Charles Socci IT and Stuff

From the console in my Taxi this evening… First question my wife asked (she’s also in IT) was, “Did you click OK to terminate the program…”

I said, “Honey, you know I’ve been in IT way too long to do some rookie thing like that…” and so it stayed.

New York City Taxi Cab Software Kiosk Windows Crashed Application

Have you ever wanted an *easy* way to store files on a computer and then be able to access them on another? I know. That’s what file sharing all about. But what about remote access? What about secure, high availability of your files no matter what kind of computer you are using or where you are?

There are lots of solutions. I use ssh and scp and sftp all the time – but do you want and incredibly easy way of synchronizing one folder of files between your Mac, Windows and Linux boxes with minimal effort? There is a new iPhone application as well. How about a solution that is free?

The answer is Dropbox and it is incredibly simple. You sign up, download and install a small app that runs in the background, and you get 2GB of storage, synchronized between each computer for free. If you need more space, you can sign up and pay a monthly fee – but I find the 2GB suits my needs perfectly – and for larger files I can use ftp or scp and ssh.

The nice thing about Dropbox is its just a regular folder. When you are working you don’t have to open an application like Filezilla to access your files. And when you save the document, it is automaticaly synchronized for you. Simple and easy.

Here’s the link if you’d like to try it out – Dropbox

In additon to the easy synchronization of your files, there are also options for monitoring and reversing changes to your files! You can also share folders for other people. You can access an manage your files and shares from any web browser. You can even monitor via an RSS feed.

monitor changes to your dropbox files

share and manage files and folders online

I used to use an application in Windows called Speaking Clock Deluxe. It sat in my system tray and announced the time in my choice of languages and voices.

I thought it would be a fun project to make my own speaking clock for Linux. Here is a very simple project that will get you started with some basic shell scripting and using the crontab.

My first version of the clock used espeak – which is a synthesized voice. It isn’t very appealing. For my second version I went to the AT&T Labs site and used their form to create .wav files of human speech for the numbers one through twelve. I created a .wav for “AM” and another for “PM”. Then I created a .wav that says, “Hello, the time is now: ”

I used the command line application aplay, and output from the date function. It is very simple.

Since I’m kind of lazy, I didn’t bother creating all the minutes. I only want my announcements on the hour and half hour anyway.

I call the script from two crontab jobs, one that runs on the hour and one that runs on the half hour.

You can download my scripts and audio here – check it out and then make your own, but don’t forget to share your success and send me your result!

The basic steps are as follows:

1. Create .wav files of the spoken numbers 1 through 12, the number 30, “AM”, “PM” and “The time is: ”

2. Create a script to run on the hour similar to this example (change the paths to where you saved your files):

#!/bin/bash

aplay -q /home/charleys/time_voice/hellothetimeisnow.wav

HOUR=$(date +%-l)

AMPM=$(date +%p)

EXT=”.wav”

aplay -q  “/home/charleys/time_voice/$HOUR$EXT”

aplay -q “/home/charleys/time_voice/$AMPM$EXT”

#end script

3. Save as hour.sh Make the script executable

chmod +x hour.sh

4. Create a schedule to run the script using crontab

crontab -e

0 * * * * /home/charleys/time_voice/hour_human.sh

5. Repeat the steps above, except you are going to add the “30″ .wav file, like this:

aplay -q  "/home/charleys/time_voice/$HOUR$EXT"
aplay -q "/home/charleys/time_voice/30.wav"
aplay -q "/home/charleys/time_voice/$AMPM$EXT"

NOTE: You MUST use upper case PM and AM for your file name. You MUST use 1.wav, 2.wav, etc for your file names. This is because the file is chosen based on the ouput from the date command. date +%-l outputs only the numbers 1-12 for the hour. Likewise, date +%p outputs either AM or PM. The – just removes the space from in front of the digits 1-9. Aplay only works with ALSA audio I’m told, however there are many other choices in command line audio players you can try.

Enjoy!

A common sentiment online is that Linux is safe from the viruses and malware that plague Windows. While there is certainly *less* creepy code out there targeted at Linux users, it does exist. All users of computers connected to any large network should be aware of this and know how to use common tools to detect and prevent the malicious use of their computer.

