Reposting this.

It is apparent that Lucid is now leveraging CouchDB for use by most of the applications and settings. It also appeared that the details in CouchDB will also be included in synchronization should you enable Ubuntu One syncing.

Read more…

I was working on my laptop which dual boots between Ubuntu Jaunty and Windows XP when suddenly I found that the Fonts folder made my Windows XP to crash. This is how I fixed it.

People might think that this might be a sign of bigger problems to come. It ain’t. Windows is really like that - picky, bitchy, and naggish - like a bitter girlfriend that you haven’t made love with for a long time . Joking!

Well, there are really times that the Fonts folder contains a corrupted font, or you have unwittingly installed an “esoteric”, cool free font that you have downloaded from the net and that Windows is unable to ascertain just what that font is.

Well, the fix is really simple than most people think.

Windows XP (and even older versions) have a tool called System File Checker (sfc.exe). This little tool makes sure that your system files are of the correct and safe versions. However, there are times that Windows just “forgets” to use this tool to fix your problem. Well, you’re back to the rescue. Just run this command in the DOS terminal, or in Start | Run :

sfc /scannow

Make sure that you have your Windows XP install disc inserted in your optical drive because System File Checker will load the discs system files into the DLLCache and will compare and fix the existing installed files with those from the disc.

Doing this fixed my Font folder problem.

This might not fix everything that you might encounter, but this is a great tool to try with, in doing first level diagnostics and troubleshooting.

Good luck!

Technorati Tags: font, folder, crash, fix, system, file, checker, windows, xp

We were running Plesk on one of our servers, and Horde as webmail frontend for our users. The server has been running quite well for years on end and then suddenly users just couldn’t login to Horde. Even more mysterious is that no error message was displayed, and only a redirect back to the login page was done.

Checking the log at /var/log/psa-horde/psa-horde.log showed:

Jan 12 04:01:55 HORDE [error] [imp] FAILED LOGIN 123.234.22.123 (forwarded for [123.123.123.1]) to localhost:143[imap/notls] as user@ourdomain.com [on line 258 of "/usr/share/psa-horde/imp/lib/Auth/imp.php"]

We’ve tried using new and alternate user accounts to no avail. We tried checking and repairing the database tables in the Horde database. Rebooting the machine didn’t do squat.

What we didn’t do, which we should have done in the first place (and save more than 3 hours debugging), was to view the test page for Horde at http://ourdomain.com/horde/test.php and we were able to notice the line

session.auto_start disabled: No
Horde won't work with automatically started sessions, because it explicitly creates new session when necessary to protect against session fixations.

So we proceeded and edited the php.ini and set the following:

; Initialize session on request startup.
session.auto_start = 0

We then restarted httpd (/etc/init.d/httpd restart) and tried logging in to Horde, and it worked!

Our users can now login using Horde.

Enjoy!

Technorati Tags: Plesk, Horde, login, fail, maintenance, redirect, PHP, session, fix

Hello once again! First, I wanna apologize for the lack of updates (again). I have been so busy with new and exciting work and the possibilities and new skills have been really pouring in. Regardless, I wanna thank everyone for your continued support and finding this blog’s articles useful. My sincerest gratitudes. Anyways, I am sharing another really good solution for all of you guys out there.

Have you deployed Nagios and installed the NRPE plugin on your local and remote servers? Have you by any chance encountered, and was not quite able to solve, this error?

CHECK_NRPE: Socket timeout after 10 seconds

Actually this has also bugged our team a lot and we were really sure (or so we thought) that we have configured Nagios and the NRPE plugin correctly.

We thought it might be a problem with Nagios or the NRPE plugin and we haven’t been able to dedicate a lot of time to find out the problem due to other pressing tasks. But recently, I was able to find the time to diagnose the issue and now I am sharing with you the fix. And yes, it was really really straight forward and so damn simple! DOH!

On your remote machine, make sure that you have installed the NRPE plugin correctly. You can download the NRPE plugin documentation at http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf.

Once, you’ve configured your remote machine’s NRPE already, do local checking first.

# /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.8


If you get a response with a version of your NRPE, then you’re all set.

And do not forget to open port 5666 on your firewall (iptables or other wise). Refer to the NRPE documentation for more details.

On your monitoring machine, where Nagios was installed, install the NRPE plugin as well. Then do the remote NRPE check.

# /usr/local/nagios/libexec/check_nrpe -H
CHECK_NRPE: Socket timeout after 10 seconds.


Now, don’t be surprised if you get the CHECK_NRPE: Socket timeout error. We now need to make sure that our monitoring machine allows incoming and outgoing connections via port 5666.

To do just that, we open up our IPTables by doing:

# /sbin/iptables -A INPUT -s -p tcp -m tcp –dport 5666 -j ACCEPT
# /sbin/iptables -A OUTPUT -p tcp -m tcp –dport 5666 -j ACCEPT

The first command will allow our monitoring box to accept incoming connections from our remote_host via port 5666 and no other hosts and the second command will allow our remote machine to initiate connection via port 5666 to any remote machine. Of course we can make it tighter by specifying the destination box, but I don’t see the need for the meantime.

After adding the rules, make sure to save your new IPTables rules by doing

# /sbin/iptables-save > /etc/sysconfig/iptables

That’s it!

Try out some of these combinations to your remote host and see what the outputs are.

# /usr/local/nagios/libexec/check_nrpe -H -c check_load -t 120
#/usr/local/nagios/libexec/check_nrpe -H -c check_users
#/usr/local/nagios/libexec/check_nrpe -H -c check_zombie_procs

Enjoy!

Technorati linux, nagios, nrpe, monitoring
Site Search Tags: linux, nagios, nrpe, monitoring

I needed only one Apache HTTPD server visible over the Internet, and subdomains provided by internal webservers. I proceeded with mod_proxy.

On SLES10, go to /etc/apache2 and create a file named proxy.conf:

# Sample configs
# by hardwyrd
# 05/22/2009
#
# Disclaimer:
# Use at your own risk. It works for me, it might not work for you.
# If you decide to use or follow this config, you agree that I am not responsible for the damage
# to your system.

# Listen on internal interface only. Only mod_proxy uses this.

Listen 192.168.10.1:8080

# Set the user for mod_proxy
User nobody
Group nobody

# Turn on proxy requests
ProxyRequests On

Order deny,allow
Deny from all

# Declare your subdomain rechable from the internet.

Order deny,allow
Deny from all

# Allow only from specific IP addresses or allow all if this is accessible from the net.
Allow from all

# You can add as many
declarations as you can.

Create a virtual host on the public-facing Apache server. In SLES10, the config is at /etc/apache2/vhosts.d:

# Sample configs
# by hardwyrd
# 05/22/2009
#
# Disclaimer:
# Use at your own risk. It works for me, it might not work for you.
# If you decide to use or follow this config, you agree that I am not responsible for the damage
# to your system.

# A virtual host config is needed so that we can redirect the subdomain requests coming in at port 80 to the internal Apache server.
# Create equivalent virtual host entries for every
declaration in the proxy.conf .


ServerName your-subdomain.your-domain.tld
ServerAlias your-subdomain.your-domain.tld
ProxyPass / http://your-subdomain.your-domain.tld/
ProxyPassReverse / http://rspace.focusoutsourcing.com/


To enable the public Apache server forward the requests to the proper internal Apache server, you can use an internal DNS server with the correct A record for the domain pointing to the IP of the internal Apache server. Or, the quickest way is to add the subdomain to the hosts file (/etc/hosts).

#/etc/hosts
192.168.10.22 your-subdomain.your-domain.tld

On the internal Apache server, create a standard virtual host for the subdomain.

That’s it! Only one apache server will be visible to the public, and yet serve multiple subdomains, spread among various internal Apache servers.

Enjoy!

Technorati : apache, mod_proxy, web+server, linux
Site Search Tags: apache, mod_proxy, web+server, linux

Funny as it may seem, I fell for it (yet again perhaps?). I’ve installed CentOS5 on top of VirtualBox 2.2.2 on my Ubuntu Hardy 8.04 for the sole purpose of testing out ASP.NET hosting using Mono, XSP, and Apache. And I was in for a surprise that I could not access my virtual machine’s Apache web server instance.

I was able to install VirtualBox 2.2.2 vanilla (not the official Ubuntu package) without any problems. I followed it up by installing CentOS5 as a virtual machine. I then proceeded and configured the network interface for the virtual machine on the VirtualBox Management panel, and set it up to use “Bridged” networking.

I proceeded by booting the virtual machine and watched every boot message zip by without a hitch. I then logged into the virtual machine as root and configured the IP address for the network interface. After which, I pinged the IP address and got the reply I want. I then tried to log in via SSH, ang was able to get in. “Hmm… everything seems to be in order. Might as well continue.” I said to myself. Boy was I in for a surprise.

I proceeded and configured the web server, enabling name-based virtual hosting, started Apache and tried to browse the test page. And then… nothing! ACCKK!!! I checked the IPTables rules if there’s something a-miss. So far everything seems to be in order (really?) . Tried a couple more times, and still get a failure from Firefox. Hmmm.. what could it be. Pondering for hours what could have been missed. A colleague suggested to flush the entire set of IPTables rules, which I did and tried accessing the web server. What do you know! I was able to browse the basic landing page. “Hmmm.. there must be something wrong with the IPTables rules” I said whispering.

I proceeded and checked again /etc/sysconfig/iptables and sure enough, I found the culprit. I mistakenly added the IPTables rule that opens port 80 AFTER the reject rule! No wonder port 80 doesn’t open up. I edited the /etc/sysconfig/iptables again, and place the port 80 rule on top of the reject rule, which will then allow it to take effect first, before the reject rule is activated. And then everything worked as it should.

Lesson? Sometimes the obvious things are really hard to find and double checking definitely will prevent the unnecessary debugging for when your system goes to production. I’m just glad this is a simulation system and not production.

I think it was stupid of me not to notice the order of the rules in the iptables file. What do you think?

Technorati linux, virtualization, virtualbox, centos5, apache, webserver, iptables
Site Search Tags: linux, virtualization, virtualbox, centos5, apache, webserver, iptables

We needed a helpdesk and a knowledgebase system and we prefer that it be opensource. We have found OneOrZero HelpDesk and KnowledgeBase to be a good candidate. We decided to take a look at it and see for ourselves. Installation was tad easy. All you need is an Apache server, PHP, and MySQL and voila! We have been running it using MySQL for sometime but we didn’t as of yet let users use the system.

We have been mulling over the idea of integrating OneOrZero HelpDesk and KnowledgeBase authentication with our existing LDAP server which also authenticates our Windows domain users via our Samba PDC. OneOrZero is pretty much convenient for us since it already has LDAP authentication capability. Or so we thought.

Setting up LDAP for OneOrZero HelpDesk, required us to modify its settings. You can do this using its own control panel, by logging in as an administrator, or you can go brute it out by going to where the OneOrZero configuration files are located. In my case it is in

/srv/www/onezero/configuration/website_settings.php

Please note that the location may not be the same in your case, depending on where you extracted your files, and where your Apache DocumentRoot is located. Make the necessary adjustments.

After locating the file, make a copy first of the existing file (you dont want to lose working settings do you? then edit website_settings.php by opening your favorite text editor - which in my case is VI.

vi website_settings.php

Navigate your way down towards near the end of the file, and review the LDAP-related parameters. Please note, I’ll be using my own LDAP parameters as examples and yours might be different depending on your LDAP server flavor (AD, OpenLDAP, Netware/OES/others).

# Enable LDAP authentication. This is DB by default.
auth_method = "LDAP"

# IP address of your LDAP server
ldap_host = "192.168.10.10"

# If you are using AD, specify the domain name. I'm using OpenLDAP so, I ignored this.
ldap_domain = ""

# Specify the user that will be used to bind to your LDAP server. Not needed if anonymous bind is allowed
ldap_binddn = "cn=ldapbinder,dc=mydomain,dc=com"

# Specify the password for the binding user
ldap_bindpwd = "secret"

# Set the location in your LDAP schema where the search will start from. In my case, I have an OU called "Users"
ldap_rootdn = "ou=Users,dc=mydomain,dc=com"

# Provide here the search attributes. Note though that this might be different on your particular flavor of LDAP.
# Use an LDAP browser utility to double check.
ldap_searchattr = "uid"
ldap_fname = "givenname"
ldap_lname = "sn"
ldap_uname = "uid"
ldap_email_add = "mail"
ldap_office = "l"
ldap_phone = "telephonenumber"
ldap_context = "dn"


Save your file after editing.

We then tried logging in using our LDAP accounts, however it seems that OneOrZero cannot find our accounts, or rather LDAP cannot find the accounts passed by OneOrZero to it. So, I then looked at the LDAP log and checked what the problem is. Sure enough, I found the culprit.

Jan 14 11:18:15 x2100 slapd[4044]: conn=5857 op=1 SRCH base="ou=Users,dc=mydomain,dc=com" scope=2 deref=0 filter=”(uid=minime)”

No wonder LDAP cannot locate the user. Even though it is searching on the right section of the LDAP tree, it doesn’t know which one to pick up. Remember, we use our LDAP server as authentication for our Windows users via Samba as well. Heck, we even authenticate our SSH users via LDAP also.

Another challenge!

How do I hack the filter in OneOrZero so that it works for my LDAP server ? (GOD I LOVE THIS WORK!)

Simple, I have to locate the filter string deep in the vowels of OneOrZero’s source code and insert my own filter or manipulate it so that the output filter will meet what my LDAP server really needs.

OK OK! Enough suspense, how did I do it? Simple.

Navigate yourself to where you extracted OneOrZero - in my case /srv/www/onezero/common , and edit the file common.php . When you open the file, navigate yourself towards line 164 . There you will find the $filter variable which receives the value from the LDAP search attribute that was set in website_settings.php .

When you locate the $filter variable, comment the existing one, and replace it so that it looks like this:

// $filter = "($ldap_searchattr=$name)"; //This is the default filter string

$filter = "(&(objectClass=posixAccount)($ldap_searchattr=$name))" // This is my new filter string to fit my LDAP server.

Save the file and do a test login. That’s it!

If you still have trouble setting it up (which I doubt), feel free to look at the Administration guide at http://www.oneorzero.com/wiki/index.php?title=OneOrZero_Settings

Enjoy!

Technorati : oneorzero, helpdesk, linux, ldap, authentication
Site Search Tags: oneorzero, helpdesk, linux, ldap, authentication

You now have your nice PFSense firewall connected to the net and your users are happily connected then you decided to put up publicly-accessible network services like a web server. But horror starts to creep in when you found out that your users (or your developers) cannot access your public server using their workstations within your local network.

You tried everything in vain and suddenly felt the urge to scream with all your might.

AAAARRGGGHHH!!!!

As far as you’re concerned, you’ve setup PFSense correctly. You have enabled port forwarding quite perfectly. The web server is running without a hitch. You have your DNS working perfectly. But your users cannot seem to access your internal server using your public IP address or domain..

..then you raised your limp hands in resignation.

Dont despair. It’s really simple.

1. Open your PFSense web gui.

2. Move your mouse over to System, and click Advanced.

3. Scroll down, and look at the Disable NAT Reflection field. Make sure that it is unchecked.

4. Click on Save.

That’s all there is to it! Enjoy!

Technorati PFSense, NAT, reflection
Site Search Tags: PFSense, NAT, reflection

Here’s a video article by Laura Chappell on how you can make your wireless snooping a bit more comfy by adding columns for your wireless antenna signal strength.

Video is being hosted at Novell.

Wireshark Training : Adding Columns for Wireless Antenna Signal Strength (Hosted by Novell)

Enjoy!

Technorati wireshark, wireless,
Site Search Tags: wireshark, wireless,

Microsoft announced last December 15 of yet another major flaw in version 7 of its Internet Explorer browser which allows remote code execution on the target computer (as if the others do not already).

Dubbed as Microsoft Security Advisory (961051), the advisory went on to discuss the issue as follows:

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

It appears also that its not only IE7 that’s affected. It affects versions up to IE8 also. Even the BBC has snatched this issue as well.

What was weird for me was that the Full Disclosure community did not make any reaction to this disclosure by Microsoft. Or it might be too early as the secinfo experts and enthusiasts are scrambling to verify this if at all.

My take on this is - what’s new? Honestly, I’m not surprised at all.

Technorati browser, internet, explorer, IE, major, flaw, microsoft, security
Site Search Tags: browser, internet, explorer, IE, major, flaw, microsoft, security

This is just a quick tip I’m putting up in replicating existing packages between Ubuntu installs. I tend to keep forgetting how to do it every time I do a total reinstall of my Ubuntu box. The following simple commands will list down all installed packages and export it to a file, copy to a USB thumbdrive, and import later after doing a reinstall/upgrade. In other words, the following steps will automate your package reinstall that will mimic your old Ubuntu install.

hw@myubuntu:~$ dpkg --get-selections > pkginstalled

The above snippet uses the dpkg command with the --get-selections parameter to read the installed packages and dumps them to a plaintext file. You can then proceed and copy pkginstalled to an USB thumbdrive for later, and proceed with the reinstall or system wipeout/upgrade.

After your new system has been reinstalled, instead of manually installing all the applications that you had previously, just do the following commands to automate the process.

hw@newbox:~$ dpkg --set-selections < /media/disk/pkginstalled
hw@newbox:~$ apt-get dselect-upgrade

The above snippet imports the list of packages from the file pkginstalled from /media/disk (USB thumbdrive) or replace it with the path where you copied you package list file. The next command does the actual package installation based on the list of packages imported.

NOTE: If you were using non-official repositories, please add the necessary third-party repo prior to doing the steps mentioned above.

Enjoy!

Technorati ubuntu, linux, dpkg, package, import, export, automate, cli
Site Search Tags: ubuntu, linux, dpkg, package, import, export, automate, cli

I was doing my daily round of sifting through opensource newsbits when I came across Adeona. According to its creators, it can be described as:

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there’s no need to rely on a single third party. What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

Adeona has builds for Linux, Mac OS X, and Windows ready for download and follow the installation steps should anyone wanna try it out.

Though I currently do not own a laptop or a UMPC (planning to), but this sure is a nice must-have for anybody that does have one or several. I gotta see this for myself.

Technorati Adeona, laptop, tracking, theft, opensource,
Site Search Tags: Adeona, laptop, tracking, theft, opensource,

JSON is a trivial package feature and the extension already comes built-in with PHP 5.2.x so this is not so much a problem for users of the latest PHP build. However, if you are using SLES10 SP1 and below, and haven’t updated PHP and still uses 5.1.x then you’ll be in for a surprise. JSON isn’t available in the default install, let alone a package that you can get from YAST, unless you have updated your Installation Sources.

The quickest and simplest way is not to depend on vanilla sources but rather to use PEAR since it is already in SLES10.

1. Open YAST.

2. In Software Management, search for php-devel and install it. php-devel provides phpize which PEAR will be using later on to install the JSON package.

3. Open Terminal, and run the command as root:

pear5 channel-update pear.php.net

4. In Terminal still, follow it up with:

pear5 install pecl/json

This will install the latest JSON package.

After installing JSON, locate your php.ini , and add the line in the Dynamic Extensions section.

extension=json.so

Save php.ini and restart Apache.

Congratulations! Enjoy.

Technorati php, json, apache, linux, sles10
Site Search Tags: php, json, apache, linux, sles10

Although Intrepid Ibex is not yet geared for release, I’ve decided to make my own wallpaper for it.

It’s not much but a work in progress. Everything’s done in XaraLX on Xubuntu Hardy. And yes, I have already submitted this to Artwork/Incoming/Intrepid under Dark Ibex Wallpaper.

Enjoy!

Technorati wallpaper, ubuntu, intrepid+ibex, artwork
Site Search Tags: wallpaper, ubuntu, intrepid+ibex, artwork

My CEO just arrived from the U.S. and bought himself this snazzy new sub-notebook from MSI. Yep, its MSI’s latest Wind Notebook. And I’m excited to be able to work with this baby. The boss told me that he’s been having a problem making the Wind connect to his LinkSys WiFi router at home and asked me to take a look.

Upon seeing the Wind, I was amazed at how light it is. Yet under the hood it seems pretty much capable. Check out the specs:

• Intel® Atom™ N270 Processor 1.33 GHz
• Intel® 945GSE+ICH7M Chipset
• 2GB RAM DDR2-667
• Genuine Windows XP Home OEM
• 10” Wide Screen Display
• Convenient Magnifying Capability
• Ergonomic Big-Size Keyboard and Touch Pad
• 120 GB Hard Drive
• Built-in 1.3 Megapixel Webcam
• Built-in 2 Channel Stereo Speakers, and Microphone
• 802.11b / g Wireless Lan with Bluetooth
• Li/Ion 3/6 Battery
• 4 in 1 Card Reader
• ~1.0 Kg weight

The Problem

The MSI Wind is using Realtek 8187SE wireless adapter built-in. When I started tinkering with it, I’m surprised that even though the device was detected, and the driver installed (from the bundled support CD), I can’t seem to make this notebook connect to our wireless router. I’ve decided to download an updated driver for the 8187SE from Realtek’s site and reinstalled the driver. After a reboot, same thing - it can’t find our wireless network.

Ok, I might have overlooked something. Sure thing, the (almost) idiot that I am, forgot to turn the wireless adapter on. The Wind has this (not so obvious) access button to activate your wireless adapter. To activate wireless, press Fn + F11 (Function key plus F11 which has this satellite looking icon). The access button icon was not common compared to other laptops which uses “radio” icons. It looked like a satellite dish thus was overlooked. Upon pressing Fn+F11, I was presented with graphical dialogs on which devices will be enabled. You can cycle from activating WiFi only, WiFi and Bluetooth, or Bluetooth only.

After activating the wireless adapter, our wireless network was identified. I tried connecting but it just cycles and stops. So I reviewed the settings again looking for something that I might have missed. What could have been a shoot-or-miss endeavor turned into a feel-good learning experience. I was reminded again by this activity to always review default settings and change them as much as I can (I know I do when I’m on Linux ).

I opened the properties page for the wireless adapter in order to check some of its settings.

• Open Network Connections
• Right click on the wireless adapter icon and click properties
• In the General tab, click on the Configure button right next to the wireless adapter card list
• In the wireless adapter card properties dialog, I made sure that the following is set:

• 802.11d - Disable
• CCX Max Off-Line Measurement - 0 (Zero)
• CCX Radio Measurement - Enable
• IBSS Default 11b Mode - Enable
• Network Type - Infrastructure
• Wireless Mode - IEEE 802.11b

After changing the settings, I applied all the changes, and let the wireless adapter reinitialize and voila! I’m connected to the wireless network.

A short word of caution though. Your wireless router might not be the same as mine and may use a different encoding and keys. Double check what your wireless router will actually support.

Overall, the MSI Wind seems like a very capable UMPC in my opinion and its screen doesn’t make me squint at all. The keyboard fits quite well. I’m beginning to think of getting one myself (if I have the dough! Save save!)

Enjoy!

Technorati MSI, Wind, mobile, subnotebooks, UMPC, wireless, Realtek, 8187SE
Site Search Tags: MSI, Wind, mobile, subnotebooks, UMPC, wireless, Realtek, 8187SE

In anticipation of Software Freedom Day this coming September 20, I’ve decided to commemorate it by creating my own Software Freedom Day 2008 button. You can find the button at the right panel in this blog.

If you want to join us in celebrating Software Freedom Day, you can create your own graphic button or use my graphic in your website or blog. Do feel free to give credit where there is due.

You can pick up or link the graphic here.

Happy Software Freedome Day!

Technorati Software+Freedom+Day, advocacy, awareness, software, FOSS,
Site Search Tags: Software+Freedom+Day, advocacy, awareness, software, FOSS,

I would like to thank Peng Hardin for mentioning my wee little report on Chrome’s behaviour on Wine 1.1.3. My little post has this tiny speck of a link on Ubuntu Weblogs.

Thanks also to Roy Shea and Dan Kegel over at WineHQ. As expected, them and a couple of other guys at WineHQ have rolled out Wine 1.1.4 with fixes for Google Chrome and I’m glad I was able to contribute to Wine’s improvement in little ways that I can.

Good luck to all of us and let’s have that Wine please!

Technorati wine, winehq, google, chrome, bug, fix, gratitude
Site Search Tags: wine, winehq, google, chrome, bug, fix, gratitude

You’ve got your Samba server going and you’re now anxious to put your files to your Samba server then kablam! you cannot do so because your files are partially locked. Hmmm, weird? Not.

But yeah, it took me a while to notice the problem. All you need to do is to set the following parameter in Samba’s smb.conf file under [global] settings.

strict locking = no

That’s all there is to it!

Restart your Samba server and copy away!

Technorati samba, copy, network, share, file, locking, windows
Site Search Tags: samba, copy, network, share, file, locking, windows

With Google doing a public beta test of Google Chrome I’ve taken a few steps further to see what it can do. However, sadly for me, GC is currently on a Windows-only build so no dice for native Linux version. So I had to resort to “drastic” measures - try to see if it runs on Wine.

So I got the offline installer here and installed on top of Wine. The installation went ok, with Wine adding a desktop shortcut and menu entries. I tried to run GC and bam, a browser with rounder corners and blue header pops up. So far so good.

Then I noticed that the address bar is all black. Though I can type a URL, it doesn’t open the site I wan’t to visit. Tried it a couple of times, still no dice. Looking at the log I prepped, seems there are some components not working properly. So I ended up firing a report to WineHQ and see what can be done.

Nope, I currently don’t have the time to find the bug for GC on Wine. I’m making the Google Chrome team do that. At least with the WineHQ notified, I can expect to have a working GC on Wine.

Or not.

UPDATE:

Google Chrome now works on Wine 1.1.3. However, additional parameters must be added when you invoke wine on the command line. And sorry, HTTPS access is not yet available/foolproof.

Just fire up Wine in the terminal like so:

env WINEPREFIX=”/home/anakin/.wine” wine “C:\windows\profiles\anakin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe” –new-http –in-process-plugins

You have to also make sure that you have Riched20 and Riched30 installed using Winetricks (thanks Roy Shea at WineHQ!).

This method was further confirmed at UbuntuForums, and also confirmed by “nelson”. A good how-to is also available recently at HowToDude.

UPDATE 2:

Filed another bug report with WineHQ regarding HTTPS access on Google Chrome on Wine 1.1.3.

Related:

Wine AppDB page for Chrome (thanks to Dan Kegel) - added 9/6/2008
WineHQ Bug Report 15106
WineHQ Bug Report 15107
WineHQ Bug Report 15119

Technorati Google, Chrome, beta, browser, Wine, Linux
Site Search Tags: Google, Chrome, beta, browser, Wine, Linux

We have our Samba domain with OpenLDAP running full speed now, with users on Windows XP Pro authenticating wonderfully to Samba, accessing shares here and there. However, one laptop was all it takes to make things a little bit challenging.

The Laptop

The laptop I just mentioned is an HP Pavilion dv2000 (dv2050us) running Windows XP Home. The unit was loaned by our CEO to our Operations Manager. Yep, I’m dealing with some “big” users here. We have just almost finished migrating every Windows user except for a select few who are handling huge amount of very critical emails and files and one of those was our Operations Manager.

The Problem

With her shiny new HP Pavilion laptop, our OpsMan (pardon the shortcut) has been successfully printing to a network share using her normal desktop (an XP Pro). But when she transferred to the HP Pavilion running XP Home, whenever she adds a printer and restarts the PC, the permissions to use the network printer is gone. It kept on happening a couple of times and she got tired of it so she decided to have her laptop checked. My IT Manager and I explained that XP Home is just not quite “designed” to work on corporate domains so we decided, with OpsMan’s approval, to have the laptop reformatted and installed with XP Pro. So I went ahead and downloaded HP’s “tons” of support files (drivers,utilities) from the official product site ready for the incoming “battle” with the Pavilion.

Not ready to be outdone and outwitted by the “crippled” MS product, I decided to take a look again and see if there’s something that I can do to simplify things and ultimately not do any formatting whatsoever.

Then *DING*! an idea.

The Fuss

XP Home only supports workgroups. Every MS-loving person knows it, every MS-hating person pukes thinking about it. However, there it is - XP Home in our local network with a Primary Domain Controller running Samba on top of SLES10 and an XP Home user needs to access network shares _seamlessly_ . Just great.

The Idea

The “idea” is not really new. It’s been around for years and years and MCSEs know of this, regular Windows admins know of this, perhaps average Joes know of this. Yes, you can make XP Home a “part” of your domain, somehow. How I did it? Well, the list of steps will explain itself. Read on.

The Steps

• 1. Create a user in your Windows XP Home that has the same username and password as a domain user. (This is actually a local profile).
• 2. Add the user to the Administrators group. (Don’t worry, this is just a local profile. But if you’re paranoid, then don’t )
• 3. Add a WINS server in the XP Home’s network card settings. (Make sure that you put the IP address of your Samba server.)
• 4. Add the computer to the “workgroup” which has the same name as your domain name. (Well, you actually are joining the PC _to_the domain since the “workgroup” doesn’t exist anyway.)
• 5. Restart.
• 6. Log in as the new user. (The one similar to the domain user account you’ve just created.)
• 7. Install the network printer. (I added a printer shared from an XP Pro machine.)
• 8. Do a test print.
• 9. Reboot and log in again and try if you can still access the printer.
• 10. Do another test print. (Not really needed.)

If you need to access or copy some files from the other profile, login to the old profile, and remove the check mark from “Make this folder private” setting and Apply. Log back in to the new account (domain account), and copy your files.

Hit me back if you hit some snags.

Enjoy!

Technorati : windows, xp, home, domain, printing, samba
Site Search Tags: windows, xp, home, domain, printing, samba

PFSense is a great tool to have that provides a firewall, traffic shaping capabilities, load balancing and failover, and other features plus fully extensible by way of third party opensource “plugins” and packages that you can install via its web console.

Recently though, some of our devs need to connect via FTP to a remote server. And apparently they’ve encountered some weird problem with FTP:

user@ubuntu:~$ ftp some-server.com
Connected to some-server.com.
220 ProFTPD 1.3.1 Server (some-server.com) [143.44.52.54]
Name (some-server.com:user): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command
ftp: bind: Address already in use
ftp>

A little investigation revealed that in order for FTP to work, we need to have the FTP Helper proxy application working on the LAN interface of our PFSense box, then add a firewall rule, more like a “transparent FTP proxy”. If you get my drift.

