kazen is currently certified at Apprentice level.

Name: Karlos Smith
Member since: 2000-07-18 21:53:09
Last Login: N/A

FOAF RDF Share This


None of my Open Source Projects has ever reached critical mass. i.e. usually by the time I've worked something out, someone else has a better solution.

I do contribute to OpenSource projects. Most often it is pointing out bugs, sometimes by contributing resources, and on a very few rare occasions actual code.

Im on the credits page for WindowMaker the excellent X11 WindowManager with the NeXtStep Look and feel. (Now an official part of the GNU project).

Other than that, I'm just your average Linux based ISP admin.

Recent blog entries by kazen

Syndication: RSS 2.0

Every once in a while the powers that be throw something at you to make you realize what a bubble you live in. Today was my day.

One of my clients is a bank whom I've installed a Linux based firewall for. Earlier this month they contracted a "Security Expert" to audit their entire network. They start off by saying how the firewall is a security risk because "Linux is a public domain operating system where information on firewalls that run on Linux is easily found." Let me just quote here some of their recomendations:

Currently, firewall protection is running on a 386 clone running Linux Slackware version 7. After discussing the firewall configuration with the Internet Service Provider, it was determined that IP Chains are implemented for protection against outside intruders. IP Chains is an access-list only based application that does not monitor stateful sessions. This makes the firewall vulnerable to attacks where the TCP sequence numbers can be guessed and potentially compromise [The Bank]'s security.

[name of security company] recommends the purchase of a certified firewall capable of the following features:
Implement an ICSA certified firewall capable of initiating and monitoring stateful IP sessions
Implement a firewall capable of randomizing TCP sequence numbers.

And of course it just so happens that it is not Slack 7.0 and it is not using IPChains...

Last time I checked things out with nMap the TCP sequence numbers generated by the Linux TCP/IP stack were "Random Positive Increments." ...

For most things I do Linux is the best tool for the job, and my customers respect my ability, so it has been a long time since I was actually slapped in the real world with "Linux is less secure because anyone can look at it."

Saw the Salon article reference over at sendmail.net. Decided I like this a lot better than some other implementations. I'm curious to see how it will stand up. Sometimes things can be killed by too much success, I've already seen mention in the diaries of people I admire that, its recently beyond the point when you could read all the diary updates everyday.

Here's hoping that my latest project will be to a point where I can ask for help before I find out someone already has a solution...


kazen certified others as follows:

  • kazen certified kazen as Apprentice
  • kazen certified kojima as Master
  • kazen certified teknix as Journeyer
  • kazen certified alan as Master
  • kazen certified miguel as Master
  • kazen certified piledriver as Apprentice
  • kazen certified SolidCore as Apprentice

Others have certified kazen as follows:

  • kazen certified kazen as Apprentice
  • SolidCore certified kazen as Apprentice
  • teknix certified kazen as Apprentice
  • kroah certified kazen as Apprentice

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page