Apparently there’s a pretty serious backlash to the whole Unity desktop as well as the Gnome 3.x interface.

Just a few posts to illustrate this point:

One, two, three, four, five, Six (#6 is complete with some video comparisons). Also, a recent post on Technorati shows that Debian classic is indeed beconing Ubuntu refugees back home. Here’s another recent article on why Gnome Refugees Love XFCE.

At this point many are about ready to write off Ubuntu, and switch back to Debian proper, or an entirely different distribution, such as Fedora 16. Some have chosen to stay with Ubuntu for now, but run a variation on it with Xubuntu (which has been my choice for now).

At this point I am not sure what Ubuntu brings to the table anymore except excellent forum support and perhaps a good set of drivers for hardware detection among various laptops and desktops. Linux Mint is already working on their own Gnome 3 fork called MGSE, which will look at lot closer to Gnome 2.

It also looks as though a serious OS-independent fork of the Gnome 2.x interface has already begun, it’s called MATE. Though I’m not sure how ready it is for use.

Ubuntu has reached the pinnacle of its exposure and I think the bubble in which the developers and Mark Shuttleworth live has entirely squelched the outcry, probably to their detriment.

I do hope the Gnome developers also see the error of their ways. Gnome 3.x is a “Windows Vista” of sorts — a real shark-jumping moment, but could be corrected with a mea culpa and at least an offering of a fully functioning “classic mode” for everyone not interested in Fisher Price style graphical interfaces.

I will continue to stay with Xubuntu for now, but I can readily say that I am now officially shoppin’ around.

It has a very friendly GUI front end and allows for many types of character substitutions or prefixes and suffixes to be added. It also supports character substitutions for matching patterns.

Simply sudo apt-get install gprename.

Check out this link for a full write-up on the tool.

Fortunately (or unfortunately) I vividly remember and identify with a great many of these “If’s…”

—
You know you were part of the tech industry in the ’90s if …

1. you remember when Bill Gates did that blue-screened Win9x release onstage at Chicago Comdex.

2. you remember that there was a Chicago Comdex.

3. you were jealous of your friend’s NeXT.

4. you used a cool device that you held in your palm that made you learn how to write each letter a different way, and it changed the world.

5. you remember when people bothered to say “digital” before “camera” and “cellular” before “phone”–and only the uber-geeks and/or the really rich had either, even though both were barely usable or useful.

6. you had a pager.

7. you ever used a Macintosh clone.

8. you remember when Apple launched an unsuccessful tablet device called the Newton.

9. you defined a portable computer using terms such as clamshell, laptop, and lunchbox, instead of notebook, tablet, and smartphone.

10. you can identify the serial port and accurately discuss what it was used for.

11. you know anything at all about “the Pentium bug.” Extra credit if you know the name of the problematic instruction resulting in Intel offering replacement chips.

12. you could identify the speed a modem was connecting by the sound of the tones.

13. you went “online” with CompuServe or Prodigy.

14. your phone system and your data network used different wires.

15. you cared deeply about the 56K modem battle: spread spectrum vs. direct sequence.

16. you saw the first broadband cable modem and knew it would change the way we would think about being always online.

17. to you, Archie is not just a character in a comic and Gopher is not a small rodent.

18. you had to spell out acronyms like LAN and WAN.

19. you have a box of Zip disks.

20. you could be a network administrator and not ever use IP.

21. you remember when Ethernet was connected with hubs.

22. hearing the words “token ring” and “beacon” in the same sentence still gives you chills.

23. you saw token ring get killed when Ethernet switches were born.

24. you needed a memory manager–not for yourself but for your PC.

25. you loved that it finally was possible to attach a printer to the network and not the server.

26. you could watch flying toasters for hours on end.

27. you remember Novell had the dominant NOS and Microsoft had something called DOS.

28. you remember the OS/2 vs. Windows debate.

29. you were excited by the launch of Windows 3.0.

30. you remember when trying Linux involved downloading 27 floppy disk images, and installation carried the real risk of hardware damage if you used incorrect X Windows settings.

31. you remember the first time you used the NCSA Mosaic browser (shortly after feeding 27 floppy disks into a spare 80386 PC).

32. you could develop commercial software without fear of patent litigation.

33. you knew where Scott/Tiger came from and what software package used it as the default user name/password.

34. you thought installing software over the network instead of using floppy disks was a major leap forward.

35. you did comparative reviews of Vines, NetWare, and Windows NT.

36. you remember when IBM bought Lotus (and then everyone else).

37. you remember the Microsoft Bob operating system.

38. for you, “Chicago” means Windows 95 and “Memphis” means Windows 98.

39. you’ve actually used Windows for Workgroups or Windows Me.

40. you remember TV announcers struggling with “double u, double u, double u, dot …” and the brief period when it was considered necessary to preface that with “h, tee, tee, pee…”

41. you used the term “information superhighway” more than once, with a straight face.

42. you struggled to understand the difference between Internet and intranet.

43. you debated whether anyone would actually read the news online.

44. you remember Netscape–not just the browser but the company that put the fear of God and the Web-based operating system into Microsoft.

45. you remember publishing on the Web without cascading style sheets.

46. you ever wrote a weekly print tech-rumors column under a pseudonym.

Source: InformationWeek.

The Top 10 things a Linux distribution might be called, if it were released by Microsoft:

10. Seattle’s Best.

9. Breakable Linux.

8. The best thing Microsoft ever came up with.

7. Open Windows.

6. Something that will never happen.

5. Closed open source.

4. Steve Ballmer’s nightmare.

3. Blue Screen Linux.

2. A distro we’ll never use.

1. SUSE

Personally, I favor #2, 3, 5, 7 and 9. I think my favorite among those would have to be #7: Open Windows. Number 10 (Seattle’s Best) sounds like a brand of Coffee . . .

The comments page over at FossForce.com have a pretty healthy number of further recommendations for such a distribution . . .

Linus with Maddog

The Vancouver LinuxCon celebrated 20 years of Linux, with one very special guest, in a tux.

Some more pics here, and here, and here, also a short write-up here.

It’s essentially PCIe over a wire, but also incorporates the DisplayPort standard which also allows the wire to handle monitor connections – the connections can also be daisychained, and it’s bidirectional. It supports up to 10Gbps in either direction (so 20Gbps bidirectionally).

For a sense of scale, in order:

- USB 2.0 runs at 480Mbit/sec (total speed in any direction)
- eSATA runs at 3Gbps (total speed in any direction)
- USB 3.0 supports 5Gbps (total speed in any direction)
- Thunderbolt can support up to 20Gbps, 10Gbps in each direction.

In real life, this wire will transfer about 3/4 of a Gigabyte (768 megs) to 1 Gigabyte in ONE second.

This is an Intel technology, but the only one using it right now is Apple. Apparently a really good reason to use this is to make devices (like tablets & laptops) lighter because it’s only 1 port, where you don’t need multiple ports to get things done. So a Thunderbolt wire could connect to a projector, monitor, PC, external hard disk, etc.. and they can all be daisychained…

Video demo from Intel: Video Part 1, video part 2.

A few articles on the topic: One, two.

Intel’s page on the subject.

I had commented that I did not like the way Ubuntu was going with its Unity interface, nor was I happy at all with Gnome 3′s interface. In that post I had explained that I had ultimately decided to go with Xubuntu, which is the latest Ubuntu mixed with the XFCE desktop.

It would seem that Linus Torvalds has also decided to adopt XFCE, and has urged Gnome to fork itself to bring back the Gnome 2 interface, just as I had said in my previous post.

Apparently there’s a vigorous discussion going on about it, in which Linus is participating. Below are some excerpts from the original Google+ thread (linked here):

From one message Linus says: “While you are at it, could you also fork gnome, and support a gnome-2 environment? I want my sane interfaces back. I have yet to meet anybody who likes the unholy mess that is gnome-3.”

From another post Linus says: “it’s not that I have rendering problems with gnome3 (although I do have those too), it’s that the user experience of Gnome3 even without rendering problems is unacceptable.

Why can’t I have shortcuts on my desktop? Why can’t I have the expose functionality? Wobbly windows? Why does anybody sane think that it’s a good idea to have that “go to the crazy ‘activities’” menu mode?

