I'm not a huge proponent of anti-virus. It's not that I think I won't get one. It's just that I'm usually running an OS that's not a big target for viruses. I can't even list one AV tool specifically for OS X, BSD or Linux, but I'm sure something exists. I just stick with NoScript and RequestPolicy on FireFox to keep the browser malware at bay.
With Windows 7, I figured it might be time to look into AV if for no other reason rhan to get rid of the nagging system tray icon warning me that my computer might be at risk. Then, just today, Keith posted a list of free AV solutions for Windows. I went with MS Security Essentials. It stays out of the way for the most part from what I've seen, but it's not like I've tried pulling up a bunch of Russian Serialz, Crax & w4r3z sites or any crap like that -- A move I'd consider to be asking for trouble.
I know plenty of readers are Windows users, by choice or by force (employer?)
What have you had the best luck with? What other anti-malware tools are you using for yourself or for others who already hosed their systems up?
2009-12-29
Free Antiviruses
From the comments: Apache + UserDir + Chroot on OpenBSD
In the comments on the OpenBSD 4.6 OAMP article, azhax and I hashed out how to get UserDir functioning in a chroot. I don't usually need UserDir, but it's a common configuration for multi-user systems such as those found at universities and ISPs. It's definitely worth covering.
#!/bin/sh#addwebdir.sh#syntax: addwebdir.sh [username]mkdir /var/www/users/$1chown $1 /var/www/users/$1ln -s /var/www/users/$1 ~$1/public_html
2009-12-28
Windows 7 on a MacBook: Kind of a pain to install
But it's sweet once it works with all the drivers installed
Let me step back a bit. I already had a license for Win7 Home Premium upgrade. That means I had to install it on top of Windows XP or Vista. So, I had to install XP Home first, which I also had a license for. Getting XP up and running was the root of my issues.
A while back ago, Apple pushed out an EFI update that supposedly removed the necessity to use BootCamp to install Windows or any other OS, really. With a spare partition on my hard drive, I decided to clobber Ubuntu, and install Windows XP over it. That ended up trashing the entire partition table, and bricking my MacBook.
Time Machine to the rescue. 3 hours later, I had restored my OS X partition from bare-metal to a point-in-time backup where the only thing I lost was 30 minutes of browser history. In other words: it worked perfectly. 45 minutes later, XP was installed, but the boot.ini file was pointing to the wrong partition. Using the XP recovery console to attempt a repair, I had whacked my partition table. AGAIN. Wash, Rinse, Repeat.
You need XP SP2 or higher, as it turns out. I guess I should have read the entire Boot C(r)amp manual first. I used BootCamp Assistant to create the partition this time, instead of partitioning it during restoration with the OS X install CD. Once XP Home SP2 was installed, I was without any drivers. The OS X CD supposedly contains them, but it was showing up as a blank disk when inserted. I wasn't worried about video drivers, or audio, or anything other than getting it on the network so I could activate Windows and commence the upgrade to Windows 7. For that, I ended up using a Linksys USB wireless adapter (and the driver CD). Then it was home-free.
Windows 7 installed fine without a lot of problems. It had many of the drivers already built-in, including the wireless. The audio and touch-pad drivers were sub-par, though. Other things like the iSight had non-existent support. Again, the OS X DVD I have wasn't showing the drivers under Windows 7 either and the BootCamp download from Apple wouldn't even run. I finally found a BootCamp driver download on the Digiex forum. Of course, you will want to use third-party supplied drivers at your own risk, but it seems to be working pretty well.
All in all, I burned almost an entire waking day attempting to get Win7 installed on my MacBook. A good part of that was the initial install of XP. Going straight to Win7, at least once you have the drivers, is probably not too bad. I can't stress enough how important it is to have a good Time Machine backup before you start, though.
End result:
Let it never be said I'm completely bigoted when it comes to Microsoft. My wife has been using 7 for a few months, and I'm already digging it. This may be Microsoft's best Windows release since Windows 2000, which I also had plenty of good things to say about.
Time will tell as I put it through its paces, but usability is just as good as OS X now that all the drivers are working properly, and this is a rather comfortable operating system for daily use.
Labels: Apple, microsoft, Operatingsystems, Windows
2009-12-22
Guest Post: Setting up a Pfsense firewall
This is a guest post by BIOSshadow. You can follow him on Twitter and at his blog, Geek Crack.
Pfsense is a free, as in speech and beer, firewall for home, business, and any other purpose you can think of. It's based on FreeBSD, so it's very stable and has a very good TCP/IP stack. It has a serious feature list.
