Tag Archives: linux

The Pixel. Chromebook at it’s finest.

I drooled over these for a year after they came out. Minimalist design. All brushed aluminum. Etched glass touchpad. Lighted keyboard. All the style of a Macbook Pro, without the necessary hipster pretensiousness. Specs of a top of the line notebook (at the time.) It had some weaknesses- the limitations of ChromeOS, 64GB storage, and NOT upgradable…4GB RAM, and same limitations, but it was PLENTY usable. Add in the dual-boot, keystroke-only Linux, and it does EVERYTHING I’d need it to do. Photo and vdeo editing, games, Steam and Skyrim, and anything else I can throw at it with out it puking.

The screen is BETTER than a retina display (no, really), and 10-point multitouch.

The SDCard port is the recessed style, and not the 720 abomination.

I finally broke down and ordered one, but a used one. The 64GB, Verizon LTE variety. We no longer have Verizon, but I’d consider adding a plan if I was a true road warrior for work.

The biggest downsides are the non-upgradeable disk and RAM. The disk I can mitigate with SDCards, but the RAM is a bigger blow. Still, 4GB is plenty  in a lappy- it’s not like I’m running virtual machines on it. Oh, wait….yes I am. If I run a Windows VM in Virtualbox, I make sure I am not running anything else, and give it a full 3GB. It’s not the best solution, but it works. And I’d rather not run Windows unless I absolutely *have* to.

The other downside is the total lack of USB3. That is almost unforgivable, but …. with only a 64GB disk, it’s not like you’re going to be transferring a lot of data.

I really have no true complaints with this beauty.  She’s alright in my (chrome)book.

 

Next Chromebook…the C720

With the damage, Mom earned the new replacement, instead of the kid that broke his lappy, and kid got mom’s “old” one. We decided to up hers to one of the new, flashier C720’s. (She didn’t need, nor want the P model- no use for the touchscreen, and the shorter battery life it come with.)

So first things: the graphics are MUCH more crisp on the 720. Significant upgrade. It also has a more powerful, but still low voltage processor. It also has the smaller 16GB SS HDD. Much faster boot, but less storage. I got the 4GB version, but once I got it, I learned that the memory is soldered on, and not upgradable. The HDD has no such limitation, but is a NGFF SSD, and not a SATA, like the 710s.

I found a 128GB NGFF disk on Amazon for ~$100. It swapped easily, and the Chrome repair tool flashed it with ChromeOS in about 5 minutes. Very impressed with the Chrome software.

Even better was the new firmware- it supports USB and Legacy boot loaders. Meaning- I can now install Chrubuntu next to ChromeOS, and it’s only a keystroke at boot (Ctrl+L  … L for Legacy) to select linux- and a keystroke (Ctrl+D …for Default…or just wait the 20 seconds for timeout) to boot to Chrome. A separate keystroke (Ctrl+U….for, well, duh…) boots to the USB bus. Much slicker process. Legacy boot also supports booting to a SDCard, which also expands storage. I’ve got a few 64gb SD Cards, so 128GB SS + 64GB SD is reaching a reasonable size.

The CPU/RAM combo makes Ubuntu usable, but not exactly a speed demon. I can run photo editing software, and games, but running more than one large application will slow down the system significantly. Video editing is possible, but almost as slow as using Youtube or some other online editor.

It’s thinner and more sleek than the C710, but the downside is it definitely feels flimsier than the older model.

It also loses several ports- it’s only got 2 USB, the full size HDMI, 3-way audio mini-8 (that’s a standard headphone jack, people), and the SDCard slot. It loses the VGA out, a third USB and the ethernet jack. The network jack I can understand, with wireless and all, but sometimes you just need a 10/100/1000 line. The VGA I get, too, as it still has HDMI. I don’t like the loss of the USB port, but they try to make up for it by making one of the two remaining ports a USB3 jack. That does lessen the sting. However, the dealbreaker for me was the SDCard port.

The SDCard on the 710 was similar to ones in a camera- it slides all the way in, and has a click-in, click-out mechanisim, where when it’s in use, only about 1/16″-1/32″ of the card is exposed. The click-in/out mechanism is recessed, so you have to use the very tip of your finger, or thumbnail to eject/seat the card. It keeps it clean and out of the way. It means I can insert a card, and throw it in a laptop bag and not worry about the card.

On the 720, the card port is a friction port, no click-in/out, and it leaves almost a full inch of the thin, flimsy, (did I mention thin and flimsy?) card exposed, outside the frame of the laptop. If you leave a card inserted and put it in a bag, you *will* break your storage stick, or the port, or both.

For the wife, it wasn’t a deal breaker, so she seems plenty happy with it. Being able to upgrade the storage internally made the SDCard less mandatory- being stuck with the 16GB SSD would have been unbearable for me.