I used to be upset when gnome developers decided it was “too complicated” for the user to remap some mouse buttons. In gnome3, the developers have apparently decided that it’s “too complicated” to actually do real work on your desktop, and have decided to make it really annoying to do.

Here’s an example of “the crazy”: you want a new terminal window. So you go to “activities” and press the “terminal” thing that you’ve made part of your normal desktop thing (but why can’t I just have it on the desktop, instead of in that insane “activities” mode?). What happens? Nothing. It brings your existing terminal to the forefront.

That’s just crazy crap. Now I need to use Shift-Control-N in an old terminal to bring up a new one. Yeah, that’s a real user experience improvement. Sure.

I’m sure there are other ways, but that’s just an example of the kind of “head up the arse” behavior of gnome3. Seriously. I have been asking other developers about gnome3, they all think it’s crazy.

I’m using Xfce. I think it’s a step down from gnome2, but it’s a huge step up from gnome3. Really.”

In my previous post about graphical interfaces I had also thought that XFCE was a step down from Gnome 2, but leaps & bounds better than Gnome 3 or Ubuntu’s Unity interface (which are remarkably similar). Apparently many others in the thread have adopted XFCE as well.

Here’s hoping the folks over at Gnome are listening (indeed, listening to Linus himself!) and give us back the Gnome 2 interface. If they love Gnome 3 so much, let them keep it — but at least offer the rest of us who don’t care for it the option to use the Gnome 2 interface again.

From the SysAdminDay Website:

A sysadmin unpacked the server for this website from its box, installed an operating system, patched it for security, made sure the power and air conditioning was working in the server room, monitored it for stability, set up the software, and kept backups in case anything went wrong. All to serve this webpage.

A sysadmin installed the routers, laid the cables, configured the networks, set up the firewalls, and watched and guided the traffic for each hop of the network that runs over copper, fiber optic glass, and even the air itself to bring the Internet to your computer. All to make sure the webpage found its way from the server to your computer.

Fig. 1 Ted.

A sysadmin makes sure your network connection is safe, secure, open, and working. A sysadmin makes sure your computer is working in a healthy way on a healthy network. A sysadmin takes backups to guard against disaster both human and otherwise, holds the gates against security threats and crackers, and keeps the printers going no matter how many copies of the tax code someone from Accounting prints out.

A sysadmin worries about spam, viruses, spyware, but also power outages, fires and floods.

When the email server goes down at 2 AM on a Sunday, your sysadmin is paged, wakes up, and goes to work.

A sysadmin is a professional, who plans, worries, hacks, fixes, pushes, advocates, protects and creates good computer networks, to get you your data, to help you do work — to bring the potential of computing ever closer to reality.

So if you can read this, thank your sysadmin — and know he or she is only one of dozens or possibly hundreds whose work brings you the email from your aunt on the West Coast, the instant message from your son at college, the free phone call from the friend in Australia, and this webpage.

Show your appreciation! (Via SysAdminDay.)

Also, enjoy their cool photos of System Administrators in their natural habitat: One, Two, Three.

To convert a PDF to a Jpeg, you’ll need Imagemagick (sudo apt-get install imagemagick).

convert -quality 20 -interlace none -density 300 input.pdf output.jpg

The quality setting can be from 0 to 100 (100 being the best, but often a huge file), I have found 20 to be a good balance of size vs. quality. The interlace option helps with readability, and density specifies the dots per inch (for printing). For PDF’s with color images, you may find you need to add the option -colorspace RGB.

The default print resolution when using the convert program on PDF’s is 72 dots per inch, which is equivalent to one point per pixel. Computer screens are normally 72 or 96 dots per inch, while printers typically support 150, 300, 600, or 1200 dots per inch. To determine the resolution of your display, use a ruler to measure the width of your screen in inches, and divide by the number of horizontal pixels (1024 on a 1024×768 display). Generally, I prefer to maintain enough density to support a possible print job.

This does work the other way around, so the command below will work just fine:

convert -quality 20 -interlace none -density 300 input.jpg output.pdf

When convertnig PDF’s to Jpeg’s, each page will be it’s own numbered Jpeg. You can then convert multiple Jpeg’s back into a single PDF (the page order will depend on the filename sorted order, so be sure to number your files in the preferred order).

The command below will take a series of Jpeg’s and convert them into a single PDF:

convert -quality 20 -interlace none -density 300 *.jpg output.pdf

From the article . . .

The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.

Soghoian, who spent a year working at the FTC, charges that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts therir data,” which amounts to a deceptive trade practice that can be investigated by the FTC.

Dropbox dismissed Soghoian’s allegations.

“We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011,” company spokeswoman Julie Supan said in a short e-mail to Wired.com. “Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”

Dropbox, which has more than 25 million users, revised its website claims about its data security April 13, from:

All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.

to:

All files stored on Dropbox servers are encrypted (AES 256).

The difference, Soghoian charges, is very important. (If his name sounds familiar, you might remember him as the one who exposed Facebook’s attempt to place anti-Google stories in the press this week.)

Dropbox saves storage space by analyzing users’ files before they are uploaded, using what’s known as a hash — which is basically a short signature of the file based on its contents. If another Dropbox user has already stored that file, Dropbox doesn’t actually upload the file, and simply “adds” the file to the user’s Dropbox.

The keys used to encrypt and decrypt files also are in the hands of Dropbox, not stored on each user’s machines.

Those architecture choices mean that Dropbox employees can see the contents of a user’s storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.

Read the rest of the article here.

The software is free for personal use, but not free for commerical use. It’s also not open source, but a good tool nonetheless.

Click here for the application’s home site and here for a good write up on using it.

Where on this map do you live ?

Source: dedoimedo.com

This site got a 71/100 … not bad. One of the biggest suggestions was to recompress the jpeg’s on the site much more than they are currently for an estimated 50% improvement. Though, I think the site loads pretty quick, it’s still a great tool for analyzing your own sites.

I’m not a big fan of Apple’s interface and I’m very much not a fan of what Canonical and Gnome are doing with my desktop. While Ubuntu 11.04 offers an “Ubuntu Classic” mode (read Gnome 2.x mode here), this will only be around for 11.04. Once 11.10 comes out in 6 months, the “classic” will be discarded.

<rant> At this point I could go on about how these changes are trying to change my desktop into an oversized smartphone, or how for power users this is an absurd interface reminding me of a Fisher Price laptop, or an interface for children first learning to use a computer, but I won’t. While this perhaps might be a good interface for a tablet or a smartphone, it is not the way a desktop operating system should present itself to the user. There’s a plethora of posts on the internet about forking Gnome 2.x into its own project maintained by a separate community of developers from those over at Gnome. Others are talking about porting the Gnome 2.x shell & set of panels into the GTK 3.x platform: essentially porting the great Gnome 2.x desktop interface over so that they work well in the Gnome 3 code base. I am not sure if either of these will happen or not, but I can tell you that I cannot afford to wait & see. </rant>

The people over at Linux Mint (the second most popular Linux after the Ubuntu family) have stated that they will adopt Gnome 3, but without the Gnome 3 shell (which is the interface that is presented to the user, AKA “The Desktop”.) I’m not sure exactly how they will do that, but I am sure it will require a lot of custom coding.

Ubuntu has always offered me the perfect blend of Debian’s rock solid stability with my choice of the latest & greatest apps pre-installed. I’ve enjoyed using it for a few years now, however, forcing the Unity interface on users who’ve enjoyed the classic desktop is too much for me to bear. I know in some way Canonical’s hand was forced here in that Gnome was already abandoning it’s 2.x desktop, so instead of moving with Gnome’s 3.x shell, they decided to create their own version of an astonishingly similar, child-like desktop. Both interfaces are wrong for the desktop and wrong for the power user.

The developers at Gnome are equally guilty of abandoning the classic, best desktop, forcing a completely different interface on its users without the choice & option of what I suppose has to now be called “Gnome Classic”. It’s a mistake to offer users change without choice.

For those who may think all is lost at this point: DON’T PANIC, I know where my towel is located.

