Jared Evans Global Microbrand

Have you tried to find captioned movies near your home?  If so, you’ve probably visited a fantastic website called Captionfish (http://captionfish.com) which is the brainchild of a pair of deaf developer and designer: Chris Sano (software engineer at Microsoft) and Brendan Gramer (user experience designer at Amazon).

It has always been a hassle for deaf people when trying to search for suitable movies locally that are currently showing with captions. With the release of this app,  Chris and Brendan have gone above and beyond to produce an amazing app. Now finding captioned movies near your home, especially while you are on the go, is no longer painful and is actually a fun experience!

Not only can you use the app to find the locations and times of the captioned movies, the app also thoughtfully provides captioned movie trailers as well!

Adam Stone over at Deaf Echo has some additional background information from the developers.

Below are a few screen snapshots of their world-class, visually-arresting, and free iPhone app.  In iTunes store, search for “Captionfish” to download it to your iPhone.

• (The main screen)

• (List of local movie theaters showing captioned movies:
  RW=Rear Window, OC-DA=Open Captioned)

• (Nice bonus: movie trailers that are captioned too!)

• (Summary of a movie trailer. Note the “play” icon on the mini movie poster)

• (Sample movie trailer playing with the captions visible)

This fall, I’ll be teaching network security class for the IT program at Gallaudet University:

Here’s an overview of the topics in order. At this time, I’m open to further suggestions and feedback.

Goals and attitude of the network security professional: “Prevention eventually fails.”

Federal Laws covering computer hacking, fraud, abuse, intrusions and unauthorized access.

Organizational/Human Factors: setting network security policy, human judgement/decision-making about possible attacks, and the insiders threat

Profiles of different types of network attackers: from script-kiddies to hacktivists (people hacking for social, political or religious causes) to state-sponsored professional teams.

Emerging trend: (APT) Advanced Persistent Threats (sophisticated adversary engaged in information warfare in support of long-term strategic goals.)

Stages of successful attack/exploitation

Cover different attack vectors, mobile smartphones (iPhone/Android), Honeypots as early warning systems, social engineering threat.

(sprinkled throughout the course) Real world scenarios and personal war stories.

Review Linux system admin skills

Explaining/demo of stack/buffer overflows (NOP slide, shellcode, polymorphic shellcode)

Refresh networking knowledge

TCP/IP headers and handshake, ICMP types

Using wireshark for packet analysis

nmap and different types of port scanning to identify open/closed ports.

Review the structure of a DNS Record, A, CNAME, MX, NS, SOA – then show a breakout of a SOA Record (Serial number Refresh Retry Expire TTL). Showing them the tools such as nslookup, dig, samspade, host etc.

arp-poisoning, DNS poisoning (malware for local /etc/hosts or break into DNS master and force trx of bad DNS entries to DNS slave servers) and other L2/L3 attacks.

Using dsniff suite with a VMWare switch in “hub” mode.

Other information gathering methods (DNS zone xfers / Google reconnaissance)

Cryptography (symmetric / asymmetric encryption)

WiFi – encryption methods and attack methods

Installing LAMP

OS hardening

Sandboxing (jails)

Firewall with iptables

XSS and SQL injection attacks, obfuscation, the hex encoding of characters to obfuscate attack code / redirected URLs.

IDS using Snort in-line with iptables

Secure network architecture/design (External/DMZ/Wireless/VPN/VLANs/etc)

Using Metasploit framework for penetration testing.

Cloud computing infrastructure- risk not any less, just shifted. (Blue pill attacks to break out of guest virtual machine to the host.)

*update 8/2/10* Installing My3G on a jailbroken iPhone4 now enables the use of FaceTime over the 3G network instead of WiFi.  The information in this post is now applicable.

————–

Kokonut Pundit’s post brings up valid concerns regarding using video relay service (VRS) over iPhone 4’s new video calling app called FaceTime.  When you have a cellphone that is capable of making video calls such as iPhone 4 or the Sprint EVO, the service comes with a monthly bandwidth cap, beyond which the phone company will pile on extra usage charges. When you exceed your monthly bandwidth cap, the costs can skyrocket and you’ll be looking at a large phone bill at the end of the month.

However, at this time, iPhone 4 allows video calls to take place only when you are inside an area that has wifi access (typically, your home or workplace wireless network).  Any traffic that goes over wifi network doesn’t count against your monthly bandwidth cap.  Only when you are out and on the 3G wireless connection will the traffic be counted against your monthly bandwidth limit. For now, for iPhone 4 users there’s no need to worry about your FaceTime video calls having an impact on your AT&T monthly bill.

It’s rumored that iPhone 4 will eventually be able to do video calls from wherever you are, even if you aren’t in a wifi zone.  Other advanced smartphones such as Sprint EVO can already handle video calls anywhere over the 4G network. This begs the question: How many video calls can you make before you hit the monthly bandwidth limit and before you get charged additional fees?

For example, AT&T offers two possible data usage plan for the iPhone 4:

$15 for 200 MB/month
$25 for 2 GB/month

Typically for a call with good quality video, the call requires a bandwidth of 384 Kbps.  How does this translate into video call minutes?

At 384 Kbps rate, the video calls will consume 2.75 MB per minute.

On the 200MB/month plan, the plan would allow 72 minutes worth of video calls per month.  With the 2GB/month plan, it allows almost 12.5 hours of video calls per month.

Also note that these calculations doesn’t take into consideration all the other activities you may like to do on the smartphone, such as email, SMS, instant messaging, web browsing, watching or uploading photos/videos, etc which would also count against your monthly bandwidth limit (when not on a wifi network).  Also, video calls may not be running at 384 Kbps, but depending upon the video calling app itself, the rate could go lower to the minimal acceptable video quality at 256 Kbps. At this lower rate, there would be an increase in available time for video calling.

Everyone uses their phone in different ways so the above numbers for video call minutes can be taken into consideration when determining which monthly plan fits you the best. Of course, for the iPhone 4 users, all this is moot until FaceTime app is capable of making video calls outside wifi zones and on 3G/4G wireless networks.