I have to explain how little PfSense needs in the hardware department. My setup is an old desktop computer that a client gave me because it "went bad." The power supply unit blew out during a lightning storm in the middle of the night. Anyway, it's a single core Intel processor, I am not sure what speed, with 512 MB of RAM, and a 40 GB hard drive. Now the only reason I have 40 gig is because it was easier to keep in there than fight the case, and put in a 10 gig I had around. So any basic computer you have around will work. But as with any computer, the more memory the better. I will get into that later.
You will need a video card/monitor and keyboard and of course a Pfsense CD. USB keyboard will work, a PS/2 won't need to load extra drivers. After the install and a little configuring is done, you can remove the video card/monitor and the keyboard, you can do everything through the web panel or SSH connection, if you turn it on.
Now onto the setup. (Note: For the screenshots I am using VirtualBox. This for the screenshots only). When it boots up to the bootloader, you want to boot with default, either by waiting for the timer to run out or by hitting enter.
Now if you have two NICs, which I recommend, you do not need to setup VLANs, but you can. If you only have one NIC, you need to setup at least two VLANs.
Now this is one of the great things about Pfsense that I can't find anywhere else: You unplug the ethernet cables, and it askes you to plug in the LAN cable into the LAN NIC. Then it does the same for the WAN cable and NIC. Now if you want to setup a DMZ with third NIC this where it do it.
Pfsense will ask you if you want to proceed and then build the config files and startup all the daemons, like the Web Panel and others. Congrats! You have running Pfsense firewall, but everything is in memory and running from the CD. If you want run it like this then you are set, but if the power goes out you will have to set it up again using a backup config file or from scratch. If you want to install to a hard drive you will need to type "99" and hit enter to continue.
The hard drive installation is menu-driven and easy to use. If you are having issues, feel free to edit the setting and accept when done.
Select "Install PfSense" and select the hard drive you want to use. Format the disk and select "use this Geometry".
If you are lucky enough to have a muilti-processor system or are using a embedded system, select those options. Now remember this is "muilti processor" not "muilti-core processor".
Now Pfsense is installed and ready to go. Just restart it and remove the disc.
After the reboot, we will need to setup local IPs and their ranges. Unless, of course, you have a separate DHCP server, then set it up to connect to the server.
The IP settings are all up to you, I used a normal home setup for the sanity of my family (networked printers, NAS, and etc.) just remember the IP you give Pfsense, because you will need it to access the Web Panel.
Now you are all set up. You can unplug the monitor and keyboard, and other stuff were using for set up.
Now back on your computer, open up a browser and go to the IP of Pfsense. The default username is "admin" and the default password is "pfsense".
Of course, you want to change the password and if you want, you can change the username as well. To do so on the red navigation bar at the top, hover over system and click on General.
To enable SSH, which I recommend, you need to go the the Advanced section of the System Menu.
If your ISP is like mine, your MAC address is tied to the account and if you use it, you don't get access to the Internet. To edit it Go to Interfaces and then WAN.
Now you have working Pfsense firewall, have fun!
There are a few things Pfsense lacks, like a Squid proxy and A/V scanner. But it makes it up with its packages. It has quite a few packages, but remember: the more packages, processes and packets it handles, the more memory it uses and the lag increases. But they have packages for Snort, Squid, SquidGuard, and an A/V scanner.
Well there it is: a completely setup and configured Pfsense, with A/V scanning, proxy and traffic monitor.
Labels: firewall, FreeBSD, guestposts, InfoSec, networking, Operatingsystems, pfsense
2009-12-19
Personal Radio Serice
The United States has 4 sets of frequencies under the category of "Personal Radio Services" which any one can use with certain restrictions on power output, antenna height and location. There are three others (MICS, WMTS and GMRS) under this category however they require that you are either a medical care facility or have special permissions or certification to use.
No FCC License Required Frequency Bands:
- CB (26 & 27 Mhz) HF 4W AM Carrier, 12 W PEP Single Side Band
- MURS (151 & 154 Mhz) VHF FM 2 W
- LPRS ( 216-217 MHz) UHF FM 100mW
- FRS(462-467 Mhz) UHF FM 500 mW
- MICS - Health Care Services - (402-205 Mhz) FM UHF
- WMTS - Health Care Services - (1429 to 1432 MHz)-(1395 to 1400 MHz)-(1429 to 1432 MHz) - FM UHF
- GMRS (462-467) - Certification required - FM -UHF 5W+
I also found that CB radio used to be the old 11 meter HF amateur radio band. The nice thing about HF radio is that its range is greater than line of sight due to atmospheric bounce. The FCC limits the power on most of these frequencies because in order to amplify a signal they have to take great care in not creating interference on other frequencies.
GMRS radios are readily available but require a license to use. The GMRS radio license allows for the use of repeaters and higher output. FRS and GMRS share several frequencies, the difference is that GMRS radios are allowed to broadcast at 5W instead of just 500mW.
