It looks like our electronic devices can be searched by customs when entering the US. This somewhat violates the 4th amendment, however there is a border exception to the 4th amendment and unless I am wrong you are not officially in the US until you pass customs/border so the amendment would not apply.

A lot of company policies state that you should not be holding confidential information on laptops in the first place, but email, and browser cache can contain that information. To help prevent the information from intranets from being cached you can install JohnnyCache. JohnnyCache lets you enter in a url pattern and will prevent disk and memory based cache from being accessible when viewing a site matching that pattern. I highly recommend you install this extension regardless of your traveling habits.

I am going to be writing additional posts about handling these searches. These posts are going to be directed at protecting corporate information and personal information.

For a long time I have been planning to build a massive NAS to store all my projects and photographs and my Linux distro collection. When I bought a lot of network equipment a while back a 5U case was included that I decided to use instead of ordering something. The case has 12 standard 5.25 bays and 1 slim 5.25 bay. It fix extended ATX motherboard and is quite long, so it gives me plenty of space. To make efficient use of the space I am putting in hotswap drive bays that will fit 5 hard drives in 3 bays, giving me a total capacity of 15 drives. I have also found a RAID card that supports RAID6, online expansion and all the goodies, and runs about $435. This is more than I wanted to spend, but RAID6 and an oncard processor is worth it. The machine will run FreeNAS and will allow me to have only 1 hard drive in all of my other machines. As of right now I have ordered and installed the following:

• AMD Athlon 64 X2 4000+, Socket AM2
• G.SKILL 2GB (2 x 1GB) 240-Pin DDR2 800
• ASUS M2N-SLI Deluxe AM2 NVIDIA nForce 570 Motherboard
• MSI GeForce 7300LE 128MB 64-bit GDDR2 PCIe Video Card

I just ordered a IDE->CF card adapter and one of the drive bays to make sure it is what I want. If I like the drive bay, the remaining parts I need are the RAID card, and 8 Western Digital 750GB hard drives. In RAID6, I will have 4.09TB of total space, if I went with RAID5 I would have 4.77TB. While RAID5 is good, I would feel better if I knew I could lose 2 drives and still have all my data safe. I mean this is going to be backups of my systems, and all the files that are most important to me. I may need to upgrade the power supply along the line, but for the time being I should be fine as it has a 420w PSU. I will post pictures when I get my new camera.

Last year I brought up the double bang trick. There is another with the bang and asterisk keys. This combinations takes just the parameters from the previous command.

Enjoy!

Tonight I decided I should do some locking down of ssh and I wanted to share with you the final result of what I did. The first thing we need to do is create the public key. For this post we will use localmach for the local machine and remotemach for the remote machine.

Before beginning the following should be set on the remotemach in /etc/ssh/sshd_config

On the local machine type the following

This will create a 2048bit RSA key. It will ask you where you would like to put these keys, in Linux the default is ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

We now need to copy this key to the remote server, remotemach.

What this does is log into the remote machine and add the key to /home/user/.ssh/authorized_keys. I am going to skip the password part for now so we don’t lock ourselves out. The next thing you want to do is run the following commands on the localmach.

If you changed the name of the file from id_rsa you will need to specify which identity you want to add for ssh-add. With ssh-agent running and the identity added you should now be able to login without a password.

If you were able to login without the use of a password, you can proceed to editing the /etc/ssh/sshd_config. If you were not able to login without a password repeat the procedure and see if you are able to fix it. I did have trouble once or twice and repeating it fixed whatever was wrong.

Open /etc/ssh/sshd_config and find the PasswordAuthentication configuration directive and make sure it is set to no and uncommented.

Another recommendation is to make sure root cannot SSH into the server directly.

You can now run the following command to commit the changes to the current sshd process

What does all this do?

1. Disables direct login from the root user, which has always been a recommendation. If you are not aware of this you should be reading up on the use of sudo

2. Removes the ability to login to the server with a password, you can only login to the server using a public key.

3. Limit the machine that you can login from. The remotemach must have the key for the localmach in the authorized_keys file before authentication can be performed.

4. Greatly reduce the ability to bruteforce ssh.

In the coming days I am going to check to see if you can copy a key to any machine and have it work, if that is the case it might be better to turn the password authentication back on for situations that command high security.

If you chose to enter a password when creating your key and you did not setup ssh-agent and ssh-add you will be prompted for a password to decrypt the key. Do not confuse that with a standard password based login, which you are probably used to.

