Ever wonder how you could get a solid Security Enhanced Enterprise Grade Linux Router/Server with ftp, apache, traffic shaping, pop-up blocker, content filter, intrusion detection/prevention, and other nice handy tools that every robust server should have...and here's the kicker...installed and running in about 30 minutes in your home? I know quite a few friends of mine that went out and bought routers from brand names like Linksys, Dlink, and Netgear and then bragged about how cool their new router was (especially concerning 'gaming routers'. Good lord that's a con). I then showed them that their router was hackable within a few minutes because most of them didn't change their default password. It's interesting also that their routers didn't do a whole heckuva lot other than route traffic...without throttling or intrusion prevention/detection. On those that were wireless...after some intense packet sniffing, I logged into their network and began surfing the web.
The bottom line is...most routers, if not configured correctly and used to full potential, are wide open and provide only a few functions. If you're like me, this just won't do. To combat this in the past, I used to use Red Hat 7.2 on a PI 75Mhz like an appliance to provide DHCP addresses for the LAN and a tidy firewall via ipchains and later iptables. Now there is a Linux distro that is more robust, more organized, and much more dynamic than most Linux router/server configured systems and it provides MANY functions. That distro is ClarkConnect. Today, I'm going to take a look at ClarkConnect 3.2 and show you how you can secure your network using its web interface and excellent administration tools.
Perspective. It's what separates one opinion from another. A person who looks at a glass that is half empty may be despondent but a person who looks at a glass half full may be full of joy. I like to think "Hey! Who the hell put that glass on this table anyway?". We all have different ideas that shape who we are, what we do, and why we do it. Often, these ideas blend into our interests and hobbies. With free and open source software (namely Linux) we see this frequently...especially when debating on the subject of libre and free.
Often, it's attitudes, egos, and intelligence that make this gap between users' perspective even wider. What's interesting about all of this philosophy and debate is that it is more prolific now than it was 10 years ago. Why? Well, more users of course! Linux and open source are enjoying a very large following currently. Add more users to the fray and you're bound to get more perspective...for the good things and the bad.
Working with users at work who don't even know how to place clipart in their MS Word docs (I sub in for helpdesk since we're a smaller state agency) got me thinking the other day. Where does the new user fit in with this philosophy and debate? How are we to get their perspective across to programmers, developers, application hackers, and designers? The more I thought about it, the more I realized that Linux has arrived at a point unprecedented in history...when a Linux desktop is usable and productive. As Uncle Ben said in Spiderman 2, "with great power comes great responsibility". I feel the community is being irresponsible on this...and yes, it is all about perspective. So please read on...let's see if we can change your perspective a bit and close the gap between new users and advanced users.
Doesn't sound like anything new right? Well, some people may not know of this method. To host your own webpage you don't need to spend 7 bucks for a domain. You don't need to get a hosting plan. You absolutely do not need to get domain name services through a provider. You can even host your own webserver using a dialup connection (that's right...I said dialup) although I don't recommend it (but I've done it using 56.6kbps).
Why would you want to do this? Easy...to stay connected to friends and family...perhaps throw up a gallery so that your grandparents can see pics of your new dog/car/tinfoil hat. Sure, you could waste my time with MyWaste..er..space and be barraged daily by advertisers and solicitors...or you could roll your own web host, install a gallery or website, and provide media to your friends and family without costing yourself a dime. That's right, NO COST (except time spent getting it running). Just remember, your website might not survive a digging or slashdotting if you run it yourself. Keep that in mind So without more chatter, let's get to the meat and potatoes of things:
Do you cringe at the thought of buying a domain and putting up with the headache of trying to make sure your IP address is up to date with your domain? Do you hate the 40 dollars you spend on DNS service each year to resolve your IP address to your hostname? Read on and learn the the flat-broke-and-busted way of maintaining a fixed hostname for your IP...even if you have dialup.
I'll divide this up into 2 sections. The first will deal with Linux. The second, Windows. This is only something that I've found easy to do and the price is just right (it's free). The only thing that I recommend is a dedicated internet connection (cable, DSL) but even this is not necessary. I recommend that you use the Linux way of doing things since it is more secure and doesn't require a restart everytime you patch it.
