Sunday, August 19, 2012

Ssh!!

One of the things most people hate to do is to type in passwords. Not only could someone be looking over your shoulder, but also the password gets sent where it can be easily monitored. There has to be a better way. A method very much used on 'nix systems (including OS/X) is called the 'secure shell' (ssh for short). You can actually use it on Microsoft systems also, but it requires more than usual extra setup. More about setting up here: (http://www.instructables.com/id/Linux-setup-for-SSH-password-less-login/).

$ ssh typo1
password: _

Anyway, if you are setting up a new system and or recovering from a hard disk crash, setting up the ssh keys to all the servers or systems you log into can be a lot of fun. There had to be a way of automating this process.  The process is usually just three steps. Copy your key to the new server, adding the key to the authorized_key files, and then lastly removing the copied key if need be. So let's make a batch file to take care of this.

Installkey.sh
[code]
# invoke with ./Installkey.sh servername
# copy the key
scp .ssh/id_dsa.pub $1:~/.
# install the key
ssh $1 'cat id_dsa.pub >> .ssh/authorized_keys'
# remove the public key you just copied
ssh $1 'rm ~/id_dsa.pub'
[/code]

Save it to an ascii file.
Enable the shell file
$ chmod +x  Installkey.sh

Run the code:

$ ./Installkey.sh typo1

Now you should be able to log into the server without typing a password.

$ ssh typo1
Linux typo1 2.6.32-5-686 #1 SMP Sun May 6 04:01:19 UTC 2012 i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Debian comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

                     /)
          o                 /' )
                           /'   (                          ,.
                        __/'     )                        .' `;
         o      _.-~~~~'          ``---..__             .'   ;
           _.--'  b)                       ``--...____.'   .'
          (     _.      )).      `-._                     <
           `\|\|\|\|)-.....___.-     `-.         __...--'-.'.
            `---......____...---`.___.'----... .'         `.;
                                            `-`             `

   This machine is for the exclusive use of OE.
   Anyone attempting to gain, or gaining access other
   than as specifically authorized will be prosecuted
   under all applicable statutes plus all applicable
   civil rules for damages.

   ------------------------------------------------------------------------
You have mail.
Last login: Sun Aug 19 05:15:37 2012 from oedt01
$ _

But then I thought, what if I need to do a bunch of servers, even that could be tedious. So let's add some more code. First we need to make a list of the servers we want to update and save them to a file.

servers:
[data]
typo1
oesrvr1
...
[/data]

Now we need to use the original code and add a routine to read the server names from a file. That allows us to just type in one command and do all the servers. If we need to add a new server to the list, you just add it to the servers file. One bit of caution is that if you have run the program before, you do not need to do it again on prepared servers. Rename the existing servers file and start a new servers file.

srvrsshupdate.sh:
[code]
####################################
# Update remote ssh server keys
# by the sysadmin
# date: 08/19/2012
#=================================
# Assignments
# --------------------------------
# servers has list of servers to update (s/b 1 server name per line)
servernamefile="servers"
# end assignments
#=================================
#
# Just do it. (main loop)
#---------------------------------
while read line
do server= $line
scp .ssh/id_dsa.pub $server:~/.
ssh $server 'cat id_dsa.pub >> .ssh/authorized_keys'
ssh $server 'rm ~/id_dsa.pub'
done < $servernamefile
# end of main loop
#==================================
# End of job
###################################
[/code]

Enable
$ chmod +x srvrsshupdate.sh

Run it
$ srvrsshupdate.sh
My desktop bit the dust  After replacing the hard drive, I decided to put a new install of linux (Debian replaced Ubuntu.) You really should not use old ssh keys, so I regenerated a new key and proceeded to update all the servers.

Monday, August 13, 2012

The Amazing Arduino.

Most everyone knows about the amazing Arduino. This integrated circuit much acts like a minimal cpu chip. There are hundreds of uses for it. everything from Sous vide machines, mini-weather stations, game machines, water sprinkler control, and a host of other uses. It is even the perfect platform for making your own robot. The list is never ending. The project originally started in Italy as an open source project and has done nothing but grow exponentially in popularity. This simple 20 pin chip is amazing.