In my effort to find a new home for myself, I started selectively searching through the myriad of Debian-based Linux distributions. I tried Linux Mint and while it’s based on Debian, I don’t think it’s my cup of tea. On a hunch I tried Xubuntu (Ubuntu with the XFCE desktop instead of Gnome). I’ve always regarded XFCE as a Gnome knock off with less polish. Certainly, XFCE has come a long way, but it isn’t as intuitive as Gnome 2.x. Having said that I am reluctantly choosing Xubuntu as my distro of choice. XFCE is close enough that I can bridge the gap with some tweaking. I am mostly tweaking the panels. The default bottom panel that comes with Xubuntu 11.04 is useless in my estimation. I’ve deleted that in favor of a fresh panel with simply a Window Menu, Workspace Switcher & Trashcan. I’ve removed the Window Menu from the top panel and added some quick-click launcher icons at the upper left of the panel to launch often-run apps such as Chrome, Xchat, File Manager, Calculator, etc.

All tweaks aside, Xubuntu allows me to maintain the advantage of the Ubuntu line of repositories (including medibuntu!) while offering me a desktop that is much more familiar. For me, Xubuntu is the safest bet for a new home. One should not confuse a desktop interface with an entire Linux distribution. I could easily run Ubuntu 11.04 and just install the XFCE desktop onto Ubuntu and then choose XFCE as my default desktop under Ubuntu, instead of running Xubuntu. I do think though, that while that approach may work, the folks over at Xubuntu have integrated XFCE a bit better into the Ubuntu base than I could. It would allow me to cleanly run a variant of Ubuntu without the extra Unity baggage and enjoy an overall lighter distribution as well.

The plethora of support offered in the great Ubuntu Linux community was also an important factor in my decision. Fortunately, Xubuntu is so close to Ubuntu that all the forum posts out there supporting Ubuntu will also work for Xubuntu as well. Sure, there may be some Xubuntu-specific issues with which to deal, but the grand majority of forum posts specific to Ubuntu will also address questions for the Xubuntu user.

This is very much a personal decision. Some are sticking it out with Ubuntu and the Unity interface. Others are installing Gnome 3, replacing Unity. Yet others are switching over to KDE . . . mmmkay . . . ya . . . I’m not a KDE fan. I always thought KDE was chasing the Windows “start menu” concept and I generally don’t care for their desktop. Others still are abandoning Ubuntu altogether and switching over to Fedora or OpenSuSE.

I am sticking with Debian, and with Ubuntu — just in the Xubuntu camp. Ultimately I hope Gnome 2.x finds a home with an active bunch of developers (or gets ported to GTK 3.x!!) so that I can re-adopt it. Though I fear that the decade old, rock solid Gnome 2.x desktop may be dead: wow.

Apparently, there’s no desktop for old men. The forums are afire with posts similar to this blog post (though maybe with or without the Xubuntu choice). I hope to find some camaraderie on the IRC with some folks and see where this goes. This may not be the last post on this topic.

One of the great things about Linux is choice. I wish Gnome hadn’t made their choice to abandon their 2.x interface and I wish that Canonical hadn’t forced Unity on their users, but as a member of the Linux community I can exercise my own choice and adopt Xubuntu with the XFCE desktop as my new home. I hope others in the community will not let the Gnome 2.x interface die, either by forking it or porting it over to GTK 3.x. I’d very much like to return to it, but until then, goodbye to the “original” Ubuntu and to Gnome: so long and thanks for the fish.

For those willing to give Xubuntu a try, I thought I’d mention a few issues right off the bat during my Xubuntu setup and some of the fixes:

First you’ll have to install VLC, Audacious, VNC, VINO, Chrome, LibreOffice, Screen, Nautilus, Gconf-editor, NFS server and client, SSH, SSHFS, ECryptFS, Samba, SmbFS, RDesktop, EOG (Eye of Gnome Pic Viewer), Imagemagick and perhaps a few other things I haven’t yet come across.

Below are a couple of the important ones that required some configuring beyond the basic “sudo apt-get install“:

1. XFCE didn’t auto-create a menu item when I installed Chrome, so I had to add it manually.

Add a launcher to the panel (right click the panel, go down to panel –> Add new items), then select Launcher.

Once selected, a blank square will appear on the panel at the far right, and will have a light grey/black box. Right click that new box on the panel, click Properties.

Add an item to the launcher (click the blue + sign) and search from Chrome. If it’s not listed you can add it manually by clicking the “add empty item” icon which is the white paper with the gold star. Select the icon for the application (when selecting icons its easier to select from the ALL ICONS item in the pull down) and then for the command in the launcher itself type:

/opt/google/chrome/google-chrome %U

2. Default File Manager is Thunar: No thank you. Thunar, while very light, is too light on features. I need tabbed file browsing. Therefore I have manually installed Nautilus which worked very nicely. For this you’ll also want Gconf-editor since that allows some Nautilus-specific customizations. So simply type:

#sudo apt-get install nautilus gconf-editor

Then to use Nautilus as your default file manager, go to Settings Manager –> Preferred Applications –> Utilities Tab, then select Nautilus from the File Manager pulldown menu.

If you prefer a /text/path/to/your/files instead of the graphical button style in Nautilus, the quick fix is to run gconf-editor from the command prompt, then in the configuration editor and navigate down to: apps –> nautilus –> preferences –> always_use_location_entry and make sure to check that box off.

3. I also had problems VNCing into my new Xubuntu install. To fix this, just install Vino.

sudo apt-get install vino

Then run vino-preferences (from command line) and check off your preferences:

#vino-preferences

Then you’ll have to set up Vino to start with a reboot: Go to Session & Startup in your Settings Manager, then click on Application Autostart then click ADD. Enter whatever you like for Name & Description, but in the command field, enter:

/usr/lib/vino/vino-server

Originally put forth as RFC 114 and used as such from 1971 to 1980, it changed when in 1980 it was put forth again as RFC 765 by Jon Postel of ITI. This standard retired RFC 114 and introduced more concepts and conventions that survive to this day, including: A formal architecture for separate client/server functions and two separate channels, Site-to-site transfers, Passive (a.k.a. “firewall friendly”) transfer mode among other improvements. RFC 765 was replaced by RFC 959, which formalized directory navigation in 1985.

The third and current generation of FTP was a reaction to two technologies that RFC 959 did not address: SSL/TLS and IPv6. It was essentially a security upgrade to FTP.

The latest RFC’s that handle the FTP protocol are RFC 2228 in 1997 (which added SSL extensions and is how FTP became FTPS) and RFC 2428, which added IPv6 suport in 1998.

While FTP matured into FTPS, it is not to be confused with SFTP.

FTPS is essentially a secured or hardened FTP protocol that uses two channels, one for the data transfer and one for directory listings and other data not associated with the actual transfer. It’s FTP + SSL.

SFTP is a complete departure from FTP and is part of the Secure Shell File Transfer Project and was built from the ground up as an extension of SSH. It is a secured file transfer protocol built as an extension of SSH itself. While many confuse SFTP with “an FTP session through SSH”, it isn’t. While FTPS is FTP with security extensions (namely SSL), SFTP is an extension of SSH that adds easy file transfer capabilities to the already secure SSH session. Also not to be confused with SCP, SFTP allows for many more dynamic commands than that of simple SCP.

It is interesting to note that many companies still use classic FTP over VPN connections as well.

Anyone lost yet? Just checking . . .

For the record, I prefer SFTP, since I love SSH and do everything I can over SSH, even mapping file systems over it with SSHFS (more info about SSHFS here).

Here’s some write-ups on FTP’s 40th: One, two.

Click here for the full article from the Daily Bruin.

A heritage website is also being set up with some great articles and photos (being posted to Flickr).

From the heritage site:

Our heritage site is a restoration of the original 1969 ARPA lab that sent the first Internet message from 3420 Boelter Hall at UCLA.  It will be open to the public and feature key artifacts including the very first piece of the Internet infrastructure, namely the Interface Message Processor (IMP).  We use teaching tools from the 1960s such as slide projects and blackboards to tell the story of the Internet’s early history.

As an archive, historical documents from the Internet’s early history are being identified, acquired, and made available to scholars and the general public through social media and scholarly databases.  The physical copies are held permanently, securely, and accessibly in the world-class archive facilities at UCLA.  It is our conviction that the more of this information we make available – with particular attention paid to typically under-represented groups – the more objective, inclusive, and interesting  a history of the early Internet can be written.

Another article talks about this in the Atlantic Wire.

