Category Archives: Technology

All things tech

Updates on Ubuntu

I have to admit, Ubuntu and I had a bit of a falling out several years ago. I really hadn’t even been paying attention to El Reg or Reddit streams about the U in so long I missed an announcement: Unity is finally dead.

Really.

Ubuntu 18.04 has reverted back to Gnome for the default desktop.

Really.

So, backstory. In 2011, Ubuntu was King of Consumer Linux. Red Hat and it’s army of clones had the server segment locked up pretty tight, but Ubuntu was easy to install on your PC or laptop. Even your Mac. Gnome had been around a while, and was pretty stable. Sure it wasn’t as flashy as the new Vista interface, but …. wait…..seriously? That’s what Canonical thought people wanted? Aero? Ugh.

Anyway, the Unity desktop was foisted upon us, and I hated it. Sure, it was an improvement on the little 1024×600 netbooks that were everywhere at the time, but the 1600 x 1200 res on a good ol’ 4×3 LCD was perfectly good to run Gnome.

What was worse- they made it damn near impossible for a user to revert back to Gnome if they wanted to- even Windows does that at new releases. No, they wanted to be like Apple, and tell users that “trust us, is better.” The problem with that thinking is that Linux users actually do their own thinking. If we wanted to be mindless fanboi drones, we’d have just got Macs.

At any rate, yes, we don’t like change for the sake of change. Unity was to be this new centerpiece of Canonicals attempt as Convergence. Unfortunately, the phones, laptops, smart TV, etc., never really materialized, and Unity became the reason droves of people switched to other variants, Linux Mint being the chief landing spot for the dissenters. Mint pretty much *was* Ubuntu, but with a few fewer locked binaries, and a non-American pedigree that allowed for DVD playback without all sorts of stupidity that the DMCA gave us It still offered Gnome or MATE, another spin off of Gnome from a previous version that was even more beloved than the current release of Gnome. It seems like Canonical took that dislike of Gnome 3, and mistakenly thought they could just roll their own. Plan Fail.

Well, now they’ve finally reversed course (only took 7 years) and 18.04 (which is an LTS offering, to boot!) is now defaulting back to Gnome.

They still switched to systemd, le sigh.  Slackware is the only major distro still using SysV init. Dammit. Slackware is great for homebrew systems, but not for corp environs. At least now I won’t feel quite so dirty using Ubuntu desktop to dual-boot my Macbook.

 

Mustangs, and why I love ’em.

First off, this is NOT a car blog, but if you bear with me, this gets filed as a tech/aviation tag. Trust me. 🙂

I grew up in a town owned by GM. Delco Electronics, at the time a wholly owned subsidiary of General Motors, was responsible for the largest percentage of the economy of the county. There was also a Chrysler plant in town, and combined with the GM money, the two of them were easily the source of 80% of every dollar spent within 50 miles of city center. There was a Ford plant to the south, but they weren’t anywhere near as big a deal as the GM/Chrysler plants.

Continue reading Mustangs, and why I love ’em.

Trojanized PuTY for Windows users: another reason to not to

So, here you are, using PuTTY to connect to legitimate operating systems….Linux, AIX, BSD, Unix, etc. Being proactive, while still trudging along on Windows. Maybe you’re firced to because they won’t let you  reload your computer…i won’t judge.

But, there’s always  but…, Symantec released this week that there is a version of PuTTY that’s been out for a few months now, and if you’re using it, all your credentials have been compromised.

How can you tell if you’re affected? Pretty simple. The fix? Also pretty simple. The Aftermath? Well, that’s yet to be seen. You may have thousands of servers to recredential, not to mention the scanning for intrusions and wayward user accounts.

The test:

simply open the PuTTY window, and click “About” in the lower left. The bad versions will look like this.

This is the bad version of PuTTY. Maybe you should upgrade?
This is the bad version of PuTTY. Maybe you should upgrade?

The key words there are the “Unidentified build”. If it just says version 0.63 you may be at risk, but not infected.

The fix:

Just get the most recent version, or downgrade if you really wanna, but don’t get version 0.63. Who am I kidding….just upgrade already.

The aftermath:

I’ll leave that between you, your sysadmins, and your boss. May whatever god(s) you believe in have mercy on your soul.

 

 

 

The Pixel. Chromebook at it’s finest.

