Running Remote Desktops and Remote Applications 3
Updated 12/2014:
Jump to the bottom of the article to see the updates.
People new to Linux or UNIX often don’t understand that built into the GUI system is a way to remote into pretty much any server in the world and have a program running on the remote machine, but displayed back on your Linux desktop. It is built in and has been for 30+ year of X/Windows. It doesn’t matter if you use Ubuntu, Redhat, Solaris, AIX, or if you use Gnome, KDE, XFCE, MWM, TWM – this solution is at a lower level. If you have a GUI on Linux or UNIX, it is built in and actually works really, really well.
Remove the Confusion - What Is Linux?
I’m guilty of oversimplification. We all are. I say that I run Linux. That isn’t really accurate, but it is short and only people in the know really understand what that means. Below I’ll attempt to compare a few well known operating systems to an automobile and the parts inside it.
OS to Vehicle Comparison
I’ve picked 1 specific version of a vehicle, Linux OS and Windows OS to use for comparison.
Part Vehicle Linux Windows
Total Name Ford F-150 Truck Ubuntu 10.04 x32 Desktop Microsoft Windows7
x32 Home Premium
Engine Ford V8 4.4L Diesel Linux Kernel 2.6.24-28 Kernel.xyz build
No direct access to the number xxxx. No
kernel without helper direct access to
programs. the kernel without
helper programs.
The kernel
provides services
to other programs.
Outside Bling Paint, chrome, flashers Gnome 3.x, customized GUI Windows Desktop
running on top of X/Windows Program / Explorer
and a _Window Manager_ like (1st instance only)
xfce, fvwm, Icewm ... *wm This is the GUI -
Other examples of _Desktop Start Menu, etc.
Environments_: Gnome, KDE,
LXDE, XFCE. DEs are a
convenience and not
necessary.
Raw Controls N/A, but directly GNU CLI programs - ls, df CMD.EXE and a
controlling the throttle du, and thousands of limited set of
with a pair of pliers is others. Example UNIX programs - dir,
an example. "Shells" are bash, sh, csh, scandisk, chkdsk,
tcsh, ash, zsh, etc... nslookup, net use,
route. Any program
that doesn't have
a GUI.
User Control Sytm Steering wheel, CLI interface CLI interface
instruments, peddles, OR (mostly unused) -
gear shifter, radio, etc GUI xfaces the old DOS-style
interface
OR
GUI controls like
Control Panel
Access Public Networks Securely
What you need to know to be network secure on your computers when on public hotspots (or anywhere that is not your work or home network).
The How To Geek wrote a comprehensive article.
These guys did an excellent job covering everything you should know. My only complaint about the article is they didn’t stress how important a VPN is for secure network use when in the wild. Use a VPN – ALWAYS. A VPN is a Virtual Private Network. If you want to know more, use google.
Below I’ll go into more detail on my concerns and the steps to setup a VPN on your home network, so you can secure your network access from almost anywhere in the world.
Missing URL Attacks and Counter Measures 1
Yesterday, I took a look at the missing URL statistics for my blog and saw lots of attacks to phpMyAdmin. That’s sorta funny since I don’t use that tool and if I did, it wouldn’t be available publicly. When I say lots of phpMyAdmin attacks, I mean hundreds with every possible way of spelling it and every possible version listed. Certainly, these are scripts, but still they are many hundreds of attempts. My little blog isn’t THAT popular and it is non-commercial. You don’t need an ad-blocker here and most of the website works just fine without javascript enabled.
Anyway, I’ve added a reverse proxy filter to my web cluster that will prevent undesired requests. I’ve always had a reverse proxy, but never bothered to filter anything except PUSH size to this point. If something seems to be broken, please let me know, since I could have missed a few needed allow rules.
Between the blog spammers and random attacks, it sorta makes me wonder how many counter measures the average blogger installs and uses to pro-actively protect their work. Do you review your logs?
I did see that someone had a sense of humor in their attacks …
/oh.hey.there.how.you.doin
Here’s what I do to protect my websites
- DB – Limit any DB access to local, no network access and especially no internet access to DBs
- Firewall – Limit the ports which can get inside to the reverse web proxy, not to the actual ports where the applications are running.
- Remote – remote access from outside the network is only via key-based ssh or over VPN
- Use non-standard software that doesn’t have millions of users – low value target
- Limit plugins to simple ones so I can review the code
- Stay patched – weekly patching happens on all systems involved
- Stay up to date with released software that is not patched
- Review the server logs daily using summary tools like log watch
- Generally keep up with security issues for the platform and software installed
- Backups – incremental, daily, automatic, full. I can recover any file or the entire server as needed for any day from today to 30 days ago.
- Virtualization used for server platforms. If I do have a hardware failure, the VM can be brought back up on almost any other hardware, provided the VM host/Dom0 runs.
