servers and networks serving such extraneous whitespace and anything
JavaScript, as well as those pages’ else that isn’t necessary for client-
complexity. As a result, it’s generally side programs to run. By minifying
considered to be good practice to JavaScript files, combining the files
load as many libraries as possible late and then compressing the resulting
in the game, at the bottom of your combination, you can dramatically
reduce the size of the JavaScript being harder to analyze. On the one hand,
sent to the user’s browser and ensure you (the developer) can download
that it is loaded only once per visit to the program, test it and check the
your Web site. performance—and then, you also can
UglifyJS, for example, can be use in-browser debugging tools to test
installed via npm : and improve things.
One of the most important tools
npm install uglify-js -g offered by both Chrome and Firefox is
the display of files being sent to the
You can run it on a file with: browser. Even if your site appears to
BE LOADING AND RENDERING QUICKLY A
uglifyjs FILENAME QUICK LOOK AT THE DOWNLOAD TIMELINE
almost certainly will be somewhere
Although because that sends output between surprising and shocking to
to stdout, you’ll likely want to redirect you. You’ll see how long it takes for
it to a file: each of the JavaScript (and CSS, and
image) files to download and, thus,
uglifyjs FILENAME > ugFILENAME.js how much time it takes between
THE USER REQUESTING YOUR PAGE AND
I took the JavaScript from my the content actually appearing on it.
PhD dissertation software and ran it This is a great way for you to identify
through both uglifyjs and gzip. The potential bottlenecks and then reduce
original 36KB file was 8.5KB after their effect on the slowness (or
compression, but 6.0KB after uglifying apparent slowness) of your site.
and compression. Although you might Even New Relic, which normally
scoff at the small size of a 36KB file is considered a (commercial) server-
in the modern world, the fact is that side performance monitor, now
each file takes time, for both the offers some client-side performance
browser and the server. The faster you checking. You place a small piece of
can get it off your server and into the JavaScript on your site; New Relic
browser, the better. collects this information, and then
tells you how long it took for your
Download Time content to get to the user’s browser
Once the JavaScript is in the user’s and how long it took to render. This
browser, things are both easier and provides a surprisingly insightful view
table showing how much time was perhaps necessary. It also suggested
spent in each function, and what which images could be compressed
percentage of the total time was and how much space we would save
spent there. If you’re a Chrome in so doing.
user, you can open up the developer
tools and click on the “profiles” tab. Summary
You’ll then need to choose whether Although server-side programming
you want to check CPU performance still is a vital part of the Web, the
or memory performance (in two client is where much of the action is,
different flavors). After starting and and where the user often perceives
stopping the profiler, you can analyze lags and slowness. As a result,
the resources that JavaScript used— it’s worth investing time to check
and then, of course, change your your client-side performance and
code appropriately. to address problems before your
One tool I have begun to use more users start to complain (or leave
FREQUENTLY IS 0AGE3PEED FROM 'OOGLE you without complaining). Using
This collection of tools would appear a variety of tools to check your
to be an SaaS, an updated version of performance, as well as to reduce
YSlow, which was my go-to tool for the size and time of JavaScript
many years. For example, Google’s and CSS downloads, will go a long
tools will tell you how mobile-friendly way toward improving your users’
your site is. satisfaction with your site. Q
Moreover, the PageSpeed results
always point to documentation that Reuven M. Lerner trains companies around the world in Python,
describes, in great detail, why issues PostgreSQL, Git and Ruby. His ebook, “Practice Makes Python”,
are problematic and what steps contains 50 of his favorite exercises to sharpen your Python skills.
you can take in order to fix them. Reuven blogs regularly at http://blog.lerner.co.il and tweets as
This documentation is surprisingly @reuvenmlerner. Reuven has a PhD in Learning Sciences from
well written, and it points to very Northwestern University, and he lives in Modi’in, Israel, with his
practical, clear suggestions for how wife and three children.
to improve the performance of your
JavaScript and CSS. After running
PageSpeed against one of my client’s Send comments or feedback via
sites, I found that we still had some http://www.linuxjournal.com/contact
blocking JavaScript higher up than is or to ljeditor@linuxjournal.com.
Pasadena, CA
Featured Speakers:
Jono Bacon
Cory Doctorow
Bryan Lunduke
Mark Shuttleworth
http://www.socallinuxexpo.org
Use Promo Code LJAD for a 30%
discount on admission to SCALE
LJ261-January2016.indd 31 12/17/15 8:36 PM
COLUMNS
WORK THE SHELL
better reference chart, presented Copyright (C) 2014 Free Software Foundation, Inc.
as variables ready for a script: License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
mercury=87.96 This is free software: you are free to change and
mars=686.98
jupiter=4332.71412 This is on the latest version of
saturn=10759.09856 Ubuntu. Sadly, I’m going to be leaving
uranus=30707.4082 you Mac users who have become
accustomed to working with my scripts we’re subtracting the current date from
in the dust this time. Unfortunately, the day in the past, not vice versa.
