Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Disabling useless/redundant daemons in RHEL 5 servers

News RHEL Daemons Recommended Books Recommended Links Disabling the avahi daemon How to disable SELinux Checklist for Securing RedHat Li systemd
Cron Wheel Group PAM Networking NTP configuration SELinux LVM Xinetd
RPM YUM Apache rsyslog SSH NFS Samba NTP
Apache pure-ftpd vsftpd Xinetd        
rsync Sendmail postfix VNC/VINO RC scripts Tips Humor Etc

RHEL daemons structure reflects the fact that Red Hat is sitting between two chairs. Some of daemons mentioned below does not make any sense for an enterprise server. Among daemons that are typically redundant on RHEL 5 servers, we can mention:

cups
NetworkManager
avahi-daemon
ip6tables
xend
xendomains
bluetooth
hidd
hplip
isdn
pcscd - PC/SC Smart Card Daemon 
smb
pcscd
SE-related daemons:
setroubleshootd
restorecond - daemon that watches for file creation and then sets the default SELinux file context

Avahi is good example here. Avahi is a free Apple zeroconf implementation, including a system for multicast DNS/DNS-SD service discovery.   Avahi allows programs to publish and discover services and hosts running on a local network with no specific configuration. For example, a user can plug their computer into a network and Avahi automatically finds printers to print to, files to look at and people to talk to, as well as advertising the network services running on the machine.

Other daemons that can be removed:

chkconfig bluetooth off
chkconfig hidd off
chkconfig pand off
chkconfig cups off
chkconfig hplids off
chkconfig ip6tables off
chkconfig isdn off
chkconfig pcscd off
chkconfig setroubleshootd off # if you do not use SElinux

A couple of daemons that should be enabled, but are not enabled by default:

chkconfig vsftpd on
chkconfig nfs on

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jul 16, 2013] SCAP: Guide To The Secure Configuration of Red Hat Enterprise Linux 5

3.1.1 - Determine which Services are Enabled at Boot

Run the command: # chkconfig --list | grep :on The first column of this output is the name of a service which is currently enabled at boot. Review each listed service to determine whether it can be disabled. If it is appropriate to disable some service srvname , do so using the command: # chkconfig srvname off Use the guidance below for information about unfamiliar services.

3.1.2 - Guidance on Default Services

The table in this section contains a list of all services which are enabled at boot by a default RHEL5 installation. For each service, one of the following recommendations is made: * Enable: The service provides a significant capability with limited risk exposure. Leave the service enabled. * Configure: The service either is required for most systems to function properly or provides an important security function. It should be left enabled by most environments. However, it must be configured securely on all machines, and different options may be needed for workstations than for servers. See the referenced section for recommended configuration of this service. * Disable if possible: The service opens the system to some risk, but may be required by some environments. See the appropriate section of the guide, and disable the service if at all possible. * Servers only: The service provides some function to other machines over the network. If that function is needed in the target environment, the service should remain enabled only on a small number of dedicated servers, and should be disabled on all other machines on the network. Service name Action Reference acpid Enable 3.3.15.2 anacron Disable if possible 3.4 apmd Disable if possible 3.3.15.1 atd Configure 3.4 auditd Configure 2.6.2 Service name Action Reference autofs Disable if possible 2.2.2.3 avahi-daemon Disable if possible 3.7 bluetooth Disable if possible 3.3.14 cpuspeed Enable 3.3.15.3 crond Configure 3.4 cups Disable if possible 3.8 firstboot Disable if possible 3.3.1 gpm Disable if possible 3.3.2 haldaemon Disable if possible 3.3.13.2 hidd Disable if possible 3.3.14.2 hplip Disable if possible 3.8.4.1 ip6tables Configure 2.5.5 iptables Configure 2.5.5 irqbalance Enable 3.3.3 isdn Disable if possible 3.3.4 kdump Disable if possible 3.3.5 kudzu Disable if possible 3.3.6 mcstrans Disable if possible 2.4.3.2 (SELinux) mdmonitor Disable if possible 3.3.7 messagebus Disable if possible 3.3.13.1 microcode ctl Disable if possible 3.3.8 netfs Disable if possible 3.13 (NFS) network Enable 3.3.9 nfslock Disable if possible 3.13 (NFS) pcscd Disable if possible 3.3.10 portmap Disable if possible 3.13 (NFS) readahead early Disable if possible 3.3.12 readahead later Disable if possible 3.3.12 restorecond Enable 2.4.3.3 (SELinux) rhnsd Disable if possible 2.1.2.2 rpcgssd Disable if possible 3.13 (NFS) rpcidmapd Disable if possible 3.13 (NFS) sendmail Configure 3.11 setroubleshoot Disable if possible 2.4.3.1 (SELinux) smartd Enable 3.3.11 sshd Servers only 3.5 syslog Configure 2.6.1 xfs Disable if possible 3.6 (X11) yum-updatesd Disable if possible 2.1.2.3.2

