Archive for February, 2007

Password Manager Woes

Tuesday, February 27th, 2007

I screwed up. In the history of screw ups it’s minor, but I did screw up.

A long time ago I settled on a Windows only password manager (PM). I have hundreds of passwords and I keep them in an encrypted Password Corral database. The program & db live on my Windows box and I keep a copy on my flash drive that goes everywhere with me. I assumed that I would never use another OS and this program would last me a good long time. <– That’s where I screwed the pooch. I find myself using Linux almost exclusively now and I want a PM that will not only work on Linux, but on Windows as well (and I’m keeping my options open, I might have a MAC some day too).

I did some searching last night and found a nifty looking cross platform replacement PM named KeePass. It’s open source (I like that very much), uses strong encryption, and it’s portable. I can keep a copy of the Windows exe on my flash drive as well as a shell script that will allow me to run it on a Linux box (it seems to have all of the libraries in the tarball so it should run on any distro with a GUI).

Both programs have a similar set of features and both satisfy my needs. So I have some options here, and now I need to decide what I want to do.

Option 1: Do nothing

I’ve found that Password Corral works well enough in Wine, but I prefer using Linux native apps when I’m using Linux (who wouldn’t?). If I do nothing, I will always need to have Wine installed on any machine I want to run the app on. I must admit that this option does NOT appeal to me.

Option 2: Migrate to KeePass

KeePass has a nifty import feature, and Password Corral has a nifty export feature. Sadly, they don’t read/write common formats. That means I’m going to have to manually move everything over to KeePass. That sucks (to put it mildly). I REALLY don’t want to spend my time using copy/paste to get the data from one app to the other. This option doesn’t appeal to me either.

So, I have 2 options, both rot. Not sure what I’m going to do at this point.

If you’re looking for a portable app, something that you’re going to rely on, put some thought into it. Consider open source and whether or not the program is cross platform. You may not always be in front of a Windows machine!

Tags: , ,
Posted in Uncategorized | 4 Comments »

Ubuntu spurns Microsoft’s advances: My Thoughts

Wednesday, February 21st, 2007

Ubuntu spurns Microsoft’s advances: http://www.theinquirer.net/default.aspx?article=37742

I found the article above this morning linked from one of the news sites that I check when time allows. Some points were interesting but I think (and this is just my opinion) that this user is expecting Linux to be Windows. I’m just going to touch on the points that inspired me to comment. Oh and I may rant a little :)

[snip] Despite it being the latest ISO image I could find, the first thing the system did when it saw the Web was to download 104 updates – roughly 60 per cent more than a new install of Windows XP SP2 asks for.

OK, yes. There are a lot of updates to be applied after installing the latest version of Ubuntu (which has been out for several months). I personally haven’t counted the critical and recommended updates that are required after installing from a slipstreamed SP2 XP CD, so I can’t comment on his number. What I can comment on is time. XP has been in need of another service pack for months (years?). Performing an install takes (on my P4 HT 3.0Ghz) about 30 to 40 minutes and then another 30 to 40 minutes of updates. This includes all of the freaking reboots and download time. I didn’t see any mention of that in his post. To be fair, I don’t know how long it takes to go from nothing to a fully patched system with Ubuntu (on Feb 21, 2007). I’m willing to bet that if I sat down and did a comparison, Ubuntu would win the race easily.

Now that I think on it, you really can’t even compare the 2 systems when it comes to updating. MS Update is updating (for the most part, there’s always an exception) only the OS and a few other Microsoft applications. Your Linux distro is not only updating the OS, but ALL distribution provided packages. That includes EVERYTHING on your computer following an installation. Your office suite, system tools, games & so on.

[Mini Tangent] I want to mention that when there’s a security patch released for a component of my Linux distro (either Fedora or Ubuntu) I have that update almost immediately. There have been exceptions, I’ve waited up to 2 weeks for some Firefox/Thunderbird updates on both distros for example. Again, those are the exceptions. I’ve waited months for an update to Windows or other key components such as Office. During those months there were active exploits taking advantage of the holes in my system and I had to either be really, really, really careful or find a way to prevent exploitation myself. In the world of Windows, this is not really the exception. It’s VERY rare that MS releases an Out Of Cycle patch, leaving you (the paying customer) hanging for up to a month in many circumstances. [End Mini Tangent]

[snip] it’s on a desktop machine sharing a LAN with two XP and one Vista boxes. Vista and XP play happily together, doing all the file and printer sharing I need with absolutely no bother. The Ubuntu PC is a different matter entirely. I was advised, by friends who swear by Linux and at Microsoft, that I needed to install Samba, which I duly did. I am assured that Samba’s sole purpose in life is to enable Linux and Windows machines to co-exist and cooperate on the same LAN.