I mentioned a few problems with Ubuntu, well I was able to figure out the problem…. sorta. I was booting to Ubuntu via lilo which was on BackTrack, I guess grub sets it up as a scsi device because when I reinstalled Ubuntu and booted with grub my problems went away and hdparm gave a much different output. I am moving files over right now to another machine so that I can wipe the laptop, start over with a 100% linux laptop. I will be running either VMWare player on it or VirtualBox for both Windows and BackTrack. I do however wonder how my RAM is going to react to that.

I have another update I am going to post next week that will hopefully be great news but for now it is a big secret ;-D

In Linux, users are very aware of partitioning their drives so that a specific directory on the file system has an entire partition dedicated to it. The first directory most people take care of is /home, because this directory will most likely contain the most data, and it will also be the directory that is most important when you have to reformat.

In Windows users have never gotten into this practice, which I find absolutely hilarious because Windows should either be formatted every so often to keep it fresh or user’s have to reformat due to a virus, trojan, etc. It only makes sense that the information you need to keep be kept on partitions that give you the ability to restore quickly.

Why do I feel I am qualified to explain a “proper” way to handle this in Windows? Well a few years back I had one of the first Pentium 4 chips and boards on the market and because I had been having so many problems with Microsoft updates I stopped installing them, well I then ended up having to reinstall Windows about every 2 weeks. So I can say that I have installed Windows between 200 and 300 times over the past 5 years on various machines for various reasons. The methods I will explain below have been the best setup I have ever used. There is only one flaw, which I will explain at the end and at the end because it is minor and I would hate to turn you away from a good process for something minor.

On my primary machine the primary hard drive is a 150gb raptor, my C partition is 50gb, D is 5gb, E is 5gb and F is roughly 80gb. The C partition is obvious, this holds my operating system and applications that I install. My D partition holds settings

Partition D:\
  \.purple
  \Catalogs
  \Firefox
  \FlashFXP
  \Icons
  \Keyring
  \Komodo
  \Logs
  \Quickbooks
  \Quicken
  \RDC
  \RSSOwl
  \Scripts
  \SecureCRT
  \Shortcuts
  \Templates
  \Thunderbird
  \TODO

As you can see, on this partition I hold all of my Firefox profiles and Thunderbird profiles, “New File” templates, file type icons, FlashFXP settings, and so on. With the drive setup this way all of my settings can be easily restored. For example, with FlashFXP it asks you for the directory you will be storing your configuration information when you install, if information already exists it will use it. So since everything is setup right after installing the program it is like I never reformatted. The same goes for Thunderbird and Firefox, these locations are specified in an INI file in your “Documents and Settings” directory under your username. If you install Firefox or Thunderbird and overwrite the INI files with a saved copy of your INI file, when you start Firefox it too will respond like you never formatted.

Some programs like Komodo IDE/Edit and Pidgin use an environmental variable, Pidgin’s is PURPLEHOME and Komodo is KOMODO_USERDATADIR. Since I wanted the .purple directory in D I set PURPLEHOME to D:\ and when it opens next time it will read the information in D:\.purple if information relevant to Pidgin exists. Komodo works the same way except that it’s structure is a bit different. The directory you setup for Komodo will have the version number subdirectory created. For example, I have it set to D:\Komodo\Edit and it stores the settings for 4.1 in D:\Komodo\Edit\4.1 and 4.2’s settings are in D:\Komodo\Edit\4.2. This is particularly nice if you upgrade to Komodo IDE, while I’m sure the old settings can be used by the new version, I would like to have the original to compare to make sure it was right.

Now some application like the RSSOwl folder depend on the E drive. My E drive stores standalone applications, which right now includes 81 applications. What I mean by standalone applications is an application that requires no installation, a zipped binary basically. I try to use zipped binaries as often as possible for the ease of getting my system back to normal. One example is my AMP (Apache, MySQL, PHP) development environment. All configuration files for these three applications point to locations on the D, E and F partitions and are configured the way that I want them to be. Take Apache for instance, at the end of the httpd.conf I have it including all files in F:/Workspace/environment/conf which houses the website configuration files and those configuration files point to files within F:/Workspace.

There are also applications like Aptana, RadRails, RSSOwl that are using the Eclipse framework and allow you to choose the workspace for that application. The configuration for these applications is also sometimes stored in “Document and Settings”, but these values can also be changed in configuration files within the application’s directory.

