Tag Archives: ThatBlairGuy

Posts migrated from the blog at www.ThatBlairGuy.com

Raspberry Pi Beginners Guide

Another entry from the land of “So I can find it later….”

Setting up the Raspberry Pi set was easy enough, and installing Chromium (the open-source version of Chrome) only took a single command (apt-get install chromium). When I was using it to post “Hello World” on Facebook, I discovered that the @ and ” keys were reversed (the physical keys were in their usual locations, but their behaviors were backwards). OK, the keyboard mapping isn’t set for the US. (The Pi and the drive image I’m using are both from the UK.)

I was pretty sure I could fix it via the configuration program that runs when you boot the first time, but there were two problems: (1) the configuration program only run automatically on the first boot and (2) I couldn’t remember the command.

Searching for raspberry pi configuration program led to the link RPi Beginners which looks to chock-full of useful information if (like me) you’re just getting started with Linux and/or the Pi. (For example: Backup your SD card.)

By the way, the configuration program is raspi-config; you’ll need to run it as sudo raspi-config.

Installing Ubuntu without pae

From the land of “things I might want to refer to later….”

My old Dell Inspiron works fine except for a missing ‘R’ key. Windows XP is showing more signs of age than the notebook, so time to put another OS on it.

I’ve been using Ubuntu in such situations, but my attempts at installing both 12.04> and Lubuntu (lightweight Ubuntu) have both ended with a message about the hardware not supporting the required pae extensions.

Physical Address Extension (aka pae) is an Intel technology which allows a 32-bit operating system to access more than 4 GB of RAM. (A quick read suggests it essentially hands each application a 4 GB chunk of memory, similar to how programs on the 80286 and earlier chips were able to address more than 64 KB at a time by combining a 16-bit memory address with a 16-bit segment address — and by revealing that I know about this, I’ve probably dated myself quite handily.)

Another quick search on Google turned up a relevant pair of AskUbuntu Questions describing how to install a non-PAE version.

In a nutshell:

  • Download the non-pae netboot image mini.iso. This is a bare-bones installer which downloads the selected packages during the installation process. (Obviously, this requires a broadband connection.)
  • Burn the image onto a CD* and boot the computer from that.
  • Accept the default values for most of the prompts. You’ll need to supply a userid and password. My experience is that it’s faster to select the keyboard layout from a list then to go through the prompts for “detection.” (Faster for a standard US keyboard anyhow; your mileage may vary.)
  • At the final screen, when prompted for packages to install, be certain to select a desktop (e.g. Ubuntu Desktop) unless you plan to do everything from the command line.

* The Inspiron’s CD drive is getting old and unreliable, using UNetbootin to make a bootable thumb drive worked perfectly.

DRM and Monopolies

I miss Rob Pegaroraro’s contributions to the Washington Post’s technology coverage. Instead of the Apple Rumor du jour that passes for Tech Journalism in most places, he digs into policy angles.

He makes some interesting points in his story “Overlooked E-Book Chapter: DRM Makes Monopolies.” Notably, the fact that once someone buys an e-reader (e.g. a Nook or Kindle), they’re not likely to buy e-books from competing vendors. Why not? Because the Digital Rights Management (or rather, Digital Rights Restrictions) prevent you from reading a book from vendor A on vendor B’s hardware.

He does overlook two loopholes though. First off, you can buy two e-readers. If you have lots of money. (In which case, please share some with me!) Or you can buy a tablet computer (iPad or Android) and download the free Kindle and Nook e-reader apps. You still can’t read the books from one store in the competing stores’ app, but at least you only have to buy one piece of hardware.

But it’s still not convenient. And, as Pegaroraro points out, your rights to the book are sharply limited. With a physical book, once you’ve read it, you can put it on a shelf, sell it or give it away. With an e-book, it’s yours forever.

Is Your Computer at Risk?

If you have 10 minutes to spare, read about The Virus That Really Will Kill Your PC.