First of all, I’ve had great experience on several previous laptops loading the Ubuntu desktop with NVIDIA video drivers.  These drivers make the desktop experience on Linux much more pleasant to the eyes.  Ubuntu, particularly, makes it brain-dead simple to install the drivers without a hitch and upon a reboot, there’s the GNOME X environment with hardware 3D acceleration and in its full Compiz glory.

Recently, I became an owner of a Sony VAIO laptop and the changes in the latest NVIDIA Linux video drivers have been a near nightmare on the laptop. There is one significant problem that’s full of irony: simply detecting the LCD screen!  The NVIDIA drivers are unable to detect the LCD screen attached to the laptop and boots up to a blank screen with a warning saying that “No display device was found.”  However, if you connect an external monitor to the standard VGA port on the side of the laptop, you are able to get the 3D accelerated environment. Obviously, there’s no problems with the 310M video card, it’s just that the LCD screen isn’t being detected in the first place!

Using my Google ninja skills, I was able to piece together the necessary fixes which I list below:

The short story:

The Linux OS makes available inside /proc the Extended Display Identification Data (EDID) which describes the capabilities of the monitor to a video card. For whatever reasons, the NVIDIA Linux video drivers do not process the EDID automatically during the detection of Sony Vaio LCD screens.  This results in a blank screen with a warning “no display device found”, unless you happen to have an external monitor attached to the VGA port, in which case, the detection works fine.

In order to work around this, you need to explicitly tell NVIDIA driver the EDID data of the LCD screen and make the connection to the display.

So how to get the EDID data?

One way is to use EDID Viewer Windows binary: http://www.softpedia.com/get/System/System-Info/EDID-Viewer.shtml

Dump the data to lcd_edid.bin file and transfer it to your Ubuntu machine.

[There's also the read-edid package for Linux that will allow you to run parse-edid on  /proc/acpi/video/NGFX/LCD/EDID but I didn't try this.]

Modify the xorg.conf and include the path to the EDID binary file.

/etc/X11/xorg.conf
# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 1.0 (buildd@yellow) Fri Apr 9 11:51:21 UTC 2010


Section "ServerLayout"
    Identifier "Layout0"
    Screen 0 "Screen0" 0 0
    InputDevice "Keyboard0" "CoreKeyboard"
    InputDevice "Mouse0" "CorePointer"
    Option "Xinerama" "0"
EndSection



Section "Files"
EndSection



Section "InputDevice"
    # generated from default
    Identifier "Mouse0"
    Driver "mouse"
    Option "Protocol" "auto"
    Option "Device" "/dev/psaux"
    Option "Emulate3Buttons" "no"
    Option "ZAxisMapping" "4 5"
EndSection

Section "Screen"
    Identifier "Screen0"
    Device "Device0"
    Monitor "Monitor0"
    DefaultDepth 24
    Option "TwinView" "0"
    Option "TwinViewXineramaInfoOrder" "DFP-0"
    Option "metamodes" "DFP-0: nvidia-auto-select +0+0"
    SubSection "Display"
        Depth 24
    EndSubSection
EndSection

Of course, you probably would also like to use the VGA port and connect the external monitor for extra desktop real estate.  Here’s the revised xorg.conf:


# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings: version 1.0 (buildd@yellow) Fri Apr 9 11:51:21 UTC 2010



Section "ServerLayout"
    Identifier "Layout0"
    Screen 0 "Screen0" 0 0
    InputDevice "Keyboard0" "CoreKeyboard"
    InputDevice "Mouse0" "CorePointer"
    Option "Xinerama" "0"
EndSection

Section "Device"
    Identifier "Device0"
    Driver "nvidia"
    VendorName "NVIDIA Corporation"
    BoardName "GeForce 310M"
    Option "ConnectedMonitor" "DFP-0,, CRT"
    Option "CustomEDID" "DFP-0:/etc/X11/lcd_edid.bin"
EndSection



Section "Screen"
    Identifier "Screen0"
    Device "Device0"
    Monitor "Monitor0"
    DefaultDepth 24
    Option "TwinView" "1"
    Option "TwinViewXineramaInfoOrder" "DFP-0"
    Option "metamodes" "CRT: 1680x1050_60 +1600+0, DFP: nvidia-auto-select +0+0"
    SubSection "Display"
        Depth 24
    EndSubSection
EndSection


Man, after all this work, I can say I feel sorry for Linux newbies who have to grit their teeth on Sony VAIO laptops. I’m hopeful that NVIDIA will take note and spruce things up on their end to make all this painlessly automatic.

I find that it’s extremely useful to have a folder containing ebooks in the form of PDFs and CHMs (compiled HTML).  Often, when I can’t remember the exact command, coding, or configuration parameter, these ebooks are an excellent source to hit upon before heading out to Google to filter out websites with the correct answers.

The ebooks are stored across different directories according to their primary subject matter: Linux/FreeBSD, Security, Programming, Networking, Database, VOIP, etc.

While it’s all and good to have electronic reference books handy and ready at a moment’s notice, I wanted to take it one step further and make these ebooks searchable.

Enter Google Desktop which can be set to index files inside specific folders.  However, after installing and configuring Google Desktop, I noticed that the application doesn’t have deep indexing capability for PDFs and CHMs.  The desktop application cannot search the text inside these files and return the successful hits in the Desktop search results.

As a workaround, PDFs and CHMs can be exported or converted to regular text files.  After the corresponding text files are dumped into the same directory as the PDFs and CHMs,  Google Desktop has no problems indexing all the words inside the text files. This enhances the ability to perform keyword searching to find any ebooks containing the search string.

Fortunately, the current incarnation of Adobe PDF Reader allows you to export a PDF to text file, so that takes care of the PDF files.

CHM (compiled HTML) is a different story and isn’t as easily converted to a text file. CHM is basically a file composing of many HTML files that have been bundled together.  Fortunately, it’s possible to convert CHM into a single text file.  Archmage can be used to decompile CHM and break it up back to the original mess of HTML files. After the CHM decompiling,  lynx is run in a batch job to open each of these HTML files one by one and append the text output into a single text file.