It used to take me hours and hours to reformat a machine and return everything to the way it was with the information I provided above and the next few paragraphs you should be able to restore a Windows XP machine within a 3 hours depending on your skill with navigating XP and how far you customize things.

I recommend that on the drive you store the majority of your data, in my case F, you create a folder that will store a copy of every application, driver, and registry file you plan to install. This will basically be double the amount of space since you are making a copy of the applications, but it is worth it in the end. Make an ISO of every CD you will need including drivers, applications, and games, but keep in mind a number of games have copy protection so this can be a task if you are unfamiliar with bypassing this protection. Name each application very clearly, (example: Application v1.3.0.3) so that in the future you know exactly what version and application you have installed.

I also recommend you use Unattended installs and rename certain directories to eliminate spaces in file names. For example:

Partition C:\
  \Documents
  \Programs
  \Users
  \WINDOWS

The Documents directory is the location of “My Documents”, this allows for very quick access with no spaces in the name. The same for Programs, there are a number of applications that can become a pain to use if you have spaces in your directory name. The Users directory is “Documents and Settings”, which is also a very long directory name.

One more important thing to do is to create a “mirror” of your drive structure to backup important files. I tend to back them up by hand so I know what is being copied, when, and where. Here is an example:

Directory of F:\Computer\Unattended\Structure
  \C
    \Documents
      \NFS Most Wanted
        \NAME
          \NAME
    \Programs
    \Users
      \USER
        \Application Data
          \Mozilla
            \Firefox
              \profiles.ini
    \WINDOWS

As you can see above this mimics my directory structure, but holds only some files. You might wonder why this is helpful, and the reason is that I can go into the C directory copy all of the folders to the root of the C drive and all my settings will be where I need them. Here is an example of what I mean. I have create the 4 partitions, reformated my machine and followed the methods I described above. I have also installed Firefox and NFS Most Wanted and that is all I have done. I can now start up Firefox or NFS Most Wanted and they will operate exactly as they did before the reformat. All of my form entires in Firefox have stayed in tact, my web history is available, really it is like you just rebooted your machine.

I have 81 applications in my E drive and another 110 in my folder holding the applications I need to install every time. Most of these applications do not require a reboot so I can install the majority of them in one boot. Setting up applications that do not operate as cleanly as FlashFXP or SecureCRT in specifying a data store can be time consuming. There are applications such as Genie Backup that can help backup settings, but I have always preferred to do it myself so that I knew exactly what was being done, but that is up to you.

A bit of warning, there are a number of actions you can take in the process of setting all of that up that can be disasterous so I HIGHLY RECOMMEND you do a full backup of all your data. Also, if you must use the registry to find application settings be very careful as you can mess things up very quickly. I run an automated backup of all 4 primary partitions on the 1st and 16th of every month

When it comes to the registry, I recommend you put application settings or tweaks in seperate registry files. It does take some extra time having to execute all of the registry files, but more often than not you may install one registry entry and the next time not want it installed. You can of course uninstall the setting, but unless you make sure your uninstall entry has the exact entry that was in the registry previous to the entry being added you could mess things up.

As I said in the beginning, there is a problem with this process, but it will not effect everyone. If you use more than one hard drive make sure all of the partitions on your primary drive are primary partitions. The reason is that Windows installs drives with primary paritions listed first. So if you have 3 partitions, 2 of which are extended partitions and you have one more hard drive your C drive will be the first parition on the primary drive, the D partition will be the 2nd hard drive and then E and F will be the 2nd and 3rd paritions on the first drive. This can cause an undesired setup. If you have 5 partitions on a hard drive the same thing can happen since the 4th and 5th will be extended partitions. So I recommend no more than 4 partitions per drive and make sure they are all primary, but this only matters if you have multiple drives.

I have 4 hard drives in my primary machine and I actually unplug 3 to make sure that all drivers are installed and applications are in tact before I have them available to me.

I apologize to anyone that has not understood the process described above, it can get complicated and was in some ways hard to explain because a lot is done during my installs. I believe the last one I did took 2 hours including installing Windows XP. I use unattended installs with no applications, drivers, or registry entries on the CD. If you can and would like to a lot of applications can be bundled on the CD to make the installation faster, but honestly 2 hours isn’t much, and I am able to see if an error occurs in a file being copied or something becomes corrupt.

If you need help or have any questions you can comment or email me

Yeah, I lied.