It has become so popular, that several companies have made development boards for the chip (now there are even more advanced versions of the Arduino i.e. Mega.) Fry's carries the Osepp Arduino and Radio Shack carries the original dip version Arduino Uno, but now I think they have gone to a surface mount version. You can also get the chips and the boards from many electronics retailers such as Jameco. Early Arduino unos development boards came socketed, you could easily program your own chips and then use the chips without using the development board. You could purchase the chips alone for under three dollars. Now they are approaching six dollars, mostly because of demand. The boards for the regular Arduino sell for twenty five to thirty five dollars a piece. Still a bargain for what they can do.

For beginners, the development platform is probably the best. Though you can get the chips and a few side parts for under ten dollars and easily build your own on a bread board for testing. (http://www.instructables.com/id/The-RRRRRRRRRRBA-or-What-They-Dont-Teach-You-in-/). You could make a portable video game that could fit in a small candy tin, not including the monitor or hand controls. Did I say monitor? you can even hook up the Arduino to a monitor and or a tv (via an rf modulator). Like from the really old computer days. Hope you did not get rid of that old equipment when the media wanted you to. They are still good to go! There even has been developed a simple basic interpreter, so you can even write your old programs reminiscent of the old Vic 20 days.


Tv/monitor Connections will vary depending on the software you use, but the parts are generally the same. There are a zillion projects all over the net to work from. www.instructables.com has it's own wealthy list. Can not wait to make a pong game. Linux starter instructable: (http://www.instructables.com/id/Ubuntu-and-the-arduino/) . Have already done a prototype of a minimal security system (http://www.instructables.com/id/Arduino-simple-security-idea/)







There are lots of add on boards (known as shields), even for use with ethernet. Almost forgot, there is "free" software that you can download most computers to allow you to program in their own "C" for the Arduino easily. (http://arduino.cc/hu/Main/Software)( It is not, what can you do with it. It is what can you not do with it. Have fun.




Saturday, August 11, 2012

Data mining.(updated).

Ever wished you could get data from a web page without reading the whole web page, or for even just getting data from a server.   One thing I like to do is get the football scores. Find that SI.com and some other sites have so much going on it takes forever to navigate the pages. Not only that, you are subjected to all the ads. Just give me the scores so I can move on. Data mining allows me to do that.  In other words, the computer can be your personal secretary to get all the data you need for your special reports. without you having to do all that hard work and the extra time to be spent.




Written a series of beginner guides for data mining. You can find them at.
http://www.instructables.com/id/Data-mining/

Note:  The football score capturing script works best for the preceding week or earlier in the same season.

Update: Let's take what we have learned already and apply it. Showed you how to extract data to make your own web page and also showed you how to cut and paste data in another article. If you thought the last web page we created was cumbersome to look at, now we will strip out everything but the teams and scores.


This time we are using the scores from week 3 of the preseason. So nice to be able to use the same code over and over. Anyway we just want the teams and their scores. Extracting the data is so simple and then we just paste everything together and it might look like this:


All it took to do that was only a short bit of code.

getscores.sh
[code]
#===================================
# Get score's
#
team=""
team="awayteam"
# output data
lynx -width 1000 -dump "http://oesrvr1/testcode/getscores1.php" | grep $team > scorefile
cut -c 12-25 scorefile > f1
cut -c 37-39 scorefile > f2
cut -c 49-60 scorefile > f3
cut -c 73-75 scorefile > f4
paste f1 f2 f3 f4 > allscoresfile.txt
#===================================

[/code]

$ chmod +x getscores.sh
All for now.

Note: the scrips should work fine on nix based machines, For mswindows, you will want to consider installing cgywin.

Wednesday, August 8, 2012

Yet another, the more you know.

Some stories I will never tell. But, I think this one is ok:

IT (Information Technology) departments have an awesome responsibility to make sure the commercial software they are in charge of does not get abused at least in terms of software piracy (illegally copied). Sometimes it can go too far. Let me say that I did work in IT for more than ten years and it is really hard for me to tell this story. Since I have been on both sides of the fence so to speak.

One semester, I had to teach a class where I was unfamiliar with the software applications to be used in the class I was supposed to teach. I asked the head of the department whether I could get a copy to use at home. She said it would be alright, but just get the IT lab people to do it for me. So far so good. I went to the IT people and asked them for the software. For what ever reason, they would or could not get it for me. I asked if I could get it myself and they said no and that it was so secured that I could not get at it anyway. Time was at a premium and the classes were going to start within days. I did not want to go back to my boss who was already so busy that she did not need any minor issues.