Dropbox is essentially offering a “public cloud” to its users to hold their files. This also means that our files are stored on servers that we do not entirely control. Because of this, I make a habit of encrypting all the data in my Dropbox folder (call me old school, but there it is…)

This does make things a bit difficult, as the files are not immediately available to me insofar as I have to decrypt them first (using eCryptFS). While that’s essentially a simple process, it is an extra step. It does however give me a measure of relief knowing that if there should be any problems with the public cloud and my files were to fall into the hands of a third party, at least they’d then have to decrypt them first.

It turns out that Derek Newton has found some security issues with Dropbox. Every Dropbox installation under windows places a config.db file under %APPDATA%\Dropbox (in Linux the file would be under ~/.dropbox/ and is called dropbox.db and host.db).

All an attacker would have to do is first gain access to a system running dropbox and copy the config.db file (or the dropbox.db and host.db file under Linux) and place them on his own system, in his own vanilla Dropbox (fresh) installation. As Derek puts it:

. . . the config.db file is completely portable and is *not* tied to the system in any way. This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface.  Taking the config.db file, copying it onto another system (you may need to modify the dropbox_path, to a valid path), and then starting the Dropbox client immediately joins that system into the synchronization group without notifying the authorized user, prompting for credentials, or even getting added to the list of linked devices within your Dropbox account (even though the new system has a completely different name) – this appears to be by design.  Additionally, the host_id is still valid even after the user changes their Dropbox password (thus a standard remediation step of changing credentials does not resolve this issue).

I understand that Dropbox is trying to keep their system as easy to use as possible and allow systems to easily sync files, but this requires a second look and perhaps a bit of re-engineering.

Check out Derek’s full post here. He agrees that the only remedy at this time is to encrypt the files in your Dropbox folders. I also recommend you read the discussion occurring after his post, as there’s a vibrant discussion on the topic and Derek responds to some of the more cogent remarks. In this matter, I agree with Derek entirely that Dropbox (while very convenient) is vulnerable to some trivial attack vectors.

Dropbox may decide that for convenience, this design merits keeping without correction. If they should decide that, I’m OK with that since I encrypt my data anyway. This does stand as a warning though to those that don’t, that your files could be at risk and you should either avoid putting any sensitive data in Dropbox folders, or employ encryption.

This will of course make mobile Dropbox clients useless, since I’m aware of few encryption programs available for Android (or iThings) that are also available to the desktop. I know eCryptFS isn’t available for mobile devices, which means that viewing files on my cell phone has been and remains impractical.

Cloud storage is nice and can be convenient, but it is critical to protect your data. If you’re interested in eCryptFS (which I prefer over other encryption applications such as Truecrypt), check out my older blog post here for a full explanation of it and how to implement it on Debian-based systems (such as Ubuntu, Linux Mint, etc.)

In addition to all this, other bloggers are talking about Dropbox’s use of deduplication to backup its data. What this means is, if two different users with their own Dropbox accounts store the exact same file to their respective folders, Dropbox will only backup one copy of that file and simply attribute the bits to both users.

While this saves Dropbox a ton of storage requirements for backups as well as bandwidth and money, it does so at your expense. It also means that they’re not really encrypting your data. As Christopher Soghoian mentions in his post,

The service tells users that it “uses the same secure methods as banks and the military to send and store your data” and that “[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.” However, the company does in fact have access to the unencrypted data (if it didn’t, it wouldn’t be able to detect duplicate data across different accounts).

This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed.

If you value your privacy or are worried about what might happen if Dropbox were compelled by a court order to disclose which of its users have stored a particular file, you should encrypt your data yourself with a tool like truecrypt or switch to one of several cloud based backup services that encrypt data with a key only known to the user.

[Of course I recommend eCryptFS over Truecrypt, as I've stated before. I have not tried SpiderOak.com (referred above in the quote) -- it may be a viable alternative to Dropbox, but I'd still encrypt my data.]

An interesting tidbit I’ve intuited here, is that Dropbox must be using deduplication on the fly in its client. For depulication to happen on the fly ahead of any file upload to the Dropbox network the client must indeed send key bits (also known as a hash) back to the Dropbox network for deduplication analysis.

Tests show (according to Christopher Soghoian’s post) that indeed dropping an identical file at a later time generates a slim fraction of network traffic back to Dropbox (from your computer) than a file that the Dropbox network has never seen before. This means that Dropbox is looking at all its data in aggregate across all users for duplicated bits, so that only the unique bits are backed up. If all users’ data were truly encrypted, this could not happen as encryption scrambles bits and would deny Dropbox the efficiency of bit level comparisons.

This means that users’ data are ultimately not really kept separate, and any encryption Dropbox may claim they apply is rendered useless since they’re blending user data on the back end to better manage and streamline their available resources (at the users’ expense).

Ultimately, what this really means is that you should have no expectation of privacy for any data you place on Dropbox’s network, unless you go out of your way to encrypt it prior to ever placing the data into the Dropbox folder. Encrypting your data prior to dropping into a Dropbox folder will truly render the data unique, forcing a full upload of the entire file as well as depriving Dropbox of any benefit of deduplication.

What this means for Dropbox is increased costs for servers and bandwidth to backup encrypted data since it cannot be deduplicated. While I understand Dropbox’s need to maximize profits and keep costs down, it shouldn’t be at the users’ expense.

Ultimately, no faith can be put in a public cloud to protect one’s own data. They’re great solutions for offsite storage as well as convenience, so long as proper precautions are taken. Encryption ahead of time is the best way to enjoy the fruits of this great technology.

Of course, the kernel isn’t all of what we know as Linux. The GNU tools that surround it make up GNU/Linux and indeed the many distributions we know and love today, such as Red Hat, Debian, Slackware and Ubuntu.

Watch this video for a brief overview of the history of Linux.

Linux and open source software provide a valuable service for the community and businesses around the world. If you’ve ever enjoyed reading my blog or have ever enjoyed free & open source software, please consider making a donation to the Linux Foundation or to the Free Software Foundation.

This site has 30 awesome tutorials with YouTube video links on all topics from photo manipulation to typography.

In the meantime, take this opportunity to check your backups and make sure your treasured data is duplicated, because everything has a failure date.

…more posts to come.

1. Using a Hauppauge HVR-1950 on one of my home machines, I often watch TV on my computer. If I ever want to watch remotely, I set VLC to stream the feed from the capture device (addressing it as a PVR on /dev/video0) using an OGG codec to the local IP address on a specific port number, then SSH to the same box from the outside with the following command:

ssh MyPublicIPAddress -p 12345 -L 6500:192.168.0.10:2503 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This command will SSH to my home public IP on my alternate SSH port and listen locally (client side) on port 6500 and forward the traffic requests (encrypted via the SSH tunnel) to my local server on 192.168.0.10 on port 2503 (the port I configured VLC to stream on from the server with the Hauppauge device). When I launch VLC on my client and engage a network connection on 127.0.0.1 on port 6500 (using VLC menu option ctrl-N) — poof — TV appears on my remote PC.

2. Local port redirects: Using this example:

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

This is really an extension of concepts explained in item #1. With SSH you can forward any local port to any remote port on the other side, and funnel encrypted traffic to any computer running any OS on the SSH server side. So to VNC to a home machine from a remote location, simply SSH to your home machine (may require port forwarding and/or port knocking) and divert local port traffic to a remote server of your choice.

Note the -D 15000, allows for a SOCKS PROXY, which routes any application’s traffic using SOCKS out of your SSH’ed connection. For example, you can engage a SOCKS proxy on Firefox and then check your public IP address (by going to whatismyip.com) and you’ll see that while your real public IP may be one address, all your browser traffic is routed through your home connection.

There’s a lot to say on this subject (for example DNS translations are not routed by default through the tunnel) and other nuances. Google “SOCKS PROXY SSH DNS” for more info. This link may offer some further assistance.

There are other complications, in that it’s not easy to route operating system DNS requests (outside of the Firefox browser) through SSH, primarily because DNS runs on UDP port 53. I do not believe SSH will natively handle UDP port rerouting, though I’ve seen some creative solutions with netcat and mkfifo.

Also I have read (in the man pages) that Chrome supports SOCKS, I have read running Chrome with –proxy-server=<host>:<port>. For example when running the browser, google-chrome –proxy-server=”socks://foobar:1080″(with quotation marks), assuming that foobar is 127.0.0.1 (assuming you used a -D option for dynamic port forwarding) and port 1080 was the destination port at the end of your -L port:host:port command switch. Check the google-chrome man page for more details.