3.1.3 - Guidance for Unfamiliar Services

If the system is running any services which have not been covered, determine what these services do, and disable them if they are not needed or if they pose a high risk. If a service srvname is unknown, try running: $ rpm -qf /etc/init.d/srvname to discover which RPM package installed the service. Then, run: $ rpm -qi rpmname for a brief description of what that RPM does.

3.2 - Obsolete Services

This section discusses a number of network-visible services which have historically caused problems for system security, and for which disabling or severely limiting the service has been the best available guidance for some time. As a result of this consensus, these services are not installed as part of RHEL5 by default. Organizations which are running these services should prioritize switching to more secure services which provide the needed functionality. If it is absolutely necessary to run one of these services for legacy reasons, care should be taken to restrict the service as much as possible, for instance by configuring host firewall software (see Section 2.5.5) to restrict access to the vulnerable service to only those remote hosts which have a known need to use it.

3.2.1 - Inetd and Xinetd

Is there an operational need to run the deprecated inetd or xinetd software packages? If not, ensure that they are removed from the system: # yum erase inetd xinetd Beginning with Red Hat Enterprise Linux 5, the xinetd service is no longer installed by default. This change represents increased awareness that the dedicated network listener model does not improve security or reliability of services, and that restriction of network listeners is better handled using a granular model such as SELinux than using xinetd's limited security options.

CCE-4234-1 Inetd and Xinetd

The inetd service should be enabled or disabled as appropriate.

CCE-4252-3 Inetd and Xinetd

The xinetd service should be enabled or disabled as appropriate.

CCE-4023-8 Inetd and Xinetd

The inetd package should be installed or uninstalled as appropriate.

CCE-4164-0 Inetd and Xinetd

The xifnetd package should be installed or uninstalled as appropriate.

3.2.2 - Telnet

Is there a mission-critical reason for users to access the system via the insecure telnet protocol, rather than the more secure SSH protocol? If not, ensure that the telnet server is removed from the system: # yum erase telnet-server The telnet protocol uses unencrypted network communication, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network, and also that outsiders can easily hijack the session to gain authenticated access to the telnet server. Organizations which use telnet should be actively working to migrate to a more secure protocol. See Section 3.5 for information about the SSH service.

CCE-3390-2 Telnet

The telnet service should be enabled or disabled as appropriate.

CCE-4330-7 Telnet

The telnet-server package should be installed or uninstalled as appropriate.

3.2.3 - Rlogin, Rsh, and Rcp

The Berkeley r-commands are legacy services which allow cleartext remote access and have an insecure trust model.

3.2.3.1 - Remove the Rsh Server Commands from the System

Is there a mission-critical reason for users to access the system via the insecure rlogin, rsh, or rcp commands rather than the more secure ssh and scp? If not, ensure that the rsh server is removed from the system: # yum erase rsh-server SSH was designed to be a drop-in replacement for the r-commands, which suffer from the same hijacking and eavesdropping problems as telnet. There is unlikely to be a case in which these commands cannot be replaced with SSH.