Mac OS X still ships with the older Flipping the math around in the
POSIX version of date and therefore EQUATION SOLVES THE PROBLEM AND GETS
has no date math available. With the desired result:
GNU date , however, it’s super easy to
calculate the number of days you’ve Born on aug 3 1965 means you've been alive 18354 days.
$ cat planetaryage.sh
#!/bin/sh planetaryAge()
echo "Born on $* means you've been alive $daysalive days." planetname=$2
$ sh planetaryage.sh aug 3 1965 echo "You are $planetarydays $planetname years old."
Born on aug 3 1965 means you've been alive -18354 days. }
Negative days. It seems like something daysalive="$(( ( $(date -u +'%s') -
you’d get out of an old Night Gallery ´$(date -ud "$*" +'%s') )/60/60/24 ))"
Full Disk
Encryption
Automation makes things faster, if you don’t count
all that work ahead of time.
Usually I try to write articles that are automated “OEM” install for a
not aimed at a particular distribution. laptop. The goal was to have an
Although I may give examples automated boot mode that would
assuming a Debian-based distribution, guide users through their OS install
whenever possible, I try to make my and use full-disk encryption by
instructions applicable to everyone. default, but would make the process
This is not going to be one of those as simple as possible for users.
articles. Here, I document a process Normally, unless you are going to
I went through recently with Debian encrypt the entire disk as one big
preseeding (a method of automating partition, the Debian installer makes
a Debian install, like kickstart on Red you jump through a few hoops to set
Hat-based systems) that I found much up disk encryption during an install.
more difficult than it needed to be, In my case, I couldn’t just use the
mostly because documentation was full disk, because I needed to carve
so sparse. In fact, I really found only off a small section of the disk as a
two solid examples to work from in rescue partition to store the OEM
my research, one of which referred install image itself. My end goal was
to the other. to make it so users just had to enter
In this article, I describe how to their passphrase, and it would set
preseed full-disk encryption in a up an unencrypted /boot and rescue
Debian install. This problem came disk partition and an encrypted / and
up as I was trying to create a fully swap. As an additional challenge,
I also wanted to skip the time- Since you need a basic unencrypted
consuming disk-erasing process that /boot partition to load a kernel and
typically happens when you enable prompt the user for a passphrase, I
disk encryption with Debian, since the had to account for both and preserve
disk was going to be blank to start a small 2GB rescue disk partition
with anyway. that already was present on the disk.
Unfortunately, although there is After that, the remaining / and swap
a lot of documentation on how to partitions were encrypted. Here is the
automate ordinary partitioning and partition section of the preseed config:
,6- WITH PRESEEDING ) ACTUALLY WROTE
a whole section on the topic myself d-i partman-auto/method string crypto
method{ keep } \
have disk encryption be almost fully this and do a search on-line, they at
automated, except that the installer least can find my article and the two
prompted me for a passphrase, which other examples and won’t have to
I wanted. burn so much time. Q
The only missing piece to this
automation was that the installer Kyle Rankin is a Sr. Systems Administrator in the San Francisco
started overwriting the existing disk Bay Area and the author of a number of books, including The
with random information. Now, Official Ubuntu Server Book, Knoppix Hacks and Ubuntu Hacks.
there are good reasons why you He is currently the president of the North Bay Linux Users’ Group.
may want to do this before setting
up disk encryption, but in this case,
the disk was blank beforehand, Send comments or feedback via
and I didn’t want to wait the many http://www.linuxjournal.com/contact
hours it might take. Try as I might, or to ljeditor@linuxjournal.com.
no options to preseed this feature
away seemed to work. After poring
through the partman code to find
the magic option, I finally resorted LINUX JOURNAL
to patching the partman-crypto
script on the fly in the middle of
for iPad and iPhone
the install so that it skipped the
erase process:
d-i partman/early_command \
/lib/partman/lib/crypto-base.sh
RC Files
Confused by profiles and bashrc? Read on!
