JDPFu.com 2025

Get the free ebook/PDF from Microsoft’s site about being secure online Microsoft is sponsoring the ebook, it is not written by them.

The first download in the list appears to be the complete ebook, so there’s no need to grab each chapter. It is in PDF, so be certain you have a non-Adobe PDF reader program. We don’t like Adobe stuff here due to security concerns.

Updated 12/2014:
Jump to the bottom of the article to see the updates.

People new to Linux or UNIX often don’t understand that built into the GUI system is a way to remote into pretty much any server in the world and have a program running on the remote machine, but displayed back on your Linux desktop. It is built in and has been for 30+ year of X/Windows. It doesn’t matter if you use Ubuntu, Redhat, Solaris, AIX, or if you use Gnome, KDE, XFCE, MWM, TWM – this solution is at a lower level. If you have a GUI on Linux or UNIX, it is built in and actually works really, really well.

Remote Applications over the WAN

Where to download the latest vSphere Client?

I just spent the last 90 minutes hunting the vmware.com web site for the latest x64 Windows7 vSphere client. VMware has lots of things you can download prominently displayed … just not the latest vsphere client.

It still bothers me that I’m required to run MS-Windows to use the mandatory client.

In the end, I had to select a new download of ESXi, agree to give my first born to them, sign a contract, then they showed a list of about 5 more downloads – including the damn vsphere client that I wanted. While I was there, I grabbed the 4.0 to 4.1 ESXi upgrade package.

For the last 2 years, ESXi has been rock solid … until about 10 days ago. That’s when a 32-bit Linux VPN server stopped responding. The other machines are available and working, just that one is not. Got an error trying to use the v4.0 vsphere client to connect.

The error that the old vsphere client, v4.x, displayed was error parsing clients.xml This error happened on both x64 and x32 machines running either Win7 or WinXP. Basically, only the unsupported ssh login was available. According to the google results, a new vsphere client will fix everything. I hope it does.

I can’t wait for KVM to be as good.

I’m guilty of oversimplification. We all are. I say that I run Linux. That isn’t really accurate, but it is short and only people in the know really understand what that means. Below I’ll attempt to compare a few well known operating systems to an automobile and the parts inside it.

OS to Vehicle Comparison

I’ve picked 1 specific version of a vehicle, Linux OS and Windows OS to use for comparison.

Part              Vehicle                  Linux                         Windows

Total Name        Ford F-150 Truck         Ubuntu 10.04 x32 Desktop      Microsoft Windows7
                                                                         x32 Home Premium

Engine            Ford V8 4.4L Diesel      Linux Kernel 2.6.24-28        Kernel.xyz build 
                                            No direct access to the      number xxxx. No 
                                            kernel without helper        direct access to  
                                            programs.                    the kernel without 
                                                                         helper programs. 
                                                                         The kernel 
                                                                         provides services
                                                                         to other programs.

Outside Bling     Paint, chrome, flashers  Gnome 3.x, customized GUI     Windows Desktop 
                                           running on top of X/Windows   Program / Explorer 
                                           and a _Window Manager_ like   (1st instance only)  
                                           xfce, fvwm, Icewm ... *wm     This is the GUI - 
                                           Other examples of _Desktop    Start Menu, etc.
                                           Environments_: Gnome, KDE, 
                                           LXDE, XFCE. DEs are a 
                                           convenience and not 
                                           necessary.

Raw Controls      N/A, but directly        GNU CLI programs - ls, df     CMD.EXE and a 
                  controlling the throttle  du, and thousands of         limited set of 
                  with a pair of pliers is  others. Example UNIX         programs - dir, 
                  an example.               "Shells" are bash, sh, csh,  scandisk, chkdsk, 
                                            tcsh, ash, zsh, etc...       nslookup, net use, 
                                                                         route. Any program 
                                                                         that doesn't have 
                                                                         a GUI.

User Control Sytm Steering wheel,          CLI interface                 CLI interface 
                  instruments, peddles,    OR                            (mostly unused) - 
                  gear shifter, radio, etc GUI xfaces                    the old DOS-style 
                                                                         interface
                                                                         OR
                                                                         GUI controls like 
                                                                         Control Panel

On this website, 58% of the Linux users are running 64-bit operating systems. I’m just sayin’ 64-bit is mainstream. Vendors need to understand that.

If software works on OSX, which is 64-bit, then it can work on x64 Linux too. When programs don’t work or aren’t released on 64-bit systems, that means their developers are writing crap code.

What you need to know to be network secure on your computers when on public hotspots (or anywhere that is not your work or home network).
The How To Geek wrote a comprehensive article.

These guys did an excellent job covering everything you should know. My only complaint about the article is they didn’t stress how important a VPN is for secure network use when in the wild. Use a VPN – ALWAYS. A VPN is a Virtual Private Network. If you want to know more, use google.

