|May the source be with you, but remember the KISS principle ;-)|
|Contents||Bulletin||Scripting in shell and Perl||Network troubleshooting||History||Humor|
|News||RHEL Daemons||Recommended Books||Recommended Links||Disabling the avahi daemon||How to disable SELinux||Checklist for Securing RedHat Li||systemd|
|Cron||Wheel Group||PAM||Networking||NTP configuration||SELinux||LVM||Xinetd|
RHEL daemons structure reflects the fact that Red Hat is sitting between two chairs. Some of daemons mentioned below does not make any sense for an enterprise server. Among daemons that are typically redundant on RHEL 5 servers, we can mention:
cups NetworkManager avahi-daemon ip6tables xend xendomains bluetooth hidd hplip isdn pcscd - PC/SC Smart Card Daemon smb pcscdSE-related daemons:
setroubleshootd restorecond - daemon that watches for file creation and then sets the default SELinux file context
Avahi is good example here. Avahi is a free Apple zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery. Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug their computer into a network and Avahi automatically finds printers to print to, files to look at and people to talk to, as well as advertising the network services running on the machine.
Other daemons that can be removed:
chkconfig bluetooth off chkconfig hidd off chkconfig pand off chkconfig cups off chkconfig hplids off chkconfig ip6tables off chkconfig isdn off chkconfig pcscd off chkconfig setroubleshootd off # if you do not use SElinux
A couple of daemons that should be enabled, but are not enabled by default:
chkconfig vsftpd on chkconfig nfs on
3.1.1 - Determine which Services are Enabled at Boot
Run the command: # chkconfig --list | grep :on The first column of this output is the name of a service which is currently enabled at boot. Review each listed service to determine whether it can be disabled. If it is appropriate to disable some service srvname , do so using the command: # chkconfig srvname off Use the guidance below for information about unfamiliar services.3.1.2 - Guidance on Default Services
The table in this section contains a list of all services which are enabled at boot by a default RHEL5 installation. For each service, one of the following recommendations is made: * Enable: The service provides a significant capability with limited risk exposure. Leave the service enabled. * Configure: The service either is required for most systems to function properly or provides an important security function. It should be left enabled by most environments. However, it must be configured securely on all machines, and different options may be needed for workstations than for servers. See the referenced section for recommended configuration of this service. * Disable if possible: The service opens the system to some risk, but may be required by some environments. See the appropriate section of the guide, and disable the service if at all possible. * Servers only: The service provides some function to other machines over the network. If that function is needed in the target environment, the service should remain enabled only on a small number of dedicated servers, and should be disabled on all other machines on the network. Service name Action Reference acpid Enable 220.127.116.11 anacron Disable if possible 3.4 apmd Disable if possible 18.104.22.168 atd Configure 3.4 auditd Configure 2.6.2 Service name Action Reference autofs Disable if possible 22.214.171.124 avahi-daemon Disable if possible 3.7 bluetooth Disable if possible 3.3.14 cpuspeed Enable 126.96.36.199 crond Configure 3.4 cups Disable if possible 3.8 firstboot Disable if possible 3.3.1 gpm Disable if possible 3.3.2 haldaemon Disable if possible 188.8.131.52 hidd Disable if possible 184.108.40.206 hplip Disable if possible 220.127.116.11 ip6tables Configure 2.5.5 iptables Configure 2.5.5 irqbalance Enable 3.3.3 isdn Disable if possible 3.3.4 kdump Disable if possible 3.3.5 kudzu Disable if possible 3.3.6 mcstrans Disable if possible 18.104.22.168 (SELinux) mdmonitor Disable if possible 3.3.7 messagebus Disable if possible 22.214.171.124 microcode ctl Disable if possible 3.3.8 netfs Disable if possible 3.13 (NFS) network Enable 3.3.9 nfslock Disable if possible 3.13 (NFS) pcscd Disable if possible 3.3.10 portmap Disable if possible 3.13 (NFS) readahead early Disable if possible 3.3.12 readahead later Disable if possible 3.3.12 restorecond Enable 126.96.36.199 (SELinux) rhnsd Disable if possible 188.8.131.52 rpcgssd Disable if possible 3.13 (NFS) rpcidmapd Disable if possible 3.13 (NFS) sendmail Configure 3.11 setroubleshoot Disable if possible 184.108.40.206 (SELinux) smartd Enable 3.3.11 sshd Servers only 3.5 syslog Configure 2.6.1 xfs Disable if possible 3.6 (X11) yum-updatesd Disable if possible 220.127.116.11.23.1.3 - Guidance for Unfamiliar Services
If the system is running any services which have not been covered, determine what these services do, and disable them if they are not needed or if they pose a high risk. If a service srvname is unknown, try running: $ rpm -qf /etc/init.d/srvname to discover which RPM package installed the service. Then, run: $ rpm -qi rpmname for a brief description of what that RPM does.3.2 - Obsolete Services
This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or severely limiting the service has been the best available guidance for some time. As a result of this consensus, these services are not installed as part of RHEL5 by default. Organizations which are running these services should prioritize switching to more secure services which provide the needed functionality. If it is absolutely necessary to run one of these services for legacy reasons, care should be taken to restrict the service as much as possible, for instance by configuring host firewall software (see Section 2.5.5) to restrict access to the vulnerable service to only those remote hosts which have a known need to use it.3.2.1 - Inetd and Xinetd
Is there an operational need to run the deprecated inetd or xinetd software packages? If not, ensure that they are removed from the system: # yum erase inetd xinetd Beginning with Red Hat Enterprise Linux 5, the xinetd service is no longer installed by default. This change represents increased awareness that the dedicated network listener model does not improve security or reliability of services, and that restriction of network listeners is better handled using a granular model such as SELinux than using xinetd's limited security options.