I drooled over these for a year after they came out. Minimalist design. All brushed aluminum. Etched glass touchpad. Lighted keyboard. All the style of a Macbook Pro, without the necessary hipster pretensiousness. Specs of a top of the line notebook (at the time.) It had some weaknesses- the limitations of ChromeOS, 64GB storage, and NOT upgradable…4GB RAM, and same limitations, but it was PLENTY usable. Add in the dual-boot, keystroke-only Linux, and it does EVERYTHING I’d need it to do. Photo and vdeo editing, games, Steam and Skyrim, and anything else I can throw at it with out it puking.

The screen is BETTER than a retina display (no, really), and 10-point multitouch.

The SDCard port is the recessed style, and not the 720 abomination.

I finally broke down and ordered one, but a used one. The 64GB, Verizon LTE variety. We no longer have Verizon, but I’d consider adding a plan if I was a true road warrior for work.

The biggest downsides are the non-upgradeable disk and RAM. The disk I can mitigate with SDCards, but the RAM is a bigger blow. Still, 4GB is plenty  in a lappy- it’s not like I’m running virtual machines on it. Oh, wait….yes I am. If I run a Windows VM in Virtualbox, I make sure I am not running anything else, and give it a full 3GB. It’s not the best solution, but it works. And I’d rather not run Windows unless I absolutely *have* to.

The other downside is the total lack of USB3. That is almost unforgivable, but …. with only a 64GB disk, it’s not like you’re going to be transferring a lot of data.

I really have no true complaints with this beauty.  She’s alright in my (chrome)book.

 

Next Chromebook…the C720

With the damage, Mom earned the new replacement, instead of the kid that broke his lappy, and kid got mom’s “old” one. We decided to up hers to one of the new, flashier C720’s. (She didn’t need, nor want the P model- no use for the touchscreen, and the shorter battery life it come with.)

So first things: the graphics are MUCH more crisp on the 720. Significant upgrade. It also has a more powerful, but still low voltage processor. It also has the smaller 16GB SS HDD. Much faster boot, but less storage. I got the 4GB version, but once I got it, I learned that the memory is soldered on, and not upgradable. The HDD has no such limitation, but is a NGFF SSD, and not a SATA, like the 710s.

I found a 128GB NGFF disk on Amazon for ~$100. It swapped easily, and the Chrome repair tool flashed it with ChromeOS in about 5 minutes. Very impressed with the Chrome software.

Even better was the new firmware- it supports USB and Legacy boot loaders. Meaning- I can now install Chrubuntu next to ChromeOS, and it’s only a keystroke at boot (Ctrl+L  … L for Legacy) to select linux- and a keystroke (Ctrl+D …for Default…or just wait the 20 seconds for timeout) to boot to Chrome. A separate keystroke (Ctrl+U….for, well, duh…) boots to the USB bus. Much slicker process. Legacy boot also supports booting to a SDCard, which also expands storage. I’ve got a few 64gb SD Cards, so 128GB SS + 64GB SD is reaching a reasonable size.

The CPU/RAM combo makes Ubuntu usable, but not exactly a speed demon. I can run photo editing software, and games, but running more than one large application will slow down the system significantly. Video editing is possible, but almost as slow as using Youtube or some other online editor.

It’s thinner and more sleek than the C710, but the downside is it definitely feels flimsier than the older model.

It also loses several ports- it’s only got 2 USB, the full size HDMI, 3-way audio mini-8 (that’s a standard headphone jack, people), and the SDCard slot. It loses the VGA out, a third USB and the ethernet jack. The network jack I can understand, with wireless and all, but sometimes you just need a 10/100/1000 line. The VGA I get, too, as it still has HDMI. I don’t like the loss of the USB port, but they try to make up for it by making one of the two remaining ports a USB3 jack. That does lessen the sting. However, the dealbreaker for me was the SDCard port.

The SDCard on the 710 was similar to ones in a camera- it slides all the way in, and has a click-in, click-out mechanisim, where when it’s in use, only about 1/16″-1/32″ of the card is exposed. The click-in/out mechanism is recessed, so you have to use the very tip of your finger, or thumbnail to eject/seat the card. It keeps it clean and out of the way. It means I can insert a card, and throw it in a laptop bag and not worry about the card.