Below I’ll go into more detail on my concerns and the steps to setup a VPN on your home network, so you can secure your network access from almost anywhere in the world.

Yesterday, I took a look at the missing URL statistics for my blog and saw lots of attacks to phpMyAdmin. That’s sorta funny since I don’t use that tool and if I did, it wouldn’t be available publicly. When I say lots of phpMyAdmin attacks, I mean hundreds with every possible way of spelling it and every possible version listed. Certainly, these are scripts, but still they are many hundreds of attempts. My little blog isn’t THAT popular and it is non-commercial. You don’t need an ad-blocker here and most of the website works just fine without javascript enabled.

Anyway, I’ve added a reverse proxy filter to my web cluster that will prevent undesired requests. I’ve always had a reverse proxy, but never bothered to filter anything except PUSH size to this point. If something seems to be broken, please let me know, since I could have missed a few needed allow rules.

Between the blog spammers and random attacks, it sorta makes me wonder how many counter measures the average blogger installs and uses to pro-actively protect their work. Do you review your logs?

I did see that someone had a sense of humor in their attacks …

/oh.hey.there.how.you.doin

Here’s what I do to protect my websites

• DB – Limit any DB access to local, no network access and especially no internet access to DBs
• Firewall – Limit the ports which can get inside to the reverse web proxy, not to the actual ports where the applications are running.
• Remote – remote access from outside the network is only via key-based ssh or over VPN
• Use non-standard software that doesn’t have millions of users – low value target
• Limit plugins to simple ones so I can review the code
• Stay patched – weekly patching happens on all systems involved
• Stay up to date with released software that is not patched
• Review the server logs daily using summary tools like log watch
• Generally keep up with security issues for the platform and software installed
• Backups – incremental, daily, automatic, full. I can recover any file or the entire server as needed for any day from today to 30 days ago.
• Virtualization used for server platforms. If I do have a hardware failure, the VM can be brought back up on almost any other hardware, provided the VM host/Dom0 runs.
• Run 1 main service per VM. The blog servers don’t do email or vpn or monitoring or …. – they are each single purpose machines. The VM hosts are not available to the outside world.
• Avoid Microsoft solutions for servers – yes, this is a security feature to me
• Block full search engine access
• Perform local analytics – no outside service is used – this is for your privacy too

Anyway, I hope I wasn’t too restrictive on the verbs allowed to pass into this site. Again, if you see issues, please let me know. The script kiddies will need to find another site to bother and someone else’s bandwidth to waste.

What do you do to protect your websites from hackers? Tell me in the comments.

When you have a laptop, you expect to take it with you. When you have a portable computer, the data on it is at higher than normal risk for theft. This means you need to take steps to protect that data. In 2010, the Commonwealth of Massachusetts passed laws that require non-public consumer data be encrypted on disk and networks. Basically, disk encryption is here to stay, but there are some drawbacks. Below I’ll describe why you want to encrypt much of your laptop disk storage, why you probably don’t want whole disk encryption, and the setup that I’m using.

Just got a new laptop yesterday, but I didn’t like the way that the 500GB HDD is partitioned.

• Unknown (50MB)
• RECOVERY (18GB)
• WIN7 (whatever remained of the 500GB – over 400+GB)

Only a noob would want that partitioning because they simply don’t know any better. Why do manufacturers still do this? Ah – because it is easy. Sorry for the dumb question.

I want:

• Unknown (50MB)
• RECOVERY (10GB – it actually only uses less than 8GB – resize)
• WIN7 (60GB for apps and the OS – resize + move)
• Data (size determined by my backup disk … I’m guessing about 250GB) Much of it will be encrypted, since this is where my VMs are placed.
• Scratch area for local disk backups or snapshots of VMs or …. unimportant temp data.

Ah, if it were only that simple. Below I’ll discuss the methods used to shrink / resize disk partitions and re-align the data so reduce wasted areas on the disk.

For the last few months, X/Windows has locked up without warning on one of my fastest systems (Core i5). This is very unusual. I’ve run Linux systems for over 17 years and X has never been this bad. Never. About every 3 years X/Windows would lockup, but it has happened at least every 4 days for the last 2 months. Killing the Xorg process doesn’t work. That X process is using 100% of a core for multiple hours. It never recovers. The GUI is locked, but remote access from other systems works as do the background processes. Still, X can’t be killed, only a remote reboot brings the X-GUI back.

I don’t use Gnome or KDE. I’m running LXDE on Ubuntu Server x64 !0.04 LTS. It is patched weekly.

It sure would be nice if Ubuntu had not disabled the cntl-alt-backspace keystroke to kill the X-Server, wouldn’t it?

setxkbmap -option terminate:ctrl_alt_bksp