In the same example used above (copied below for convenience), once I connect to my home SSH box via MyPublicIPAddress, I simply have to engage a VNC viewing session to my own client (localhost) on port 7000, and it’ll route to the IP address of my choice inside my home network, in this case 192.168.0.12. VNC defaults to answering on port 5900. Multiple -L’s may be added to route many protocols (RDP, VNC, VLC, NFS, Web (80), even e-mail ports) to various machines on the local network.

In the example below I’ve added a second -L option routing traffic from my local client on local port 6000 to another machine (192.168.0.25) in my home network on port 3389 (the Windows RDP port). In that scenario, running (in Windows) mstsc /v:localhost:6000 would allow me to RDP to my home machine, 192.168.0.25. In Linux, I would run rdesktop localhost:6000.

ssh MyPublicIPAddress -p 12345 -L 7000:192.168.0.12:5900 -D 15000 -L 6000:192.168.0.25:3389 -o TCPKeepAlive=yes -o ServerAliveInterval=30

2a. An extension of the port redirect function of SSH in #2, I’ve written a post on dynamically adding port redirects without having to kill an SSH session to add the new redirects, instead add them on the fly: Click here for the post.

3. SSHFS. Not much to say about it here, simply check my full writeup on the subject.

There are many others that you can find on commandlinefu.com, including one using port knocking.

SRI, then known as the Stanford Research Institute, hosted one of the original four network nodes, along with the University of California, Los Angeles (UCLA), the University of California, Santa Barbara (UCSB), and the University of Utah. The very first transmission on the ARPANET, on October 29, 1969, was from UCLA to SRI.

ARPAnet evolved into what soon became the Internet that we all know, love and depend on for information and freedom of expression.

Enjoy some links on the subject.

Computer History Museum

The History of ARPAnet

The first schematic of the original ARPAnet

An article on the 40th anniversary including a map which overlays the schematic from the link above.

Wikipedia article on the subject.

Simply sudo apt-get install weather-util, and set up the .weatherrc file, and you’ll have instant local weather, plus you can set up presets for weather at [work], [home] or [elsewhere], so you can get the weather for any city.

Google “weather-util” for more links on the subject. The application’s home page is here.

Here’s some sample output:

$ weather
Current conditions at Raleigh-Durham International Airport (KRDU)
Last updated Jun 04, 2008 - 01:51 AM EDT / 2008.06.04 0551 UTC
   Wind: from the S (180 degrees) at 10 MPH (9 KT)
   Sky conditions: mostly cloudy
   Temperature: 72.0 F (22.2 C)
   Relative Humidity: 73%
City Forecast for Raleigh Durham, NC
Issued Wednesday morning - Jun 4, 2008
   Wednesday... Partly cloudy, high 67, 20% chance of precipitation.
   Wednesday night... Low 96, 20% chance of precipitation.
   Thursday... Partly cloudy, high 71, 10% chance of precipitation.
   Thursday night... Low 97.
   Friday... High 72.

CenterIM is a pretty robust instant messaging client that runs entirely out of your command prompt. Simply sudo apt-get install centerim and you’re ready to go. It takes a little getting used to, but all the files you need are held in your home directory under ~/.centerim . Every contact gets their own folder under .centerim and gets contact-specific chat history logs. The master config files are held in .centerim as well. The first time you run the application, it will show an options window allowing you to configure your preferences. If you delete config file, it will rerun the preferences dialog when you next run the application, however you can access and modify the options by hitting ‘g’ from the main chat window.

CenterIM supports ICQ, Yahoo!, AIM, MSN, IRC, Jabber, LiveJournal, and the Gadu-Gadu IM protocol as well. Anyone familiar with pico, nano or irssi will be right at home with CenterIM.

We all know that when you simply delete a file, it’s possible to recover it later. Sometimes this is useful, if you accidentally delete something important, but usually this is a problem, and you really want that file gone forever. I will explain here how to delete a file in linux securely and permanently, so it can never be recovered. In addition, I will show how to completely wipe previously-used (available) space which will often have complete files or file-remnants which can otherwise be recovered. This applies to hard drives, external USB drives, thumb drives, etc.

To wipe your available (free) disk space, you’ll want to install the secure-delete application. Not only will this application suite offer applications that will wipe files and free space, but it will also wipe your SWAP partition and your system memory (RAM). Wiping RAM is important for privacy as well, since many files are stored in RAM and can be retrieved even after the computer is shut down, right off the chip!

First, install the secure-delete suite of applications:

sudo apt-get install secure-delete

Then, to wipe your /home partition’s free space, for example:

sudo sfill /home

The sfill the program will fill up all free space on the designated mount point by creating a huge single file. The the contents of this file are written in a number of special steps – ensuring that all areas of the disk which were previously free have had their contents erased. Once completed, the large file is removed, restoring your free space. You can sfill any mount point. Type man sfill for more info and options.

The command to erase existing files is “srm”, short for “secure rm”. Simply type

srm filename

Where filename is the name of the file you want to securely wipe/delete. You can also use wildcards (e.g. srm filenam*)

To wipe your system’s memory (RAM) use this command:

sdmem

SDmem is short for secure delete memory. You can run the command by itself, or with options. Type man sdmem for more info.

Similarly, sswap will securely wipe your swap partition. You must unmount your swap partition before using this command otherwise your system will likely crash. Once the wipe is completed, you can remount your swap partition. Type man sswap for more info. To wipe your swap space simply type:

sswap /dev/sda8

/dev/sda8 is an example. To find your specific swap device, simply type sudo fdisk -l, or cat /proc/swaps which will list your partitions and their device labels. Also to unmount your swap space, simply type sudo swapoff /dev/sda8 and to remount it type, sudo swapon /dev/sda8.

Download it here.

This application runs on any distribution, but I’ll discuss its installation on Ubuntu:

sudo apt-get install cpulimit

Once installed, type this to restrict any already-running application’s CPU utilization:

sudo cpulimit -p PID -l CPU%

Where PID = the process ID and CPU% is the maximum percentage of the CPU allowed for use. For example:

sudo cpulimit -p 8992 -l 35

This will restrict process ID 8992 to no more than 35% of CPU’s availability.

(To see a list of your running processes you can just run the command TOP which will list your processes in order of CPU utilization).

Look, it’s really not that hard.

Programs are still in the same place, in %ProgramFiles%, unless you need the 32 bit version, which is in %ProgramFiles(x86)%, except on a 32 bit machine, where it’s still %ProgramFiles%.

All those dll’s are still in %SystemRoot%\System32, just now they’re 64 bit. The 32 bit ones, they’re in %SystemRoot%\SysWOW64. You’re with me so far, right? Oh, and the 16 bit ones are still in %SystemRoot%\System – moving them would just be weird.

Registry settings are in HKLM\Software, unless you mean the settings for the 32 bit programs, in which case they’re in HKLM\Software\Wow6432Node.

So the rule is easy: stick to the 64 bit versions of apps, and you’ll be fine. Apps without a 64 bit version are pretty obscure anyway, Office and Visual Studio for example[1]. Oh, and stick to the 32 bit version of Internet Explorer (which is the default) if you want any of your add-ins to work. The ‘default’ shortcut for everything else is the 64 bit version. Having two shortcuts to everything can be a bit confusing, so sometimes (cmd.exe) there’s only the one (64 bit) and you’ll have to find the other yourself (back in SysWOW64, of course). And don’t forget to ‘Set-ExecutionPolicy RemoteSigned’ in both your 64 bit and 32 bit PowerShell environments.

Always install 64 bit versions of drivers and stuff, unless there isn’t one (MSDORA, JET), or you need both the 32 bit and 64 bit versions (eg to use SMO / SqlCmd from a 32 bit process like MSBuild). Just don’t do this if the 64 bit installer already installs the 32 bit version for you (like Sql Native Client).

Anything with a ‘32’ is for 64 bit. Anything with a ‘64’ is for 32 bit. Except %ProgramW6432% which is the 64 bit ProgramFiles folder in all cases (well, except on a 32 bit machine). Oh and the .net framework didn’t actually move either, but now it has a Framework64 sibling.

I really don’t understand how people get so worked up over it all.