Most of the malware attacks on computers today are not done by thrill or attention seeking hackers. They are created by criminals who seek to use them to relay unsolicited commercial email (spam) or worse. They could care less about making Windows look bad. They are completely agnostic as to Microsoft, Apple, or your Linux distro of choice. It only stands to reason that while it is more difficult to trick a saavy Linux user into installing malware with root privliges, efforts will almost certainly escalate as the popularity of Linux distros like Ubuntu gain popularity.

There are several free and open-source tools that can be easily installed and used to scan for viruses, rootkits, and other nasties on your computer. Clam AV, rkhunter, and chkrootkit are three tools that are easy to use. Clam even has a GUI. All three tools are available in the Ubuntu repositories. They are almost certainly available in others, but aren’t difficult to install manually either.

If you use Ubuntu, you can install the three packages:

sudo apt-get install clamav-daemon rkhunter chkrootkit

If you want to try the GUI, it is called ClamTK (sudo apt-get install clamtk)

Update the Clam AV scanning definitions by running sudo freshclam

It is probably easiest and most intuitive for most to use Clam via the GUI and not the command line – This installed under Applications > System Tools > Virus Scanner on my Ubuntu Intrepid 8.10 desktop.

Clam does not scan your files on access – so it takes up very little resources. You can schedule scans as cron jobs or simply run scans manually on a regular basis to be sure your system is clean.

To scan for rootkits, simply run sudo rkunter --check and sudo chkrookit as root. It is safe to run them side by side. They will not change anything on your system, they will simply alert you to the presence of suspicious files. (a few warnings are pretty normal).

Ubuntu ships with a Linux firewall called iptables installed by default. Most people find the text file configuration to be cumbersome. Firestarter is a very simple GUI option for iptables that makes it easy to manage. A good firewall will go a very long way to prevent any system from being compromised.

sudo apt-get install firestarter

To run Firestarter, go to System > Administration > Firestarter. When you first open the program you will be asked some questions. Don’t worry if you get them wrong, you can re-run the wizard any time… You will most likely want to choose yes and tick the box for DHCP. You’ll then need to set up a policy. This is very simple. If you are not sharing your computer, do nothing for Inbound policy – it will block inbound connections from starting a session on your computer. If you use Bittorrent, ssh, ftp, etc on your desktop you will need to create rules to allow those services Inbound. Again, very easy to do. For Outbound you usually want to allow all services out except those you block intentionally – so select “Permissive by default, blacklist traffic” – which will allow you to go out to the Internet freely but give you an option to block outbound traffic you do not want to allow. This is the default configuration on most commercial firewalls also. You can make outbound restrictive, but be prepared to add rules for every software you run that needs to establish Internet sessions… (updates, web browsing, backup programs, dropbox, skype, etc, etc…)

Any system should be backed up. I really like sbackup sudo apt-get install sbackup – you can find documentation online. It isn’t difficult to use and the defaults work well – though you may wish to change the default backup location. You can also backup to remote computers via ssh.

Keep your updates current. Ubuntu will alert you by default when updates are available. You can also use System > Administration > Update manager.

One last additional precaution I take is to use the laptop’s built-in security features to password protect the boot process. While this isn’t un-breakable, it will definitely slow down a casual thief who swiped your laptop. For a more secure approach, encrypt your hard drive’s file system.

I needed to do a quick session recording of my desktop to send some colleagues. In Windows I’ve used tools like Camtasia for quick demos, but I needed something that would record a session from a Linux desktop. (Ubuntu Intrepid 2.6.27-11-generic x86_64) GTK-RecordMyDesktop fit the bill perfectly.

It is very easy to install using Synaptic/Apt and is available in the Ubuntu Universe Repository. There are two front ends available using GTK, and QT. The only issue I had to troubleshoot was that the recorded audio was out of sync and choppy. It was very easy to fix by changing the DEFAULT sound option to plughw:0,0.

The software is capable of using a variety of audio sources including Jack audio server. The capture provided an excellent quality file in .ogv format.