CCE-3974-3 Remove the Rsh Server Commands from the System

The rcp service should be enabled or disabled as appropriate.

CCE-4141-8 Remove the Rsh Server Commands from the System

The rsh service should be enabled or disabled as appropriate.

CCE-3537-8 Remove the Rsh Server Commands from the System

The rlogin service should be enabled or disabled as appropriate.

CCE-4308-3 Remove the Rsh Server Commands from the System

The rsh packagee should be installed or uninstalled as appropriate.

3.2.3.2 - Remove .rhosts Support from PAM Configuration Files

Check that pam rhosts authentication is not used by any PAM services. Run the command: # grep -l pam rhosts /etc/pam.d/* This command should return no output. The RHEL5 default is not to rely on .rhosts or /etc/hosts.equiv for any PAM-based services, so, on an uncustomized system, this command should return no output. If any files do use pam rhosts, modify them to make use of a more secure authentication method instead. For more information about PAM, see Section 2.3.3.

3.2.4 - NIS

The NIS client service ypbind is not activated by default. In the event that it was activated at some point, disable it by executing the command: # chkconfig ypbind off The NIS server package is not installed by default. In the event that it was installed at some point, remove it from the system by executing the command: # yum erase ypserv The Network Information Service (NIS), also known as "Yellow Pages" (YP), and its successor NIS+ have been made obsolete by Kerberos, LDAP, and other modern centralized authentication services. NIS should not be used because it suffers from security problems inherent in its design, such as inadequate protection of important authentication information.

CCE-3705-1 NIS

The ypbind service should be enabled or disabled as appropriate.

CCE-4348-9 NIS

The ypserv package should be installed or uninstalled as appropriate.

3.2.5 - TFTP Server

Is there an operational need to run the deprecated TFTP server software? If not, ensure that it is removed from the system: # yum erase tftp-server TFTP is a lightweight version of the FTP protocol which has traditionally been used to configure networking equipment. However, TFTP provides little security, and modern versions of networking operating systems fre77 quently support configuration via SSH or other more secure protocols. A TFTP server should be run only if no more secure method of supporting existing equipment can be found.

CCE-4273-9 TFTP Server

The tftp service should be enabled or disabled as appropriate.

CCE-3916-4 TFTP Server

The tftp-server package should be installed or uninstalled as appropriate.

3.3 - BaseServices

This section addresses the base services that are configured to start up on boot in a RHEL5 default installation. Some of these services listen on the network and should be treated with particular discretion. The other services are local system utilities that may or may not be extraneous. Each of these services should be disabled if not required.

3.3.1 - Installation Helper Service (firstboot)

Firstboot is a daemon specific to the Red Hat installation process. It handles "one-time" configuration following successful installation of the operating system. As such, there is no reason for this service to remain enabled. Disable firstboot by issuing the command: # chkconfig firstboot off

CCE-3412-4 Installation Helper Service (firstboot)

The firstboot service should be enabled or disabled as appropriate.

3.3.2 - Console Mouse Service (gpm)

GPM is the service that controls the text console mouse pointer. (The X Windows mouse pointer is unaffected by this service.) If mouse functionality in the console is not required, disable this service: # chkconfig gpm off Although it is preferable to run as few services as possible, the console mouse pointer can be useful for preventing administrator mistakes in runlevel 3 by enabling copy-and-paste operations.

CCE-4229-1 Console Mouse Service (gpm)

The gpm service should be enabled or disabled as appropriate.

3.3.3 - Interrupt Distribution on Multiprocessor Systems (irqbalance)

The goal of the irqbalance service is to optimize the balance between power savings and performance through distribution of hardware interrupts across multiple processors. In a server environment with multiple processors, this provides a useful service and should be left enabled. If a machine has only one processor, the service may be disabled: # chkconfig irqbalance off

CCE-4123-6 Interrupt Distribution on Multiprocessor Systems (irqbalance)

The irqbalance service should be enabled or disabled as appropriate.