If you only have 5 minutes, the super-condensed version is that there’s a virus which may have altered your computer’s settings and if you’re infected, your web browser and email will stop working on July 9. To find out if you’re infected, visit http://www.dns-ok.us/. If the page shows up with a green background, then you’re in the clear (or at least, you don’t have this particular problem). A red background however means your internet connection will stop working in July.

The linked article is worth a read. In short, the FBI busted some bad guys who were hijacking people’s internet traffic by way of a virus that changes DNS settings. (DNS is the system that turns human-friendly address – such as www.thatblairguy.com – into computer friendly IP addresses.) For the time being, the FBI is running the DNS server the bad guys had been using, but that won’t go on forever.

The interesting question to me then is how does that web page work? Viewing the page source, there’s nothing but static HTML.

It turns out The Good Guys are taking advantage of the compromised DNS to set up an “eye chart”. If your computer is using a safe DNS system, then www.dns-ok.us resolves to an IP address where the “green light” page is displayed. But if your computer is using an unsafe DNS system (the one the bad guys put in place), then www.dns-ok.us resolves to the IP address of the “red light” page.

Thoughts on Blocking Malware

A friend just got her computer back from “the computer doctor.” Evidently it had been compromised with a root kit (the really nasty sort of software that runs at such a low-level your anti-virus software can’t see it). She uses three different anti-malware tools and was quite surprised that none of them caught it.

The problem with anti-virus software is it can only protect you against problems that are already known. The bad guys are constantly looking for new ways to attack your computer and the anti-virus programs are playing catch up. I’m not saying don’t use anti-virus software (the free version of Avast has saved me several times), just don’t count on it as your only defense.

So, is there any 100% guaranteed way to stop malware? Well, you could always unplug your computer from the Internet and never use it to access any USB drives or CDs, but that’s not exactly practical. And if you do stay online, even visiting only “known safe” sites doesn’t help much, since even legit sites get compromised on occasion.

But there are a few things you can do to help your odds. None of these approaches is 100% guaranteed to keep you safe, but they should help.

The Basics

This is “the usual stuff” you hear any time someone talks about how to stay safe online. It seems obvious, and yet it bears repeating because it’s easy to get careless:

  • Don’t open attachments you weren’t expecting, not even from people you know and trust. Maybe that attachment from your friend Bob really is the really important document the email says, but if you weren’t expecting it, you have no way of knowing.
  • Be skeptical of clicking links in unexpected emails. Your bank isn’t going to tell you to click a link to verify your account information. (If something like this ever does turn out to be legit, you need to change banks.)
  • Don’t download pirated software. Aside from the legal issues, pirated software frequently contains malware.

Slightly more Difficult

Beyond the basics, there are a few other things that are easy enough to do, but don’t always make it into the “How to stay safe” discussions. Most attacks against your computer are targeting the applications you run, not the operating system. (Running Windows isn’t as risky as reading a PDF file with Acrobat reader.)

  • Use a browser other than Internet Explorer. Microsoft’s made a lot of progress with the safety of Internet Explorer over the past few years. But even though IE recently dropped below 50% of the total browser market, it’s still the single most popular browser out there and therefore the one most likely to be targeted in online attacks.
  • Keep your system up to date. Not just the Windows/Mac/Whatever Operating System patches, but also the software you use. Use Microsoft Update instead of Windows Update to get patches for Office. Install Secunia’s Personal Software Inspector tool to find out what other software on your computer is out of date.
  • Uninstall software you don’t use. The more programs you have, the more likely you are to have something which has security problems. Bonus: You also save disk space!
  • Run “alternate” software. The more widely-used a given program is, the more tempting a target it becomes for the bad guys. Instead of Acrobat Reader, use Foxit Reader. Instead of Microsoft Office, use Libre Office (fully compatible documents, but also available for free.)
  • Uninstall Java. Most home users don’t need it, and older versions were not only laden with security problems, but the updates didn’t remove the older versions.
  • Don’t run as the Administrator. When you set up your computer, reserve the main account for software installations and the like. Create a second, less-privileged login ID for day to day tasks.

