odd_parity

Pročitavši originalni post Ivana Krstića, odlučio sam njegovu priču prevesti na hrvatski i malo pojednostavniti, jer - prijetnja je zanimljiva i ima veliki potencijal žrtvu ostaviti sa vrlo realnim gubitkom podataka na računalu.

Piše tako Ivan o Gpcode.ak, informatičkom zlu koje će, zarazi li vas, učiniti sve da vaši podaci budu nedostupni. I to *grdo* nedostupni - vaši dokumenti bit će zaključani snažnom enkripcijom, a ključ za otključavanje dokumenata dobit ćete tek nakon što platite - ucjenu. Zaista, prava otmica vaših podataka.
I dok se tako Ivan zabavlja sa tehnikalijama priče i sigurnosnim implikacijama (a što mu sasvim dobro ide), ja ću se osvrnuti na tu priču sa prizemnije strane:

Zamislite slijedeći scenarij: vlasnik ste tvrtke. Velike, male - svejedno. Jednog dana, unatoč svim mjerama opreza, netko u vašu mrežu pripusti Gpcode.ak. Program je vrlo zao - uzet će vaše dokumente, i enkriptirat će ih na takav način da je dekripcija bez ključa faktički neizvediva u razumnom roku (čitaj: nekoliko godina neprekidnog rada jednog ili više računala samo na razbijanju enkripcije). Drugim riječima, nitko vam ne može vratiti te podatke, iako oni i dalje čuče na vašem disku, enkriptirani.

Što ćete raditi nekoliko godina sa podacima do kojih ne možete doći?

Naravno, brzo rješenje je - platiti ucjenu. Onaj tko plati ucjenu, dobit će ključeve kojima će moći doći do svojih podataka. I, jednom kad vam se tako nešto dogodi, to je nažalost jedini način da vaše podatke dešifrirate u izvorno stanje.

Bolje rješenje je - imati uredan backup, i to duboko u prošlost, kako biste mogli odbaciti kriptirane podatke i zamjeniti ih starijima, ali zato čitljivim. (prije toga se riješite virusa, inače će vas kolege zvati Sizif)

Nažalost, jedina relativno čvrsta obrana od ovakve napasti je antivirus koji može prepoznati i zaustaviti napasnika prije nego uopće dođe u priliku dohvatiti se vaših podataka.
Za svaku ozbiljnu tvrtku ovako što je poprilično kockanje, jer se faktički poslovanje tvrtke oslanja na sposobnost treće strane da izradi softver koji će moći zaštititi ju od ovakvih napada.

Ima li tvrtke kojoj biste zaista vjerovali? Ne želim reći kako proizvođači antivirusa ne zaslužuju povjerenje ili nemaju dobre proizvode, dapače. Ali, svi oni pate od jednog velikog problema: antivirusi uvijek kaskaju za virusima. Priroda stvari je jednostavno takva - kao što naše tijelo proizvodi antitijela tek nakon što je zaraženo, tako i antivirusi mogu spriječiti viruse tek nakon što znaju o čemu se radi. Heuristika pomaže, istina, i djeluje na neki način preventivno, ali to je vrlo slično cjepljenju protiv gripe, kada se odete cijepiti protiv mutacije A, a za tjedan dana vas u krevet sruši mutacija B.

Ima li zaštite od ovako nečega? Zapravo, ne. To je kao i ptičja gripa, svi se nadamo da će nas zaobići. Ne postoji potpuna zaštita od ovakve prijetnje, a katastrofični scenario je lako zamisliv i vrlo lako izvodiv: zli genij (ili obični zli luđak) odluči napraviti takav virus, i to potpuno nov, kojeg antivirusi ne prepoznaju, i zahvaljujući ljepotama Interneta, pusti ga u divljinu. U roku 24 sata, zaražen je ogroman broj računala. Nakon što istekne vremenska bomba (kako se virus ne bi prerano aktivirao i bio otkriven prije nego uspije zaraziti veliki broj računala), virus enkriptira sve podatke do kojih može doći na mnoštvu zaraženih računala. Zlo i naopako. Zli genij će onda tražiti otkupninu za podatke, ali - zli luđak neće, jer ga novci ne zanimaju, niti će ponuditi mogućnost vraćanja podataka.

Može li se prevencijom umanjiti mogućnost štete? Slijedi petominutni tečaj preživljavanja:

1. Vrlo ozbiljno i studiozno radite backup podataka. Ne dozvolite si pritom gaf da backup radite na medij kojeg zaboravite promjeniti i na kojeg je moguće pisati (traka, primjerice), pa virus usput enkriptira i te podatke...

