JDPFu.com 2024

Updated 12/2014:
Jump to the bottom of the article to see the updates.

People new to Linux or UNIX often don’t understand that built into the GUI system is a way to remote into pretty much any server in the world and have a program running on the remote machine, but displayed back on your Linux desktop. It is built in and has been for 30+ year of X/Windows. It doesn’t matter if you use Ubuntu, Redhat, Solaris, AIX, or if you use Gnome, KDE, XFCE, MWM, TWM – this solution is at a lower level. If you have a GUI on Linux or UNIX, it is built in and actually works really, really well.

Remote Applications over the WAN

I’m guilty of oversimplification. We all are. I say that I run Linux. That isn’t really accurate, but it is short and only people in the know really understand what that means. Below I’ll attempt to compare a few well known operating systems to an automobile and the parts inside it.

OS to Vehicle Comparison

I’ve picked 1 specific version of a vehicle, Linux OS and Windows OS to use for comparison.

Part              Vehicle                  Linux                         Windows

Total Name        Ford F-150 Truck         Ubuntu 10.04 x32 Desktop      Microsoft Windows7
                                                                         x32 Home Premium

Engine            Ford V8 4.4L Diesel      Linux Kernel 2.6.24-28        Kernel.xyz build 
                                            No direct access to the      number xxxx. No 
                                            kernel without helper        direct access to  
                                            programs.                    the kernel without 
                                                                         helper programs. 
                                                                         The kernel 
                                                                         provides services
                                                                         to other programs.

Outside Bling     Paint, chrome, flashers  Gnome 3.x, customized GUI     Windows Desktop 
                                           running on top of X/Windows   Program / Explorer 
                                           and a _Window Manager_ like   (1st instance only)  
                                           xfce, fvwm, Icewm ... *wm     This is the GUI - 
                                           Other examples of _Desktop    Start Menu, etc.
                                           Environments_: Gnome, KDE, 
                                           LXDE, XFCE. DEs are a 
                                           convenience and not 
                                           necessary.

Raw Controls      N/A, but directly        GNU CLI programs - ls, df     CMD.EXE and a 
                  controlling the throttle  du, and thousands of         limited set of 
                  with a pair of pliers is  others. Example UNIX         programs - dir, 
                  an example.               "Shells" are bash, sh, csh,  scandisk, chkdsk, 
                                            tcsh, ash, zsh, etc...       nslookup, net use, 
                                                                         route. Any program 
                                                                         that doesn't have 
                                                                         a GUI.

User Control Sytm Steering wheel,          CLI interface                 CLI interface 
                  instruments, peddles,    OR                            (mostly unused) - 
                  gear shifter, radio, etc GUI xfaces                    the old DOS-style 
                                                                         interface
                                                                         OR
                                                                         GUI controls like 
                                                                         Control Panel

What you need to know to be network secure on your computers when on public hotspots (or anywhere that is not your work or home network).
The How To Geek wrote a comprehensive article.

These guys did an excellent job covering everything you should know. My only complaint about the article is they didn’t stress how important a VPN is for secure network use when in the wild. Use a VPN – ALWAYS. A VPN is a Virtual Private Network. If you want to know more, use google.

Below I’ll go into more detail on my concerns and the steps to setup a VPN on your home network, so you can secure your network access from almost anywhere in the world.

Yesterday, I took a look at the missing URL statistics for my blog and saw lots of attacks to phpMyAdmin. That’s sorta funny since I don’t use that tool and if I did, it wouldn’t be available publicly. When I say lots of phpMyAdmin attacks, I mean hundreds with every possible way of spelling it and every possible version listed. Certainly, these are scripts, but still they are many hundreds of attempts. My little blog isn’t THAT popular and it is non-commercial. You don’t need an ad-blocker here and most of the website works just fine without javascript enabled.

Anyway, I’ve added a reverse proxy filter to my web cluster that will prevent undesired requests. I’ve always had a reverse proxy, but never bothered to filter anything except PUSH size to this point. If something seems to be broken, please let me know, since I could have missed a few needed allow rules.

Between the blog spammers and random attacks, it sorta makes me wonder how many counter measures the average blogger installs and uses to pro-actively protect their work. Do you review your logs?

