Just when you had gotten used to using GRUB instead of LILO, Ubuntu goes and changes GRUB to GRUB2. It turns out that the similarities between the two boot loaders end at the name. In this talk Kyle will go over the differences between GRUB and GRUB2 and discuss the new configuration files, which files you should and shouldn’t touch, and why the Esc key no longer works at boot time. There will be a group counseling session at the end of the meeting for disaffected users.

Joomla is a content management system (CMS), which enables you to build multi-user Web sites quickly. Many aspects, including its ease-of-use and extensibility, have made Joomla the most popular free and open source Web site software available. Joomla, which operates on top of a LAMP stack (Linux/Apache/MySQL/PHP-perl), is designed to be easy to install and set up even if you’re not an advanced user. Many Web hosting services offer a single-click install, getting your new site up and running in just a few minutes. If your clients need specialized functionality, Joomla is highly extensible and thousands of extensions (most for free under the GPL license ) are available in the Joomla Extensions Directory.

In the talk, Doug Bierer, founder of unlikelysource.com, which maintains an open source Joomla extension, will cover:

• what is Joomla and why it may be useful to you
• rapid website development using Joomla
• expanding beyond the core by installing extensions
• how you can write your own Joomla modules

Second Life (SL) is like a MMORPG (Massively Multi-player Online Role Playing Game), although many of the people hanging out there will be offended if you called it a “game”. It is a 3D virtual environment created between a database on a huge farm of Linux servers and viewer programs running on home PCs. But besides the bare simulated ground, everything in SL is created by one of the “residents” there. Objects in SL can have snippets of code inserted in them to add behavior. I have found this to be a fascinating environment to program in. I’ll start this talk with an overview of what SL is like and briefly touch on the organization of the servers. I’ll describe the scripting language, data types, programming environment and the foibles of the API library. We should be able to go “in-world” live and show some projects I’m working on in Second Life.

Every year or so you hear about how the Internet is about to run out of IPv4 addresses. When that happens we will all need to be able to migrate to IPv6. In this talk Owen will discuss what IPv6 is and cover how to use IPv6 from a sysadmin perspective.

This talk is a continuation of my previous talk on localhost troubleshooting. In this talk, however, I will discuss common methods to troubleshoot networking problems on Linux. I will work from Layer 1 (physical connection) all the way up to routing and if time permits, some DNS troubleshooting as well.

At 23 years, gnuplot is one of the oldest free and open source programs out in the wild world. It runs anywhere and everywhere. It’s an interactive, text-based plotting program that’s quite easy to use, and yet can produce surprisingly complex plots. Many features of gnuplot are shown in a live demo.

Slides and notes available at https://nblug.org/presentations/gnuplotTalk/

Linux is everywhere these days, including in devices many non-Linux users carry around with them every day: smartphones. In this talk Kyle and Aaron will discuss two Linux smartphone platforms: Android and Maemo5 and talk specifically about the G1 and Nokia N900 devices.

Cross Site Scripting is the #1 form of attack used in the web world today. The attack vector usually comes in the form of some sort of enticement in forum posting with a bogus link, or a bogus email which fools the victim into thinking they’re doing something to protect themselves (i.e. changing their online banking password, etc.).

Cross Site Forgery is in the Top 10 but is insidious in that the victim is the website. This form of attack hijacks valid user credentials and, unknown to the user, performs actions in their name which benefit the attacker.

SQL Injection is also in the Top 10. In this form of attack the cracker exploits vulnerabilities in how the input statements are formed to gain, first of all, detailed knowledge of a database, and secondly, the ability to extract sensitive information, or even to corrupt the database.

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s SSLstrip tool. I will explain and demonstrate this attack.

Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth—one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers.

I will hand out complete instructions so that anyone can easily set up both these attacks on their own machines.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.

When your Linux system has problems, there are a number of ways to track down and solve them. In this talk I will discuss my overall philosophy for troubleshooting and then follow up with more specific examples of how to diagnose common problems on Linux systems. This talk will be more server-focused but most things should apply to desktops as well.

Everyone likes pretty pictures. Visualizing your data is one of the best ways to see the “Big Picture”™ and a great tool to do that is RRDtool. In this talk, Aaron will discuss the basics of how to use RRDtool, how to write RRDTool scripts in bash and python, including some discussion on cricket and munin. Aaron also will give a few demo examples of some interesting graphs and generic scripts he created for the talk.

It seems like just about everyone is coming out with a PC that you can connect to your TV and play videos from. Of course, we all know just how many of those are running Linux under the hood. Why buy one of those when you can build your own? In this talk Kyle Rankin and Allan Cecil are going to discuss two fully-featured programs you can install on a regular Linux system to turn it into a media PC: Xbox Media Center (XBMC) and Boxee.