Let’s do it

1. In PFSense, click on Interfaces, LAN

2. Make sure that “Disable the userland FTP-Proxy application” is unchecked.

3. Save your setting, and then click “Apply this setting”.

4. We will now add a rule to permit our LAN traffic to access our FTP-Proxy application ports 8000-8030 on 127.0.0.1 . To do so, click on the “+” button at the bottom or at the top, of the list of rules to add your new rule. Make sure that the new rule will be on top of all the other rules.

5. Save your new settings, and apply.

Test your FTP connection.

Enjoy!

Technorati pfsense, firewall, rule, ftp, access, outbound
Site Search Tags: pfsense, firewall, rule, ftp, access, outbound

The thing “plurkers” do after work.

http://3x-comic.blogspot.com

Technorati 3x, plurk, cartoon, comic
Site Search Tags: 3x, plurk, cartoon, comic

Just a quick tip.

You’re using SuSE Linux Enterprise Server 10 and you are using virtualization with Xen with a couple of virtual machines (DomU) and you are quite happy with how everything turned out. SLES10 is running ok, Xen works fine, DomU’s are healthy and serving as they should. Then again, you need to do a maintenance task and will need to reboot your machine. Then suddenly you found out that you need to manually start all your virtual machines manually! ACK!

Here are some quick steps to follow to make sure that your VMs go up and running as soon as your host OS gets up and running too.

1. On SLES10 terminal, go to /etc/xen/vm

mybox:~ # cd /etc/xen/vm

2. All the definition files for your virtual machines are located there. You can then just copy all the files to /etc/xen/auto

mybox:/etc/xen/vm # cp * /etc/xen/auto/

This is the old way of making your virtual machines start up automatically. Novell experts recommend using the xm command to make your virtual machine automatically start up. Though it’s a bit tedious but it works on the latest SLES10 builds. And you have to repeat the steps for every virtual machine that you want to automatically start up.

Using xm, we will first export our existing (and running) config for one of our DomU (virtual machine) to a text config.

mybox:~ # xm list -l yourVM > yourVM_config

Make sure that you have a backup of the exported config before editing.

mybox:~ # cp yourVM_config yourVM_config.backup

Edit your VM config using vi and look for the following parameters:


(on_xend_start ignore)
(on_xend_stop ignore)


and change them to


(on_xend_start start)
(on_xend_stop shutdown)


Save your file, then let’s export it back to our Xen server using the following command:

mybox:~ # xm new -F yourVM_config

That’s all there is to it. However, if you have 5 other virtual machines running, you will need to repeat these steps for each.

What I did is I combined the former step (using /etc/xen/auto) with the latter steps. So far, my VMs are all up and about when the host SLES10 finishes loading.

Regards and safe journey. Enjoy!

Technorati xen, virtualization, automatic, start, linux, , sles10
Site Search Tags: xen, virtualization, automatic, start, linux, , sles10

This is the first time that I’m going to be posting an article about the DNS issue found by Dan Kaminsky came about. Not because of the severity of this problem, nor is it about how prolific Kaminsky and his skills about hacking is. This post is about how fast something develops within the Internet.

The DNS problem found by Kaminsky, and featured all over the web caused tremendous concern among a lot of security experts, and administrators. Read more to get an idea about DNS and what it does.

In just 2 days since Halvar Flake posted his “speculation” on how Dan Kaminsky can perform a massively successful DNS cache poisoning attack, CaughQ’s Druid and Metasploit’s HD Moore joined efforts in delivering what appears to be the first exploit code specifically targetted at Dan Kaminsky’s DNS bug which Dan happened to be trying to keep hush-hush since its discovery.

The exploit was released and announced at Full Disclosure today at around 3AM local time (11AM Manila Time). Here’s a portion of the mail header for the sent time.

Received: from cpe-24-28-73-141.austin.res.rr.com (HELO ?10.3.3.33?)
(druid@24.28.73.141)
by mail.caughq.org with SMTP; 24 Jul 2008 03:08:35 -0000

Druid and HDMoore’s exploit code, coded on Ruby, appeared to have taken details from Halvar Flake’s “speculation” to implement the attack. Although a lot of people believed that Halvar Flake’s speculation may have been a little off, but it appeared that Halvar may have almost nailed it on the head thus prompting CaughQ and Metasploit to take a look, thus arriving at the latest exploit code.

Disclosure header received at Full Disclosure:


____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/

Computer Academic Underground
http://www.caughq.org
Exploit Code

===============/========================================================
Exploit ID: CAU-EX-2008-0003
Release Date: 2008.07.23
Title: bailiwicked_domain.rb
Description: Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
Tested: BIND 9.4.1-9.4.2
Attributes: Remote, Poison, Resolver, Metasploit
Exploit URL: ------ removed -------
Author/Email: I)ruid
H D Moore
===============/========================================================

Description
===========

This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
records for the target domain.

Quoting Dan Kaminsky, “the cat is out of the bag.” Sorry Dan, I don’t think you can stop this now. And I think you know who to blame for this, that is if he/she/they/it can really be blamed?

The rate/speed of development is just truly amazing. The extent?

Technorati DNS, Kaminsky, working+exploit, hacking, metasploit, caughq
Site Search Tags: DNS, Kaminsky, working+exploit, hacking, metasploit, caughq

It’s just a really weird problem that we have today. A perfectly fine Fedora box just suddenly will not boot. When it does not get to initiate booting, GRUB fails saying that the hard drive just cannot be read. The box is somewhat critical and we need to have it running back up (pun intended) since it’s our backup server for most of the managed sites. I guess i’ts not a healthy box as we have been believing.

A little history, it’s an Intel P4-based box on an ASUS P5DR1-VM mobo, on 1GB of RAM. Yeah, it’s not a hefty box. Fedora 8 was installed by a colleague without any issues. Until recently.

It was running fine the other day, then yesterday it just stopped. Checking what happened, the primary hard drive, a Maxtor 80GB PATA, is being bitchy. I rebooted the box and went CMOS. The Maxtor HDD is being identified alright so I proceed to reboot again and see if it will boot up. Again, GRUB stops and cries error reading the drive. “Hmmm.. That’s not right.” I said. I left it overnight and returned to it in the morning.

Another thing that worried me was what if the data on the second hard drive, a Seagate Barracuda 250GB SATA, was also affected? and another thing is that both the Maxtor and the SATA are on LVM!

Aaaarrggghhh!

Crossing fingers, I tried to boot to Fedora 8 install disc and proceeded to use Rescue System. But to no avail… Rescue System wasn’t able to identify a valid Fedora install. “What-the-eff!” Wasting no time, I rebooted and went back to CMOS, all the while feeling the Maxtor hard drive with my hand for any indication that the drive is spinning. Sure enough, CMOS tells me Maxtor’s not there, and the drive isn’t spinning. “Gotcha!” I powered down the box, swapped the hard drive data cable (ribbon cable with new one) and used another Molex power connector (the PSU still has extras) and powered the box up. Checked the CMOS, and voila! Maxtor’s back on the drive list, and the drive is spinning. So far so good. A few things left for me to do — make sure the data is intact, and that I can do backup of the backup (get it?)

This time, I’m using Ubuntu 8.04 Hardy Live CD as my recovery disk. Ubuntu booted smoothly and proceeded to open the Terminal as root. Then tried to check if I’ll be able to see the LVM volumes:

root@linux:~# vgscan
The program 'vgscan' is currently not installed. You can install it by typing:
apt-get install lvm2
bash: vgscan: command not found


Ok, fine. So I proceeded and install lvm2:

root@linux:~# apt-get install lvm2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
dmsetup
The following NEW packages will be installed:
dmsetup lvm2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 365kB of archives.
After this operation, 1065kB of additional disk space will be used.
Do you want to continue [Y/n]? y


After installing the required package, I proceed to vgscan again, and saw the LVM volume group - in my case VolGroup00. Before I can proceed, I had to do ‘modprobe dm-mod’ first. I leave it up to you as an assignment what this does =) . I then proceeded and typed ‘lvs’ in the terminal. And then proceeded with the magic incantations:

root@linux:~# mkdir /mnt/myLVM
root@linux:~# vgscan
root@linux:~# modprobe dm-mod
root@linux:~# vgchange -ay VolGroup00
root@linux:~# lvs
root@linux:~# mount /dev/VolGroup00/LogVol00 /mnt/myLVM

And there you have it! I got my LVM mounted, and I was able to copy the data I need from it. Whew!

However, my problem is not yet over. I have no clean destination drive to store the would-be-retrieved data. Hmmm, alright. I’m putting it to our shiny Sun Microsystems X2100 M2 server which currently has 500GB of disk space. Fine, fine. It’s running SLES so setting up the NFS server is a no brainer. However, mounting the NFS share into Ubuntu might be challenging. You wish! It’s not that hard. Back to the magic incantations (Ubuntu side):


root@linux:~# apt-get install nfs-common
root@linux:~# mount myNFSserver:/mysharedfolder/subfolder /mnt/myNFSlocal

Bam! NFS share is now mounted locally, and my LVM is reachable as usual. I now start copying my data to the remote machine, and still coyping as of press time. The data is quite huge you know. But I’m happy. But I just don’t want this to happen again.

Technorati ubuntu, linux, lvm, nfs, recovery, backup
Site Search Tags: ubuntu, linux, lvm, nfs, recovery, backup

I’ve somehow finished implementing Samba as primary domain controller (PDC) with OpenLDAP working as authentication backend both running on top of SuSE Linux Enterprise Server. Workstations and users are being added properly into Samba and OpenLDAP and users are able to authenticate seamlessly. However, I just ran into a snag. Some users need to be Administrators in their own computer, while being common users in the domain.

It really is no sweat implementing Samba and OpenLDAP on SLES since it already includes both packages stabilized and ready to run. Novell engineers already did the grunt work of tweaking and hardening both packages plus with the help of YAST, I don’t have to use the smbldap tools to synchronize accounts on Samba and OpenLDAP. No sweat eh?

What I had trouble was how can I select only specific users from Samba PDC/OpenLDAP and make them Administrators to their own machines. I’ve looked for solutions however many of them were not fitting to what I want. So I decided to use KiXtart and CPAU instead.

In a nutshell, KiXtart replaces your standard batch file logon script and give you more flexibility and power than you normally get from batch files. CPAU on the other hand replaces the traditional Run As command on Windows. The main difference is that although Run As allows you to run a command as another user (or admin), however, you will be prompted with that user’s password in the same manner that you use SU on Linux/Unix. CPAU allows you to speficy the user and password inline giving you more flexibility with your scripts.

So to add users to the local machine’s Administrators group, I put the KiXtart binary (WKiX32.exe) and CPAU.EXE in Samba’s NETLOGON folder and modified smb.conf to reflect the following:

logon script = logon.bat

In logon.bat, put the line:

%0\..\wkix32.exe %0\..\kixtart.kix

The next part does all the grunt work in identifying the user’s domain group, and checking if the user is a part of the local machine’s Administrators group.

kixtart.kix

Break on

$loffmsg = "Hello "+@USERID+CHR(10)+"This is your first time to logon to the domain."+CHR(10)+"Since @WKSTA is your own computer, you will be added immediately to the local"+CHR(10)+"Administrator group."+CHR(10)+"You will need to log on again afterwards."+CHR(10)+CHR(10)+"Username: "+@USERID+CHR(10)+"Host: "+@WKSTA+CHR(10)+"Group: "+@PRIMARYGROUP

; Check user domain group membership

IF INGROUP("Domain Admins")=1

; Check user local group membership

IF INGROUP("\\"+@WKSTA+"\Administrators")

; Do nothing.
MessageBox("Hello "+@USERID,"Greetings!",,)

ELSE
; Hide the console KiXtart is running on

SETCONSOLE("HIDE")=1

; Run CPAU tool with admin priv to add user to local admin group
MessageBox($loffmsg,"Reminder",64,)

shell '\\MYPDC\netlogon\cpau -u administrator -p admin-password -ex "net localgroup Administrators /add DOMAIN\@USERID" -lwop'
; If there's error, show it.

IF @ERROR MessageBox(@ERROR+@USERID,"Error!") ENDIF

;Force the user to logoff after being added so the change will take effect next log on.
LogOff(1)
ENDIF
ELSE
ENDIF

Further development
I’m still far from done with this little project. I still have to modify the script, or add some more subscripts, to be able to check if the local machine is the user’s own machine. I will need to implement that the user will only be admin on his own machine and none other. And yes, you can also use KiXtart to modify the registry if you need to.

Security? You can compile your kixtart script into an EXE executable using the KiX2EXE tool.

I’m just glad that I get to make Windows XP machines play nicely with Samba and OpenLDAP.

Resources:
KiXtart Online Manual
KiX2EXE Tool Homepage

Technorati samba, openldap, linux, windows+xp, kixtart, domain, controller, pdc
Site Search Tags: samba, openldap, linux, windows+xp, kixtart, domain, controller, pdc

After much wait, the Philippine Open Source Summit has been finally announced and will be held at the Cebu International Convention Center on June 23 and 24, 2008. This is truly significant and very timely for me because this is going to be the largest convention that I will be able to witness, and I’m already working in Cebu using opensource tools on the job.

What’s to look forward to?
Doh! This is “TEH” biggest opensource event to happen in the Philippines. Plus Apache Software Foundation is going to be there with VP Ken Coar speaking about opensource communities. There’s also opensource blogger Matt Asay to talk about opensource business models, and Danese Cooper of OSI talking about opensource deployments.

And yes, exhibitions abound and some breakout sessions on SugarCRM, Adempiere, Pentaho, Drupal, RoR, Eclipse, Maven, Tomcat/Jetty, and MySQL. It’s also going to be the initiation of the Open Source Association and the Philippine Open Source Center. I’m also pretty sure that Dr. Alvin Marcelo and Dr. Francis Sarmiento, both with IOSN will be there and I’d love to meet them.

It’s going to be the best venue to meet and get to know more about the people behind opensource in the Philippines. I’d say I’m not excited. I’m thrilled!

Technorati opensource, summit, convention, events, philippines
Site Search Tags: opensource, summit, convention, events, philippines

OpenSource has been in existence for quite a long time. It has been known by so many names with various differences in how licenses take effect on certain products. Some of the widely-known opensource licenses to date are GNU’s own GPL and LGPL licenses, BSD’s own license, the Apache licenses, Mozilla Public License, the PHP license, among many others. These licenses are under the stewardship of the OpenSource Initiative (OSI) who accepts applications by individuals or groups and reviews or approves candidate licenses. Discussing the differences between each opensource license is a different matter however, one may visit the OSI site for more information.

“The software I’m using works fine. I paid for it and I don’t see the need to tinker with it’s programming. Why bother?”
Sure, if you’re happy with the proprietary product that you are using then I’m glad for you. However, there may be questions that you would want to be answered. Some of these questions might be listed in the following list:

1. Do you know how your software works internally?
2. Can the software you bought be customized according to your need?
3. Does it fit your need at all?
4. If it can be customized, how much did it cost for you (or the developer) to modify the software?
5. Are there security issues that you have encountered while using that software?
6. How often does the developer/vendor issue software fixes and patches to resolve certain usability and security issues?
7. How much did the software cost?
8. Are you satisfied with the support provided by the vendor?
9. Do you feel like you’ve been swindled when you purchased/commissioned the software?

If you answered NO to questions 1,2,3,8 and yes to questions 5 and 9, it’s time for you to consider choosing an opensource solution.

“Is going opensource painful?”
The answer is “it depends“. It depends on the type of project or solution that you want to implement, if what you need can be remedied by an opensource solution, and how willing or how committed you are to totally using opensource solutions. Chances are, around 65% of your requirements may have an opensource solution readily available. Over the years, the opensource movement is very active and have been filling some niches already. Currently it is slowly creeping into areas like healthcare, utilities, and management. With the plethora of opensource projects available, you may be able to implement from 65% to possibly 95 or 100% of your requirements fulfilled using opensource.

“If OpenSource is really that great, why hadn’t my friend Joe choose this path?”
Again, it depends. The projects that your friend Joe were working on at that time might not have an available opensource solution yet, or that his projects were very very sensitive enough that opensource is not yet advisable. We’d have to always bear in mind that opensource is not a magic pill that you can take and all your problems will go away. It requires a lot of the human factor in order for it to work. And that is what I truly appreciate with it. It brought back the feeling of responsibility, of being aware of what you are doing, of being totally conscious of what you are deploying and how the system totally behaves. It requires constant vigilance, of bug hunting and fixing. Yet, despite the daunting work, you will be backed by a dedicated community who are willing to spare some time to help you out. The countless mailing lists, forums, and support groups dedicated to specific projects are available 24x7 to help you out. It’s totally different from the 1-800 number that you’re asked to dial whenever you encounter problems, then answered by incompetent call center agents who actually did not try out the solutions that they are asking you to perform. How’s that for a reason?

Was I able to mention that you have full access to documentation and source code? Now you know.

“Ok, ok, I’m with you there. But I don’t know where to start.”
As in any endeavor, you’d have to know what you need in order for you to be able to know how to proceed. It would be better to list down your requirements. For example, you are an administrator and you manage a small network for a local business. You have to first ask yourself the following questions:

1. How many users do I have?
2. What operating systems am I currently using?
3. What network services do I need?
4. What services do the users need?
5. What type of hardware am I currently using?
6. What software applications are my users currently using?
7. What do I want to implement within 3 years?
8. What are my current skill sets?

After identifying and listing your answers, you can then start to plot out the solutions that you already know to fulfill your need. And I’m sure those require software to be purchased. Then you can start searching for the opensource equivalents.

The easiest place to start will be from Google. However, you may also skip over to Sourceforge for the latest opensource projects. You’d have to wade through countless opensource projects with stages ranging from Alpha, Beta, Release Candidates (RC), and Stable or Production grade. I suggest you stay away from Alphas or even Betas as these are still no where near complete and go for the Stable/Productions. RC’s are almost done, but not quite for they still have some fixing to be done.

“Since you’re so keen on brainwashing me, have you actually used OpenSource software?”
The answer is a big YES. I’ve been using and advocating OpenSource for years. My desktop runs Ubuntu Linux currently on 8.04 “Hardy Heron”. The servers I manage run on SuSE Linux Enterprise Server. Our firewall runs on PFSense, which is a BSD distribution based on Monowall and FreeBSD. I have implemented an opensource inventory and asset management solution using OCS Inventory NG and GLPI Asset Management. The company’s domain runs on Samba as primary domain controller authenticating to OpenLDAP since we still had to support existing Windows XP boxen, and some Linux desktops running a mix of Mandriva, Ubuntu, and Fedora.

Had we used proprietary solutions as opposed to what we had now? It would have costed the company millions for the same functionality that we got from opensource which costed us nothing but time and a little guts and dedication.

Technorati opensource, advocacy
Site Search Tags: opensource, advocacy

Wow, what a very eventful week. A little update for the readers.

1. I’m now in Cebu working for a multinational BPO company doing what I love — server, Linux, security, networks. Nothing beats.
2. Just hooked up with some members of Cebu’s very own local LUG — CeGNULUG last Thursday, May 8.

The Meetup

Yup I was able to attend the CeGNULUG meetup which was hosted by Vince Corning and his staff at MyLinuxSupport.com . The turn-out was great. I went to the meetup with jackalmurdoc and jongpals who I work with, and joshuarpf who currently works for Triterion LLC (but works at home). We were able to meet people from Infoweapons, the Cebu-based hacks who are into xBSDs (replace x with any BSD variant), Mark Buenconsejo and his Ruby guys at SimpleTeq, as well as some other list members and teams as well. Beer and pizza was way beyond what we can consume in a night but the conversations were fun yet informative. It was a first time touch base for us Cagayan de Oro guys who are now working here in Cebu and we are really looking forward to more meetups soon and can’t wait to talk with these guys in the future.

A free and open mind will definitely reach places.

EDIT 5/23/2008: “Vince Corning”, not “Vince Isles”. “Vince Isles” is his blog. Sorry about that Vince! See you at the Summit.

Technorati Tags: linux, community, meetup, cegnulug
Site Search Tags:linux,community,meetup,cegnulug

We have been using eDirectory for quite a while on Linux now and the time has come that a client would like to use eDirectory to authenticate other Linux services through LDAP to eDirectory. We have been tasked to integrate the authentication of Postfix, Dovecot, Squid, and SquirrelMail via LDAP to Novell’s eDirectory.

The approach that we have decided to use for Postfix was to do virtual email hosting, while letting Postfix pull user accounts from LDAP, and store the emails on virtual mailboxes in the Linux machine. Dovecot will also do a password lookup, while using a global user account on Linux that will have exclusive access to the “home” directory of virtual email users. Squid will do direct LDAP access via the squid_ldap_auth helper. SquirrelMail on the other hand will just pull off authentication via Dovecot.

I will only be providing the steps on how to authenticate Postfix and Dovecot to eDirectory via LDAP. In order to perform the following outlined steps, it will be helpful to already have Novell eDirectory/NDS running on one server. It must listen on either port 389 or 636 by default. However, if you’ve modified the ports, make sure you take note of them for later use. Also on the eDirectory/NDS, we will need to have one user that will act as a proxy user for LDAP lookups. Though this can also be achieved by assigning [Public] as a Trustee with “browse” rights to the root of your tree (eg. “o=your-context” ). How to install eDirectory on Linux is beyond the scope of this article. Feel free to visit the Novell Documentation.

We have used SuSE Linux Enterprise Server 10 SP 1 to perform all of the steps. It doesn’t matter though which Linux distribution you’ll be using or if you’ll be accessing NDS on Netware, as long as the backend LDAP server will be eDirectory/NDS.

POSTFIX CONFIGURATION

A. main.cf
Postfix already comes with SLES10 SP1 built-in. It only requires a little tweaking to allow it to authenticate to eDirectory via LDAP. We will then throw in virtual email hosting configuration for good measure.

If you need to compile Postfix, configure and compile it as standard. However in the main.cf, we will be adding a couple of parameters to make Postfix work with LDAP. The following parameters are what we need. The rest not included here are standard Postfix configs, including restrictions and UCEs.

inet_protocols = all
inet_interfaces = all
biff = no
mail_spool_directory = /var/spool/mail
myhostname = your-server-hostname
mydomain = put-a-dummy-domain-here.
mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname
mynetworks = 192.168.100.0/24 127.0.0.1
mynetworks_style = subnet

Modify myhostname and mynetworks to reflect your own settings. Put a dummy domain name in mydomain. We will put our real domain in the virtual_mailbox_domains parameter.


local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf
local_transport = virtual
virtual_mailbox_domains = your-real-domain-here
virtual_mailbox_base = /var/spool/vmail
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes
virtual_minimum_uid = 106
virtual_uid_maps = static:106
virtual_gid_maps = static:12

local_recipient_maps will point to our LDAP authentication routines contained in ldap-user-auth.cf. virtual_mailbox_domains will have our real domain since we will be using virtual email users that will be pulled off from eDirectory via LDAP later. virtual_mailbox_maps will point to our hash file which is actually a mapping of email addresses to their associated virtual mail boxes relative to the default directory assigned in virtual_mailbox_base.

virtual_uid_maps and virtual_gid_maps will point to the only mail-related user in the entire SLES10 system — the global user which will be used by Postfix and Dovecot to drop emails to the mailboxes of our virtual email users. The global user, in our case is called “vmail” as assigned a uid of 106 and a gid of 12 (mail). It was created using the terminal by typing the following as root:

useradd -u 106 -g 12 -d /var/spool/vmail -s /bin/bash vmail

You will also need to create /var/spool/vmail and change ownership (chown) to vmail:mail.

smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth


Enable SASL authentication by setting smtpd_sasl_auth_enable = yes. We will be using Dovecot SASL therefore, we will need to set smtpd_sasl_type = dovecot and smtpd_sasl_path = private/auth.

B. ldap-user-auth.cf
Here are the things we need to put for LDAP authentication for Postfix.

server_host = your-LDAP-server-ip
search_base = o=context
version = 3
query_filter = (&(objectClass=Person)(uid=%s))
result_attribute = uid

bind = yes
bind_dn = cn=ProxyLDAPUser.o=context
scope = sub

C. virtual_mailboxes
Since Postfix will be looking for “real” users, we will need to map email addresses to actual directory locations for each user using the virtual_mailboxes mapping. Arguments for the mapping will take the form of:

email address username/Maildir

Example:
user1@mydummydomain.com user1/Maildir
user2@mydummydomain.com user2/Maildir
:

Save the file, and generate the Postfix database by running postmap virtual_mailboxes in the terminal.

DOVECOT CONFIGURATION (pertinent only)

A. dovecot.conf
Dovecot can be compiled off the bat using ./configure, and then following it with make and make install respectively. However, since we will be letting Dovecot authenticate through LDAP, we will need to compile it with LDAP support therefore do this by typing ./configure --with-ldap and proceed as usual.

Here are the pertinent parameters that we will need to declare in dovecot.conf to enable it to work with LDAP. The rest of the configs (not shown) are standard Dovecot config.

mail_location = maildir:/var/spool/vmail/%u/Maildir
first_valid_uid = 106
last_valid_uid = 106
auth_username_format = %Lu

auth default {
mechanisms = plain login

passdb ldap {
args = /etc/dovecot/dovecot-ldap_passdb.conf
}

userdb static {
args = uid=106 gid=12 home=/var/spool/vmail/%u
}

socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}

client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = mail
}
}
}

B. dovecot-ldap_passdb.conf

hosts = LDAP-server-ip
base = o=context
ldap_version = 3
scope = subtree

#for LDAP Bind
auth_bind = yes
pass_filter = (&(objectClass=Person)(uid=%u))

Replace LDAP-server-ip with the server ip of the eDirectory server. Replace o=context with your eDirectory context.

VALIDATING
Run Postfix by typing rcpostfix start and run Dovecot by typing /usr/local/sbin/dovecot. You will then be able to try and connect via telnet on port 25, 143 and/or 110 to test Postfix and Dovecot. You can test Dovecot if the user can authenticate by going:

telnet server-ip 143

You will then receive the server header/reply. You can proceed to initiate authentication by going:

1 login user password

If you’ll receive an OK message, congratulations!

You can monitor Postfix by looking at /var/log/mail using the command tail -f /var/log/mail.

Feel free to post your questions and comments. Good Luck!

technorati tags: Postfix, Dovecot, eDirectory, LDAP, authentication, Linux, Novell, SLES10, Netware

RISE Security has posted a blog entry announcing that the ASUS Eee PC running Xandros is vulnerable out of the box.

Read the article at the RISE Securite website.

As always, ASUS Eee PC users running Xandros will need to update or patch the bundled Samba. Better yet, install updated Ubuntu versions instead.

Bottomline, relying on a product out of the box is not good for your health or your boxen.

Technorati Tags: Linux, hacking, security, Xandros, ASUS, Eee+PC,
Site Search Tags: Linux, hacking, security, Xandros, ASUS, Eee+PC,

Whew, finally after the whirlwind travels to Benguet and Davao, I’m finally back in Cagayan de Oro. Talk about much needed rest. Now is the perfect time to reflect on the events.

QITC Convention

The convention was really fun despite me having to rush because my flight the next day is quite early. I had fun meeting Ms. Yolynne Medina for the first time. We’ve been exchanging emails and chatting on Gmail for quite some time and the meetup at the convention was one meeting long overdue. The post-convention meetup of the speakers were held at the OIC restobar at Corrales Avenue. I was actually late for the meetup but what the heck I was preparing things for my trip . I’ve finally met Calen Legaspi and JM Ibanez from Orange and Bronze. I’ve also met Aileen Apolo of Google. Others in attendance were Hanie Caragos and John Kaamino of Syntactics, Matt Baluyos, and Yolynne.

Matt, Calen, JM, and I went back to the convention venue at Country Village Hotel, and I was treated to an intellectual discussion with Calen and JM. Calen appears to me as this forceful guy while JM appears to me to be the typical geek (in a good way. I’m a geek too!). I had fun engaging in discussions with them specially when the topic between Java and .NET came. I did not stay much longer and had to bid my adieu late in the night.

To JM and Calen, its been really nice meeting you guys. Hope to meet you again sometime and have those discussions again perhaps over coffee .

To Yolynne, its been great meeting you. Hope we can work together soon on how we can further FOSS intitiatives in Mindanao.

To Aileen Apolo, hope Google will have something in store for the IT guys in Mindanao

To RJIan, sorry I wasn’t able to meet you in person in the convention dude. Perhaps next time

To the QITC organizers, thanks for having me at the convention. Keep it up!

Covered OS versions:

- Netware 5, 5.5, 6, 6.5
- Open Enterprise Server (OES) Netware Kernel 6.5

iManager versions:

- iManager 2.5
- iManager 2.6
- iManager 2.7

Issue:

You have installed Netware, and iManager on your server box. Suddenly, when you tried to access iManager from your browser, you’re greeted with the “Error 503: Service Unavailable” notification.

This is related to how Novell LDAP (NLDAP) and Netware’s server certificates, and how iManager authenticates through LDAP via Apache Tomcat. There’s a possibility that the server certificates are corrupted or the changes that took place for the server certificates were not propagated to the services that need them. Yes, Netware does suffer corruption every now and then due to the nature of the file system it currently uses. It still uses FAT/FAT16/FAT32. This could be resolved by moving to OES-Linux kernel instead of using pure Netware or OES-Netware kernel.

Solution:

We will need to stop Tomcat, Apache web server, and Java. We will then need to rebuild our server certificates. After which we will need to restart our services.

Actual Commands:
On the Netware command line, type the following commands:

NETWARE: tc4stop
(Terminate Tomcat. For Tomcat 5.0, use tc5stop instead.)

NETWARE: ap2webdn
(Shutdown the Apache web server.)

NETWARE: java -exit
(Shutdown Java.)

NETWARE: pkidiag
(This will open the PKI wizard for detecting and repairing public key infrastructure in Netware. Follow the menu items namely 4, 5, 6, 0)

NETWARE: tckeygen
(Restore LDAP connectivity for Tomcat.)

After a few minutes, start the services.

NETWARE: tomcat
(You may also use /tomcat/5.0/bin/startup start to start Tomcat 5.0.)

NETWARE: ap2webup
(Start up the Apache web server.)

Try opening your iManager again and login (http://ip_of_your_server/nps/iManager.html)

If you found anything erroneous in this tip, feel free to post a comment.

Technorati Tags: Netware, iManager, OES, LDAP, Apache, Tomcat, Novell, Error,503
Site Search Tags: Netware, iManager, OES, LDAP, Apache, Tomcat, Novell, Error, 503

Before I went to Manila and finally here in Benguet for a few-day working trip, I gave a presentation about Linux at the recently concluded Quantum and IT Convention.