Here’s the process and shell script to do the CHM to text conversion:

archmage ebook.chm
(a HTML directory is automatically created with all the HTML files)

cd  to the html directory

ls | sort -n > filelist
(this generates a file with sorted list of all the files in the directory. Most of the time, the files are numerically ordered so the sort -n helps to rapidly reorder them)

Edit filelist to get the right order from beginning to end:  It’s a good idea to have the TOC (Table Of Content), preface, main files at the top and followed by the correct order of chapters/sections. Remove any filenames (such as the alphabetized index) that shouldn’t be processed into the final converted text file.  Finally join all the filenames into a single line, separated by a space character (hint: vi editor makes this very easy via the command ‘J’).

Copy and paste the single line into the script below and run it.

#!/bin/sh

# archmage can be used to decompile chm into html files
# First generate the list of files and order them to be processed correctly.
# ls | sort -n > filelist.txt
# edit filelist.txt , remove unnecessary files , rearrange order of files then join them all into one line.
# then paste & replace the line of files below

for i in main.html toc.html part01.html part02.html
do
lynx -dump $i >> final1.txt
done

#Do some post-processing to further clean up the file.

# Remove all “jared” , “Previous Page” , “Next Page” , “References” , ”Visible links” , “Hidden links”
grep -v -e “\(jared\)\|\(Next Page\)\|\(Previous Page\)\|\(^References$\)\|\(Visible links\)\|\(Hidden links\)” final1.txt > final2.txt

# Replace all [digits] with a space character
sed “s/\[[0-9]*\]/ /g” final2.txt > final3.txt

final3.txt will be the final sanitized text file which can be dumped into the same directory of the original CHM file and indexed by Google Desktop.  It’s also a good idea to double-check the post-processing of the text file to customize the clean-up process to get cleaner results (will be different for each CHM file).

[Click to enlarge: FreeBSD 8 running KDE 4.3.5. Linux htop, sudo wireshark, youTube Flash video]

Steps to install a VMware virtual machine running FreeBSD 8 running KDE 4 and Firefox with Flash 10 support.  I don’t really go into the reasons behind the steps so it’ll be helpful if you already have prior experience with installing and setting up FreeBSD systems.

VIRTUAL MACHINE CREATION
Select other OS: freebsd
Make a 50GB file. 50 GB should provide enough space to compile ports.
>2GB RAM reserved for VM
Set the VM cdrom to load the FreeBSD 8 installation ISO file.

START INSTALLING OS AND REST OF SYSTEM
Start CDROM installation
Initialize filesystem with following suggested settings
Use whole slice for FreeBSD then create following paritions:

[Good BSD partition scheme for a virtual machine]
/    2G
swap 2GB
/var 10G
/tmp 2G
/usr >30G  (compiling KDE4 port will consume a peak of 17GB hard drive space)

Install the standard boot manager (directly to FreeBSD)

Install custom from CDROM, select base, src, etc (but not ports since will be installed later).
Avoid installing any packages at this point, will be using the awesome ports system instead.
Set up the system config stuff like timezone, network config, mouse, etc

After reboot:

Adding the user to wheel group (so can su)
pw group mod wheel -m jared

Edit /etc/hosts to include hostname
127.0.0.1               yourhost yourhost.jared.com

SETTING UP THE FREEBSD KERNEL
Copy the working default kernel in a safe place so can load it if end up with a bad kernel after a kernel compile.
cp -R /boot/kernel /boot/kernel.good

cvsup no longer necessary- use csup, included in base system now.
mkdir -p /usr/local/etc/cvsup
cp /usr/share/examples/cvsup/standard-supfile  /usr/local/etc/cvsup
Edit /usr/local/etc/cvsup/standard-supfile  (I usually use cvsup2.us.freebsd.org)

GET LATEST KERNEL VERSION AND UPDATING FREEBSD KERNEL
cd /usr/src
csup /usr/local/etc/cvsup/standard-supfile (while this is running, can do the portsnap fetch/extract step below to save some time)
make update   (to update kernel files)

mkdir /root/kernels
cd /usr/src/sys/i386/conf
cp GENERIC CUSTOM
mv GENERIC /root/kernels
mv CUSTOM /root/kernels
ln -s /root/kernels/GENERIC GENERIC
ln -s /root/kernels/CUSTOM CUSTOM
vi /root/kernels/CUSTOM and edit
Inlude these options for a high-res console:
options VESA            # for high resolution screen
options SC_PIXEL_MODE   # for high resolution screen

(side note regarding hi-res console: after rebooting into the new kernel, you can run:

add to /etc/rc.conf to enable high resolution console if desired
allscreens_flags=”MODE_279″

To see what modes are available.
vidcontrol -i mode

Test the screen mode
vidcontrol MODE_279

Check out file /usr/src/UPDATING for any special information

make -j4 buildworld
make buildkernel KERNCONF=CUSTOM
make installkernel KERNCONF=CUSTOM

reboot and at boot screen, go to single user mode

(Note: if new kernel is bad and causes a lot of problems:
Reboot and select the “Escape to a loader prompt” option, number six. At the prompt, type unload kernel and then type boot /boot/kernel.good/kernel  You can then proceed to fix the new kernel problems and do another kernel compile.)

To install new world:
Once in single user mode:
fsck –p
mount –u /
mount –a –t ufs
swapon –a
adjkerntz –i

cd /usr/src
mergemaster –p
use new file, merge with current file, or delete new file
make installworld KERNCONF=CUSTOM
mergemaster
use new file, merge with current file, or delete new file
reboot

RUN PORTSNAP TO EXTRACT/INSTALL LATEST PORTS.