Security journalist Brian Krebs talks a bit more about keeping software up to date and what to install or delete in his: 3 Basic Rules for Online Safety

Going for the Gusto

Wanna go really hard-core?

  • Uninstall Flash (or install a flash blocker so that you have to approve any Flash scripts that run).
  • Install NoScript (same idea).
  • Don’t do any online banking with a Windows machine, use a Linux live CD instead. (For a business, I’d consider this one an absolute must.)
  • Use a third-party DNS provider. Both Open DNS and Google Public DNS provide a facility where you change a couple system settings and if you then attempt to access a site which serves up malware, they’ll block the connection.

The Takeaway

There are no magic bullets. None of these suggestions will provide absolute protection for all users. What might be overkill for one person’s situation might not be nearly enough protection for another. But by choosing the practices which make the most sense for you personally, you can tilt the odds a bit more in your favor.

Bonus Reading: Get a Mac/Switch to Linux

In most discussions of online security, someone inevitably replies “Get a Mac!” or “Switch to Linux.” It’s a bit like going to a concert and someone yelling, “Play Freebird.” It’s a wonderful song, and a few groups have done great covers in response, but it’s not always the best fit.

But if the suggestion is inevitable, I may as well be the one to make it and bring up some of the tradeoffs.

Switching to a Mac may actually make sense for some folks, but don’t make the switch thinking you’ll be invincible. At the annual CanSecWest security conference, there’s a “Pwn2Own” contest where security professionals attempt to break into computers running the latest versions of the Mac OS, Windows and Linux. The first one to succeed, wins the computer. Every year, the Mac is the first system compromised.

Now that’s what happens at a security conference. Macs are less common than Windows computers; so the bad guys have to work harder to find them. It’s much easier to attack the more common computers.

But malware targeting Macs has been cropping up too.

Other concerns with switching to a Mac:

  • You’ll have to buy all your software again. Assuming a Mac version even exists. Otherwise, you might have to look for an equivalent program.
  • Despite the marketing pitch, a Mac doesn’t always “just work.” Just two weeks ago a co-worker returned a Mac Notebook that was downloading over his WiFi at just 1/10 the speed of Windows computer. (Apple’s support wasn’t able to resolve the problem.)
  • You may encounter problems with incompatible file formats when sharing files with people who use Windows. Particularly if the programs you were using on Windows aren’t available for Mac and you had to switch to something else.

Linux tends to be the most secure OS of all (as noted earlier, most of the problems these days are the software you run on top of it). The main downfalls of Linux are:

  • Availability. Yes, it’s free to get a copy, but you still have to find where to download it, burn a CD, and install it. Although this is getting easier, it’s still not a set of tasks the average home user will be comfortable with.
  • Commercial software. Few software vendors on Windows or Mac have Linux versions of their software. Some do, but most do not. You’ll generally have to find an open source equivalent, and then work out how to share files with others who are on Windows or Mac.

Installing Subversion on the PogoPlug

After converting the PogoPlug to run arbitrary programs, I was able to install subversion and manually run svnserve as a daemon (it’s in the manual, just run “svnserve -d”), but having to remember to do that after every boot is a nuisance.

A Google search for install svnserve as a daemon turned up instructions for setting up svnserve on Ubuntu, as well as a few scripts.  Obviously PlugBox Linux isn’t Ubuntu, but it was a step in the right direction.  Installing httpd during the initial PogoPlug hack had already introduced me to the /etc folder, the rc.conf file, and the rc.d subfolder.

Poking around in rc.d, I discovered the httpd startup script.  So now I knew where my svnserve script needed to go.  The Ubuntu setup instructions included several helpful bash scripts in the comments, my next step was to run “view httpd” and verify that it was also a bash script.  Knowing that, I could just use the new script verbatim.