However, I still wanted something more powerful….and Google provided. The Pixel.

First up: the Acer Chromebook C710.

TL;DR: C710:

Intel 64bit 1.5GHz Celeron, 2GB ram, 320GB disk, 11inch screen.

Likes: Matte screen, lightweight, lots of ports- 3USB, full size HDMI out, full size VGA out, ethernet and SD card slot, 3-4 hour battery.

My likes: full insertion SD slot. (click-in, click out. no card sticking out while in use. I’ll bitch about this later for the C720’s…)Plenty of storage for Linux. Plenty fast for almost everything. Both disk and memory are upgradable.

My dislikes- nonstandard charger, the BIOS is locked, so rebooting into Linux and back require running either commands or a script from the command line, touchpad takes some getting used to.

Most heard complaint: *only* a 3-4 hour battery. (I can’t believe this is an actual complaint, but it’s at the top of most people’s radar.) The spinning disk make the 3 hours more likely, the SSD models get 4.5 hours.

Full story:

This is not Acer’s first (or even second) foray into Chromebooks. Acer first released the AC700- a first gen Chromebook, and then the C7. I’ve never seen either of those in the wild, but the C7 was short lived, becoming the c710. The 710 first was available with a 320GB spinning platter hard disk- the traditional laptop drive. This was almost universally panned by critics of the CB- what good is storage to a online-only device? Theye were quickly “upgraded” to 16GB SSD’s. Personally, I went out of my way to keep the spinning drives- I need the space for the linux partitions. 16GB is plenty, but seriously, I use more than 16GB every photo session with my Nikon- hell, it’s got a 32GB sd card as it’s primary storage- double the whole 16gb Chromebook. So for me, I want the storage.

So, Chrubuntu was the first thing I did. Read about and get it here: Jay Lee’s Blog!

Long story short. The thing with Linux on this CB is that unless you really like typing or like writing your own batch scripts, moving from Chrome to Linux is a pain. And it’s not something the kids will do on their own. Chrome is much better for browsing, FB, etc- it’s fast, all the plugins work out of the box, and the ridiculous fast boot time is teh awesomesauce. However, Minecraft, Skyrim, and anything else Chrome doesn’t support means opening a shell session, swithcing to bash, and entering a fairly complex set of commands, submitting a reboot, and then waiting on it to shutdown cleanly, and powerup, go through the boot process for linux (which is considerably slower than Chrome…) – all that together- sucks…..but it’s still better than waiting on Windows.

So after the fun with the C710’s, eventually one got stepped on in a kid’s room.

Well, I kinda expected that, and with the, being sub-$200, I didn’t mind as much as if it we a Macbook. Also, the C710 has a full HDMI port, so it can easily be hooked up to a TV. Add a wireless keyboard/touchpad, and viola- an instant WebTV machine, with (near) universal logins.

Next: Prescott chips, and the C720.

 

Chromebook reviews and comparisons.

We’ve had the Chromebooks for over a year now, and I thought it’s time to look at Chrome as an actual viable daily laptop. And, surprisingly enough, it’s shone brighter than I expected. I’ve played with four models of them, and I have a Pixel being delivered today. (Verrry excited about that, too :) ) We now own 4 C710’s (320GB spinners), 2 C720’s (a 2GB ram w/16GB SSD, one 4GB ram upgraded to 128GB SSD from the 16GB SSD) and the 64GB LTE Pixel. I’ve played with the Samsung chromebook, and a couple HP11s, and see some of the pros and cons that haven’t really been mentioned in many places, or at least not prominently.

Truth be told, I really like the “cheap” factor of the CBooks, and as a Linux junkie, I’ve made a living taking systems that would be considered obsolete and making them not just usable, but productive. I take pride doing things “on the cheap”. Many *nixers have two or three philosophies when given a task – they ask the following questions of themselves: Continue reading Chromebook reviews and comparisons.

Heartbleed for dummies: how it’s dangerous and how it works.

So, you’re hearing a ton about Heartbleed, aka CVE-2014-0160, on social media and news outlets. Most of you are going, “Meh, I don’t know what it is, so it can’t be THAT dangerous.”

Ordinarily, you’d be right, most bugs affect a very small population of specific users, and there isn’t much you can do about it as a layman. You can run anti-virus, and anti-malware, not open suspicious links, etc, etc. to avoid getting bitten. However, with this one, it’s a devilishly simple and clever hack, that you risk every account on every service you have, especially if you use the same password for multiple sites.

So here’s what Heartbleed is, and how it works, in layman’s terms.

This part is complete hyperbole, and just an example- I’ll explain in more detail once you have gotten the idea.

