The Mandiant Report on the China-sponsored espionage units is fascinatinga and well worth a read.
They discuss spearphishing and the attack lifecycle.
After having a user email account compromised and our mailserver used to dish spam for a few hours, I am going ahead and starting to block China IP addresses outright that are attacking us. This doesn’t solve the issue, but I am kind of done with even negotiating and rejecting attack traffic at our servers now that originate from China. Blocking ranges that attack us is an intermediate step for me. I don’t want to just block China outright, but at this point, I know it wouldn’t solve the issue but it also really couldn’t hurt either. This is not what the internet is supposed to be about, but sadly, it has come to this. I am blocking them inbound at my network level.
If you are going down this road as well, IP2CIDR is a helpful site to use after you get the ranges detailed via whois. When you take the next step and start blocking countries entirely, CIPB is the resource for you. Here are my first few entries from China.
Things Linux Does Better…
Now a few months into the full transition on my main laptop to Linux, here are some observations on what I am very happy about and what I miss in leaving OS X. I am running XFCE as my desktop interface of choice, but all of these points are relevant no matter what UI I have run.
Ditching OS X 10.8 and moving to Linux really unleashed the performance in my i7 MacBook Pro. It runs much faster that it did really since Snow Leopard. I haven’t done side by side testing, but compiles and ffmpeg work moves along much faster since my transition. At 8 gigs of RAM and a decent speed Intel i7, it was remarkably slower under OS X 10.8 and it was “beachballing” far more than it should have been even after clean installs.
2. Workspaces / Virtual Desktops
Apple OS X never could do this correctly. “Spaces” and Expose never were great. I don’t miss them at all. I used to run Codetek Virtual Desktop and then Hyperspaces (http://thecocoabots.com/hyperspaces/) before various OS X version changes killed them off. The old-school workspaces way is the best way to deal with multiple desktops. OS X never got that right.
3. Package Management
Crazy that OS X never had decent options on handling software installs and removes. Sure, you could buy 3rd-party software that could kind of manage things, but now that OS X software is really putting files around the drive like Windows does (in /Library and in /User/Library, etc.) it is crazy not to have it. Heck, in Lion and Mountain Lion, Apple is even starting to actively hide the Library directories from users so they can’t get into purge preferences or fully uninstall apps that put garbage in there. Having many files from applications that came and went is not something I miss from OS X and I’m happy to be able to really manage it once again.
Also, in Ubuntu, the apt packaging system is great. The ability to add sources and keep updated far exceeds the limited Apple Software Update functions that have now been inserted into the Apple OS X App Store. Synaptic Package Manager is wonderful. The ability to install, remove and purge is just something OS X doesn’t do well.
4. Wireless Network Management
It sounds crazy, but I hop back and forth constantly over wlans that sit on top of vlans on my network for testing and troubleshooting. OS X never did that fast switching well. I jump back and forth between a handful of wireless networks on our campus to make sure services and performance are solid. With OS X, it was routine to go through a couple of wlans switches only to be timed-out because OS X couldn’t handle it. Daily, I would have to flip Airport (now “Wifi”) completely off to then be able to jump on additional networks. Under Ubuntu 12.10, I can hop back and forth between the 5 wireless networks with different encryption authentication settings all without a problem. This is a huge timesaver. I had always thought the problems were related to the wireless APs, but now I know better. The OS X client was to blame. The wireless Broadcom hardware on these MacBook Pros is somewhat buggy though no matter what OS I try to run. It sure seems to perform much better under Linux.
5. Customization of the GUI
The ability to tweak and set how you want your user interface to look is unmatched. There are a lot of things I can’t move around to my preferences on OS X. The Apple Menu is of little use since OS X and you can only hack the dock so much to make it work the way I wanted it to. I am much happier with XFCE, panels and Cairo Dock or Docky.
Things I Miss…
Linux is great. But, there are a couple of things I really do miss from OS X. I am sure they will eventually get worked-out, but tough to not have them.
1. VPN options are limited.
It’s really surprising to me that I am unable to get L2TP VPN running on Ubuntu 12.10. This should be automatic, but it is not happening. I have spent hours and still no dice. Some people have done guides on it, but still a huge issue for me. I have been able to get it to the point where it looks as though it should work, but it does.
2. SD Card Reader Not Usable (Yet!)
I didn’t think I used the MacBook Pro SD card slot reader much, but I do. Under Ubuntu 12.10, if I insert an SDHC card, I blackscreen. This stinks. It looks like it will be rectified in the 3.7 kernel, but come on! Standard SD seem to be okay, but SDHC cards (like the one I happen to use with our Canon camera) are not able to be accessed.
It’s really the “unicorn” of mac imaging in my opinion. I’ve used DeployStudio for years and been really happy with it but have never been able to get multicast working until today. I could have sworn I did these exact steps in the past attempts, but I was never able to get it fully operational. Here is what I did. I’m not walking through the standard setup. I’m assuming you already have that going.
1. Setup DeployStudio Admin and the various Netboot, DHCP and NFS services on your OS X Server. I am going to document how to do it on an OS X client soon when I give that shot, but I have a few OS X 10.6 servers now that I have run DS on for years, so going with that for the time being.
2. Create a new workflow in DS admin to master the image you want to multicast restore to the Macs. Here is a screenshot of my create workflow.
3. Boot your golden mac computer into DeployStudio and run this workflow on your golden master drive. It will generate a big image. This was 100+ GB for me in this test today. DeployStudio will grind away a bit. I let the imaging run overnight and dealt with it this AM.
4. Create a new workflow in DS admin for restore function. Here is mine. This step is critical. You cannot run a multicast restore properly if you don’t have a specific workflow for it. This is not something you do can with the settings you get on the fly when you netboot your Mac. The workflow is a two-step: one for partitioning and one for restoring.
I set mine to my large master image and had the multicast trigger at 4 clients. You should point the restore step to your image created in step 3.
5. Flip-on the multicast on the master via DS Admin by going to the “Masters” area in DS admin and clicking the airport-looking radar icon.
NOTE: This does not seem to be necessary anymore with DS v1.0rc135 but if you are running a version prior to that, do it.
This puts the muticast as an active process in DS
6. The DS server is now ready to dish the large, reliable master image if you use the workflow. Boot your macs on the network and use the multicast restore workflow.
My testing to confirm I was getting multicase going was to take 4 iMacs and run them quickly as separate streams from the DeployStudio server and get a network activity graph from the OS X server. Then, reboot the restore and start it again but via the multicast workflow. You can see here in the graph that it went from getting close to 160MB on the 4 separate streams before or around 8am and then solid 40MB-ish later when I was running the multicast workflow.
Looks like I finally got it. I will document. The iMacs are getting a solid 37.4MB feed from the server. Here is the network activity graph from the Snow Leopard server I use for DeployStudio.
The spike is the check initially when I started 3-4 iMacs via DeployStudio on individual streams. The server bonded nics spiked on the way to 160MB. When I got multicast going, the server started dishing out a consistent 40MB but each of the 4 iMacs in the test were getting the same speed.