An useful tip after installing new programs from the ports:
Depending on your shell, rehash or hash -r will refresh your current environment and be able to find the newly installed programs. No need to log out and log back in to get at the new commands.

cd /usr/ports
Portsnap is included as of FreeBSD 6.2. No need to install from packages or ports
Edit /etc/portsnap.conf (make sure two REFUSE foreign languages lines aren’t commented out)
portsnap fetch  (downloads a huge file >60MB)
Only do this once for the first time: portsnap extract.
Do a ‘portsnap update’ when updating ports again in future.

install the port for portsupgrade (which includes portsdb).
cd /usr/ports/ports-mgmt/portupgrade
make config-recursive
make install clean

CHECK TO SEE IF ANY INSTALLED PROGRAMS NEEDS AN UPDATE AND PERFORM THE UPDATES
cd /usr/ports
make fetchindex
portsdb –u
portversion –v –l “<”
Check /usr/ports/UPDATING for information you need to do before portupgrading
portupgrade –varR
(if there are problems with a port, i.e. may have been moved, do a portupgrade -f [port])

ENABLING LINUX BINARY COMPATIBILITY

/etc/rc.conf
linux_enable=”YES”

kldload linux
kldstat to make sure linux.ko shows up

/etc/make.conf
OVERRIDE_LINUX_BASE_PORT=f10
OVERRIDE_LINUX_NONBASE_PORTS=f10

/etc/sysctl.conf
compat.linux.osrelease=2.6.16

sysctl compat.linux.osrelease=2.6.16

/etc/fstab
linproc   /usr/compat/linux/proc    linprocfs    rw   0    0

mkdir -p /usr/compat/linux/proc
mount /usr/compat/linux/proc

cd /usr/ports/emulators/linux_base-f10/
make config-recursive
make install clean

INSTALL VMWARE GUEST TOOLS FROM THE ISO IMAGE
(VMware workstation 7 has vmtools ISO for FreeBSD 8)
Load vmware’s freebsd.iso in CDROM or VMware menu, install VMware Tools.

cd /usr/ports/misc/compat6x
make install clean

mount /cdrom
cd /tmp
tar zxf /cdrom/vmware-freebsd-tools.tar.gz
umount /cdrom

Run the VMware Tools installer.
cd vmware-tools-distrib
./vmware-install.pl

Run the configuration program and accept default values.
vmware-config-tools.pl

SET UP NTPD
in /etc/ntp.conf:
make sure this isn’t commented out:

restrict 127.0.0.1

in /etc/rc.conf:
# Allow clock to be constantly updated
ntpd_enable=”YES”

BETTER VIRTUAL MACHINE PERFORMANCE
add kern.hz=50 to /boot/loader.conf

INSTALL BASH
cd /usr/ports/shells/bash
make install clean

SETUP CONVENIENT SHORTCUTS IN .BASHRC
# .bashrc – Bourne Again SHell configuration file for interactive shells.
# file permissions: rwxr-xr-x
umask 022
HISTFILESIZE=2000
HISTSIZE=2000

#Limit core files to 0
ulimit -c 0

BLOCKSIZE=K; export BLOCKSIZE
#EDITOR=/usr/local/bin/vim; export EDITOR
PAGER=/usr/bin/less; export PAGER
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/usr/local/kde4/bin:$HOME/bin:. ; export PATH

# some useful aliases
alias updatelocate=’/usr/libexec/locate.updatedb’
alias down=’shutdown -h now’
alias h=’fc -l’
alias j=jobs
alias m=$PAGER
alias g=’egrep -i’
alias renew=’source ~/.bashrc’

alias disksize=’df -kh’
alias dirsize=’du -h -d 1 .’
alias free=’top -d1 | head -5 | tail -2′
alias showpath=’echo $PATH | tr -s ”:” ”\\012”’
alias listpkgs=’pkg_info | less’
alias gowww=’cd /usr/local/www/data’
alias editphp=’vi /usr/local/etc/php.ini’
alias editphpini=’vi /usr/local/etc/php/extensions.ini’

# checking RAID disks
#alias checkdisk0=’smartctl -a –device=3ware,0 /dev/twe0′
#alias checkdisk1=’smartctl -a –device=3ware,1 /dev/twe0′
#alias runcheckdisk0=’smartctl -t long –device=3ware,0 /dev/twe0′
#alias runcheckdisk1=’smartctl -t long –device=3ware,1 /dev/twe0′
#alias checkraid=’tw_cli /c0 show’

# set prompt
PS1=”[\u]:\w $ “
PS2=”>”

#Web control shortcuts

alias restartwww=’/usr/local/etc/rc.d/apache22 restart’
alias editwww=’vi /usr/local/etc/apache22/httpd.conf’
alias editvhosts=’vi /usr/local/etc/apache22/extra/httpd-vhosts.conf’

# MySQL/Postgresql control shortcuts
alias restartmysql=’/usr/local/etc/rc.d/mysql-server restart’
alias editpg=’vi /usr/local/pgsql/data/postgresql.conf’
alias editpgaccess=’vi /usr/local/pgsql/data/pg_hba.conf’
alias restartpg=’su -l pgsql -c “pg_ctl restart -D /usr/local/pgsql/data”‘

# finding filenames in current directory and subdirectories – Bash
function findfile() { find . -type f -iname ‘*’$*’*’ -ls ;}

# finding a text string in files in current directory and sub-directories – Bash
function findtext() { find . -exec egrep $* \{\} /dev/null \; ; }

# finding a directory in sub-directories – Bash
function finddir () { find . -type d -iname ‘*’$*’*’ -ls ; }

#function httpconnections () { netstat -la | grep http | sort | awk -F” ” ‘{ printf “%-50s %s\n”, $5, $6 }’ ; }

#function httpwho() { netstat -la | grep zeus\.http | sort | awk -F” ” ‘{ printf “%-50s\n”, $5}’ | sed ’s/.[0-9][0-9][0-9][0-9][0-9]//’ | sed ’s/.[0-9][0-9][0-9][0-9]//’ | uniq | grep -v zeus ; }

# Detecting Emacs sub-shell in Bash shell
[ "$EMACS" == 't' ] && PS1=”[\u]:\w $ “
[ "$TERM" == "screen" ] && PS1=”s[\u]:\w $ “

# Colorized ls
# FILE-TYPE =fb
# where f is the foreground color
# b is the background color
# So to setup Directory color blue setup DIR to ex
# Default for all
# Color code (fb)
# a black
# b red
# c green
# d brown
# e blue
# f magenta
# g cyan
# h light grey
# A bold black, usually shows up as dark grey
# B bold red
# C bold green
# D bold brown, usually shows up as yellow
# E bold blue
# F bold magenta
# G bold cyan
# H bold light grey; looks like bright white
# x default foreground or background