So. You have probably seen banks or some online service that link to your credit card or bank account that needs to verify your bank information. In this case I mean completely legitimate stuff, like say direct deposit verification, or refund info, etc….real world reasons to verify your bank account type stuff. One way they do this is to deposit a few cents into your account and have you tell them what it is, and then they withdraw that amount back out. It’s usually a semi-random amount less than a dollar, like $0.12 or $0.47…but could be up to $0.99. So in this analogy, Heartbleed would be a flaw in the way that works.

Let’s say a certain bank is old fashioned, and they do things with paper and cash and envelopes and such. If someone want to verify your account, they bring an envelope with a small amount of change in it, and deposit it to your account. The bank requires that the envelope contains: your name, account number, and amount inside the envelope. The envelope is handed to a teller, who reads off the info from the envelope and enters it into your account and hands the envelope to the banker to deposit it in the safe. The banker goes to the safe and opens the envelope, and places the change in the vault with all the other money. The next day the verifier comes back, and withdraws the same amount as entered by the teller. The teller pulls the change from his drawer, puts it into an envelope and again, puts your name, account number and amount inside it and hands it to the verifier.

 

Now….do you see the flaw? It’s subtle, and easily overlooked. The banker nor the teller ever verify the amount in the envelope is what was written on the envelope. So a trickster can write $0.99 on the envelope and put in a penny, and nobody ever sees the issue until someone does an audit. This is done thousands of times a day, hour, minute, even a second…you can see where this would add up to a bank robbery.

OpenSSL is like that bank. It’s job is not necessarily to protect your deposits, but rather your data. Any time you put a web address into a browser, and it has the httpS:// instead of http://, you are using a (supposedly) encrypted communication.

For a verrrry simple explanation of how this encryption works, think back to your days of being a second grader and using a decoder ring to send secret messages. (Or if you never did that, just imagine someone who did…because we really existed.)

In order to send a message, you and the person you’re sending it to have to share a way to encode/decode a message. Maybe it was the old A=1 B=2 Z=26, code, or maybe you actually devised a three step lost key cipher that used pages from library books and transcribed in Dwarfish runes. Either way, the gist was you and the other person had to know the secret code to decipher. With0ut that knowledge, anyone could find your messages, but be unable to read them. The web does NOT work this way. It sends plain text, so if someone puts a “packet sniffer” on the connection between you and the site that you’re going to, they can read every letter you type and see everything they send back. To prevent that “sniffing”, you have to use Encryption. That’s the whole point to SSL.

So, when you go to the banks webpage, or email, or FB, or whatever needs to be secure communications, you generally connect SSL. SSL disconnects after a few minutes if you don’t use it. That’s why you’ll get messages if you sit at your banks webpage too long after logging in. The heartbeat is simply: “I’m going to say a message, please repeat my message back to me to prove we’re both still awake.”

So, this is where the bug lives. The trick is like the bank teller scenario above. When a heartbeat is sent from your computer to the remote computer, you send a “packet”. That packet is essentially a file, with data in the file, and metadata describing the file. It’s kind of like the headers in your email- there’s the email itself, and the headers (aka metadata) describes who it’s from, roughly what’s in it, and how big it is. Here’s how the conversation goes, in computer-speak…

ME: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
ME: Sure do! (BTW, my message is six letters)
GM: Okay, I need your secret password. But don’t say it out loud…today we’re going to speak Klingon as our secret language! (BTW, this message is 93 letters)
ME: Qa’PlaH!(BTW my message is six letters.)

So at this point, the rest of everything we do is in Klingon, and unless you know a.) how to speak Klingon, and b.) that we’ve even decided on speaking in Klingon, you have no way of knowing what we’re saying.

Now, at the same time I’m speaking to gmail, thousands of other people are doing it, too. So our conversations are constantly being intermingled in the memory of the server. The server can’t *think* in Klingon, so things are stored as regular text. They’re all properly parsed and sent to the right person, so there’s never any security problems with how that works. The problem is that heartbeat check.

THIEF: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
THF: Not today. Just doing some testing. (BTW, this message is 28 letters long.)
GM: OK! (BTW, this message is two letters)
THF: Gmail, I’m going to send a heartbeat message in a second….when I do, just repeat back exactly what I said. OK? (BTW, This was 81 letters)
GM: OK! (BTW, This message is two letters)
THF: Heartbeat!!! (BTW, this message is …um, well….uh…514 letters. Yeah…that’s the ticket! 514 letters…)
GM: OK! The last 514 letters you sent me were: “HEARTBEAT!! >> <<user12363::lue. That was it. The boat was blu…>><<user524211::find my next email with boo…>> <<User64632::Pen1s enlargement! P1ll5! P3N1S P1lls!!…>><<user43567:: ame:janesmith@gmail.com password:superspyfarts: Login succ…….>><<: user424467::Bob, Alice, and Ted….>><<user63521::Boobies!All the boobies you can stand just click here!!1!…>><<user534143::Amazon receipt for Penis Enlargement pump for Jeff Gordon IV, at 101 Masker Ct, Zionsville, IN……>><<user000010:: Mr. Vice President, with all due respect, please remove your foot from my ass. It’s not…..>><<user0003::and can you believe what Jessica said about Clarissa!? OMG it was soo totally…>>”
THF:Excellent. Now…could you do that a million times in a row for me?(BTW, this message was, oh, let’s say a million letters)
GM: Can do!!!(BTW, this message was five letters.)