I love Linux, and if you’re reading terminal shell, you’re prompted for
this, chances are you do too. To be a user name and password. Other
honest though, some aspects of the times, you just click on the terminal
Linux environment are confusing. icon, and you’re presented with a
Near the top of the list for me is terminal already logged in. You’ll
the profile system. Conceptually, most often experience this when
it’s simple. There are system-wide using a GUI desktop environment.
settings that all users inherit, and Basically, if you’re already logged
then there are individual settings in to your Linux desktop, and you
people can set on their own. The open a terminal window, it’s an
problem comes when different interactive shell.
distributions handle profiles in It doesn’t have to be inside a
different ways, and the concept graphical desktop environment,
of login shells versus interactive however. If you ssh in to a
shells comes into play. Usually, it’s remote server, you’re prompted
not something Linux users worry for a user name and password
about. But, when you need to (thus, a login shell). If you then
make a change, it can be extremely type bash from inside that SSH
frustrating to figure out what is session, you’re starting a brand-
loaded in what order, and which is new terminal, but this time, it’s
seen by login shells only, and so on. an interactive shell (notice you’re
not prompted for a password).
Login Shells Why it matters is something I’ll
First, let me clarify what I mean by talk about a little later, but for
login shells. You’ve probably noticed comprehension sake, just remember
that sometimes in order to get to a that if you’re prompted for a user
the profile by name in this order: is the .bashrc file stored in the user
directory. This is another script—this
Q .bash_profile one called from the .profile script in
Step 3. Note that if you customize
Q .bash_login your user profile settings, you’ll want
to make sure whatever profile file
Q .profile you use actually calls the .bashrc
script. It’s inside the .bashrc script
If it finds a file with that name where personal settings like a custom
in the user’s home directory, it prompt and color settings go, along
executes it and stops. This means with command aliases you might
if you have a .bash_profile and want to set (more on those later).
.profile in your home directory, only Step 5: this step doesn’t really
the .bash_profile will be executed. take place after Step 4; rather, it
This is useful to know if you want sort of branches off at Step 1. The
to customize your profile, but /etc/profile script starts the process
don’t want to make changes to the for loading user profiles, but it also
original user profile assigned to you. kicks off the process for executing
By default in Ubuntu, every user has the system-wide bashrc file. Here
a .profile file, but not .bash_profile again various distributions name
or .bash_login. So if you want to this file differently, but it’s generally
customize your profile, simply copy either a file called /etc/bashrc or
the .profile in your home directory /etc/bash.bashrc. In the case of
to a file called .bash_profile, and Ubuntu, it’s /etc/bash.bashrc, but
make any changes you want to historically, it’s often /etc/bashrc.
.bash_profile. Doing that will leave Note that unlike the user’s .bashrc
your original .profile intact and still file, the system-wide bashrc file does
will allow you to customize to your not start with a period.
heart’s content. Just remember, if To add insult to injury, some
you create an empty .bash_profile, systems don’t actually execute the
the system will see that as your system-wide bashrc file for login
profile of choice and ignore your shells, so if you don’t see it called
.profile file completely! in the /etc/profile script, that means
Step 4: finally, the last step along it’s not going to execute for login
the login shell order of operations shells. For the most part, however,
makes the most sense. One of the prefer a specific color scheme, the
biggest environment variables is the bashrc system is where that would
PATH variable. When a login shell be set. Much like the profile system,
is initiated, the PATH is set. Other the user’s .bashrc file overrides the
environment variables also can be system-wide bashrc (or bash.bashrc,
set in the system-wide profile or again see above) settings. That
individual user profiles, but just means you can customize the
know that the profile system is behavior of the command line
where most variables are set. however you like without affecting
The order with which profile other users on the system.
information is loaded is very The most common customization
important, because if you want to inside the .bashrc file is to add
override the system-wide default aliases. An alias is sort of like text
profile information, you can do so expansion, in that it substitutes
by specifying environment variables your defined alias with whatever
in your personal user profile script. command you specify. For example,
For instance, the PATH variable here’s a snippet from a .bashrc file
is usually modified by the user’s in the user’s folder:
profile script on login. Usually, the
.profile (or .bash_profile, etc., see alias ll='ls -alF'
above) script will add ~/bin to the alias la='ls -A'
PATH variable if users have their alias l='ls -CF'
own bin folder inside their home
directory. Because user profiles The aliases make it so that if
are loaded after the system-wide the user types ll on the command
profile, user settings take precedent line, the system will execute
and override system-wide settings. ls -alF instead. It’s a great way
to make shortcuts for commands
What Do RC Files Do? with cryptic options or shortcuts
Again, this is a generalization, for commands you type often.
but the system-wide bashrc file Although I’m not suggesting
and then the individual user’s tomfoolery, .bashrc aliases are also
.bashrc script usually set personal a great way to prank your fellow
preferences for the command line. users if they leave their system
If you want a custom prompt, or logged in. Say you create an alias
DJI Manifold
Canonical’s Ubuntu operating system serves as the “brains” for
DJI Manifold, a new, high-performance embedded computer
for drones that reduces processing time and optimizes real-
time data analysis. Utilizing DJI’s Onboard SDK, the Manifold
is a user-friendly system that enables developers to create
more powerful professional applications that leverage aerial and ground technologies to solve complex
problems. Fully compatible with DJI’s Matrice 100 drone, the Manifold is also compatible with third-party
sensors and enables developers to connect a wide variety of onboard devices, such as infrared cameras,
ATMOSPHERIC RESEARCH DEVICES AND GEOGRAPHICAL SURVEYING EQUIPMENT "ECAUSE THE -ANIFOLD COMPUTER
both collects and analyzes data in the air, it provides an efficient solution for developers in need of
TIME
SENSITIVE INFORMATION 2ELEVANT TECH SPECS INCLUDE 5BUNTU ,43 VERSION QUAD
CORE !2-
#ORTEX !
