Twitter Stats

Interesting, I didn't know I was one of the first people to twitter in Southern California (#15). http://twitterholic.com/top100/joined/bylocation/Southern%20Cali/

I also didn't know I am ranked #41 in the update category for Southern California. http://twitterholic.com/top100/updates/bylocation/Southern%20Cali/

Overall stats: http://twitterholic.com/dexterous1/ I'm ranked #2,544,961 :P

Cell Signal Extender

A while back I bought a cell signal extender. It turned out that the one I bought didn't work too well in my area. I had bought a zBoost YX500PCS. This works in the upper frequencies . It escapes me what frequency it was at, but it worked well for 3G internet connections, but not for phone calls (which I cross referenced on forums and it turns out that cell carriers sometimes split data and voice to take up more power on a certain frequency). I'm on Verizon Wireless, and in my area it seems VZW works on the ~800MHz range.

At any rate, I sold it on eBay and got a YX500CEL. I tested using it and saw a bar or two more on my Droid. When i placed a call, it would jump to four bars. My data went from RTTx1 to 3G. I put it away, and spent the next couple weeks thinking how to mount it. Outside would be best, but I live in an apartment on the bottom floor, and the walls outside seem to be made of a concrete of sorts. After further reading of the manual it also seems that I would have to ground the antenna for the extender. Even after all of that, I still would have to drill a whole to bring the coax inside from the antenna to the base, or get a window cable replacement that zBoost sells. Time to hit the manual again and see what my options were.

The manual says that the easiest way to setup is inside near a window. So I tried holding the antenna near a window and did some testing. Success! Good signal, and OK coverage. Had my wife check, and she didn't like seeing the coax hanging off of the curtain rod, so i took it down, but knew what I could do. The next day, I mounted it near the window, ran the coax through conduit I've laid out for my gigabit cabling i did a while back, and voila. All good, AND concealed behind a curtain.

So far, so good. I'm getting good coverage and wrote this blog on my Droid using only Blogaway and a 3G connection. The pics are the antenna mounted (revealed, and concealed) and the base.

Cloning Windows Servers for Free.

So, I was under some crunch time, and needed an imaging solution. Unfortunately, I didn't have access to any paid solutions, so I had to turn to open source. Now, I don't mind open source, but I rarely use it in big production systems. At any rate, I went ahead and chose one and began using it.

Clonezilla seemed to fit the bill. The two servers that needed to be cloned were both HPs. One was an HP Proliant ML350 G5, and the other was a Proliant DL 380 G4 with no optical drive, both using RAID 1. The RAID part wasn't that big of a concern since the image was going to on a single drive eventually, but the first step was to just get an image.

Originally we were looking for a solution that would allow us to image the servers during productions hours, but since no one had the software to do this, and some other obstacles arose, that idea was scrapped. Just for kicks, what I was planning to do if I was pushed to image the server during production hours was do a live image using DD to a USB drive, probably using Cygwin, or a port of DD for Windows. I would have then probably had to have walked the 3rd party tech how to restore from DD on a blank drive, so I'm kinda happy that didn't happen.

So with Clonezilla, I was going to have to image the servers using two techniques. One using the optical drive, the other using a USB drive. Optical was pretty easy. Just burn the latest STABLE ISO to a blank CD, and boot to it. There were two issues I had. The first being that the video was all garbled like a bad antenna signal when TV broadcasts were analog, I just hit Enter twice to see what would happen. I got to the point where it then asked about keyboard config, how I was going to image, etc. Then it started scanning hardware and loading device drivers. During this time it just stopped for about 2 minutes and kind of worried me (no flashing from optical drive, and I couldn't tell if it was hitting RAM or not, then it continued on). To my joy, it was able to see the data just fine.

Using Clonezilla
1. Choose your deployment method: ISO or USB
2. Go through the menus
3. Select the item that says Image
4. Select /dev for partimage
5. THEN plug in your USB device, wait a couple of seconds, and hit ENTER
6. Let it run and you'll have a clone to a image when all is done.