Telling me that I could not get to the software was like waving a red flag in front of a bull. I was determined not to let anything get in the way for me to have the software. Back then, computer programs or software was all in one directory for MS/PC-DOS (disk operating systems). So basically the only issue I had was getting to where the software was on the standalone system. I went over to the campus where I was to teach and surveyed when the computer room would not be used so as to have a good time to get the software I needed.

Back then most IT people prided them self on using very complicated software to be able to use computers. They underestimated what can be done by someone who knows how to use simpler software to do more complex tasks. So the IT team hid all the more complicated software so nothing important could be done on the computer or so they thought. But they left a program called gwbasic.exe generally re-guarded as simpler software where it could be easily seen. I knew this because I looked around the system to see what was available.

Since computer systems organize storage systems into directories it should be easy to find the software I needed. Well the IT people being as smart as they were named the directories with what is known as unprintable characters. So that a user could not easily see what the name of a directory was and therefore could not enter the directory. Sometimes those directories were known as hidden. To get to the directories you have to use what was known as batch files. Batch files were just a set of computer instructions that ran automatically to let users run the software they needed without having to worry about getting into directories.

With a trick I know I was able to stop the batch files with the commands that ran automatically. I then went and ran the gwbasic.exe so I could put in a set of instructions that would read in the batch files with the hidden names and then extract the names of the hidden directories so I could get access at the software I needed. Pretty cool. I had hacked into their system. Since I had prior permission to use and get the software, there were no issues. But I did sort of feel like it was not such a right thing to do even though it was ok. Anyway I was able to get into the directories to get to the software I needed. I then backed up the software to multiple floppies to take home for use on my own system. (I did buy the software as soon as I could).

Now, I had the software I needed and had installed it on my own system where i could develop my lesson plans and lectures. The class was able to go on. I still was a bit upset at having to do that. The IT people should have helped me do my job. In any case, my knowledge about that computer system gave me the power to do what was needed to be done and take care of the students who were our customers. I do not advocate doing what I did, but back then things were a lot simpler. If I had to do it all over again. I would have gone back to my boss to have her resolve the issue.

Later on I did leave a file that the IT people would know was not supposed to be there. In the file I left them a message that their system that was impossible to break, had been compromised. Knowledge is power when it is used to solve problems in the right way. The next time I saw my boss, I think she knew what happened because she just smiled. One last thought, never underestimate the knowledge of your opponent.

Are you static or dynamic? (phone book part II)

Or should I say is your computer's ipaddress static or dynamic. Static means it is hard coded in the system files on a system. Dynamic means you get the ipaddress for a dhcp (dynamic host configuration protocol)  server or the like and it could change at any time. We said in the last article that all computing devices (assuming they are connected to a network) have an internet telephone number or ipaddress. What I did not discuss was how you get that address.

To make things more interesting your router actually has two or more ipaddresses. One is for the internet which is usually dynamic unless you have paid for a static ipaddress through your internet provider and one is for being the gateway (where to point to for accessing the internet) for your local area network is static.  To make things easier, I will only talk about ipaddressing withing a local area network for now.



Your local router usually comes with a standard ipaddress for the local network. You can change it, but it is usually not need to be changed. That gateway address will be some variation of 192.168.1.1 for example. No other system can use that address without causing problems. It is like two people who say they have the same phone number. If you call it, who will answer?  So you want to make sure all ipaddresses are different. That is where dynamic ipaddresses come into play, when your desktop accesses the network  router which usually acts as the dhcp server (if properly set up) will assign you that is your computer an ipaddress. In fact, it will keep a list and make sure everyone getting a dynamic ip address are not conflicting.

But, you are going to need systems that do not change their ipaddress for stability purposes. This is especially true in the case for routers, servers, printers, and etc.  Your router for a network that can have up to over 240 ipaddresses to deal with will set aside at least 100 addresses that are not used for dynamic addresses. That way the dhcp server does not  try to duplicate already static addresses.


