Hackit+ - Ethical Hacking training course

I'm excited to write about a little project I've been working on.  I've helped a team of very special and talented folks with creating Premier Course ware for Ethical Hacking.  It is a paid program for instructing on hacking from the very introductory levels.  If you've never worked on security before, or if you are thinking of trying to, but all the material you find out there is way too advanced, then try Hackit+.

With lessons that start with explanations of virtual machines and Linux all the way up to advanced exploitation techniques, this course will bring you from 0-60 in just 15 lessons.  The product has just launched, but the community plans are strong and engaging.  With user driven forums for members only along with access to download and try to hack example virtual machines.  Launching new ones all the time to test your lessons learned.  These virtual machines comprise "Hackville" which is what they call the collection of virtual machines which represent citizens and businesses inside a simulated town.  With resources and persons simulated with virtual machines, these test your learned material and challenge you to creative problem solving.

This courseware is not your traditional fare.  It is engaging and pushes the student to try and experiment and learn by doing.  This course is not for a passive student base.  But for people who are curious about the field of Penetration Testing, Security or just wanting to learn from the bottom up, this course is engaging and has the promise of a strong community structure to keep you engaged for months to come after your complete the course.

There is a certification exercise at the conclusion if you are so inclined, this process will earn you a certificate of completion that will be backed by the Hackit+ team.  This certification is included with the courseware at no extra charge.  Visit the website for the details and dive in if you too would like to learn how hacking works, even if you don't have any previous experience.

I do apologize, I normally don't endorse products on this blog, but as it is very much in line with my philosophy on these things and the Tin Foil Hat Show podcast, I thought it an interesting piece for anyone who normally follow what I'm writing about.

Happy Hacking.  And remember: If it hacks you, you should HACK IT BACK!
--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Home Server - Media (tvmobili + subsonic)

As part of my home server project, I've been trying to configure what should be a multimedia server solution.  With PC's, laptops, TV and mobile devices who all connect in the house I was looking for the combinations that would produce the most viewed media on the most devices.

My first attempt was to return to Mythtv.  But after the server took a upgrade to the mythtv package it basically borked the db, and mis-matched with the desktop clients that I couldn't find the correct versions for.

I then tried to look into DLNA compliance a few months back with the introduction of a new TV.  Ushare was simple to configure and it seemed to speak the folder structure to the TV but didn't give the list of files.  I then installed tvmobili which works 100% and serves the files over DLNA to the TV with no issue.

Previous computer solution was Boxee using Samba (windows file sharing) to stream.  This was nice because it would pull all metadata as well as subtitles.   I haven't gotten rid of the Boxee solution, but I will probably look into XMBC for the same purpose without the customization.  XMBC should be a bit more resilient to changes as it is the code base for Boxee.

My newest discovery is Subsonic.  Man, I can't say enough good about this one.  Simple deb package install on my ubuntu server, web interface makes management/configuration completely painless.  It comes with simple and built-in dynamic DNS service.  It does ask for a donation to the project for a license that allows video streaming playback beyond a 30 day trial period.  I will be making that donation.  The web interface offers a flash player playback with adjustable bitrate to support LAN connections or even 3G connections.  Very well developed howto included to help with firewall issues if there and I have to say it's just working.  I've tried the Android client and the performance and results is truly impressive.  Try the demo on your own, see if you think it is work a small donation to the project.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

MultiBoot LiveUSB - multiple iso + persistence

I had found a usb multiboot solution some time ago and realized that I had not written about it.  I would like to demonstrate an amazing piece of software that does exactly what it claims.  It does it so well, that I have purchased two 8Gig USB keys to manage using this software.

The concept is the same as the Ubuntu USB-creator, or even the same as Unetbootin.  Both of those tools are only loading a single disk image (.iso) onto a usb key (typically 1G).  These tools are amazingly useful to try out liveCD versions of linux distributions without a full blown hard drive install, but also not at the mind-numbing slowness of a proper CD Burn as the CD-Rom devices are so much slower than disk access that you no longer get an experience for an alternative operating system that is enjoyable.