If you are sharing the video capture with Windows users, you will need to convert it to a Windows-friendly format for them. I used mencoder - 

mencoder -idx mycapture.ogv -ovc lavc -oac mp3lame -o mycapture.avi

For a helpful page on installing additional repositories and software in Ubuntu, see here Enabling Extra Repositories. You should also see the following link:  Medibuntu  – to install the W32 Codecs.

This is only required if you need to convert the output into a Windows format like .avi. In order to play the converted avi video in Windows,  I still needed to install this free codec: FFDShow MPEG-4.

Click For Large Image Diagram

I serve a large organization with multiple branch offices in remote places. Typically, these offices are staffed with from one to fifty employees. Most of the offices have a local Windows Domain Controller, which doubles as a file/print server, DNS, and DHCP server.

The larger of the offices are usually connected to the Internet via T1, or DSL via a local service provider. In addition, the offices have a firewall that is connected back to headquarters via IPSec VPN tunnel.

This arrangement has provided a good solution for several years, however there are limitations. Recently, many of our offices have begun providing Internet access for clients – this added network load, in addition to increased usage of high-bandwidth services like You Tube, have placed new demands on us to manage the bandwidth. In addition, configuring servers and firewalls per individual office – and getting local support who can help us on site – is challenging.

A major point of our current initiative is to make our network locations more homogeneous, and more under the control of IT staff at headquarters. Virtualization has become an attractive option for several reasons: it eliminates the cost of a separate hardware firewall, and it allows us to configure a hardware-agnostic server “image” for use on any local hardware.

My “One Box Solution” allows for the firewall, bandwidth management, and Windows Domain Controller to exist on a single, portable, server.

I recently began piloting such a solution in one of our offices. Not having a current budget for my project, I took advantage of an unused Dell workstation at HQ. I added an additional 10/100 NIC we had lying in our closet. I installed Ubuntu 8.10 server (any version of Linux will work) and VMWare’s latest version of free server for Linux.

If you haven’t been exposed to VMWare yet, go to www.vmware.com and download the free player and one of the free virtual appliances (pre configured workstations and computers). VMWare server is also free and will allow you to build and configure your own virtual machines.

Having built the Linux box and installed VMWare server, I configured one of my NICS as an internal nic, with an address on my local subnet, and the other NIC as an external NIC with one of my assigned Internet IP addresses.

Inside VMWare server, I configured three virtual networks. One network connected to my external interface of my Linux server. The second connected to a host only virtual network, and the third connected to the internal NIC of my Linux server.

The first virtual server I built was my M0n0wall firewall. Note that M0n0Wall is available PRE-BUILT! AS A VIRTUAL APPLIANCE! This means you don’t have to compile or build it. Just download the Virtual Appliance files and open them in VMWare Server.  I choose M0n0wall for several reasons. It is free. It is easy to configure. It allows for QoS, Traffic Shaping, and most importantly the IPSec tunnels that connect back to Headquarters and our DR NOC. The external WAN interface of M0n0Wall was connected to the external virtual network. The internal LAN interface of M0n0Wall was connected to the HOST ONLY virtual nework (we’ll see why in sec…). The WAN and LAN interfaces were configured with appropriate network settings, NTP server settings, DNS, etc. The WAN IP will be on our Internet subnet, and the Gateway will point to our ISP’s router or gateway IP address. The LAN interface will become the internal default gateway for our local network. M0n0wall is a powerful firewall solution for a small office. With the addition of a third NIC, you can easily set M0n0wall up to provide a DMZ, or a Captive Portal for your Wireless users. A Captive Portal will allow you to plug in a wireless device, authenticate users in a browser, and/or use RADIUS for advanced authentication.

The second virtual server is Untangle – also available Pre-built as a virtual appliance! Untangle can install as a bridge – meaning there is no routing involved. It sits between your firewall and your internal network. Untangle can also function as the firewall, but since it lacks the IPSec function for our tunnel back to Headquarters, we choose M0n0Wall. Where Untangle really excels is in Internet filtering and management. Untangle provides a suite of free modules for management and OpenVPN. There are also paid and supported modules available. The free version provides for very granular reporting and a powerful degree of access control right out of the box.