Ayup. Linux is not Windows and Samba goes along with that. Samba does take some configuration and it requires you to do some initial work. It doesn’t just do everything for you out of the box. It seems you didn’t get the whole story from your Linux friends.

Well, I’ve only been playing with computers since 1972 and I couldn’t make it work. Linux can see the Windows boxes and vice versa, but any attempt to access files is met with a login dialog box that refuses any username and password I enter. Now my learned friends tell me I should be using something called Wine. I’ve been a heavy user of wine for many years and it certainly helped relax me but did absolutely nothing for my connectivity dilemma.

I have no idea why you’d need Wine to use Samba, one has nothing to do with the other. The login prompt is because you haven’t created a Samba user and IIRC, Samba is set up for User level security by default on Ubuntu. A few minutes here would have done you wonders. It isn’t exactly intuitive to get Samba shares set up if you haven’t been exposed to Samba or read the docs. This is one place where Windows is easier (notice, I didn’t say better).

So I’ve done what any normal person would do in the circumstances – give up. If the awfully-clever people who write bits of open source code can’t make it work automatically, I stand absolutely no chance of fixing it. It looks very much to me as if people clever enough to write an entire operating system can’t make a simple bit of networking work, it has to be a deliberate marketing decision rather than a lack of ability.

I’m a normal person and I didn’t give up. I got bit by the Samba annoyance when I started with Linux too. Just wanted to say that I’m still using Linux AND I share files with Samba!

I don’t know if it was a marketing decision. I personally like to think of it as a sane security choice. I, like you, believe it to be deliberate. I guess I’m the only one who appreciates it.

What bugs me about this whole post is the following. He’s technically savvy enough to download an ISO, burn it and install an operating system that he hasn’t had much experience with, but he never seemed to consider that there would be a learning curve along with that OS. That just doesn’t make sense to me.

Here, I go off on a bit of a tangent, that word “automatically” irritates the hell out of me.

Automatically? Automatically is why you can drive down any street and get yourself free WiFi access. Automatically means I let the computer make all the choices for me. I won’t learn anything, I’ll just assume that a MACHINE can think for me and it’ll do the “right thing”. Automatically is for fools. READ something. Let’s say you automatically create some shares on your Windows box, umm, how about “My Documents”. Let’s say you also “automatically” set up your wifi router (SSID = linksys, and Security = 100% OFF). Guess what, that excel spreadsheet with all of your passwords in it… MINE. That and anything else I want to peek at from my car (or your neighbor’s family room). Automatically ISN’T good, it’s for people who refuse to LEARN anything. Automatically is dangerous.

Is there ANYONE out there that thinks the scenario above doesn’t happen ALL of the time? That’s what “automatically” gets you.

Personally, I’m sick to death of everyone thinking the computer should do everything for you. YOU have a responsibility to protect your computer (be it from others or yourself). If you don’t know how, get a book. If you don’t want to read, find a family geek or rent one from Best Buy. They aren’t hard to find.

err, end tangent.

No OS is perfect. If one was, we’d all be using it and the world would be a shiny happy electronic field of daisies. I just don’t think that he went into his Linux trial (for lack of a better word) with the right expectations. He wanted Linux to do what Windows does. Linux isn’t Windows (how many times am I going to say that?). If you’re going to use Linux, expect there to be a learning curve.

Thinking out loud: If all you’ve ever used is Linux, do you think just installing Windows and giving it a lame attempt would be easy? I don’t, you get used to what you know. All change is hard. You have to be willing to try.

Tags:
Posted in Uncategorized | No Comments »

SSH Tab Completion in Fedora Core 6

Monday, February 19th, 2007

I’ve found that the extended tab-complete functionality in Ubuntu is a major timesaver. I do a LOT of SSHing from machine to machine in my house as well as to machines out there on the Internet. I use my ~/.ssh/config file to set up easy-to-remember names for these machines and then use the command line to connect. For example, to connect to my Anapnea.net shell account, I have a block in my config file that looks like this:

host anapnea
hostname anapnea.net
user fakeusername
identityfile ~/.ssh/id

When I want to log in, I open my terminal program of choice and enter ssh ana<tab> and press enter. Pressing tab expands to anapnea and I make my connection saving 4 keystrokes.

Note: For those interested, SSH tab-complete will expand to the value of host or hostname. That’s handy if you can remember the actual hostname of the machine and you’ve forgotten what you entered as the value of host (yeah, I’ve done it). If that makes no sense to you, you can get more information on SSH config files with man 5 ssh_config.

Tab complete also works with lftp and some other programs when using Ubuntu. I’ve found the lack of it in Fedora a little frustrating (I keep pressing tab and get nothing). I did a little Googling to find out just what program sets up this functionality and checked the Fedora repos for it. Thankfully it can be found in all it’s glory and awaiting installation in Fedora extras.

su -c 'yum install bash-completion'

A few seconds later, you’re ready to bank your keystrokes and tab complete to your heart’s content.