Some routers may only allow only 50 dynamic ipaddresses or internet telephone numbers. Just depends on how it is set up. So what do you get with a dynamic ipaddress? You get the ipaddress of course. You are told what the gateway is, What computer will act as a telephone operator (aka dns - domain name server) to look up computer names and translate them into ipaddresses, what your network is, and etc. All that happens in a moments notice. Your system is known to use dhcp in this situation. A linux network configuration file for a system that used dhcp is very simple. For example from the file /etc/network/interfaces you might see:

auto eth0
iface eth0 inet dhcp

or from the gui you might see:
 
 
 

Which means take your network card know as eth0 (short for ethernet0) is set up automatically to start and then get the ipaddress via dhcp. For static system, it gets a little more involved since a static addressed system does not get any information from the dhcp server. In the file /etc/network/interfaces you might see:

                      auto eth0
                      iface eth0 inet static
                      address 192.168.1.31
                      network 192.168.1.0
                      netmask 255.255.255.0
                      broadcast 192.168.1.255
                      gateway 192.168.1.1

or you might see from the gui:



There is the gateway and the other things I mentioned is needed. Every operating system is different so will not see exactly the same thing but it should be similar in some way. In most cases if everything is working DO NOT CHANGE ANYTHING! That is especially true in a business environment.  All this just for an internet telephone number aka ipaddress.  Your router can keep your ipaddress list both static and dynamic, but it would be a good thing to keep a list of all the information on the static ipaddressed systems, in case you need to set them up again. Also keeps you from duplicating addresses  and avoid a lot of headaches. Worked in an environment of over two thousand systems. You want to have that list.

As I said in the last article,  you may want to segregate the ipaddresses for your equipment. For example:

192.168.1.1 - 192.168.1.30 would be for routers.
192.168.1.31 - 192.168.1.75 could be for servers.
192.168.1.90 - 192.168.1.99 could be for printers,
192.168.1.100 - 192.168.1.254 would be everything else. 
Easier to tell which equipment has failed by ipaddress. You know where to access the equipment in a hurry.

One other configuration I just want to briefly mention is that based on the mac address, any system can either be allowed in or prevented from getting an ipaddress on the net.  Good reason to be extra nice to network administrators. Probably enough about ipaddresses for a while.

Monday, August 6, 2012

Your local network telephone book.

We need a way to know what device (i.e. computer) is what and or who. That is why we need an internet telephone book. The internet is in some ways still is like a telephone network. You can key in the phone number of someone to call or you can use the phone book to look up their phone number. The internet is sort of the same, but now the directory assistance is built in so to speak. The internet uses an internet protocol address instead of a phone number, to identify which computer is which,

The Google internet protocol address is: 173.194.64.106 in this case.

Computer directory assistance:

$ nslookup www.google.com
Server:        x.x.x.1
Address:    x.x.x.1#xx

Non-authoritative answer:
www.google.com    canonical name = www.l.google.com.
Name:    www.l.google.com
Address: 173.194.64.147
Name:    www.l.google.com
Address: 173.194.64.105
Name:    www.l.google.com
Address: 173.194.64.103
Name:    www.l.google.com
Address: 173.194.64.104
Name:    www.l.google.com
Address: 173.194.64.99
Name:    www.l.google.com
Address: 173.194.64.106


$ dig www.google.com

; <<>> DiG 9.7.0-P1 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24576
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.            IN    A

;; ANSWER SECTION:
www.google.com.        538147    IN    CNAME    www.l.google.com.
www.l.google.com.    248    IN    A    173.194.64.106
www.l.google.com.    248    IN    A    173.194.64.103
www.l.google.com.    248    IN    A    173.194.64.147
www.l.google.com.    248    IN    A    173.194.64.104
www.l.google.com.    248    IN    A    173.194.64.99
www.l.google.com.    248    IN    A    173.194.64.105

;; Query time: 12 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Nov 24 19:28:07 2011
;; MSG SIZE  rcvd: 148

If I typed in  the Google's internet address, I would be able to get to their site. To remember all the internet addresses you might want go to is an extraordinary task. So the internet has directory assistance built in. I just used Google's web site name to get to their site. That is, it goes to a DNS (Domain name server is an internet equivalent of directory assistance) to translate the website name to an internet address and then your browser goes to that numerical address. It usually happens so fast that you may not realize what is going on. Since we will not access the real internet, so for our intranet we will be setting up a crude form of directory assistance of your own. That is unless you want to remember all the numbers.

One last detail:
Like the phone book, the names are listed in a certain way. Usually the last name and the first name. for the internet, this is an over simplification, but the websites can have two or more parts.
www.google.com breaks up into:

www -  world wide web
google - the name of the domian
com- the type of domain it is. .com is a commercial site usually.