The third server is our Windows Domain Controller. This is the only commercial device which requires a paid-for license. Our virtual domain controller runs inside VMWare and connects via one interface to our internal network.

This arrangement has allowed us to provide a one-box all-in-one appliance to our remote offices that can be built and exchanged as needed, with a minimum of configuration. The Windows server can easily be promoted to a domain controller on site. IP Addresses and other site specific information can all be easily configured through graphical utilities.

Using online backup, such as Mozy Pro, in conjunction with our single box, we have discovered a way to provide highly-available network services to our smaller, budget and staff challenged offices in the field.

Options include using ESXi, which is VMWare’s free version of ESX server. The downside of ESXi is that it requires more expensive hardware. It will not run on a workstation with a SATA disk drive. However, if you have a true server that is on the hardware compatibility list, ESXi will provide a better platform. It installs as it’s own OS. Linux and Windows are not required. The management tools and options are also much nicer.

One additional thing we’ve looked at – and likely something we’ll be hearing more about in the coming months – are WAN optimization appliances such as Riverbed that run as a virtual machine. This will likely become a solution in our most remote offices where slow satellite connectivity is the norm.

I found a new toy called Ubuntu
Its real Linux not an affront to
Though some hackers claim
I haven’t got game
The trash bin took Windows a punt to

When trying to access Windows Components in Add Remove Programs, you receive the following error: Setup was unable to open information file fxscom.inf.

The problem is that you are using an XP build using nLite. NLite removes uncessary Windows components to make a compact and speedy image. Unfortunately, it is not officially supported by Microsoft. When you install Windows XP Service Pack 3, the sysoc.inf file is overwritten. The deleted configuration information for the components is put back into the new sysoc.inf file written by Service Pack 3. When you attempt to open Windows Compoents in Add Remove Programs, it will look for the missing pieces due to sysoc.inf.

To fix this, I did the following: as each error comes up in Add/Remove programs, simply delete the corresponding line from sysoc.inf. Make a backup of sysoc.inf first. Sysoc.inf is located in your windows\inf folder (maybe hidden, so enabling viewing hidden files or be a real man/woman and use the command line <giggle>.

The error will also result in errors for the following files (components):

xsocm.inf
fxsocm.dll
setupqry.inf
setupqry.dll
fp40ext.inf
fp40ext.dll
msgrocm.dll
msnmsn.inf
rootau.inf
games.inf
communic.inf
optional.inf
pinball.inf
igames
zoneoc.dll

As long as I’ve been in IT, users have demanded the capability to email files. It is tremendously convenient but leaves much to be desired for IT personnel in charge of messaging systems.

Typically email attachment sizes are limited. Users complain when attempting to email huge spread sheets or media content if they are denied due to size restrictions.

Typically the solution has been FTP. However FTP generally leaves much to be desired for the average user. It requires the maintenance of accounts. Some people are restricted by local policy and firewalls. Browser support for FTP is weak. FTP servers must generally be maintained or entropy sets in and they become an administrative and security nightmare.

Enter Allard Software’s Filetransfer Appliance.

It works like this: When a user has the need to send a large attachment they point their web browser to the File Transfer server. They get a page with a form to send an email. They fill in To:, Subject:, and their message. They then browse the file and click upload. Then they can send the email. The recipient gets the email which contains a link to download the file. The file expires after a set period of time. The recipient receives a notification when the file is downloaded. That’s it! Beautifully efficient and simple!

Filetransfer Appliance is a piece of cake to set up. It installs as a VMWare appliance – meaning the software is already installed and configured. All you need to do is boot the VM, give it a hostname and set your IP address. There are a few configuration options including your mail server and Active Directory integration so users can authenticate with their AD credentials.

The device can use SSL with your own certificate or a self signed certificate if you choose.

Support is highly responsive from the developer himself.

The device is incredibly inexpensive, licensing starts under $100 for 10 users and their is a FREE 3 user demo.

http://www.allardsoft.com/filetransfer