average admins

I’m not a big fan of Google applications since all the bad reviews and security holes of the Google desktop search application were posted. Why someone needs a search application anyway is beyond me. Do those guys just save crap everywhere and forget where they put it? Isn’t there already a search feature built into the Operating System?

Anyway, some people like Google’s applications and find them easy to use … which is why I’m posting this. It’s a review of one guys experience with Picasa, an image viewer/editor, for Windows and Linux. Apparently it’s a competitor for Adobe Elements, according to the author. I’m a big fan of IrfanView (awesome program, runs from a single .exe file, supports all file types, and can handle all of the Photoshop plugins), but that doesn’t mean I can’t post stuff for you guys!

So here’s the article: http://linuxhelp.blogspot.com/2006/05/first-impressions-of-picasa-googles.html

Oh, also, this application isn’t native for Linux. It’s really the Windows version running on top of Wine. Here’s a blurb from their FAQ:

Q: Is Picasa for Linux open source?

Picasa for Linux isn’t open source; it uses a carefully tested version of Wine to run the current Windows version of Picasa. Wine itself is an open-source implementation of the Windows API. It runs on top of the X Window System and Linux or Unix.

I’m trying to set a wireless network and can’t get the thing to work. I am posting to see if any of you can tell me what I’m doing wrong. Here is the senario:

-Internet is DSL coming into a WRT54G

-There is a wired desktop into the swith on the back that is browsing with no trouble.

-The second wireless location is a considerable distance away. I have used a USB wireless nic and tested connectivity to the location of the second computer and only got two bars of connectivity when connected to the WRT. Because of this I wanted to try used a WAP54 in client/bridge/repeater mode and basicly use it as a wireless patch cord back to the WRT for the Dipole antena to strengthen the connection.

-I’m able to connect a laptop Wirelessly to the WRT and browse fine.

-I can’t get the WAP to connect and pipe packets to and from the WRT

The reason that I’m worried about link quality is because we are going to be sending live video and sound (Skype) across this link so my dad can see/talk to my niece. Cheesy, I know, but I’m trying to help. Can any of you offer any advise or experience?

So after much banging my head against a brick wall, I’ve cleaned up the blood and regained some sense of reality.

Not soon after I wrote the initial post, work got busy, school got busy, and so on.

When I did get to start working with the HTPC, meedio sent out an announcement that they sold their company to Yahoo. So after June they will no longer support their software. So that killed that program. As I said in the last post, the default ATI software is very limited and just not worth the effort other then basic cable connection and record functions.

Which brings me to my next obsticle, word to the wise, if you want an htpc don’t expect it to work with digital cable. You can find plenty of cheap satelite pci capture cards to hack Digital Dish, unless you live in an apartment that doesn’t have a clear line of sight. So after spending days scouring the internet for a card or program, I’m still left high and dry with no way to unencrypt the digital channels that I pay for, on my cable box.

Don’t let my cruel reality discourage you from doing it. The key things are if you are running digital cable don’t expect to get your digital channels unless you can find a card to work with it unlike I have. If you have basic cable you will be fine using something like Win-DVR software or Sage.
On the satelite, you won’t have much luck finding cards that work well with Directtv, but finding a satelite card to work with Digital Dish is pretty easy.

Now I haven’t actually set one up for digital dish but you basically run the satelite through the satelite pci card, then run your output from the tuner card to your tv or a/v receiver. You are on your own finding software to decode the channels

… with LOTS of pictures … this things is wicked cool!

http://www.bit-tech.net/…gnome_case_mod/1.html

If you’re a UNIX / Linux guy and use vi or vim on a regular basis, this tutorial is for you. There’s no way for one person to know all, or in my case a quarter, of what vi/vim has to offer. I’m ALWAYS learning new things.

This tutorial will definitely show you things you didn’t know about vim.

The author of this tutorial brings up a good point, why take the time to learn a more efficient way to do the task at hand when doing the research to find a more efficient way would take more time than just doing the task? Because the next time you’re faced with this task, you’ll still be stuck doing it the long way. Besides, how else are you going to learn all the cool features of your favorite text editor?