# search path for cd(1)
# CDPATH=.:$HOME
# Colour code
DIR=Dx
SYM_LINK=Gx
SOCKET=Fx
PIPE=dx
EXE=Cx
BLOCK_SP=Dx
CHAR_SP=Dx
EXE_SUID=hb
EXE_GUID=ad
DIR_STICKY=Ex
DIR_WO_STICKY=Ex
# Want to see fancy ls output? blank to disable it
ENABLE_FANCY=”-F”

export LSCOLORS=”$DIR$SYM_LINK$SOCKET$PIPE$EXE$BLOCK_SP$CHAR_SP$EXE_SUID$EXE_GUID$DIR_STICKY$DIR_WO_STICKY”

[ "$ENABLE_FANCY" == "-F" ] && alias ls=’ls -GF’ || alias ls=’ls -G’

# now some handy stuff
alias l=’ls’
alias ll=’ls -laFo’
alias lm=’ll|less’
alias lsize=’ls -alhSr’
alias llc=’echo Total number of files `ll | wc -l` in `pwd`’

alias del_mailqueue=’postsuper -d ALL’

alias banipshow=’pfctl -t bruteforce -T show’
alias banipshowperm=’pfctl -t permanentban -T show’
alias banipclear=’pfctl -t bruteforce -T flush’
alias banipclearperm=’pfctl -t permanentban -T flush’

function banip() { pfctl -t bruteforce -T add $@ ; }
function banipperm() { pfctl -t permanentban -T add $@ ; }

alias listsockets=’sockstat -4′

#alias vi=vim
alias c=clear
alias d=”ls -l”

Add above the last ‘endif’ and inside the if ($?prompt) block of .cshrc:
[ -x /usr/local/bin/bash ] && exec /usr/local/bin/bash
Reason for this: if boot into single mode without mounting, need to skip loading of bash shell.

For regular users, change to csh shell, which will in turn start a bash shell:
chsh jared
Shell: /bin/csh

SETTING UP A KDE4 ENVIRONMENT
Excellent instructions here at ( http://bit.ly/cmWJmg )

install x11/xorg port

/etc/rc.conf
hald_enable=YES”
dbus_enable=”YES”

Run vmware-config.pl again to properly set up /etc/X11/xorg.conf

startx (to test)
type exit in all xterm windows to return to command prompt.

install x11/kde4 port (warning: takes a LONG time!!!)

Inside ~/.xinitrc
PATH=/usr/local/kde4/bin:$PATH
export PATH
exec startkde

Install few more nice-looking fonts for Xorg:
cd /usr/ports/x11-fonts/urwfonts
make install clean

Add sound support to /boot/loader.conf (prevents KDE4 from complaining)
snd_es137x_load=”YES”

kldload snd_es137x

startx

After KDE4 working, install ports for firefox with flash10 support:
( http://www.freebsd.org/doc/handbook/desktop-browsers.html )

www/firefox

Add to /boot/loader.conf
sem_load=”YES”

www/nspluginwrapper
www/linux-f10-flashplugin

Exit superuser mode and return to normal user:
nspluginwrapper -v -i /usr/local/lib/npapi/linux-f10-flashplugin/libflashplayer.so

Unfortunate warning: Flash10 doesn’t have strong support in FreeBSD. Expect Firefox to freeze for few seconds once in a while before resuming normal operations. (npviewer.bin core dumps). Not a show-stopper but is a bit annoying.

AUTOMATICALLY BOOT INTO KDE AT SYSTEM STARTUP

Inside /etc/ttys

Add this line:
ttyv8 “/usr/local/kde4/bin/kdm -nodaemon” xterm on secure

SETTING UP PASSWORD-PROTECTED SUDO FOR USERS IN WHEEL GROUP
Useful when starting programs such as wireshark which will not run as superuser in X display environment.

cd /usr/ports/security/sudo
make install clean

edit /usr/local/etc/sudoers and uncomment this line:
%wheel ALL=(ALL)  ALL

add user to the wheel group
pw user mod jared -G wheel

Start install from Fedora DVD
(When asked during installation, create a regular user account called ‘admin’ or whatever username you want)
———–
use default values during the installation except for:

Software packages to install (Customize now):
———–
Check “Customize now”
Select these packages:
Desktop environments – default (GNOME)
Applications – default
Development – Development Libraries, Development Tools
Servers – default
Base – Admin Tools, Base, Fonts, Java, X window system
Languages – NONE

Wait for package installations to complete then reboot.
———–

At first boot:
———–
Enable NTP and remove Fedora NTP servers and use pool.ntp.org

Disable annoying SELinux protection
———–
SELinux set to permissive.
System -> SELinux Administration
System Default Enforcing Mode to Disabled
Current Enforcing Mode to Permissive.

Bring system up to date:
———–
Login as admin
su
yum update

Disable IPv6 (some network programs try to bind to all interfaces and don’t handle IPv6 well)
———–
Inside /etc/modprobe.d/blacklist-ipv6.conf
install ipv6 /bin/true
blacklist ipv6

Inside /etc/sysconfig/network
make sure have this line:
NETWORKING_IPV6=no

turn off ip6tables firewall:
service ip6tables stop
chkconfig ip6tables off

Reboot system to use latest kernel
———–
reboot

Install VMware Tools for better VM performance
———–
Host -> VM -> Install VMware Tools
mount (see which directory /dev/hdc was mounted on)
cp /media/VMware\ Tools/VMwareTools-xxx.tar.gz ~admin/
cd ~admin/
tar -zxvf VMwareTools-xxx.tar.gz
su
cd vmware-tools-distrib
./vmware-install.pl
install using default values and select a screen resolution (1280×960
works well)

Ensure VMware Tools survives future kernel upgrades
———–
Place this script inside /etc/rc.local

# Automatically install vmware tools modules after a kernel upgrade.
# Installing new vmware tools modules causes network to go down and up.
# (The pcnet32 module is swapped out for vmxnet driver)
# This may have adverse effect on network-aware programs already running.
# So is safer to reboot to ensure everything is working properly.