*note: I'm assuming that you aren't behind a firewall/proxy of any kind. If so, you'll need to configure this on your own as an extra step.
No matter what version of Linux you run, chances are that you'll have the apache webserver installed by default. This is good news as over half the websites of the world are run by the extremely efficient and speedy apache. I'm not going to address the specifics of how to set up your page...only how to get it a fixed address without buying a domain. So, you have your pages dropped into your webservers public directory...good. Now, how to resolve your IP...lets say it is...18.104.22.168 (for our example) and you want it to have a host.name.com to bind to. Easy. Go to http://www.no-ip.com/index.php and sign up. You can get a site from noip that is like yourname.theirdomain.com/.net/.info. They have cool names like sytes.net and servebeer.org...even workisboring.com
You'll be able to choose your own top level name...for instance, Ithink.dnsiskinky.com could be your new domain name. Next download a client from the download tab: https://www.no-ip.com/downloads.php
The linux client is a tar.gz source and is simple to install. Follow the instructions. You now are the proud owner of yoursite.theirsite.com and your IP will ALWAYS update (as long as noip.com is up) each time you log on/sign on/beam up or whatever it is you do.
How does this help you? Well, if you're like me, you have a dynamic IP address. If you connect to the internet via cable, dialup, or dsl...you also have a dynamic IP address. Dynamic means that it will change from time to time without warning. So by binding yoursite.theirsite.com to your IP address...you don't ever have to worry about what IP address you have anymore. Instead, you'll always be able to connect using yoursite.theirsite.com. You can host a webserver using Apache and a virtual host in this style as well (look for another how-to on this subject later) so that everyone can visit a shiny website at yoursite.theirsite.com. Read More
With the popularity of Ubuntu swelling these days, one can hardly visit digg or other tech news sites without seeing a Dapper Drake or Breezy Badger (both recent titles of Ubuntu releases). Another strong indicator that Linux in general, dapper drake aside, may be seeing an influx of users is the news that Microsoft receives a call back from Windows computers daily. Many users expressed deep concern about false positives where Microsoft receives reports that you are using a pirate copy of Windows when you are running a licensed version. Also, why not examine why WGA (Windows Genuine Advantage) fits the bill for Spyware? So, what's a ticked off user to do? Give Linux the old college try, that's what!
Update! Before you read the article, please note that an inaccuracy of Point Number 3 has been pointed out in comments by cafeina. Thanks for pointing this out...there are downloadable guides for Ubuntu Dapper Drake available at http://help.ubuntu.com. These guides could be much more user friendly (they don't have pics included) but that they get the job done quite nicely. Thanks for pointing this out Cafeina!
I've seen an influx of people dusting off Mandrake (that's right, Mandrake not Mandriva...we're talking pre-name change) and Red Hat 7.2 disks and firing off questions in forums about how to do various things in Linux. Renewed interest in alterntives to Microsoft coupled with big headlines for Ubuntu means many new users are examining Ubuntu when they evaluate (or re-evaluate) the state of Linux. This being said, I have 5 Tips for New Ubuntu Users that you won't hear anywhere else.
Some of you may remember a previous blog entry I penned that looked at Linuxworldexpo.com. In that entry, I discussed the fact that the website linuxworldexpo.com for the LinuxWorld Expo 2006, one of the largest Linux trade shows in the world, is powered by Windows Server.
Some comments on this article when it hit the newswires at Lxer were that it was spotted previously by a site member. I revisit some articles from time to time just to clean up appearance and layout (since I've migrated site themes, been doing this quite a bit) and I noticed that Linuxworldexpo.com isn't the only website that is powered by Windows. LinuxWorld leaves many of its sites to be powered by Bill and the gang:
- Linuxworldexpo.co.uk (previously reported by theregister)
- Linuxworldexpo.com (netcraft report)
- linuxworldexpo.com.au (netcraft report)
- linuxworld.idg.se (netcraft report)
- linuxworldchina.com (netcraft report)
- linuxworld.dk (netcraft report)
- Linuxworldsummit.com (netcraft report)
Some of these sites above aren't live... but most of them are from the same netblock, Level 3 Communitcations, Inc. Some side info to note: Level 3 is having SEC problems currently and the Yahoo Finance Boards are a hoppin with various messages with some predicting a huge fall and others comparing it to Worldcom. Now back to our subject. We've identified the netblock, but let's get a bit deeper and find out other information.