Both of the tools I have already mentioned have over the last year and a half come to incorporate also a persistence mode which means that unlike a burned CD, a usb key in persistence mode with extra space is able to maintain updates across reboots.  So if you add an application to a livecd .iso on usb key using one of those tools with the addition of persistence mode then any application installed would be persistent the next time the usb key was used for a reboot.

Being a very demanding geek, the idea of a collection of usb keys with single unique linux distributions seemed too troublesome.  One key for installing Ubuntu on machines of folks who are converting.  Another key with rescueCD on it for diagnostics and data recovery.  Another key for me to try out the latest version of distros.  And so the list goes on, and then I end up with a small grocery bag filled with 1Gig usb keys each unlabeled and with unique purpose.

Enter the best usb boot tool I have found to date.  MultiBoot LiveUSB.  This software is truly amazing.  Will manage as many distro's/livecd's that the usb key can store.   Will let you load as just the live version or _also_ with persistence.  There are some limitations to which distro's have persistence available.  Most of those limitation have to do with the manner in which the .iso's are made.  The tool also allows you to remove old distro's and add new ones.  The tool also has a list of distro's known to work which looks like the majority listing of distro's from Distrowatch.

I can't say enough about this tool.  An affordable 8G usb key can now be turned into a virtual "swiss army knife" of bootable linux distro's.  It supports much more and my description of the software here is abbreviated.  The website is in original french, but the application has been translated into many languages.  Seems at this time there is no windows or mac port of this app, so you need linux to manage it.  So just to be ironic, maybe you make a persistence install on a usb key with this application installed to manage all other usb keys.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Mobilize PGP - IOS vs. Android

I have recently considered GPG quite a bit.   I can imagine quite a few uses for which is it not generally used that could greatly increase the authenticity of the internet, while at the same time generating a real world "web of trust" which if were as common in the vernacular as "Facebook" then many of our issues today on the net could be resolved.

I've demonstrated with a Tin Foil Hat listener how easy it is to set up gpg and use it with one of several desktop email clients.  I would have to say that I think desktop email support for gpg is a fairly common feature.  But I then thought that for my work and personal emails, I tend to process quite a bit of that on my mobile devices.  Mostly these messages are for consumption and processing and don't have a high security requirement.  But with both my ipod touch and my andoid mobile phone I thought I'd run the two head to head to discover what might be available and at what price.

Please also understand that this comparison does not enter into commercial phylosophy, political alignments or any kind of sponsorship agenda.  I just wanted to know which of the two device platforms would allow me to use pgp on a mobile device in the easiest manner.

On my IOS 4.3 iPod Touch 2nd Gen, I did find some application offerings for PGP (commercial version of gpg) which either cost ~$50 or ~$4 for decrypt only.  I found no applications which used gpg, but that might be due to the gpl limitations in the iTunes App Store.

On my Android phone I had already installed the APG app which is free in price.  This is the pgp portion of the solution since the native google mail app is great for the interface, it doesn't support pgp at all.  Then I discovered the K9 mail applicaiton which is also free and works direclty with APG for encryption support and it really does work.  I was impressed as well, K9 is very similar to the google mail app while maybe being even a bit more responsive.

So, in conclusion if gpg encrypted or signed email is critical to you or your work I would strongly recommending an Android phone with APG + K9 mail.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Apple App store - Best news

Well, there was an Apple event and the "Master -o- Disaster" opened that hole under his nose to my own personal delight.

While others rant on about the 2nd usb port on the new Air or the "Jobs Reality Distortion Field"™ I was resting, non-plussed.  Then came my bombshell.

In the next iteration of the Mac OS X operating system they are going to include a lot of IOS4 features including an app store.  Really?!?!?! An app store?!?!?  I think only two things, both I mentally scream at the top of my lungs:  1.) No greater validation of an idea that was birthed in Ubuntu 9.10 (to much ridicule) and 2.) fantastic, they will just give me another avenue to speak to and convert mac-heads.  I can already imagine the pitch line of "An app store, we have had one in Ubuntu for years!" only to see their eyes light up and beg me to install Ubuntu on their old Mac hardware.

Apple, if the best you can do with OS 10.7 is make an app store and copy Ubuntu, BRING IT ON!  I truly used to hold Apple in high regard for their design and user interface features, but this single action has pushed them to the modest position of "even" with Ubuntu and truthfully, a step behind since they had to copy it and there is "prior art".