Other extensions:
org - non-profit
gov - governmental unit, and etc.

More info at http://en.wikipedia.org/wiki/Domain_Name_System

Your computer also has it's own telephone book. It us generally known as the hosts file (lmhosts on some systems). They basically have the ipaddress and the host name. So if you wanted to add to your telephone directory, you would have to go to every computer and add the information manually.  Generally you have one ipaddress for each host. Typical examples of hosts files you might run into:

For Windows XP or for Windows Server 2003
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
 
For Windows Vista or for Windows Server 2008
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost
 
For Windows 7
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost
 


ForMac:

127.0.0.1 mydevsite.local
192.168.1.222 ads.shadycompany.biz
 
For Linux:
 
127.0.0.1 localhost
127.0.1.1 oedt01
192.168.1.31 oesrvr1  www.thesoftserv.com www.thefoodhistory.com 
 www.myposgarage.com www.ohmygalleries.com www.misslizziesworld.com www.oesrvr1.com 
 www.yourdrsmedicalrecords.com www.meetthekentgeeks.com www.theeddiesplace.com 
 www.theeddiestable.com
192.168.1.120   oesrvr3
192.168.1.106 typo1
192.168.1.99 printer
192.168.1.115 oedt01
192.168.1.110 robopet
192.168.1.127  oemsrvr01
192.168.1.128 texttop

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 

For the most part all of the hosts files are alike. In the Linux file we see quite a few hostnames associated with one ipaddress. Why? oesrvr1 is a web server and has several hostnames to support. This is typical of a web server having virtual hosts. The web server will direct you to the correct web page based on the url, you have typed in. Oh yes, I said there was an easier way to keep up with the computer's phone numbers. Generally you do not want the to have your local phone numbers in the big internet phone book. Most commercial home routers have the ability to keep your local internet addresses saved. That way you do not have to list the ipaddresses aka internet telephone numbers on every computing device. You also do not have to memorize the ipaddresses either. Just go to the services tab (if you are running DD-wrt) or the equivalent and you can enter in the information for your equipment.




You need to know one more piece of information to do this. You need what is known as the Mac (media access control) address. Nothing to do with Apple computing, though their computers also have these addresses.  Every network card or device get assigned a unique number so that you can tell what type of network card you are using is.  Just go to your network icon and get the properties. You can also get the same information from the command line by either using ipconfig or ifconfig depending on the system you are using. Sometimes the mac address is known as the hardware address (HWaddr). The format is usually six sets of two numbers with a colon to separate each set of two hexadecimal numbers . I have used a fake one here.

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.1.115  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:375639 errors:0 dropped:0 overruns:0 frame:0
          TX packets:244524 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:503291368 (503.2 MB)  TX bytes:26630166 (26.6 MB)
          Interrupt:18 Base address:0xb000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5216 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5216 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:591225 (591.2 KB)  TX bytes:591225 (591.2 KB)
Your router will generally have an input screen asking for the mac address, the hostname you want to use, and then the ipaddress you want to use.  On a home router, you will need to know the network you are on. Generally it is the first three numbers of the ipaddress. Actually it is more complicated than that, but you can research it.  For the address of this unit 192.168.1.115,  192.168.1 is the network. Your router will have this information.  In this what is known as a class C network, you can use addresses 2-254 for your devices for the fourth number. If you have more than 250 devices, you probably need more sophisticated networking equipment.

I would go to the router and use (enter)
Mac address: 00:ff:e1:35:b4:c3  
Host: oedt01
ipaddress:  192.168.1.115 

Save that information in the router. That means next time anyone can use oedt01 to address that machine instead of having to remember 192.168.1.115.

What if I wanted to know someone elses mac address such as texttop? On a linux machine:

$ ping texttop
PING texttop.homelinux.com (192.168.1.128) 56(84) bytes of data.
64 bytes from texttop (192.168.1.128): icmp_req=1 ttl=64 time=0.594 ms
64 bytes from texttop (192.168.1.128): icmp_req=2 ttl=64 time=0.284 ms
64 bytes from texttop (192.168.1.128): icmp_req=3 ttl=64 time=0.273 ms
64 bytes from texttop (192.168.1.128): icmp_req=4 ttl=64 time=0.247 ms
^C
--- texttop ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.247/0.349/0.594/0.143 ms

eddie@oedt01:~$ arp -a
texttop (192.168.1.128) at 00:32:d5:3c:b1:22 [ether] on eth0
textserv (192.168.1.1) at 00:42:28:5b:22:ac [ether] on eth0


