Friday, September 28, 2012

What's on your network?

Ever wanted to know what is on your network graphically? There is a program that works on most platforms that support the java gui. Your best chance to document your home network. The program is jNetMap. The java version seems a lot more stable now. You can find it on sourceforge.net You can start up the the program very easily from the command line with (if you have java installed):

$ java -jar jNetMap.jar

or 

C:\> java -jar jNetMap.jar

The instructable: http://www.instructables.com/id/Map-your-network-visually/
has more information also.

Once you run the software on your network and scan for devices, you can get a roadmap of what is there. What is really neat about it is, you can see what devices are up or down on the network and it makes trouble shooting easier. You can also see rogue devices on the network also that need to be investigated.


You can use the mouse to move all the icons around to make the map more readable. You can even add notes to define where equipment is.  Green lines suggest a good connection. Red and yellow lines indicate problems. In the case of Test_server, it is not even connected to the network, but we include it the map so that we know we have the hardware.



Here is another snapshot after I shut down a few systems.  You almost look like you have a live picture of the network. You can impress your friends of how you do systems administration. Run the program (with permission) over at someone else's place and see what you get.

Thursday, September 27, 2012

Change your password.

Years ago before the internet, all communication was done over phone lines. You had to have a device that would allow your computing equipment to talk to each other such as a modem. Say a finance company employee would dial up the credit bureau computer, wait for a modem tone and then place the headset into what was known as an acoustic coupler (early version of a dumb modem aka modulator/demodulator unit).  Once connected the employee could type characters on a teletype device that was connected to the phone line for a name and password. Then to eventually get information about potential customers (i.e pull a credit bureau).

The teletype machine had many fancy looking character keys on the keyboard. So that typing in the user name and password would seem very complicated. Computers only deal with ones and zeros. So the teletype machine had to translate when a key was pressed into a number that could be sent over the modem. At the time there was sort of a standard known as ASCII (American standard code for information interchange).  See http://www.asciitable.com/ for an example.  That means if you typed and upper case "A",  the number 65 would be sent to the credit bureau.  Actually the number 01000001 or sixty-five in binary would be sent and then translated at the other end as an "A".  The same sort of sequence would happen even when the funny characters were sent from the keyboard.

Sales of the special teletype and it's keyboard were regulated. One would think that unless you had that keyboard with those funny characters  that no one could log into the credit bureau and pull information with or without permission. There seemed to be a false sense of security with that particular system. Normally, the teletype machines came with a manual that explained what numbers were being sent when a key was pressed. You could get the manuals through other means, Sometimes this was known as a ascii code table or list. The technology was so new it was thought that no one could repeat the process. The credit bureau computers did not care what characters (aka ones and zeroes) they received as long as they were the right ones for the logon to their system.

About the same time, home computers came along. They had keyboards too, but without the fancy keys. One would think that connecting to the credit bureau via modem from a home computer would not allow the credit bureau to be accessed. Actually, you could program the computer to send the right ones and zeroes if you knew the ascii codes from the teletype manual and the actual login and passwords.  If your teletype machine went down, you had a way for access without the need for the teletype machine. Back then, no one ever really changed passwords even if an employee left a business such as the finance company.  So an unscrupulous former employee could also access the credit bureau on their own with a home computer properly set up. Not good.

With today's internet, the same kind of situation can arise with change of employee leaving a company for whatever reason or even  someone monitoring a company's communications for logins and passwords can get the information they need to do illegal acts.  Just because the technology is new does not mean it can not be duplicated in some way. You can do what is known as encryption to help keep logins and passwords secure. Also some companies use what is known as multiple authentication to aid communication security. The most important way is to change logins and passwords regularly to keep systems secure. Some companies require change of passwords on a regular basis. 

Having done tech support for many years, I know that many employees do not want to bother with passwords much less logins at all. So having to change passwords at a regular interval is like a blasphemy to them. You have to instill the need for security with articles like this to raise their awareness of the issues to prevent problems. Cyberwars (en.wikipedia.org/wiki/Cyberwarfare) on both business and personal computer systems is a reality we can not ignore. Change the passwords........

Not advocating this in any shape or form. For informational purposes only to know what some one is up against. Note: This video was deleted....

Home media streamers.