A quick "jwhois linuxworldexpo.com" yields the following information:
International Data Group, Inc. (DOM-373431)
5 Speen Street Framingham MA 01701 US
Domain Name: linuxworldexpo.com
Registrar Name: Markmonitor.com
Registrar Whois: whois.markmonitor.com
Registrar Homepage: http://www.markmonitor.com
International Data Group, Inc. (NIC-14208833) International Data Group, Inc.
5 Speen Street Framingham MA 01701 US
firstname.lastname@example.org +1.5089354686 Fax- +1.5084244807
Technical Contact, Zone Contact:
Donna Moschella (NIC-14208849) IDG World Expo Corp.
3 Speen Street Framingham MA 01701 US
email@example.com +1.5084244801 Fax- -
Created on..............: 1998-Sep-30.
Expires on..............: 2007-Sep-29.
Record last updated on..: 2006-May-17 11:10:55.
Domain servers in listed order:
MarkMonitor.com - The Leader in Corporate Domain Management
A quick lookup on markmonitor.com and we see that it's not really a host per se...but a domain management service provider. I did a quick search for Linux on their site which yields no results. This quick search doesn't really tell us if LinuxWorld has a choice in the matter of hosting...it seems they're given a platform on which to run via MarkMonitor.com through the Level 3 netblock. Taking a look at NetworkWorld, their parent company, we find a Linux Host? That's a bit odd. Their old parent company IDG.com was always running on Windows but it seems they should have a choice for themselves (Linux and Windows hosting platforms) since their parent company is powered by Linux right? Are they letting their services purchased expire? Are we set to see mad changes for Linuxworld domains? Who knows. We can only comment on the current.
So one would hope that LinuxWorld would have the ability to 'choose' what platform to run on. It seems that this may not be the case. As stated, some of these sites don't resolve aka they have no public face and resolve to nothing. If you're an avid Linux enthusiast and think that any Linux News site should 'walk the walk' when they 'talk the talk' then LinuxWorld might be one of the places you avoid...at least until they can show that they deserve to wear the Linux name by hosting on Linux. Afterall, what would Microsoft.com hosted on Linux be? A laughing stock one could bet.
I do recall a time when LinuxWorld was one of the only magazines and sources for enterprise Linux news. It seems they've gone downhill quite a bit...according to alexa.com, their traffic has dropped through the floor during the past year. Not only that, but since the relaunch around the first part of June 2006 in which they were put under new ownership from Network World, they've had little activity on their website. For example, look at their <sarcasm>wildly active forums</sarcasm>...spammers don't even try hard to post there...and why would they? Is anyone reading it?
Interestingly enough, macworldexpo.com is also running on Windows, which is silly to me as well. Oh well, life is full of conundrums right? Perhaps LinuxWorld being powered by Windows is meant to be? Who am I kidding! Roast those turncoats! lol.
Statistics are something I love. AWStats is my friend. We go out on Fridays and I buy it shots of Jack at the local tavern. Seriously though, statistics are something I generally love to look up and ponder...mainly because with statistics, time is a huge factor and in business time is money. So, if one can learn from past statistics to save oneself time and effort, business can benefit...which explains my interest.
I recently moved and during the move found a couple of old hard drives. Dusting off and installing one brought back some memories...it contained an install of SimplyMEPIS 2003.10, which was my second install of that particular OS. This got me thinking...I wondered what benefits MEPIS garnered from my old, defunct enthusiast site mepislinux.org? At the time and shortly thereafter, no benefits were clearly visible. In fact, with my somewhat loud depart from the MEPIS community, there were many claims that both my site and I did nothing for the distro.
With Google Trends, statistics are at my fingertips. Using this site, I'm able to look back in time and see if my old 12 page review did any good at all to help MEPIS along...I was very surprised to see that I was part of the highest surge MEPIS has made to date according to Google Trends.
When his defense asked,"Which computer has Jon [DVD Jon] trespassed upon?" the answer was: "His own."