if [ ! -e /lib/modules/`uname -r`/misc/.vmware_installed ]; then
printf “\nDetected absence of VM Tools- starting the modules compiling.\n\n”
/usr/bin/vmware-config-tools.pl –default
VMToolsVersion=`/usr/bin/vmware-config-tools.pl –help 2>&1 | awk ‘$0 ~ /^VMware Tools [0-9]/ { print $3,$4 }’`
printf “\nNewly installed VM Tools version: $VMToolsVersion\n\n”
touch /lib/modules/`uname -r`/misc/.vmware_installed
depmod -a
printf “\n *** REBOOTING *** Ensure a clean system with VM
Tools loaded.\n\n”
reboot
fi

As root superuser:
touch /lib/modules/`uname -r`/misc/.vmware_installed

reboot

Shutdown and turn off services unnecessary for a Fedora desktop
———–
bluetooth – no need to use bluetooth.
btseed – bittorrent only.
bttrack – bittorrent only.
firstboot – no longer needed.
mdmonitor – monitors LVM or RAID information. not necessary for VM.
microcode_ctl – utility for Intel IA32 processors. not necessary for VM.
nfs – Not planned to be used.
nfslock – good only for NFSv4
rpcgssd – good only for NFSv4
rpcsvcgssd – good only for NFSv4
rpcidmapd – good only for NFSv4
sendmail – will be replaced with postfix

chkconfig –list (shows services)

for i in \
bluetooth btseed bttrack firstboot \
mdmonitor microcode_ctl nfs nfslock \
rpcgssd rpcsvcgssd rpcidmapd sendmail; \
do (chkconfig $i off ; service $i stop) ; done

Important post-installation steps
———–
# Install Postfix so we can remove Sendmail
yum -y install postfix

# Remove Sendmail
# pcsc-lite generates lots of spurious log entries with our NIS/Kerberos setup.
# We’re not using smart cards, so we’ll just remove it
yum -y remove sendmail pcsc-lite

Optional: improve several aspects of the root superuser account
———–
Enhance the path for root superuser to make it easier to run commands
add to root superuser’s .bashrc
PATH=$PATH:/usr/sbin:/sbin:$HOME/bin
export PATH

Better colors inside shell:
cp /etc/DIR_COLORS /root/.dircolors

Install the additional repos for Fedora to gain access to more software packages
———–

RPM Fusion (free and non-free)
rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm \
http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
yum update

Livna RPMs (mostly merged into rpmfusion, but not everything was)
rpm -Uvh http://rpm.livna.org/livna-release.rpm
yum update

Get the Adobe YUM repo installation via web.
Download and install the Adobe Release RPM.

Chromium for Linux
In file: /etc/yum.repos.d/chromium.repo
[chromium]
name=Chromium Test Packages
baseurl=http://spot.fedorapeople.org/chromium/F$releasever/
enabled=1
gpgcheck=0

These are some of the steps you can take to better optimize a base (bare-bones) RHEL VMware Virutal Machine.  Feel free to add your comments with additional tips.

Fedora distro is slightly different than the Red Hat distro but similar actions can be taken for optimization.

When asked during installation, create a regular user account called ‘admin’

======================================
After creating initial VM files,
———–
Check the .vmx config file and find the MAC address.

If have a DHCP server on the network, include the MAC address  so that desired IP address and a hostname can be automatically assigned at the time the server makes a DHCP request.

Start install from RHEL 5.4 DVD
———–
use default values during the installation except for:

Software packages to install:
———–
Uncheck Virtualization
Check “Customize now”
Select these packages:
GNOME Desktop environment
Applications – Editors – vim-enhanced (uncheck all EMACS packages)
Development – Development Libraries, Development Tools
Servers – NONE
Base – Admin Tools, Base, Java, Legacy Software Support, X window system
Virtualization – NONE
Languages – NONE

Wait for disk to be formatted and base system installation to complete then reboot.
———–

At first boot:
———–
SELinux set to permissive.
Enable NTP and remove RedHat NTP servers and use pool.ntp.org
Register with RHN

Bring system up to date:
———–
Login as admin
su
yum update

Disable IPv6 (some network programs try to bind to all interfaces and don’t handle IPv6 well)
———–
Inside file: /etc/modprobe.conf
add this line:
options ipv6 disable=1

Inside /etc/sysconfig/network
make sure have this line:
NETWORKING_IPV6=no

turn off ip6tables firewall:
chkconfig ip6tables off

Reboot system to use latest kernel
———–
reboot

Install VMware Tools for better VM performance
———–
Host -> VM -> Install VMware Tools
mount (see which directory /dev/hdc was mounted on)
cp /media/VMware\ Tools/VMwareTools-xxx.tar.gz ~admin/
cd ~admin/
tar -zxvf VMwareTools-xxx.tar.gz
su
cd vmware-tools-distrib
./vmware-install.pl
install using default values and select a screen resolution.

Ensure VMware Tools survives future kernel upgrades
———–
Place this script inside /etc/rc.local

# Automatically install vmware tools modules after a kernel upgrade.
# Installing new vmware tools modules causes network to go down and up.
# (The pcnet32 module is swapped out for vmxnet driver)
# This may have adverse effect on network-aware programs already running.
# So is safer to reboot to ensure everything is working properly.

if [ ! -e /lib/modules/`uname -r`/misc/.vmware_installed ]; then
printf “\nDetected absence of VM Tools- starting the modules compiling.\n\n”
/usr/bin/vmware-config-tools.pl –default
VMToolsVersion=`/usr/bin/vmware-config-tools.pl –help 2>&1 | awk ‘$0 ~ /^VMware Tools [0-9]/ { print $3,$4 }’`
printf “\nNewly installed VM Tools version: $VMToolsVersion\n\n”
touch /lib/modules/`uname -r`/misc/.vmware_installed
depmod -a
printf “\n  *** REBOOTING ***  Ensure a clean system with VMTools loaded.\n\n”
reboot
fi