PROCESSOR .6)$)! +EPLER
BASED '05 AND SUPPORT FOR #5$! /PEN#6 AND 2/3
http://www.dji.com
JetBrains Toolbox
In this space, I typically cover about
eight new products for your reading
pleasure. This month, however, I feature
more than double the normal output,
thanks to a “big day” of updates from
JetBrains s.r.o. The tool developer
simultaneously upgraded the nine elements in its JetBrains Toolbox, thus smashing the Linux Journal
New Products record for most products announced in a single issue. These nine elements include
IntelliJ IDEA 15 IDE for Java, PhpStorm 10 IDE for Java, WebStorm 11 IDE for JavaScript, PyCharm
5 IDE for Python, AppCode 3.3 IDE for Objective-C on Mac OS X, CLion 1.2 cross-platform IDE for
# AND # 2UBY-INE )$% FOR 2UBY AND 2AILS X$"% )$% FOR $"!S AND 31, $EVELOPERS AND
2E3HARPER 5LTIMATE PRODUCTIVITY TOOL FOR 6ISUAL 3TUDIO )N ADDITION TO THE PRODUCT IMPROVEMENTS
for each tool, JetBrains added a new “All Products” pack that allows customers to use any of the
above products according to their current needs.
http://www.jetbrains.com
1248’s DevicePilot
Unlike Web or smartphone apps, connected Internet of Things (IoT) devices must be
deployed into the physical world, where lots of things can go wrong. To overcome
physical-world barriers that stand in the way of effective IoT at scale, IoT specialist
1248 unveiled DevicePilot, a new as-a-service solution for managing the growing IoT
ecosystem. DevicePilot continuously monitors and manages connected devices over
their complete life cycles and presents a simple dashboard showing how many devices
have been deployed, where and by whom, and how many are not working and why.
DevicePilot’s automatic asset management, monitoring and lifetime support enable
scaling projects from pilot stage to deployment with thousands or even millions of
devices with universal coverage, from applications as variable as smart energy to smart
homes and cities to transport systems, as well as industrial monitoring and control. DevicePilot is
integrated with the ARM mbed IoT Device Platform, based on open standards, technology and services
to accelerate wider adoption of IoT systems at scale. The goal of 1248 is to fill one of the few remaining
GAPS IN THE SET OF SERVICES REQUIRED FOR SUCCESSFUL )O4 DEPLOYMENTTHAT IS IN DEVICE MANAGEMENT
http://1248.io
SECURE
FILE TRANSFER
How to improve file transfer security
with RFC 1867, thttpd and Stunnel.
CHARLES FISHER
but greatly restrict remote visibility echo -e 'ls -l \n quit' | ftp a_server.com
Q Unless the FTP server supports and also data connections. You'll need a client with
chroot() and it is individually SSL support too. NOTE!! Beware enabling this option.
and specifically configured for Only enable it if you need it. vsftpd can make no
a target user, that user is able guarantees about the security of the OpenSSL libraries.
to fetch recursively all accessible By enabling this option, you are declaring that you
files on the system that have trust the security of your installed OpenSSL library.
world-read permission.
The reason for the above warning
Q An FTP account created for a is that because the FTP server runs
few files can give visibility to just as root, it exposes the encryption
about everything. Most modern library to remote connections with the
FTP clients allow such recursive highest system privilege. There have
TRANSFERS !N &40 USER REQUIRES AN been many, many encryption security
entry in /etc/passwd on the server flaws through the years, and this
that creates an OS account. If not configuration is somewhat dangerous.
properly managed, this allows the The OpenSSH suite of
remote user to log in to a shell or communication utilities includes
otherwise gain unwanted access. “sftp” clients and servers, but
THIS ALSO REQUIRES AN ACCOUNT ON
Q Password aging often is mandated the operating system and special
in high-security environments, key installation for batch use. The
REQUIRING SYNCHRONIZED PASSWORD recommended best practice for key
changes on the client and server HANDLING REQUIRES PASSWORDS AND THE
(usually after a failed overnight use of an agent:
batch run).