I have had to do some work on a shopping cart that was originally written in ASP and it has reminded me why I enjoy not writing ASP. Last time I wrote ASP was in early 2003, but at least my code was well organized. I had includes in a central location, I was using VB ActiveX components to handle some of the site features and I was well to put it bluntly not so full of myself that I didn’t do research on improving my code.

The programmer who wrote this, I know of through a friend, and while I have not talked to him more than a few times I know through my friend that people have been very unhappy with his code. The last company I know of that experienced this he had some deal with, and cashed out of the deal because even he admitted the application bogged down the servers horribly. The server it was running on has 6gb of RAM and isn’t some old junker. It is also running Windows 2003 x64, and SQL Server 2005, which should help performance. The company that paid him to originally write the code has since hired another company to rewrite it so that the client is getting what they pay for when they resell the product.

Anyway, this cart was originally another ASP shopping cart and was stripped of a lot of the identifying details, which he then made into what was supposed to be some sort of “template” setup. I can really say though that it has been one of the more aggravating edits I have had to do, things are just all over the place in the code. Normally a template system allows you to make some visual changes without having to do a huge amount of editing. Take Wordpress for example, you know what pages to edit and what tags to add and you put them where you want the information to be displayed. Shopping carts are of course more complicated, but osCommerce uses templates and from what I’ve seen it is much easier. Templates are also used so the designers can stay out of the logic as much as possible since that is not what they do, with this setup there is logic all over the place. A number of files only have a line or two in them and the only one that means anything is the include line referencing a file with the exact same name in another directory.

I am really not big on putting down other programmers because I know for a fact there is code I have written that has not been worthy of any praise, but I also don’t regard myself as a top notch programmer like he does. When someone speaks about them self like they are top dog, they are just asking for it. There is also a difference between selling yourself and going overboard. It is just part of sales to make yourself sound like you are the only one for the job and if they decide not to go with you then it is their loss, in some cases you are and in some cases you aren’t. When I received the job for the FTA I was told from the start that it was in Joomla and I immediately looked at the code. Knowing I couldn’t fake knowing Joomla I said flat out that I had never worked with Joomla, but I have experience writing readable and well thought out code. Now the designer who did the template told them that he had worked with Joomla and la di da, but when I received his template he had hard coded things in that should have been dynamic, which of course would keep the end client from being able to edit them.

This post is getting a little bitchy now, but it is surprising just how many people go around making themselves into something they aren’t and making a lot of money doing it. This of course is nothing new as I am sure a lot of you have seen the posts discussing the tests that companies are giving during interviews and finding out that the programmers cannot solve basic problems. If you haven’t read the article do a Google search for FizzBuzz.

So I have been noticing horrible transfer speed problems on my laptop. I ran hdparm in BackTrack and got 34mb/sec in Ubuntu 2.53mb/sec. I am unable to set dma on the drive which is the real performance killer in this case. I have thus far found not solution other than compiling my own kernel, which I’m kinda annoyed about. If I wanted to be compiling kernels to get the latest features I would be using a distro that I would expect to have to do so. If I cannot find a solution I may have to move away from Ubuntu.

I install Kubuntu on my laptop today so now I am penta-booting BackTrack, Slackware, Ubuntu, Kubuntu, and Windows XP. I would really like to get a few more on there, but this laptop only has a 60gb hard drive and I am not in the mood to deal with the possible horror resizing partitions can cause if an error occurs. I might clean off the laptop next month and put on Solaris, and try to get Fedora working again.

As a follow up to my Ubuntu post, I spent a good number of hours playing with Ubuntu in Gnome and I have enjoyed Gnome more than I used to. I feel a big part of that is the new “shiny” features Ubuntu added. I did have a lot of trouble installing Rails though, took me about 8 times before the error telling me rails did not exist went away and when I installed mongrel fastthread blew up so I had to install the deb package to avoid a headache. I cannot say that the problem occurred because I was using Ubuntu, but since I did not compile my Ruby install I cannot say if something done during that install contributed to my problems.

Another interesting problem I had was that when I updated about 200mb in packages today my machine suddenly started taking a crap on me. I do not get the shiny boot screen for Ubuntu and I am not entirely sure why, but I also don’t even get text on my screen. This means if something goes wrong I cannot know what caused it. Basically it went like this, the machine was booting (known by looking at the HD light) and then stopped, I hit CTRL-ALT-DEL and then it took a few seconds and booted into X. Once I have logged in I am missing my nice shortcuts to other partitions and I even had trouble mounting them. After one attempt mounting them I said screw it and reinstalled Ubuntu.