- Run 1 main service per VM. The blog servers don’t do email or vpn or monitoring or …. – they are each single purpose machines. The VM hosts are not available to the outside world.
- Avoid Microsoft solutions for servers – yes, this is a security feature to me
- Block full search engine access
- Perform local analytics – no outside service is used – this is for your privacy too
Anyway, I hope I wasn’t too restrictive on the verbs allowed to pass into this site. Again, if you see issues, please let me know. The script kiddies will need to find another site to bother and someone else’s bandwidth to waste.
What do you do to protect your websites from hackers? Tell me in the comments.
Simple Disk Encryption for Laptops 2
When you have a laptop, you expect to take it with you. When you have a portable computer, the data on it is at higher than normal risk for theft. This means you need to take steps to protect that data. In 2010, the Commonwealth of Massachusetts passed laws that require non-public consumer data be encrypted on disk and networks. Basically, disk encryption is here to stay, but there are some drawbacks. Below I’ll describe why you want to encrypt much of your laptop disk storage, why you probably don’t want whole disk encryption, and the setup that I’m using.
Windows7 Disk Shrinking Drama 1
Just got a new laptop yesterday, but I didn’t like the way that the 500GB HDD is partitioned.
- Unknown (50MB)
- RECOVERY (18GB)
- WIN7 (whatever remained of the 500GB – over 400+GB)
Only a noob would want that partitioning because they simply don’t know any better. Why do manufacturers still do this? Ah – because it is easy. Sorry for the dumb question.
I want:
- Unknown (50MB)
- RECOVERY (10GB – it actually only uses less than 8GB – resize)
- WIN7 (60GB for apps and the OS – resize + move)
- Data (size determined by my backup disk … I’m guessing about 250GB) Much of it will be encrypted, since this is where my VMs are placed.
- Scratch area for local disk backups or snapshots of VMs or …. unimportant temp data.
Ah, if it were only that simple. Below I’ll discuss the methods used to shrink / resize disk partitions and re-align the data so reduce wasted areas on the disk.
VirtualBox on FLOSS Weekly
The FLOSS Weekly podcast did an entire episode on VirtualBox recently. There were some interesting comments in the podcast from the VBox team.
The team believes they are the closest to native for both network and storage virtualization. They recommended a number of specific NICs and how to connect to storage that does not disagree with my Improve VirtualBox Performance by almost 50% article. That was good to hear.
They talked about:
- Oracle’s commitment to VirtualBox
- Virtualization Overview (why, features, security, virtualized hardware, etc)
- Most interesting to me was that VBox supports OpenGL 2.x – that means XBMC should run in a vbox VM.
- Differences between the OSE and PEUL licenses – what is contained in just the PEUL?
- vboxmanage and how 3rd party folks have written some nice tools
- Teleportation (V-Motion like) that does not require identical
- Page-Fusion – shared memory across guest OSes (this was new to me). The intent is to support hundreds of client VMs per server.
- Mac virtualization challenges – it works, but only on Mac hardware due to Apple DRM in hardware checks.
Anyway, find the VirtualBox specific podcast here.
A link to the show notes
By the way, if you are a dentist, FLOSS Weekly has nothing to do with teeth. FLOSS is *F*ree *L*ibre *O*pen *S*ource *S*oftware.
11 Windows Software Programs to Avoid 4
Over the years, we all come across software that we decide to uninstall and never use again (unless forced to do so by a company). I expect that some software on my hate it list is loved by someone. Most of those tools that make it to this list became bloated, lost their core purpose or did something nasty like installed a search bar or some other spyware.
Anyway, here’s my list for Windows.
Why I Use a Linux Desktop 2
Each of us use a computer for various reasons. Some just want a system that works, without any hassle. Most of us want to run specific software, work with specific file types, connect with everyone else, and possibly just do what the people around us are doing to be the same.
I’ll be as honest as I can and put the reasons in order.
When Linux Does Good for End Users
Some of you know that I’m a fan of Linux. Ok, so that is an understatement. Would you like to convert? I’ll help you! Linux lets me do what I want while still providing nearly complete control over the hardware, for free. I like it and I’m shocked when other computer users don’t like it too. In fact, I think that almost every Grandmother should be running Linux these days.
Here’s a story, Linux Experiment Gone Horribly … Perfect, about a tech trying to solve problems with a client’s laptop. After exhausting all other solutions to a virus infected, spyware running, root kit loving Vista install, he got to the point of needing to reinstall Vista, but no reinstall disks were available. The client didn’t have them or any backup. The answer? Ubuntu Desktop 10.04 (Lucid Lynx).
In short, unsophisticated computer users will probably do better with a properly configured Linux system. I’d try Ubuntu, Mint or PCLinux on end users for the best outcomes. All are based on Debian, very stable and work on almost any hardware.
Would you like to try Linux? I’ll help you!