Home media streaming devices are available everywhere from about fifty dollars to upwards of two hundred dollars. They all vary to which video services they support. Even then you may have to pay extra for some services up and above what you pay your internet service provider. Aka hidden costs. There are several shortcomings and advantages for all the units. This is really not a detailed comparison of the units, That changes so often, almost impossible to document.


The first gripe I have about the media streaming devices is that you have to have an umbilical cord to the internet for the units to be usable. Even Roku requires a special application to be used for compatibility with the MythTV project.  MythTV is for the most part an open source computer based DVR. Maybe that is why AT&T now offers a free DVR (read the fine print) to combat such projects. If you have to have an umbilical  cord on the units then your use of it (i.e what you watch and etc is not private). What I watch (especially the videos we made ourselves) should be none of anyone's business.

The second issue I have, is that if you modify the units in any way, you will be read the riot act under some obscure and unfair law such as the DMCA.  So you really do not own the unit. You are in effect just renting it. What really hurts is that the units were based on open source software. Kind of two faced to say the least.  Eventually, because the unit is locked down to insure the software can not be upgraded for your own use then you can not use the unit for anything else. It becomes a paperweight, An exception to this is Boxee, but the price of it is more than just building a low powered pc and installing XBMC (could become proprietary vary soon).

Along the same lines is units such as as the Appletv are also proprietary but Apple has not yet seen to stop the alteration of the units from being modified to run such software as XBMC. But they could do like Sony did with the linux option on the PS3 and lock it out. So again the unit is not yours to use as you see fit as it is just a rental. Apple seems to have a tendency to obsolete it's products whenever they need a boost in the pocketbook. That seems to be generally true of all the makers of the home media streamers.  I will say one thing is that the Appletv is competitively priced where in my opinion their computers are not.

After all this, what do you do?  The simplest way is to get or build a micro pc and install software such as xbmc or a Mythtv frontend.  You can build a "good" barebones  system for under two hundred dollars. Then you can use the unit for what ever else you want. You also would not need an umbilical cord (except for certain services) to use the unit. An average user might not want to do this.


Almost went to get a first generation hackable roku box, but then decided on another open option. That is to get a micro-controller board such as the Raspberry Pi for under fifty dollars and install something such as Raspbmc software to the unit. You have an instant media streamer. It is low power, does not need cooling under normal circumstances, and can be used for other things with just a change of the memory card. One more feature I like about it is that although it supports the new hdmi cabling, you can also use the traditional composite signal used by older monitors and TV's. Display options are limited not using the hdmi interface. So all in all with the Raspbmc, I can use the MythTV without ever needing the internet for home based media such as free over the air TV and personally developed media.



Update:

    Built a raspbmc and using a dvd player as a monitor for the time being.


Wednesday, September 26, 2012

Cheap tech holiday gift.

If you want to get the older kids into tech or they want to get into tech, you might consider the MSP430 from Texas instruments. You can get almost seven of the MSP430 development kits for the price of just one Arduino. That is right you can get an MSP430 development board for just $4.30 shipped to you in the U.S.  You may want to play with it your self also. Ton's of online documentation. ( i.e. http://www.msp430launchpad.com/) Free development software is available for the most popular platforms also online (from T.I.).


What is really interesting about this unit is that you can take some software source code for the Arduino and run it on the MSP430. Porting software to the Arduino should be easier if you plan to get the Arduino later. The unit even comes with extra dip chips for your use.The newer Arduino units are soldered in place so really can not do complete development on the unit alone.  Even if the kids grow tired of it, you have not invested a fortune in the unit.  Win-Win situation.





http://www.ti.com/ww/en/launchpad/launchpads-msp430-msp-exp430g2.html#tabs
At the holidays, they may sell out again, so order early.

Saturday, September 22, 2012

Testing voip.

Voip or voice over IP is a method  for sending and receiving voice messages over a computer network. Come along way since the invention of the telephone by Alexander Graham Bell. Actually you can do a whole lot more than that. It can be very complicated to set up. Fortunately. there is what is known as a "live" cd that is pretty much pre-configured that only the few additional settings will get you up and running in a few minutes.




it is known as CosmoPBX. You can get it and more information at: http://cosmopbx.sourceforge.net/. You must be forewarned though that it is NOT SECURE, so do not use it in a production environment. In any case, a great tool for experimentation with use on an intranet or private network. With wifi access to your network, voip applications for your touchpads (android and etc) should connect to it fine.