Long Live Ubuntu.  Thanks Mac.  You are no longer my hero, just my pimp.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Distro Review: Crunchbang 9.04 + 10 Alpha 2

My review of Crunchbang Linux (herefore referred to as "#!" for ease of typing).  I did manage in the same 48 hour period try and use #! 9.04, 9.04-lite and 10-Alpha2.

The story begins with looking for a smaller footprint distro to put on my son's Asus eeepc 700 which has a dead SSD and is using a 4gb class 4 SD card as a hard drive.

Looked at a few and recalled "Crucheee" (I remembered the name being funny) so I went to look at the Crunchbang website.  Where I read that the old CrunchEEE distro was based on 8.10 (following the Ubuntu numbering scheme for which the distro was based) and that the current #! 9.04 had all the support for the EEE built in.  As I arrived at the download page I noticed the "lite" version and saw it was a smaller iso file.  So I grabbed that, put it on a usb key and installed it.

It runs great.  With the low memory footprint and smaller app selection the bottle neck of read/write speed to the SD card is not a huge issue once applications are open.  So the verdict:

✔ #! 9.04 Lite on eeepc 700 = Awesome, Fantastic and more.

Then I saw there was a "full" version and though, hey, I have VM space.  Let's take that for a spin.
I put it in, same experience with the wonder and grace of the full graphical install of Ubuntu, the software repo's available and a wonderful default configuration for Openbox I was very impressed.   So the verdict was:

✔ #! 9.04 Full in VirtualBox = Way Cool. Great Interface, a real treat.



So, I'm realizing that these versions are based on a distro nearly a year old and I think to myself, what would be better would be a newer version, with more current repo's and all the other updates.  So I return to the #! website to discover there is a "unstable" version.   Enter #! 10 Alpha 2 "Statler".  So I just did the sane thing and installed this over top of the #! 9.04 Full Vbox install.  Of great importance is to know that the new version of #1 (10) is based on Debian Testing (Squeezy).  This changed the rules for the installer (text and blah, but not impossible) and the first impression was the same as with #! 9.04, in fact the conky impression the menu's and most other things didn't change (in the Openbox version) from #! 9.04 -> 10.  The #! team has done well to make that experience so similar that the difference is almost unnoticeable.   Until you go to install chromium-browser from the repos which was removed 1 month ago from the "testing" branch of Debian.  If you can't tell by the tone, that's a fail.  There were 3 deb packages that I tried to install from the net (binary blob stuff) all failed on Debian that installed just fine under the Ubuntu 10.10 install I have right next to it.  Verdict of #! 10 Alpha 2:

× #! 10 Alpha 2 in VirtualBox = meh.

Total Summary,  I'm on a personal quest to install Ubuntu 10.10 add Openbox and "borrow" the default Openbox config files from a #! 9.04 Full install.  That way I get the awesome interface on the software/distro platform that offers me a large software repo, comfort zone (used since 2006) and keeps me on the distro that I recommend to folks (eating my own dog food).

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Ubuntu Countdown to 10.10

With the impending release of the next version of Ubuntu come the normal countdown banners.  I'm no exception to the long list of folks who eagerly await each new release.

While at the moment I am not aware of any must have feature, I have been quite happy with the incremental improvements from version to version.  I must confess though that the 10.10.10 countdown to so many things commercial is starting to wear on my nerves, but this is one countdown that I think is worth watching out for.

While I won't do a pre-release distro review of Ubuntu 10.10, I will be doing a post release since I have to upgrade all the systems in my home at the same time, so please come back for the full write-up.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

App Review (Update) : tty-clock - working on Ubuntu

Previously I mentioned an app called tty-clock.  I really do like it, but on Ubuntu it didn't quite compile nice so I thought I would give the quick "howto" get it working.

1.) Grab source code and unpack
2.) install the dependencies with "sudo apt-get install ncurses-dev ncurses-runtime ncurses-term"
3**.) Optional--Open the Makefile in the source code folder and change the $INSTALLPATH=/usr/bin/
4.) Terminal in the source code directory and do "make" (should have no errors) and then "sudo make install".