[1] Ok, so there is a 64 bit version of Office 2010, but given the installer pretty much tells you not to install it, it doesn’t count.

Via Cup(Of T).

As I’ve often stated I prefer Linux, using Windows only when I must. However, from an administrative perspective it’s really helpful if while using Linux for various administrative tasks, one can streamline their work environment and engage in some common tasks such as starting or stopping Windows services at will from Linux.

To get a list of all available services on a Windows PC or Server, type the following from your Linux command line:

net rpc service list -I IPADDRESS -U USERNAME%PASSWORD

If you have a complicated password that uses symbols (such as ! # @, etc) you will find that entering the password (even in “quotation marks”) will not work, you will have to leave the @PASSWORD blank, and just enter the USERNAME, you’ll then be prompted to enter the password manually. Also note, some services may have spaces in their name. If so, simply “enclose the service name in quotes” to start or stop that service.

If on a domain . . .

net rpc service list -I IPADDRESS -U "domainname\username"

You will then be prompted for the password. Once you’ve authenticated, the list of services will scroll on your screen.

To stop any service:

net rpc service stop SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD

or if on a domain

net rpc service stop SERVICENAME -I IPADDRESS -U "domainname\username"

To start any service:

net rpc service start SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD

or if on a domain

net rpc service start SERVICENAME -I IPADDRESS -U "domainname\username"

You can do more than stop or start services. This functionality stems from SAMBA on Linux. You can add and remove users remotely, change user passwords, kill print jobs, show all users for a specified group, list all groups, shutdown the server or PC, shutdown-and-restart the server or PC and much much more: just type “man net” for more information, however, here are a few gems . . .

To list all the shares on a PC or Server (example):

net rap share -I 192.168.0.5 -U "mydomain\john"

To list the Print Queue on a PC or Server (example):

net rap printq -I 192.168.0.5 -U "mydomain\john"

To get the name of the server you’re accessing (example):

net rap server name -I 192.168.0.5 -U "mydomain\john"

To list ALL the open SMB/CIFS sessions on the target computer (example):

net rap session -I 192.168.0.5 -U "mydomain\john"

To reboot the server or PC and force all apps to shutdown gracefully:

net rpc shutdown -r -f -I 192.168.0.5 -U "mydomain\john"

These commands can easily be scripted with or without variables (for the IP addresses) to speed up the process.

From their home page:

BleachBit quickly frees disk space, removes hidden junk, and easily guards your privacy. Erase cache, delete cookies, clear Internet history, remove unused localizations, shred logs, and delete temporary files. Designed for Linux and Windows systems, it wipes clean 70 applications including Firefox, Internet Explorer, Flash, Google Chrome, Opera, Safari, Adobe Reader, APT, and more.

It is available for most Linux distributions. Here is a great write-up on it from Linux Magazine.

Once a professor has chosen to customize a textbook, it gets a unique URL allowing students of the class in question to download or publish on-demand the customized textbook. I found the subject catalog a bit limiting right now, but I would expect that to grow over time. This site is still worth examining if one is an educator or student looking for community driven, affordable teaching/learning materials. Some authors also put out podcasts on their books, accessible from the site. I’m also sure Flatworld Knowledge would enjoy hearing from some who are interested in writing a textbook of their own for peer review and publication by them.

I noticed there aren’t any textbooks about computer science: perhaps some out there is willing to change that!

]]> http://www.lylebackenroth.com/blog/2010/04/19/remixable-textbooks-by-peer-reviewed-authors-for-community-use-in-education/feed/ 0 http://www.lylebackenroth.com/blog/2010/04/16/easily-find-your-hardware-specifications-and-some-system-monitoring-commands-in-linux/ http://www.lylebackenroth.com/blog/2010/04/16/easily-find-your-hardware-specifications-and-some-system-monitoring-commands-in-linux/#comments Fri, 16 Apr 2010 12:43:30 +0000 lyle http://www.lylebackenroth.com/blog/?p=582 When a PC or server is running Linux, you often want to know exactly what sort of hardware is actually running inside the box and more importantly whether it is supported by the kernel. Here is a list of commands which should help you to learn about your system and some of its specifications. In some cases, these commands may not work as listed below if you’re running a Red Hat or Fedora based distribution. In those instances simply specify the path to the command which will be /sbin/command.

If any of the output runs off your screen, just add |more to the end of any of these commands to see the output one screen at a time and hit the spacebar to go to the next screen, or Q to quit.

Processor type:
$ cat /proc/cpuinfo

Is the processor using 32 or 64 bit instruction set:
$ cat /proc/cpuinfo | grep flags | grep lm
If you get some output you have a 64 bit CPU. If you receive no output, then you’re using a 32 or even 16 bit CPU. The reason this is the case is that the CPU yields many flags that tell Linux what sort of processor it is, and the lm flag informs Linux that the CPU is a 64 bit processor. Grep as a command filters output. Feel free to run this command without the grep suffixes (cat /proc/cpuinfo) to see the full output of your CPU details.

What hardware (audio, video, disk controllers, etc) is in my Linux box:
$ lspci -tv
(The -t switch groups similar devices together for easy reading and -v offers more verbosity.)

To easily filter out the above command to just show graphic card information:
$ lspci | grep VGA

What USB devices are plugged in:
$ lsusb

Check the size of the hard drive and what hard drives are available in the system.
This command will also list USB drives and sticks. You need a root permissions to execute the fdisk command:
$ sudo fdisk -l | grep GB

Show info about a particular hard disk including firmware revision (replace sda with the appropriate drive as listed from the above command):
Note: This will only work on internal disks, NOT USB drives.
$ sudo hdparm -i /dev/sda

Check what partitions and file system is in use on my hard drives (same as the above command, but essentially more verbose):
$ sudo fdisk -l

Locate CD/DVD-ROM device file which offers a CD/DVD-ROM’s make and model info:
$ wodim –devices
or
$ wodim –scanbus
The above command will scan your entire system bus for attached devices (this won’t include USB Devices as they are not direct-bus-attached devices).

What modules are currently loaded:
$ lsmod

get a information about any particular module:
$ modinfo module_name

remove modules:
$ modprobe –remove module_name

load a modules to the kernel:
$ modprobe module_name

What hardware is using which module.
The -v switch is for vebosity, where -vvv is EXTRA verbosity.
$ lspci -v
or
$ lspci -vvv

Check for PCMCIA cards:
$ lspcmcia

How much RAM is installed in my Linux and how much of it is in use (megabytes).
It will also include swap memory:
$ free -m
There is a gigabyte switch, but it *rounds* it down, so it isn’t very accurate for RAM info:
$ free -g

Check sound card settings. This command will reveal whether your sound card is installed and what modules are in use:
$ cat /dev/sndstat

Available wireless cards:
$ iwconfig

What speed is set to FANs:
$ cat /proc/acpi/ibm/fan
If this command doesn’t work, then feel free to peruse the /proc/acpi directory on your system. You will find info available on your CPU, AC Adapter, Battery, etc. Some info is available here, and your mileage may vary for viewing any of the files in /proc/acpi.

Get a battery information on your laptop (assuming it’s been installed):
$ powersave -b

To find out what Linux Kernel you’r running:
$ uname -a

To find out what distribution of Linux you’re running:
Run any of these commands, as depending on your distribution some may or may not work.
$ cat /etc/issue
$ cat /proc/version
$ dmesg | head -1

Get a recent history of system reboots:
$ last reboot

To open any file from command line using the default application (will launch the correct graphical application for the file, as though you had doubled-clicked the file graphically):
$ xdg-open ./filename

To monitor all active network connections, and update live every second:
$ watch -n.1 ‘netstat -tup’

To passively list all connections, active or inactive:
$ ‘netstat -tupl

http://savevideo.me/

Saves the movie as a .FLV (Flash Video) file.

Current photocopiers can produce copies very rapidly because they scan the page only once and store it digitally on its internal hard disk. It uses that image file to then print copies using similar technology found in laser printers. Indeed, many copiers today can function as a direct printer for your PC (or even e-mail your document directly from the copier) which requires a network connection; this means many units can be addressed remotely and is therefore vulnerable to remote perusal.

For personal and private documents, a personal scanner & printer (at home) might be the wiser choice.