Also, remember this is an advanced tutorial. As the author states, “In this tutorial I assume the reader to have a basic knowledge of vim. Basic features like editing, movement, searching, replacing, opening, saving etc not covered in this tutorial. I’d recommend going through vimtutor for basic understanding of vim.”

Make sure you read the comments since they also contain good pointers and one guy points us to two more great vim resources:
http://www.rayninfo.co.uk/vimtips.html
http://www.moolenaar.net/habits.html

Now on to the tutorial: http://blog.smr.co.in/cgi-bin/index.cgi/blogs/linux/1143567189.html

This is very cool. It’s a site powered by Google maps that tracks, in real time, the satellites orbiting earth.

http://n2yo.com/

I’ve been sitting on this article for a while, waiting for a good time to read it. Turns out that it’s a great article and some of the comments are equally as informative.

I actually have a problem with a program I run that’s segfaulting, and once I make the time to troubleshoot it, I will probably have to use strace to find where the problem is.

http://linuxhelp.blogspot.com/2006/05/strace-very-powerful-troubleshooting.html

Many times I have come across seemingly hopeless situations where a program when compiled and installed in GNU/Linux just fails to run. In such situations after I have tried every trick in the book like searching on the net and posting questions to Linux forums, and still failed to resolve the problem, I turn to the last resort which is trace the output of the misbehaving program. Tracing the output of a program throws up a lot of data which is not usually available when the program is run normally. And in many instances, sifting through this volume of data has proved fruitful in pin pointing the cause of error.

For tracing the system calls of a program, we have a very good tool in strace. What is unique about strace is that, when it is run in conjunction with a program, it outputs all the calls made to the kernel by the program. In many cases, a program may fail because it is unable to open a file or because of insufficient memory. And tracing the output of the program will clearly show the cause of either problem.

The use of strace is quite simple and takes the following form:

$ strace

For example, I can run a trace on ‘ls’ as follows :

$ strace ls

And this will output a great amount of data on to the screen. If it is hard to keep track of the scrolling mass of data, then there is an option to write the output of strace to a file instead which is done using the -o option. For example,

$ strace -o strace_ls_output.txt ls

… will write all the tracing output of ‘ls’ to the ’strace_ls_output.txt’ file. Now all it requires is to open the file in a text editor and analyze the output to get the necessary clues.

It is common to find a lot of system function calls in the strace output. The most common of them being open(),write(),read(),close() and so on. But the function calls are not limited to these four as you will find many others too.

For example, if you look in the strace output of ls, you will find the following line:

open(”/lib/libselinux.so.1″, O_RDONLY) = 3

This means that some aspect of ls requires the library module libselinux.so.1 to be present in the /lib folder. And if the library is missing or in a different path, then that aspect of ls which depends on this library will fail to function. The line of code signifies that the opening of the library libselinux.so.1 is successful.

Here I will share my experience in using strace to solve a particular problem I faced. I had installed all the multimedia codecs including the libdvdcss which allowed me to play encrypted DVDs in Ubuntu Linux which I use on a daily basis. But after installing all the necessary codecs, when I tried playing a DVD movie, totem gave me an error saying that it was unable to play the movie (see the picture below). But since I knew that I had already installed libdvdcss on my machine, I was at a loss what to do.

Then I ran strace on totem as follows :

$ strace -o strace.totem totem

… and then opened the file strace.totem in a text editor and searched for the string libdvdcss . And not surprisingly I came across this line of output as shown in the listing below.

# Output of strace on totem
open(”/etc/ld.so.cache”, O_RDONLY) = 26
fstat64(26, {st_mode=S_IFREG|0644, st_size=58317, …}) = 0
old_mmap(NULL, 58317, PROT_READ, MAP_PRIVATE, 26, 0) = 0xb645e000
close(26)
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
…
open(”/lib/tls/i686/cmov/libdvdcss.so.2″, O_RDONLY) = -1 ENOENT (No such file or directory)
stat64(”/lib/tls/i686/cmov”, {st_mode=S_IFDIR|0755, st_size=1560, …}) = 0
…
stat64(”/lib/i486-linux-gnu”, 0xbfab4770) = -1 ENOENT (No such file or directory)
munmap(0xb645e000, 58317) = 0
open(”/usr/lib/xine/plugins/1.1.1/xineplug_inp_mms.so”, O_RDONLY) = 26
read(26, “\177ELF\1\1\1\3\3\1\320\27″…, 512) = 512
fstat64(26, {st_mode=S_IFREG|0644, st_size=40412, …}) = 0