After that the tty-clock should be accessible.   For your information I use the flags to display seconds, center the time and set the color to blue.   Looks like "tty-clock -s -c -C 6" and I hope that might help you get it working on your Ubuntu system.   I've added a screen grab of my clock so you can see what the command does output.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Tip: Googlemail -> Gmail

If you were one of the folks who signed up at Gmail when the domain assignment was "@googlemail.com" visit your settings page right away.  I found a link there that converted mine to a genuine "@gmail.com".   You can find that link under Settings->Accounts and Import->Send mail as..->hyperlink to the right that asks "switch to @gmail.com"

While most of us knew that if you wrote to the @gmail.com domain with your @googlemail.com user it would forward and work, but your official login was always with the complete domain name.  All of that get's fixed with this click and all the software and apps out there that aren't ready to read in the @googlemail.com domain will work for you.

Check your account and get your free upgrade to the @gmail.com domain today!

-- CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Distro Review - Arch Linux

I have now given Arch Linux a "fair shake" and while I have not tried to use it as a substitute on my office workstation yet (I will be doing that in the coming week) I did spend a solid 4 days using it exclusively.

Verdict:

======

I would install this on a non-production machine or older machine and be very happy with it.  I was completely impressed with it's speed which I blame on every bit of code being compiled on install.  I was moderately impressed that between official repos and the AUR I was able to find 99% of the software I was looking for.  I would not recommend this to any new Linux user but would happily recommend it to anyone with some Linux experience under their belt.  The Arch Wiki was truly impressive for content.

I need to preface my tone with the declaration that I completely expected to not enjoy Arch very much.  I am an Ubuntu user now for quite a few years and while that might upset some, it is my pragmatic step to ensure that I have ease of use, a vast repository, and an enormous community.  This article is just my opinion.  It is in layman's terms and isn't trying to be the technical digest of the Linux community.  

It was after a phone call with one of my friends that has fallen completely in love with Arch that I thought to give it another try.  I don't normally have a lot of time to review full blown distros just because to learn their quirks and getting to really know a system I feel takes more time than I normally have to spare for that kind of activity.

I like Arch, and that is my official declaration.  Official repos plus community maintained.  Automatic dependency resolution while compiling all apps in real time.  This is a great cross of the speed/performance increases you normally see with a Slackware (custom compiled) system but with the software management ease of apt-get or aptitude.

In fairness, the repo's aren't as large as Ubuntu.  But most of my needs were found in the official or community repos.  There were only a few apps where source installation was needed.  I also must give great credit to the Arch Wiki.  While not  the prettiest wiki I've ever seen, the documentation on it is accurate and complete.  Any reasonably experienced Linux user could follow the guides that are online at the wiki and have no issue using the system (command line time required).

The speed is insane.  On a VM using 1/4th of the system resources, large apps (i.e. OpenOffice.org) opened in order of magnitudes faster than on the native OS and hardware.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Command Line Time - tty-clock

I was playing around with Arch Linux (another blog post soon to follow) and I found a neat little cli application.  I should say "cute" instead of neat.  I should also put this application find in the context in which I use it.

The find is tty-clock, it is a simple digital clock with only a few options.  In my daily pattern I have terminator open with multiple screen sessions to multiple servers.  In each of the screen sessions I'm using the byobu (formerly known as screen-profiles) to give myself a "taskbar" for the screen sessions.  This app, is then just one horizontal and vertical split in a screen filled with terminator with many tabs and splits already.  and it just means that without squinting, I can actually see the time.

This is what tty-clock looks like in action.  With just large Atari 2600 generation 8-bit color and date display centered in the open terminator split it is simply understated and serves it's purpose.  ->

I did also find binclock.py which is an executable script and while it serves the same purpose is the binary clock version.  After downloading, just set the python script to executable and put it in your path (/usr/bin/ or so) and run it. So yet one more split with even more time telling fun.