As root superuser:
touch /lib/modules/`uname -r`/misc/.vmware_installed

reboot

Shutdown and turn off services unnecessary for a VM server
———–
avahi-daemon – no need to service discovery (printers, file servers, etc) on local network
bluetooth – no need to use bluetooth on server
cups – no need to run printing services (unless is Samba or CUPS server)
firstboot – no longer needed.
hidd – Bluetooth HID daemon for bluetooth input devices (keyboard/mouse)
hplip – for printers drivers
mdmonitor – monitors LVM or RAID information. not necessary for VM.
microcode_ctl – utility for Intel IA32 processors
pcscd – Smart Cards daemon used by pcsc-lite
rpcgssd – good only for NFSv4
rpcidmapd – good only for NFSv4
sendmail – will be replaced with postfix
setroubleshoot – SELinux troubleshooting helper (not using SELinux and it can hog CPU and memory)
smartd – not necessary to monitor disk inside a VM.
xinetd – Good only for services that are occassionally accessed.

chkconfig –list shows services based on xinetd.

yum-updatesd – not necessary to be notified of new updates. updates done manually.

for i in \
avahi-daemon bluetooth cups firstboot hidd \
mdmonitor microcode_ctl pcscd rpcgssd rpcidmapd \
sendmail setroubleshoot smartd xinetd yum-updatesd; \
do (chkconfig $i off ; service $i stop) ; done

Important post-installation steps
———–
# Install Postfix so we can remove Sendmail
yum -y install postfix

# Remove Sendmail
# pcsc-lite generates lots of spurious log entries with our NIS/Kerberos setup.
# We’re not using smart cards, so we’ll just remove it
yum -y remove sendmail pcsc-lite

Change default boot to runlevel 3 (don’t boot into X window system to save system resources)
———–
in file: /etc/inittab
find the line: id:5:initdefault and change from ‘5′ to ‘3′

if you find that you need to start up GNOME in X window, type ’startx’ at the prompt.
Optional: improve several aspects of the root superuser account
———–
Enhance the path for root superuser to make it easier to run commands
add to root superuser’s .bashrc
PATH=$PATH:/usr/sbin:/sbin:$HOME/bin
export PATH

Better colors inside shell:
cp /etc/DIR_COLORS /root/.dircolors

Optional: Install the RPMForge repos for RHEL5

(gain access to more but *unsupported* RHEL5 software packages. This can cause problems if you aren’t careful)
———–
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum update

************************
Manually cloning the VM
———–

After cloning a VM but before booting it up, the cloned vmx file will still have the original MAC address.  This will change during the first boot of the cloned VM. The newly generated MAC address needs to be included in the DHCP server so that the proper hostname can be assigned to the VM once it makes a DHCP request.

Generate a new MAC address for the VM
———–
Start up the VM and force a shut-off once it hits the boot screen. (don’t need to boot fully)
Get the new MAC address from the vmx file.
Add the MAC address to the DHCP server and pair it up with IP address and hostname.  Make sure there are both a DNS lookup of hostname and reverse DNS lookup of the IP address.

Minor cleaning up: Removing old eth0.bak interface that is no longer used.
———–
Boot fully to runlevel 5, into the GNOME window environment so can run a X GUI app.

startx

Open a terminal and su

Important note: The following steps must be done exactly in this order!

system-config-network

inside Devices tab
Make sure both ‘Nickname’ eth0 and eth0.bak are checked.
Select ‘Nickname’ eth0, keeping it checked then deactivate it.
Uncheck eth0.bak
Select eth0, keeping it checked then activate it.
Select eth0.bak, keeping it unchecked then delete it.
Quit and save the configuration.

Now the system is fully cloned with its own identity: MAC, hostname, and IP address.

Burning hard SubRip (SRT) subtitles into AVI video clip
If using winmenc, copy c:\windows\fonts\arial.ttf to subfont.ttf inside the mplayer subdirectory (so mencoder can find a font file for the subtitles)
mencoder -oac copy -ovc raw -sub input.srt -subfont-text-scale 3.0 -subpos 95 -sub-bg-alpha 50 -utf8 -o output.avi input.avi

Burning hard SubRip (SRT) subtitles into MP4 video clip
mencoder -oac mp3lame -ovc lavc -lavcopts vcodec=mpeg4 -sub input.srt -subfont-text-scale 3.0 -subpos 95 -sub-bg-alpha 50 -utf8 -o output.mp4 input.mp4

How to convert MP4 into AVI and resize along the way
Get the Automated FFmpeg Win32 builds made by Ramiro Polla.
ffmpeg -i input.mp4 -map 0:0 -map 0:1 -vcodec mpeg4 -b 500k -s 640×480 -acodec copy -f avi output.avi

How to create SubRip SRT subtitles files:
Freeware for Windows: Subtitle Workshop.
Payware for Mac OSX: MovCaptioner.

A quick workaround for failed XFCE logins seen in Karmic (9.10) Xubuntu when running inside VMware VM with vmware-tools installed:

Do not attempt to change the Display size, leaving it at the default 800×600.  Login and let the session start up in 800×600.  Wait about about 5 seconds then you can use VMware-tools key short-cut of CTRL-ALT-ENTER to go to full screen and the screen resolution will automatically change to the higher settings.

If you have set the Display size, you may be experiencing the cycling login window problem.  There is a problem changing the screen resolution and the screen always returns back to the login prompt window.

To start over: select the xterm session at the login window (at the bottom) then login and remove the ~/.config directory in your home directory.

The standard (and up-to-date) Ubuntu 9.10 installation also exhibits the screen resolution problem.

*more updates*

This seems to be related to the recent kernel updates.  However, if you wait 10-15 seconds before logging in at the login prompt window, the display resolution changes work.  This may have something to do with the boot order of the modules.  VMware modules may be getting a late start and this affects the ability to change resolution inside a VMware VM until they are fully loaded and ready to go.

One of the great things about enterprise Linux distro installations, such as RedHat, SLES, etc is that most of them are defaulting to a LVM (Logical Volume Manager) filesystem which is a natural fit for Linux virtualized systems.

Using LVM with a virtualized hard drive makes it very easy to grow the disk space within minutes when the need arises. A good system administrator will already understand the LVM relationship between Physical Volumes, Volume Groups, and Logical Volumes.