They have graciously provided at download of my presentation which can be found at the QITC site’s download page or you can download it directly. Though I will appreciate it if you’ll visit their site to get my presentation.

Though of course, I would like to caution you, most of those things in my presentation are pictures. It’s a visual shell of the talk and the content is in the talk itself. But still, feel free to download the presentation.

Technorati Tags: Quantum+&+IT+Convention, QITC, Linux, Open+Source, presentation, FOSS, evangelism
Site Search Tags: Quantum+&+IT+Convention, QITC, Linux, Open+Source, presentation, FOSS, evangelism

Usually, the most common way to chat and view webcam today is through Yahoo’s own Yahoo Messenger client and its chat service. However, I have to admit their client is nowhere near good on Linux. And yes I have tried the various alternatives but they don’t have direct cam support (hopefully Pidgin will soon.). For this trip that I am on, I am communicating with my family either through SMS or through Gmail’s chat. After four days on the trip, I miss my family and I want to see my baby girl so I decided to teach my wife how to activate and use Ustream.TV’s webcasting system.

I registered an account and gave it to my wife, which I then asked her to follow some steps to use Ustream. For the first night, she didn’t get to make it work. So we left it at that. This evening, I’ve logged into the Ustream account made some changes in the preferences and settings, logged out and asked her to log in. I then asked her to turn the broadcast on, and voila! I can see my wife and baby girl on cam and chat with them too. Though it is on separate windows, I did ourselves the favor of not using Yahoo Messenger, and we saved ourselves some client installation. And guess what? The video latency is almost like that on YM. I chat with my wife on Gmail, and view her and our baby on Ustream. Neat huh?

Technorati Tags: ustream.tv, gmail, chat, webcam, video, streaming, yahoo, messenger
Site Search Tags: ustream.tv, gmail, chat, webcam, video, streaming, yahoo, messenger

The first leg of my Manila trip was ok. Got fed up with the traffic at EDSA last night when I tried to go to Makati from my stay at Ortigas. A couple of taxis did not take me. Now, I’m in a mining town virtually owned by PHILEX Mining. The place is called the Padcal Operation. Everything here, from hospitals, schools, electricity, roads, cooking gas supplies were provided by PHILEX free to all the town inhabitants which are also its miners and their families. It was a tiring trip from Manila to here but it was great. And tomorrow, my training will begin.

I’ll be training five PHILEX Mining IT staff on Novell ZENworks Desktop Management. It’s just amazing that a location this remote, about an hour from Baguio city proper across rugged but well-paved terrain, technology is at its finest. The PHILEX Mining site is a huge area which, to my estimation, would actually comprise a couple of medium-sized towns/municipalities. However, its various sections and buildings interspersed across the vast area, wireless technology provided a vital data and communication backbone.

I was even surprised to find out that they have cable TV here. Still provided by PHILEX for free. They got the cable from DreamTV Satellite. And yes, they have internet here or else I wouldn’t have posted this. I dunno yet who the provider is, however, it’s a safe bet that this also runs piggyback on Dream’s own cable tv/satellite.

For now, I have to sign off and post updates later.

Technorati Tags: Benguet, Baguio, trip, Novell, ZENworks, training, PHILEX, mining
Site Search Tags: Benguet, Baguio, trip, Novell, ZENworks, training, PHILEX, mining

Whew, it certainly is a very busy week for me. Just this week, my trip to Manila and Baguio is confirmed. However, I’m not going for a vacation.

Despite the destination being a known vacation spot and all that, I’m not going to Baguio to relax. This coming January 29th I’m going to conduct a training for Philex Mining on how to deploy and use Novell ZENworks Desktop Management. For the whole week, I’ve been busy preparing training and discussion materials and doing simulations. There’s nothing better than making sure that your material works everytime you do the training. Sadly, as much as I wanted to, this training is not open source-related. However, there’s a big chance I can swing them over to give Linux and open source a try. The one thing I appreciate with ZENworks despite it being a proprietary product is that it does install on top of Linux, either SLES or Red Hat.

It really is a full week for me. For one, we just finished checking the mail server of a big client. They’ve had issues with POP3 authentication. Turns out its a DNS problem. All their machines point to external DNS servers owned by an ISP. Everytime their Outlooks authenticate to their POP3 server, their workstations shoot the hostname requests to the ISP DNS. If the requests push through and are received by the POP3 server, it then shoots the reply back to the ISP DNS. No wonder their POP3 accesses are having timeouts. We’ve recommended having an internal DNS server and they’ve already put it into their own development plan which will be put into action by February. We’ve checked traffic from the internet to their mail server and so far incoming mails are received and we can send mail through IMAP without any problems.

That very same ISP I was talking about, is having problems with their network and they are currently suffering from intermittent connections. It is also a mobile services carrier. Just last week, they’ve had big problems with mobile phone signals wherein calls and SMS not going through.

For my trip, I’ll be stopping by Manila for a day to take the Certified Linux Professional practicum exam. I’m hoping to be able to pass. The sad thing is that with my very hectic schedule, I did not find any time to do any review nor got the time to study throughly. It’s anybody’s guess whether I’ll pass this or not. I’ll give myself a 25% chance of passing. My regular daily schedule by the way is consumed by doing client visits, reviewing products from Novell and Alcatel-Lucent, doing product presentations, planning and doing SLES deployments and Alcatel-Lucent OmniPCX Office IP-PBX deployments, planning for technical demos, and if a little time could be spared, keeping watch of the company mail server and proxy server. Yeah, its quite a handful. But I get by somehow.

Before I go on the trip, I’ll be giving a talk about Linux at the Quantum and Information Technology Convention organized by Xavier Computer Enthusiasts League (XCEL) and the Ateneo Information Management Society (AIMS) of Xavier University. That’s going to be tomorrow January 25th (26th in the US).

Along with members of various Linux and opensource enthusiasts, I’ll be meeting with Ms. Yolynne Medina, Channel Consultant and Networking Staff for the International OpenSource Network (IOSN) on January 26th to talk about the current status of the local groups and their plans and directions. I’d be happy to help out in this arena.

On the 27th, after arrival in Manila if time permits, I’ll be meeting Greg Moreno and hopefully also Bobby Santiago of the Philippine Ruby Users Group. I just hope there’s going to be a Ruby meeting so I can also attend .

This week alone is quite tiring with all the things I need to do to resolve some pending works and preparing for the trip. Hopefully the training will go seamlessly so I can relax and enjoy the trip. I also hope that I’ll have a little more extra time later, should some Ubuntu Philippines guys would like to meet up (hint, hint).

Enjoy!

Technorati Tags: Baguio, Manila, trip, Linux, OpenSource, Ruby, SLES, Ubuntu,
Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,
Site Search Tags: Baguio, Manila, trip, Linux, Ubuntu, SLES,OpenSource, Ruby, Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,

My sis just popped up a comment in the tagboard saying she just “tagged” me. No, I don’t really know what kind of “tag” she’s talking about. Perhaps this is the latest “in” thingy for most of the blogozens. The only “tags” I know of are the HTML markup tags, the Technorati “tags” and blog tags, and those tags you get to see on clothes .

Anyways this is for you Sis.

1. How long have you been blogging?

Almost 3 years. Started August 2005. Baudizm’s archive lists it

2. What inspired you to write a blog and who are your mentors?

At that time, I was just curious how it is to blog and tried it. Later on, it caught on me and been blogging eversince. Nobody taught me really. I just love to write.

3. What are the 3 things you love about being online?

- learning things
- communicating with family and friends
- sharing what little things I learn to others

4. What are the 3 things that you struggle with in the online world?

- none as far as I can remember.

This problem appeared early on sometime around November 25, 2007. To put it simply, its a malware propagation scheme that takes advantage of vulnerabilities of the web servers, CMS, cPanel, some framework, as well as the machines that visit the infected sites. Yes, the magnitude of this exploit is quite huge. What’s more, it infects machines irrespective of operating system platform.

So what is this “problem” really? Its a propagation “framework” if you must — that uses good old Javascript and more of it. It also includes a dash of rogue .htaccess in your Apache server for good measure. How ingenius this is? Well, to put it simply, when you visit an infected site, you’re treated to the sweet taste of Javascript. Except that you’re not seeing anything obvious. Everything is transparent and oblivious to the visitor. You wont feel a thing when this bugger hits your browser. And the icing on the cake on this bugger is that each iteration of the Javascript that will be thrown at your browser will only be once per IP. And no, you cannot wget again using the same IP you’re using now. Once you try and wget the same JS script file, you’d get 404 outright. Once you’re infected, you’ll be deluged with requests from the other infected sites begging your machine to download their own randomly generated versions of the same JS script.

For a more deep down penetration, it scans the visiting machine for vulnerabilities that can be exploited. Yes, your favorite iTunes cuddles with this bugger too along with some of your favorite applications. On Win-machines, ActiveX is the main culprit. However on the server side, whitehats are still continually looking for ways to neutralize this silent threat. The mystery is not on the infection. Its how the servers were compromised and made them host to the rogue code. And most of the detailed discussions were hidden from public view for fear of feeding the kiddies further. Good bet is that automated exploit tools were used to compromise the sheer number of servers in record time. Probably a mutated variant of Metasploit running on various hosts on a botnet simultaneously doing their rounds randomly until an unwitting, seldomly patched server is encountered. And then the carnage starts again until a good number of machines are “droned”. Then when the visits come trickling into the sites, there’s no turning back.

Its already 2008 and this critter is still happily frolicking under the virtual sun. You might have an updated AV (Kaspersky and AVG were known to catch this), however, its a matter of time before you too will be assimilated.

No I won’t give more details about this. Google might give the answer but not me. I’m already busy.

---

Technorati Tags: Javascript+worm, security, exploit, hacking, penetration, Apache, Linux,
Site Search Tags: Javascript+worm, security, exploit, hacking, penetration, Apache, Linux,

Really funny. I dunno if the guys manning RIAA’s site were really that incompetent. Reading the story from RealTechNews just cracked me up.

It started on Reddit, where a link to a really slow SQL query was posted. The post said “This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.”

Of course, no one listened to that tongue-in-cheek warning. While some users were messing around changing links to point the Pirate Bay (below), for example, someone allegedly wiped the site’s entire database.

The moral of the story? Validate your variables darnit!

RIAA Website Wiped Clean by Hackers

Technorati: RIAA, hacking, SQL, injection
Site Search Tags: RIAA, hacking, SQL, injection

I’ve just seen Baseline’s list of what could be _THE_ list of hackish movies to watch. Here’s the list, with the status whether I’ve seen them or not.

1. Untraceable (haven’t seen it, hunting a copy)
2. Breach (haven’t seen it, hunting a copy)
3. Firewall (haven’t seen it, hunting a copy)
4. Swordfish (seen it, a bit overboard, will watch it max 5 times)
5. Takedown (seen it hundreds of times! will watch it again.)
6. The Matrix (trilogy) (seen it. will watch it max 10 times)
7. Office Space (will watch it, hunting a copy)
8. Pirates of Silicon Valley (seen it hundreds of times! will watch it again.)
9. Enemy of the State (haven’t seen it, hunting a copy)
10. Independence Day (seen it. will watch it max 10 times)
11. James Bond: Golden Eye (seen it, mushy, will watch it max 3 times)
12. Hackers (seen it, lost my copy, hunting a copy, will watch it max 10 times)
13. Strange Days (seen it, mushy, will watch it max 3 times)
14. Sneakers (seen it, not much techiness, will watch it max 3 times)
15. Real Genius (seen it hundreds of times! will watch it again.)
16. Weird Science (seen it hundreds of times! will watch it again.)
17. War Games (seen it hundreds of times! will watch it again.)
18. Star Trek: Wrath of Khan (seen it hundreds of times! will watch it again.)
19. Tron (seen it hundreds of times! will watch it again.)
20. Star Wars (trilogy) (seen it hundreds of times! will watch it again.)
21. 2001: A Space Odyssey (seen it hundreds of times! will watch it again.)
22. Dr. Strangelove (haven’t seen it, hunting a copy)

Once I get a longer free time, I’d grab those copies and watch those that I haven’t seen, or watch my favorites yet again. However, if you know of any good hackish movies, geeky, techie, or sci-fi movies do put them up in the comment section and I’ll look them up.

Enjoy!

View Baseline’s list of Greatest Hacker Movies of All Time.

Technorati: greatest, hacker, movies, Baseline
Site Search Tags: greatest, hacker, movies, Baseline

It’s not always that I post an entry that is somewhat too far away from what this blog is all about. However, I just had to put this on in here. I just finished watching the final night of ABS-CBN’s Pinoy Big Brother along with the family and guess what? For me, it is the best season of Pinoy Big Brother ever. Yes, despite being a geek and a nerd, I too have a life, and I do watch PBB from time to time when taking breaks from the geek stuff.

What sets this season apart is that one participant came from Mindanao, most importantly from Davao. Although I grew up, lived, got married and had a kid in Cagayan de Oro, I was born a Davaoeño, and still have the heart of a Davaoeño. (Both my parents are University of Mindanao alumnis.) I was rooting for a fellow Davaoeño Ruben Gonzaga to become PBB’s big winner. And win he did! Nope, we do not know him personally. However, there’s just the feeling that somehow, the whole of Mindanao won along with him.

During the start of the season, it seemed as though the odds are against him. Typical “promdi” - colloquialism for “from the province”. His personality was way different from those of the other participants who either were big actors and actresses or ready-made, established, half-bred models.

Ruben’s biggest “bomb” that he showed to televiewers I think came during the Christmas season when each housemate was asked for the gifts that they would like to have for Christmas. Almost everyone asked for something material and mundane like that cool LCD TV, a laptop, an organ, and other thingamajig. Ruben asked that he be able to see his mom, his aunt, and his grandma. PBB reunited them all on the show. Yeah, it added viewership and drama to the show however for Ruben, reuniting his family is all that mattered. Added drama also was when he proposed to his fiancee, and when the show organized his wedding on public television.

I’m pretty sure the forums at the PBB site will be swarmed with tonight’s results. I’m also pretty sure that Davao will be preparing for a big welcome for their triumphant son. I on the otherhand will be looking from afar, clapping my hands and nodding my head for a job well done for Ruben who showed them that being a “promdi” is not such a bad thing and that the heart of a Mindanaoan transcends boundaries regardless of where you are, who you’re with, or where you’ve been.

Congratulations Ruben for a job well done! Enjoy your newfound leash on life!

And now back to your regular geeky programming…

Technorati : PBB, Pinoy+Big+Brother,
Site Search Tags: PBB, Pinoy+Big+Brother

This holiday season is quite long for me. Aside from the hectic shopping, and being busy preparing for the holiday feast, I’m actually quite bored. So I decided to prep up the layout for this blog and update it for the coming New Year.

Overall them is almost the same as previous — black, orange, red. Updated the overall layout and a new banner graphic. Nothing fancy. Just something simple and basic. Sticking to simplistic layouts will make it easier for me. Afterall, I’m busy with other matters than tinkering with my blog . Some link buttons were not incorporated yet. I will integrate them one by one later on. That’s pretty much it.

For now, do let me know if you like the layout. You can leave a comment, or just use the tag board.

Happy Holidays!

A lot of people are working these days. However, a lot also of those employed are either forced to be there because of the immediacy to earn fast (maybe there’s something that needs to get paid soon), making the employee swim in the wrong lake.

Regardless, even if a person lands a dream job, a well-known and well-established company, there will always be factors that an employee will encounter.

If you are that employee, what will you do if:

- you were assigned a project, product, or support service that you are not familiar with?
- your assigned work requires you to render additional 5 hours per day to compensate?
- you will not be given adequate training to do the new assignment?
- you are already three-quarters of the way to complete your project, and then asked to stop what you’re doing to do something else (and you don’t like that other project) and start over again?
- you are doing a project on your own initiative, which you think will be able to help the company (like a website perhaps?) and then when your boss saw what you did, instead of appreciating it, you’d be asked to stop doing it because you’re not paid to so?
- you’re promised commissions and you’re not receiving any?
- promised benefits were not given or were given only in portions?
- there were available training outside the country which offers badly needed skills for the company and you’ll be asked in return if you can learn it through documentations and PDFs instead?
- your boss, later on in the year, talks to you and tells you that he should have just agreed with you and allowed you to take the training?–

This is just a small survey / QA. If you were the employee, what will you do?

Technorati: employee, employment, work+relations, working+environment
Site Search Tags: employee, employment, work+relations, working+environment

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

I’m just getting tired of manually typing commands to add rogue domains (or spoofed ones) into my sender_access Postfix lookup table, and then rebuilding the lookup table with Postmap, then reloading Postfix. So I created a very simple, very basic bash script to do it for me (I’m lazy!).

Granted, the script has a lot of room for improvement. Feel free to take a look at the code and propose your own modifications. Sure as hell, I would like to know what you did .

Hope this will also be helpful to somebody.

In order to use the script, smtpd_sender_restrictions must be present in Postfix main.cf.

smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,
check_sender_access hash:/etc/postfix/sender_access,
permit

The Script

#!/bin/sh
#
# Add multiple IP addresses into IP block list.
# Script by: Romar Mayer Micabalo
# GPLv2

## Add the email domain
add_rgdom(){
clear
echo Enter Rogue Email Domain to block:
read maildomain
echo $maildomain REJECT >> /etc/postfix/sender_access
echo Rogue Email Domain successfully added to /etc/postfix/sender_access.
echo
read x
}

## Rebuild sender_access and refresh Postfix
refresh(){
clear
echo Rebuilding sender_access db...
/usr/sbin/postmap /etc/postfix/sender_access
echo Restarting Postfix...
/usr/sbin/postfix reload
echo Refresh complete.
echo
read x
}

## Present a simplistic menu
while :
do
clear
echo -n '[A]dd Rogue Domain | [H]elp | [R]efresh Mail Server [Q]uit : '
read menu
case $menu in
a|A)
add_rgdom
;;
q|Q)
clear
echo Sender Kicker
echo -n 'Romar Mayer Micabalo. GPLv2'
echo
exit 0
;;
h|H|help)
echo a - add a Rogue Email Domain.
echo q - Quit.
echo r - Refresh Mail Server
echo help - this screen.
echo
read x
;;
r|R)
refresh
;;
esac
done

Technorati: postfix, lookup, table, bash, script
Site Search Tags: postfix, lookup, table, bash, script

This just came in yesterday, the Samba team has been granted full access to the documentation of Microsoft’s Network File Protocols. This is a direct result of the European Commission’s decision regarding Microsoft acting as monopoly. Microsoft was ordered to open up some of its proprietary protocols and pay the sum of $613 million in fines.

The landmark decision by the European Commission also grants competitors and opensource developers to release the produced code as purely opensource and will be licensed under GPL2 or GPL3. This allows Samba and other similar projects to be able to fully build opensource products that will be fully compatible with Microsoft’s protocols. The timing is right for this latest development specially with the Samba Team getting their momentum going in providing Active Directory-compatible features with its latest Samba 4 project currently in its alpha stages.

Another project that will benefit to this latest development will be Centeris Likewise.

Additional Reference:
Samba Team Receives Microsoft Protocol Documentation
The PFIF Agreement
Freeing Up the Windows Workgroup Protocols

Technorati: samba, microsoft, protocols, opensource, linux,
Site Search Tags: samba, microsoft, protocols, opensource, linux,

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

Here are some Ubuntu quick hacks.

Changing your GUI from GNOME to KDE

1. Install KDE.

sudo apt-get install kubuntu-desktop kde-core

2. After the installation, Log out.
3. On the login screen, click on Options. Choose Sessions on the menu, then select KDE, then use Change Session.
4. Login using KDE.
5. To get rid of GNOME (though I see no reason why), do

dpkg --get-selections '*gnome*' | awk '{print $1}' | xargs sudo apt-get remove

You don’t really need to remove GNOME. Keeping GNOME, will allow you to also use GNOME apps in KDE.

Allowing your USB drive to be accessible by other systems
FAT is fully accessible by Linux, Windows, or Mac. Therefore we will setup our USB drive to use the FAT file system ensuring that when we plug our USB to other computers running another OS, we wont encounter read/write access problems.

1. Install dosfstools. We need mkdosfs which is included in dosfstools.

sudo apt-get install dosfstools

2. If our USB drive is mounted, unmount it. If you are in the GUI, simply right click on the USB drive icon and click ‘Unmount’.

sudo umount /dev/sda1

3. Format our drive. We can use either FAT16 or FAT32. Just choose one type.

mkdosfs -F 16 /dev/sda1
mkdosfs -F 32 /dev/sda1

For USB Floppy drives, include the -I option with your mkdosfs command.

mkdosfs -I -F 32 /dev/sda1

Determine your version of Ubuntu
Certain issues crop up when upgrading or checking if your version is supported by an application you recently downloaded. To verify your version of Ubuntu, do

$ lsb_release -a

Converting Audio Files with Sox
1. Edit /etc/apt/sources.list and modify

deb http://us.archive.ubuntu.com/ubuntu/ feisty universe
deb-src http://us.archive.ubuntu.com/ubuntu/ feisty universe

2. Update apt.

sudo apt-get update

3. Install sox.

sudo apt-get install sox

4. Use sox to convert your audio file to another format.

sox <file1> <file2>

5. Test your output file using play.

play <file2>

Modify your desktop from the command line

1. Modify the wallpaper.

gconftool-2 -t str --set /desktop/gnome/background/picture_filename /path_to_your_/picture.png

2. Modify the background color. Setting primary_color and secondary_color with different color values will generate a gradient.

gconftool-2 -t str --set /desktop/gnome/background/primary_color "#AABBCC"
gconftool-2 -t str --set /desktop/gnome/background/secondary_color "#112233"

Technorati: Ubuntu, Linux, quick, hack, tips+tricks,
Site Search Tags: Ubuntu, Linux, quick, hack, tips+tricks,

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

If you’ve downloaded documentations, help files, and how-tos, I’m pretty sure you’re very familiar with CHMs. CHMs — or Compiled HTML Help (or Manual) files, were pretty much popularized by Microsoft (shudder…) and was(is) in use by Microsoft Help. CHMs are pretty much compact in its own allowing plain HTML help files to be crammed into a single file and yet have its layout and objects intact.

On Linux however, this file format is not natively supported. You’d have to use a reader app to get to the info contained in CHM files. One of those popular CHM readers is gnoCHM. Another, also popular CHM reader is xCHM. xCHM is the one we will take a short look for today.

xCHM is pretty much a basic and simple CHM reader. It features a very simple interface, with standard browsing buttons that you can find in virtually any type of internet browser. The reader afterall is like a browser on its own showing you the contents of a compiled “web site”. Using xCHM is a no-brainer. Since xCHM is not a part of the standard install of your favorite distro (not that I’m aware of), we need to get the package and install it ourselves. For this session, I am using SLED10, however, at the bottom of this article you will find steps in installing it in Ubuntu or Debian.

Getting xCHM
You can get the latest stable xCHM build from its website at Sourceforge. Or you can copy and paste the following to your browser:

http://xchm.sourceforge.net/

In the xCHM site, you can choose to download pre-built binaries for your specific distro, or you can get the source and compile xCHM yourself. I will feature building xCHM from source. Should you want to feel “gung-ho hard core” about this exercise, you may get the package using wget by doing the following in your terminal:

wget http://jaist.dl.sourceforge.net/sourceforge/xchm/xchm-<version-number>.tar.gz


Once you have downloaded the xCHM source, we will need another set of package for it. xCHM uses the wxWidget GUI Library. If your distro doesn’t have this included, we will need to get wxWidget from its website. You may go “gung-ho hard core” again and do the following in your terminal:

wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-<version-number>.tar.gz

Let’s Build!
Once you finish downloading wxWidget, we will need to extract it and compile it.

# tar xzvf wxWidgets-<version-number>
# cd wxWidgets-<version-number>/
# mkdir buildgtk
# cd buildgtk
# ../configure --with-gtk
# make
# make install
# ldconfig

With a working wxWidget install, we can now proceed to installing xCHM. Again, we will need to extract the xCHM source package and install it.

# tar xzvf xchm-<version-number>.tar.gz
# cd xchm-<version-number>/
# ./configure
# make
# make install

That’s all there is to it!

To test if xCHM works, just type xchm in your terminal or open a chm file directly by typing xchm /path/to/your/file.chm.

For Ubuntu / Debian users, you may get wxWidget by first adding the wxWidget trusted key.

# curl http://apt.wxwidgets.org/key.asc | sudo apt-key add -

Modify your /etc/apt/sources.list to include the wxWidget repo.

# wxWidgets/wxPython repository at apt.wxwidgets.org
deb http://apt.wxwidgets.org/ DIST-wx main
deb-src http://apt.wxwidgets.org/ DIST-wx main


Do an update of your apt cache.

$ sudo apt-get update

Install wxWidget.

$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n

Once wxWidget is installed, you may proceed in installing xCHM from your Ubuntu repo. Make sure that you search first if xCHM is present, then proceed to installation.

$ sudo apt-cache search xchm
$sudo apt-get install xchm


You can also do wxWidget and xCHM installation in one command sweep after you have added the wxWidget repo.

$ sudo apt-cache search xchm
$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n xchm

No sweat. ENJOY!

Screenshots

Technorati: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu
Site Search Tags: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

You’ve decided to give SuSE a try and decided to download the latest builds of OpenSuSE (10.3), SLED10, or SLES10. You then installed your SuSE build, followed its intuitive installation workflow, and see through the second reboot expecting to see the revamped GNOME gui that SuSE is getting known for.

When you least expect it, after the machine rebooted, it presented you with SuSE’s GRUB menu, and proceeded to enter while you’re eager to find the login screen and then —- nothing. No glitzy blue-ish background, no login screen, nada, zip, zero. You rebooted again, and again, and again, and then still nothing. You inserted the install disc into your DVD drive, fired up the Repair tool, rebooted, and still nothing.

FRUSTRATION!

You’re face is all flustered up, red as a tomato, all plumped up ready to burst. You feel useless because your newly bought uber-PC with high-end graphics card/accelerator won’t budge.

DECISIONS, DECISIONS! What are you going to do? Should you ditch SuSE now and use another distro perhaps Ubuntu, Fedora, or Mandriva? Or are you going to call your self brave, and duke it out and find a way to defeat this “glitch” ?

So you decided to duke it out…

There are actually a couple of issues that might have contributed to your SuSE install to not display anything. And the most usual suspects will be your graphics card, and your display (LCD, CRT, or otherwise). A lot of graphics cards today are so damn bleeding edge (in terms of resolution, etc..) that various existing displays cannot support the full capabilities that these cards provide. Most standard displays can support 1024 x 768 resolution at 60Hz of display frequency without much problems. However, not all displays can support frequencies higher than 60Hz. Here lies the problem. Most graphics cards, when initialized by Linux (SuSE in our case), will be utilizing the settings in /etc/X11/xorg.conf. To make matters worse, the default mode will be at 24-bit using the maximum resolution that is closer to your display resolution supported. And no, the frequency isn’t being considered. Sax will base on the resolution setting and not the frequency setting. So if you have a display with a maximum res of 1024x768 at 60Hz, Sax2 will use 1024x767 at 75 Hz if 60Hz is not available in the xorg.conf! And no, specifying your own resolution rates most likely won’t work. There are times that you can craft your own xorg.conf file and it will work. Though the ratio of success versus failure will be 1:100. And if you don’t know your way around xorg.conf, you’re better off to leave it alone.

If these configs get bungled, then you won’t find even a speck of pixel on your display — eternal blackness!

But hey, its not the end of the road. Ever notice that you have a perfectly good display when you installed your SuSE build? Uhuh, yes. While we do want to have our display in full 24-bit glory, as of yet, we can’t because 1.) our display might not support higher than 60Hz, or 2.) our graphics card driver is not updated.

So what are we gonna do for the mean time? Use the xorg.conf that the installer used until we get a more capable display, or finish downloading that updated graphics card driver. This is just a first aid solution, and not to be used for the long term. Though this will work perfectly if you are using SLES10. Servers don’t need full resolution graphics you know.

Where the heck is it anyways?
Ok. No need to fret. You can find the default installation-grade xorg.conf at /etc/X11/xorg.conf.install. So how do we go about it? Simple. Before we proceed, we’ll need to shift views and use one of our TTY consoles. Consoles can be opened using CTRL + ALT and any of the function keys from F1 to F6. After going to one of our consoles, login using the root account and do the following:


# cd /etc/X11/
# cp xorg.conf xorg.conf.mine
# cp xorg.conf.install xorg.conf

That’s it!
If you want to test it, DO NOT USE SAX2! If you will invoke sax2 -r, it will overwrite the settings in our xorg.conf file. To test our graphic setting, do the following:

# /etc/init.d/xdm restart
# startx

If you can see the graphical login screen, then congratulations!

However, the work doesn’t stop here. You’ll have to download your updated graphics card driver and install it, remember? But alas my friend, we have to part here for now. That’s another tip for another day.

Technorati: no, display, blank, Linux, SuSE, OpenSuSE, SLED10, SLES10, xorg.conf, X11, sax2
Site Search Tags: no, display, blank, Linux, SuSE, OpenSuSE, SLED10, SLES10, xorg.conf, X11, sax2

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

Here’s a quick how-to on adding a virtual IP address on OpenSuSE, SLED10, or SLES10. This might be useful for novice users or for advanced users (who happen to forget how to do it

1. Open up YAST by clicking on Computer, select Applications tab, More Applications. On SLED10 SP1 and probably on OpenSuSE 10.2 and 10.3, you’ll need to click Computer, make sure the Applications button is clicked, then click on More Applications.

2. In YAST Groups (left pane), click on Network Devices, then click Network Card.

3. In the Network Setup Method dialog, you may choose Network Manager mode or Traditional Method with ifup mode. In my case, I prefer to choose Traditional.

4. After which, the Network Card Configuration Overview will be displayed, with a list of your physical NICs and possibly additional addresses (virtual IPs). Select the NIC you will configure to have additional virtual IP addresses. In most cases, you’ll only have one physical NIC so choose that.

5. After choosing the right NIC, go ahead and click on the Edit button. The Network Address Setup will be displayed. Proceed and click on Advanced and click on Additional Addresses in the pull down menu.

6. In the Additional Addresses dialog, click on the Add button. In the pop up dialog, fill in the Alias Name, IP Address, and Netmask then click OK.