CCE-4234-1 Inetd and Xinetd
The inetd service should be enabled or disabled as appropriate.
CCE-4252-3 Inetd and Xinetd
The xinetd service should be enabled or disabled as appropriate.
CCE-4023-8 Inetd and Xinetd
The inetd package should be installed or uninstalled as appropriate.
3.2.2 - Telnet
CCE-4164-0 Inetd and Xinetd
The xifnetd package should be installed or uninstalled as appropriate.
Is there a mission-critical reason for users to access the system via the insecure telnet protocol, rather than the more secure SSH protocol? If not, ensure that the telnet server is removed from the system: # yum erase telnet-server The telnet protocol uses unencrypted network communication, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network, and also that outsiders can easily hijack the session to gain authenticated access to the telnet server. Organizations which use telnet should be actively working to migrate to a more secure protocol. See Section 3.5 for information about the SSH service.
The telnet service should be enabled or disabled as appropriate.
3.2.3 - Rlogin, Rsh, and Rcp
The telnet-server package should be installed or uninstalled as appropriate.
The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.18.104.22.168 - Remove the Rsh Server Commands from the System
Is there a mission-critical reason for users to access the system via the insecure rlogin, rsh, or rcp commands rather than the more secure ssh and scp? If not, ensure that the rsh server is removed from the system: # yum erase rsh-server SSH was designed to be a drop-in replacement for the r-commands, which suffer from the same hijacking and eavesdropping problems as telnet. There is unlikely to be a case in which these commands cannot be replaced with SSH.
CCE-3974-3 Remove the Rsh Server Commands from the System
The rcp service should be enabled or disabled as appropriate.
CCE-4141-8 Remove the Rsh Server Commands from the System
The rsh service should be enabled or disabled as appropriate.
CCE-3537-8 Remove the Rsh Server Commands from the System
The rlogin service should be enabled or disabled as appropriate.
22.214.171.124 - Remove .rhosts Support from PAM Configuration Files
CCE-4308-3 Remove the Rsh Server Commands from the System
The rsh packagee should be installed or uninstalled as appropriate.
Check that pam rhosts authentication is not used by any PAM services. Run the command: # grep -l pam rhosts /etc/pam.d/* This command should return no output. The RHEL5 default is not to rely on .rhosts or /etc/hosts.equiv for any PAM-based services, so, on an uncustomized system, this command should return no output. If any files do use pam rhosts, modify them to make use of a more secure authentication method instead. For more information about PAM, see Section 126.96.36.199.2.4 - NIS
The NIS client service ypbind is not activated by default. In the event that it was activated at some point, disable it by executing the command: # chkconfig ypbind off The NIS server package is not installed by default. In the event that it was installed at some point, remove it from the system by executing the command: # yum erase ypserv The Network Information Service (NIS), also known as "Yellow Pages" (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and other modern centralized authentication services. NIS should not be used because it suffers from security problems inherent in its design, such as inadequate protection of important authentication information.
The ypbind service should be enabled or disabled as appropriate.
3.2.5 - TFTP Server
The ypserv package should be installed or uninstalled as appropriate.
Is there an operational need to run the deprecated TFTP server software? If not, ensure that it is removed from the system: # yum erase tftp-server TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides little security, and modern versions of networking operating systems fre77 quently support configuration via SSH or other more secure protocols. A TFTP server should be run only if no more secure method of supporting existing equipment can be found.