Here are some very useful commands, that any power user would find helpful:

1. Start a simple webserver to serve up any directory as browsable from anywhere (for file transfers):

$ python -m SimpleHTTPServer

I’ve mentioned this in past posts. This is a simple command, that when run from any directory will launch a simple python web server that will serve up the local directory as a browsable directory using a browser such as Firefox or Chrome. Any subdirectories underneath the local directory from which this command is run will also be browsable. You can right-click and save any file or left-click it to attempt to view it on the fly. This works very well over SSH sessions, when you want to transfer a file, but don’t want to engage SSHFS or SCP. You can background the process with a ctrl-z, bg, then pkill python to stop the web server from running, or just leave it running in command prompt and ctrl-c to end it.

2. Record your desktop and pipe the output to an mpeg file.

$ ffmpeg -f x11grab -s wsxga -r 25 -i :0.0 -sameq /home/john/desktop.mpg

• -f allows ffmpeg to grab the data properly from the x11 framebuffer
• -s sets the size of the screen to actually record, starting from the upper left of the screen. Here wsxga denotes a specific preset resolution (in wsxga’s case that would be 1600 x 1024). You can however type any resolution you like in manually (e.g. -s 1024×768). You will need to know the resolution of your desktop to set this correctly.
• -r sets the framerate. This could be left out as 25 is the default.
• -i sets which framebuffer to take, since XWindows can run in multiple sessions, generally you’ll want to leave this setting alone.
• -sameq forces the same quality was what is being fed in by the source (in this case the x11 framebuffer). This is helpful to have a max-quality video, though you may want to try other settings to degrade the quality to keep the file size down. If you’d prefer to reduce the quality on the fly, replace -sameq with -qscale x where x is 1 – 31. These are preset quality settings, with 1 being the highest and 31 being very poor video quality. I have found -qscale 10 to be the sweetspot between quality and file size.
• If you’d like the file to be a bit smaller and if you prefer an .AVI to a raw .MPG, then simply remove the /home/john/desktop.mpg in the command above and replace it with:
  • -vcodec mpeg4 /home/john/desktop.avi
    • This is file will be a bit smaller using the mpeg4 codec in an avi container. You can still use the -qscale option with this change.

3. Copy an entire directory tree through ssh using on the fly compression through an SSH session (no temporary files!):

$ ssh <host> 'tar -cz /<directory>/<subdirectory>' | tar -xvz

Just enter the <host> to SSH to, and the host’s <directory> and <subdirectory> path to compress that subdirectory on the fly at the host, but decompress it as it arrives locally to your current location and path. This will have the advantage of not taking up any extra space at the host (since the files are compressed as they’re transmitted) and easily drops the entire directory tree specified onto the client uncompressed, saving time and bandwidth and transmission time.

This works well for large directory trees and is easy to use for a quick copy where you don’t want to spend a lot of time compressing it at the host manually and transmitting the compressed file, then uncompressing it, then deleting the original compressed file created at the host. Note: This will replicate the full directory path at the client side (desired).

SCP or RSYNC are recommended for automated backup though, this is more appropriate for a 1-shot copy of a large directory.

4. Resize any image files in the current directory to Width x Height specifed (regardless of image format)!

$ for a in `ls`; do echo $a && convert $a -resize <Width>x<Height> $a; done

Simply do a man convert to learn more about the convert program, other options can be added into the command. Also this is a great syntax for doing ANYTHING to any files in a particular directory that would be a batch process consistent with all the files in that directory.

5. Grab a screenshot of the current desktop to the current directory

$ import -pause 5 -window root desktop_screenshot.jpg

This command will wait 5 seconds (assuming you want some time to set up the shot and to get the command prompt out of the way) and take a snapshot of the root (primary) desktop currently running. This command requires imagemagick be installed.

Being an obvious proponent of Open Source (also known as FOSS), I generally use only Linux and Open Source software. I own an Android phone, my home machines run Linux and wherever possible I try to deploy Open Source software professionally where possible & appropriate. I’ve never owned an Apple/MAC or an iAnything. In fact, my Sansa e280 media player runs Rockbox, the Open Source Jukebox Firmware for media players instead of the closed source software shipped with it. I have owned Windows systems and played with DOS in my youth, but once I reached the age of liberation I made a conscious choice to walk down the less trodden path and have reaped the rewards for it.

We’re all interdependent and this fact is ignored by many. Both Microsoft and Apple deny that the very foundations of their closed source products are rooted in the collaboration of the community, rooted in Free and Open Source Software (FOSS). Indeed, Apple’s OS is based on FreeBSD, while .NET (Microsoft’s primary application framework) is clearly drawing its inspiration from JAVA.

UNIX is one of the seminal operating systems which in many ways has influenced the world in which we live and I contend, moreso than Apple or Microsoft. In some of its core applications under the hood, some Windows code is based on FreeBSD. Simply click here for an example of which there are many, or this link, or this link. Although not a majority of it; I wouldn’t want to demean BSD by drawing parallels between the two <smirk>.

Of course as we all know, Apple is based on FreeBSD. Mac OS X is based upon the Mach kernel, parts of  FreeBSD’s and NetBSD’s implementation of Unix were incorporated in Nextstep, the core of Mac OS X. See this link for more info (Wikipedia).

Internalizing these facts in consideration helps me to realize that raw creativity, intelligence, community and ingenuity can provide great fulfillment, certainty and happiness in many spheres.

Having said all of the above, reading this article brought a smile to my face. It is a summary of Jonathan Schwartz’s blog post which can be read in its entirety here.

(Launchpad link):

A dynamic tunnel SSH multiplexer. When heavily using a Dynamic SSH tunnel, this application will open concurrent SSH tunnels to multiplex the load. This is useful when using torrent connections locally, or when using your computer to share internet access via the dynamic proxy.

To install on Ubuntu Karmic:

sudo add-apt-repository ppa:martineve/ppa

sudo apt-get update

sudo apt-get install sshsplit

If no arguments are passed, you can run sshsplit from command line and it will bring up a convenient GUI for on the fly configuration.

In the event of a failure when you need to do a restore, you can order a drive to be mailed back to you (2 day priority) or download the data you need off their servers.

They also offer a nice little interactive table showing their pricing structure against other popular services where you can modify the amount of data you want to store to see how the pricing would change across different providers.

Crashplan offers a variety of plans that either count or don’t count the number of machines being backed up. Accordingly, plans vary from $4.50/month to $8.33/month depending on your needs. I have not yet tried the service, but I may consider it for backing up vital files to a secure off-site location.

I know of some folks who prefer services like Carbonite, but they don’t seem to support Linux. Another alternative, Jungledisk (front end to Amazon’s S3 cloud) has a Linux client for their backup server product, but I’ve never tried it. I have tried Jungledisk for Windows servers, and it works well, but Amazon meters the data being transferred to and from their cloud whereas Crashplan does not.

Ubuntu is running an application called “landscape-common”.

More on this application here. The easy thing to do here is to simply type update-motd – -disable and you can then modify your MOTD. Also I have noticed that sometimes, the contents of motd.tail will overwrite the MOTD, so I would simply make sure whatever you want in /etc/motd is also in /etc/motd.tail. [On Debian systems, the system message of the day is rebuilt at each startup. /etc/motd.tail is the file to edit permanent changes to the message of the day].

Ultimately, I have settled on a system known as eCryptfs. Of course, this runs only on Linux. However Windows/MAC users could access encrypted data on a Linux server if the decrypted data were presented with a SAMBA share.

eCryptfs is a kernel-native, stacked cryptographic filesystem for Linux. This means that it will run seamlessly with an existing Linux install and its filesystem. A stacked filesystem is one that is layered ontop of an existing filesystem (such as a transparency laid over a page beneath). As data is read from or written to the disk, data is encrypted or decrypted on the fly.

The flexible part of eCryptfs is that it embeds the cryptographic metadata into the header of each file. The benefit of storing the cryptographic metadata into each file is that any one file can be given to a friend, or sent through e-mail or copied by any other means and the recipient can conveniently decrypt the file so long as they have correct key (password).

Most encryption programs are not this versatile. They require special software or require that the file be separately encrypted so that it could be transmitted, and even then the recipient needs to jump through many hoops to decrypt the file. The only exception to this is PGP or GPG. GPG makes is very convenient to transmit files, but does not work well on large directories of files. eCryptfs bridges this gap very nicely. Also, since eCryptfs uses a stacked filesystem, there is no limit to what can be put into the directory for encryption, or subdirectories. They will simply and naturally fill the drive like any file would without any preset encrypted container limitations.