7. Click the OK again, then click Next.

8. Click Finish.

You can verify your virtual IP address is indeed added by opening up your terminal, and going to /etc/sysconfig/network.

# cd /etc/sysconfig/network
# ll
-rw-r--r-- 1 root root 9259 2007-09-08 21:28 config
-rw-r--r-- 1 root root 6707 2007-09-08 21:32 dhcp
-rw-r--r-- 1 root root 558 2007-12-07 09:44 ifcfg-eth-id-00:16:e8:06:9f:8e
-rw-r--r-- 1 root root 141 2007-05-04 19:46 ifcfg-lo
-rw-r--r-- 1 root root 27470 2007-05-04 19:46 ifcfg.template
drwxr-xr-x 2 root root 120 2007-05-03 21:43 if-down.d
-rw-r--r-- 1 root root 239 2007-05-04 19:46 ifroute-lo
drwxr-xr-x 2 root root 208 2007-09-08 21:28 ifservices.template
drwxr-xr-x 2 root root 120 2007-05-03 21:43 if-up.d
drwx------ 2 root root 48 2007-05-03 21:43 providers
-rw-r--r-- 1 root root 27 2007-08-22 16:14 routes
-rw-r--r-- 1 root root 27 2007-08-22 16:14 routes.YaST2save
drwxr-xr-x 2 root root 1496 2007-09-08 21:34 scripts

Your NIC physical NIC will be identified by the format “ifcfg-eth-id-” followed by the MAC address. In our example, our NIC is ifcfg-eth-id-00:16:e8:06:9f:8e. Go ahead and view the content of ifcfg-eth-id-00:16:e8:06:9f:8e.

# less ifcfg-eth-id-00:16:e8:06:9f:8e

You may also use the ifconfig command to display the same information.

# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:e8:06:9f:8e
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fc40::211:edfe:fe12:9c8d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:47040 errors:0 dropped:0 overruns:0 frame:0
TX packets:16575 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15268670 (14.5 Mb) TX bytes:3358248 (3.2 Mb)
Interrupt:193 Base address:0xee00

eth0:172n Link encap:Ethernet HWaddr 00:16:e8:06:9f:8e
inet addr:172.16.1.1 Bcast:172.16.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:193 Base address:0xee00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:939 errors:0 dropped:0 overruns:0 frame:0
TX packets:939 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:91638 (89.4 Kb) TX bytes:91638 (89.4 Kb)


In our example, “eth0:172n” is our interface using our virtual IP address.

If you think this how-to helped you, feel free to leave a comment or a trackback to this article.

Happy SuSEing!

Technorati: virtual, IP, address, network, SuSE, OpenSuSE, SLED10, SLES10
Site Search Tags: virtual, IP, address, network, SuSE, OpenSuSE, SLED10, SLES10

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

Here’s a quick and basic how-to in preparing Xen with multiple bridges with multiple NICs for DomUs on Xen in SLES10.

Objective:
Deploy networking on Xen DomU’s using multiple bridges on multiple NICs. Host OS will utilize two NICs for WAN and LAN connections. Guest OS will utilize two NICs also for WAN and LAN connections. Host OS and Guest OS are using different WAN connections and LAN connections.

Step 1: Verify Xen Presence
Make sure that you have Xen installed. If not, you can do:

1. Open up YAST.

2. Click on ‘Software’, then click on the ‘Filter’ parameters box, and choose ‘Patterns’.

3. Verify that ‘Xen Virtual Machine Host Server’ is checked/selected. If not, then check it. The required packages for Xen are shown on the right panel.

4. To make sure, you can check for software dependencies by click on the ‘Check’ button at the bottom of the YAST window.

5. Click ‘Accept’ and let YAST install the packages.

After installation, Xen’s tools will be located in /etc/xen.

Step 2: Prepare NICs for DomUs
By this time, we’ll need to identify which physical NICs we are going to allocate for the DomUs. For our example, our machine has 4 physical NICs labelled ETH0, ETH1, ETH2, and ETH3 respectively. ETH 0 and ETH1 will be used by the host SLES10 (Dom0), while ETH2 and ETH3 will be used by the guest OS (DomU).

To specifically restrict our host from using ETH2 and ETH3, we will need to only initialize the NICs and not declare an IP address nor do we configure them using DHCP. To do just that, we need to:

1. Open up YAST.

2. Click on Network Devices, then click on Network Card.

3. In the Network Cards list, select ETH2 and then set it to ‘None Address Setup’. This will initialize the NIC without an IP address and our host OS will have no use of the NIC which serves our purpose quite perfectly.

4. Click ‘Next’ then Finish.

Do the same for ETH3. Do not forget to setup ETH0 and ETH1 to connect to your desired network.

Step 3: Prepare Xen with multiple bridges
Before we can configure Xen for multiple bridging, we will need to let Xen restart. The optimal way will be to reboot the entire system, or we can just stop the Xen daemon and restart it back up. We can do a Xen daemon restart only if we have already logged into the Xen-enabled kernel of SLES10. If not, we definitely will need to reboot and log into the Xen-enabled kernel.

After booting via the Xen-enabled kernel, we will need to do some preparations before we install our guest OS (vm/DomU). We will need to prepare our network bridges first before our guest OS can use the physical NICs we allocated for our guest OS. We will need two bridges for our guest OS to connect to WAN and LAN. To prepare the bridges, we will need to stop the Xen daemon, and create a wrapper script that utilizes the network-bridge script that comes with the Xen package of SLES10. To stop the Xen daemon, do:

# rcxend stop

We will need to put the wrapper script at /etc/xen/scripts/ along with other Xen tools. The following is a sample wrapper script.

#!/bin/bash
dir=/etc/xen/scripts
“$dir/network-bridge” “$@” vifnum=0 bridge=xenbr0 netdev=eth2
“$dir/network-bridge” “$@” vifnum=1 bridge=xenbr1 netdev=eth3

Save the file as br-wrapper_script or whatever filename you specify. Chmod the file to executable using:

# chmod o+x br-wrapper_script.

After creating the wrapper script, we will need to modify Xen’s configuration to use our wrapper script instead of network-bridge directly. The file of interest here is /etc/xen/xend-config.sxp.

# vi xend-config.sxp

Look for the entry that contains (network-script network-bridge) and change it so that it will become (network-script br-wrapper_script). The config file call our own wrapper script instead of the default network-bridge script.

After the necessary modifications, restart the Xen daemon by entering rcxend start at the terminal. Check if our bridges were created by using ifconfig:

Once, you see xenbr0 and xenbr1 then you are good to go.

Step 4: Utilizing multiple bridges for the Xen DomU
Xen DomUs can be created through YAST using the virtualization tools.

If “Create Virtual Machines” and “Virtual Machine Manager” is not present, click on Install Hypervisor and Tools. However, if you’ve installed Xen beforehand, you’d have these tools already.

To utilize the multiple bridges, you’ll need to make some side steps in the workflow when you create your virtual machine. Make sure that when you reach the virtual machine summary, click on “Network Adapters”.

Create the necessary number of paravirtualized NICs. In our case we need two.

Make sure that each virtual NIC will be linked to the correct bridge (previously created). Your virtual NIC 0 must be linked to xenbr0, and virtual NIC 1 will be linked to xenbr1.

Exit the Network Parameters workflow and continue with your virtual machine installation.

More info at:
SuSE Linux Enterprise Server 10 VM Network Configuration Examples by Glen Davis (Novell)
NIC Bonding with Xen Virtualization by Joe Harmon, Jim Short
Xen Source Official Site

Technorati: xen,Xen, virtualization, Linux, SuSE, Enterprise, SLES10,multiple, bridge, network,
Site Search Tags: Xen, virtualization, Linux, SuSE, Enterprise, multiple, bridge, network,

You have been searching the web for solutions to your problems and along the way you have found a treasure trove of tips, tricks, and pages that you just had to download. However, you’ve found no link to download the PDF version. What would you do?

Usually, you’d open up OpenOffice.org, copy and paste the content from the site, and click File, Export to PDF. Or you can do it a little simpler, and quicker.

Adobe has launched its online PDF creation service which allows you to upload your file, or reference a site, and it will generate the PDF for you that you can download to your computer. Downside is that you will need to of course subscribe to their service at a cost.

“I just need to export an entire online page to PDF.”
I’m telling you now, you can do what Adobe allows you to do at no extra cost. Yep folks — at no cost! To convert that secret tip page you’re currently reading, you can just open up your browser and point it to:

http://savepageaspdf.pdfonline.com/pdfonline/pdfonline.asp?cURL=_SITE_URL_&
page=1&top=0.5&bottom=0.5&left=0.5&right=0.5

Make sure that its all on one line and change _SITE_URL_ to that of the page url that you want converted to PDF, press enter, then save the file when prompted.

One caveat though is that there might sites that have content on floating divs that might be dynamically generated. There are times that those might not be included in the export. So far, for static pages, and most printer-friendly versions of your favorite pages, they can be exported to PDF without any hitch.

Technorati : PDF, pdf, online, export, tool, Adobe, Acrobat
Site Search Tags: PDF, pdf, online, export, tool, Adobe, Acrobat

Because of my very busy schedule, I wasn’t able to check up on Google’s reply regarding my AdSense dilemma. However, checking my email, I was able to see Google AdSense Team’s reply. Short, concise, and totally worthless…


Delivered-To: << my email >>
Received: by 10.90.35.5 with SMTP id i5cs111661agi;
Tue, 9 Oct 2007 14:12:32 -0700 (PDT)
Received: by 10.66.251.3 with SMTP id y3mr1148963ugh.1191964351537;
Tue, 09 Oct 2007 14:12:31 -0700 (PDT)
Return-Path: <bounce-20-201178509@trakken.google.com>
Received: from smtp-out.google.com (spaceape17.eur.corp.google.com [172.28.16.151])
by mx.google.com with ESMTPS id c24si9747619ika.2007.10.09.14.12.30
(version=TLSv1/SSLv3 cipher=OTHER);
Tue, 09 Oct 2007 14:12:31 -0700 (PDT)
;
; other header info snipped...
;
;

Date: Tue, 09 Oct 2007 21:02:16 -0000
From: "Google AdSense" To: << my email >>

Subject: Re: [#201178509] None of the above

Message-ID: <#14.bfdbd8d.5d70fcf.470bec58.590@google.trakken.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
In-Reply-To: <000fea81eb2d043ab3251316e99820@google.com>
User-Agent: Neotonic Trakken/cortex-3.1.21C

Hello,

We're working as quickly as we can to address this issue. As soon as we
have more information for you, we'll be sure to send you an email.

Sincerely,

The Google AdSense Team

If they make the gesture on following up on my case, fine and good. If not, then we can’t force the issue. I’m fine knowing that the Google AdSense Team and the AdSense service isn’t worth my time.

Technorati : Google, AdSense, follow-up, ads, advertisement, monetize, web
Site Search Tags: Google, AdSense, follow-up, ads, advertisement, monetize, web

You have used wget before. You have a remote hosted site, shell service, or file hosting. You can do ssh to your remote box. You decided to download a DVD image of your favorite distro to your remote box over ssh and decided to use wget. However, you are afraid that when you logout from your remote session, wget might terminate also. One nifty utility provides the bridge that you can cross from session termination, to perpetual session (at least until the intended result is achieved like when the download finishes).

Introducing “nohup”
“nohup” is this little jewel that came with virtually any Linux distribution and originally adopted from Unix’s own “nohup” version. The Linux incarnation of “nohup” was written by Jim Meyerling, licensed under the GPL and released by the FSF as part of the coreutils suite of tools.

“nohup” will run a command that you specify (not only wget) to be immune to hangups, logout, or even termination of session. As long as the server is alive and not rebooted, nohup will continue to execute the given command (or script).

Let my download finish!
On to the meat of this tip. wget is a great download tool however, it is not persistent and will terminate when you logout. Should you be downloading with wget via a remote terminal, this will pose a problem. “nohup” will make wget persistent and continue your download until such time that wget terminates, and nohup will then exit.

Using “nohup”

nohup <command string>

To run a “nohup” ’session’ with wget to have a persistent download, do:

nohup wget http://path.to.your.download.file

“nohup” will then append the standard output of “wget” into a file called nohup.out. Do remember also that “nohup” will not put the executed command into the background. To do so, modify the command above by appending “&” at the end of the command:

nohup wget http://path.to.your.download.file &

You can now log out of your remote box confident that your download will be finished by the time you log back in.

Happy downloading!

Technorati : Linux, opensource, nohup, wget, command, download, persistent
Site Search Tags: Linux, opensource, nohup, wget, command, download, persistent

This blog has been up since 2005 and despite it being intermittently updated, I never truly considered monetizing it since the number of visitors are very few. However a few weeks ago, I decided to take a look at the AdSense service since I am also an avid user of Google’s other services. That’s the very reason why these past 3 weeks you’ve seen some new items and the Google Ads on two areas of my blog.

Recently however, a big development came about. It’s not really a very big deal but it is definitely something to take note of. Last September 20, I received an email from the Google AdSense team notifying me that my AdSense account has been disabled. This has definitely surprised me and ticked that hell out of me. The email is as follows:

From: Google AdSense
To: –my email–
Subject: Google AdSense Account Disabled
Cc: Google AdSense
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Google-AdSense-Creation-Method: AdSenseFrontend
X-Google-AdSense-Message: ads-status

Hello <my full name>,

Your AdSense account was found to be related to an account previously
disabled for invalid click activity and we have therefore disabled your
account. Publishers disabled for invalid click activity are not allowed
further participation in AdSense and do not receive any further
payment. The earnings on your account will be properly returned to the
affected advertisers.

As outlined in our program Terms and Conditions, Google reserves the
right to terminate any publisher’s participation at any time.

Sincerely,

The Google AdSense Team

How come that my AdSense account was disabled and I’m accused of engaging in “invalid click activity” ? What I did in response is go to the AdSense site and fired up the Contact Form with the message:

Hello,

First, thank you very much for allowing me to participate in Google AdSense albeit in a very short time span. It allowed me to see the features that AdSense provides and the convenience it is for publishers to monetize their sites.

I am emailing you in response to a notification email I received dated September 20, 2007 regarding my AdSense account being disabled due to participation in "invalid click activity".

I would like to make some points clear.

1. I am not aware that invalid clicks has been made on AdSense ads that were put on my site, http://baudizm.blogsome.com.

2. I have never personally clicked on any of the AdSense ads that were put on my site, and I am perfectly aware of the terms as agreed upon prior to completing my application with AdSense.

3. I am using a NAT-ted home network where I share my connection with the rest of my family who are also internet users thus might explain sharing the same IP address with them.

4. I have not campaigned or asked anybody to click on any of the ads that were placed on my site. If you can notice on the ad demographics on my account, the clicks were very few and far between.

5. I did not even participate or click on ads from other AdSense Publishers.

I believe that despite me being new to the AdSense service, I have been done a great injustice and disservice. I have expected Google AdSense to be a great service and I have done my very best to adhere to the agreements and rules set upon by Google for the said service. I cannot believe that even one or two delinquent clicks, might bring down an erstwhile honest endeavor of monetizing a personal site. This is my first try to monetize my own site despite the years it has been up and I had put my trust on Google's AdSense service to be able to provide the monetizing service that I could look up to. However, AdSense failed me miserably. I have a very hectic day job providing Pre-Sales and Technical Support for a local IT reseller and I am perfectly aware of your rules and conditions.

If there is going to be a way that Google will rectify this situation, then I will be very glad to listen. However, I am utterly disappointed at how this matter has been handled. I am a very busy man. Surely this might be negligible, considering that the ad revenue (if there is at all) from the ads at my site only earned 40 cents in a span of almost 3 weeks. However, even that is proof that my site did not engage in unscrupulous "invalid click activity".

The email I received from Google regarding my AdSense account also led me to believe that my AdSense account will have no chance of being restored nor will I be allowed to apply for another account, quoting:

"Publishers disabled for invalid click activity are not allowed
further participation in AdSense and do not receive any further
payment. The earnings on your account will be properly returned to the affected advertisers."

This recent development is truly disappointing and disheartening on the part of an honest new publisher.

Sincerely,

<my full name>
Certified Novell Salesperson 2007
Freelance Consultant and WebDev.
(Linux/OSS, Windows,LAN/WAN/Struc Cabl.)
Registered Linux User #400165

This got me ticked off at Google AdSense. If I will not receive any message from them, its not worth it. I am not asking them to have my AdSense account restored however, if they will, then I will appreciate it. But looking at the number of accounts that they are dealing with on a daily basis, that possibility is slim. I am just hoping for some more information (logs showing the IPs, time the click was made, and so on) to be provided to me regarding the “offense” that they allege I had made. I am working on an enterprise IT environment and I know too darn well what the Google AdSense terms meant and it is stupid or ignorant of me if I go against the terms I have agreed to in the first place prior to completing my application at AdSense.

We shall see in the coming days what AdSense will say about this.

Technorati : Google, AdSense, ad, invalid, click, account, disabled
Site Search Tags: Google, AdSense, ad, invalid, click, account, disabled

The cost for vendor-centric certifications from the likes of Cisco, Microsoft, Red Hat, and Novell to name a few are somewhat highly specially for middle-wage earners like me who happens to reside in the Philippines.

So what do I do? Enlist at BrainBench. Although, there have been a lot of mixed opinions coming from all sorts of people regarding BrainBench’s certifications, I still find time to take the exams it offer. However, what I do is wait out for any “sponsored certifications” because these are for certain to be free of cost for the taker. I get to “certify” my self without paying for anything.

However, some people say that BrainBench’s certification is not truly reliable because the taker can engage in cheating at any time. I have been taking BrainBench’s certifications for a few years now. BrainBench’s exams are actually timed, plus the exam items are random. If you will spend a little more time scanning for the right answer, there’s a slim chance you’ll get the right one.

Plain Honesty
For my part, ever since I’ve started taking BrainBench’s exams I never tried to cheat on it. Why? because I am not cheating BrainBench. I’m cheating myself I’f I did. Plus the timed test doesn’t give me much room to cheat anyways.

Newly Acquire BrainBench Certification
I am not so sure about how other companies and employers perceive BrainBench’s certifications whether they will honor it or not. Regardless, I have taken another of its certification, the Apache 2.0 Administration exam, and passed it. I got a 3.17 mark.


Test: Apache 2.0 Administration
Date: 12-Sep-2007
Score: 3.17
Weights: 100% Apache 2.0 Administration
Elapsed time: 29 min 23 sec
Apache 2.0 Administration
Score: 3.17
Percentile: Scored higher than 52% of previous examinees

Demonstrates a solid understanding of core concepts within this topic. Appears capable of working on most projects in this area with moderate assistance. May require some initial assistance with advanced concepts, however.
Strong Areas

* Securing Web Server
* Server Configuration

Weak Areas

* Tracking Server Activities
* Customization

Bottomline
I’m not really sure how serious companies are with regards to accepting BrainBench’s certifications. Of course, I still have my eye on taking CompTIA’s A+, Linux+, and Network+. I also got my eye on LPI’s own set of certifications. However, my pocket’s not that deep right now and instead of paying for certifications, I need it to buy food for the table. BrainBench’s exams are a great mental exercise for me and my skill anyways and I don’t expect to get a perfect score from it nor do I ambition to.

Technorati : certification, BrainBench, skill, evaluation, exam, free+certification
Site Search Tags: certification, BrainBench, skill, evaluation, exam, free+certification

There were a lot of approaches on how one can snoop on what one does on an opened terminal (TTY) session. This is just a quick tip, however, this will require the terminal to be already opened. This was initially suggested in Linux Users Group by Venu, then Jeremiah Bess decided to put it to practice also. Trying to help out Jeremiah, I reminded him of the “script” command as mentioned by Venu. Here’s what all the fuss is about.

You have an open terminal. Somebody might come in and use it while you are away. You can use the “script” command to leave a “booby trap” to trap all the commands entered as well as the output.

user@linux:~> script -a booby.log
Script started, file is booby.log
user@linux:~>

When you come back, you can turn off logging by typing:

user@linux:~> exit
Script done, file is booby.log
user@linux:~>

However, this will be quite noisy and will actually notify you that “script” is started or stopped and that it is logging to the specified file. Jeremiah wanted to prevent “script” from displaying notifications. It was also not obvious to me at first and I was obviously careless. A friend of mine, Sir Botp, suggested using the “-q” switch. I rechecked the man page of “script” and indeed there it was! Thanks to Sir Botp’s common sense and my carelessness (hehe), we can now keep “script” quiet.

user@linux:~> script -a -q booby.log
user@linux:~>

… (script is now logging silently. our unwitting user doesn’t know.) …

user@linux:~> exit
user@linux:~>

There are other ways that we can achieve this and perhaps more efficient than “script”. One method may give me “nose-bleed”. The method uses strace to actively monitor processes via the PID. You can find the discussions over at Insecure.org plus a Perl script that you can use to parse the strace log.

Another method is to use “screen”. Pretty much works like “script”, perhaps even more. J.P. Vossen discussed this at the Philadelphia Linux Users Group (PLUG) mailing list.

Its not as sophisticated as keyloggers, or strace. But might do the trick. But one caveat though. If the user is on a vi session, then you might end up with garbled data for that specific session. Once the user logs out of vi, then everything’s ok again. Also, “script” is not capable of handling nested logging like what screen can do. You can call “screen” within an actively logging “screen” session.

Regardless, “script” provides a very basic logging tool.

Technorati: Linux, command, line, logging, terminal, tty, script, strace, screen, keylog,
Site Search Tags: Linux, command, line, logging, terminal, tty, script, strace, screen, keylog,

In an enterprise environment, it is quite a challenge for administrators to be able to quickly and efficiently deploy a bunch of network services on top of Linux. Services like web(http), ftp, DNS, DHCP, SSH, and the like require some configuration time, proper planning, and discussion with the deployment team, auditing team, and helpdesk teams. Rolling out a set of physical servers is also another area where improvement in deployment speed is almost equivalent to a the success or failure of your business.

Choosing what platform or operating system to leverage on for your environment is also another key decision. Depending on an enterprise’s requirements, you may opt to go for Linux, pure Unix, Windows (yeah it too is an option by some standards), and even Mac OS X. You might ask, “How come Netware is never mentioned?” Well, it is quite obvious. Despite the strength and reliability of Netware, the low volume of applications that could be had on the platform has almost put it to near obscurity. However, those who are still using Netware continue to profess to its rigidity, solid performance, and reliability.

What will happen to Netware? Actually, Netware is not dead. It is alive and well, and Novell continues to nurture the still breathing, and would you believe it - growing, community of Netware users. Yes, yes, I’ve said Netware was put to near obscurity. Got it? N-E-A-R. It’s not obscure. It’s not dead. It is just low under the radar compared to other platforms like Windows, Linux, Solaris, and others. Again, its community is growing.

How on earth is it low on the radar and yet growing? Simple. Novell is slowly morphing Netware. From a pure Netware operating system, it is now a hybrid operating system. Novell called it Open Enterprise Server (OES). Open Enterprise Server is both a Linux system and a Netware system. On one hand you can install it as a Netware-kernel based server, offering the same traditional Netware services. On the other hand, you can deploy it as a pure Linux system, based on SuSE Linux Enterprise Server 9, offering traditional Linux services like any other Linux distribution and yet also offering the Netware services that you can only previously find on Netware. Services like Virtual Office, Edirectory, iFolder, and Netware Storage Services, are just a few of those services traditionally found on Netware.

Novell Open Enterprise Server 2 Public Beta
Recently, I have received an email from Novell’s Beta Management Team informing me (and others in their mail list of course) that Open Enterprise Server 2 is now available as Public Beta release. OES 2 will complete the transition of offering Netware services on top of a pure Linux system.

Solid Under the Hood
OES 2 runs on top of SuSE Linux Enterprise Server 10 SP 1 leveraging the latest stable enterprise SuSE build fused with the latest Netware 6.5 services on an easy to deploy Linux-cum-Netware distribution.

Notable Improvements
Like any recent Linux distributions, Open Enterprise Server 2 has full support for 64-bit dual-core and multi-core processors. And just like its SuSE Linux Enterprise brethren, it also comes chockful ‘o virtualization goodness thanks to the built-in Xen Hypervisor technology that allows it to provide both paravirtualized and fully-virtualized environments of Windows, Solaris, or other Linux distributions.

The most notable development to date that the Open Enterprise Server 2 may offer is the Dynamic Storage Technology introduced in this build. Dynamic Storage Technology eliminates seldom-used data from taking up valuable space on your most expensive and highest-performing storage devices. As Novell puts it:

“Dynamic Storage Technology allows administrators to create policies that dictate what data is considered active or inactive. With these policies, inactive data is relocated to lower-cost storage solutions and is backed up less frequently. Active data then resides on highest-performing storage environments, is backed up more frequently and is first to be restored in the event of a disaster. End users see no change in the way they access their information, but the data is automatically optimized based on policies and actual use.”

Another key development to this build is called Domain Services for Windows. In the good old days of Netware and the previous OES version, the only way for Windows workstations to authenticate to Edirectory will be via the Novell Client which must be installed on all machines. With Domain Services for Windows, workstations will no longer need to have Novell Client installed, and instead will communicate with Open Enterprise Server using native Windows protocols and authenticate themselves the same way they authenticate to Active Directory.

The same Domain Services for Windows also provided another way to manage OES on top of Windows — via the Microsoft Management Console. Netware and the previous OES version is managed via ConsoleOne or iManager. Now, administrators can perform certain file system and directory tasks, as well as centrally administer Samba shares via the MMC.

Me and my team are still currently evaluating the current beta build and it might be a month or so before the final stable release. However, we are very excited to see this thing run and look at what it can do. Who knows, this might just allow Windows Server 2003 make a run for its money.

Links:
Novell OES Product page
Novell OES 2 Public Beta Download page

Technorati: OES, Open, Enterprise, Server, Novell, Netware, Linux,
Site Search Tags: OES, Open, Enterprise, Server, Novell, Netware, Linux,

In a landmark move, IBM yesterday announced that it is joining with the OpenOffice.org community in the continued development of OpenOffice.org software. In a press release made through the OpenOffice.org website, Mike Rhodin, IBM’s Lotus Division General Manager expressed that “IBM is very pleased to be joining the OpenOffice.org community. We are very optimistic that IBM’s contribution of technology and engineering resources will provide tangible benefits to the community membership and to users of OpenOffice.org technology around the world. We’re particularly pleased to be teaming with the community to accelerate the rate of innovation in the office productivity marketplace. We believe that this relationship will improve our ability to deliver innovative value to users of IBM products and services. We also believe that the collaboration will lead to an even broader range of ODF-supporting applications (ISO 26300) and solutions that draw from the OpenOffice.org technology.”

John McCreesh, OpenOffice.org’s Marketing Project Lead welcomed the announcement by saying “We welcome IBM’s contributions to further enhancing the OpenOffice.org product. But equally important is IBM’s future commitment to package and distribute new works that leverage OpenOffice.org technology supporting the ISO ODF standard. ODF is a once in a generation opportunity for the IT industry to unify round a standard, and deliver lasting benefit to users of desktop technology.”

Meanwhile, Sun Microsystems, one of the staunch supporter of OpenOffice.org, welcomed IBM’s move with open arms. “In the seven years since Sun founded the project, OpenOffice.org has fueled and filled the need for document data and productivity tools that are open and free. Open source software and ODF are having a profound impact around the world, with numerous communities and organizations coming together to support these initiatives and governments, and corporations and schools standardizing on the software. We look forward to working with IBM and the other members of OpenOffice.org to ensure that this momentum continues. We invite others to join us in the community and participate in building the future as OpenOffice.org and ODF continue to gain popularity across the planet,” said Rich Green, Executive Vice President for Software at Sun Microsystems.

The OpenOffice.org project was stemmed from Sun Microsystem’s own StarOffice that offered document compatibility with Microsoft’s own proprietary Office document formats. OpenOffice.org, along with the Organization of the Advancement of Structured Information Standards (OASIS), developed and promoted the use of the OpenDocument specification (ODF) which allows documents to be openly supported by any application free of proprietary restrictions. IBM for its part was said to have borrowed code from the OpenOffice.org software and integrated the code into their Workplace suite of products back in 2005. This move will in turn even things out with IBM returning the gesture and sharing code with the OpenOffice.org community. This will shift things in favor for OpenOffice.org, further cementing its viability as an office productivity suite that is worthy of attention.

The recent move by IBM also caught the attention as welcome news to Red Hat, Beijing’s RedFlag Chinese 2000 Software, and Ubuntu.

It can also be noted that Microsoft in its part is busy in lobbying its own “open” document format in the form of the OOXML specification for standardization which is currently under review at ISO.

OpenOffice.org Press Release

Technorati : openoffice, OpenOffice.org, IBM, opensource, open-source, announcement
Site Search Tags: openoffice, OpenOffice.org, IBM, opensource, open-source, announcement

Courtesy of http://en.tiraecol.net

Technorati : Vista, cartoon, comic, strip
Site Search Tags: Vista, cartoon, comic, strip

Blogging has caught on with the masses and it is pretty evident that virtually anyone that is connected to the net, and spends a great deal of time connected, will eventually decide to put up his or her own blog. Mine’s no exception.

However, it is really quite a challenge to keep this blog up and running and having some dedicated readers (if at all) interested in reading my posts. Plus add to the mix a wide assortment of spam bots that flood the commenting feature. To remedy the situation, for quite some time already and to a certain degree of success, I have put up some restrictions to what one can do with the commenting functionality of the blog. The comment feature is here for all the readers to post comments on certain topics. If a comment is not related to a specific topic or related to the overall theme of this blog, the comment will be considered spam and will not be tolerated.

I have been using Kitten’s Spaminator to watch over the comments posted on this blog. I have also enabled that comments be reviewed by me personally first before the comment appears. This is not basically tantamount to censorship to your opinions and everyone has a right to your opinions. And I am very much thankful for your participation and continued support to this blog (even if there’s only a few of you reading this).

Like any method or technology the Spaminator is not perfect, and might from time to time be able to block comments that may contain obscene/pornographic, or derogatory statements and expletives. It may also block excessive links that is contained in the comments. It also blocks some “known” IP addresses (yes this blog logs your IP) that are known to me to have dubious and malicious intentions against me, or my personal integrity.

