This talk is a continuation of my previous talk on localhost troubleshooting. In this talk, however, I will discuss common methods to troubleshoot networking problems on Linux. I will work from Layer 1 (physical connection) all the way up to routing and if time permits, some DNS troubleshooting as well.

At 23 years, gnuplot is one of the oldest free and open source programs out in the wild world. It runs anywhere and everywhere. It’s an interactive, text-based plotting program that’s quite easy to use, and yet can produce surprisingly complex plots. Many features of gnuplot are shown in a live demo.

Slides and notes available at https://nblug.org/presentations/gnuplotTalk/

Linux is everywhere these days, including in devices many non-Linux users carry around with them every day: smartphones. In this talk Kyle and Aaron will discuss two Linux smartphone platforms: Android and Maemo5 and talk specifically about the G1 and Nokia N900 devices.

Cross Site Scripting is the #1 form of attack used in the web world today. The attack vector usually comes in the form of some sort of enticement in forum posting with a bogus link, or a bogus email which fools the victim into thinking they’re doing something to protect themselves (i.e. changing their online banking password, etc.).

Cross Site Forgery is in the Top 10 but is insidious in that the victim is the website. This form of attack hijacks valid user credentials and, unknown to the user, performs actions in their name which benefit the attacker.

SQL Injection is also in the Top 10. In this form of attack the cracker exploits vulnerabilities in how the input statements are formed to gain, first of all, detailed knowledge of a database, and secondly, the ability to extract sensitive information, or even to corrupt the database.

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s SSLstrip tool. I will explain and demonstrate this attack.

Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth—one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers.

I will hand out complete instructions so that anyone can easily set up both these attacks on their own machines.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.

When your Linux system has problems, there are a number of ways to track down and solve them. In this talk I will discuss my overall philosophy for troubleshooting and then follow up with more specific examples of how to diagnose common problems on Linux systems. This talk will be more server-focused but most things should apply to desktops as well.

Everyone likes pretty pictures. Visualizing your data is one of the best ways to see the “Big Picture”™ and a great tool to do that is RRDtool. In this talk, Aaron will discuss the basics of how to use RRDtool, how to write RRDTool scripts in bash and python, including some discussion on cricket and munin. Aaron also will give a few demo examples of some interesting graphs and generic scripts he created for the talk.

It seems like just about everyone is coming out with a PC that you can connect to your TV and play videos from. Of course, we all know just how many of those are running Linux under the hood. Why buy one of those when you can build your own? In this talk Kyle Rankin and Allan Cecil are going to discuss two fully-featured programs you can install on a regular Linux system to turn it into a media PC: Xbox Media Center (XBMC) and Boxee.

From the LTIB website: The LTIB (Linux Target Image Builder) project is a simple tool that can be used to develop and deploy BSPs (Board Support Packages) for various target platforms. Using this tool a user will be able to develop a GNU/Linux image for their target platform.

This talk with demonstrate the configuration and use of LTIB for assembling the components of an embedded Linux system. Topics will include uboot, Linux kernel, and root file system options.

Roger House will be speaking at this month’s talk and will answer these questions:

• What are mathematical graphs? What are they good for? What is generic programming?
• What is it good for? What is Boost? What is the Boost Graph Library (BGL)?
• What are they good for?

So how exactly do people use Linux in the workplace these days? In this talk an NBLUG panel of systems administrators will talk about how they use Linux at their work.

Google’s Native Client project seeks to provide high-performance, cross-platform, browser-based applications yet allow them to be “untrusted”. Performance is in the form of x86 binary code while Security comes from a dual layer sandbox. In this talk I’ll overview the goals of the project, how it works, why you might care plus give a demo of a few Native Client applications.