Our recommended method for
Later revisions to the FTP protocol best security with unattended
do add TLS/SSL encryption capabilities, SSH operation is public-key
but it is unwise to implement them: authentication with keys stored
in an agent....The agent method
man vsftpd.conf | col -b | awk '/^[ ]*ssl_enable/,/^$/' does have a down side: the system
ssl_enable can’t continue unattended after
If enabled, and vsftpd was compiled against OpenSSL, a reboot. When the host comes
vsftpd will support secure connections via SSL. This up again automatically, the batch
applies to the control connection (including login) jobs won’t have their keys until
For this article, I will be using the suffer from a bug, turning a bug
“curl” non-graphical, command-line into a nuisance rather than a full
tool to perform file transfers using this catastrophe. No root were harmed
protocol. Since the RFC 1867 protocol is during this audit as far as we know.
implemented over HTTP, a Web server is
needed. The server software choice here The common Web servers on Linux,
will be unconventional, for I’m going to Apache and Nginx repeatedly have
REQUIRE NATIVE SUPPORT FOR THE CHROOT refused to implement native chroot()
system call, which isolates running security (http://www.openbsd.org/
processes in the filesystem tree. This papers/httpd-asiabsdcon2015.pdf):
prevents access to powerful programs in
/sbin and any other sensitive data stored OpenBSD has run its Web servers
in restricted locations. in a chroot for many years; Apache
Liberal use of chroot() and privilege and nginx have been patched to
separation recently saved OpenBSD’s run chroot’ed by default. These
new mail system from disaster in a code patches have never been accepted
audit (http://undeadly.org/cgi?action= by upstream, but yet they provide a
article&sid=20151013161745): significant benefit.
First of all, on the positive side, Although this refusal precludes the
privileges separation, chrooting and use of Apache and Nginx in high-
the message passing design have security applications, the recently
proven fairly efficient at protecting updated sthttpd Web server
us from a complete disaster. (http://opensource.dyc.edu/sthttpd)
[The] Worst attacks resulted in does offer this capability. thttpd lacks
[the] unprivileged process being many modern features (FastCGI, SPDY
compromised, the privileged and SSL/TLS), but the native chroot()
process remained untouched, so trumps the disadvantages. Here are
DID THE QUEUE PROCESS WHICH RUNS the steps to download and install it:
as a separate user too, preventing
data loss....This is good news, wget ftp://opensource.dyc.edu/pub/sthttpd/sthttpd-2.27.0.tar.gz
find and exploit by an attacker. echo 'Keep out! This means you!' > index.html
REQUEST_METHOD=GET
SERVER_PORT=80
so they are not seen unless you have uid=99 gid=99 groups=99
to /sbin/sh. Calling BusyBox with the drwxr-xr-x 2 0 0 40 Oct 24 15:03 htdocs
link changes the program’s behavior drwxr-xr-x 2 0 0 40 Oct 22 22:10 logs
and turns it into a Bourne shell. The drwxr-xr-x 2 0 0 97 Oct 24 15:02 sbin
the contents match an “applet” that BusyBox v1.24.0.git (2015-10-04 23:30:51 GMT) multi-call binary.
has been compiled into it, BusyBox BusyBox is copyrighted by many authors between 1998-2015.
executes the applet directly. Licensed under GPLv2. See source distribution for detailed
script will run, and you should see: Usage: busybox [function [arguments]...]
