Schneier on Audit

Every once in a while we get the feedback from collaguages in the industry, especially from system administrators, that with Shell Control Box we are creating an evil piece of software that helps bosses with Big Brother-ish aspirations take away their last piece of privacy: their very own computer screen. It's always hard to convince them that 1) it's a tool and yes, it can be abused but that's not the goal it was developed for, and 2) having a trusted recording of when and what they have done on a mission-critical system with sensitive data can just as well save them from false accusations when things get nasty.

This is the reason I was glad to see a great piece from good old Bruce Schneier about auditing which I can point them to from now on:

When we think about security, we commonly think about preventive measures: locks to keep burglars out of our homes, bank safes to keep thieves from our money, and airport screeners to keep guns and bombs off airplanes. We might also think of detection and response measures: alarms that go off when burglars pick our locks or dynamite open bank safes, sky marshals on airplanes who respond when a hijacker manages to sneak a gun through airport security. But audit, figuring out who did what after the fact, is often far more important than any of those other three.

Most security against crime comes from audit. Of course we use locks and alarms, but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.

Audit helps ensure that people don't abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store's money. To ensure they don't skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.

The same idea secures us from police abuse, too. The police have enormous power, including the ability to intrude into very intimate aspects of our life in order to solve crimes and keep the peace. This is generally a good thing, but to ensure that the police don't abuse this power, we put in place systems of audit like the warrant process.

Go on and read the whole stuff: it's main topic is NSA and its legalisative background in the USA, but it contains lots of other remarkable ideas about auditing in general.

Development-by-delete and the Zen of JS calendars

This week we needed simple internal webapp, and we needed it quick. Nothing fancy, it's main goal was to replace an Excel table and allow ~10 people to edit a basic database simultaneously and provide the rest of the staff with the appropriately filtered results. This is a problem a lot of frameworks aim to make easy and painless to solve -- Ruby on Rails or JSF are nice examples -- but all of these need some time to get started with (I've actually played around with JSF a couple of years ago and we have a Ruby expert on the team but it'd have simply taken too much time to set up a proper environment before we could start hacking code).

So we thought: hey, we do have a framework that provides us with the low-level scaffolding that a web-based application needs: an MVC scheme, proper check of inputs to avoid SQL-injections or XSS secholes, a usable database abstraction layer, a ready-to-use templating engine, session handling, an authentication layer, and so on... all those lots of small things that you spend a lot of your time with if you start off using "low-level" tools like PHP and don't want to create a completely unmaintainable and messy code. We have already designed, written and tested such a framework for Shell Control Box which we re-used for syslog-ng Store Box -- that's what we call X Control Box or XCB (and that's the XCB I've mentioned in my previous post), a generic base for our appliances. And we also happen to know it quite well and have a ready-to-use development environment for it.

Of course XCB knows a lot more than what a small database-oriented webapp needs and it'd have been quite ineffective to use such a complex system for something that simple. So I sat down, copied the XCB codebase to a new dir, and started to hit the button "d" in vi. Hit it hard and long. Half an hour later, there it was: the initial commit of something that can best be called XCB lite -- a framework that provides all the beforementioned basic foundations for a webapp without the overhead caused by the advanced features needed by an XCB-based appliance. And the best part is that only tiny changes were needed to make it work and it kept 95% class API-level compatibility with the original, so if any new features are needed (such as XML database or SQLite support) they can be added by simply copying the related classes from the XCB codebase. I think this was the most bizarre way I've ever created a new application -- by spending nine-tenth of my time deleting code.

Oh, and just as a side note: if you ever need to add a simple JS-based DHTML date picker to your app, don't spend a single minute of your time evaluating the various options (or, oh horror, write your own). Use the very first Google hit for "javascript date picker" and go with it. It will only get worse, seriously.

Hello and Welcome

Hello and welcome to this part of BalaBit's new line of "professional-to-professional" blogs. My name is Péter Gyöngyösi, and I work with of a small group of extremely talented PHP/CSS/JS wizards on the configuration interface of Shell Control Box and syslog-ng Store Box. We're the web guys amongst the hardcore C/C++ network coders, which makes us a bit like some kind of aliens: we are the ones to get the pitying eye when we have to develop crazy workarounds for a weird bug in IE6's SSL handling and we are the ones to look strange at the C guys when we realize that they have to do 10+ lines of pointer wizardy for what we have print_r().

But there's a lot more than CSS quirks in developing SCB and SSB, and that's what this blog is going to be about (besides the mindnumbing word jokes that somehow tend to come up in dozens in this team*) Once counted, more than 10 programming/markup languages are used in these appliances all the way from firmware-builder Python scripts through config-generator XSLs to PlSQL routines to access the Sphinx indexer, which puts a nice variety in our daily work -- and gives us a lot to be amazed of or to rant about.

So, again, welcome to the blog of the XCB team at BalaBit. Enjoy your stay.



*: Just to give you an example:

- How do you measure the performance of git?
- ??
- By branchmarking.