CCE-4273-9 TFTP Server
The tftp service should be enabled or disabled as appropriate.
3.3 - BaseServices
CCE-3916-4 TFTP Server
The tftp-server package should be installed or uninstalled as appropriate.
This section addresses the base services that are configured to start up on boot in a RHEL5 default installation. Some of these services listen on the network and should be treated with particular discretion. The other services are local system utilities that may or may not be extraneous. Each of these services should be disabled if not required.3.3.1 - Installation Helper Service (firstboot)
Firstboot is a daemon specific to the Red Hat installation process. It handles "one-time" configuration following successful installation of the operating system. As such, there is no reason for this service to remain enabled. Disable firstboot by issuing the command: # chkconfig firstboot off
3.3.2 - Console Mouse Service (gpm)
CCE-3412-4 Installation Helper Service (firstboot)
The firstboot service should be enabled or disabled as appropriate.
GPM is the service that controls the text console mouse pointer. (The X Windows mouse pointer is unaffected by this service.) If mouse functionality in the console is not required, disable this service: # chkconfig gpm off Although it is preferable to run as few services as possible, the console mouse pointer can be useful for preventing administrator mistakes in runlevel 3 by enabling copy-and-paste operations.
3.3.3 - Interrupt Distribution on Multiprocessor Systems (irqbalance)
CCE-4229-1 Console Mouse Service (gpm)
The gpm service should be enabled or disabled as appropriate.
The goal of the irqbalance service is to optimize the balance between power savings and performance through distribution of hardware interrupts across multiple processors. In a server environment with multiple processors, this provides a useful service and should be left enabled. If a machine has only one processor, the service may be disabled: # chkconfig irqbalance off
3.3.4 - ISDN Support (isdn)
CCE-4123-6 Interrupt Distribution on Multiprocessor Systems (irqbalance)
The irqbalance service should be enabled or disabled as appropriate.
The ISDN service facilitates Internet connectivity in the presence of an ISDN modem. If an ISDN modem is not being used, disable this service: # chkconfig isdn off
3.3.5 - Kdump Kernel Crash Analyzer (kdump)
CCE-4286-1 ISDN Support (isdn)
The isdn service should be enabled or disabled as appropriate.
Kdump is a new kernel crash dump analyzer. It uses kexec to boot a secondary kernel ("capture" kernel) following a system crash. The kernel dump from the system crash is loaded into the capture kernel for analysis. Unless the system is used for kernel development or testing, disable the service: # chkconfig kdump off
3.3.6 - Kudzu Hardware Probing Utility (kudzu)
CCE-3425-6 Kdump Kernel Crash Analyzer (kdump)
The kdump service should be enabled or disabled as appropriate.
Is there a mission-critical reason for console users to add new hardware to the system? If not: # chkconfig kudzu off Kudzu, Red Hat's hardware detection program, represents an unnecessary security risk as it allows unprivileged users to perform hardware configuration without authorization. Unless this specific functionality is required, Kudzu should be disabled.
3.3.7 - Software RAID Monitor (mdmonitor)
CCE-4211-9 Kudzu Hardware Probing Utility (kudzu)
The kudzu service should be enabled or disabled as appropriate.
The mdmonitor service is used for monitoring a software RAID (hardware RAID setups do not use this service). This service is extraneous unless software RAID is in use (which is not common). If software RAID monitoring is not required, disable this service: # chkconfig mdmonitor off
3.3.8 - IA32 Microcode Utility(microcodectl)
CCE-3854-7 Software RAID Monitor (mdmonitor)
The mdmonitor service should be enabled or disabled as appropriate.
microcode ctl is a microcode utility for use with Intel IA32 processors (Pentium Pro, PII, Celeron, PIII, Xeon, Pentium 4, etc) If the system is not running an Intel IA32 processor, disable this service: # chkconfig microcode ctl off
3.3.9 - Network Service (network)
CCE-4356-2 IA32 Microcode Utility(microcodectl)
The microcode_ctl service should be enabled or disabled as appropriate.
The network service allows associated network interfaces to access the network. This section contains general guidance for controlling the operation of the service. For kernel parameters which affect networking, see Section
188.8.131.52 - Disable All Networking if Not Needed
CCE-4369-5 Network Service (network)
The network service should be enabled or disabled as appropriate.