2. Educirajte sebe i zaposlene - needucirani i/ili glupavi djelatnici najveća su sigurnosna rupa u vašem IT sustavu.

3. Promjenite OS na kojem radite - iako to nije samo po sebi zaštita, korištenje Linuxa ili Mac OS X-a maknut će vas sa prve crte udara (MS Windows).

4. Ako su vam licence za antivirus do sad bile skupe, mislite li da će biti jeftinije platiti ucjenu? I, kako ćete to provesti kroz knjigovodstvo?

Naposljetku, ako zaista mislite da baš vi znate najbolje o vašoj IT infrastrukturi i zaštiti iste, pa vam stručna pomoć nije potrebna - želim vam sreću.

Ne baš atipična situacija za Hrvatsku je tvrtka koja želi uštedjeti troškove i ne želi kupiti simetričan stalni link, već trpi mušice aDSL veze.

Da, da - nema do optike, ali puno više mojih klijenata bira ovu jeftiniju varijantu priče. Na kraju krajeva, najveća količina prometa je ulazna, a odlazni paketi često i nisu tako bitni - neka je sporije, kad ode otići će.

Nedavno sam slagao, između ostaloga, jedno prosto failover rješenje. Tvrtka ima dva aDSL linka, jedan je flat-rate link prema Iskonu, a drugi je stari ne-flat-rate link prema Amisu, kojeg je tvrtka zadržala jer je toliko jeftin da stoji za "zlu ne trebalo".

Naravno, stvar bi bilo zgodno automatizirati, zar ne?

Postoji više načina na koje se može riješiti ovaj problem - najjednostavniji je ugrađen u sam kernel i sastoji se od tri jednostavne linije koda:

route add default gw 192.168.1.254 dev eth1
route add default gw 192.168.100.1 dev eth2
echo "10" > /proc/sys/net/ipv4/route/gc_timeout

Dakle, postavimo jednu rutu, postavimo drugu rutu, te u gc_timeout postavimo vrijeme u sekundama nakon čijeg isteka će računalo zaključiti kako je ruta mrtva, te prijeći na drugu rutu.Mana ove priče je što u slučaju da drugi link radi kako treba, računalo se neće samo od sebe vratiti na prvi link.

No, ovdje pričamo o dva linka, pri čemu je flat-rate link debelo preferiran onom drugom linku. A ljudi surfajuuuuu...

Skripta koja slijedi (a koju sam bezočno ukrao sa Interneta i malo prilagodio) od jednostavnijih je rješenja ovog problema.

Potrebno je postaviti cron job koji će svakih par minuta pokrenuti ovu skriptu:

#!/bin/sh
#Note: Please make sure this script run in the
#cronjob every 5 minutes

# U ove varijable stavite gateway IP adrese vaša dva providera.

# Pritom pazite na ethernet kartice:

# ISP1 -> eth1 (primarni link)

# ISP2 -> eth2 (backup link)

# U ovom slučaju eth0 je lokalna mreža!

ISP1=192.168.1.254

ISP2=192.168.100.1

function switch_isp2()
{
/sbin/route del default
/sbin/route add default gw $ISP2 dev eth2
}

function switch_isp1()
{
/sbin/route del default
/sbin/route add default gw $ISP1 dev eth1
}

if /bin/ping -q -c1 -Ieth1 161.53.19.201 >/dev/null 2>&1; then
if /sbin/route -n | /bin/grep '^0.0.0.0' | /bin/grep "$ISP2" >/dev/null; then
/sbin/ip route flush cache;
echo `date` "Prebacujem se na ISP1";
switch_isp1;
/sbin/route -n | grep UG;
fi;
exit 0;

elif /sbin/route -n | /bin/grep '^0.0.0.0' | /bin/grep "$ISP1" >/dev/null; then

echo `date` "Prebacujem se na ISP2";
/sbin/ip route flush cache;
switch_isp2;
/sbin/route -n | grep UG;

fi;

Kako skripta radi? Pokrenuta svakih nekoliko minuta iz cron-a, skripta će prvo provjeriti može li kroz primarni link pingati www.hr (161.53.19.201). Naredbu ping možete opcijom -I nagovoriti da pinga preko interface-a kojeg vi želite (u suprotnom će pingati preko podrazumjevane rute). Ako je sve u redu, tj. ako se host odaziva, provjerit će je li gateway namješten na pomoćni link i ako jest, automatski će prebaciti rutu na flat-rate vezu tako što će prvo obrisati informacije o trenutno korištenom gatewayu te postaviti novi gateway sa striktno definiranom ethernet karticom koja je vezana na flat-rate aDSL.