Then I listed the files in /etc/rc.d and discovered that one of them was named svnserve.  Sonuvagun, the svn package included a script!

So in the end, all I had to do was go to /etc and edit rc.conf.  The very last line in the file is DAEMONS=(…).  All I had to do was add svnserve to the list.

Well… that was actually the next to last thing.

After rebooting (“shutdown -r now”), TortoiseSVN would connect to the svn server, but it couldn’t find my repository atsvn://plugbox/test.  I’d forgotten that by default, svnserve serves up repositories in any directory on the entire machine.  My test repository was now located at svn://plugbox/media/external_drive/Subversion/test.

To go back to a short URL, I went to /etc/conf.d,  edited svnserve, and set

SVNSERVE_ARGS=”-r /media/external_drive/Subversion/”

Next I ran

/etc/rc.d/svnserve stop

followed by

/etc/rc.d/svnserve start

and voila! My repository was back at svn://plugbox/test

Experimenting with the PogoPlug

I’ve had a PogoPlug for a little more than a year.

The pluses to the device are:

  • It’s an easy way for a home user to convert old drives into network attached storage
  • You can access your files from anywhere you have an internet connection.
  • Drives connected to the device appear as local drives (even across the internet).
  • It can convert video files to play on (supposedly) any device.

There are some down sides too:

  • The video conversion is slow (not completely unexpected with a low-power, always-on device)
  • The client software requires a new login after every boot.
  • The attached drive sometimes “disappears” until you tell the software to “reload” it.
  • My experience with the Android application has been that it’s a bit flaky.

All in all, it’s an interesting device and I can definitely see where home users might find it useful if they’re comfortable with the fact that you need to login via a third-party service (the My PogoPlug service), even when you’re accessing it a home.  (If Cloud Engines ever goes out of business, PogoPlug owners may find themselves with an unusable device.)

Part of my reason for acquiring the PogoPlug in the first place was that it seemed like a potentially inexpensive way to accomplish a few things on my home network:

  1. File sharing between my various computers.
  2. Running a private web server I could access without switching the main computer on.
  3. Running a private subversion server.

Goal 1 was easy enough to accomplish straight out of the box.  Goals 2 and 3 were going to take some work.

When I finally decided to hack the PogoPlug, a Google search led me to LifeHacker’s tutorial on turning the device into a “Full-Featured Linux Web Server.”  It was a good starting place, but in the end I decided to follow the source instructions from PlugApps.com.   (CAUTION: As it says on the PlugApps instructions, hacking your PogoPlug will void the warranty.)

My initial install was onto a 4GB SanDisk Cruzer flash drive.  The initial reboot came up fine, but later boots tended to come back to PogoPlug Linux,  which after the first steps of the install would no longer connect to the MyPogoPlug service. If I manually mounted and mounted the thumb drive  before running /sbin/reboot, that would take me over to PlugBox Linux, but going through those steps repeatedly is a pain.  I reran the install for PlugBox Linux using a no-name 16GB drive and it’s been working reliably ever since  (I love that storage has become so cheap that I had a 16GB drive “just laying around”).

To accomplish Goal #1 (file sharing), I installed Samba.  It works like a champ and I’ve been able to back to doing my backups to a network drive.

To accomplish Goal #2 (private web sever), LifeHacker’s instructions did the job.  By default, the web site is served out of /srv/http, and there’s also an ftp site in /srv/ftp.

Goal #3 took some guesswork. I didn’t see any mention of Subversion on PlugApps, but I made a guess and ran  pacman -Sy subversion.  I haven’t got around to setting up svnserve to run as a daemon at boot time, but it’s running right now.  (Getting it set up as a daemon will require putting a script in /etc/rc.d/ and adding it to the list of daemons at the end of /etc/rc.conf.)

So mission accomplished.  Not bad for a $100 device.