3.3.4 - ISDN Support (isdn)

The ISDN service facilitates Internet connectivity in the presence of an ISDN modem. If an ISDN modem is not being used, disable this service: # chkconfig isdn off

CCE-4286-1 ISDN Support (isdn)

The isdn service should be enabled or disabled as appropriate.

3.3.5 - Kdump Kernel Crash Analyzer (kdump)

Kdump is a new kernel crash dump analyzer. It uses kexec to boot a secondary kernel ("capture" kernel) following a system crash. The kernel dump from the system crash is loaded into the capture kernel for analysis. Unless the system is used for kernel development or testing, disable the service: # chkconfig kdump off

CCE-3425-6 Kdump Kernel Crash Analyzer (kdump)

The kdump service should be enabled or disabled as appropriate.

3.3.6 - Kudzu Hardware Probing Utility (kudzu)

Is there a mission-critical reason for console users to add new hardware to the system? If not: # chkconfig kudzu off Kudzu, Red Hat's hardware detection program, represents an unnecessary security risk as it allows unprivileged users to perform hardware configuration without authorization. Unless this specific functionality is required, Kudzu should be disabled.

CCE-4211-9 Kudzu Hardware Probing Utility (kudzu)

The kudzu service should be enabled or disabled as appropriate.

3.3.7 - Software RAID Monitor (mdmonitor)

The mdmonitor service is used for monitoring a software RAID (hardware RAID setups do not use this service). This service is extraneous unless software RAID is in use (which is not common). If software RAID monitoring is not required, disable this service: # chkconfig mdmonitor off

CCE-3854-7 Software RAID Monitor (mdmonitor)

The mdmonitor service should be enabled or disabled as appropriate.

3.3.8 - IA32 Microcode Utility(microcodectl)

microcode ctl is a microcode utility for use with Intel IA32 processors (Pentium Pro, PII, Celeron, PIII, Xeon, Pentium 4, etc) If the system is not running an Intel IA32 processor, disable this service: # chkconfig microcode ctl off

CCE-4356-2 IA32 Microcode Utility(microcodectl)

The microcode_ctl service should be enabled or disabled as appropriate.

3.3.9 - Network Service (network)

The network service allows associated network interfaces to access the network. This section contains general guidance for controlling the operation of the service. For kernel parameters which affect networking, see Section

CCE-4369-5 Network Service (network)

The network service should be enabled or disabled as appropriate.

3.3.9.1 - Disable All Networking if Not Needed

If the system is a standalone machine with no need for network access or even communication over the loopback device, then disable this service: # chkconfig network off

3.3.9.2 - Disable All External Network Interfaces if Not Needed

If the system does not require network communications but still needs to use the loopback interface, remove all files of the form ifcfg-interface except for ifcfg-lo from /etc/sysconfig/network-scripts: # rm /etc/sysconfig/network-scripts/ifcfg-interface

3.3.9.3 - Disable Zeroconf Networking

Zeroconf networking allows the system to assign itself an IP address and engage in IP communication without a statically-assigned address or even a DHCP server. Automatic address assignment via Zeroconf (or DHCP) is not recommended. To disable Zeroconf automatic route assignment in the 169.245.0.0 subnet, add or correct the following line in /etc/sysconfig/network: NOZEROCONF=yes Zeroconf addresses are in the network 169.254.0.0. The networking scripts add entries to the system's routing table for these addresses. Zeroconf address assignment commonly occurs when the system is configured to use DHCP but fails to receive an address assignment from the DHCP server.

3.3.10 - Smart Card Support (pcscd)

The pcscd service provides support for Smart Cards and Smart Card Readers. If Smart Cards are not in use on the system, disable this service: # chkconfig pcscd off

CCE-4100-4 Smart Card Support (pcscd)

The pcscd service should be enabled or disabled as appropriate.