I do want to give all the credit to the links I found these gems at, I was for the most part cruising and looking for Arch Linux stuff and I came across this stuff.  So I found these apps by looking through K.Mandla’s blog, and Yu-Jie Lin's feedburner got me some other stuff.  Seems they are cli junkies like me.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

sc - command line spreadsheet

No surprise to folks who read my blog, I really dig on command line apps.  Well, after another visit to my favorite web based list for cli apps (thanks Jared Lee) and started to play with sc (available even in Lucid 10.04 repos).  This app is for command line spreadsheets.

Command line spreadsheets, well, yes.  I actually have a few use cases where a sqlite database would be way over the top but there is some math I would prefer not to do by hand.  That's what spreadsheets are good for.  sc comes to the rescue.

While I'll confess there is no easy import/export via csv or some other stuff, it is very versatile and does offer a text export which calculates the formulas and shows the layout as if you were using the app.  Let me show you a few quick shots.

First, using the app:

Second,  the format of the file while being used by sc, bear in mind this is also clear text:

Lastly, this is what the text export of the same document looks like:

I hope this might give you some ideas on how to use this quick, simple and easy to use program in your personal workflow.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Discovered Nugget - nmon

 I have to confess that I picked up on this little command line gem as a result of my subscription to a paper magazine.   Linux Magazine had a feature written by Charly Kühnast describing the application "nmon".

This app was a simple "sudo apt-get install nmon" away and was in my Ubuntu 10.04 repos with no further setting changes required.  The application does need to be run in a terminal.  It does not require root permissions and has a great many monitors that are available for viewing in both a real-time and a collection mode depending on how geek your statistic and performance needs are.

I have a screen shot here of the application running in a tall 1/2 wide screen with just a few (not all) of the monitors activated.

I was quite impressed with the monitors/sensors available and if I read correctly there is even a "plugin" system by which monitoring scripts might be plugged in to display monitors that are not predefined.

In my set up I have activated all except memory and processes and run the "htop" command in the a terminal adjacent which then shows almost all possible performance real-time data available in one manageable and comprehensible screen.

Enjoy this app and add it to your list of favorites to use while embracing the command line.

--
CafeNinja



This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Gmail: mutt vs. web interface

I am a very serious gmail user.  I think it's a good service.  I have already written on this blog that I am a serious fan of the mutt email client.  Please understand that I don't feel that any other gui mail client competes for the speed with which I can process my email.  So I don't want this to be a email client vs. email client war, I've already said my peace on that and if you don't like that please find another blog.

I do think it's important to check and see what the critical differences are in the two methods I use to access the service.  Clear declaration, that I use imap with mutt so I am not caching or storing the email local (i.e. POP3) which might make a difference in this argument.

After using the web interface with the google labs on for keyboard shortcuts, and giving myself a solid two week time frame during which to become proficient with using the keyboard with the web interface.  I have to say that is can be quite efficient on it's own and very usefull, so the below comparison has everything to do with web+keyboard vs. mutt and the efficiency with processing/managing emails.

Gmail web Pros:
Search speed: very fast and process all headers and body.
Open Access: any OS, any PC commands and interface available

Gmail web Cons:
No gpg support: not for key verification, not for encryption.
Conversation presentation: does invite confusion about where messages are

Mutt pros:
More refined searches: the limit statements are crazy specific
GPG support: completely, inline.
Closed Access: w/ssh access offers only encrypted channel

Mutt cons:
Software requirement: somewhere there must be software installed
Complete searches: if you do a search of body content takes a long time

I have to confess, that with multiple accounts, I have a serious need for some features on some accounts and needs for other features with others.  I actually have one account that I use both interfaces with often.

Find you comfort level, be realistic about access and real needs, if you would like to have high security and choose mutt, it might be very uncomfortable to use a mobile phone for access with a crampped keyboard.

Be practical, pragmatic and safe.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Mythtv - wow, why didn't I do that before?

MythTv.  I think most of us have heard about it, but have put if off since it sounded too difficult, or complicated or required a bunch of hardware we didn't have.

Well, this changed slightly for me once I had enough of a media library (don't ask me where I got it from) that it was just becoming silly to manage on one computer connected to the TV in the living room.  With some shows for the oldest son only, some shows for the wife only and then some shows that really should have all of us together in a room at one time, it was becoming too restrictive to tie the media to a dedicated machine, with single user and single space access.