REMOTE_ADDR=::1
HTTP_USER_AGENT=Mozilla/5.0 (X11;; Linux x86_64;; rv:38.0) BusyBox is a multi-call binary that combines many common
´Gecko/20100101 Firefox/38.0 Unix utilities into a single executable. Most people will
CGI_PATTERN=**.xyz create a link to busybox for each function they wish to
[, [[, acpid, add-shell, addgroup, adduser, adjtimex, arp, sha1sum, sha256sum, sha3sum, sha512sum, showkey, shuf, slattach,
arping, ash, awk, base64, basename, beep, blkid, blockdev, sleep, smemcap, softlimit, sort, split, start-stop-daemon, stat,
bootchartd, bunzip2, bzcat, bzip2, cal, cat, catv, chat, strings, stty, su, sulogin, sum, sv, svlogd, swapoff, swapon,
chattr, chgrp, chmod, chown, chpasswd, chpst, chroot, chrt, switch_root, sync, sysctl, syslogd, tac, tail, tar, tcpsvd, tee,
chvt, cksum, clear, cmp, comm, conspy, cp, cpio, crond, telnet, telnetd, test, tftp, tftpd, time, timeout, top, touch,
crontab, cryptpw, cttyhack, cut, date, dc, dd, deallocvt, tr, traceroute, traceroute6, true, truncate, tty, ttysize,
delgroup, deluser, depmod, devmem, df, dhcprelay, diff, tunctl, ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol,
dirname, dmesg, dnsd, dnsdomainname, dos2unix, du, dumpkmap, ubiupdatevol, udhcpc, udhcpd, udpsvd, uevent, umount, uname,
dumpleases, echo, ed, egrep, eject, env, envdir, envuidgid, unexpand, uniq, unix2dos, unlink, unlzma, unlzop, unxz, unzip,
ether-wake, expand, expr, fakeidentd, false, fatattr, fbset, uptime, usleep, uudecode, uuencode, vconfig, vi, vlock,
fbsplash, fdflush, fdformat, fdisk, fgconsole, fgrep, find, volname, watch, watchdog, wc, wget, which, whoami, whois, xargs,
findfs, flock, fold, free, freeramdisk, fsck, fsck.minix, xz, xzcat, yes, zcat, zcip
grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, A few things to point out regarding
hostid, hostname, httpd, hush, hwclock, i2cdetect, i2cdump, each section above:
i2cget, i2cset, id, ifconfig, ifdown, ifenslave, ifup, inetd,
init, insmod, install, ionice, iostat, ip, ipaddr, ipcalc, 1. The environment in the first
ipcrm, ipcs, iplink, iproute, iprule, iptunnel, kbd_mode, section above will include a
kill, killall, killall5, klogd, less, linux32, linux64, linuxrc, QUERY_STRING if you have
ln, loadfont, loadkmap, logger, login, logname, logread, referenced it from a GET-method
losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, form—that is, if you append
lzcat, lzma, lzop, lzopcat, makedevs, makemime, man, md5sum, ?abc=123 to the URL, you will
mdev, mesg, microcom, mkdir, mkdosfs, mke2fs, mkfifo, see QUERY_STRING=abc=123 as
mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd, mkswap, standard GET-method parameters.
mktemp, modinfo, modprobe, more, mount, mountpoint, mpstat,
mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, netstat, 2. User 99 above actually is defined
nice, nmeter, nohup, nslookup, ntpd, od, openvt, passwd, patch, as nobody in the local /etc/passwd
pgrep, pidof, ping, ping6, pipe_progress, pivot_root, pkill, on the test system. Because there is
pmap, popmaildir, poweroff, powertop, printenv, printf, ps, no /etc/passwd file in the chroot(),
pscan, pstree, pwd, pwdx, raidautorun, rdate, rdev, readahead, all user IDs will be expressed
readlink, readprofile, realpath, reboot, reformime, remove-shell,
numerically. If you want users to
renice, reset, resize, rev, rm, rmdir, rmmod, route, rpm, resolve to names for some reason,
change its own chroot tree to the libm.so.6 => /lib64/libm.so.6 (0x00007f7033b36000)
HTTP_ACCEPT text/html,application/xhtml+xml,
cp /lib64/libm-2.17.so . ´application/xml;;q=0.9,*/*;;q=0.8
REMOTE_ADDR ::1
SERVER_PROTOCOL HTTP/1.1
SCRIPT_NAME /awk.xyz
PATH /usr/local/bin:/usr/ucb:/bin:/usr/bin
´rv:38.0) Gecko/20100101
BEGIN { Firefox/38.0
print ""
print "Hello, world!" GNU AWK is not the best
print "" example as it does provide network
see a file upload form; test it with -rw-r--r--. 1 nobody nobody 1028368 Oct 25 10:26 foo.txt
a random file. With luck, you -rw-r--r--. 1 nobody nobody 2024 Oct 25 10:29 passwd
FILE *H;;
... sprintf(scratch,"%s%s",Root,LastFileName);;
/* For some reason fread() of Borland C 4.52 barfs if the
bytecount is bigger than 2.5Mb, so I have to do it if((H = popen(s1, "r")) != NULL && fgets(scratch, BUFSIZ,
RealCount++;; ´fclose(H);; }
}
char scratch[BUFSIZ];;
service” exploit, thus the 50mb ulimits strcpy(s1, "/sbin/md5sum '");; strcat(s1, scratch);;
needs but prevent abuse. It also might if((H = popen(s1, "r")) != NULL && fgets(scratch,
wish, which will allow error-free writing new private key to '/tmp/openssl.hXP3gW'
You are about to be asked to enter information that will kQOzICzb1nt96QKdWoAob73+hv7qdi3UjJ3/20z3Cx5LWfWoa32Y50//tvBjBtcQ
What you are about to enter is what is called a NdvmyK6sYaO3Dq4eFO78O+zzqyfhPCtcfb8lMuRTZa8uiv7ziVf0A3eGSwKYonUf
Distinguished Name or a DN. There are quite a few fields ...