3.3.11 - SMART Disk Monitoring Support (smartd)

SMART (Self-Monitoring, Analysis, and Reporting Technology) is a feature of hard drives that allows them to detect symptoms of disk failure and relay an appropriate warning. This technology is considered to bring relatively low security risk, and can be useful. Leave this service running if the system's hard drives are SMART-capable. Otherwise, disable it: # chkconfig smartd off

CCE-3455-3 SMART Disk Monitoring Support (smartd)

The smartd service should be enabled or disabled as appropriate.

3.3.12 - Boot Caching (readahead early/readahead later)

The following services provide one-time caching of files belonging to some boot services, with the goal of allowing the system to boot faster. It is recommended that this service be disabled on most machines: # chkconfig readahead early off # chkconfig readahead later off The readahead services do not substantially increase a system's risk exposure, but they also do not provide great benefit. Unless the system is running a specialized application for which the file caching substantially improves system boot time, this guide recommends disabling the services.

CCE-4421-4 Boot Caching (readahead early/readahead later)

The readahead_early service should be enabled or disabled as appropriate.

CCE-4302-6 Boot Caching (readahead early/readahead later)

The readahead_later service should be enabled or disabled as appropriate.

3.3.13 - Application Support Services

The following services are software projects of freedesktop.org that are meant to provide system integration through a series of common APIs for applications. They are heavily integrated into the X Windows environment. If the system is not using X Windows, these services can typically be disabled.

3.3.13.1 - D-Bus IPC Service (messagebus)

D-Bus is an IPC mechanism that provides a common channel for inter-process communication. If no services which require D-Bus are in use, disable this service: # chkconfig messagebus off A number of default services make use of D-Bus, including X Windows (Section 3.6), Bluetooth (Section 3.3.14) and Avahi (Section 3.7). This guide recommends that D-Bus and all its dependencies be disabled unless there is a mission-critical need for them. Stricter configuration of D-Bus is possible and documented in the man page dbus-daemon(1). D-Bus maintains two separate configuration files, located in /etc/dbus-1/, one for system-specific configuration and the other for session-specific configuration.

CCE-3822-4 D-Bus IPC Service (messagebus)

The messagebus service should be enabled or disabled as appropriate.

3.3.13.2 - HAL Daemon (haldaemon)

The haldaemon service provides a dynamic way of managing device interfaces. It automates device configuration and provides an API for making devices accessible to applications through the D-Bus interface.

CCE-4364-6 HAL Daemon (haldaemon)

The haldaemon service should be enabled or disabled as appropriate.

3.3.13.2.1 - Disable HAL Daemon if Possible

HAL provides valuable attack surfaces to attackers as an intermediary to privileged operations and should be disabled unless necessary: # chkconfig haldaemon off

3.3.13.2.2 - Configure HAL Daemon if Necessary

HAL provides a limited user the ability to mount system devices. This is primarily used by X utilities such as gnome-volume-manager to perform automounting of removable media. HAL configuration is currently only possible through a series of fdi files located in /usr/share/hal/fdi/ Note: The HAL future road map includes a mandatory framework for managing administrative privileges called PolicyKit. To prevent users from accessing devices through HAL, create the file /etc/hal/fdi/policy/99-policy-all-drives.fdi with the contents: <?xml version="1.0" encoding="UTF-8"?> <deviceinfo version="0.2"> <device> <match key="info.capabilities" contains="volume"> <merge key="volume.ignore" type="bool">true</merge> </match> </device> </deviceinfo> The above code matches any device labeled with the volume capability (any device capable of being mounted will be labeled this way) and sets the corresponding volume.ignore key to true, indicating that the volume should be ignored. This both makes the volume invisible to the UI, and denies mount attempts by unprivileged users.

3.3.14 - Bluetooth Support

Bluetooth provides a way to transfer information between devices such as mobile phones, laptops, PCs, printers, digital cameras, and video game consoles over a short-range wireless link. Any wireless communication presents a serious security risk to sensitive or classified systems. Section 2.5.2 contains information on the related topic of wireless networking. Removal of hardware is the only way to ensure that the Bluetooth wireless capability remains disabled. If it is completely impractical to remove the Bluetooth hardware module, and site policy still allows the device to enter sensitive spaces, every effort to disable the capability via software should be made. In general, acquisition policy should include provisions to prevent the purchase of equipment that will be used in sensitive spaces and includes Bluetooth capabilities.