Using Clonezilla on USB
1. Go to here and follow directions: http://clonezilla.org/clonezilla-live/liveusb.php
2. Ensure your server can boot from USB, AND has it chosen to boot from before hitting the disks.
3. Follow steps 2-6 above.

http://clonezilla.org/

Using Truecrypt on Acer Aspire One

If you read one of my older posts, then you read that Truecrypt does not support encrypting the entire drive. I set out to see if it was possible just to encrypt the working home drive (I know it can be done, just didn't know how).

Well, a new version of Truecrypt just came out, version 6.1. And guess what? It still doesn't encrypt the whole system drive. Oh well...back to the drawing board.

To upgrade Truecrypt on the Acer Aspire one, follow Macles instructions for the older version, just use the new version of Truecrypt (i.e, replace the names with the newer version).

Great, so you got it going now what, right? Well time to follow these steps.

What you need:
1. A donwload of Truecrypt
2. An external drive or smb/cifs connection (to temporarily move your user directory).
3. Some time on your hands.

Great, now let's get to the good part.

Adjust user login
You want to login as root, this'll make it easier for you to move the user folder. To do this, you'll have to login as root. Here's a nce tip I found that'll allow you to be prompted with a login at boot:
http://snaprails.blogspot.com/2009/01/acer-aspire-one-linpus-password.html

Login as root
After you've made the above adjustements, you should login as root. This'll be self explanatory once you see the prompt.

Move the user folder
This made sense to me because I was already running low on space. Only about 1.7 GB free. My user folder was taking up about 1.4 GB, and I wanted to be able to utilize as much space as possible (keeping in mind to leave a little for the system should I want to modify anything that would take up space on the system.
1. Mount your external drive, or network drive
2. Transfer your user folder to the other drive. (So, copy then delete, or a straight move. I'm superstitious, so I do a copy and then a delete locally)
3. Clean up Trash so that you gain back the free space on your drive.
rm -rf /root/.local/share/Trash/files/*
rm -rf /root/.local/share/Trash/info/*
4. Fire up truecrypt
5. Click on Create Volume, and create a volume and place it where ever you want, as long as "user" has access to it. Choose whatever encryption method you want, and whatever password you want. When it asks for format choose ext2. I had originally chose none, and then was going to format using aufs, but only the /mnt/home directory needs it. The rest of the drive (including /home/user) is actually ext2. I had to then format it after using ext2. Go back to where you created the Truecrypt container (mine is along the lines of /home/encryptedcontainer.tc), and make sure that "user" has access to it:
-rw-rw---- 1 user user 3221225472 2009-06-02 15:05 encryptedcontainer.tc
You can accomplish this with:
chown -R user:user encryptedcontainer.tc
6. Ensure that it's created and that you can mount it.
7. Create a folder called "user" under /home NOTE: Any messages you get just click OK. Ensure that user has access to the folder: chown -R user:user /home/user
7. Once you've mounted your Truecrypt image, go ahead and transfer the data over to it. (Truecrypt will tell you where it's mounted to, usually /media/Truecrypt1)
8. Run the following to put "user" as owner on the contents:
chown -R user:user /media/Truecrypt1 .
NOTE: The "period" after the command. This will ensure that even the .name files will be adjusted (if you put *.* it may include "." and ".." which will effect the directory above it as well).
9. Ensure everything's been trasferred over, and that Truecrypt is good. Now dismount the file in Truecrypt.

Get Truecrypt to Startup and Mount at Boot
1. Now follow the instructions listed here:
http://ubuntuforums.org/archive/index.php/t-1014891.html
2. Save it, and reboot
3. You should now be prompted with 2 authentication windows
a. The first is to authenticate to the Truecrypt container. If you don't authenticate to it, the boot will loop, and you can't get into "user".
b. The second authentication screen is the gdm one which will allow you to actually login to your account.