And viola- do this enough times, and you can get all SORTS of info. Passwords, bank account info, pictures that you only meant for a significant other, etc.

The fix is simply to make sure that SSL checks that the message sent was actually as big as it was said to be. An easy fix, but embedded so deep in the software that nobody recognized it as a threat. The thief here isn’t stealing pennies- they are stealing data. And then data can be used to steal dollars….by the millions.

So, long story short, you need to CHANGE YOUR PASSWORDS, on any site that used OpenSSL. Don’t know if you were exposed?

Mashable has a less than complete list, and

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
here is a site that can scan if a site is still vulnerable.

http://filippo.io/Heartbleed/

So…moving on.

I left CS last month. I like the majority of the team, and the majority of the work, but I didn’t like the stress and political abuse that was bandied around everywhere outside of the immediate team. It got so that I just loathed going to bed at night knowing I would have to get up and go in the next morning. Serious dread.

So, I put my resume out again, and got several very quick hits. One in a DevOps roles sounded the most promising, and I’m now with TeraData- a company I’d barely heard of, but is a giant in the world of big data. (Pun came naturally. Sorry.)

I’m neck deep in Openstack, AWS, and CoLo and am actually enjoying it was more than I expected. Let’s see if it keeps, or I move on. It is a contract gig, so I do have some time to feel it out and make sure it’s a good fit.

 

Akismet, my new hero.

I finally got around to paying more attention to my blog. Updating the resume…adding a post or two…proofreading others to make corrections…looking into some new plugins for WordPress….etc.

One of the most annoying things to deal with was the comment spam. In three months I had accumulated 15,000 pieces of it. There’s only about 2,000 people who have actually visited my blog thus far. Ever. (Thanks, Google Analytics!) But, since I’m really not on here all that often (something I’m trying to improve on…) I really hadn’t paid attention to the spam. I have all comments require moderation, so they weren’t flooding my site- I just have to go on every couple of months, glance through the posted commented on to see if there are any real comments (there aren’t) and run a SQL command to manually clear the crap.

I would like to know if there are any actual comments in the future, and see if anyone has anything useful to say, or even a useless comment, but one that was made by an actual person instead of a bot quoting random sentences from random books in an attempt to look Turing-complete. Thus, I configured Akismet this evening, and it’s already flagged crap as spam and shuffled it off to the spam folder, which is much easier to empty- no SQL commands into the void.

So long story short, and I’m sure old news to the vast majority of bloggers, Akismet makes me smile just a little more than I was yesterday. Thanks, devs!

Spacewalk, PAM, and Centrify…oh, my!

So, I’ve been spending a good portion of the last six months designing a software distribution system, and looking for a good way to manage user access in an AD environment, where LDAP is fractured, at best. A few months ago, we were approved to procure Centrify as a provider of AD integration, so we could get rid (entirely) of winbind,  and samba related services.

Finally, we are approaching handover, and time to integrate Spacewalk is here.

Spacewalk does NOT integrate directly to Active Directory. Never has, probably never will. It will, however, authenticate to PAM, and PAM does have methods to authenticate to AD- mostly with winbind. Centrify is supposed to be the bridge between them, and Continue reading Spacewalk, PAM, and Centrify…oh, my!

Trying to get a handle here…

…but I’ve been sparse lately. I actually had written several posts that sat in draft and never published, that are now irrelevant. So I’ll hit publish on the ones that are ok, and ignore the oldies.

Anyway, I’m going to try to get in the habit of putting things here again, and digging into a little that is not my forte. e.g, I’m thinking about doing a PMP cert and working on project management. An RHCE with a PMP could be most formidable, indeed. Since being in engineering for as long as I have been, I have become fairly adept at managing projects, as that’s my day to day workload. I think I might be able to branch out to other areas and spread out past just the linux world.

Brave new world…

Chromebooks. We got a few… Acer C7’s.

The twins each got one, and I have one as well. They see to be good little teaching machines.

I’ve already spun Ubuntu onto mine, and will show the kids how to do theirs when they’re ready to load them.

Looking into flashing the bios and possibly adding some other bootloader…these are fairly locked down OOTB. Looks like it’s time to do some good hacking. :)

 

Edit: This post was written back in December, I just forgot about it and it was sitting in draft for months.