However, from the first day I started to use the Spaminator, its the first time that it blocked and otherwise okay post. And it is with this that I would like to apologize to James Ryley. Spaminator detected his post as having excessive links when in fact it is not. Here’s his original comment as emailed to me directly by Spaminator:

The details:
Strikes : 18/5
How : excessive links, empty field - author url, url dashes
IP Addr : xxx.xxx.xxx.xxx
Referer : http://baudizm.blogsome.com/wp-comments-post.php
Client :
Request : POST /wp-inst/wp-comments-post.php
Post ID : 99
Email :
Author : james ryley
URL : FreePatentsOnline.com
Body:
I saw your page at http://baudizm.blogsome.com/2007/05/25/opinion-eff-and-novell-partnership-against-software-patents/ and wanted to suggest a resrouce to add: http://www.FreePatentsOnline.com. This site allows free patent searching, free PDF downloading, free alerts, and more. It is a good resource for IP attorneys, patent searchers, scientific researchers, students, and small businesses.

To James Ryley, sorry for the mishap and thank you for visiting my blog and taking time to comment on one of my post and sharing another great link resource. I will visit the link you gave me and take a look at it. I might even add it to my Link list. I will also add your comment myself on your behalf. Thanks once again.

To all the other readers and visitors out there, I might not have enough time to put up sometime, however rest assured I’ll put up something much more informative in the posts to come. Thank you very much for your support and God Bless!

Technorati : blogging, comments, spam, blocking, censorship
Site Search Tags: blogging, comments, spam, blocking, censorship

Courtesy of http://en.tiraecol.net

Technorati: Vista, cartoon, comic, strip,
Site Search Tags: Vista, cartoon, comic, strip,

Recently, I was asked by the Administrator of a client company to assist them in migrating their MySQL database running on top of Windows to MySQL running on top of Linux. The solution is not so obvious but rather straight forward.

As such that currently I am in a kind of hurry, I will cut to the chase and plunge straight down to the tip.

Back up to a file
To backup a MySQL database to an external file, you will need to use the mysqldump command on the terminal. You can commonly find this in /mysql_install_directory/bin . To do the backup, just execute the command:

linux_box:/usr/local/mysql/bin # mysqldump --user USER --password=PASSWORD DATABASE > DATABASE_FILE.sql

USER - the username of the MySQL or database admin
PASSWORD - the user password
DATABASE - the name of the database to back up
DATABASE_FILE.sql - the output file

Restore a database
The resulting backup file contains SQL statements that will recreate the database or contents of the database to a target database. Restoring/importing the database from the output SQL file is achieved by using:

linux_box:/usr/local/mysql/bin # mysql -u USER -pPASSWORD DATABASE < DATABASE_FILE.sql

This will execute the SQL statements in the SQL file in turn recreating the database.

For more details on the mysqldump command, visit the MySQL website.

Technorati : MySQL, backup, restore, database, mysqldump
Site Search Tags: MySQL, backup, restore, database, mysqldump

Eversince Baby Rorie was born, I saw in her something that really makes me proud. She has this spunk, and brainy-ness that all parents would want to see from their children. And my Baby Rorie Kyne is simply exceptional.

Rorie Kyne is almost 2 years old now yet unlike other children her age, she can enunciate and pronounce the alphabet quite clearly. Her favorite every morning will be to watch her Kiddie Songs DVD complete with the Alphabet song and other songs which she would gleefully do a sing-and-dance rendition. Even the TV commercials that feature kid actors are no exception. She would also sing-along to the tunes of these erstwhile common melodies. These, she does at the early age of 2.

Out of playful boredom, my wife snapped some pictures of Rorie lazing away in our family computing area. And what did my wife get? Look below. Even I was amazed at the pictures! It’s as if she’s reading the book and really understanding what’s inside! It really made me laugh when I first saw the pictures and quite proud to see that at an early age, my baby’s getting tech savvy.

Technorati parenting, kids
Site Search Tags: parenting, kids

It’s been a while again since I’ve added another juicy post. For those who continually visit my blog, whether for good intentions or for dubious ones (bless your souls!), I am quite busy with work nowadays and seldom find quality time to add something here. This article is just another proof that I was able to sneak out of my otherwise busy schedule to post something up.

What gives? Well, not only am I doing pre-sales and tech support now for Novell products for the company I work for, I am also doing pre-sales and sales for Alcatel-Lucent VoIP products. And Alcatel-Lucent is currently draining my work time since I am doing catch up on anything VoIP related. I’m not much into telephony and telecoms however I see this as another challenge since this is another area that I am not so familiar with. Another avenue for learning (which is great!).

Aside from regular work, I’m doing freelance web design and graphics design. I just finished one site for a local electric cooperative and waiting for approval for another one. I have decided to pursue this business more (without my boss’ knowledge) and do this on my free personal time. Will register and put up my own media/design company soon, finance and time permitting (and God-willing too). I haven’t had much business going on with my consulting (Linux, Mac, and Windows) so I’m now also starting to explore on reselling webhosting services (webspace, domain, etc..). I have to admit, I’m finding the reselling business quite attractive provided you know how to market it. And boy have got a big untapped market!

I’m really getting excited and itching to proceed with this endeavor. If everything goes well, I might even quit my day job and do all of this full time.

Will let you guys know how I’m getting along with the telecoms/telephony thingy also later.

Good luck and best of health to you all!

Technorati work, career, personal
Site Search Tags: work, career, personal

Do you happen to experience the following scenario?

1. A relative comes over from some home town of which you obviously are not familiar about. This relative is only known to either your father or your mother and the last time they’ve seen that relative was on their wedding day.

2. This relative did not bring any personal hygiene implements (toothbrush and stuff..) and expects to borrow something from you or from your siblings.

3. This relative is so eager about anything that he/she sees on TV. With the relative around, he/she would end up hogging the TV because he/she is watching his/her favorite show and you cannot switch to your favorite channel to watch your favorite show because your parents are giving you the “eye contact” that somehow tell you not to do anything lest you disappoint the visitor.

4. This relative would, early in the morning, use the bathroom ahead of you, use your soap and bathe for almost an hour while you have to wait till he/she finishes and looking at the clock, you estimate that by the time you finish bathing and having breakfast, you’ll be late.

5. After the relative has taken a bath and you get your turn, you discover that the relative used the toilet and did not bother to flush it. The relative also left an almost flooded bathroom floor because he/she plugged the floor drain. You also discover his/her personal undies and clothing scattered all over the bathroom and your extra towel that you normally use for drying your hair was used by the relative to wipe his feet before getting out of the bathroom.

6. The relative loves to sit beside you at the dinner table and would talk about all sorts of things while his mouth is full and will beat you at snatching that last piece of hotdog or fried fish with a fork.

7. You had to share your room with the relative because your guest room was not cleaned and is full of stuff stashed away and you have to endure an entire night of sleeplessness because the relative snores like an Semi trailer truck.

How I will deal with this difficult relative

1. I will welcome the relative. Though I do not know that relative, I will welcome him still and try my best to start a conversation.

2. I will let him borrow clothing only. And I will only let him use my clothes that I rarely use and are also comfortable. I will definitely not let him borrow my toothbrush, deodorant, hair brush, or anything _deeply_ personal.

3. If I want to switch to another channel while the relative is eagerly watching his favorite show, I will perform a distraction technique. While the show is on, I will engage in a conversation with him about the show he is watching. And since I am not an avid viewer of the show, I will ask him to tell me the background story. That will engage him into story-telling mode and he will not be able to concentrate on his watching. Then when the TV is on commercial/advertisement, I will ask him to transfer to my favorite channel _just to check_ what show is on. As soon as the switch is made and my favorite show is already on, I will engage in a story-telling mode about MY favorite show. I will then talk about some of the characters in the show and explain what is happening, building his interest. This will make the relative curious and will follow the show through along with me.

4. I will talk about my daily routines and schedule. And I will also talk about my current work and responsibilities just to give the relative an idea of what I do everyday. I will also talk about my boss and what I am subjected to while at work. I will then steer the conversation so that I can give the relative the idea that I will need to go first in using the bathroom in the morning.

5. Before I retire for the day, I will make sure that I have given the relative a tour of the house. And most importantly, I will show him our spiffy bathroom and talk to him about the features and so on. I will also show him how the washing machine works and where we will be putting our laundry. I will also tell him of the extra basket we use for our laundry and he can use it for his own. That will give him the impression that he has to use the laundry basket too. I will also inform him that the towels that we have in the bathroom are all body towels and not foot towels. I will also show him the bathroom drain giving him a trivia about how it works and why it is there and how we clean it up.

6. I will get hotdogs or fried fish first then urge him to get his share of hotdogs and fish. At least I already got all my share. I will then also tell a story about a friend (fictitious) who was eating at a school cafeteria and was talking to friends when she choked and had to be taken to the hospital. That will take care of him talking while the mouth is full.

7. I will inform the relative that I will be needing a longer sleep time because I will be very early for work the next day. I will also talk about some friends (fictitious) who were having some problems with snoring. I will then ask the relative if he has the same snoring problem then share with him the snoring solutions that my friends told me. This will make the relative to be considerate and will offer to sleep on the couch in the living room to let me sleep in relative peace and quiet.

To summarize…

It is never a good idea to snub a relative or somebody who’s visiting your house. In whatever you do, even if you dislike that relative, it is still a big mistake to be doing a hostile confrontation simply because he’s doing what you think are stupid things. Who knows, perhaps thats how they do things in their town. Instead of having a confrontation, it is best to approach the relative in a calm, polite and respectful manner. It will also be better if you impose what you want to the the relative through fictional stories and some thought-provoking stories then hope that the relative gets the idea.

I know how hard it is to deal with difficult relatives. However, chances are they are just accustomed to it at home and that’s how they do things. Regardless of how despicable a relative is, they still deserve respect and approach them about anything in a respectable manner.

Respect is easily given to someone who knows how to.

Technorati : how-to, difficult, relatives, family, respect
Site Search Tags: how-to, difficult, relatives, family, respect

Gmail has been widely used nowadays and for most of us, it seems indispensable. However, for others who would prefer to use a traditional mail client over a web-based mail client the following steps might be helpful.

As always the case, I am using Linux for my daily work routines. And I have the option of using either Mozilla Thunderbird or Evolution as my mail client. Whichever client I use, I am still assured I will get my mail in time.

If you are on Gmail, I’m pretty sure you would want to export your Contacts list over to your mail client. Here are the details how to do it.

- Click on Gmail’s “Contacts” link at the left.
- Click on “All Contacts”
- Scroll down the page, then click on “Select: All”
- Scroll up, then on the top most right corner of the Gmail page, there’s Import and Export. Click on Export.
- In the dialog box, you will get to choose either export as Gmail CSV or Outlook CSV.

To import the saved Outlook CSV contacts file:

- open up Evolution
- click on File, Import
- choose “Import a Single File”
- click on “Browse” and select the CSV file exported from Gmail.
- continue with the process then click Finish.

Technorati Tags: gmail, export, email, contact, list, import, evolution
Site Search Tags: gmail, export, email, contact, list, import

I just came across ZDNet’s article regarding a test conducted by Hal Licino which compares the responsiveness between an old Mac Plus computer and a modern 2007 AMD dual-core system.

And the results will not make you impressed with your new spiffy system. The culprit? B.L.O.A.T.

The latest operating systems and applications that we have are all bloated to the teeth. Just head on over to Hal Licino’s comparison site and get the idea. Yes, his pitting a 1980’s machine and a 2-decades-later machine seems outlandish and foolish to some, however, it also shows in raw detail what we really have on our systems right now.

Yes, it might appear funny but facts are facts. And fact is, the ’80s computer smoked the new one hands down.

Link:
Hal Licino’s comparison site
ZDNet’s article

Technorati : computer, comparison, Mac+Plus, Apple, AMD, PC
Site Search Tags: computer, comparison, Mac+Plus, Apple, AMD, PC

This would appear to be a continuation of my previous posts that featured the iPhone. And it seems my prediction for a date of release overshot by a couple of months.

“Definitely, this means that we cannot as of yet buy one. The device may be release sometime October or later in the year.”
- http://baudizm.blogsome.com/2007/01/11/apples-nuke-iphone-3/

Instead of my prediction of October, Apple Inc. will release the iPhone on June 29 this year. And no, I am definitely not going to save up money for it (contrary to my previous post).

Primary reason why I will not go for the iPhone now is because 1.) there is no mobile provider in the Philippines that support the iPhone (yet); and 2.) it’s just so darn expensive. My hard-earned cash is better off for another more important expense than engaging in luxury which is beyond my means and lifestyle. Though I’m sure the iPhone will definitely turn heads towards the user once it penetrates the Philippine mobile market, if at all.

Apple’s iPhone release ads:
http://www.apple.com/iphone/ads/ad1/
http://www.apple.com/iphone/ads/ad2/
http://www.apple.com/iphone/ads/ad3/

Technorati : Apple, iPhone, release, mobile, communication, technology
Site Search Tags: Apple, iPhone, release, mobile, communication, technology

Many of us who happen to spend a huge amount of our time on the internet do so and rely on our browsers. We rely on our browsers for virtually anything we do on the internet. From communications, to research, to purchasing anything, and just about any service that is available off the internet.

To keep our browsers up to date with fixes and patches, we follow a distinct routine of updating our browsers as soon as patches and fixes become available.

However, Polish hacker Michal Zalewski released another set of flaws for patched Internet Explorer and Mozilla Firefox browsers.

The published flaws are not pretty. And these flaws are not good for users unless the publicized flaws will be corrected in the browsers themselves.

Zalewski announced the flaws at Full-Disclosure

I have tried his simple online demos of the exploits and could now see that a lot of these malicious coders will try to incorporate these exploits into their arsenal. Add to that the viral and nuisance “marketing” sites will be using techniques derived from these revelations from Zalewski.

It wont be long, I’ll be disabling JavaScript support should this remain unfixed in upcoming browser releases. Or perhaps, I’ll go Opera provided it will not be running under IE mode or Firefox mode.

Firefox, Internet Explorer, browser, security, flaw, hack
Site Search Tags: Firefox, Internet, Explorer, browser, security, flaw, hack

The keyboard and the mouse have been our oldest means of interacting with a computer. Of course there are some other specialized devices like braille boards, microphones, trackballs, graphic tablets, light pens, drawing pucks, and the list goes on. However, on a common computer workplace, you’re bound to see only the ever humble keyboard, and the mouse. And we have done so much torture to these devices and has given little or no care for these handy helpers. And it seems that the time is almost here that we will be saying goodbye to them.

Microsoft and Surface aim to be first in the mainstream market for multitouch computing

May 30 saw Microsoft, with CEO Steve Ballmer in hand, introducing their new product dubbed Microsoft Surface code named “Milan”. The product aims to be a tactile computing platform with full interaction with virtual objects on a table-top display unit. This project was started way back 2001 and was kept relatively under tight wraps for a couple of years.

Surface is basically a table cut in the middle and replaced with a projection screen. It is then stuffed inside with a run-off-the-mill high-end PC running Windows Vista (ugh!), a projector, and a couple of infrared cameras that sense the interaction of the fingers on the touch surface (display). Microsoft has also developed the software that is taking charge all the interaction within Surface. Milan senses all sorts of gestures, finger manipulations, and interaction with the virtual objects.

However, the big question is even if I can afford this type of machine will I buy it? NO. Why? The reason goes far beyond the fact that it is being made by Microsoft, no. It is the fact that they have put too much moving parts on that thing. Too much moving parts, means too many points for failure. Plus they will need to find a way to make it thinner than it is. And it is a table-top for pete’s sake.

If not Surface and if I will go for Tactile Computing in the future, what would I choose? Read the following entry.

Jeff Han and the wave of the future

Jeffry Han, a Human-Computer Interface designer doing research and consulting at the New York University, made a public demonstration at the annual TED event last August 2006 what he calls an “interface-free computer display”.

Courtesy of multi-touchscreen.com.

What sets Jeff Han’s multitouch screen display apart from Microsoft is that compared to MS Surface, Jeff Han’s display uses a method called “frustrated total internal reflection” (FTIR).

FTIR recognition technology has been existing for quite sometime and is already a very mature method. It has been in use on biometric devices the likes of fingerprint readers. (See at Wikipedia)

Summary
In all, what Jeff Han and his team developed is in my opinion a lot more efficient, more customizable, and space saver since the multitouch screen display can be a few factors thinner than existing touch screens and way thinner than the Microsoft Surface. This will also bring the possibility that Jeff Han’s multitouch screen display may be able to work well with other platforms and not only Windows.

My bet will definitely be with Jeff Han and his team.

Jeff Han has spun off his research team from the NYU Courant Institute of Mathematical Sciences and called it Perspective Pixel.

It won’t take long and we will definitely see a new breed of display-input systems. No, I don’t want something coming from Microsoft. I want one that runs on Linux or Mac, thank you. And Jeff Han’s display might be the one safe bet.

Watch Jeff Han performing a demo of a larger version of the multitouch screen at Perceptive Pixel

More links:
Jeff Han at TED 2006
Jeff Han’s Bio at TED
Jeff Han’s page
Multi-Touch Screen.com

Technorati : Surface, Microsoft, Jeff Han, multitouch+screen, Perceptive+Pixel, display, devices
Site Search Tags: Surface, Microsoft, Jeff, Han, multitouch+screen, Perceptive+Pixel, display, devices

In a landmark accomplishment, the Fedora team has finally released Fedora 7 “Moonshine”.

What sets Fedora 7 apart from previous Fedora releases is that this latest release unified the two Fedora components — Fedora Core and Fedora Extras. The final public release of Fedora 7 yesterday, May 31, followed the traditional development freeze last May 17.

Other features that will be seen on this latest Fedora release are listed as follows (taken from the Fedora Wiki):

1. Merged Core and Extras - Fedora Core and Fedora Extras merged into a single source control system and use a single build system, thus creating a new package set that carries the already overloaded name “Fedora”.

2. Ability to spin a custom distribution and/or live CD - users can now create a custom Fedora-based distro or live CD. Custom CD spins on top of Fedora 7 can be both live and installable, or only installable only.

Courtesy of the Fedora Project. Click to enlarge.

“Fedora Prime” and “Fedora Everything”

Fedora Prime is basically a spin of the Fedora project that more or less targets various system deployment “profiles”. Some users would want to deploy Fedora as a server, others want to deploy it as a plain desktop, some want it to become a developer desktop, and some people want to deploy it with a little of anything. Creating different spin releases to fit certain deployment profiles are out of the question, therefore the Fedora board decided to create the Fedora Prime spin which will include packages that will allow users to deploy Fedora either as a server, desktop, or developer desktop.

Fedora Everything of course is self explanatory. It contains every package known to the Fedora Project. In essence, everything is like your own Fedora repository. Some packages that did not come with the Fedora Prime spin can be found in the Fedora Everything spin. Do you really need all of those things?

Final Release Spins

Fedora 7 “Moonshine has the following features incorporated in its final release:

- 2.6.21 kernel with integrated kernel-based virtual machine (KVM) managed through virt-manager and virsh.
- included Xen and QEMU for virtualization.
- kernel-based support for VMWare VMI interface
- separate bootable live CDs for GNOME and KDE
- a regular image for servers, desktops, and workstations (Fedora Prime)
- desktop uses GNOME 2.18 or KDE 3.5.6
- fast user switching
- Xorg Server 1.3
- packages for enhanced wireless networking
- NetworkManager installed by default either under GNOME or KDE
- new “Flying High” theme
- Firefox 2
- Python 2.5
- improved I18N support with SCIM working automatically
- enhanced number of localization and language packages in the GNOME-based live CD
- a graphical administration tool for SELINUX
- SELINUX troubleshooting tool enabled by default
- integrated FireWire Stack
- improved power management through “dynamic ticks”
- consolidated dictionaries
- experimental “noveau” driver integrated in Xorg and kernel (disabled by default). Noveau is a free and open source 3D driver for nVidia cards.
- improved performance for yum, Pirut, and Pup.
- support for Playstation 3

More Fedora 7 “Moonshine” features can be found at the Fedora Project Wiki. You can also take a tour of Fedora 7 at the Fedora 7 Tour site.

Release Downloads

Fedora 7 “Moonshine” is available for x86, x86_64, and PPC platforms.You can download Fedora 7 directly at the following:

Fedora download site.
FedoraTorrents
Fedora 7 x86/i386 ISOs
Fedora 7 x86_64 ISOs
Fedora 7 PPC ISOs

Summary

I hope to download the release either this week or by next week. For the first few days of the release, the Fedora servers will be flooded with downloads since mirrors are scrambling to sync with the new material. I might join in while I can (bandwidth permitting).

I hope to see this really to be really good.

Other links:
Fedora Mailinglist Announcement Email
Fedora Project Wiki
Fedora 7 Release Summary
Fedora 7 Release Notes
Fedora 7 Category of Features

Technorati : fedora 7, release, linux, open, source
Site Search Tags: Fedora, 7, release, linux, open, source

As you can see, the blog now has a new look. I re-coded the html and the css for the template and instead of using tables, the template is now purely div. No more tables.

Yes, there are still some things left for adjustments. However the blog looks fine for now. I will fix anything I’ll encounter later.

For now, I’m off to bed.

A district court in Finland unanimously issued a ruling for the dismissal of the cases filed against the defendants Mikko Rauhala and an unnamed website poster who published his own implementation of the CSS circumvention hack on Rauhala’s website.

CSS, or the “Content Scrambling System”, is widely used to protect most the content of currently existing DVD discs. However, in 1999 a Norwegian hacker succesfully circumvented the said “protection scheme” and several variants of the CSS circumvention code has scattered all over the internet. Testimonies from two experts also aided the Finnish district court to rule out the case filed against Mikko Rauhala and party.

Related story can be found at Oikeuden edessä | Finnish court rules CSS protection used in DVDs “ineffective”

Technorati: law, DVD, protection, hack
Site Search Tags: law, DVD, protection, hack

Recently, Novell and the Electronic Frontier Foundation entered into a partnership to join EFF’s fight against software patents.

With this recent move by Novell in providing funding for the EFF, left a lot of hardline opensource advocates baffled. Novell is lending a hand in fighting patents yet on the other, it entered into an agreement with Microsoft on patent protection.

Other people might be baffled by this recent Novell move, however, I see it as a wise defensive tactic. How so? At present, Novell is actively pursuing its Linux business and Linux-based solutions, while developing, co-developing, and sponsoring opensource projects and initiatives. Microsoft on the other hand is also busy tossing FUD (fear, uncertainty, and doubt) against opensource in general and Linux in particular whilst also engaging in its own opensource tango (CodePlex, DLR, etc..). There is really nothing that can stop Microsoft from tossing FUD, rattling prospective and existing customers using Linux and opensource. The only recourse on Novell’s mind is to have a “short term” solution, err protection, to its own client base from Microsoft’s allegations.

It’s partnership on the other hand is THE “long term” solution. Despite Novell being a part proprietary-part opensource outfit, it seems to have recognized the hassle that software patents brought. And it seems that Novell also has come to understand that software patents plus ingenuity is not equal to software innovation. Partnering with the EFF is one way to speed up the process of doing away with software patents.

What will Novell get as a benefit out of its EFF partnership? IF the EFF will be successful in lobbying against software patents, Novell will be one of the first companies to benefit from it. How so? It will by then be able to develop innovative products that will really cater to what their customers need without spending too much on research and development and reuse available techniques without fear of being muscled because it has encroached on patents.

Where will this leave the opensource community? The community will grow along with Novell and Red Hat to exponentially epic proportions. Why? Same reason that applies with Novell, no more fear of being chased down the street by a mad mafia boss because you are on the same business as he is and selling almost the same product as he is at the fraction of the cost.

Yes, my outlook of the future is a lot more prestine than what is happening right now. If the future will be what I think it is should EFF + Novell = No Software Patents, then I see no reason why I am not going to support this move.

And lastly, I think there are now a lot of MS lawyers scrambling and scratching heads how to get away from the SuSE Linux coupons fiasco. Before we know it, MS might become under the GPL by hook or by crook. He who laughs last, laughs loudest.

Technorati EFF, Novell, Microsoft, Linux, open, source, software, patents,
Site Search Tags: EFF, Novell, Microsoft, Linux, open, source, software, patents,

I had just finished installing the server version of Ubuntu “Feisty” 7.04 and decided to install Apache. Though the Apache build that came with the Feisty repository is ok, setting it up appears to be confusing to me since they broke everything up into different configuration files and threw everything to God knows which directory setting. So I ended up removing the repo build of Apache and decided to download from the Apache website directly and compile Apache from source.

And I thought it will be quick. So I thought.

After downloading the package, by the way I got the 2.2 version, I immediately extracted it using the trusted ‘tar xzvf
‘ command and changed directory to the newly extracted one. fired up ‘./configure’ and BAM! I was greeted by “Cannot create executable”.

To resolve the matter, I installed libc6-dev by firing up ‘apt-get install libc6-dev‘

libc6-dev is a set of compiler libraries and dependencies. Make sure that you have uncommented the entries in your /etc/apt/sources.list so that you can get the package from the repository.

After installing the package, I resumed compilation of Apache, and everything went smooth as silk.

However, it seems my job is not quite done yet. I have to install PHP. After downloading and extracting the package, I tried to install with "./configure --with-apxs2=/usr/local/apache2/bin/apxs"
. However, I was greeted with another error: "C++ compiler cannot create executable". Surely, this is not just a fluke. Just to be sure and to remedy everything with one stroke, I fired up 'apt-get install build-essential'.

And that one last set of commands put a period on the issue. build-essential contains every library and dependency required to build applications on top of Linux — including those supported by libc6-dev. My compilation has been smooth eversince.

Technorati: gcc, error, Cannot+create+executable, Ubuntu, feisty, linux
Site Search Tags: gcc, error, Cannot+create+executable, Ubuntu, feisty, linux

This is the greatest gaming news that I have been waiting for in years! Finally, Blizzard has revealed to the world that it really was working on the sequel to one of the most beloved games of all time — Starcraft.

Blizzard has announced, last May 19, 2007 (May 20 MLA time), that Starcraft 2 is in the works and has shown an intro movie and artwork/screenshot movie for Starcraft 2.

Starcraft 2 will be set after the fall of Aiur. Most notable changes in the game units will be that of the Protoss. The Protoss have the following new units and improvements to augment its powerful cast of characters:

• Zealot - the new Zealot will now have Psionic Blades and can now move blazingly fast by turning their bodies into pure energy for a few microseconds and rush towards an enemy.

  
  Copyright (c) Blizzard Entertainment

• Immortal - is a hybrid Protoss unit that possesses the Dragoon’s powerful lower body and movement fused with veteran Protoss warriors who wants to continue in the Khala’s servitude. Immortals are armed with Twin Phase Disruptors and hardened energy shields true to the Dragoon tradition.

  
  Copyright (c) Blizzard Entertainment

• Stalker - the Stalker was inspired from the mighty Dragoon and was developed by the Dark Templars as one of their vital attack machines. What sets the Stalker apart from the Dragoon and the Immortal is that the Stalker’s metal body was fused with the shadow-essence of the Dark Templar and is also capable of cloaking/invisibility.

  
  Copyright (c) Blizzard Entertainment

• Phase Prism - this unit is part transport, part mobile pylon. Phase Prisms can provide teleportation for speedy transport of advanced attack/defense units into the battlefield. What makes Phase Prisms incredibly handy is that it can be used as a temporary replacement for damaged or destroyed pylons. However whereever Phase Prisms are deployed, Protoss buildings can be built on, allowing Phase Prisms to be used as preliminary providers of advanced bases without the need for pylons.

  
  Copyright (c) Blizzard Entertainment

• Warp Gate/Gateway - the traditional Gateway has also been retrofitted so that it can now provide warp capabilities towards advanced fronts by working in conjunction with the Phase Prism. By using the Phase Prism and Warp Gate simultaneously, Protoss teams can be dispatched faster to advanced battle fronts.

  
  Copyright (c) Blizzard Entertainment

Other unit improvements
Blizzard is yet to announce other feature improvements to the Terran and Zerg races. Either way, Blizzard is aiming to make Starcraft II as balanced as possible as in the tradition of the previous Starcraft version.

Revamped Game Engine
Starcraft II uses an all new 3D engine with an integrated Havok physics engine for added realism.

When will this be released?
Blizzard hasn’t set any release dates yet. Judging by the quality of the screenshots and the in-game movie captures, its possible we will be able to see Starcraft II in store shelves within the year, possibly on the holiday season.

Will this be DirectX 10 compatible?
Blizzard said this is compatible to DirectX 10 however they have yet to decide if Starcraft II will use effects exclusively supported by DirectX 10. On a compatibility standpoint, they want the game to work for as many systems as possibly can. This will mean they might optimize the game to support DirectX 9 or DirectX 8 with good reason.

How can I get a demo/beta?
As of yet, Blizzard hasn’t released a public beta or demo. And if ever they will, Blizzard will announce it.

On what platforms will this be available?
So far, Blizzard explicitly declared it will be releasing versions for the PC and Mac. However, Starcraft II will also be compatible with Windows Vista.

Will this run on Linux?
Hopefully, Blizzard will release a Linux version. However, they haven’t announced regarding this move. Regardless, people at CodeWeavers will be anticipating this and will possibly test compatibility with CrossOver Linux for the Linux-based patrons.

Summary
I have been waiting for this announcement for a very long time. When I was still in High School, I have been longing for the day when Blizzard will release the sequel to a favorite game. When they announced years before that they are working on Starcraft Ghost instead of Starcraft II, I was devastated.

No longer.

This announcement by Blizzard has definitely brought Christmas very very early. And I sure bet that Blizzard will be releasing this on the holiday season. And I am pretty sure this will go head to head with existing titles like Command and Conquer: Generals, World of Warcraft, and the like.

This is really going to be an interesting gaming year.

Related sites:
Official Starcraft II website
Blizzard website

Technorati: Starcraft 2, Blizzard, gaming, video+game,
Site Search Tags: Starcraft 2, Blizzard, gaming, video+game,

Mark Webbink, deputy general counsel and secretary at Red Hat announced that RH had entered into contract with Ascender Corp, a leading font foundry, to create the Liberation Fonts which is planned to replace the Arial, Courier New, and Times New Roman fonts which are widely used on Red Hat as well as other Linux-based systems. Though these fonts are not available by default, Linux users tend to install these fonts in order to provide compatibility and support for existing documents which were generated from Microsoft Office as well as other applications that use these fonts.

So far according to Webbink, Liberation is still incomplete with hinting available only at font size 8 up to 40. Any size lesser or higher than the predetermined sizes will have undesirable results. However, the project team expects Liberation to be complete before the end of the year.

Though this is a welcome news for a lot of users of Linux and opensource software, a lot of veteran designers and font enthusiasts think that the fonts are not up what they are designed to be. Of course design work has rigorous demands regarding the typefaces that are used.