Note: Any terminal sessions that were open when you installed the package won’t utilize it until you either restart the session or enter bash at the prompt. It seems that your shell needs to source the newly created /etc/profile.d/bash_completion.sh script. This is done when you invoke BASH by opening a terminal prompt or executing bash at the command line.

Tags: , , , , ,
Posted in Linux | 1 Comment »

FreeGeek.org

Friday, February 16th, 2007

This has to be one of the coolest projects going, take a few minutes and check out http://freegeek.org. The 5 minute video is a great place to start.

This project is a killer way to re-use old equipment and to teach those that are interested about hardware and Linux. I only wish there was something like this in my area, I would love to volunteer. IMO, there’s no better way to learn than by doing, this is perfect for those that just want to try something new and learn a bit about their computer at the same time.  Nice!

Tags:
Posted in Uncategorized | No Comments »

Killing Trees for Email

Wednesday, February 14th, 2007

Well, I’ve done it. I’ve printed out the man pages for formail, procmail (it’s supplements) and fetchmail. I’m hoping to have a real understanding of these programs once I actually sit down and start reading.

I have mutt running on my machine and I’m using it to read email for 5 accounts. I have a basic idea of how mail is delivered to my machine and then sorted into folders, but that just isn’t enough for me. I’ve only been half learning things and as a result I feel like a dunce far too often. Starting with this project, I plan to fully understand everything I’m attempting.

Once done (as if learning has an end), I want to be able to explain what I’ve picked up with a few blog posts and hopefully help others who may stumble upon my writings get started with mail management.

Wish me luck.  I PROMISE to recycle if I ever get rid of these printouts.

Tags:
Posted in Uncategorized | No Comments »

Perusing Mail Headers

Sunday, February 11th, 2007

I’ve been a terrible blogger lately. I’ve been so wrapped up in mutt and my email that I just haven’t had time for anything else. I’ve realized that if you’ve always been a GUI mail client user on Windows and somebody else manages your mail for you (i.e. your admin or ISP) that you may not know ANYTHING about email. I’m not even talking about transporting messages from machine to machine, just spend some time studying mail headers. There’s a LOT to them.

I’m using (evaluating?) procmail to do some mail sorting on my personal machine. Without going into detail (because at this point I simply can’t), procmail parses my email messages as they’re delivered and if one of my procmail recipes matches one of the headers in the message it moves it to a specific folder. It can do more than that, but I just haven’t gotten that far in my explorations.

What’s nice is I don’t have to use just the standard mail headers like to, cc & from to sort mail into folders. Many lists (sadly, not all) insert all sorts of terrific headers when a message is forwarded to subscribers. As an example, this is a chunk of headers from a full disc encryption list that I monitor.

X-BeenThere: fde [AT] www.xml-dev.com
X-Mailman-Version: 2.1.8
Precedence: list
Reply-To: fde [AT] www.xml-dev.com
List-Id: <fde.www.xml-dev.com>
List-Unsubscribe: <http://www.xml-dev.com/mailman/listinfo/fde>,
<mailto:fde-request [AT] www.xml-dev.com?subject=unsubscribe>
List-Archive: <http://www.xml-dev.com/pipermail/fde>
List-Post: <mailto:fde [AT] www.xml-dev.com>
List-Help: <mailto:fde-request [AT] www.xml-dev.com?subject=help>
List-Subscribe: <http://www.xml-dev.com/mailman/listinfo/fde>,
<mailto:fde-request [AT] www.xml-dev.com?subject=subscribe>

There’s a lot there, this list makes it easy for you to check archives, get help and unsubscribe just by reviewing the mail headers. It also inserts an X-BeenThere header that I use to sort on (I wish they all did, it would make sorting MUCH easier). Since that header is on every message from the list, I created a simple procmail recipe (below) that will move messages with that header into the “seclists” mail folder.

:0:
* ^X-BeenThere: fde [AT] www.xml-dev.com
$MAILDIR/seclists/

That’s just a simple example, but handy none-the-less. So that’s what I’ve been up to. Checking mail headers and learning how to manage my mail myself.

Tags:
Posted in Uncategorized | No Comments »

Playing with XFCE 4.4 on Fedora Core 6

Thursday, February 8th, 2007

I’ve been terribly busy over the last few days, I started playing with Mutt and XFCE 4.4 on Fedora. Who knew it (“it” being mutt) would take over my life?? Mutt is going to take some time to explain, and since I haven’t got it doing exactly what I want yet, I’ll hold off on talking about it. I can tell you this, I’ll be damned if I’ll let it beat me. I will own (or should I be cool and use “pwn”?) mutt, and once I do, I’ll try to tell you how I did it.