In the above listing which I have truncated for clarity, the line in bold clearly shows that totem is trying to find the library in, among other places, the ‘/lib/tls/i686/cmov/’ directory and the return value of -1 shows that it has failed to find it. So I realized that for totem to correctly play the encrypted DVD, it has to find the libdvdcss.so.2 file in the path it is searching.

Then I used the find command to locate the library and then copy it to the directory /lib/tls/i686/cmov/. Once I accomplished this, I tried playing the DVD again in totem and it started playing without a hitch.

Just to make sure, I took another trace of totem and it showed that the error was rectified as shown by the bold line of output below.

# Output of the second strace on totem
open(”/etc/ld.so.cache”, O_RDONLY) = 26
fstat64(26, {st_mode=S_IFREG|0644, st_size=58317, …}) = 0
old_mmap(NULL, 58317, PROT_READ, MAP_PRIVATE, 26, 0) = 0xb644d000
close(26) = 0
access(”/etc/ld.so.nohwcap”, F_OK) = -1 ENOENT (No such file or directory)
…
open(”/lib/tls/i686/cmov/libdvdcss.so.2″, O_RDONLY) = 26
…
stat64(”/lib/tls/i686/sse2″, 0xbffa4020) = -1 ENOENT (No such file or directory)
munmap(0xb645e000, 58317) = 0
open(”/usr/lib/xine/plugins/1.1.1/xineplug_inp_mms.so”, O_RDONLY) = 26
read(26, “\177ELF\1\1\1\3\3\1\360\20″…, 512) = 512
fstat64(26, {st_mode=S_IFREG|0644, st_size=28736, …}) = 0

Opening the man page of strace, one will find scores of options. For example, if you use the option -t, then strace will prefix each line of the trace with the time of day. One can even specify the system call functions to trace using the -e option. For example, to trace only open() and close() function system calls, one can use the command as follows:

$ strace -o strace.totem -e trace=open,close totem

The ubiquitous strace should not be confused with DTrace that ships with Sun Solaris. strace is just a single tool which takes care of a small part which is tracing a single program. Where as Sun’s DTrace toolkit is much more powerful and consists of a collection of scripts which can track, tune and aid the user in troubleshooting ones system in real time. More over, dtrace is a scripting language with close semblance to C/C++ and awk. Put another way, strace tool in GNU/Linux provides only one of the many functions provided by DTrace in Sun Solaris. That being said, strace plays an important part in aiding the user to troubleshoot ones programs by providing a view of the system calls that the program makes to the Linux kernel.

PS: If you are wondering which movie I was intent on watching, it is “For a Few Dollars More” - an all time classic western starring Clint Eastwood. I really like this movie.

If you know anything about wireless, you know it’s not secure. I’m not talking about hacking INTO a wireless network, I’m talking about eavesdropping on the other people connected to the same hotspot you’re connected to. OK, maybe YOU don’t like to eavesdrop on everyone else, but I do.

Since I like to eavesdrop, I assume that other people like to eavesdrop, and that bothers me. I don’t want someone knowing my POP3 password, or my AverageAdmins password, or my AIM password (though this article doesn’t cover protecting your AIM password), or any of my forum or other website passwords. I guess I could setup a VPN at my house, but that would require figuring out how (which is probably pretty easy) and more importantly, it would require that the router at the hotspot be programmed to allow vpn traffic through AND it would require my ISP at home to allow VPN connections inbound. Sure you could setup an SSL VPN, but my ISP blocks port 443 inbound.

So, why not SSH to your box at home, do a little port forwarding trickery, and then configure your webbrowser to use your proxy at home? Now all of your web traffic is proxied to your house over an encrypted SSH connection. No more eavesdropping!