Once you login, everything should be working fine. The only problem I've exprienced so far was with Jungledisk. I had to remove it, download it, and extract it again. I also had to remove the .junglediskinstance file. The encryption is seemless. You will not see jungledisk running in the taskbar, or top. If you run ps aux | grep jungledisk, you'll see it running where it mounted your container to /home/user.

The advantage of this setup is that:
1. The Acer Apsire One needs authentication now to get into it.
2. The "User" home folder is encrypted now.

The disadvantage of this setup is:
1. It takes a little longer to boot
2. If you forget your password, your SOL, and need to go back to your backup (still got that user folder you copied over?)
3. Someone can still login as root and see where your Truecrypt container is and attempt to brute force it. If the container uses the same password as your Linpus login, then a skilled user could crack your passwd file and use that to crack your password for Truecrypt.

jungledisk + Amazon S3 on Acer Aspire One

I was trying to get this working a while ago, and gave up. I managed to get far enough where I was able to get it to work only using root (sudo, or straight up root). Little did I know I was close to getting it working under "user" but gave up to soon. Eh, it happens...

At any rate, here's how to do it. This assumes that you already have an S3 account configured and downloaded Jungledisk.

1. After you've downloaded jungledisk, extract and untar it.
tar -xvzf jungledisk*
2. check the permissions on the contents. Pay attention to jungledisk and junglediskmonitor, and ensure that they look like below.
-rwxr-xr-x 1 user user 4394430 2009-04-28 11:17 jungledisk
-rwxr-xr-x 1 user user 9164367 2009-04-28 11:17 junglediskmonitor
3. Check /dev/fuse and make sure that the permissons on it are as follows:
crw-rw---- 1 root fuse 10, 229 2008-03-04 08:44 /dev/fuse
4. Next, add "user" to group "fuse" by issuing the following command:
sudo usermod -a -G fuse user
5. Ensure that you have the correct group memebership by issuing the following command, and making sure you see "fuse" in the list:
[user@localhost jungledisk]$ id user
uid=500(user) gid=500(user) groups=500(user),10(wheel),496(fuse)
6. Reboot, otherwise the changes to group membership will not take effect.
7. Go ahead and run junglediskmonitor, once you get back up and running and enter in the requested information.

This is a great addition to my Acer Aspire One using an 8GB SSD!

Truecrypt: Encrypt entre OS on Linux

Well, after much searching, and reading of tutorials, and running truecrypt --help, I could not find a way.

This pretty much solidifies the reason why (contrary to other posts on the 'net).

http://www.truecrypt.org/docs/?s=sys-encryption-supported-os

Notice *nix is not supported on the list.  

Just so we're clear, with the current verson of Truecrypt (6.1a), you CANNOT encrypt the boot/system partition on Linux or Mac OS X for that matter.

I hope this helps out someone else.

You have SSH, or FTP and want to save bandwidth?

If you have SSH or FTP open on your server (*nix), and are noticing bandwidth drops (probably in the evening if your State side), then check your logs (firewall, /var/log/messages, /var/log/secure, etc.).

In my case, I noticed a whole lot of brute force attempts. Nothing connecting successful, but lots of lots of connections. Sometimes thousands throughout the night.

Enough, I said. I then hit google to figure out what I could do about it. Denyhosts and Fail2Ban to the rescue! Denyhosts checks items in the secure log, and adds them to hosts.deny on the fly (it's scriptable, can be added to cron, and can be configured to send reports to you as well!). I use Denyhosts for SSH connections, I couldn't get it to work for FTP, though.

Here comes Fail2Ban. After some more searching, I found Fail2Ban. You can have Fail2Ban run a a wrapper to check whatever log you want, and look for certain items to then start the ban from. It works alot like Denyhosts - it will then add the "banned" IP addresses to hosts.deny. It can be added to cron as well, and can also send reports to an admin.

http://denyhosts.sourceforge.net/
http://www.fail2ban.org/wiki/index.php/Main_Page

My reports on attacks are a LOT shorter now (after an 'x' amount of failed attempts, they are permabanned), and my bandwidth in the evening is more normal now.