For our purposes, we booted it in a virtual machine.  You can use a web browser to connect to the server remotely to configure any settings. ( i.e.: http://192.168.1.101:8088) Then you can connect with your favorite voice applications. In our case we used Ekiga from a desktop Linux workstation.   Just a matter of setting up Ekiga with the ipaddress of the voip server and you are in business. When we connected to the server, it automatically answered and gave us a voice greeting and instructed us how to proceed.


The advantage of the live cd is that you can get familiar with voip, sip, and all that is involved before you invest in a pbx system for your office and or home. If you wanted something more permanent, you could try FreePBX, (http://www.freepbx.org) but it has to be installed. Though the traditional phone lines are becoming extinct, you can get a special card for your computer to allow the server to connect to an old fashion phone line.



Other accessories you might consider are ip to analog converters so that you can use existing old fashioned analog phones as part of the network. Lately it seems as though they may have jumped up in price. We bought a couple on closeout at Fry's a few years back. You also have to be careful as they are usually configured for a commercial "pay for" network. We bought a couple, but used available third party software to convert the units to work with our voip server.






As well as server, you can access the analog to ip converters via a web interface. That means you do not have to use sneaker support to set them up or disable them if need be. Barely touched the surface of voip, so I encourage to try it.  If you get a chance,. they make a great home intercom system.

Wednesday, September 19, 2012

Programming without coding.



 (http://www.youtube.com/watch?v=jxDw-t3XWd0)


How would you like to create programs without learning some fancy computer language per se. You could create games, animations, educational projects and much much more. MIT has created software called Scratch to do just that. In fact, educational institutions such as Harvard have used  it part of the curriculum for both computer and non-computer science majors to aid them in learning about computers. Here is a quick intro into Scratch.



As you can see everything is drag and drop. No need to learn a epic set of commands to do even the most simplest things. Various video sites have a plethora of movies to watch to learn more about Scratch. You might need to learn some basic logic, but that is picked up easily enough.  You can see it is more user friendly that the traditional programing environment.





Some traditional programmers use even a more simplistic environment. Even schools such as Harvard have integrated Scratch programming as part of the program. Usually it is a precursor to the "C" programming environment used  by most colleges today to teach programming. Here is a video that has been used by Harvard for their free education project. (skip over about half the video to get to the part about scratch).


(https://www.youtube.com/watch?v=FWLeB436j1o)
Scratch is available for the most popular platforms. For my linux box (with an internet connection), all I had to do to install it was from the command line:

$ sudo apt-get install scratch

Of course you could use the gui package managers also to install it, You can find for information about Scratch at: http://scratch.mit.edu/



Thursday, September 13, 2012

Your firewall died and all the stores are closed.

Your router/firewall died and all the stores are closed. What do you do? What do you do?  Time to go to the old parts bin and resurrect some parts. One unique idea about this set up is that instead of using an old fashioned hard drive, we well be using a compact flash card as the drive. For three reasons we do this. First is to cut down on the noise. A quiet pc is an ignored pc. Secondly, we want to cut down on the heat in the machine.  Cooler parts should last longer. And the lastly, to reduce the electricity consumption till you can get a replacement unit if you decide to get one.







What is a firewall again. It is a set of hardware and software that insulates your home network from the internet. Just as a firewall is used to keep a fire from spreading, the network firewall is expected to keep your local area network secure to a degree. Nothing is perfect. You can get all kinds of units to protect your network. The network modem in most cases will not protect you. You need additional hardware and software to do the job. Most people go and purchase the brand name plastic routers such as Buffalo, Cisco (aka Linksys), and a host of others from the local electronic store. Some routers are also supported by third parties so that you can get enhanced software for you router. Sometimes it is a matter of a simple upload to more complicated installs.

You can also build your own router with commodity off the shelf (cots) parts normally used in building any Intel based personal computer. In our case, I looked in the parts closet and found a two hundred megagertz Intel pentium one with one hundred and twenty eight megabytes of ram. Used a few spare one gigabyte network interface cards (nics). Of course we added the two gigabyte compact flash card and interface. 