With all of that said I am at somewhat of a fork in the road. I would really like to install 7 or 8 distros on this laptop so that I can try some of the things I learn at conferences, but at the same time, I would really like to use just one operating system on the machine. I love my Slackware, and I would like to keep Backtrack on incase I ever need it, but I feel as my main laptop distro I will be using Ubuntu for the simple fact that it works right out of the box for me, if I ever need to reinstall on the road I can and know that I don’t have to download anything to get wireless working or hassle with anything to get standby working.

I can buy a 1gb memory stick for this laptop for $129 from the Dell website, which isn’t horrible, but at the same time it is $129 for 1gb of RAM. If I install another stick, I have to remove one 256 stick giving me roughly 1.2gb of RAM. That memory could then be used for VMWare server, which would allow me to run as many distros as I wanted. The one downside is that I have received information from very good sources BackTrack should always be run from a LiveCD or direct boot, and should not be used from a VM.

I’ll end this post now that I feel I am jumping into too many things, but before I do I have decided to backup the things that I need to backup and I setup my laptop right. I will be removing Kubuntu and Slackware, installing Ubuntu on the Slackware partition, deleting the old Ubuntu and Kubuntu partitions and joining them to make one ext3 shared partition. I have to have Windows XP and I have to have BackTrack to complete my labs and my exam for OSCP.

Funny I went from Penta-booting to Triple-Booting in one day and for no good reason.

So I tried the new Ubuntu 7.10 today and for a long time I have hated Ubuntu for 3 reasons….1. I think that it prevents people from learning essential linux skills, they do not have to know how to add a user to sudoers or configure hardware via config files. 2. it uses Gnome, now I think Gnome is ok, but I feel very locked in a box compared to KDE. 3. You have to download almost all the apps you want to install, and being on dialup as many of you know, makes it very very hard to do. So really I do not hate Ubuntu in the sense that it is a bad distro, I think it is a good distro, but for me to make a system that I can enjoy to the fullest it would take forever with my current connection.

Kubuntu fixes the Gnome problem, and well #1, I don’t really think I can piss on a distro for helping people use something that can get difficult. In slackware I have had problems with suspending not working as it does in Windows, but I have not bothered to work on that problem. In Ubuntu it works out of the box, as does all my hardware… with the exception of my modem. The first linux distro I ever used was Slackware, I love the name and I like how it works. A user has to really learn to use the system because it makes you learn. I once heard someone say “If you want to learn linux, use Slackware” and I feel it is a very true statement. You can of course learn Linux on any distro because it is linux, but GUIs and web interfaces don’t teach you the skills that in many cases are needed. If you have packages you are less likely to compile software. I cannot remember the exact details of the situation, but I remember sometime last year I had a horrible problem with a system, and I ended up having to mount multiple partitions and do a lot of tricky stuff in config files to fix the problem. Had I been a sole Ubuntu user, I might not have had those skills when I needed them.

Every distro has its place, and many are not for every user. I have been told, “slackware isn’t linux” or “slackware doesn’t have packages”, “slackware gives you nothing to get started with” and all of those comments came from people who havn’t really used Slackware. If you do a full install of Slackware you get a ton of packages. Linux Packages has a few thousand packages and they are all for Slackware. Sure, it isn’t the 23,000 available for Ubuntu and they don’t do dependancy checking, but dependancy checking it’s always a good thing. I have rarely ever installed a package on Slackware, I usually compile the software and very very rarely do I ever have any problems with a compile. As far as it not being linux, Slackware is the oldest existing linux distro and I seriously doubt that will be changing and it has stayed that way for a reason.

I plan to use Ubuntu, and I am going to install the new Kubuntu to see if I like KDE on Ubuntu or not. Gnome has improved since the last time I used it for more than 5 minutes, so I can probably deal with Gnome. Right now my laptop is quad booting Slackware, BackTrack, Windows XP, and Ubuntu. I have one free partition left that I will put Kubuntu on probably. So far the only OS I havn’t been able to multi-boot off the BackTrack LILO config is Fedora 7, which is a shame. What is also a shame is that my hard drive on the laptop isn’t larger, I would love to have 10 distros to boot to, just for fun….

I suggest you read this very well written article that was recently released about Slackware and Ubuntu, more slack though.