It seems that joe over at AdminSpotting.com has written an excellent article on doing just this.

You can find his article here: http://adminspotting.net/howtos/Secure-and-Private-Browsing-with-Squid.html

===============================

Secure and Private Browsing with Squid

Browsing a site that supports SSL is a definite way to make sure no one can snoop in on what you’re doing — which is a good thing when you’re doing something personal like checking email over the web or buying something from amazon. But if you’re just doing stuff like reading the daily news or checking movie times, is privacy that important? The ultra-paranoid will give a resounding “yes” to that question while most people will just shrug. I find myself in between those two parties. At home while I’m reading the news, I could care less if the traffic is encrypted or not. However, when I’m at a public wi-fi spot, it does bother me a bit.

Most public areas that allow access to the internet have absolutely no security in place. Need a good eye-opener? Next time you’re at a public hotspot, take a copy of the dsniff tools.

This article will show you a way to protect yourself from something like this — in a way. This article will only show you how to protect your web traffic. If you still decide to talk to your CEO over AIM about some ultra-secret product coming out next week while waiting for your next flight, this won’t save you. Squid can, of course, proxy requests for other applications besides HTTP, but HTTP is all I’ll be covering. Maybe I’ll go over other applictions in another article.

OK, let’s get started. Here’s what we’ll need:

# A server running Squid on some other network.
# A laptop with ssh and port-forwarding support.

What we’re going to do is set up a Squid server somewhere outside the network we’re currently on. Squid will only accept connections from the server itself — no outside connections. Then how do we use it? We’ll create an SSH tunnel into it. Once the tunnel is created, we simply set our webbrowser to use a proxy server with the address of our SSH tunnel. Now any web traffic going out of our laptop to our Squid server will be encrypted.

But what about from the Squid server to the actual webpage? That stuff won’t be encrypted, unfortunately. But hey, atleast we got outside the unprotect LAN securely.

I’ll be using Debian Sarge for the Squid server, but you’re more than welcome to use whatever distro you want. After Squid is installed, the configuration will be the exact same. To install Squid on Debian, just do:

apt-get install squid

The default configuration for Debian (and maybe other distributions too — better check!) is to only allow connections from the localhost. This doesn’t harm anything, so we can leave it as is. However, we still need a way for us to connect externally. For that, we will add an acl that will prompt us for a password and if we’re authenticated it will let us in. We’ll add it right before the “deny all” portion” so it’ll look something like this:

acl localhost src 127.0.0.1/255.255.255.255
http_access allow localhost
http_access allow password
http_access deny all

By default, Squid listens on port 3128. I personally like 8080 better, so we’ll change it with:

http_port 8080

Next we need to set up authentication for Squid. There are a bunch of different authentication methods that come with the Debian package and they can be viewed with:

ls /usr/lib/squid/*auth

We’ll be using the pam_auth module. This will allow anyone who has a shell account to also be able to use the Squid server. Search for the auth_param section in the config and add these lines:

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Next search for this line and uncomment it:

acl password proxy_auth REQUIRED

Now create a pam module called /etc/pam.d/squid that contains:

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

You will need to give this file SUID access so chmod it 4755. Yeah, I know this isn’t the best way to do this but it’s the least complicated. You’re more than welcome to research the other methods on your own.

Squid should be all set and ready to go. Next make sure you have shell access to the server via SSH. It doesn’t matter if you use a password, passphrase, or blank passphrase. To set the tunnel up, run this:

ssh -L 8080:squidhost:8080 username@squidhost

You’ll be asked for authentication and if you’re successful, it’ll look like you’ve logged into the remote box. If you open another window up and type

telnet localhost 8080

You’ll see that you’re now talking to squid on the remote server.

Finally, tell your browser to use the SSH tunnel as a proxy. I won’t go over each individual browser here, but basically it’ll be somewhere in the preferences. For the hostname, just type in localhost and for the port, type in 8080.

Now whenever you browse to a webpage, you’ll be prompted for authentication. Type in your shell account information and you’ll be all set to go. The browser might give a warning about authenticating through plaintext — ignore it. It will be travelling through our SSH tunnel so it will be encrypted.