Regardless, a lot of people are looking to the time this project will be finished with complete hinting plus better localization support. I myself will be looking at this on a positive light and if the font quality will be _at par_ with the font faces that we use, or even better, then perhaps I will consider these fonts for full time use. However, I will never ever replace Helvetica as ultimate font favorite for multipurpose use.

Technorati : Red, Hat, liberation, free, fonts, linux
Site Search Tags: Red, Hat, liberation, free, fonts, linux

Just when the rainbow guys are busy dodging flak from its recent declaration of Linux having 235+ patent encroachments, the New York Stock Exchange (NYSE) announced it is already on track with its mainframe migration into Unix + Linux.

I can almost hear somebody shouting “Can’t we retake NYSE?!!! $%&@*#@!!!” over at Redmond.

NYSE undertakes IBM mainframe migration to Unix and Linux

Technorati : Linux, migration, mainframe
Site Search Tags: Linux, migration, mainframe

Looks like MS is now looking to doing the Tae Bo instead of doing Aerobics. Recently MS’s Brad Smith and Horacio Gutierrez, in an interview with Fortune expressed MS intent to go after the so called patent infringements. And this is now by no means a walk in the park. This is major tae boing everyone.

Primary targets will be Linux flavors excluding the Linux distribution from recent partner Novell. This means Red Hat, Ubuntu, Debian, Slackware, Oracle, Mepis, and countless other Linux flavors and variants, are all fair game. Brad Smith stressed yet again what Steve Ballmer has been singing since November 2004 — Linux infringes on MS patents. This time around, Brad Smith goes on to mention a total of 235 patents in all. However, they haven’t mentioned anything specific as to which patent is infringed and what these infringed patented components really do. Yes folks, it’s FUD season again.

You might be asking why now? Simple. Dell has recently announced support for Ubuntu and is planning to pre-load the Linux distribution into some of Dell’s machines slated for the opensource and Linux markets. Dell’s announcement has been hugely discussed in forums, and featured in various media formats. Thus MS couldn’t resist putting up fudding yet again to dispel would be migrants as well as those already slowly migrating to Linux fulltime.

John Soat has written his revelation on one of his columns regarding the possible horrors of patent shoving and moshpitting. John has even went on to say October 2007 will be THE time when patents will be shoved down various unwilling throats.

Will this recent action by MS ignite the proverbial patent war spark and inevitably start a long and destructive patent war? This I gotta see.

Related stories:
on Linux-Watch
on CNN-Money/Fortune
on E-Week

Technorati : Linux, Microsoft, patent,
Site Search Tags: Linux, Microsoft, patent,

BIG QUESTION: IS MICROSOFT DISCREETLY and NON-CHALANTLY JUMPING INTO OPENSOURCE?

Answer: I bet they are. That’s a big YES.

Obvious Reason 1:

Early this year, Microsoft launched CodePlex (http://www.codeplex.com/). According to the CodePlex website:

CodePlex is Microsoft’s open source project hosting web site. You can use CodePlex to create new projects to share with the world, join others who have already started their own projects, or use the applications on this site and provide feedback.

In other words, CodePlex is more like SourceForge, Novell-Forge, and others before it.

Obvious Reason 2:

In this years recently concluded Mix07 event, Microsoft launched Silverlight, IronRuby, and Dynamic Language Runtime. What’s noticeable with DLR compared to CLR is that DLR will be using the “Microsoft Permissive License” (Ms-PL). Ms-PL is pretty much based on the BSD license. What this means is that developers can create .NET applications using the DLR and freely distribute and modify the source-code. (That’s pretty opensource to me.)

Regardless, the recent actions taken by Microsoft regarding its latest announcements might be welcoming to my ears as an opensource advocate. However, that doesn’t mean I’m jumping ship again ang go Vista. No sireee! A penguin still resides in me. What’s good with DLR is that any application developed via DLR will have a high likelihood of running seamless on Mono in Linux. That will be a welcome news in increasing the number of available applications on top of Linux. And I won’t mind .NET at all.

More related articles can be found at:
Jim Hugunin on DLR
ArsTechnica Article: Microsoft reveals Dynamic Language Runtime for .NET
Miguel de Icaza on DLR
The Microsoft Permissive License

Technorati: Dynamic, Languages, Runtime, DLR, Microsoft, .NET
Site Search Tags: Dynamic, Languages, Runtime, DLR, Microsoft, .NET

It has been a while since I’ve put up any updates into this blog. And I think it is time to have a series of updates put up.

First off, I am currently busy with work (like who isn’t?). I am also preparing for a certification exam. Yeah, yeah, certifications tend to be either product-centric, or vendor-centric. However, the need to have this certification has a lot more to do with what I do as a pre-sales and technical support, and the fate of the division of the company that I am working for. The certification I am preparing for is the Novell Certified Linux Professional certification. That means I am currently wrestling with SuSE Linux Enterprise Server 10, and SuSE Linux Enterprise Desktop 10. Anyways, enough about that. I’ll just put the details about the certification as an update later.

During my blogging hiatus, I’ve been travelling and studying, aside from giving technical support and provide training to co-workers as well as employees of our sister company. Since I have remote access to the main server, I get to download Linux distributions expanding my collection which primarily is composed of mainline distros, livecds, not-so-known and exotic distros, to even include BSD derivatives.

The following is a list of all the distros I have so far. My collection is composed of fairly old and fairly recent distros.

• AsteriskNow 1.4 x86 (CD)
• Backtrack 1 (CD)
• Backtrack 2 (CD)
• Bayanihan 4 (CD)
• CentOS 5 i386 (DVD)
• Damn Small Linux 3 (less than a CD)
• DreamLinux 2.2GL (CD)
• Edubuntu 5.10 (CD)
• Engarde Secure Linux 3.0 Community Edition (CD)
• Freespire 1.0 (CD)
• Knoppix 3.7 (CD)
• Knoppix 4.02 (CD)
• Knoppix 5 (CD)
• Musix GNU/Linux (CD)
• Nitix 4 (CD)
• nUbuntu 6.10 (CD)
• OpenSUSE 10.2 Remastered (DVD)
• Owl 2.0 i386 (CD)
• PC Linux OS “Big Daddy” p93a (CD)
• Puppy Linux 2.14 (less than a CD)
• Sabayon 3.1 mini edition (CD)
• Shurdix (less than a CD)
• SuSE Linux Enterprise Server 8 (CD set)
• SuSE Linux Enterprise Server 9 (CD set)
• SuSE Linux Enterprise Desktop 10 (DVD, CD set)
• SuSE Linux Enterprise Server 10 (DVD)
• Trustix 3.05 (CD)
• United Linux (CD set)
• Ubuntu 5.04 “Hoary Hedgehog” (CD)
• Ubuntu 5.10 “Breezy Badger” (CD)
• Ubuntu 6.06 “Dapper Drake” (CD)
• Ubuntu 6.10 “Edgy Eft” (CD)
• Ubuntu 7.04 “Feisty Fawn” Server (CD)
• Ubuntu 7.04 “Feisty Fawn” Desktop (CD)
• Ubuntu 7.04 “Feisty Fawn” Alternate (CD)
• Ulteo KDE i386 “Sirius” (CD)
• Vector Linux 5.8 Gold (CD)

Others:

• NetBSD 3.0.1 (CD)
• ReactOS 0.3.0 (CD)
• OpenBSD 3.8
• FreeBSD 6.2 (CD set)

For those who would want a copy, I’m afraid I will only be able to share with people in or near Cagayan de Oro City.

Will I put these up for download? Certainly not. The cost of bandwidth, plus maintaining the server will be too much work for me. If you really want to get hold of any of the distros mentioned, you can try DistroWatch or Ibiblio. Most of the distros have links at these sites.

Technorati : Linux, distros,
Site Search Tags: Linux, distros,

Copyright © 2007 hardwyrd

There are many factors in choosing the best Linux distribution for your own use. The following is just a basic guide for those who wants to be serious about using Linux.

Factors to consider:
1. Internet connection - if you have a fairly good internet connection, then you will have a greater chance of fully customizing your chosen distro and take advantage of your distro’s available online repositories to install the applications that you really need.

2. Existing hardware - do take note the hardware specifications of your PC. This will also dictate which distro you will be able to successfully install without thinking if your existing peripherals will work on your chosen distro. Consider your network adapter, external and internal modem, bluetooth adapter, CD/DVD drive, hard drive type (SATA,SAS,IDE), motherboard chipset, available RAM, sound card, and so on. Do not forget your scanner and printer.

3. Available disk space - some distros are huge. You have to put drive space into consideration so that you can fine tune your Linux install and install only needed and required applications and components. The sleeker the install, the better.

4. Specific purpose for using Linux - consider your reason why you are using Linux. Are you using it as a general purpose desktop? a multimedia and audio/video editing system? a server (web, portal, application/database backend, firewall/IDS/IPS? If you identify your purpose, you might be able to find a suitable pre-built distro that will require little customization for you so that you are good to go in a matter of minutes.

So which distro will I need?

There are a lot of distros you can use. Choosing which one is a daunting task. Ask somebody who is experienced with Linux, or just take some hints from this guide.

1. Full Distro - these distros are multi-purpose full packages, usually multi-CD (up to 5 or 6) installers, some already comes as DVD downloads. It comes with a lot of productivity applications, network tools, multimedia applications, and a lot more. These also have fairly good driver support and somewhat polished making these distros considerable usable for novice users. These distros also are fully customizable and you do not have to download sources or binaries just to install your favorite application. The distro already comes with a mini package repository for you to peruse and use.

Sample Distros: SuSE Linux, Red Hat/Fedora, Slackware, Mandriva, Debian, Linspire, Xandros

2. Live CDs / Mini Distros - these are distros that are not entirely full when distributed or downloaded. These distros come as bootable live cds where you can run them off your CD/DVD drive and use Linux right there. The trade off is you will be limited to the read speed of the optical drive, plus the available RAM. Sometimes it will come to a crawling wait. However, these can be installed directly into the hard drive however, you will need to configure the install to fetch packages from the internet for customized install.

Sample Distros: Ubuntu, Knoppix/Kanotix, Morphix, Debian, Mepis, Sabayon, Ulteo, Kororaa, FreeSpire

3. Specialist Distros - these distros come pre-configured and are somewhat fixed for a specific purpose. These are also quite difficult to reconfigure since these were built to serve as what the author of the distro intended it to be. These can be either used on cellphones, firewalls, IDS/IPS, VoIP solutions, servers, etc.. These too are not advisable for novice users.

Sample Distro/Builds: AsteriskNow, TrixBox, Shurdix, Engarde Security Linux, Nitix

Conclusion

There really is no perfect fit for a Linux distribution to a specific user since the user’s needs will change in time. First thing to do before downloading a distro is to take a look at its Technical Specification available at the distro’s site and take note of its System Requirements and its Package List. It is also worth noting some things in its Changelog. This will save you loads of time when installing and prevent yourself from encountering problems later. It will also be great if you can read reviews of your intended Linux distribution to use and know what other people think.

There are still a lot of Linux distros that I wasn’t able to mention however you can visit http://distrowatch.com/ for a list of distros that you can choose from.

Have a great Linux day!

Technorati: Linux, distro, open-source
Site Search Tags: Linux, distro, open-source

A few days after Steve Jobs, Apple CEO, spearheaded the iPhone introduction at MacWorld, enterprise computing analysts are calling the iPhone to make no significant impact in the enterprise.

It comes to no surprise for me after reading InternetNews.com’s article regarding analysts “clamor” to hold the iPhone from being used in the business sector. Avi Greengart, analyst for Current Analysis is quoted as saying:

"As beautiful as the iPhone design is, physical design isn't what handset vendors are lacking,.."

"...there will be some reevaluation of the usefulness [of the iPhone] in the market,..."

"[the iPhone] will have very little impact on the business community,..."

"A lot of the innovation we see on the iPhone we've seen first on the Treo,"

"[The iPhone introduction] makes the incredibly crowded smartphone market even more crowded, ..."


Greengart’s assessment of the iPhone introduction is probably based on long-time experience in observing the mobile and smartphone markets. He’s right, to a point, that current phone offerings does not necessarily lack design oomph, and that some of the features included in the iPhone were indeed seen first with the Treo or other earlier released mobile phone.

The thing is, Apple is not necessarily claiming to have first developed some of the technologies in iPhone. Nor was Apple claiming to be the first to use these technologies. What Apple did was improve — again, the word is improve — on the currently available technology and adapted it for their target market. I for one find the Multi-Touch screen to be an even better option than using minute keys on an otherwise pitifully arranged keypad, or even using the stylus commonly used by current PDA models and smartphone. To me, the overall design improvement that Apple introduced to the otherwise docile touchscreen is a welcome sight.

The Apple iPhone. http://www.apple.com/iphone.
Image courtesy of Internetnews.com.

Missing features, security, and other qualms
Some things pointed out by Greengart and other analysts interviewed by InternetNews.com were that the iPhone did not include 3G making it unable to download content directly from its iTunes site, mobile TV capabilities, and cannot import applications (perhaps he means applications from other mobile phones). Another issue that enterprise analysts are pointing out is that the iPhone does not include secure corporate email and corporate-level controls.

Certainly, to the technically uninitiated, these sound like valid issues.

What Avi Greengart and other enterprise analysts has yet to realize is that the iPhone is still largely an “infant” product joining an overgrown, haphazardly organized, and tumultous mobile market. Knowing about Apple, the iPhone is in my own opinion only halfway complete. The currently unveiled product is pretty much targeted at the bottom level mobile user base, the ones that use their phone for virtually anything and everything without hindrance, and with simplified usability in mind. All the user could care for is that it is slick, it is cool, usable, and it works. The iPhone was made to be as usable to the very novice as well as the most technically savvy user, treating the user to as much eye candy as the user can handle. Clearly, the iPhone was designed with much emphasis being put on how the users will use their phones.

Apple always want to make their products to be set as far apart from other products as possible. 3G is pretty much standard in mobile phones today and I’m sure Steve Jobs doesn’t want his new pet project to be “just like the rest”. He wants it to be “better at best”. Ditching 3G perhaps is one indication that the iPhone is not your run-off-the-mill phone. But that doesn’t mean that without 3G the iPhone is trash. iPhone leverages pretty much on WiFi and Bluetooth — two technologies that Apple also widely used and popularized, perhaps even pioneered and helped to be introduced to the mainstream market. Since the iPhone is still largely under evaluation from the FCC for authorization, that will certainly not stop Apple from having second-thoughts later and incorporate 3G support before the final retail product ships within the year. After all, this is still largely Apple’s call.

As for application import, analysts should have noticed that the iPhone is indeed a different phone in its own right. It is using a slightly modified Mac OS X, which is in fact a full operating system embedded on a small frame with 4Gb - 8Gb of memory. In essence, the iPhone is in fact a computer that works like a phone, instead of the other way around. For applications, it doesn’t need the applications that can be found on other phones. Why? It already has applications and widgets from OS X that are waiting to be exported to the iPhone. This again sets iPhone apart from other phones. The stroke of genius, the “killer app”. Applications that only iPhone has and none other.

And with regards to secure corporate email and corporate-level controls, this once again falls back to the fact that Mac OS X has multitude of corporate users and applications. These can then be harnessed for inclusion and support for iPhone without much modification to the code perhaps only downsizing the application a bit. Email can even be accessed through the secure corporate intranet using traditional TCP/IP protocols like HTTPS, wrap in VPN tunnels, IPSec, or what-have-you. Anything is possible. In earnest, the iPhone is leveraging internet functionality on the go.

Bottomline is, analysts want to tone down the hype that Apple’s iPhone has brought. But reality is, it is still relatively very very early to conclude that the iPhone will not be supported in the enterprise. If your infrastructure supports WiFi, the TCP/IP Stack, VPN, Bluetooth, or Mac OS X, chances are that you are already welcoming the arrival of Enterprise iPhone without even knowing that you already are.

Will we see the iPhone being used on the enterprise? Will the iPhone go head-to-head with RIM’s Blackberry or other enterprise mobile handheld? Could be. All we can do is sit back and watch as the events unfold.

Apple, iPhone, enterprise, mobile, phone, communication
Site Search Tags: Apple, iPhone, enterprise, mobile, phone, communication

Apple’s unveiling of its latest product, iPhone, has caused so much stirring at virtually every corner of the known technology universe. This is attributed largely for the iPhone’s super hybrid personality. It made the Mac users frolick, the current mobile aficionados drool, the Windows CE users have second-thoughts, and the Linux Mobile Phone community re-think about strategies.

Something closer to home
With raised-hands, the iPhone is a slick, sophisticated device with a plethora of features that gadget goers dream about — WiFi, embbeded OS X and Safari, 8Gb memory, super clear display, full multimedia functionality, hi-tech touch screen, and many more features. Fanboys and practical users alike will want to get their hands dirty on this new Apple craze. However, has anyone looked deeply at iPhone and see something very similar and closer to home? I hope the following pictures will give you a clue.

Courtesy of Linux-Devices. ©

Courtesy of Linux-Devices. ©

Courtesy of Apple. ©

Picture #1 is E-Ten’s G500 PDA-Phone, originally runs on Windows Mobile but was successfully made to run Linux with 2.6.18.2 kernel, GPE Palmtop Environment PDA Application Stack, and HaRET (handset reverse engineering tool) on NFS. Though a an opensource pet project to start the opensource mobile initiatives rolling, it never quite caught on mainstream use just yet. Visit its project page here.

Picture #2 is the E28 “Hawk” FMC Phone. This device has 3G/WiFi on top of BridgePort Network’s fixed-mobile convergence (FMC) infrastructure. This device runs on Linux and has a two-megapixel camera, video recording and playback, MP3 player, picture address book, PIM functionality, SMS and MMS client, an Access Netfront web browser (HTML and WAP 2.0), Esmertec J2ME, and an email (POP, SMTP, eSMTP) client. More info can be found at Linux-Device’s feature article.

Picture #3 is the “Neo1973″ FIC GTA001, the first phone to use the OpenMoko platform. Neo1973’s internals feature the ARM9 core with an application processor based on the Samsung S3C2410 SoC (system-on-chip). It has 128MB of RAM, and 64MB of flash, along with an upgradable 64MB MicroSD card. When it was revealed in 2006, the Neo1973 became the opensource community’s ideal flagship for opensource initiatives in the mobile phone sector. When it was revealed, the device runs on Linux kernel 2.6.18 with the user interface driven by the Matchbox Window Manager on GTK+ 2.x. The following are some screenshots of Neo1973 at work. Notice the polished glitz.

Courtesy of Linux-Devices. ©

Courtesy of Linux-Devices. ©

Courtesy of Linux-Devices. ©

The last screenshot of course is from Apple’s iPhone. More details can be found at Apple’s website.

The unthinkable has happened.
Nobody has foreseen that Apple will be entering the mobile phone market. Even more so, nobody has foreseen that Apple will be entering the media market (think Disney et. al.). With Apple’s grip on the media market through Pixar and Disney, it now has the machinery to dictate certain aspects of the media and the media market is ripe for the picking. With its release of the iPod, and subsequent releases of iPod variants (Shuffle, Nano), and the ever growing influence of iTunes, Apple not only gained a solid footing to control the media market, it now has the biggest source of content at its disposal. The iPhone will now solidify Apple’s media content stranglehold and nobody can do anything about it. It’s got the best gadgets to access content, and it’s got the content that anyone and everyone will want to access.

Where will this lead Linux-based Phones?
This is another learning point for the community at hand. The community was basically the first to think of the idea. However, the dilemma is that the community is so big and the idea needs to be thought of coherently in order to be executed properly. And coherence is hard to come by in the opensource world. For the Linux phone market to mature, open-mobile proponents must need to be coherent, establish the most common standard, and look for that “killer app” according to Eric S. Raymond, and there will be a future for the Linux phones.

In comparison, Apple as a company and an engineering and media marketing power, is very much focused, and is very nitpicky with the fact that Steve Jobs is calling all the shots. It has to either work, or it’s out. In the opensource community, if it doesn’t work, find a way to make it work. Apple is not like that. If something doesn’t work, find something to replace it or something better than it to substitute it. Add to that, Apple’s design philosophy sticks by keeping things simple yet elegant. The ultimate in design zen. This allows their product designs to be the envy of every manufacturer and the ultimate want of consumers.

It is still relatively very early. The iPhone has yet to secure FCC authorization. And as of yet, only Cingular provides connectivity. Linux phones has the advantage of being in the race early on. However, the community of opensource mobile developers will need to adapt quickly to what works and what the users need. It is not about the features that you can cram up inside a device. It is about how the device will be used, and IF the device is usable at all. It is evident that Apple has always put the most novice of users into consideration and designed their products with that idea in mind. And it is definitely high time that we do the same.

The remainder of the year for mobile phones is definitely worth watching out for.

Technorati: iPhone, Apple, Linux, open-source, mobile, phone, handheld, communication

Steve Jobs has just presented another breakthrough in Apple’s latest foray into the mobile phone market in typical Steve Jobs fashion.

On January 9th, Steve Jobs unveiled the iPhone, a hybrid consumer device that is part iPod, part mobile phone and part Internet communications device. Apple has revolutionized how we will be interacting with a handheld device. They have successfully done away with the generic keypad and replaced it with a touchpad. And in typical Apple fashion, it is not just an ordinary keypad. It is called a Multi-Touch keypad, able to distinguish random touches with actual touch controls. It also sports a full-color, high-resolution display and a proximity sensor that senses when you put the device near your ears and automatically switches to phone/talk mode. Internet connection can be done using plain old WiFi. I assume the device can take advantage of WiFi access points already distributed everywhere else. More information about it specifications and features can be found at Apple’s site — http://www.apple.com.

The iPhone definitely is a big shock to a lot of competitors since Apple was able to successfully keep this as a big hush-hush project. Now, I’m sure other phone companies will be scrambling to keep up with Apple’s big leap in the mobile phone market.

The iPhone seems to be based on a lot of “open-mobile” projects out there, including Linux-based phones. It’s not pretty hard for Apple to make one of its own since its flagship OS — Mac OS X — _is_ *nix variant same as Linux. Obviously, Apple re-engineered a lot of things that we have come to know when it comes to mobile phones and devices and are now found in iPhone. The good part is that the iPhone uses the same Aqua/Quartz technology used in Mac OS X, rather, let me rephrase — it runs Mac OS X — allowing Mac OS X users and Devs to customize the phone thoroughly, and uses the same widgets and exchange data back and forth seamlessly in between systems (iPhone —-> iMac/MacBook/iBook/MacMini —-> iPhone). And it supports Windows too according to Steve Jobs.

Think of iPhone as your iPod+PDA/Cellphone+OS X in one package. The 8GB of memory sure packs a wallop! The only drawback as of press time is that only Cingular provides connectivity. And you can find the following statement near the bottom of Apple’s site:

This device has not been authorized as required by the rules of the Federal Communications Commission. This device is not, and may not be, offered for sale or lease, or sold or leased, until authorization is obtained.

Definitely, this means that we cannot as of yet buy one. The device may be release sometime October or later in the year.

Another drawback is that Cisco has trademarked the name “iPhone” and already recalled its “bloodhounds” (legal department) into action to eke out Apple regarding the iPhone name.

Regardless, the Apple iPhone is certainly a mind-blowing handheld by leaps and bounds and in typical Apple style, has once again set the standards of the future look and feel of mobile devices. And about the “iPhone” name? Apple might settle it out with Cisco, ending up in paying something to Cisco, or Apple will change “iPhone” to another name. Of course, I have a list of suggested names. Though I have not licensed these names, As of presstime, we can consider these names as “prior art”.

Suggested replacement names for “iPhone”:

- “Apple Mobile”
- “iMobile”
- “iDev”
- “Apple 1-Phone”
- “Apple iHand”
- “iHand”
- “Apple onePhone”
- “onePhone”
- “1Phone”

Once the setbacks are ironed out, I’d try to save up and get myself one as soon as Philippine Mobile Service Providers will support it.

Related articles:
http://www.engadget.com/2007/01/09/live-from-macworld-2007-steve-jobs-keynote/
http://www.infoworld.com/article/07/01/10/HNhandsetstocks_1.html?source=rss&url=http://www.infoworld.com/article/07/01/10/HNhandsetstocks_1.html
http://www.linuxdevices.com/news/NS7732079254.html
http://www.lockergnome.com/nexus/news/2007/01/09/apple-reinvents-the-phone-with-iphone/

UPDATE 01-13-2007:
I have removed the following from my suggested names since when I checked out forums and blog comments dated earlier than my post showed the following iPhone name suggestions.

- “iCell”
- “Apple Phone”
- “iTalk”
- “iFone”
- “iGear”

Technorati: iPhone, Apple, Mobile, Phone
Site Search Tags: iPhone, Apple, Mobile, Phone

Today is a very hectic day for the Technical Support Department where I also belong. Our current network cabling infrastructure is already old and we have to admit, it seldom enjoy a thorough and healthy checkup from the cabling/network team. When it was being checked up today, we were surprised to find out that rats have chewed up the UTPs almost clean through. Even the power cords were not spared. Our mail and web server suffered some problems perhaps due indirectly to short-circuited links which we are also currently investigating.

However, this post is not about the issues we are encountering. This post is about a single email that I received in the wee hours of the morning today. The email I’m talking about is a personal email from CodeWeavers CEO Jeremy White. It says, and I quote:

From: Jeremy White
To: hardwyrd
Date: Jan 9, 2007 1:35 AM
Subject: Thanks for all your help in testing CrossOver Linux
mailed-by: www1.codeweavers.com

Hi,

I am writing to you because you submitted one or more problem
reports to us throughout our long beta test cycle for CrossOver Linux.

I am happy to announce that we will be officially shipping
a first production version of CrossOver tomorrow morning.

Further, we were able only to improve and fine tune CrossOver
because of all your help in testing. So thank you!
We appreciate it greatly. Not only that, but your help has
helped us to improve Wine, so the entire open source Wine community
thanks you as well!

Now, our first agenda right after launch is to get hard to work
on our next version; we still have a lot of problems and issues
we intend to fix as quickly as we can.

However, we will be shifting away from a public beta forum,
and shifting instead to a private, invitation only beta process.

Because you were helpful to us, you are part of
that elite 'invitation only' crowd, and your account record
with us has been flagged with access to the 'private' beta center.

This will mean you will get an occassional email (perhaps
6-10 times a year) informing you that new test releases
are available.

If you do *not* want to be involved in future betas, please
write us back at info.at.codeweavers.com, and we will take you off
right away.

Please note that we hate spam, and we will never knowingly use
this list to spam you in any way; all we will do is send you
an email when a new version of CrossOver is available for testing.

At any rate, thank you once again for all of your help with CrossOver;
we greatly appreciate it.

Cheers,

Jeremy

I am very grateful to Jeremy White and the team at CodeWeavers for making me one of the Private Beta Testers for upcoming releases of CrossOver Linux which I believe is one hell of a product that nobody can do without.

Of course, I’ll be putting here whatever I’ll encounter during my tests.

More power CodeWeavers and thanks!

Visit them at http://www.codeweavers.com

Technorati: CrossOver, Linux, CodeWeavers, Beta, Test, SuSE, SLED10
Site Search Tags: CrossOver, Linux, CodeWeavers, Beta, Test, SuSE, SLED10

I have a few hours left at the office, and I’ll be on my way home. However it’s been raining quite hard and the commute’s going to take an hour of idle time. While waiting for the rain to stop and with nothing to do, I decided to list down my personal motivations of why I opt to using Free/Libre Open Source Software including Linux et. al.

Salutations!
Before I go on and ramble about the why’s of my choosing Free/Libre as software of choice, I would like to take this opportunity to ‘kiss-ass’ a little to some of the people that brought the ideals of free and opensource software to the world. No, I do not want to deal with the debate on which to choose — ‘Free as in FSF’ or ‘Open as in OSI/OSDL’ — both appeal to me better than the moldy, locked in, delayed, and utterly dismal commercial/closed proprietary software.

1. RMS and company at FSF and GNU - thanks for working very hard to foster the ideals of free/libre software. Everything wouldn’t have materialized if you and your gang did not start the ball rolling.

2. Linus Torvalds and the guys at OSDL, including the kernel maintainers - thanks for keeping up with the labor-intensive task of bringing to life the very heart and soul of popular opensource — the Linux kernel. Keep up the good work.

3. Eric S. Raymond and John ‘Mad Dog’ Hall - thanks Eric for being the proverbial and prolific writer. The papers that rolled out of your keyboard are inspirations — literally. Thanks John for your work in propagating Linux and opensource awareness — literally one of the earlier ‘arms and legs’ that worked hard to bring what Linux is today.

4. The Red Hat, Slackware, Debian, and Gentoo teams - thank you for bringing such great distributions which later on became the pillars of more great distros. Linux’s coming of age is already here. Desktop Linux is already near fruition. My gratitudes to you all.

5. The entire community of opensource devs, contributors, users and supporters - such a big community. Thanks for bringing all the precious tools, countless hours of dev time and debugging, not to mention the endless internal bickerings, just to be able to bring the best distributions and applications and give people the bestest excuse not to use the ‘dismal ones’.

Of course, I cannot name all the people that deserve to be thanked. But all in all, thanks!

Now, enough kiss-assing, and on to what this post is really about. Before you read on, the following are my own personal opinion which are entirely based on my own experiences. The things that I am going to emphasize happened to me your experience might not be the same as mine. Give me credit for expressing my opinion. I’m entitled to it. Afterall, its a free world!

What is the reason of going Free/Libre?
There are a plethora and countless reasons why I am going Free/Libre. Sure, I’ve used Windows. Virtually every version of it including Vista, I’ve seen and used. And I cannot say that I am content with it. Sure, Windows 2000 in my opinion is the only version that I like and I felt is the best Windows ever. Note the ‘best Windows ever’ and not the best OS ever. Windows will never be the best OS ever and everyone can attest to that.

Reason 1: Freedom
The first time that I started to go Free/Libre, the feeling was of uncertainty. Yeah sure, marketing specialists and sales persons know the phrase ‘You have to sell out of your comfort zone’. And that is what I did. I was comfortable with DOS and Windows. But that’s just about it — only ‘comfortable’.

Reason 2: Security
The only time I felt somehow (read the word: “somehow”) secured was when I used Mac OS X, and Linux instead of Windows. Windows is just one hell of a jute sack. A lot of ‘things’ just seep through.