So I dropped in mythtv.  Standard repo stuff from Ubuntu 10.04.  I added all the additional repos that looked interesting and that gave me the server "backend" and the player "frontend" on the house server which had all the media.  I then installed the frontend on 2 mac's, and 4 other Ubuntu systems.  And now everyone can connect and watch their shows without needing to be in the living room.

I had a few glitches, the mac binary frontends were the easiest to set up.  But once done, it's running great.  I will be taking the time to push over the photos and the music since that just makes since as well as it's working for video.

-- CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Dropbox on a Headless Server

I know there are a few guides for Dropbox on a headless server.  I noticed that my experience wasn't 100% as advertised, so I wanted to post here on what my process was (repeated on 3 servers for accuracy)

First the requisites for this activity.  You must have a ssh account and my advice is to make sure you have the same disk space free on the server that you are using in your Dropbox account.  For the free version, that means 2Gb of disk space.

Next I need to install the application, this is done on the server account.  I had in all 3 cases to launch the "nautilus" application one time.  So I connect with the "ssh -X" for allowing X11 export over the connection.  Once connected the next thing was to get the dbcli.py script from the Dropbox Wiki.  On the server I used:
   wget http://dl.getdropbox.com/u/43645/dbcli.py
   chmod 755 dbcli.py
This gives the application in the home dir with executable permissions.  Now run the script with:
   python dbcli.py install     <--- mine was x86 the other is x86_64
This step will download the tarball and start to set things up.  Mine hung after it downloaded everything and put it in the right place.  I then escaped with ctrl+c.  I then launched nautilus with:
   nautilus
This brought up the view of the home folder and then the splash screen for setting up the Dropbox account.  I entered my account details and let the folder sync the first time.  Once done, I closed nautilus and disconnected from the server to forcefully break the 2nd Dropbox icon it put in my computer's systray.  I then reconnected WITHOUT x11 forwarding and launched the daemon in the background with:
  ./.dropbox-dist/dropboxd &
This should fire up the daemon to run in the background.   After that you can check the status of the daemon with the dbcli.py script with:
  python dbcli.py status
That should report "up to date" as long as it is running and healty.

You might need to restart the daemon if the server machine reboots.  But for my headless servers that doesn't happen very often.  I have seen this work perfectly with the syncing that Dropbox does and works just as expected and seen with any other desktop machine.  I really enjoy this idea since there is a disk space use limit built into the account.  Also, this provides a truely off-site backup storage to ensure against any disaster recovery issues.  So with my last post about using gpg to encrypt files and edit them, it means that even if the server security is compromised, they won't get any data from my files unless they have a supercomputer and 20 years :)

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

vim + gpg + dropbox = secure passwords

Finally accomplished a multi-system synchronized encrypted password file.  Let me tell the short and then the long version.

The short version is
1.) gpg encrypt a text file
2.) store it in a shared dropbox folder
3.) add vim gnugpg plugin.

The long version of the story is that Dropbox has added a functionality to share a folder with other Dropbox users.  I have a Dropbox account for each operating system that I use (3).  So I can modify on one machine and it will get pushed to all the other machines.  I also found the dbcli.py script which lets me run dropbox on a headless machine.

I already have 2048 bit pgp keys created.  I used that key to encrypt a text file to myself.  The file I had was a text file that I was using to record my passwords.  With the command "gpg --encrypt filename"  will produce an encrypted copy with the *.gpg extension.  This new file I placed in the shared dropbox folder and created a symbolic link to it in my home directory.

Then after creating the folder ~/.vim/plugin and moving the gnupg.vim into that folder I was able to open and edit the gpg encrypted file after typing my passphase for the key.  This extension turns off the auto-backup feature of vim to prevent a clear text copy from being anywhere but ram.  Once writes to the file are made, it will re-synchronize with the other computers automatically.

With this new process I am able to view, search and edit my password file even on a mac (with vim and gpg installed).  Of note, I also have a Truecrypt volume in this same shared folder and once a month I do a plain text export into the hidden volume of a Trucrypt drive.  This allows me additional access even if I do not have the permissions to install all the needed components.