You can find FRS/GMRS radios just about any where for under 20$, MURS radios range from
50$ to 100$, CB's range between 40$ to 100$, I couldn't find anyone selling LPRS.
Links:
CSG, Computer Support Group, Inc. and CSGNetwork.Com , "Glossary" (Accessed Dec 2009)
http://www.csgnetwork.com/
http://www.csgnetwork.com/gmrsfreqtable.html
http://www.csgnetwork.com/frsfreqtable.html
http://www.csgnetwork.com/mursfreqtable.html
http://www.csgnetwork.com/cbradiofreq.html
http://www.csgnetwork.com/lprsfreqtable.html
http://www.csgnetwork.com/micsfreqtable.html
Federal Communications Commission. " Personal Radio Services" (Accessed Dec 2009)
http://wireless.fcc.gov/services/index.htm?job=service_home&id=personal_radio
See also:
HAM it up!
http://www.h-i-r.net/2009/04/ham-it-up.html
Introduction to Proximity Cards
http://www.h-i-r.net/2008/09/introduction-to-proximity-cards.html
Labels: radio
2009-12-16
Sci-Fi: Kourier or Deliverator?
Pardon the Snow Crash reference. Two of the main characters were "delivery folks". One, a pizza deliverator with a formidable car for such tasks. The other was a skateboard Kourier. At any rate, I both chuckled and boggled over this one.
2009-12-12
HiR's Best of 2009
In the #2 spot this year: The Evil WiFi Series of articles.
#4: Testing an ATX power supply - Again. It was on the 2008 list as well.
#5: Open Letter from Geeks to IT Recruiters and Hiring Managers
Down to #6 from our #2 spot in 2008: Tethering.
Up two spots from last year to #7: Jornada WiFi Scanning
#8: CHDK
Labels: HiR Info
Open Source DJ Mixxxing. Oontz Oontz Oontz Oontz
Mixxx.
I've been playing with Mixxx for a while now. Not quite as fully-featured as some of the cheapware DJ Mix stuff that I was only able to find for Windows. Mixxx shows a lot of promise. It's open-source and cross platform. Get your dance party on!
I like the fact that I can jack an external USB sound device in and it gets recognized, so you can cue up your next track on your headphones while the main track is on the house speakers.
Yes. I have Rockell and Nine Inch Nails showing on that screen at the same time. LOL.
Labels: music, opensource, software
2009-12-11
VirtualBox tip: Disk errors? Try emulating SATA.
I had to do this to get both OpenSolaris and FreeBSD 8 working properly in VirtualBox. During boot, or occasionally during Installation, the VM would completely spaz out. The Guest OS would start dropping disk errors all over the place. Like this:
The solution ended up being easy. Detatch your VDI disk image file from the emulated IDE controller.
Create a new virtual SATA controller.
Click the stack of disks next to the new controller to browse for .VDI images
Then re-attach your exiting VDI file to the SATA controller.
This simple tweak was all that I needed. The virtual machines seem to run just fine now. If you're having trouble with some guest OSes working in VirtualBox and it appears to be related to disk errors, give this a shot. Oddly, OpenBSD, Haiku and Ubuntu have worked just fine with the default settings and emulated IDE controller. So far, OpenSolaris and OpenBSD are the only ones I've really had problems with.
Labels: storage, virtualbox, virtualization
2009-12-09
How to better fix the GDM "face browser" login issue
It's really not that hard. I went poking through the documentation for gdm-simple-greeter and found an option outlined called disable_user_list. It took me a bit to figure out how to disable the feature, and I broke gdm a bunch of times before googling it and finding a great post by [daten] on the Fedora forums that outlines it.
So first, if you followed my angrily-penned directions from last night, undo that with these steps:
In a terminal window, execute:
$ sudo dpkg-reconfigure gdm
(select gdm instead of xdm at the dialog box)
$ sudo /etc/init.d/xdm stop
(X11 will bail. Go ahead and login at the console prompt)
Continue as below, starting with the gconftool-2 command. You don't have to stop gdm, obviously. You can just start it.
If you didn't switch to xdm first...
Now, we can simply tell gdm to disable the user list with a lengthy gconftool-2 command. Make sure you scroll to see the whole thing:
$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set /apps/gdm/simple-greeter/disable_user_list true
Log off. The change may not take effect until you stop and start gdm. If you still see the user list, press ctrl-alt-F1 to get to the console, log in and run the following commands:
$ sudo /etc/init.d/gdm stop
$ sudo /etc/init.d/gdm start
At that point, you should have a new, still squishy and pretty login screen without the face browser of doom.
FYI, "axon" wasn't filled in automatically, I had to type it. This is much better!