Congratulations! You may now surf the web without worry of anyone snooping on you. If anyone has any comments, fixes, or ways to improve this method, please let me know!

http://adminspotting.net/articles/windows/cli/Windows-CLI-Tricks-Part-1.html

This is an excellent writeup on using the command line to add, edit, and remove objects from Active Directory.

Windows CLI Tricks, Part 1
Introduction to the ds utilities

Introduction

Windows Server comes with a suite of command line utilities that can be used to manipulate objects in Active Directory. Although in most cases it would be easier to use the Active Directory Users and Computers GUI, there’re a couple commands that could either save you some time or just make you look impressive.
Adding Objects

The dsadd command can be used to add any type of Active Directory object from the command line. The following would add a user:

c:\> dsadd user -fn Moe -ln Bopjian -upn mbopjian@hemingway.com -pwd * \ cn=mbopjian,ou=employees,dc=hemingway,dc=com

fn and ln are for First Name and Last Name, respectively. upn assigns the Windows 2000+ username and pwd with the asterisks will prompt for the password. The final argument is the Distinguished Name.

dsadd can also be used to create groups. With no arguments, a global security group will be created:

c:\> dsadd group cn=Employees,ou=employees,dc=hemingway,dc=com

Searching for Objects

The dsquery and dsget commands can be used for retrieving information in Active Directory. dsquery searches for objects based on specified criteria. Here’s an example that finds all objects with the string *ian* contained in the name:

c:\> dsquery user -name *ian* dc=hemingway,dc=com “CN=mbopjian,OU=Employees,DC=hemingway,DC=com”

Unlike the results that the Active Directory Users and Computers GUI will give you, dsquery will show what OU (or OUs) the object belongs to.

dsget displays property information about an object — similar to the properties window, but in text.

c:\> dsget user “CN=mbopjian,OU=Employees,DC=hemingway,DC=com” dn desc samid CN=mbopjian,OU=Employees,DC=hemingway,DC=com Joe’s Alternate Ego mbopjian

dsget succeeded

It can also be used to get individual property entries:

c:\> dsget user “CN=mbopjian,OU=Employees,DC=hemingway,DC=com” -tel tel 0118 999 881 999 119 7253

dsget succeeded

Piping Output

Similar to piping output in Unix and Linux, the ds* commands can also work this way. In the last example, dsget was used with with a distinguished name to retrieve information about that object. However, instead of specifying the distinguished name, dsquery can be used to search for the object first:

c:\> dsquery user -name *ian* dc=hemingway,dc=com | dsget user dn desc samid CN=mbopjian,OU=Employees,DC=hemingway,DC=com Joe’s Alternate Ego mbopjian

This technique can also be used with the dsmod command to add users to a group:

c:\> dsquery user -name *ian* dc=hemingway,dc=com | dsmod group cn=Employees,ou=employees,dc=hemingway,dc=com -addmbr

Another example of dsmod is to disable a list of accounts:

c:\> dsquery user -name *ian* dc=hemingway,dc=com | dsmod user -disabled yes

Conclusion

These example, although useful, are only the basics of what can be accomplished with the ds* utilities. Any type of Active Directory object — as well as its properties — can be added, queried, and modified. Similarly, but not covered in this article, objects can be moved and deleted with the dsrm and dsmove commands.

As mentioned in the beginning, using the Active Directory Users and Computers GUI will accomplish most of these tasks faster than on the command line. However, there might be a time when you have a complex query result that you need to act on and the CLI’s flexibility will prove to be quicker and more efficient.

This is a great, and long, story about a student at Auburn University who clicked on a link in an email. Of course, clicking on a link in an email isn’t always a bad thing, unless the web server you’re visiting installs maclicious code on your PC!

Even if you’re not interested in botnets or computer security, this is a good read. It’s very informative and offers a glance into the lives of these “bot masters”.

Think you’re safe because your internal network is NAT’d behind a coporate proxy? Think your safe because you’re firewall rules are tight? Think you’re safe because you patch every computer on your network the first Tuesday of every month?

Think again.

http://www.baselinemag.com/article2/0,1540,1946404,00.asp