I did see that someone had a sense of humor in their attacks …

/oh.hey.there.how.you.doin

Here’s what I do to protect my websites

• DB – Limit any DB access to local, no network access and especially no internet access to DBs
• Firewall – Limit the ports which can get inside to the reverse web proxy, not to the actual ports where the applications are running.
• Remote – remote access from outside the network is only via key-based ssh or over VPN
• Use non-standard software that doesn’t have millions of users – low value target
• Limit plugins to simple ones so I can review the code
• Stay patched – weekly patching happens on all systems involved
• Stay up to date with released software that is not patched
• Review the server logs daily using summary tools like log watch
• Generally keep up with security issues for the platform and software installed
• Backups – incremental, daily, automatic, full. I can recover any file or the entire server as needed for any day from today to 30 days ago.
• Virtualization used for server platforms. If I do have a hardware failure, the VM can be brought back up on almost any other hardware, provided the VM host/Dom0 runs.
• Run 1 main service per VM. The blog servers don’t do email or vpn or monitoring or …. – they are each single purpose machines. The VM hosts are not available to the outside world.
• Avoid Microsoft solutions for servers – yes, this is a security feature to me
• Block full search engine access
• Perform local analytics – no outside service is used – this is for your privacy too

Anyway, I hope I wasn’t too restrictive on the verbs allowed to pass into this site. Again, if you see issues, please let me know. The script kiddies will need to find another site to bother and someone else’s bandwidth to waste.

What do you do to protect your websites from hackers? Tell me in the comments.

When you have a laptop, you expect to take it with you. When you have a portable computer, the data on it is at higher than normal risk for theft. This means you need to take steps to protect that data. In 2010, the Commonwealth of Massachusetts passed laws that require non-public consumer data be encrypted on disk and networks. Basically, disk encryption is here to stay, but there are some drawbacks. Below I’ll describe why you want to encrypt much of your laptop disk storage, why you probably don’t want whole disk encryption, and the setup that I’m using.

Just got a new laptop yesterday, but I didn’t like the way that the 500GB HDD is partitioned.

• Unknown (50MB)
• RECOVERY (18GB)
• WIN7 (whatever remained of the 500GB – over 400+GB)

Only a noob would want that partitioning because they simply don’t know any better. Why do manufacturers still do this? Ah – because it is easy. Sorry for the dumb question.

I want:

• Unknown (50MB)
• RECOVERY (10GB – it actually only uses less than 8GB – resize)
• WIN7 (60GB for apps and the OS – resize + move)
• Data (size determined by my backup disk … I’m guessing about 250GB) Much of it will be encrypted, since this is where my VMs are placed.
• Scratch area for local disk backups or snapshots of VMs or …. unimportant temp data.

Ah, if it were only that simple. Below I’ll discuss the methods used to shrink / resize disk partitions and re-align the data so reduce wasted areas on the disk.

The FLOSS Weekly podcast did an entire episode on VirtualBox recently. There were some interesting comments in the podcast from the VBox team.

The team believes they are the closest to native for both network and storage virtualization. They recommended a number of specific NICs and how to connect to storage that does not disagree with my Improve VirtualBox Performance by almost 50% article. That was good to hear.

They talked about:

1. Oracle’s commitment to VirtualBox
2. Virtualization Overview (why, features, security, virtualized hardware, etc)
   1. Most interesting to me was that VBox supports OpenGL 2.x – that means XBMC should run in a vbox VM.
3. Differences between the OSE and PEUL licenses – what is contained in just the PEUL?
4. vboxmanage and how 3rd party folks have written some nice tools
5. Teleportation (V-Motion like) that does not require identical
6. Page-Fusion – shared memory across guest OSes (this was new to me). The intent is to support hundreds of client VMs per server.
7. Mac virtualization challenges – it works, but only on Mac hardware due to Apple DRM in hardware checks.

Anyway, find the VirtualBox specific podcast here.
A link to the show notes

By the way, if you are a dentist, FLOSS Weekly has nothing to do with teeth. FLOSS is *F*ree *L*ibre *O*pen *S*ource *S*oftware.

Over the years, we all come across software that we decide to uninstall and never use again (unless forced to do so by a company). I expect that some software on my hate it list is loved by someone. Most of those tools that make it to this list became bloated, lost their core purpose or did something nasty like installed a search bar or some other spyware.

Anyway, here’s my list for Windows.

Each of us use a computer for various reasons. Some just want a system that works, without any hassle. Most of us want to run specific software, work with specific file types, connect with everyone else, and possibly just do what the people around us are doing to be the same.

I’ll be as honest as I can and put the reasons in order.

Some of you know that I’m a fan of Linux. Ok, so that is an understatement. Would you like to convert? I’ll help you! Linux lets me do what I want while still providing nearly complete control over the hardware, for free. I like it and I’m shocked when other computer users don’t like it too. In fact, I think that almost every Grandmother should be running Linux these days.

Here’s a story, Linux Experiment Gone Horribly … Perfect, about a tech trying to solve problems with a client’s laptop. After exhausting all other solutions to a virus infected, spyware running, root kit loving Vista install, he got to the point of needing to reinstall Vista, but no reinstall disks were available. The client didn’t have them or any backup. The answer? Ubuntu Desktop 10.04 (Lucid Lynx).

In short, unsophisticated computer users will probably do better with a properly configured Linux system. I’d try Ubuntu, Mint or PCLinux on end users for the best outcomes. All are based on Debian, very stable and work on almost any hardware.

Would you like to try Linux? I’ll help you!