Firewalls can be setup in a variety of ways. For home use, you might just use one router. The way the router is set is defined by the networks it connects to it.  The four most basic networks are red to connect to the wan (internet), green to connect to the local area network (lan), orange to connect to servers that connect to the internet directly, and finally the blue network for wifi so that it will be isolated from the wired network. It might look something like this:




Notice which side of the firewall the connections are made to the firewall. It has it's own inherent issues.  Using a cots based cows (community workstations) as routers generally requires switches to support connections to the router. So you might have higher cost to build the network infrastructure.  In a business environment, you may want to go a step further. In our case having purchased a Pogoplug to use for internet access which we are not real sure of it's security. So like business we wanted a multilevel routing and firewall that might look something like this:





it is oversimplified here, but notice now you have two different red and green interfaces, but the lan is much more separated from the internet. You can still reach the internet just as easy through both firewalls. You could even add a proxy server on the private internal network to filter what websites and etc can be accessed. So a business that intended to upgrade their desktop computers can use the older equipment as router equipment. That extends the life and the ROI (return on investment) of the older equipment.


Your back on the internet now and you have time to decide what to do about the router. The web interface allows that old machine to look like a fancy piece of equipment.





Wednesday, September 5, 2012

Malware alerts.

Malware threats are something to keep aware of. A good web page to keep up with the details is: http://www.hal-pc.org/alerts.php

From their page:

More reasons to uninstall Java

A new attack that targets a security vulnerability in Oracle’s Java is spreading through the hacker underground.Fake Microsoft calls

claiming your computer is infected.

Below are some web sites on the subject.
  1. Trying to unmask the fake Microsoft support scammers!
  2. Microsoft Windows Support Call Scams: 7 Facts 
  3. Virus phone scam being run from call centres in India 

Reveton malware still active.

FBI Issues Ransom Malware Warning After Being "Inundated" By Victims The FBI's Internet Crime Complaint Center (IC3) has issued an urgent warning about a major ransomware campaign after being "inundated" with complaints from U.S. consumers locked out of their PCs.
By John E Dunn Sat, August 11, 2012

"The malware causing the damage is called Reveton, a drive-by attack incorporating the Citadel bank Trojan platform that has caused a largely unnoticed toll of misery since the beginning of 2012."

The email with the subject: Authorize.Net

The email starts with: Successful Credit Card Settlement Report.
This email is a fake - delete it.

The email with "Wire transfer..."
as the subject is fake

The email starts with:
Dear Bank Account Operator,
WIRE TRANSFER: WRE-16179358912310241
CURRENT STATUS: PENDING
and appears to be from HALNet. Please delete this email without opening any attachments. It is a fake email. HALNet will never send you an email about Wire Transfers.

The email below is spam. If you have received it, please delete and disregard it

Dear Webmail User,
Your mailbox has exceeded the allocated storage limit as set by the administrator, you may not be able to send or receive new mail until you upgrade your allocated quota.
To upgrade your quota, Please clickhere
Thank you for your anticipated cooperation.
System Administrator
For Webmail Support Team.

Apple:

http://reviews.cnet.com/8301-13727_7-57478793-263/windows-malware-slips-into-apples-ios-app-store/

http://www.v3.co.uk/v3-uk/news/2191888/apple-mac-os-malware-threat-to-grow-claims-kaspersky-chief

Remember that Kaspersky is out to sell antivirus programs.

Saturday, September 1, 2012

Warning: Microsoft allegedly mods YOUR hosts file.

Preface: 

One thing I forgot to mention in an earlier article is that you can also block sites from being accessed with the hosts file.  127.0.0.1 is the address for your local computer. So when an address of say www.facebook.com is associated with the local host and then accessed, it will bring you back to your local machine. Good way to keep people off unwanted sites. In fact, you can down load a list of sites that are generally not good for your system at: (you will have to modify it for your needs).

http://winhelp2002.mvps.org/hosts.txt

The main story:

 According to http://www.h-online.com/security/news/item/Microsoft-s-security-software-modifies-HOSTS-file-1670927.html/ The biggest gripe is that if you have www.facebook.com and certain other sitess blocked, Microsoft will modify your hosts file to re-enable it. Here is an example before modification.




What bothers a lot of people is that what gives Microsoft the right to modify such files. Many people are outraged at such activity and have vowed to no longer use Microsoft products. Many people have already planned to disable Microsoft's security software in place of something else that is not so invasive.