Once upon a time there was a man named Frank. Frank was just like any other Frank, albeit a bit more cynical and curious. Frank was walking through the park one day when he happened upon a curious sight of a glowing doorway. Being curious, he investigated this curious phenomenon with infinite impetuosity. Unbeknownst to him, this doorway led to the future. The sights he beheld on the other side of this time warp doorway continued to pique his innate curiosity. Frank wanted to know what was going on at the other side of this door and he quietly slid through it.
Frank was astounded at what he saw. There were no cars on the road. People were walking everywhere. He grabbed a newspaper that blew slowly past him on the wind and was surprised that the date was 10 years ahead of the date he saw in his morning newspaper. Frank quickly came to terms with what had just happened...he had found a doorway through time which propelled him 10 years into the future.
He sat down on a bench with millions of thoughts whizzing through his brain. Questions began popping in his thoughts. He decided to investigate this future world so that he could find out where society was headed.
Frank quickly located someone walking by, stood up and asked the question, "Excuse me but, I don't see any vehicles, why is that?"
The person looked at Frank with wide eyes and said, "Well, no one uses vehicles anymore since the RM Movement restricts types that can be used in different regions of the country"
"Yes, Rights Management Movement. A few years ago, the Digital Rights Management act was passed which allowed for the regulation of consumers right to use digital media as they saw fit in the privacy of their own home. This paved the way for the Rights Management Act to go into effect a few years later."
"But I don't understand...this is America right? There's no way we could restrict rights like this."
The person responded in kind, "It was much easier when the Patriot Act became permanent."
Frank pondered the point a minute and asked, "But this still doesn't explain where the vehicles went!"
"Well, yes it does. With Rights Management, vehicle manufacturers required that you register the vehicle with them and buy a license to operate that vehicle on top of the operators license the government has. This license limits you to drive their cars in certain areas of the United States. This is one of those areas. For example, you can't drive Fords in Kentucky since its region code is a 2, which is for Chevy's only."
"Region codes?" Frank interrupted. "You mean like DVD's?"
"Yes, region codes like DVDs...although Blu-Ray and HD-DVD antiquated the region requirement for media, automotive manufacturers picked up the region idea from DVDs. The US has been divided up into regions where rights are managed according to physical location. Companies purchase rights in these different regions through the government so that their products can be sold and used in these regions."
"But how can they expect to tell me what to do with something that I BOUGHT?" Frank exclaimed
"Well, they started it with Digital Rights Management. DVD's and Music were first and since these are just creative works...the Rights Management spread to other creative works. Since an automobile is just a product of manufacture like a computer or DVD player the line was blurred as to how much control companies could put on their products. With the DRM Act, you couldn't play a DVD on any player other than the ones approved of by that DVD company...they regulated where and how you could play it"
"But that' s idiotic" Frank said, "I bought the stinkin' thing, I should be able to do whatever I want with it after I buy it. If I want to use it as a Frisbee or drive it off a cliff, I should be able to do so!"
"With the DRM and RM Acts, you can't. The company reserves the right to have you use their product the way they intended it to be used."
"But doesn't this stifle creativity?" Frank asked. "Doesn't this limit things considerably? For example, Post Its would never have been invented because they used an adhesive that was already available right? So that would have been illegal because the adhesive wasn't being used in the right way and if 3M didn't own the adhesive.."
"Well," the person responded, "if Post Its had been invented after this act and 3M didn't own the adhesive, I guess they'd have been outlawed...but since it happened before, they slip past regulation."
Ubuntu just doesn't want to be chosen for me. I've had nothing but problems with it since I started going on it. I decided that it would be easier to use Ubuntu (1 disk install, apt-get abilities) to house the in house Intranet portal page here where I work. However, I didn't count on Ubuntu having so many problems.
The first of many problems was mod_ntlm. This Apache module WILL NOT compile on my server. I emailed someone who actually got this to compile in Ubuntu and asked for how they got it to work, implemented their changes in the .c file, yet still couldn't get it to compile. This reason alone is enough for me to not use it. But there are more reasons still that Ubuntu doesn't do it for me.
The second reason is going cold. What I mean by going cold is that it almost froze up. For example, it would take over an hour to run apt-get update, about the same to run apt-get upgrade (depending on downloads) and even 20 minutes to do a standard ls -al | grep keyword command. After a reboot everything was fine. This led me to believe that some sort of power saving module was kicking in. So I removed all power saving modules, recompiled a kernel from scratch, turned off all BIOS power saving items, crossed my fingers and rebooted. Even with all of these actions, Ubuntu still went cold after a day of uptime. This is on an IBM NetVista P4 with 1 GB RAM. Ubuntu however will not be staying on any PC at my job due to the previous problems experienced.