Reason 3: Cost
Yes, I have tried and used Mac OS X since Jaguar til Tiger. And yep I admit it is a sleek animal and a very cunning one at that. It comes with a lot of whizbang effects, anti-aliasing, lots of applications and games that you can find in Windows, plus the added security and stability that you have come to love of Unix which by the way flows in its BSD underpinnings. The only drawback? C-O-S-T. Macs just burn one hell of a hole on my pocket. The only time when I got to own a Mac was when my friend Rick (living in CA, USA.) gave me a G3 ‘Lombard’ as a christmas present. It had 400 Mhz CPU, 256 RAM, and a measly 5 Gigs of disk space. What can I ask for? Its obviously a machine that seems to be lying around at his house, and its pretty nice of him to give it to me in order to put it to good use. And put it to good use I did. I’ve ran Jaguar and Panther on it, and then shuffled Ubuntu into it. Then put it back on Panther again. Yes siree, I’ve put that modest (according to Mac user standards) of a machine through some rigorous use. Now, the machine’s retired because I can’t purchase a second-hand adapter-charger for it after the original charger exploded due to a power surge. Honestly I can’t afford to shell out $30 just for an adapter-charger. For Linux? Ranges from zero, zip, nada, nothing, to about a few bucks to have the installer set shipped to you.

Reason 4: Support
Sure, you get support from MS. Through service packs and updates. Count the number of SP releases and updates for Windows being released every patching cycle. Think “Patch Tuesday” and you’ll know what I mean. That’s just counting those issues that are not being declared and issues that MS doesn’t even know exists. Does “Zero-Day” and “Less-Than-Zero-Day” seem familiar? And no, you can’t expect to talk to a competent support crew because your 1-800 call will only be routed to India, Malaysia, Singapore, the Philippines or anywhere that the call center contracted is located in. And no, not all those people who answers your call are “competent” to handle your issues. Long calls, big support bill. Kachiiiing!!!! But of course, you can also just pore over the readily available documents and forums all around the Internet. Now that sounds like what we are also doing for Linux, doesn’t it?

Reason 5: Is there such a thing as driver support?
Yes there is my dear sir (or madame). Contrary to what other people say, Linux has a very comprehensive collection of drivers available. The lack of drivers for certain devices is not entirely Linux’s fault. It is your hardware vendor’s fault — they just don’t want to play nice with Linux and cuddle up with Windows not even thinking that they might have been paying huge fees just to use the Systems Development Kit. Now that is also going to happen to Vista. A lot of currently existing hardware does not work in Vista, and I’m talking about the 64-bit. Is it ready for 2008? NO! According to Eric Raymond, only Mac OS X and Linux (including *nixes) are ready for the 64-bit, and he means the real macoy full 64-bit and not the 32-bit binary of Vista, posing as a 64-bit SW running on top of a 64-bit HW.

Reason 6: Apps, apps, more more apps
Ha! Sure, some apps that you’ve come to love on Windows does not have an equivalent or is a bit different that what you’ve come to know in Windows. But the countless opensource projects floating around the community repositories seem to contradict that popular myth. There are a lot of “equivalents” to popular Windows-based apps. I want to use the word “equivalent” and not the word “alternative” because an equivalent is somehow of equal footing to the other. An alternative connotes something of second rate. Anyways, yes we do have the apps and a lot of these apps are the best of breed. Look at some of Apache’s projects, Blender, GIMP, Banshee, Evolution, Thunderbird, Firefox just to name a few and there are lots more. Plus bugs get ironed out much faster. Ensuring that users will get a good, working application ready to run in no time at all.

Sure, sure. Linux still has some things left to iron out. But guess what? It won’t be long and it will become the king of the hill. Why, you might ask? Because, Vista is nowhere there yet, Mac OS X is expensive, and the opensource devs are at it again, gnashing their teeth and clawing their way to making Linux the best darn OS on the face of the planet. And us users and supporters will be there every step of the way to make sure that it happens.

Technorati: opensource, Linux, linux, free+software, FLOSS, opensource+motivation

InfoWorld (http://www.infoworld.com), has just recently released the list of winners for its annual Technology of the Year Awards. And despite the massive amount of flak that Novell received when it entered a deal with Microsoft, an offshoot of its Linux product line — SuSE Linux Enterprise Desktop 10 (SLED10) — received the recognition that some people might consider to be well-deserved.

The award came as a result of InfoWorld’s review of SLED10 last June of 2006 (read the Review). According to the review:

…Novell should be proud of this latest release. SLED 10 is hands down the most polished desktop Linux distribution I’ve ever used — and that includes Ubuntu. If Novell can sustain the level of effort it put into this release for future versions, SLED will rapidly become a serious contender for enterprise workstation use.

SLED10 was the first to sport the glitzy Xgl/Compiz by default. It also comes bundled with various well-known opensource applications like OpenOffice, Evolution, Mozilla Firefox, Konqueror, Gaim, Gnomeeting, Inkscape, the GIMP, and a cadre of other famous opensource projects.

What many has considered to be SLED10’s appealing feature as a contender for the corporate desktop is its inclusion of various tools that many enterprise admins will really appreciate. It comes with Citrix ICA Client, the handy Acrobat Reader (though you can also use Evince as a choice), Ericom’s PowerTerm WebConnect, HP Toolbox, various clients for Novell’s own products like Groupwise Collaboration and Groupwise Messenger, Novell CASA Manager, not to mention the opensource administration tools.

Though SLED10 is not a perfect desktop (no desktop truly is), and as a SLED10 user at work, I believe that SLED10 deserves the recognition. I know not many will agree with this recognition and I can’t blame them. But looking at the perspective of a corporate user and the corporate administrator, SLED10 is much more ready for the corporate arena than any of the Linux distros out there.

2007 Technology of the Year Awards: Platforms, Desktop
InfoWorld 2007 Technology of the Year Awards Winners List
Novell’s own article announcing the SLED10 Award

Technorati: SLED10, Linux, SLED10+award, Best+Linux+Desktop, Desktop, Novell, SuSE, InfoWorld, 2007+Technology+of+the+Year+Awards
Site Search Tags: SLED10, Linux, SLED10+award, Best+Linux+Desktop, Desktop, Novell, InfoWorld, 2007+Technology+of+the+Year+Awards

InfoWorld (http://www.infoworld.com), has just recently released the list of winners for its annual Technology of the Year Awards. And despite the massive amount of flak that Novell received when it entered a deal with Microsoft, an offshoot of its Linux product line — SuSE Linux Enterprise Desktop 10 (SLED10) — received the recognition that some people might consider to be well-deserved.

The award came as a result of InfoWorld’s review of SLED10 last June of 2006 (read the Review). According to the review:

…Novell should be proud of this latest release. SLED 10 is hands down the most polished desktop Linux distribution I’ve ever used — and that includes Ubuntu. If Novell can sustain the level of effort it put into this release for future versions, SLED will rapidly become a serious contender for enterprise workstation use.

SLED10 was the first to sport the glitzy Xgl/Compiz by default. It also comes bundled with various well-known opensource applications like OpenOffice, Evolution, Mozilla Firefox, Konqueror, Gaim, Gnomeeting, Inkscape, the GIMP, and a cadre of other famous opensource projects.

What many has considered to be SLED10’s appealing feature as a contender for the corporate desktop is its inclusion of various tools that many enterprise admins will really appreciate. It comes with Citrix ICA Client, the handy Acrobat Reader (though you can also use Evince as a choice), Ericom’s PowerTerm WebConnect, HP Toolbox, various clients for Novell’s own products like Groupwise Collaboration and Groupwise Messenger, Novell CASA Manager, not to mention the opensource administration tools.

Though SLED10 is not a perfect desktop (no desktop truly is), and as a SLED10 user at work, I believe that SLED10 deserves the recognition. I know not many will agree with this recognition and I can’t blame them. But looking at the perspective of a corporate user and the corporate administrator, SLED10 is much more ready for the corporate arena than any of the Linux distros out there.

2007 Technology of the Year Awards: Platforms, Desktop
InfoWorld 2007 Technology of the Year Awards Winners List
Novell’s own article announcing the SLED10 Award

Technorati: SLED10, Linux, SLED10+award, Best+Linux+Desktop, Desktop, Novell, InfoWorld, 2007+Technology+of+the+Year+Awards
Site Search Tags: SLED10, Linux, SLED10+award, Best+Linux+Desktop, Desktop, Novell, InfoWorld, 2007+Technology+of+the+Year+Awards

Just hours after a magnitude 7.1 earthquake struck Taiwan, the Philippine’s links to the global internet backbone suffered considerable damage disrupting the country’s Internet and telephony services. Major submarine cables serving PLDT, Smart and Bayantel were said to have suffered damage. Bayantel on the otherhand declared their systems to be operational since Wednesday. Globe and Digitel were not able to provide details on disruptions that affected their networks.

Taiwan is an island situated far to the north of the Philippines, just a few kilometers from Basco, Batanes. Several of the Philippine’s links to the major Internet backbone in Japan and the U.S. passes through Taiwan. This backbone on the otherhand are huge undersea cables, comprising of either copper-based or fiber-based cable, providing high-speed, high-volume connections for traditional phone services as well as Internet and Internet-based services.

Local sites somehow were not affected. Local service providers like LevelUp Games expressed no significant disruptions to their service since users of LevelUp’s services are based locally. However access to major international sites like Yahoo!, CNN, are still largely intermittent. Online content providers like YouTube, Flickr, MetaCafe, and others are also intermittent. It may still yet be a few days’ wait before connection will be stable enough.

Related news at:
INQ7.net

Technorati: Taiwan, earthquake, disruption, Internet,
Site Search Tags: Taiwan, earthquake, disruption, Internet,

It seems like I’ve decided to return to Blogsome. Why you might ask? I’ll lay out anything and everything as clear as I can.

First off, the decision to move out of Blogsome perhaps seemed to be hastily decided on by me. A lot of things happened and maybe clouded my mind for a long while. One factor might be the death of my father. The event was just so hard for me and the family. Now, I’m the breadwinner and provider. I am facing a lot of challenges lately and I was finding a hard time to compose myself with these newfound challenges.

Why did I decided now, after a few months, to stay with Blogsome?
First off, Blogsome is not a bad service. Blogsome provided a very very very good service. Plus the fact that it is free. Although I was looking for more additional features and so on. However, after deeply thinking about it, I have decided to stay on with Blogsome. The reasons are as follows:

1. Time is of the essence. I am just too darn busy now to make a move to another server and maintain my own personal site/blog and dealing with server-side issues (ie. Wordpress being bitchy, or the hosting gets boggy, etc..)

2. I have already put up quite a lot of articles and content into this blog.

3. Other blogs already linked to this blog. Some of the blog owners might not find the time to relink to another blog.

4. This blog is already somewhat positioned well enough. It’s just a matter of continuing this blog.

5. Is it worth the hassle? I dunno for now.

Overall, time is but a luxury. Even my family is feeling my lack of time for them being always busy and all that.

The one thing that I want now more than ever? Doing what I love to do, and doing it with my family. I am just thankful that my family is very supportive.

What are my plans for the next year you might ask? Hmmm, nice question. But I got a couple of things lined up for the new year and it will be permanent I hope. No more masters, no more bosses. Just me and my family, plus a couple of friends who are of course devoted to the same thing that I do and love — Linux, opensource, and the love of the beauty of the baud.

Baudizm is back.

I haven’t found enough time recently to update this blog. For one, my father died last August 25 due to Pneumonia caused by Streptococcus Pneumoniae (Pneumococcal Pneumonia). This bacteria is somewhat resistant to antibiotics. Add to that, my father has survived 2 mild strokes, and high blood sugar content (but not diabetec before the onset of pneumonia). Actually, his health deteriorated rapidly after his second stroke. Despite his dieting, his blood sugar is still high regardless of the medicines he took. As a final blow, streptococcus pneumoniae, which is a bacteria that is present in all humans on the upper respiratory areas (nostrils, trachea, etc..) somehow managed to infect the lower lung areas. This complicated things, along with that, he contracted full blown diabetes, dunno which type. Doctors did their best, however, at 11:30PM August 25, barely a day on his being admitted to the hospital (he was admitted 12am August 25), he died. The family’s still trying to recuperate from the loss of my father, although we are already back at work…

As for our project in General Santos, the proof-of-concept is already done. The client is looking to purchasing some licenses, and everything is good.

Regarding this blog, I’m transferring over to a new space, hosted by ifastnet.com. They have 2.5 Gb space, 30 Gb bandwidth, plus lots of scripts and tools via Zantastico. I get to have my own hosted blog with total control (wordpress), cms (joomla/mambo/xoops/etc..), and some domain and mail tools via cpanel. Comparing this blog to that service, it’s way very flexible than Blogsome. However, I’ll try to port any article I can from here to there and hope the porting will be seamless.

I won’t be taking this place down. As long as Blogsome will continue to host this, Baudizm will still be here. However, most updates will go to my new site. You can see it at http://bit.ifastnet.com/

See you there!

---

Technorati Tags: Blogsome, moving+on, death, pneumonia, blogging, transfer, ifastnet.com
Site Search Tags: Blogsome, moving+on, death, pneumonia, blogging, transfer, ifastnet.com

Hello again folks!

First off, I dunno if anybody has been visiting the site lately. I haven’t been able to update the posts for well over a month (the hell!). This is largely due to the fact that work is pretty much stepping up lately and I’m getting busier by the minute (which is good technically, bad healthwise, and badder still for the pocket).

So what have I been up to while I’m away? Too many to mention but I’ll let you all in to a significant few.

For the past month, I’ve helped put together an opensource contest, started a deployment of Novell Zenworks Suite to a local coal-fired powerplant (yeah yeah, spare me the lecture on acid rain and stuff like that — i dont really care since it’s their business), experimented with Xgl on SuSE Linux 10 and 10.1, and reviewed SuSE Linux Enterprise Desktop 10 and SuSE Linux Enterprise Server 10. And last but not the least, I’m doing planning and preparations for putting up a proof-of-concept deployment for Novell Open Workgroup Suite to a local company based in General Santos City. And this means I’m going on a trip! YAY!

I really would love to let you guys in on Novell Zenworks, and Open Workgroup Suite. I have a lot of pending articles to put up on here but I rarely have the time — for now. Expect them articles to be put up on here later.

I guess I better leave this at that. I’m still working on Novell Groupwise before we leave for General Santos City early Monday morning. I’ll have it logged for storytelling later.

---

Technorati Tags: busy, updates, Novell
Site Search Tags: busy, updates, Novell

CIAO!

I’m currently helping a colleague setup a file and print server using Linux. As usual, I suggested to use Samba. Little do I know, perhaps unexpectedly so, that we are actually hitting the wall, and hitting the wall hard.

We all know that Samba pretty much functions solidly in providing pretty standard file and print services. It also provides pretty good domain services too. I really do not need to stress out Samba’s strong and weakpoints since those were already covered by a lot of documents and authors all over the net. I’ll let you do the googling for that.

In our setup, Samba is already running and provides file and print services. We can copy and paste files and folders to and from the share. The problem that arose is with the DOS-based application that we hosted on the Samba share which will be made available over the network.

This application, is a customized banking system developed and running on Foxpro. Users activate the application via a batch file on their clients accessing the mapped drive assigned as “G:”. The application starts up pretty well, albeit a stand-still of about 4-5 seconds before displaying the application’s login screen. After login, the application performs snappily. The trouble appeared when we tried to display consolidated reports of transactions. Regardless of which type of report we try to display, be it daily or otherwise, it takes a little more than 15-20 minutes before the actual report is generated.

We compared the performance of the application on a Windows 98-shared folder. The Windows-shared application responded much faster than the one shared through Samba. However, normal file and print share accesses are much faster on Samba than on the Windows share.

With that, we tried to poke around trying to tweak Samba further hoping to solve the pesky slowdown. We end up adding the following statements in smb.conf:

security = user
oplocks = false
read raw = no
write raw = no
read size = 65536
read prediction = true
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096


Still, nothing happened. The application still performs dismally during report generation. We have searched throughout and found out that others have also experienced slow reponses from DOS applications being executed over Samba. Somehow, same with the others, we haven’t found any answers or solution to this problem.

If you know of a solution, I’d love to hear it. For now, we have deferred the setup for a day looking for a solution. We might even use marsnwe - a netware emulator on top of samba if the problem persists.

---

Technorati Tags: samba, DOS, DOS+apps, DOS+apps+on+samba
Site Search Tags: samba, DOS, DOS+apps, DOS+apps+on+samba

I’ve recently read CNN’s article on security related to identity theft at Experts: Simple security cuts identity theft risks. It’s just illogical for companies to be storing sensitive information on singular, mobile devices. One thing that mobile devices are very much susceptible to is theft and to store sensitive data onto these devices will be inviting disaster.

Here are my suggestions:

1. Do not store sensitive data to mobile devices.

2. Store sensitive and company-related information on a central location, network-accessible, and independent from servers. In case the servers go down, the storage units will remain intact and operational. Network-attached storage and Storage-area networks are perfect for this.

3. Allow access to data only to a select few. Clear-cut definition of access policies will do the trick. Map out which users and groups will have access to the data.

4. External access must be facilitated via a secure connection probably via VPN or SSH tunnels.

5. Data accessed externally must not be allowed to be stored off-site. Access must be provided via web interface or remote front-end but the data will be stored in the same repository negating storing on the accessing machine.

6. All users must have single sign-on to the general sections of the network, both internal and external access. A second login must be provided for extremely sensitive data.

My suggestions are just common sense. These can be implemented using opensource negating exhorbitant cost to the enterprise. Companies like Novell can provide the same features at low cost to the enterprise along with top-notch technical support.

One thing I’ve observed in organizations is that some administrators seldom implement strict security guidelines throughout the enterprise. In the end it is always the user that bears the blame. Properly implemented security measures will definitely save the enterprise the trouble and headache in dealing with this type of security problem.

If I’d missed something, I’d love to hear about it.

---

Technorati Tags: security, enterprise, data+theft, CNN, simple+security, identity+theft
Site Search Tags: security, enterprise, data+theft, CNN, simple+security, identity+theft

“Professionalizing” the still fledgling software development industry in Cagayan de Oro City has been opened up during the recently concluded Northern Mindanao Business Summit on ICT. An association of software development outfits seem to be unanimously endorsing this move. However, I can’t see much weight on such a move.

With Cagayan de Oro City declared as one of Mindanao’s IT Hubs that comprises the Philippine’s main Cyberspace Corridor, the city is witnessing significant growth in IT-related business and services. Comprising these businesses are companies playing in the BPO (Business Process Outsourcing) arena, Back Office services, e-commerce services, technical support services, IT infrastructure security, web development, multimedia and animation, and software development.

An association of software developers in Cagayan de Oro City declared to make a move endorsing the “professionalization” of the software development industry especially in Cagayan de Oro City. One of the main issues that they brought out regarding freelancers was one of unfair competition. They stressed out that the local software development companies offer their services to client establishments at a specified price, and freelancers will come in, offer the same set of services at a lower cost. With most of the local clientele being cost conscious, the probability for local software development companies losing the bid is very high. I think one other move that the local software development association is proposing is regulating software development fees and cost of software.

This issue is actually multi-faceted, and a lot of factors will certainly need to be considered. And I will try to present my opinion on this issue as clear as I can.

First off, I don’t think that the idea of “professionalizing” the software development arena is such a good idea. You can not just ask for a professional certificate or a license to develop software from a person that offers to do development for you. A lot of software developers were actually NOT graduates of software engineering, computer science or a related field. A lot of software developers today learned programming through self study. And not all who finished software engineering, computer science or any related course are skillful to do software development.

Second, the idea of limiting the market to only a select few companies is very Microsoft in the sense. If you limit freelancers now, the environment where our freelancers can grow will be gone. Looking at Silicon Valley, most of startups that became successful were products of former freelancers. Think Google, Apple, MySQL, and even Microsoft. Carmack and Romero (of Id Software and Doom fame) were once freelancers before doing Id.

Third, I dont think freelancers can pose a very significant threat to the existing market niche that current local software development companies occupy. To compare, most freelancers do the work alone or in groups of two or three, doing the systems development cycle pretty much on their own. Full-fledged software outfits comprise of teams that tackle each aspect of a certain project. Software companies have significant up to almost unlimited resources (time, money, technology, manpower, marketing power). Putting cost-conscious clients, software companies can stress out the quality of the end-product, the technology involved, and most of all they can stress out extensive technical and software support that most big wig companies value very much. Freelancers can only provide limited support technically due to probable time limitations. Ultimately, when freelancers get more clients, freelancers will then grow their business and become a startup company and will then hire additional team members. This kind of dynamic growth is very much healthy for the local software development industry.

If these software companies are afraid that freelancers will take a significant bite out of their precious pie, then they can choose to outsource some of their projects either by component or by project. They can try and communicate and interact closely with local freelancers. With this communication, they can learn and work together. Instead of a competition, its going to be a symbiotic relationship. Freelancers learn from the big player, big player gets a chance to use the freelance talent.

Everybody wins. Or so I think…

---

Technorati Tags: software+development, freelancing, limiting+freelancers, CDO+freelance,
Site Search Tags: software+development, freelancing, limiting+freelancers, CDO+freelance,

I just came across Tectonic’s article today - Dapper Drake verdict: It sucks. I’m surprised at the heading pertaining to one of my favorite distro being downright unsatisfactory. I cannot comment much on the article since I didn’t take Dapper Drake for a spin. I don’t have the bandwidth to download the CD images.

Regardless, Dapper is still relatively new. And staying true to my mantra, I will get Dapper later when most critical and notable bugs are fixed or when it becomes “stable”. I rarely use beta except for XaraLX where I’ve been an avid user of that software before under Windows. Now that it is in Linux, I’ve been watching over its development closely. I’m more eager to use XaraLX extensively than Inkscape.

As for Dapper’s case, my suggestion to all eager beavers wanting to use Dapper already, just wait patiently. It will definitely pay off. Im still on Breezy now, alternating with SuSE 10 and 10.1 from time to time. Dapper is going to be a good release. Let’s just give the developers time to iron out some edges. Being based from Debian’s Etch unstable, Dapper is going to be far from stable as of this post. Maybe in a few months, I’ll get the disk images. But for now, I’ll remain with Breezy. I got more important things to do on my Ubuntu than testing Dapper. I’ll leave the honor of testing Dapper to the others.

---

Technorati Tags: Ubuntu, dapper, dapper+drake, tectonic, linux, linux+beta
Site Search Tags: Ubuntu, dapper, dapper+drake, tectonic, linux, linux+beta

I had just recently attended the 1st Northern Mindanao Business ICT (Information and Communications Technology) Summit held at Grand City Hotel, Cagayan de Oro City. My attending the event was because my boss asked me to attend the event instead of her and her second-in-command. So I’m acting as proxy to represent the company I’m working for. The event was scheduled 8:00AM til 5:00PM of June 9.

One observation before the event even took place was that despite the schedule being set at 8:00AM, there were only about 5 people in the venue at 8:30AM. That means most of the participants, facilitators, and speakers are late. The event formally started at about a few minutes past 10:00AM. With this kind of attitude persisting, I don’t think businesses will go far. Honestly, if we really want to succeed in business, or in any other endeavor, being late or wasting time should have been out of the question. That’s two hours of valuable discussion time lost due to tardiness.

I saw many familiar faces in the event. I saw most of the primary movers of ICT in Cagayan de Oro present. There’s Mr. Elpie Paras, a local capitalist/investor with businesses like a cable TV company, a cable internet provider, call center, and a medical transcription outfit. In attendance also were people from the Department of Trade and Industry (DTI), a government agency overseeing and regulating tradenames and businesses. There were representatives from the National Economic Development Authority (NEDA), representatives from various LGUs (Local Government Units), representatives from the academic sector most notably from Capitol University, MSU-IIT/MSU-Marawi, Xavier University, Lugait National High School, local IT vendors, software developers, Search Engine Optimization (SEO) companies, and various local SMEs (Small-Medium-scale Enterprises).

During the summit, speakers were outlining and presenting various reasons why Cagayan de Oro and Northern Mindanao is a good area for ICT investment and development. However, as with most figures and surveys, most of the data is believed to be “groomed” or bloated and most of the participants agree that a proper consensus, an extensive survey and data gathering is definitely required in order to provide an accurate demographic of the current ICT readiness of Northern Mindanao.

During the workshop that followed, the participants were grouped into different key areas for strategic planning and discussion of the needs of each specific area in terms of ICT readiness. The groups were Misamis Oriental/Cagayan de Oro City, Iligan City/Lanao areas, Misamis Occidental/Ozamis City/Oroquieta City, and Camiguin/Gingoog. However, the groups were then made into three, mixing Camiguin/Gingoog with the Misamis Oriental/Cagayan de Oro group. Throughout the workshop the groups were asked to outline what each area possess, what they lack, and how to resolve deficiencies in terms of ICT readiness. I belonged to the Misamis Oriental/Cagayan de Oro group.

Despite Cagayan de Oro’s obvious advantage in ICT readiness since it has an IT park, good Internet connectivity, stable power, various support services in place, and good supply of manpower, it was found out that it is going to be hard to sustain ICT-related ventures most specially ventures dealing with Business Process Outsourcing (BPO) due to some factors that will still need to be addressed. One factor is the mismatch of existing industry needs and requirements versus what the academe in Cagayan de Oro is producing. According to some members in the workshop group, they have a hard time accepting prospective employees because of the lack of the skillset that is specifically required for the job that is in vacancy. One example is in the BPO sector. Most applicants hoping to land a job in the BPO sector will have to be proficient in the English language. However, out of 100 applicants for a BPO position, only 3 to 5 persons get hired. As for systems development and systems support, roughly the same figures apply in terms of programming and hardware skillset.

Another perspective that the academic institutions that participated in the event brought out was regarding a more extensive and revitalized On-the-Job training program which must be developed with the cooperation between respective academic institutions and industry players. Some industry players also stressed out a need for a re-evaluation of the current curriculum that are being followed by institutions for ICT-related courses.

After the workshop, the following recommendations were drafted to further revitalize Cagayan de Oro’s position as a viable IT Hub:

• increase English Proficiency
• enhance academic curriculum
• launch Career Advocacy
• ensure computer literacy
• create an ICT Council within the City Council itself that will oversee all ICT matters
• solicit the involvement of all academic institutions and the Commission on Higher Education to revamp or improve the curriculum for ICT-related courses within Northern Mindanao

Conclusion
Some of the recommendations and findings were somewhat tall orders however, these are very much neccessary. With the creation of an ICT Council, a roadmap, a fixed ICT roadmap will be in place in sustaining Cagayan de Oro’s ICT readiness. The academic sector plays a very big role in the development of Cagayan de Oro as an IT hub since the academe provides the raw manpower required.

I do hope that it won’t take long for these things to be in place. I don’t see myself being employed for long. I’m already planning to put up a business of my own and these “infrastructures” could very well aid my future business’ and the currently existing businesses’ sustainability and survibability. The future of IT in Cagayan de Oro is certainly bright.

---

Technorati Tags: Cagayan+de+Oro, ICT, infotech, IT, summit, business+summit
Site Search Tags: Cagayan+de+Oro, ICT, infotech, IT, summit, business+summit

Yesterday, a Sunday, was a busy day for me. Although as much as I wanted to spend time with my family for that day, I have to go and pay a visit to a client who is currently planning to migrate fully to Linux.

The problem or problems were simple really. Below are some details regarding their infrastructure.

The Client
Actually I am doing this on a freelance basis. Since I am not available on weekdays because of my day job as a Tech Support and Pre-Sales for a local IT vendor, I asked the client that the planned initial steps for their migration be set on Sundays. The proposal I previously submitted projected the “migration” will take about five days (Sundays).

The client is a real estate developer. Their computers were fixed-function stations with the primary purpose of generating documentation, reporting, email, internet browsing, and billing. Pretty standard office stuff. The migration will not be as difficult.

The Objectives
The client intends to cut down costs in terms of software licensing, increase control over users’ internet use without invading user privacy, increase the security of the main business network by preventing unauthorized access into the main network that might come from the wireless portion of the entire network, and maintain compatibility of pre-established and used document formats.

The Infrastructure
Their existing infrastructure consists of the ff:
- one Systems Admin
- 10 - 20 workstations for documentation, reports, email, browsing, and billing running Windows XP
- no definite specific server/s
- mixed set of printers (Epson, HP, Canon) ranging from Dot Matrix, Deskjet/Bubblejet, and Lasers.
- a wired (copper) network using 10BaseT/UTP
- a wireless network using LinkSys wireless access point/switch/router
- broadband (ADSL) internet connection
- commercial anti-virus
- file and printer sharing
- Applications: PeachTree Accounting, Norton AntiVirus, internal custom systems developed using Clipper, and MS Office.

The Diagnosis
My initial inspection of the infrastructure found their existing inefficient and vulnerable. Here are the initial findings:

1. The network(s) were inefficiently using IP addressing. Each department were using a different IP class for only very few computers. One department uses class B IP addressing (10.0.0.x) and another department uses class C IP addressing (192.168.x.x). Each department only has an average of 4 or 5 computers maximum.

2. The wireless network is directly interconnected to the wired network. The main network gets IP addresses via the DHCP service provided for by the LinkSys Switch Router. Mobile clients that will access internet connection via the wireless access point can access other machines within the main business network.

3. No restrictions and control is implemented for users within the main business network. Users tend to surf and download malicious content through the web.

4. Virus infections were common and left unresolved.

The Recommendation
With prior talks with their System Admin, I recommended SuSE Linux despite the existence of other “Windows-like” Linux distributions due to the fact that a local vendor offers SuSE Linux and can extend support to them locally.

Further recommendations were:
1. Use ONLY class C IP addresses and use subnetting (192.168.0.x, 192.168.1.x, …). Each department will use a subnet of the same IP class.
2. The wireless network will be assigned a separate subnet than the main business network.
3. A “server” will be setup to provide proxy service, routing between the main business network and the wireless router.
4. The “server” will use iptables-based firewall with one network interface designated as a demilitarized zone for the wireless network, and an internal zone for the main business network. This will in turn block those from the DMZ from accessing the main business network.
5. Squid will be used as the internal proxy server which allows for easy installation, maintenance, flexibility in implementing restriction via access control lists (ACLs).
6. Samba will be used for file and printer sharing allowing internal workstations that will still continue using Windows to use network shares and resources.

Already Implemented
I had just started to implement changes to their infrastructure and one day will not be enough for two people (me and the System Admin) to perform the entire implementation. The fact that the Admin is also more inclined to Windows than Linux does not help speed up the implementation.