In Ubuntu (or any other Debian based distro) the following steps will allow one to easily encrypt an entire drive, directory or file.

To begin encrypting and decrypting your data, simply install the ecryptfs utilities.

sudo apt-get install ecryptfs-utils

Once installed, create a directory mystuff (or any name you like). This will be where you’ll store your data to be encrypted. The directory can be made anywhere, your home directory or any storage device (USB key or USB hard drive). It is important to note that you cannot encrypt a directory with data already in it. The easy way to accomplish this is to follow the steps below, then move the data from the original directory to the newly encrypted directory. You can rename the newly encrypted directory to match the original once the files have been moved and the original directory deleted.

mkdir ./mystuff

To be extra safe here, be sure only your Linux user has rights to the files in the directory. To accomplish this, simply change the permissions on the directory. The commands below assume you’re already in the directory where your new directory was just created (like your home directory). You may need to specify the full path to the directory if you’re not executing the command from that location.

chmod 700 ./mystuff

Now, you just have to leverage the encryption already available in your Linux kernel. To do this, you must layer the encrypted transparency, if you will, over the unencrypted directory. This is done by re-mounting the directory with the encrypted transparency layer.

sudo mount -t ecryptfs ./mystuff ./mystuff

This command simply remounts the exact same directory, however with the encryption overlay in place. From this moment forward, any files written to the mystuff directory will be encrypted. Also any files read from the directory will be decrypted on the fly (until the transparency is removed by unmounting the transparency, but more on this later.) Until the directory is dismounted from its encrypted transparency layer, the files will be easily readable and silently encrypted/decrypted on the fly.

Once the above command is executed, eCryptfs is going to ask some questions. The answers to these questions dictate the nature of the encryption.

It is perfectly safe to keep hitting <enter> on every one of these questions. This will use the defaults which are very well selected. There is one exception however. One question asks if you’d like to enable filename encryption. The default answer here is no. In many cases, the filenames themselves offer a lot of information about its contents and that alone is more than many want revealed. For example, a filename named “Bank Account PIN numbers 2009” would certainly be a target file and while helpful for you in organizing your data, would be too much information to reveal if anyone were able to get a directory listing of the files in question. To prevent this, answer yes when eCryptfs asks to enable filename encryption (again, the default will be to not scramble the filenames).

One other question which might confuse is the plaintext passthrough question. If enabled, this option allows non-encrypted files to be used inside the mount, which to me defeats the purpose of an encrypted directory. Allow for the default answer to this: no.

At the end of the process, eCryptfs will alert that this is the first time you have used your passphrase, and will ask if it can save a hash of it. It is safe to answer yes to this question. If keeping a hash of your passphrase is a source of concern, then I would encourage more research on the subject.

At this point, you may write, delete, read as much data into that directory as you’d like. The files will remain free to access until you dismount the encrypted layer, leaving you with the closed, encrypted files. To dismount the transparency, simply dismount the directory.

sudo umount ./mystuff

At this point, any attempt to read the files will fail. You can browse the encrypted files themselves, but the filenames will be scrambled random characters and the contents will be totally incomprehensible.

To reopen your encrypted files, simply remount the encrypted directory as we first did earlier. However, upon doing this eCryptfs will ask all the same questions it did before (key type, your passphrase, the cipher, and the key length), so it will know the parameters of this particular encrypted directory. It will ask these questions every time you attempt to mount your encrypted directory. Fortunately, this can all be automated (except the passphrase entry obviously) so as to speed up the process.

The command can be given ahead of time and written into an executable script:

sudo mount -t ecryptfs /home/johnny/mystuff /home/johnny/mystuff -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=y,ecryptfs_fnek_sig=ed221f243b153323

Be mindful of the last option in the command above, namely ecryptfs_fnek_sig. When you first encrypt your directory, eCryptfs will tell you what the ecryptfs_fnek_sig is for your specific directory (or drive). You’ll need to enter this unique number into your command so that you will have a smooth and quick mounting process. Type this entire command into a text file (obviously replacing /home/johnny/mystuff with the actual path to your encrypted directory and entering your unique ecryptfs_fnek_sig number), save it (I’ll call mine crypt) and make it executable by typing:

chmod +x ./crypt

While you’re at it, create a quick script to dismount the encrypted mount.

sudo umount /home/johnny/mystuff

Then make it executable using the chmod command as shown above.

Of course in Linux you can also create a custom application launcher (a graphic on your taskbar or desktop) that can execute these scripts with the click of the mouse.

Not every EEE PC is built the same, nor do they use the same video drivers. Therefore first, you have to find what the minimum and maximum resolutions are available for your unit. To see this, simply type this in command line:

xrandr

As an aside, the commands below work with any Linux system, EEE or otherwise. This command will tell you the minimum and maximum resolution of your screen plus the available “standard” resolutions.. mine were:

Screen 0 (the local screen): min 320×200 ………. current 1024×600 ……… max 1024.x1024

Available standard modes were: 1024×600, 800×600 and 640×480.

To max out my screen resolution I chose to work with 1024×1024, that would give me the most pixels (+ the most panning) but it would show me more of an application in a glance. Normally working in 1024×600 (native resolution of the EEE PC 1000HE) I’d have to hit F11 to go to full-screen mode in Firefox. Now, running in 1024×1024, I can run without full screen mode and can see a nice portion of my browser window. The panning isn’t much of a bother, and I feel less constrained on the desktop.

To change the resolution to the max specified by running xrandr above, type this:

xrandr --output LVDS --panning 1024x1024

. . . and voila !  Instant pan/scan screen. To change it back to the original resolution …

xrandr --output LVDS --panning 1024x600

Place these two commands in separate scripts with execute rights, then attach to a launcher and place on your taskbar and/or desktop and you can do this in one click.

###

UPDATE: On Ubuntu 9.10, this command WORKS, however, the local display is now LVDS1, not LVDS.

They’re sorted newest-first, so click the <previous entries> at the bottom of the page to see the prior scripts.

Here’s also a few links on learning the basics of shell scripting:

IBM’s extensive site on the subject.

Linuxcommand.org

Simply sudo apt-get install cpulimit. More info can be found here.

Using GNOME

• Get to the System->Preferences->Keyboard menu.
• Select the “Layouts” tab and click on the “Layout Options” button.
• Then select “Key sequence to kill the X server” and enable “Control + Alt + Backspace”.

Click the link below for the full article and how to do it in KDE.

Source: Ubuntu Geek.

I recently had to run a ReiserFsck myself on one of my primary home Linux boxes off a Live-CD; worked very well!

Here’s the link for reference:

NOTE: The above link is just a broad stroke introduction to some of the more commonly used repair functions, a lot more research is needed by the user if in-depth recovery of a hard disk or repair is required.

Don’t forget to chmod +x ./script-name on each.

Script 1

#!/bin/bash
#
# Dump m4a to wav (first step in conversion)
for i in *.m4a
do
mplayer -ao pcm "$i" -aofile "$i.wav"
done

Script 2

#!/bin/bash
#
#Second step... use lame to convert into .mp3

for i in *.wav
do
lame -h -b 192 "$i" "$i.mp3"
done

Script 3

#!/bin/bash
#All the m4a's are now mp3's, however..
#the file will look like "filename.m4a.wav.mp3"
#So, to clean that up we remove extraneous extensions.

for i in *.mp3
do
x=`echo "$i"|sed -e 's/m4a.wav.mp3/mp3/'`
mv "$i" "$x"
done

While FreeNX and NoMachine’s NX server are out there, NoMachine’s NX server is not free, and FreeNX according to Google, was a bit top heavy and difficult to maintain. I see this as an exciting development.

It is now available for download.

Here’s the article on it.

Here’s where you can download it.

To do this simply check out the carrier listing and look for your carrier. Then email TheNumber [at] carrier’s-doman.com (example) and you’ll SMS that phone.

It’s a pretty basic tip, but I’ve met people who think they need a cell phone (or an IM client) to SMS a cell phone and fortunately, this is not true.

The same Wikipedia page explains how to send E-Mails via SMS using a carrier’s special SMS email code.

Cheers.