Friday, January 17, 2014

Ho, Ho, Zero

Ho, Ho, Zero

Sir Santa tried to stuff the bag with an annual gift or two, but was late. The gifts are also a bit slim this year.

Of note, CD0, pronounced "see dee zero". This is a rootstrapping tool for NORD Linux. The slim part is that the instructions are missing. But the purpose of the thing is to supply a shell and minimal environment. When combined with GCC and BINUTILS (from CD2), the scripts at, and a helping hand from Perl (from CD1), you can "rootstrap" a fresh system.

This rootstrapping thing (using the current CD0) has been tested on S390 and I386. The CD image also contains support for PPC, which is expected to work just fine, but is untested.

The other gift in the bag is a minor update to UFT making it leak less info in secure contexts. Seems to work just fine, but we'll have to talk about that in another post.

-- R; <><

Wednesday, January 8, 2014

Climate Change on the Net

Climate Change on the Net

There's a storm brewing. Winds of change have shaken loose the low hanging fruit and blown open the barn doors. But fruit which stays on the ground will rot and doors left open will let livestock out and predators in.

Some points to note ...

  • IPv6, enabling "the internet of things"
  • pervasive embedded computing (not your father's Oldsmobile)
  • cloud computing, futuristic and retro

Even prior to consumer availability of IPv6, we were seeing more "things" on the internet. In my own house, when we replaced our aging Zenith television with a stylish Samsung LCD, we wound up with three "devices" on our home LAN which prior counterparts were not networked. They speak a variety of convenience protocols. Behind my firewall, they're supposedly safe. Supposedly.

Electronics in vehicles and appliances have increased and gotten steadily more sophisticated. The idiot light says "service required", so you visit your mechanic (or the auto parts store), they plug-in their OBD reader and tell you what's really wrong. Soon, your fridge will tell you to buy milk (or will order milk all by itself). Kinda scary. But also very geeky.

Cloud computing is the buzzword du jour. It's progressive in that we can buy (rent) disposable complete systems for almost any computing work imaginable. But we deploy complete package bundles, and that doesn't always scale. Default distributions are not by default secure.

So how's cloud retro?
It takes us back to the "service bureau" days.
That's not a bad thing, just ironic. It reverses the trend over several decades of owning the hardware, but it fulfills part of the MULTICS vision of computing as a utility.

A Northern Wind

NORD is a simple "open source" operating system following the standard recipe. It uses the 'make install' logic defined by individual package authors and supplements that with a ready-to-run scheme. Other than that, it's just Linux.

Unlike some Linux distributions, NORD tries to be more Unix than Linux. But it is pragmatic enough to use the Linux kernel, GNU core utilities, and other Linux packages.

The software and computing industry is increasingly distressed about security. (Privacy too, but mostly with the overall hardness against attack.) Consider a recent Wired Magazine article by Bruce Schneier (with help from Jim Gettys, I'm told) ...

The Internet of Things is Wildly Insecure

NORD is particularly suited to embedded use. (Like a generic underpinning for things like OpenWrt.) For simplicity, and giving a boost to security, it starts less services and daemons than other systems.

I use NORD daily for a variety of things, mostly related to software development. (I have a day job.) At one time, NORD's unnamed predecessor served as one of my primary internet-facing servers. It was reliable and secure.

But NORD needs help. It doesn't have an installer. That's by design, but it needs a way to bootstrap onto new hardware. Someone who can assemble a quick stamp utility for I386 and S390 would really be welcome.

An old reference doc for NORD is in Google space ...

NORD Scratch Linux

Recently, friends familiar with the project have lent a hand, one in particular. Their contributions are huge, breaking NORD out of the "one man's toy" mode into something reproducible. Thanks.

NORD is not the only source based system available. If more people, especially the civic minded hacker brain trust, would use systems like LFS, the digital world would be better overall.

There's a companion project, not so much help on the systems front but a boost to security. UFT (Unsolicited File Transfer) has gotten new attention. While its original design was more for interoperability than privacy, it turns out to be great for both goals.

Join the movement.

-- R; <><

NORD Mascot