For some fields there will be a default value, -----BEGIN CERTIFICATE-----
If you enter '.', the field will be left blank. MIID/TCCAuWgAwIBAgIJALT/9skCvdR5MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
----- VQQGEwJVUzELMAkGA1UECAwCSUwxEDAOBgNVBAcMB0NoaWNhZ28xGTAXBgNVBAoM
Common Name (eg, your name or your server's hostname) ...
<body>
[Socket] <hr>
ListenStream=443
´9ead3ab91e904eac4d758ebad4a
<p>
</body>
{
Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013 iptables -I INPUT -p tcp --dport 443 --syn -j ACCEPT
Transferring
Conserver Logs
to Elasticsearch
Review and search serial console logs using
Elasticsearch, Riemann and syslog-ng.
FABIEN WERNLI
);;
columns(tmp.date,PROGRAM,PID,MESSAGE)
flags(greedy)
rewrite {
};;
channel {
program('\*/div>);;
rewrite { flags(syslog-protocol)
set( };;
'true',
);; file("/var/log/syslog-ng.log");;
};; };;
flags(final);;
};; log {
channel { source(s_console);;
rewrite { source(s_conserver);;
set( destination(d_remote);;
'false', };;
value('.SDATA.console.is_attached')
);; log {
};; source(s_internal);;
flags(fallback);; destination(d_internal);;
};; };;
};;
.SDATA.console.is_attached: true
@include scl.conf
throttle(`throttle`) elasticsearch(
server(`host`) index("syslog-${YEAR}.${MONTH}.${DAY}"),
port(`port`) type("syslog"),
type(`type`) flush-limit(1),
description("$MESSAGE") cluster("elasticsearch")
attributes( port(9300)
scope(all-nv-pairs) server("localhost")
key(".SDATA.*" client_mode("transport")
) );;
) };;
);;
file("/var/log/syslog-ng.log");;
channel {
network( realtime(
transport(tcp) host("riemann"),
port(514) );;
flags(syslog-protocol) };;
tags("syslog")
so-rcvbuf(8388608) log {
);; source(s_remote_tcp);;
};; destination(d_riemann);;
};; destination(d_elasticsearch);;
};; };;
internal();; source(s_internal);;
};; destination(d_internal);;
};;
destination d_elasticsearch {
Improve Finding
Business Your Way:
Processes Mapping
with an Your Network
Enterprise to Improve
Job Manageability
Scheduler Author: Bill Childers
Sponsor: InterMapper
Author: Mike Diehl
Topic: Networking
Sponsor: Skybot
Go to http://geekguide.linuxjournal.com
Conserver: http://www.conserver.com
CC-IN2P3: http://cc.in2p3.fr
Riemann: http://riemann.io
Elasticsearch: http://elastic.co/products/elasticsearch
Riemann-dash: http://riemann.io/dashboard.html
Kibana: http://elastic.co/products/kibana
WEBCASTS
Maximizing NoSQL Clusters for Large Data Sets
Sponsor: IBM
4HIS FOLLOW
ON WEBCAST TO 2EUVEN - ,ERNERgS WELL
RECEIVED AND WIDELY ACCLAIMED 'EEK 'UIDE 4AKE #ONTROL OF 'ROWING 2EDIS
.O31, 3ERVER #LUSTERS WILL EXTEND THE DISCUSSION AND GET INTO THE NUTS AND BOLTS OF OPTIMALLY MAXIMIZING YOUR .O31, CLUSTERS
WORKING WITH LARGE DATA SETS 2EUVENgS DEEP KNOWLEDGE OF DEVELOPMENT AND .O31, CLUSTERS WILL COMBINE WITH "RAD "RECHgS
INTIMATE UNDERSTANDING OF THE INTRICACIES OF )"-gS 0OWER 3YSTEMS AND LARGE DATA SETS IN A FREE
WHEELING DISCUSSION THAT WILL ANSWER
ALL YOUR QUESTIONS ON THIS COMPLEX SUBJECT
> http://geekguide.linuxjournal.com/content/maximizing-nosql-clusters-large-data-sets
> http://geekguide.linuxjournal.com/content/how-build-high-performing-it-teams-including-new-data-
it-performance-puppet-labs-2015-state
WHITE PAPERS
Comparing NoSQL Solutions
In a Real-World Scenario
Sponsor: RedisLabs | Topic: Web Development | Author: Avalon Consulting
Specializing in cloud architecture, Emind Cloud Experts is an AWS Advanced Consulting Partner and a Google Cloud
Platform Premier Partner that assists enterprises and startups in establishing secure and scalable IT operations. The
following benchmark employed a real-world use case from an Emind customer. The Emind team was tasked with
THE FOLLOWING HIGH
LEVEL REQUIREMENTS
> http://geekguide.linuxjournal.com/content/comparing-nosql-solutions-real-world-scenario
)"- COMMISSIONED &ORRESTER #ONSULTING TO CONDUCT ITS 4OTAL %CONOMIC )MPACT© 4%) STUDY THAT EXAMINES AND QUANTIFIES POTENTIAL
return on investment (ROI) for IBM UrbanCode Deploy within an enterprise DevOps environment. The study determined that a
COMPOSITE ORGANIZATION BASED ON THE CUSTOMERS INTERVIEWED EXPERIENCED AN 2/) OF
Read the Forrester Consulting study and learn learn how these enterprise organizations achieved:
See how IBM UrbanCode brings deployment velocity while reducing release costs.