If the system is a standalone machine with no need for network access or even communication over the loopback device, then disable this service: # chkconfig network off184.108.40.206 - Disable All External Network Interfaces if Not Needed
If the system does not require network communications but still needs to use the loopback interface, remove all files of the form ifcfg-interface except for ifcfg-lo from /etc/sysconfig/network-scripts: # rm /etc/sysconfig/network-scripts/ifcfg-interface220.127.116.11 - Disable Zeroconf Networking
Zeroconf networking allows the system to assign itself an IP address and engage in IP communication without a statically-assigned address or even a DHCP server. Automatic address assignment via Zeroconf (or DHCP) is not recommended. To disable Zeroconf automatic route assignment in the 18.104.22.168 subnet, add or correct the following line in /etc/sysconfig/network: NOZEROCONF=yes Zeroconf addresses are in the network 169.254.0.0. The networking scripts add entries to the system's routing table for these addresses. Zeroconf address assignment commonly occurs when the system is configured to use DHCP but fails to receive an address assignment from the DHCP server.3.3.10 - Smart Card Support (pcscd)
The pcscd service provides support for Smart Cards and Smart Card Readers. If Smart Cards are not in use on the system, disable this service: # chkconfig pcscd off
3.3.11 - SMART Disk Monitoring Support (smartd)
CCE-4100-4 Smart Card Support (pcscd)
The pcscd service should be enabled or disabled as appropriate.
SMART (Self-Monitoring, Analysis, and Reporting Technology) is a feature of hard drives that allows them to detect symptoms of disk failure and relay an appropriate warning. This technology is considered to bring relatively low security risk, and can be useful. Leave this service running if the system's hard drives are SMART-capable. Otherwise, disable it: # chkconfig smartd off
3.3.12 - Boot Caching (readahead early/readahead later)
CCE-3455-3 SMART Disk Monitoring Support (smartd)
The smartd service should be enabled or disabled as appropriate.
The following services provide one-time caching of files belonging to some boot services, with the goal of allowing the system to boot faster. It is recommended that this service be disabled on most machines: # chkconfig readahead early off # chkconfig readahead later off The readahead services do not substantially increase a system's risk exposure, but they also do not provide great benefit. Unless the system is running a specialized application for which the file caching substantially improves system boot time, this guide recommends disabling the services.
CCE-4421-4 Boot Caching (readahead early/readahead later)
The readahead_early service should be enabled or disabled as appropriate.
3.3.13 - Application Support Services
CCE-4302-6 Boot Caching (readahead early/readahead later)
The readahead_later service should be enabled or disabled as appropriate.
The following services are software projects of freedesktop.org that are meant to provide system integration through a series of common APIs for applications. They are heavily integrated into the X Windows environment. If the system is not using X Windows, these services can typically be disabled.22.214.171.124 - D-Bus IPC Service (messagebus)
D-Bus is an IPC mechanism that provides a common channel for inter-process communication. If no services which require D-Bus are in use, disable this service: # chkconfig messagebus off A number of default services make use of D-Bus, including X Windows (Section 3.6), Bluetooth (Section 3.3.14) and Avahi (Section 3.7). This guide recommends that D-Bus and all its dependencies be disabled unless there is a mission-critical need for them. Stricter configuration of D-Bus is possible and documented in the man page dbus-daemon(1). D-Bus maintains two separate configuration files, located in /etc/dbus-1/, one for system-specific configuration and the other for session-specific configuration.
126.96.36.199 - HAL Daemon (haldaemon)
CCE-3822-4 D-Bus IPC Service (messagebus)
The messagebus service should be enabled or disabled as appropriate.
The haldaemon service provides a dynamic way of managing device interfaces. It automates device configuration and provides an API for making devices accessible to applications through the D-Bus interface.
188.8.131.52.1 - Disable HAL Daemon if Possible
CCE-4364-6 HAL Daemon (haldaemon)
The haldaemon service should be enabled or disabled as appropriate.