3.3.14.1 - Bluetooth Host Controller Interface Daemon (bluetooth)

The bluetooth service enables the system to use Bluetooth devices. If the system requires no Bluetooth devices, disable this service: # chkconfig bluetooth off

CCE-4355-4 Bluetooth Host Controller Interface Daemon (bluetooth)

The bluetooth service should be enabled or disabled as appropriate.

3.3.14.2 - Bluetooth Input Devices (hidd)

The hidd service provides support for Bluetooth input devices. If the system has no Bluetooth input devices (e.g. keyboard or mouse), disable this service: # chkconfig hidd off

CCE-4377-8 Bluetooth Input Devices (hidd)

The hidd service should be enabled or disabled as appropriate.

3.3.14.3 - Disable Bluetooth Kernel Modules

The kernel's module loading system can be configured to prevent loading of the Bluetooth module. Add the following to /etc/modprobe.conf to prevent the loading of the Bluetooth module: alias net-pf-31 off The unexpected name, net-pf-31, is a result of how the kernel requests modules for network protocol families; it is an alias for the bluetooth module.

3.3.15 - Power Management Support

The following services provide an interface to power management functions. These functions include monitoring battery power, system hibernate/suspend, CPU throttling, and various power-save utilities.

3.3.15.1 - Advanced Power Management Subsystem (apmd)

The apmd service provides last generation power management support. If the system is capable of ACPI support, or if power management is not necessary, disable this service: # chkconfig apmd off APM is being replaced by ACPI and should be considered deprecated. As such, it can be disabled if ACPI is supported by your hardware and kernel. If the file /proc/acpi/info exists and contains ACPI version information, then APM can safely be disabled without loss of functionality.

CCE-4289-5 Advanced Power Management Subsystem (apmd)

The apmd service should be enabled or disabled as appropriate.

3.3.15.2 - Advanced Configuration and Power Interface (acpid)

The acpid service provides next generation power management support. Unless power management features are not necessary, leave this service enabled.

CCE-4298-6 Advanced Configuration and Power Interface (acpid)

The acpid service should be enabled or disabled as appropriate.

3.3.15.3 - CPU Throttling (cpuspeed)

The cpuspeed service uses hardware support to throttle the CPU when the system is idle. Unless CPU power optimization is unnecessary, leave this service enabled.

CCE-4051-9 CPU Throttling (cpuspeed)

The cpuspeed service should be enabled or disabled as appropriate.

3.4 - Cron and At Daemons

The cron and at services are used to allow commands to be executed at a later time. The cron service is required by almost all systems to perform necessary maintenance tasks, while at may or may not be required on a given system. Both daemons should be configured defensively.

CCE-4324-0 Cron and At Daemons

The crond service should be enabled or disabled as appropriate.

3.4.1 - Disable anacron if Possible

Is this a machine which is designed to run all the time, such as a server or a workstation which is left on at night? If so: # yum erase anacron The anacron subsystem is designed to provide cron functionality for machines which may be shut down during the normal times that system cron jobs run, frequently in the middle of the night. Laptops and workstations which are shut down at night should keep anacron enabled, so that standard system cron jobs will run when the machine boots. However, on machines which do not need this additional functionality, anacron represents another piece of privileged software which could contain vulnerabilities. Therefore, it should be removed when possible to reduce system risk.

CCE-4406-5 Disable anacron if Possible

The anacron service should be enabled or disabled as appropriate.

CCE-4428-9 Disable anacron if Possible

The anacron package should be installed or uninstalled as appropriate.


Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites

Configuring logrotate Red Hat documentation

Slicehost Articles- Understanding logrotate on RHEL - part 1

15.3. Configuring Logs

Log Rotation for MySQL using logrotate



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September 12, 2017