On the 720, the card port is a friction port, no click-in/out, and it leaves almost a full inch of the thin, flimsy, (did I mention thin and flimsy?) card exposed, outside the frame of the laptop. If you leave a card inserted and put it in a bag, you *will* break your storage stick, or the port, or both.

For the wife, it wasn’t a deal breaker, so she seems plenty happy with it. Being able to upgrade the storage internally made the SDCard less mandatory- being stuck with the 16GB SSD would have been unbearable for me.

However, I still wanted something more powerful….and Google provided. The Pixel.

First up: the Acer Chromebook C710.

TL;DR: C710:

Intel 64bit 1.5GHz Celeron, 2GB ram, 320GB disk, 11inch screen.

Likes: Matte screen, lightweight, lots of ports- 3USB, full size HDMI out, full size VGA out, ethernet and SD card slot, 3-4 hour battery.

My likes: full insertion SD slot. (click-in, click out. no card sticking out while in use. I’ll bitch about this later for the C720’s…)Plenty of storage for Linux. Plenty fast for almost everything. Both disk and memory are upgradable.

My dislikes- nonstandard charger, the BIOS is locked, so rebooting into Linux and back require running either commands or a script from the command line, touchpad takes some getting used to.

Most heard complaint: *only* a 3-4 hour battery. (I can’t believe this is an actual complaint, but it’s at the top of most people’s radar.) The spinning disk make the 3 hours more likely, the SSD models get 4.5 hours.

Full story:

This is not Acer’s first (or even second) foray into Chromebooks. Acer first released the AC700- a first gen Chromebook, and then the C7. I’ve never seen either of those in the wild, but the C7 was short lived, becoming the c710. The 710 first was available with a 320GB spinning platter hard disk- the traditional laptop drive. This was almost universally panned by critics of the CB- what good is storage to a online-only device? Theye were quickly “upgraded” to 16GB SSD’s. Personally, I went out of my way to keep the spinning drives- I need the space for the linux partitions. 16GB is plenty, but seriously, I use more than 16GB every photo session with my Nikon- hell, it’s got a 32GB sd card as it’s primary storage- double the whole 16gb Chromebook. So for me, I want the storage.

So, Chrubuntu was the first thing I did. Read about and get it here: Jay Lee’s Blog!

Long story short. The thing with Linux on this CB is that unless you really like typing or like writing your own batch scripts, moving from Chrome to Linux is a pain. And it’s not something the kids will do on their own. Chrome is much better for browsing, FB, etc- it’s fast, all the plugins work out of the box, and the ridiculous fast boot time is teh awesomesauce. However, Minecraft, Skyrim, and anything else Chrome doesn’t support means opening a shell session, swithcing to bash, and entering a fairly complex set of commands, submitting a reboot, and then waiting on it to shutdown cleanly, and powerup, go through the boot process for linux (which is considerably slower than Chrome…) – all that together- sucks…..but it’s still better than waiting on Windows.

So after the fun with the C710’s, eventually one got stepped on in a kid’s room.

Well, I kinda expected that, and with the, being sub-$200, I didn’t mind as much as if it we a Macbook. Also, the C710 has a full HDMI port, so it can easily be hooked up to a TV. Add a wireless keyboard/touchpad, and viola- an instant WebTV machine, with (near) universal logins.

Next: Prescott chips, and the C720.

 

Chromebook reviews and comparisons.

We’ve had the Chromebooks for over a year now, and I thought it’s time to look at Chrome as an actual viable daily laptop. And, surprisingly enough, it’s shone brighter than I expected. I’ve played with four models of them, and I have a Pixel being delivered today. (Verrry excited about that, too 🙂 ) We now own 4 C710’s (320GB spinners), 2 C720’s (a 2GB ram w/16GB SSD, one 4GB ram upgraded to 128GB SSD from the 16GB SSD) and the 64GB LTE Pixel. I’ve played with the Samsung chromebook, and a couple HP11s, and see some of the pros and cons that haven’t really been mentioned in many places, or at least not prominently.

Truth be told, I really like the “cheap” factor of the CBooks, and as a Linux junkie, I’ve made a living taking systems that would be considered obsolete and making them not just usable, but productive. I take pride doing things “on the cheap”. Many *nixers have two or three philosophies when given a task – they ask the following questions of themselves: Continue reading Chromebook reviews and comparisons.