Now I can use strong secure and unique passwords for every online service I have.  I even took the opportunity to generate a few passwords and keep them in the password file directly in the case I needed to update a login without command line access to pwgen.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Password Generation for security

Security and safe passwords are very important in today's online world.  I used to have unique passwords for "levels" of security.  Realizing that if some service from low level was compromised that access to the next level would be easy.  I realized that the best way would be a strong secure password for each online service was the best way to go.  This way there is no way to "escalate" privilege level from one online service to another.

Since I already have a method for recording my passwords, which I'll get into during another post, I though I'd share the command that I use to create new passwords.  I use the package "pwgen".  The output of this command as quoted by Bessy produces quite a few unique passwords which satisfy most secure password definitions.  Most are produced with a portion of it that can be pronounced as a word, which make them in the realm of possibility to actually remember.

Output looks like:

cafeninja@vegeta:~$ pwgen --alt-phonics --capitalize 9 10
joo0kai2Y loh6Chi6y Chei4pei8 AiNoch2ua eeXeeF8Ee veeh3Eer4 Vah2fee8v ve4uegh7E Oa6chahmo Ish2voc2c

Using this tool I can make secure passwords for any account online.  I recently used this command repeatedly as I converted my multitude of online passwords from levels (5 different passwords) to a single password for each.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Karmic testing - Bluetooth Proximity (bluesproximity)

During my Ubuntu 9.10 testing, one of the things that I regularly do is crawl through my modified Apt sources list to see what if anything has graduated from PPA into the official repos.  The other benefit is to see what applications have been added to the repos that are similar to the ones I use already.   Change is sometimes good.

Today, I was going using the new "Ubuntu Software Center" to see what I might find that I had been missing as well as to check out the interface.  What I discovered, installed and used (all in under 5 min) was the Bluetooth Proximity application.  This does exactly as advertised.  Any previously paired device can be used, distance for screen locking and unlocking are adjustable.


I have to say it "just works" and locks the screen as soon as I am more than 6 meters away from the computer and doesn't unlock it until I'm closer than 4 meters.  No more forgetting to lock my screen when I step away, and no more typing my pass when I return.  The default screen saver settings remain and the proximity meter can be turned off and on.

I had heard of a way to do this in previous versions that was a bit of a hack and required a collection of scripts.  Now, in one easy to use gui front end, the entire package can be set up.  If you frequently step away from your computer for just a few minutes, I would highly recommend the is application.

--
CafeNinja

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.

Ubuntu 9.04 Jaunty Jackelope Review

Ubuntu which has been my Linux distro of choice now for just over 3 years had it's most recent release at the end of last month. With version 9.04 codenamed Jaunty Jackelope, Ubuntu has made what I think was a more polished interface, and while notable improvements I found it not to be a revolutionary change from 8.10.

I am one of the lucky ones who did not lose any functionality with the upgrade (there have been some strong voices who did) and I would like to point out that a great many things that are the Ubuntu release are not entirely the result of Canonical directly, but rather upstream developers. As with any distribution the operating system is a collection of coding, improvements and bug fixes from many varied sources. Most times this works out just great, but others is has negative effects.

As to the positive, it won't be the first time you hear about the new system notification system which I find to be matching that of the Growl notification system you can install on a mac. My 2 points on this would be that 1.) great the way that they make the notification bubble disappear when you mouse over it (I tend to be going for something under the bubble and not the bubble itself and 2.) I do miss that there seems to be no control panel or preference pane for the notifications (I might prefer to have those remain open until acked by user or display for a longer period of time so I can actually read them).

On my systems which are now a bit "long in the tooth" have not seen the dramatic improvement in performance in boot and operation. I have not done everything possible to improve my system performance to date (reduced unused kernel modules, formatted to ext4, etc.). I have noticed that it seems to be quite stable and solid and as reliable as my 8.10 install was.

My summary would be that I'm happy with the new version, it offers some "spit and polish" to what is already a very healthy Linux distro. I would have no reservations about recommending this version over any previous versions. We have now seen 3 steadily improving version of Ubuntu released all of which were evolutionary and not so revolutionary, I hope that in the next two versions or so that Ubuntu does some of the "stand-up, pow, knock your socks off" stuff that they managed to do in some of their earlier releases that really set them apart.

--
CafeNinja