You could then take the mac address (00:32:d5:3c:b1:22) and go to http://www.coffer.com/mac_find/ and find out what kind of network card they are using. For instance Dell computers have used 3Com cards a lot. Where I used to work, people would like to come in and use our network for their own purposes. On a network, a computer known as the DHCP server keeps all the information about what is connected. Since we only used one kind of network card, it was easy to see who was definitely not supposed to be connected to the network. They were investigated quickly. You will want to keep a list of all the connection information of your computers and devices for security reasons.


One last hint, you may want to segregate the ipaddresses for your equipment. For example:

192.168.1.1 - 192.168.1.30 would be for routers.
192.168.1.31 - 192.168.1.75 could be for servers.
192.168.1.90 - 192.168.1.99 could be for printers,
192.168.1.100 - 192.168.1.254 would be everything else. 

Easier to tell which equipment has failed by ipaddress. You know where to access the equipment in a hurry.

Update:

You can also block sites from being accessed with the hosts file.  127.0.0.1 is the address for your local computer. So when an address of say www.facebook.com is associated with the local host and then accessed, it will bring you back to your local machine. Good way to keep people off unwanted sites. In fact, you can down load a list of sites that are generally not good for your system at: (you will have to modify it for your needs).

http://winhelp2002.mvps.org/hosts.txt

Sunday, August 5, 2012

More computers without new hardware.

Several computers for the price of one. You can not beat a deal like that. Actually you will still have only one computer but we will use the power of the system to allow it to run what is known as virtual machines or computers within a computer. Actually this has been done for a long time, but only now is the general community starting to take advantage of it.



A little history first. It used to be if you wanted to use more than one operating system on your computer, you had to do what is known as dual or multi-boot. You had more than one operating system you could use, but only one at a time. Remembering when I was a tech, the college I was working for wanted to get rid of their unix server. They wanted each student to have their own  'nix system to work with. So we took a machine with already installed Microsoft product and squeezed in Linux operating system install. Linux was going to be taught to get to know Unix. When the students started up the computer for their access, you had a choice of Redhat 7 (original version prior to Fedora) and the Microsoft product. Dual boot systems can be a bear to support, though now it is a lot easier with Grub2 (booting software).

One real killer in this is that Microsoft is requiring software on newer equipment to boot the computer that will severely hamper running other operating systems.  They say it will make the system more secure. Microsoft software seems to be the only software that needs it so far. Linux and other operating systems are robust enough not to need it so far. Many people think this is just a ploy to lockout competitors. If an operating system worked correctly to begin with, the special boot software would not be needed.

Moving ahead, operating systems developers saw the need to run more than one operating system (virtual machine) at once and avoid all the dual booting. Newer more powerful computing equipment aided in making virtual machines much easier. There are a quite a few products such as VirtualBox and Qemu to accomplish this.  General you will have a program that acts as a director. That means your computer will be a host to other operating systems.


 

One advantage of  having the virtual machines is that you can experiment with new software. You might want want to experiment with Linux without having to redo or reinstall your computer. The director allows you to use a file as if it was a disk partition on your system. That way can make multiple copies of the file. If you destroy one copy for what ever reason, you can easy just use another copy. As for my self I will set up a virtual machine of a new version of Linux or a Microsoft So see how well they work with existing software. As a tech, I had to install software for students to use. Every time a new version of  Microsoft operating system came out, quite a bit of the existing software no longer worked. With a virtual machine software could have been tested before installing the new operating system for production, And on the other hand we could of used the virtual machine to keep using the existing software running till updates could be installed to solve problems.


Another advantage of having virtual machines along the same lines is that you can set up a sandbox. A sort of virtual machine play area where you can experiment installing software. See what the issues are. You can use them for dealing with testing and finding solutions for malware. In fact a lot of people use a sand box to get on the internet. On servers , they are also known as jails.  So if malware destroys the virtual machine, the host system is not affected. They also can be done for computer forensics. You want to know what has been done to a machine by a specific person or persons. A picture or copy if you will of a users hard drive is loaded into a virtual machine to collect evidence of a possible crime. That leaves the original machine undisturbed and intact in case other investigation work needs to be done.