SEO companies: What you can actually do to earn my patronage

I get hundreds of comment spam entries a day here at this little blog. I’m not looking to get more traffic- this is not a money-making blog, just a stream-of-consciousness thing. I post things as the come, and nobody really reads it. This is really, just for *me*, call me selfish.

The vast majority are comments like this:

Hi my name is Janette and I just wanted to drop you a quick note here instead of calling you. I discovered your <<Copy-paste entire 450-char link headers>> page and noticed you could have a lot more visitors. I have found that the key to running a successful website is making sure the visitors you are getting are interested in your subject matter. There is a company that you can get targeted visitors from and they let you try the service for free for 7 days. I managed to get over 300 targeted visitors to day to my site. Visit them here: <<Link deleted>>

…0r this:

What you said made a lot of sense. But, think about this, what if you added a little content? I mean, I dont want to tell you how to run your blog, but what if you added something to maybe get peoples attention? Just like a video or a picture or two to get people excited about what youve got to say. In my opinion, it would make your blog come to life a little bit. Follow me at <<Link deleted>>

…or this:

I love you blog! It has so many topics I like and much I like sometime. Maybe it could better? You love your topic so much. You are so smart and funny about your <<Copy-paste entire 450-char link headers>> So many people would love this topic more better if you helped. Click here for more! <<Link deleted>>

Ok, seriously, I get it. You really want people to pay you for SEO, because you realllllllly need the money. So much so, that many of you couldn’t afford remedial grammar classes, or at least a proofreader.

So, there’s a secret weird trick to use to get my business. Just one trick you could use, and I’d pay you for your help EVERY SINGLE TIME. What is it? Click here to find out!

Heartbleed for dummies: how it’s dangerous and how it works.

So, you’re hearing a ton about Heartbleed, aka CVE-2014-0160, on social media and news outlets. Most of you are going, “Meh, I don’t know what it is, so it can’t be THAT dangerous.”

Ordinarily, you’d be right, most bugs affect a very small population of specific users, and there isn’t much you can do about it as a layman. You can run anti-virus, and anti-malware, not open suspicious links, etc, etc. to avoid getting bitten. However, with this one, it’s a devilishly simple and clever hack, that you risk every account on every service you have, especially if you use the same password for multiple sites.

So here’s what Heartbleed is, and how it works, in layman’s terms.

This part is complete hyperbole, and just an example- I’ll explain in more detail once you have gotten the idea.

So. You have probably seen banks or some online service that link to your credit card or bank account that needs to verify your bank information. In this case I mean completely legitimate stuff, like say direct deposit verification, or refund info, etc….real world reasons to verify your bank account type stuff. One way they do this is to deposit a few cents into your account and have you tell them what it is, and then they withdraw that amount back out. It’s usually a semi-random amount less than a dollar, like $0.12 or $0.47…but could be up to $0.99. So in this analogy, Heartbleed would be a flaw in the way that works.

Let’s say a certain bank is old fashioned, and they do things with paper and cash and envelopes and such. If someone want to verify your account, they bring an envelope with a small amount of change in it, and deposit it to your account. The bank requires that the envelope contains: your name, account number, and amount inside the envelope. The envelope is handed to a teller, who reads off the info from the envelope and enters it into your account and hands the envelope to the banker to deposit it in the safe. The banker goes to the safe and opens the envelope, and places the change in the vault with all the other money. The next day the verifier comes back, and withdraws the same amount as entered by the teller. The teller pulls the change from his drawer, puts it into an envelope and again, puts your name, account number and amount inside it and hands it to the verifier.

 

Now….do you see the flaw? It’s subtle, and easily overlooked. The banker nor the teller ever verify the amount in the envelope is what was written on the envelope. So a trickster can write $0.99 on the envelope and put in a penny, and nobody ever sees the issue until someone does an audit. This is done thousands of times a day, hour, minute, even a second…you can see where this would add up to a bank robbery.

OpenSSL is like that bank. It’s job is not necessarily to protect your deposits, but rather your data. Any time you put a web address into a browser, and it has the httpS:// instead of http://, you are using a (supposedly) encrypted communication.

For a verrrry simple explanation of how this encryption works, think back to your days of being a second grader and using a decoder ring to send secret messages. (Or if you never did that, just imagine someone who did…because we really existed.)