Ako se host ne odaziva, prebacit će se na pomoćni link i na gore opisani način postaviti novu rutu.

Ova skripta nije savršena. Nije stalno čučeći daemon već se poziva iz cron-a, što znači da se gubitak primarnog linka neće odmah sanirati prebacivanjem na pomoćni, već će proći određeno vrijeme,barem jedna minuta (jer je to razlučivost cron daemona, ili više ako ne želite opterećivati vaš stroj čestim provjerama linka - što zapravo i nije neko opterećenje - veći problem su nestrpljivi korisnici) dok skripta ne dođe na red za izvršavanje. U praksi, u cronu definiran interval kojim će se pozivati skripta je najveće očekivano vrijeme odziva, jer se skripta može, uz malo sreće, doći na red za pokretanje sekundu ili dvije nakon pada veze, u kojem slučaju će korisnici imati privid fantastično inteligentnog i brzog failover sustava. ;-)

Zatim, uvijek postoji mogućnost da oba linka krepaju, no na to zbilja ne možete utjecati. Skripta je dovoljno "inteligentno" napisana da preuzme bilo koji link koji prvi dođe sebi, a zatim se vrati na flat-rate link čim ovaj postane dostupan.

Najzad, što ako vanjski server kojim kontroliramo dostupnost linka iz nekog razloga ne radi? Dakako, www.hr je vrlo pouzdan server, ali nitko ne garantira da neće otkazati u nezgodnom trenutku. Ovo možete ublažiti tako da pingate neki od servera "bliže" vašoj primarnoj aDSL vezi, DNS server vašeg flat-rate ISP providera, primjerice.

Ako ISP ne dozvoljava ping? Promjenite ISP!

Ispis skripte možete hvatati u željeni log; svaka promjena gatewaya rezultirat će porukom sa datumom i vremenom promjene.

Može li skripta biti bolja? Svakako! No, ovo je otprilike najjednostavnije što sam našao.

There it is - Euro 2008 world cup.

The globe is shaped like a soccer ball. Austria and Swiss in the center.

I don't like soccer, so I surf while my country (Croatia) is playing against Austria.

My God, The Net is so fast!

Wine project has gone a long way. It has been in development since 1993., when it was a laughing stock of casual Windows professionals, who took rounds in making fun of application that aimed at running Windows applications on Linux (another member of laughing stock), yet was barely able to run Minesweeper for Windows 3.11.

Fifteen years later, the development of first stable version is nearing its completion. Fifteen years is a long, long time, but to understand why it took so long you have to understand that Wine team didn't have any help from Microsoft. All they had were books on programming in Windows environment, and reverse engineering of a platform that is constantly changing. This is by no means a smal feat. They surpassed many other players, even the mighty IBM who took their chance in using win32s on OS/2 platform with the same goal as Wine project, took lead for a year or two as it could run more applicatins than Wine at that time, then abandoned the project as the OS/2 market share shrank.

Today, I am looking at Wine 1.0.0 rc2 – and as you are reading this, there should be rc3 available on Winehq site, an even more improved candidate. In the meantime, Wine has sprouted two commercial offspring, enhanced versions of Wine that can run Office aplications (Crossover) and Windows games (Cedega). Is Wine 1.0 going to make them obsolete? Hardly – they are more thoroughly tested variations that are more user-friendly, and they surely won't go away. No, they can only get better.

What does this Wine release candidate offer? An absolute Windows compatibility? No. This is probably never going to happen, but the compatibility seem to be quite high. There's a lot of applications that run well under Wine, as you can see on their web catalogue.

What I wanted to figure out is – how good this Wine rc is for playing Windows games.

I find this an area of personal interest, for I am a gamer as well as businessman. Yep, young generation...

The other motivation is that constant back-chat about Linux having no good games (or no games at all). While this is true compared with a number of games for Windows (the main OS competitor), if there's a way to run Windows games on Linux, then gaming is no more a problem.

My choice of games to test is a little bit unusual.

There are some games that run natively on Linux, such as Enemy Territory: Quake Wars, or UT2004, or Quakes (I, II, III, MMCDXIX...), or Savage... so there's no reason to test Windows versions of those. I didn't want to test modern Windows games such as Crysis of Far Cry or Oblivion, just because they are mainstream. As a gamer, I find mainstream computer games dull and boring, as big game companies don't want to experiment – they just release one after another “episodes” and sequels. Boring, I tell ya!