HAL provides valuable attack surfaces to attackers as an intermediary to privileged operations and should be disabled unless necessary: # chkconfig haldaemon off184.108.40.206.2 - Configure HAL Daemon if Necessary
HAL provides a limited user the ability to mount system devices. This is primarily used by X utilities such as gnome-volume-manager to perform automounting of removable media. HAL configuration is currently only possible through a series of fdi files located in /usr/share/hal/fdi/ Note: The HAL future road map includes a mandatory framework for managing administrative privileges called PolicyKit. To prevent users from accessing devices through HAL, create the file /etc/hal/fdi/policy/99-policy-all-drives.fdi with the contents: <?xml version="1.0" encoding="UTF-8"?> <deviceinfo version="0.2"> <device> <match key="info.capabilities" contains="volume"> <merge key="volume.ignore" type="bool">true</merge> </match> </device> </deviceinfo> The above code matches any device labeled with the volume capability (any device capable of being mounted will be labeled this way) and sets the corresponding volume.ignore key to true, indicating that the volume should be ignored. This both makes the volume invisible to the UI, and denies mount attempts by unprivileged users.3.3.14 - Bluetooth Support
Bluetooth provides a way to transfer information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a short-range wireless link. Any wireless communication presents a serious security risk to sensitive or classified systems. Section 2.5.2 contains information on the related topic of wireless networking. Removal of hardware is the only way to ensure that the Bluetooth wireless capability remains disabled. If it is completely impractical to remove the Bluetooth hardware module, and site policy still allows the device to enter sensitive spaces, every effort to disable the capability via software should be made. In general, acquisition policy should include provisions to prevent the purchase of equipment that will be used in sensitive spaces and includes Bluetooth capabilities.220.127.116.11 - Bluetooth Host Controller Interface Daemon (bluetooth)
The bluetooth service enables the system to use Bluetooth devices. If the system requires no Bluetooth devices, disable this service: # chkconfig bluetooth off
18.104.22.168 - Bluetooth Input Devices (hidd)
CCE-4355-4 Bluetooth Host Controller Interface Daemon (bluetooth)
The bluetooth service should be enabled or disabled as appropriate.
The hidd service provides support for Bluetooth input devices. If the system has no Bluetooth input devices (e.g. keyboard or mouse), disable this service: # chkconfig hidd off
22.214.171.124 - Disable Bluetooth Kernel Modules
CCE-4377-8 Bluetooth Input Devices (hidd)
The hidd service should be enabled or disabled as appropriate.
The kernel's module loading system can be configured to prevent loading of the Bluetooth module. Add the following to /etc/modprobe.conf to prevent the loading of the Bluetooth module: alias net-pf-31 off The unexpected name, net-pf-31, is a result of how the kernel requests modules for network protocol families; it is an alias for the bluetooth module.3.3.15 - Power Management Support
The following services provide an interface to power management functions. These functions include monitoring battery power, system hibernate/suspend, CPU throttling, and various power-save utilities.126.96.36.199 - Advanced Power Management Subsystem (apmd)
The apmd service provides last generation power management support. If the system is capable of ACPI support, or if power management is not necessary, disable this service: # chkconfig apmd off APM is being replaced by ACPI and should be considered deprecated. As such, it can be disabled if ACPI is supported by your hardware and kernel. If the file /proc/acpi/info exists and contains ACPI version information, then APM can safely be disabled without loss of functionality.
188.8.131.52 - Advanced Configuration and Power Interface (acpid)
CCE-4289-5 Advanced Power Management Subsystem (apmd)
The apmd service should be enabled or disabled as appropriate.
The acpid service provides next generation power management support. Unless power management features are not necessary, leave this service enabled.
184.108.40.206 - CPU Throttling (cpuspeed)
CCE-4298-6 Advanced Configuration and Power Interface (acpid)
The acpid service should be enabled or disabled as appropriate.
The cpuspeed service uses hardware support to throttle the CPU when the system is idle. Unless CPU power optimization is unnecessary, leave this service enabled.
3.4 - Cron and At Daemons
CCE-4051-9 CPU Throttling (cpuspeed)
The cpuspeed service should be enabled or disabled as appropriate.
The cron and at services are used to allow commands to be executed at a later time. The cron service is required by almost all systems to perform necessary maintenance tasks, while at may or may not be required on a given system. Both daemons should be configured defensively.
3.4.1 - Disable anacron if Possible
CCE-4324-0 Cron and At Daemons
The crond service should be enabled or disabled as appropriate.
Is this a machine which is designed to run all the time, such as a server or a workstation which is left on at night? If so: # yum erase anacron The anacron subsystem is designed to provide cron functionality for machines which may be shut down during the normal times that system cron jobs run, frequently in the middle of the night. Laptops and workstations which are shut down at night should keep anacron enabled, so that standard system cron jobs will run when the machine boots. However, on machines which do not need this additional functionality, anacron represents another piece of privileged software which could contain vulnerabilities. Therefore, it should be removed when possible to reduce system risk.
CCE-4406-5 Disable anacron if Possible
The anacron service should be enabled or disabled as appropriate.
CCE-4428-9 Disable anacron if Possible
The anacron package should be installed or uninstalled as appropriate.
Softpanorama hot topic of the month
Configuring logrotate Red Hat documentation
Slicehost Articles- Understanding logrotate on RHEL - part 1
15.3. Configuring Logs
Log Rotation for MySQL using logrotate
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: September 12, 2017