Since XFCE is easier to get into, I’ll explain that. My work machine is a bit of a dog. At least it’s feeling that way. To improve the feel of it, I decided to give a lighter weight desktop a shot and I installed the latest XFCE. To put it simply, wow! What a difference.

Now this isn’t my first experience with XFCE. Back when I had only been using Linux for a month or two, I installed it to take a peek. I was completely dependent on my desktop environment at that time. If it didn’t take care of mounting devices and network resources, I couldn’t use it. Back to Gnome or KDE I went.

I’m more comfortable with Linux now and can either mount devices on my own or edit /etc/fstab to make mounting automatic. That being the case, I can move on to some of the more “manual” desktops (yayy me!).

Installing XFCE was a breeze, su -c 'yum groupinstall XFCE' and a little coffee to pass the time was all it took. After that, log in and start customizing.

One of the first things I had to do after setting up my desktop was to find out how to lock the workstation. XFCE allows you to trigger a lock by hitting CTRL+ALT+DEL; that sequence executes /usr/bin/xflock4 which in turn, starts the screen saver (I found/figured this info under Keyboard Settings) .

Unfortunately, that wasn’t working for me. There was no error message or any indication that the key sequence was doing anything. I opened a terminal, found the script and checked it out. The script attempts to run xscreensaver-command -lock or xlock. I didn’t have any executables matching those filenames on my box, so off to google I went. The Gentoo wiki offered me this page. With that info, I created /usr/bin/xlock and added the lines below:

#!/bin/bash
/usr/bin/gnome-screensaver-command -l

All that was left to do was to set the proper mode on the file; chmod 755 /usr/bin/xlock (as root). With that done, the magic key sequence locked my box and allowed me to walk away.

***Edit*** I also had to add gnome-screensaver to autostarted applications

Notes:

  • I rely too much on Google. If I had taken a minute to think, I wouldn’t have needed the Gentoo wiki to tell me to create the xlock script. This annoys me about myself, I too often look for the easy answer.
  • I decided to use the Gnome screen saver because it was already installed and I knew it could do the job.
  • I could have just installed the xscreensaver package but that just would have added software I don’t need.

I’ll keep playing and tweaking, so far this is great. I can only complain about the screen lock issue and the fact that adding items to the panel is a little clunky. Other than that, I’m flying around my machine with breakneck speed and it ROCKS. Got some time on your hands? Install it, play with it, see if you like it. :)

Tags: , , ,
Posted in Linux | No Comments »

Debian and Linux Vserver

Monday, February 5th, 2007

I’ve spent the last few days playing with Linux Vserver on Debian Etch . This is a killer virtualization project, you can find out about it over at http://linux-vserver.org. What prompted me to check it out was this tutorial.

After reading up on it, I found it impossible to stop thinking about. I had a few minutes that evening so I created a test VMware guest with a base install of Debian Etch and followed the tutorial above. I had a working vserver in what felt like no time at all.

Having a running vserver guest and doing something with it are (of course) two different things. If you’re going to play with vserver, do some reading. That’s the best advice I can give you. The vserver site has plenty of docs and an official IRC channel for user to user support. That said, IMO some of the site docs are lacking. I found myself getting a little miffed over a few things. However, after talking to some other users I was able to get where I needed to be. That would have to be my only complaint about the whole project, clearly detailed docs would be helpful for a newb.

If you’re interested in running an Internet server in a seriously locked down environment, I would certainly take some time to look into the Linux Vserver project. You won’t need the hardware resources that a VMware guest would require and you’ll have many of the same benefits. I’m in the process of testing an FTP guest right now. I think I have everything worked out and documented so that I can recreate it. I’m LOVING it.

Just another great option in the virtual machine arena, have fun! Below are some links for good reading.

Posted in Linux | No Comments »

PDF splitting with pdftk

Thursday, February 1st, 2007

Just a quickie, this morning I needed to post the monthly payroll calendars for 2007 to our website. These calendars are created using Word’s calendar template and are then sent to me for conversion to PDF and publishing. This year I was able to handle the task a little differently.

I opened the 12 page doc file in OpenOffice and exported it to PDF. There wasn’t a clear way to save each page as an individual file so my output was a single PDF. I needed a fast and easy way to split the pages up for publishing. I remembered some chatter on the GNHLUG list regarding pdftk so I installed it, took a brief look at the man page and did the following:

pdftk Calender2007.pdf burst output ~/tmp/%02d-2007.pdf

Poof! Calendar split out to 12 files named 01-2007.pdf, 02-2007.pdf and so on.

This saved time and eliminated the annoyance factor completely!  The tools available for Linux blow my mind, these are programs I never would have even heard of when I was strictly Windows.  Change is GOOD.

Tags: ,
Posted in Linux | No Comments »