 

 Where some real advantage can come into place is with servers. You do not have to have all the software on one server. Sometimes software can cause conflict, so if I can have a virtual machine for specific purposes such as one for a mail server, one for a web server, one for a media server, and etc. You can update fix issues on an individual servers without affecting the rest.That means less downtime.  On big issue with running virtual machines is the amount of memory you need. The fancy mouse environments (GUI - graphical user interface) take up a lot of space (aka ram). If you can run a server well as any computer without the GUI, you are at an advantage, You can then run more virtual machines on the same amount of hardware!  More return on investment.

Sometimes the gui-less environment is called the command line. Linux, Unix, BSD, Novell, and a host of other operating systems have done this all along in being able to run without a gui. The command line makes remote access so much easier. You can control a computer from half way around the world with just a keyboard. Microsoft prided themselves on having an environment for using the mouse. Even they have allegedly relented and their new servers will be able to be operated from the keyboard only.  System administrators have a joke about the gui-ed environment when they want people to become part of their team. "Mouse jockeys need not apply!"



We have no problem with the gui environment, but it is so much easier to document, let computers control themselves with batch/shell files, and the ability to use reduced resources. Ironically, not so long ago when the gui environment first became available, people screamed bloody murder about have to use a mouse and how it slowed them down. Here we come full circle again. Reminds me of the dos days.


In any case, have talked too much. Just wanted to give a blurb about virtual machines. By the way, you can combine the gui and the command line to make things so much easier. Cut from a web page and paste in right into the command line. Heaven.

Thursday, August 2, 2012

Wanna Stream? (updated).

Traditionally if you wanted to use multimedia content, you would download the media and then play it with a local program. That is all fine and well, but what if you have several systems such as the ps3, xbox360, Roku, and a host of other devices. Instead of copying the files all over the place, we can use a server and keep the media all in one place.


One way to serve the media is to use what is known as upnp. This protocol now comes pretty standard on most servers. Think that Roku uses something called Plex, Plex can also be installed on traditional servers last I looked. What usually happens you point your device to the upnp server and the server will list the media files for access. Pretty nifty!



Don't usually have much video to store, but lately I have been downloading quite a few files. Wanted a way to take advantage of upnp. We use XBMC to view or listen to media. Xmbc will even go to the internet to allow you to view video. We also make our own videos that we would like to access. Now to decide what to use. As I said most servers now support upnp.  We have a file server that uses Freenas. It is perfect place for us to store all the videos.


Time to traverse the intranet to see what the freenas server has. Forget what I called the system. No problem as I have a couple of programs that will find the system for me. Let use see what computers are up on the net and then see what IPaddresses (internet telephone numbers) are listed in the router's phone book, Source code for the programs is available.

$ pingall.sh
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=0.557 ms
64 bytes from 192.168.1.99: icmp_req=1 ttl=255 time=5.12 ms
64 bytes from 192.168.1.115: icmp_req=1 ttl=64 time=0.073 ms
64 bytes from 192.168.1.128: icmp_req=1 ttl=64 time=0.525 ms

$ nslookup.sh
1.1.168.192.in-addr.arpa    name = softserv.
10.1.168.192.in-addr.arpa    name = router2.
20.1.168.192.in-addr.arpa    name = router3.
31.1.168.192.in-addr.arpa    name = oesrvr1.
98.1.168.192.in-addr.arpa    name = printerland.
105.1.168.192.in-addr.arpa    name = oeorgan01.
106.1.168.192.in-addr.arpa    name = typo1.
115.1.168.192.in-addr.arpa    name = oedt01.homelinux.com.
122.1.168.192.in-addr.arpa    name = chumbino.
125.1.168.192.in-addr.arpa    name = amd800.
127.1.168.192.in-addr.arpa    name = oemsrvr01.
128.1.168.192.in-addr.arpa    name = freenas.homelinux.com.

Freenas there it is. "128.1.168.192.in-addr.arpa    name = freenas.homelinux.com"  I'll just use the ipadress to save typing.
 Logged in.

Ok now I can log in.  We want to add the service for having the server deliver content to media clients.  There it is upnp.


Let's click the enable button and then add the additional required information.  Most all upnp servers will require this same information. What do we want this system to be know as on the network?  We can use the default port of 49152. Where do we want to keep the listing of files of what iis on the server. Usually you want this separate from the files themselves for more security.  Where do we want to keep the files on the server?  Yes we probably want transcoding. in other words we want the server to make the media content ready for what our media devices can handle. Etc. etc. We can push the save and restart the server button. (Make sure no one is use the server when you do this or they could lose data.)