I've got an exact match of this machine to provide backup for it so I've simulataneously been using CentOS to experiment around with it. There's a reason that Red Hat is the leader in the server arena...because they get it done and provide a fantastically stable Linux environment. CentOS is repackaged Red Hat Enterprise Linux and it is fantastic. So from this point on, Ubuntu will not be actively developed on by myself...I'll be using CentOS from this point on. Which leads me to the decisions I've been trying to come to.
I've been trying to find a good portal CMS that can house documents and provide news announcements for my department. No chat is needed...no forums...just a repository for docs. With all of this being said, I need to provide a flexible solution to house these documents as well because who knows what the director will come back and say. Perhaps tomorrow he'll change his mind and want to have all documentation developed and worked on in Sharepoint and all reports to go on our intranet page. So I need flexibility if I'm going to get a CMS running on Linux and I need it to be stable so I can show tangible results to upper managment. Otherwise, they'll continue to go with what has been working for them...and that is Windows. Read More
May 12: LinuxWorld, Powered by Windows?
I looked at their site report from Netcraft and saw that they have just changed within the last month. As I've spoken about in the past, some of these larger linux websites/news agencies have really gone down hill. I used to think LinuxWorld was a really great magazine/website. Then they go and pull something like this. Oddly enough, their website has been suffering as of late: According to Alexa, they've been on a steady decline since 2004. In fact, my lowly blog here has been garnering more traffic than their site according to Alexa. You do the math...if they can't beat my silly little blog in traffic, they're going out fast.
Don't worry though, I at least have enough sense to always power this site with Open Source and on the Linux platform...even though my primary job is with Microsoft Windows 2000 and 2003 servers. I may be good at Windows AND Linux but I'm no sell out. I bet LinuxWorld wishes they could say the same. I'd cancel my tickets and reservations if you have a spot at that expo. Make sure you check out the heavy hitters that are there too and express your opinions to them on this subject.
Beginning this month, I'll be attempting to infuse my place of work
with Linux. I am an new Applications Analyst and resident AIX/Linux
expert for a government agency that lives and breaths Microsoft. I feel
that Open Source software, mainly, Linux...can be a great addition to
this agency. I'll be documenting my attempts here while I go along. If
you have tips, tricks, solutions, advice or supportive
comments...please respond in kind.
Well, Ubuntu had some troubles but CentOS did a fine job for me. The problem was in the compilation of the mod_ntlm module for Apache. Ubuntu couldn't get it right. Changing the makefile a bit (Thanks Billy!) did allow me to post the mod_ntlm.so file (finally) but I couldn't get things to work for Apache 2. I reverted back to Apache 1.3 on the Ubuntu box but ran into the same problem that I did on the CentOS box with odd authentication issues. Alternatively, CentOS had no problems compiling the mod_ntlm Apache module for Apache 1.3 OR Apache 2.X which was much better than Ubuntu.
Of course, the real problem wasn't getting the various software installed, the problem was doing it in the correct order. My advice to someone that wants to use mod_ntlm with Apache to pass parameters to a zope server for plone: Install zope and plone first...get a working site up and running on port 80 (intranet site that is) THEN install apache and work on mod_ntlm. I had trouble figuring this out as most of the instructions I found allowed for Apache to be working first before the zope server comes into play. Another thing you could do is turn off Apache during your zope/plone configuration.
Something else that is odd is that by default when you install zope in CentOS, it isn't started. You can add it to automatic start using checkconfig in CentOS but finding out where the rpm installs zope is another story. Not being familiar with zope hindered my progress initially. After some fumbling I was able to get things working.
Overall on both the Ubuntu and CentOS installs, I was able to get things in working order but could not get Apache to use mod_ntlm correctly. Normally, if mod_ntlm is setup correctly and all directives are listed correctly (I was using .htaccess to house the ntlm directives) you'll get to a page 404 not found if accessing the document root. Instead, I received 401 Unauthorized Access. This meant that I was not validating according to Apache to my active directory source.