Have you ever heard of Indie games? It's a whole world of small teams or individual developers developing computer games (mostly) for fun. They are cheaper, but most of the time a lot more entertaining – the lack of budget is compensated with great gameplay and atmosphere. What is much more important, if you're looking after a game for your kid, one that has funny characters, colors, music, and little to no violence – take a look at Indie market. In a short time while preparing this article, I have found few of those games – small, cute, addictive games for the whole family.

In my quest for Indie games I stumbled upon a site named Game Tunnel, where there's their top 100 of independent games. That page is about a year old now, but it does contain a list of quite interesting games, and most of those I have reviewed can be found there.

I have selected sixteen of them. To pass my test a game must be playable without doing any special tweaking of Wine – that means, stock Wine rc from WineHQ, no modifications at all. The game must install and run as is. Distribution: Ubuntu 8.04 64-bit.

Out of sixteen, six didn't work for some reason. Some just didn't work, one asked for .Net (which doesn't come in stock Wine), and one was playable, but the screen was so offset that half top was off the screen – therefore it was considered unplayable with rc2.

Given the numbers and my previous experience with games under Wine, I presume it is safe to say that about two thirds of games for Windows should be playable on Linux. This excludes most recent games with DX10 and other features for which there was no time to include (read: reverse-engineer) support in Wine.

But then, if you want to play latest Windows games, and you have money to pay extra for them, you should really buy Windows. If you're after just a couple of nice games, Wine really can help you. My conclusion is that Wine can be used to play Windows games. It is not perfect, but it is good enough for all but hard-core gamers and nitpickers. Not a prime time for Linux gaming, but it does offer a big choice of Windows games on Linux platform.

Let's see which of those sixteen games do work flawlessly:

DrDobbs Challenge

This is a platform game, where your task is to collect some Microsoft trademarked symbols, while avoiding bugs. There's a rumor that on higher levels a giant penguin is rampaging trough the level, but PR person at Microsoft told me that they know nothing about that, and Dr. Dobb told me personally that if he would be the one who wrote it, it would be in VisualBasic. There are no weapons around, you have to be careful and watch your every step.

(this game is, in fact, programming contest by Dr. Dobb's Journal)

Eets

Ever played Lemmings? A classic? Yes, there is a Lemmings clone for Linux, but this is not the clone. This is a funny game about hungry Eet, a cute little cartoonish creature who must be guided by your careful hand to his snack – a piece of puzzle. To do that you have a choice of action items that affect Eet in a funny way. This game is safe to give to your child.

Jets'n'guns

A fast sidescroller with nice graphics. Guns, explosions and teeny tiny astronauts that run around the half destroyed base for you to take them down. No blood, but this is a shooter. Old-style.

Wik & the Fable of Souls

There's that guy that look like Gollum, with a frog-like tongue (serves both as a grappling hook and feeding protrusion). Another platform with nice graphics, no violence and rather odd main character in a fairy-tale world. This game has some issues with mouse cursor artefacts, but nothing that would prevent you from playing it. And pretty much kid-safe.

Little soldiers

A nice puzzle platform with elements of Lemmings. Guide your little soldiers trough maze. Not particularly entertaining, but still a nice game.

Snowy: Space Trip

Great game for kids! There's that polar bear named Snowy, and his duty is to find and bring to safety what is obviously an alien race (friendly, though). Mechanical beasts are bad guys. Very entertaining platformer. Very children friendly.

Master of Defense

Not much to say about this game. It's Flash Element TD in 3D. Give it a try.

Steam Brigade

An excellent steampunk clash – you control a guy in some sort of air baloon with huge magnet, trying to get your soldiers to enemy steam factory, where an engineer would sabotage it. Highly addictive, but not for children. Lots of sacrified soldiers around, you know...

Super Gerball

Marble mania clone. In 3D. Kind of retro graphics, but much fun for your kid.

Kid Mystic

Ever wanted to be a kid with a hydrocephalus? Now you can be! This is a nice 3D RPG where a kid wizard must fight hoards of enemies (spiders, mushrooms, etc) to defeat the final monster. Pretty much kid safe.

Games that didn't work with rc2: Outpost Kaloki, Chromadome, Venture Arctic, Minigolf Mania, Trash Game, Mr. Smoozles goes nutso.