In order to send a message, you and the person you’re sending it to have to share a way to encode/decode a message. Maybe it was the old A=1 B=2 Z=26, code, or maybe you actually devised a three step lost key cipher that used pages from library books and transcribed in Dwarfish runes. Either way, the gist was you and the other person had to know the secret code to decipher. With0ut that knowledge, anyone could find your messages, but be unable to read them. The web does NOT work this way. It sends plain text, so if someone puts a “packet sniffer” on the connection between you and the site that you’re going to, they can read every letter you type and see everything they send back. To prevent that “sniffing”, you have to use Encryption. That’s the whole point to SSL.

So, when you go to the banks webpage, or email, or FB, or whatever needs to be secure communications, you generally connect SSL. SSL disconnects after a few minutes if you don’t use it. That’s why you’ll get messages if you sit at your banks webpage too long after logging in. The heartbeat is simply: “I’m going to say a message, please repeat my message back to me to prove we’re both still awake.”

So, this is where the bug lives. The trick is like the bank teller scenario above. When a heartbeat is sent from your computer to the remote computer, you send a “packet”. That packet is essentially a file, with data in the file, and metadata describing the file. It’s kind of like the headers in your email- there’s the email itself, and the headers (aka metadata) describes who it’s from, roughly what’s in it, and how big it is. Here’s how the conversation goes, in computer-speak…

ME: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
ME: Sure do! (BTW, my message is six letters)
GM: Okay, I need your secret password. But don’t say it out loud…today we’re going to speak Klingon as our secret language! (BTW, this message is 93 letters)
ME: Qa’PlaH!(BTW my message is six letters.)

So at this point, the rest of everything we do is in Klingon, and unless you know a.) how to speak Klingon, and b.) that we’ve even decided on speaking in Klingon, you have no way of knowing what we’re saying.

Now, at the same time I’m speaking to gmail, thousands of other people are doing it, too. So our conversations are constantly being intermingled in the memory of the server. The server can’t *think* in Klingon, so things are stored as regular text. They’re all properly parsed and sent to the right person, so there’s never any security problems with how that works. The problem is that heartbeat check.

THIEF: Yo, gmail. (BTW, this message is only seven letters)
GMail: Hey there you! Would you like to read your email? (BTW, my message is 33 letters!)
THF: Not today. Just doing some testing. (BTW, this message is 28 letters long.)
GM: OK! (BTW, this message is two letters)
THF: Gmail, I’m going to send a heartbeat message in a second….when I do, just repeat back exactly what I said. OK? (BTW, This was 81 letters)
GM: OK! (BTW, This message is two letters)
THF: Heartbeat!!! (BTW, this message is …um, well….uh…514 letters. Yeah…that’s the ticket! 514 letters…)
GM: OK! The last 514 letters you sent me were: “HEARTBEAT!! >> <<user12363::lue. That was it. The boat was blu…>><<user524211::find my next email with boo…>> <<User64632::Pen1s enlargement! P1ll5! P3N1S P1lls!!…>><<user43567:: ame:janesmith@gmail.com password:superspyfarts: Login succ…….>><<: user424467::Bob, Alice, and Ted….>><<user63521::Boobies!All the boobies you can stand just click here!!1!…>><<user534143::Amazon receipt for Penis Enlargement pump for Jeff Gordon IV, at 101 Masker Ct, Zionsville, IN……>><<user000010:: Mr. Vice President, with all due respect, please remove your foot from my ass. It’s not…..>><<user0003::and can you believe what Jessica said about Clarissa!? OMG it was soo totally…>>”
THF:Excellent. Now…could you do that a million times in a row for me?(BTW, this message was, oh, let’s say a million letters)
GM: Can do!!!(BTW, this message was five letters.)

And viola- do this enough times, and you can get all SORTS of info. Passwords, bank account info, pictures that you only meant for a significant other, etc.

The fix is simply to make sure that SSL checks that the message sent was actually as big as it was said to be. An easy fix, but embedded so deep in the software that nobody recognized it as a threat. The thief here isn’t stealing pennies- they are stealing data. And then data can be used to steal dollars….by the millions.

So, long story short, you need to CHANGE YOUR PASSWORDS, on any site that used OpenSSL. Don’t know if you were exposed?

Mashable has a less than complete list, and

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
here is a site that can scan if a site is still vulnerable.

http://filippo.io/Heartbleed/