Suppose you wanted to grow the disk space within a Linux virtual machine to 50GB:

The first step is to increase the VM vmdk file size:

This can be done via the VMware admin GUI by opening the settings of the VM and using the Expand utility to grow the hard drive size to 50 GB.

Another alternative is to use vmware-vdiskmanager.exe on the command line:

vmware-vdiskmanager.exe -x 50GB “Red Hat Enterprise Linux 5.4-cl1.vmdk”

Note that this action doesn’t have any resizing effect on the existing partitions of the virtual machine and only adds more unpartitioned space to the virtual hard drive.

Convert the unpartitioned space into usable filesystem so it can be included within the LVM filesystem.

Boot into the VM and su to the superuser account

Find the device where the unpartitioned space is:

fdisk -l

Disk /dev/sda: 53.6 GB, 53687091200 bytes
255 heads, 63 sectors/track, 6527 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14        2610    20860402+  8e  Linux LVM

since this is a virtual machine and this is the first disk expansion, it’s likely located in /dev/sda (note the size of /dev/sda which is roughly the new expanded size).

Create a new partition that takes up the remaining space and is of filesystem type 8e (LVM):

fdisk /dev/sda

n (new)
p (primary)
3 (partition number, since 1st and 2nd partition already exists)
select default first available cylinder to the default last cylinder.
t (type)
3 (partition number)
8e (set type to LVM)
p (view the new partitions layout)
w (write out the new partitions layout to disk)

reboot the system so the new partition is recognized by the system.

reboot

The new partition layout is now:

Disk /dev/sda: 53.6 GB, 53687091200 bytes
255 heads, 63 sectors/track, 6527 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14        2610    20860402+  8e  Linux LVM
/dev/sda3            2611        6527    31463302+  8e  Linux LVM

The next step is to use LVM to take the newly formed partition and turn it into a new Physical Volume, add it to a Volume Group, and finally assimilate its free space into a Logical Volume.

Convert /dev/sda3 partition into a Physical Volume so LVM can make use of it:
pvcreate /dev/sda3

Add the new Physical Volume to the Volume Group as additional free space:
vgextend VolGroup00 /dev/sda3

vgdisplay (note the free space now in the Volume Group which can now be assigned to a Logical Volume)

— Volume group —
VG Name               VolGroup00
System ID
Format                lvm2
Metadata Areas        2
Metadata Sequence No  4
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                2
Act PV                2
VG Size               49.88 GB
PE Size               32.00 MB
Total PE              1596
Alloc PE / Size       636 / 19.88 GB
Free  PE / Size       960 / 30.00 GB
VG UUID               0JB6GV-gFJW-onuN-7Xq1-OKim-n5gM-EVPUKB

Have the Logical Volume (within the Volume Group) overtake the remaining free space of the Volume Group:
lvextend -l +100%FREE /dev/VolGroup00/LogVol00

vgdisplay (note the free space in Volume Group is now gone since it was all assigned to a Logical Volume)

— Volume group —
VG Name               VolGroup00
System ID
Format                lvm2
Metadata Areas        2
Metadata Sequence No  5
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                2
Act PV                2
VG Size               49.88 GB
PE Size               32.00 MB
Total PE              1596
Alloc PE / Size       1596 / 49.88 GB
Free  PE / Size       0 / 0
VG UUID               0JB6GV-gFJW-onuN-7Xq1-OKim-n5gM-EVPUKB

Trigger online resizing of the live and mounted filesystem so the new disk space can be utilized immediately:
resize2fs -p /dev/mapper/VolGroup00-LogVol00

Now, the system has a bigger diskspace to play around with.

df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
45G  3.2G   40G   8% /
/dev/sda1              99M   19M   76M  20% /boot
tmpfs                1014M     0 1014M   0% /dev/shm

Marlee Matlin shows up at around 26:20 into the video.

If you have problems attempting to open CIFS/smb shares using Nautilus or Places –> Connect to Server (if using Gnome) and seeing a message about no application registered for the smb:// protocol.

These commands will register nautilus as smb:// protocol handler

$ gconftool-2 –set –type=string /desktop/gnome/url-handlers/smb/command ‘nautilus “%s”‘
$ gconftool-2 –set –type=bool /desktop/gnome/url-handlers/smb/enabled true
$ gconftool-2 –set –type=bool /desktop/gnome/url-handlers/smb/need-terminal false

The i’s have been dotted and the t’s have been crossed. It’s now official that I will be joining the Information Technology team at Gallaudet University this October. Gallaudet University has always been on the list of places where I would like to work. After several meetings with Jon Mitchiner and getting rave reviews about him from others, the positive vibes tell me that I’m on the right path. I came away impressed with the network infrastructure changes the Gallaudet IT team has made over time, and I’m looking forward to working with them. Among the compelling projects I’ll be focusing on will be building the new disaster recovery datacenter and migrating the Peoplesoft business system to a different hardware/OS platform.

It will be hard to leave Viable Communications, where I’ve been for the last two years. I’ve been lucky to work with people of very high caliber who made possible innovative products, such as the VPAD. I’ve learned a lot from the capable IT team; dealing with a complicated network infrastructure, the engineers who can handle all the gritty details of VoIP signaling and embedded systems, PR/media team who have output some of the most dazzling video/advertisements seen in the VRS industry, and other strong operational people. I’ve also had the privilege of meeting many Viable interpreters in person and they are all an outstanding and talented bunch of people.

While it’s well known that Viable is currently in a difficult financial predicament, I sincerely hope that the planned acquisition by Snap will be completed and both companies will emerge stronger as a result. Despite what some of the current sentiment might be, Viable still has remarkable people and resources. Everyone at Viable took a risk in joining a young start-up company because they could see the impact the company could have on deaf community. With the Snap acquisition, they will be able to right the boat and set sail again.

I wish the very best to Viable/Snap people as they get through this difficult transition and have confidence they will be able to see this through. If you are at Gallaudet University, feel free to meet me at EMG building- I’m looking forward to seeing some familiar faces there and meeting new ones!

Posted via web from jarednevans’s posterous