> http://devops.linuxjournal.com/devops/total-economic-impacttm-ibm-urbancode
> http://devops.linuxjournal.com/devops/mobile-mainframe-devops-dummies
BRAND-NEW EDITION!
DevOps For Dummies - New Edition with SAFe®
In this NEW 2nd edition, learn why DevOps is essential for any business aspiring to be lean, agile, and capable of responding
rapidly to changing customers and marketplace.
> http://devops.linuxjournal.com/devops/devops-dummies-new-edition-safe
Can Do with
Ad Blocking’s
Leverage
We can do more than save publishing. We can start a
renaissance for all of business—including publishing.
We just need the code.
Q 2010 — demand side platform, cross- The Google Trends graph shown
device, advertising beacon, social ad in Figure 1 makes clear how people
network, predictive marketing. reacted to all this, especially after
Do Not Track failed.
Q 2011 — in-stream, real time The titles of ad blocking research
bidding, creative optimization, studies also tell a story (see Resources
search retargeting. for links). First came Ad-Blocking
Measured, published by ClarityRay
Q 2012 — clickstream data, data LATER ACQUIRED BY 9AHOO IN
management platform, mobile Then PageFair brought us The
reengagement, native advertising, Rise of Adblocking, Adblocking
adblock war. goes mainstream and The Cost of
Adblocking, in 2013, 2014 and 2015.
Q 2013 — programmatic marketing, The catch-all term for tracking-
programmatic advertising, based advertising is adtech, and
subscription push, agency trading nobody has studied or written more
desk, content marketing platform. wisely about it than Don Marti, former
progress thus far and forecasting what Likewise, rather than guessing
it would do for the business world. what might get the attention
Here’s the gist, from its introduction: of consumers—or what might
“drive” them like cattle—vendors
Over the coming years customers will respond to actual intentions
will be emancipated from systems of customers. Once customers’
built to control them. They will expressions of intent become
become free and independent abundant and clear, the range of
ACTORS IN THE MARKETPLACE EQUIPPED economic interplay between supply
to tell vendors what they want, how and demand will widen, and its
they want it, where and when— sum will increase. The result we
even how much they’d like to pay— will call the Intention Economy.
outside of any vendor’s system of
customer control. Customers will be This new economy will outperform
able to form and break relationships the Attention Economy that has
with vendors, on customers’ own shaped marketing and sales since
terms, and not just on the take- the dawn of advertising. Customer
it-or-leave-it terms that have been intentions, well-expressed and
pro forma since Industry won the understood, will improve marketing
Industrial Revolution.... and sales, because both will work
with better information, and
Relationships between customers both will be spared the cost and
and vendors will be voluntary and effort wasted on guesses about
genuine, with loyalty anchored what customers might want, and
in mutual respect and concern, flooding media with messages that
rather than coercion. So, rather miss their marks. Advertising will
than “targeting”, “capturing”, also improve.
hACQUIRINGv hMANAGINGv hLOCKING
in” and “owning” customers, as if The volume, variety and relevance
they were slaves or cattle, vendors of information coming from
will earn the respect of customers customers in the Intention
who are now free to bring far Economy will strip the gears
more to the market’s table than of systems built for controlling
the old vendor-based systems ever customer behavior, or for limiting
contemplated, much less allowed. CUSTOMER INPUT 4HE QUALITY OF THAT
ATTENTION ADVERTISERS
The Linux Journal brand’s following has grown to a monthly readership nearly one million strong. Encompassing the
magazine, Web site, newsletters and much more, Linux Journal offers the ideal content environment to help you reach
your marketing objectives. For more information, please visit http://www.linuxjournal.com/advertising.
Resources
Ad-Blocking Measured: http://www.slideshare.net/arttoseo/clarity-ray-adblockreport
ProjectVRM: http://blogs.law.harvard.edu/vrm
Welcomer: http://www.welcomer.me
Go to http://drupalize.me and
get Drupalized today!