There are actually other ways around this. Most of the routers running third party software have a built in dns server called dnsmasq where you can set up sites not to be accessed.  You could either set up a virtual machine or take a minimal system running linux or bsd to set up dnsmasq also. With both Nix based systems and Microsoft products you can set up what is known as a proxy server to do the same thing. Not sure whether Microsoft would re-enable such sites on their proxy servers.



There is also server software for the nix environment called Squid and DansGaurdian which is used heavily in the educational environment. To protect kids. we use it on our ltsp server to just for that kind of protection, Do not believe as of now that Microsoft has access to control such software. Our setup (we use tinyproxy instead of squid though): http://www.instructables.com/id/Another-almost-free-computers-thin-client-set-up-P/

Caveat emptor.



Pogoplug replugged.



Against my brothers best wishes, I bought a Pogoplug. Not sure if it is the one I asked for, but I am not complaining. Spent less than twenty dollars for it (plus shipping). Noticed the price went back up after I bought mine. Up and down so it goes. What are the specs supposed to be:

What’s in the box
  • Pogoplug
  • Power cable
  • Ethernet cable
  • Quick start guide
  • Limited warranty
Power requirements
  • 100-240V, 50/60HZ
Drive connection
  • USB 2.0 (4 ports)
Drive Formats
  • NTFS, FAT32, Mac OS Extended Journaled and non-Journaled (HFS+), EXT-2/EXT-3
Network connection
  • Gigabit Ethernet

After getting the unit, I logged into their site and immediately registered the unit and enabled ssh so I could log into it remotely. It actually uses a minimal nix type environment, so I felt real at home tooling around in the directories. You have to log in as root since there are no user accounts per se.  The first thing i did was run ifconfig to get the mac address for setting it up in the router. The second thing I did was to see what was under the hood so to speak. So It was over 1ghz speed.

$ ssh root@ipaddress


# cat /proc/cpuinfo
Processor    : ARM926EJ-S rev 1 (v5l)
BogoMIPS    : 1192.75
Features    : swp half thumb fastmult edsp
CPU implementer    : 0x56
CPU architecture: 5TE
CPU variant    : 0x2
CPU part    : 0x131
CPU revision    : 1
Cache type    : write-back
Cache clean    : cp15 c7 ops
Cache lockdown    : format C
Cache format    : Harvard
I size        : 16384
I assoc        : 4
I line length    : 32
I sets        : 128
D size        : 16384
D assoc        : 4
D line length    : 32
D sets        : 128

Hardware    : Feroceon-KW
Revision    : 0000
Serial        : 0000000000000000

You can power it off from the command line which is probably better than just pulling the power cord.

My main goal is to modify the unit to make it a true linux box. May wait till the warranty has gone out. I will probably back up the unit first and then proceed with the linux setup. One of the most popular versions of linux is Arch and that is the one most people suggest to use on the unit. Not used Arch linux before, but I am sure it should be fairly easy to pick up. Just have to learn some new commands to do the same old thing.


Depending on what version of the unit you have, there are  different instructions to set up the unit for linux. One thing is that it is a crap shoot to install linux on the units. You can very easily render them useless. You are doing it at your own risk. On the Nslu2, you do have a safety net to recover from a bad flash. This is a good time to make sure you have a good ups for the installation equipment and the pogoplug to be running on.

Anytime you plan to modify equipment, there are several steps you might want to take.

1. Get the installation directions and what files you need to download. Check and make sure they are for your unit. Double check it.

2. Search the net and look for problems and how they were solved. Check for any gotchas. Doing the research especially in support forums can save you a lot of headaches.

3. Do a walk through in your mind without ever touching any of the equipment so you have an idea of the total picture. This also verifies the instructions more than likely does not have errors. You can go back to the net and check for updates. If you have any questions you can resolve them now.

4. Make sure you have downloaded and verified all the software you will need. Not a bad idea to keep it in one place and the back it up to a place off the computer. That way you do not have a fail if your internet access becomes cut off.

5. Go back and reread the instructions again to make sure you have the gist of the project at your finger tips.

6. Make sure you are not in a hurry to do the project. Allot extra time for any possible setbacks.

7. REMAIN CALM through out the process.

8. Do it to it.

Typical Pogoplug linux install for a v2: (https://www.youtube.com/watch?v=PwPN7jp_A24)




Let you know how it all comes out soon.