That was easy. No cryptic commands to type in. You just point clock and add a little information. Now just go back to your streaming device and choose the server for the media you want to access.



Have fun!

Note: the latest version of Freenas is version 8. We are running the server on an old Pentium II with Freenas 7 which is good enough for our needs. You will want to use something newer in terms of equipment. IF you have one of the recent off the shelf from a retail store nas units, they should have support for upnp and maybe eve Firefly.




Update:

Another popular streaming protocol is Daap. This is generally used with devices that support itunes. You can can actually get this software for the major platforms (OS/x. MSWindows, Linux, generic java client and etc). I.e You need to stream to your Apple Idevice, all you need is Firefly. It is also known as MT-daapd. There is now a newer version that not only  serves music ,but also supports other media. One thing I like about mt-daapd is that you can use a low resource machine to run it under linux.



One other server of which I have no experience is the Soundbridge server from Roku. There is plenty of information on the net. One aside though, XMBC can be  a server as well as a client.

Normally you play music on the local machine. There is a music server called mpd where you can have speakers on the server running mpd and control it remotely. So you can use an old pc like a remote control stereo. Control it either from another computer or even a touchpad. This is really special if speakers are at a premium or you only want one audio source.



Wednesday, August 1, 2012

Raspberry Pi to get Android 4.0!


Raspberry Pi to get Android 4.0 Ice Cream Sandwich (popular touchpad operating system) .  Talked about the Raspberry Pi (SOC or system on a chip computer) before in an earlier article. According to several news sources such as  http://www.zdnet.com/raspberry-pi-to-get-android-4-0-ice-cream-sandwich-7000001980/.  Although Icecream is not the latest version of Android, it is still new enough to be very viable. Hopefully Android version 4.1 will be available soon.


What is really interesting is that you can already run an optimized version of Debian linux (http://www.raspberrypi.org/downloads) on the unit. With a composite video out port, you can connect it to most portable DVD players (with composite input) or older composite monitors. That means you can have a computer for under fifty dollars.  Since you can easily strap the Raspberry Pi behind a portable dvd player or a low cost portable touch screen, it as a home made touchpad will be surely competition for all the commercially sold  touchpads out there costing hundreds of dollars.  Stay tuned!

Update: As someone reminded me, you can make your own tv set top box and use the software you like. You can even modify it the way to work the you want. Roku and the rest could be history soon.

Note: we are on the waiting list to get a unit. Review and hacks are coming.

The more you know or a McGuyver moment.

 

Years ago, back in the late 1980′s I taught two short stints in the state prison system for a nearby college. One summer I was to teach basic computer programming on the Commodore 64 computer for a summer semester. By today’s standards, the C=64 as it is commonly known as is an obsolete relic. Actually back then, they were on the way out also.

The semester went along fairly smoothly and I was beginning to enjoy the semester. The inmates were fairly sociable and behaved well. That probably would not be so true now. As you could not get me back in there for any amount of money. Anyway, one day a student accidentally locked up the computer because the program he wrote when he ran it failed in some way. The student/inmate became very agitated and upset because he declared he had lost all his work. Of course fear tends to multiply and the whole class started in the same mode of hysteria. I was beginning to feel uncomfortable and nervous.

I went over to the students computer and said everything I could to calm him down. On the old C=64 you could reset the machine without losing all the work, but you still had to type in a command to keep the program. Fortunately I knew this trick from being in that same situation once before. Everyone was watching with anticipation to see what would happen next. I pulled out a paperclip and reset the machine. Something that was not really recommended, but it was better than any alternative that might happen to me. Then I typed the code to keep the program. Then I saved the program to the disk drive. I asked him to re-save his program so he would feel more at ease. He did that and went back to work again on his program fixing his errors. Fortunately everything went back to the usual calm. It took a wee bit longer for my heart to stop racing.

Of course everyone who had been watching in anticipation asked me how to do it. I made some excuse not to explain so that the equipment would not get damaged and to not make a habit doing it. After that they were like putty in my hands. The rest of the semester went smoothly. Sometimes knowing what seems to be unimportant things can save your life. Being a hacker is not so bad sometimes.