So far, we were able to accomplish putting up the internal proxy server using Squid. ACLs for Squid will still be added later. The client’s System Admin will do the updating to new IP addressing for the rest of the workstations. File and printer sharing will be done later.

Here’s the diagram of the proposed modification to the network that is in the process of implementation:

- Click picture to enlarge.

This project is very much a first for me to implement, hopefully this “pilot” project will be one of many “migration” projects that I will be doing in the future. Certainly, Linux, for some local businesses is starting to look pretty viable an alternative cost-wise and security-wise. Look forward to more updates regarding this project soon.

If you have any suggestions, feel free to comment. I’d love to hear your suggestions to make the client’s foray into Linuxland more beneficial and worthwhile.

One of our home computers was recently infected with Win32.Locksky and finding a remedy for it (without installing a humongous anti-virus) was a challenging but fun activity.

The Challenge
This particular computer was rented out and when done, I was surprised to find out that the Windows Task Manager button is disabled in the Windows Security dialog box when I pressed CTRL-ALT-DEL simultaneously. Do note that the computer doesn’t have an anti-virus installed (yeah! yeah! I know, it’s supposed to have an anti-virus. But I didn’t install it. I’m lazy. So?) I examined the system further and found some Internet Explorer bars installed and some items appeared in Programs||StartUp. I opened RegEdit, and wasn’t surprised that it was not disabled, so I continued on and checked for irregularities in HKCU\Software\Microsoft\Windows\CurrentVersion\Run, HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce, HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx keys. True enough I found some suspicious startup entries and removed them. I of course took note of the file locations and proceeded to HKLM\Software\Microsoft\Windows\CurrentVersion\Run, then HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce, and HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx, and also removed the same suspicious entries.

After removing the suspects from the registry, I then closed RegEdit, and proceeded in deleting the malicious files. I then restarted the machine. Just to be sure, I first downloaded HiJackThis (http://www.merijn.org) and then did a system scan. Not surprised, HiJackThis was able to list out some more registry startups that I wasn’t able to remove previously. Regardless, I still couldn’t click on the Task Manager button. I checked my system for any connection attempts going in and out of the computer and lo! SMTP connections galore! So I downloaded AVG Free, updated and scanned. It was able to detect still additional trojans and deleted their corresponding files. However, it too was able to detect the Win32.Locksky worm! This is going to be a challenge. Although I could install any quote “rock-solid” anti-virus (commercial), I didn’t chose to. I aimed to find what this virus is all about. It is the first time I encountered this worm from the wild.

AVG reported C:\WINNT\SYSTEM32\WMEDIA16.EXE and C:\WINNT\TEMP\POL8E5D.TMP to be Win32.Locksky. I then tried to let AVG remove the virus, however, no dice! AVG can’t quarantine it, nor can it be deleted. Another challenge!

The Doctor is In!
I needed to assemble my tools now. I am determined to discover what makes this virus tick. I first looked at Symantec’s Security Response Database, and searched for Win32.Locksky in its Virus & Risks section (http://securityresponse.symantec.com/avcenter/venc/data/w32.looksky.f@mm.html). However, after reading the security advisory and virus info, I found out that the one Symantec has on record is different from what infected the computer I’m working on! Certainly, a variant. I searched further through Google this time and entered “wmedia16.exe” then clicked “Search”. I found out that this file is prevalently being used as a delivery agent for trojans and worms. Aside from Locksky, this was also used for MyDoom, the Goldun trojan dropper, and the Gurong.A rootkit. Useful little bugger… I grew tired of wading through old Google search results so I decided to go all out. Bring out the tools!

The Tools
To try and combat Locksky, I downloaded the following:
1. HiJackThis (http://www.merijn.org) - done earlier.
2. StartDreck (http://www.niksoft.at/download/startdreck.htm) - works like HiJackThis but with a little more nifty features.
3. CWShredder (http://www.intermute.com/spysubtract/cwshredder_download.html) - popular remover of the CoolWebSearch adware/malware, which is a favorite delivery system for most trojans, droppers, downloaders, and spywares. Now already a part of TrendMicro.
4. SpywareBlaster (http://www.javacoolsoftware.com) - blocks website-borne adware and spyware, rogue activex controls and applets, as well as website-borne viruses.
5. Spybot Search and Destroy (http://security.kolla.de) - scans and removes existing adware, spyware, trojans, some viruses, activex controls, and other components related to rogue applications.
6. Autoruns (http://www.sysinternals.com/Utilities/Autoruns.html) - See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
7. Process Explorer (http://www.sysinternals.com/Utilities/ProcessExplorer.html) - Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.

With these tools extracted and installed, I proceeded in scanning the system again using HiJackThis. I found WMEDIA16.EXE, a 2040204.EXE, and POLYMORPH.DLL running in the background. I tried stopping them using HiJackThis, however, the processes keep coming back up. I closed HiJackThis, and opened StartDreck. StartDreck gave me a whole list of registry keys and entries to play with. I was even able to terminate some Windows services that were unessential, and also change their start settings from automatic to disabled. Pretty neat. Regardless, StartDreck was still unable to terminate POLYMORPH.DLL. I tried using the REGSVR32 -U command to unregister the DLL. However, no dice. Windows yelled the dll is being used by a process or application. Moron. So ran first CWShredder to try if CoolWebSearch is in the system. So far so good, CWShredder reported nothing to be alarmed of (except the existing virus).

By now, I’m not really pissed off, but rather eager to find a way how this virus works and how to terminate it without putting too much pressure on the system by running more strenous scans. To cover my bases, I opened up SpywareBlaster and downloaded some updates on protection for Internet Explorer, Firefox/Mozilla, and Flash holes. Then activated the protections to make the system a little bit “closed” than the previous. After that, I fired up Spybot Search and Destroy, downloaded some updates for it, and scanned the system. After scanning, it managed to detect some more registry entries that it considers malicious. So far it reported 150 more registry entries and files that were related in one way or another to rogue applications. Fixed them all with one click. 5 entries remained requiring a restart to be resolved. Restarted, and continued the repair, then activated “immunization” which will block further activex and rogue components from penetrating the system. This now leaves only the virus remaining. Two files, and two tools to go.

The Showdown
This is it. The last hurrah. I pulled out Autoruns and scanned the system. It actually comes in two versions - the Windows (GUI) version, and the command line version (Autorunsc). What Autoruns offers is an organized “mess” of settings, registry entries and values that you can sift through, and adjust for the system. You can see everything from Logon events, Scheduled Tasks, Boot Execute, Drivers, DLLs, settings for Explorer, Internet Explorer, Winsock, LSA, WinLogon, AppInit, and more. A little swiss army knife. I “shopped” around Autoruns and found polymorph.dll sitting there in the WinLogon list. Right Clicking on it gave me a context menu with some settings and surprised to find “delete” as one of them. I chuckled and clicked the option. Saw the entry disappear, and came back again in 2 seconds! Whoa! One persistent little bugger. Okay, one more reconnaisance. I opened Process Explorer and poked around looking for anything related to POLYMORPH.DLL. So far, still WinLogon. Ok, so this must be activating upon logon. So I decided to move the battle to a different zone. On to safe mode!

I closed everything, restarted the system and pressed F8 and chosen to use safe mode. I entered my administrator password, and saw myself in the dreary 16-bit color land of safe mode. before proceeding, I scanned the system again using Autoruns, and what do you know? POLYMORPH.DLL is there! However, WMEDIA16.EXE is not. Hmmm we’re making progress here. I then opened an explorer window, looked for WMEDIA16.EXE in C:\WINNT\SYSTEM32 and found nothing! Ok, so it must have been hidden. I then clicked on Tools | Folder Options in the Explorer menu bar, then clicked on the View tab and chose Show Hidden Files and Folders, then removed the check on Hide Extensions for known file types, and also removed the check on Hide Protected Operating System Files. I then clicked Apply then Ok. I then proceeded to look for WMEDIA16.EXE and after I locatedit sitting cozily in C:\WINNT\SYSTEM32, I gave the bugger the “Beat it!” sign, and deleted the living daylights out of it. One down, one to go. I opened Autoruns again and disabled POLYMORPH.DLL from autoloading. Deleted the file in C:\Documents and Settings\All Users\Documents\Settings\POLYMORPH.DLL, then restarted expecting victory. Then it hit me. It’s not starting from the registry! WMEDIA16.EXE is back again and so does POLYMORPH.DLL! Hmmmm… it must start from somewhere. Sherlock made a very big impression in me so I looked at one possible location - C:\WINNT\SYSTEM32. I opened up Windows Explorer and navigated to the folder, I clicked the View button in the Explorer toolbar and chose Detailed View then arranged the entries in alphabetical order. Just doesn’t make sense! What am I looking for? Then I remembered to check for dates and times. I then clicked on the “Modified” header and looked at the dates and time. I noticed a definite pattern to most of the system’s files. They were mostly modified sometime in the year 1999. Although some insignificant files were modified quite recently, these files didn’t cause alarm so I neglected them. However, I noticed one file has been modified recently. The file is SHELL32.EXE. Most other files that must come along with it like USER32.EXE and others were modified 1999, this one is quite recent. This must be it! I am now going to risk it. I first made a copy of a fresh SHELL32.EXE from a separate machine (Windows 2000) and pasted it on top of the suspected SHELL32.EXE. Then rebooted.

After rebooting, I was presented with the logon screen, then proceeded. Glad that everything seemed to be going well, I was suddenly was greeted by an error. “Explorer.Exe has generated errors…” Hmmm, I forgot that the SHELL32.EXE that I “grafted” into the sick computer has not been patched. The sick computer was already in Service Pack 4 while the previous one isn’t. So I pressed CTRL-ALT-DEL, clicked Task Manager then clicked File | New Task then clicked Browse looked for the Service Pack 4 installer then proceeded with the update. The system prompted a restart and proceeded. After logging in, Explorer came up nice and easy as if nothing happened! Whoa! Alright!

Mopping up Operations
By now the computer is functioning well, didn’t even slow up. I checked for rogue connections using Netstat -an. So far, nothing. No more SMTPs. I then proceeded in deleting POLYMORPH.DLL and WMEDIA16.EXE and performed another set of scans with AVG, SpyBlaster, and Spybot. So far, they turned up nothing.

It turned out that the computer was compromised and has been “rooted”, with SHELL32.EXE replaced with a trojaned copy. Good thing I remembered to check the date and time the file was modified. Chances are, we always commonly ignore these infos and turns out to be the saving grace.

Now the system is clean eversince.

---

Technorati Tags: security, virus, locksky, shell32.exe, polymorph, rootkit
Site Search Tags: security, virus, locksky, shell32.exe, polymorph, rootkit

At last, I got a clean top-level domain redirection. I dunno really if you will consider it as a full-fledged TLD, however, its close to the real thing. You can now access this part of the internet via http://www.hardwyrd.net.tc/

Yes folks! its a dot-net-dot-tc domain. Thanks to the people over at SmartDots (http://www.smartdots.com) who provided this TLD redirection _FREE OF CHARGE_!! Actually you can get one yourself.

Who is SmartDots?
SmartDots is a licensed registrar for net.tc-, int.tc-, eu.tc-, ru.tc-, pl.tc-, bg.tc-, bg.tc domains with License Number 9882434/104452-C53. SmartDots is administered by a company called SlashLogic and is generally a European Union centric service.

The initial website is in German however, English is an option.

The service is very much straight-forward. Despite its being a free service, users are given almost total control of their domain. Initially, an ad will be displayed on your site. The ads either come in the form of pop-up or frame, however, the ads can be disabled in the Domain Control Panel.

After I applied for the domain, it took effect immediately which made me pleased even more without letting me wait for usually up to 74 hours for the domain to take effect. Aside from the Domain Control Panel, it also has a lot of domain tools available for the user, for free.

You really have to take this service for a spin to appreciate it. So as a token of my appreciation, I’ve added their button here for display and you can use it to apply for a domain for your self.

True enough, O’Reilly’s Sara Winge issued a public statement regarding the IT@Cork Web 2.0 controversy. Here’s an excerpt:

O’Reilly and CMP co-produce the Web 2.0 conference. “Web 2.0″ was coined when we were brainstorming the concept for the first conference in 2003. As noted in the letter to IT@Cork (sent from CMP’s attorney, but with our knowledge and agreement), “CMP has a pending application for registration of Web 2.0 as a service mark, for arranging and conducting live events, namely trade shows, expositions, business conferences and educational conferences in various fields of computers and information technology.” To protect the brand we’ve established with our two Web 2.0 Conferences, we’re taking steps to register “Web 2.0″ as our service mark, for conferences. It’s a pretty standard business practice. Just as O’Reilly couldn’t decide to launch a LinuxWorld conference, other event producers can’t use “Web 2.0 Conference,” the name of our event. In this case, the problem is that it@cork’s conference title includes our service mark “Web 2.0,” which the law says we must take “reasonable steps” to protect. We’ve also contacted another group that has announced a “Web 2.0 Conference” in Washington, DC this September.

You have to be kidding me. Alright folks, Ms. Sara here is telling all of us that _we_ cannot use the term “Web 2.0″ in conjunction with putting up events, conventions, or conferences related to Web 2.0. This outright contradicts what Web 2.0 is all about. Web 2.0 is all about sharing, collaboration, co-existence, scratch-mine-and-I’ll-scratch-yours philosophy. This really is preposterous and uncalled for.

Just a few moments after the public statement, here are some downright humorous comments:

“Sara Winge”: I regret to inform you that me and my legal team have applied for a service mark for the business term “Sara Winge.” Me, my company — Consolodated Holding Consortium, Inc. — and our legal representation hereby “demand” (that’s a legal term!) that you immediately cease-and-desist using our business term in any public forum. The term “Sara Winge” was coined in a brainstorming session from 2003 when we were trying to come up with a new brand name for our top-selling hemorrhoid balm. Any attempts to claim that the term existed prior to said brainstorming session are fraudulent and illegal. I’m sure you understand — this is pretty standard business practice. The law compels us to take “reasonable steps” to protect our financial interests in “Sara Winge Hemorrhoid Ointment”. Hopefully you’ll agree to change your name before we ask a judge to issue an injunction against you prior to the launching of next month’s “Sara Winge Is A Giant Hemorrhoid Conference.”

Thank you for your cooperation. As you know we at the Consolodated Holding Consortium, Inc. are activists for open source and open standards, and opponents of software patents and other incursions of new intellectual property laws into the public domain.

Posted by: JP at May 25, 2006 11:09 PM

—————————————————————————————————————-

What is Web 2.0?
- Get other people ideas
- Market said ideas under a nice package
- Unleash lawyers
- Profit??

Posted by: Anonymous at May 26, 2006 02:28 AM

Read Sara Winge’s first public statement courtesy of Brady at http://radar.oreilly.com/archives/2006/05/controversy_about_our_web_20_s.html

Another followup public statement by Sara courtesy of Nat at http://radar.oreilly.com/archives/2006/05/more_on_our_web_20_service_mar.html

I dunno about you people but, seems that O’Reilly’s camp got their “greed” switches turned on. What benefit would they get patenting a bunch of terms? Utter madness. Reminds of the time when domain squatting was rampant. Spinless really.

---

Technorati Tags: O’Reilly, IT@Cork, itcork, Sara+Winge, Tim+Oreilly, Web+2.0, web2.0
Site Search Tags: O’Reilly, IT@Cork, itcork, Sara+Winge, Tim+Oreilly, Web+2.0, web2.0

The Web 2.0 rollercoaster is up and it’s rising fast. In an effort to be able to catch surf, IT@Cork, a non-profit organization based in Ireland, decided to put up their own Web 2.0 conference for the benefit of their own local members. Not long enough, IT@Cork’s Tom Raftery receive a cease and desist order from a legal counsel over at CMP Media, O’Reilly’s partner, regarding IT@Cork’s Web 2.0 conference.

According to Tom Raftery and I quote from his blog:

One of these events - the upcoming Web 2.0 half-day conference is the target of a cease and desist letter (below) from the legal team of O’Reilly publishers. Basically O’Reilly are claiming to have applied for a trademark for the term “Web 2.0″ and therefore IT@Cork can’t use the term for its conference. Apparantly use of the term “Web 2.0″ is a “flagrant violation” of their trademark rights!

I dunno how to make of this. Is CMP trying to patent the “Web 2.0″ term or is it patenting the title “Web 2.0 Conference”?. If it is the former, then it is as if they are trying to patent the word “Internet” and anybody wanting to use that word for publicity or marketing won’t be able to do so unless it is _them_ using it. What’s more is that IT@Cork’s event is _free_ for its members and 50 Euros for non-members. O’Reilly’s cost USD$2795! They also invited Tom Raftery to attend.

Another twist is that according to Tom Raftery, he _invited_ Tim O’Reilly to speak at the Irish conference. However, Tim shrugged the invitation off citing that he can’t afford another long international flight with his busy schedule and all that. Tim therefore already knows about this way back February. Regardless, CMP’s legal hounds pounced on wee little IT@Cork and slapped a cease and desist order on them.

Now, if we are going to do an almost the same event here in the Philippines, that would mean _we_ can’t use the words “Web 2.0″ and “Conference” together lest O’Reilly’s publisher hounds will be all over the place taunting local event organizers though personally I doubt that would happen. But who knows? A lot of top notch developers came from the Philippines. And Web 2.0 is starting to become a bandwagon material here. It won’t be long until a “conference” for Web 2.0 will be in the works. Perhaps it is already on the planning stage as we speak.

Personally, I found it arrogant of CMP for doing so, slapping a C & D at IT@Cork, when they can actually just call them up _earlier_ when they’ve heard of this event. At least IT@Cork could have chosen a different term in place of “conference”. A “Convention” perhaps? Quoting Rick Segal, most of the community is expecting a statement either from Tim O’Reilly himself or from Sara Winge, O’Reilly’s VP of Corporate Communications, either to apologize for or support the somewhat harsh actions taken by CMP Media.

Regardless, CMP or O’Reilly won’t be able to go after anyone and everyone putting up their own “Web 2.0 Conference”. They don’t own the words, period.

Links:
Tom Raferty’s Blog - http://www.tomrafteryit.net/oreilly-trademarks-web-20-and-sets-lawyers-on-itcork/
Rick Segal’s Blog - http://ricksegal.typepad.com/

---

Technorati Tags: IT@Cork, Tom+Raftery, O’Reilly, CMP+Media, cease+and+desist,
Site Search Tags: IT@Cork, Tom+Raftery, O’Reilly, CMP+Media, cease+and+desist,

This is by no means a comprehensive review since Flock is still largely a work
in progress. It is going to be unfair to the proponents of the project to
pre-empt anything about Flock.

Introduction
The adoption of Web2.0 is steadily increasing and websites offering
Web2.0 compliant features and functionality were already in place even before
Web2.0 became a buzzword.

What is Web2.0?
What really is Web2.0? Quoting Wikipedia:

“Web 2.0 generally refers to a second generation of services available on the
World Wide Web that lets people collaborate and share information online. In
contrast to the first generation, Web 2.0 gives users an experience closer to
desktop applications than the traditional static Web pages. The term was
popularized by O’Reilly Media and MediaLive International as the name for a
series of web development conferences that started in October 2004. Web 2.0
applications often use a combination of techniques devised in the late 1990s,
including public web service APIs (dating from 1998), Ajax (1998), and web
syndication (1997). They often allow for mass publishing (web-based social
software). The term may include blogs and wikis. To some extent Web 2.0 is a
buzzword, incorporating whatever is newly popular on the Web (such as tags and
podcasts), and its meaning is still in flux.”

Now, that makes sense. If you are a dedicated web junkie, a casual internet
user, frequently do work and leisure on the web, Web2.0 practically simplifies
everything. Enabling collaboration or sharing of ideas makes Web2.0 tick.
Instead of searching for that elusive site, you can peruse the bookmark list of
somebody else in del.icio.us and go to the site saving you time. However, this
preview is not about Web2.0, rather for a new tool that is very much geared
for Web2.0 and accessing services available through it.

Enter Flock
According to Flock’s website:

“Flock is the free web browser that makes it easier to share and connect with
your friends.”

I came across Flock being mentioned a few times in some Slashdot or Digg
user’s comment couldn’t really remember when. Then came across it again while
reading some blogs regarding Web2.0. So I decided to download it and see for
myself.

Flock again is still pretty much on the development phase and developers
caution visitors to their website with:

“We’re not quite ready for prime time but if you can’t wait, download our
developer preview and let us know what you think. Also, make sure to check out
our Flock Blog.”

Doesn’t really sound like a caution, however its a nice way to say that the
software might be unstable and use it at your own risk. But that doesn’t damper my
resolve to try this new tool.

Flock Package
Flock actually already have builds for Windows, Mac OS X, and Linux. And true
to its open source nature, you can get the source code and compile it for your
self. I do not have the time to meddle with its source so I downloaded the
binaries instead.

Since I’m using SuSE Linux here at work, I chose Linux as my platform and found
the package to be in TGZ format. Its not going to be a sweat installing this using
the trusty old TAR command.

After downloading, I performed the following commands in Terminal:

mylinux@suse:~# tar -xzvf flock-0.5.15-US.linux.tgz
mylinux@suse:~# cd flock

Then ran Flock using:
mylinux@suse:~/flock# ./flock

Flock Face
After Flock loaded, I was pleased to see a somewhat familiar GUI. Flock is very
much reminiscent of Firefox and Camino. But Camino is a much closer resemblance.
Screenshot: Flock’s first start-up

You will notice that the search box is now rounded compared to a standard Firefox search box. Camino’s look like this somewhat by the way.

The toolbar’s buttons are also modified somewhat with an addition.
Screenshot: Flock’s toolbar

The toolbar contains the following buttons:

• Back and Forward - traditional navigation buttons
• Reload/Stop - as usual, the trusty page refresh. However, while the page is loading, the Reload button becomes a Stop button. Saves GUI realty.
• Home
• Create a Blog Post - this one’s new, aimed at simplifying posting on your blog/blogs. In my case, my blog is hosted at blogsome.com, to make quicker posts, I use the Press It module of blogsome.com. In Flock’s case, this might make my blog posting more frequent without logging in to my blogsome control panel.
• Open Favorites Manager - traditional Firefox Favorites Manager usually is still needs to be activated via the Bookmarks menu. This one saves clicks.
• Star This Page - this one allows you to add the currently visited site to your favorites with a twist. With Flock you can add that bookmark direct to an online bookmarking service like del.icio.us!

Other Notable Features
File Menu - Flock’s File Menu contains the “New Blog Post” which allows you to post blog content. You can alternatively click “Create a Blog Post” button.
Screenshot: File Menu

Favorites Menu - allows you to “Star” a page or add to online bookmarking.
Screenshot: Favorites Menu

Preference - the Flock Preferences, looking the same with Firefox and Camino, has some notable changes. It now contains settings for posting blogs via “Blogging” and settings for web-based photo and bookmarking services via “Web Services”.
Screenshots: General, Blogging, Photo Sharing Web Service, Bookmarking Web Service

Summing Up
All in all, Flock seems to be a promising tool specially for web junkies like me who needs to search and access online info, collaborate and share. Hopefully with more features being cooked up at Flock’s kitchen, its hard to ignore the viability that Flock will become the blogger’s favorite browser.

We’ll soon see.

You can visit Flock’s official website at http://www.flock.com/. You can download Flock at http://www.flock.com/developer/

---

Technorati Tags: Flock, flock+browser, flock+review, Web2.0, web2.0+browser, blog, blogging, browser
Site Search Tags: Flock, flock+browser, flock+review, Web2.0, web2.0+browser, blog, blogging,browser

Lazing around taking a break for awhile at work brought me to one article reported by PCWorld’s Yardena Arar regarding Microsoft’s release of Windows Vista Beta 2 quoting Jim Allchin, Microsoft’s co-president for Platforms and Services Division. I perused through the article and asked my self “Do I really want to use Vista?”.

First, although it’s interface is dazzling (have to admit, Vista is trying hard to get to where OS X is right now), the different versions will have different looks. Plus, if you have a different hardware spec than what Redmond thought will be adequate, you will also end up with another Vista face. A chameleon in the works? I dunno. Some people prefer to use a software that is consistent throughout installs, however will still be flexible enough for changing its looks, _whenever_ the urge arises.

It is quite nice of Microsoft to use XPS (XML Paper Specification) now in its recent Vista release. Honestly, just another Redmonized OpenDocument rip-off. And the reason? Pressure from the EU and other organizations pushing for Open Standards.

Microsoft is putting stress on security on this Vista release. So far, it is anything but secure. If Windows is very secure, then it will not be the Windows that we know, would it? MS disabled allowing users to login with administrative priviledges and that is good. Regardless here’s a quote from the very same article:

Microsoft officials admit they are still trying to find the right balance between maintaining security and irritating users with too many requests for administrator credentials. For example, some beta testers have criticized the inability of standard users to delete an icon on the so-called public desktop, one that wasn’t put there by that user.

Now, why would I want to use an OS like this? The problem really stems from Window’s overall design concept. Hooks within the system are all dangling like the jacket of a desperate flyfisher. Vista’s all hooked up that it doesn’t need a classy “bait” to snag it.
This one is also good:

Finally, the 64-bit version of Vista will not allow use of unsigned device drivers–drivers that Microsoft has not certified.

Oh my God! What if I’m using a a device manufactured by a Taiwanese or Singaporean startup and I get to like it? I hope they are not serious about this. It really starts to sound like a big joke. And another follow-up comment:

But he (Jim Allchim) also seemed to maintain that Windows suffered from more successful security attacks than competitors principally because hackers focused their attention on it. “This isn’t a Microsoft thing,” he said. “Over a period of time, if something gets to a critical mass, it will get attacked.”

Something gets attacked _if_ it can be attacked. With Windows acting like homing beacon, everything else will just land on its lap.

With that last comment, I’m not so sure about Vista. I’m happy with my Ubuntu with its upcoming Dapper release, or with my SuSE. I get peace of mind without even bothering for popups, notifications, spywares or what-bullshit-have-you typically found on a Windows system. I value the peace now than going back to Windows.

I just came across CNN’s article on situations where your personal data (SS number, Bank Acct. numbers, etc..) gets stolen, hacked, or otherwise. I dunno what to make of some of the steps since I don’t do active online banking. I used to have an eAccount before with a local bank, however, I didn’t have the finances to keep it going though (good for me!) so i left it out in the cold and allowed it to expire without even a single cent deposited. Call it a test if you like, but I never trust online banking anyways.

You can read CNN’s article at
http://money.cnn.com/2006/05/22/pf/security_data/index.htm

I’m in Cebu now, due to Infonet’s request that I be the one to present to Lexmark Intl (Phils) Novell’s Zenworks 7 Suite and Novell’s SuSE Linux Enterprise Server.

Delayed Arrival
I was booked for my Cebu voyage with Trans Asia Shipping Line’s Trans Asia 1. I’ve been boarding its ships ever since. My favorites were the Asia China, and the Asia Thailand. All of them depart and arrive on time. I thought this particular ship, the Trans Asia 1, will be the same. I was wrong. I thought I’d arrive at sometime 6:30 or 7:30. However, I arrived 9:10AM!!! My appointment at Infonet Cebu was at 9:00 so that we will be on time for our appointment with Lexmark at 10AM. Lexmark’s compound is in Mandaue City’s MEZ 2 (Mandaue Eco Zone). With a good deal of traffic, we will be running really late. As soon as I arrived at Infonet’s office, I only got 15 minutes of email check time, and coffee. After that, off we go to Mandaue.

Finally, Lexmark
We arrived at Lexmark’s compound deep inside MEZ2 at about 10:05AM and it’s raining hard. Lexmark’s compound is a sprawling 3,600 sq. meters, with 400 workstations, with only 6 people to manage the insfrastructure. The building’s white all over with green tint on the glass panels. Technicians and Engineers come to and fro oblivious of our presence. I couldn’t imagine how deep their pockets might be, working at Lexmark.

Then walked up the winding stairs to the second floor receiving area, and we were greeted by a guy wearing collared shirt and jeans. At first, I thought he was just asked to accompany us to the boss. Turned out HE IS THE BOSS. The big IT man. Not actually big heightwise. Just normal 5′+ in height, a bit on the chubby side. I thought Ok, here goes.

I introduced myself, and my colleagues followed suit. At first it was kind of a cold reception, a cold non-firm handshake from him. As a result, I shot my first question coldly, and barely audible. I offered him the printed technical white papers on Zenworks and SLES. He began poring over them. Then I asked if I could fire up my laptop to give my presentation. When he gave the go ahead, I’m into my playing field.

A Big Gotcha!
Im not really a marketing guy. I just read more than I should. Im interested with the products that the company I work for is pushing to the market. During the course of the presentation, he interrupted me a couple of times to ask questions. Some were quite detailed, some were just simple. I tried to answer them as best I can. He is the big IT guy, Im a techie selling tech stuff, and no admin. Just an enthusiast. He has wide admin experiences, I meddle with low end hardware and software (until I got this job). However, I got his attention without much fanfair.

At first, he was not really listening much into my presentation. As I get farther and deeper, he put down the printouts, leaned on the sofa, crossed his arms, and listened. He would sometimes interrupt me and move the slides himself on my presentation, which I obliged him to do so. No harm done. He asked details, details, details. I answered with details, details, details. I wasn’t really sure about some, but I tried to sound as convincing. I relied on my experience on the product I’m presenting. And what do you know, he asked for a demo. My colleague popped up the CDs from within the folders she’s having, and informed him of the demo duration. And guess what? He’ll keep in touch when they’re done with the test.

Parting Questions
After I finished my presentation, we said our thanks and goodbyes, and we proceeded to the lobby. It was still raining so we asked the guard to call taxi for use. We waited and then suddenly the cellphone of one of my colleague rang. It was the Lexmark IT Head. He was asking if I’m still with them. She said yes. He asked to hold up. He ran back to the lobby and asked me some more questions. It turned out that after my presentation, he went to search on Zenworks. And most importantly, he was looking at product reviews. GOOD THING! It just shows that he is really interested. I went along with him back to his workspace and looked at the article. E-Week. He got confused because E-Week used Novell Client for Windows in order to manage via Zenworks. I told him, that Novell Client is a general client for Novell products. Supports any client-server product from Novell. He said Ok. Informed him further that Zenwork’s client agents today are all fixed. The article was dated September 2006. It’s 2006. Updates were already made. He gave a further ok. Satisfied, he accompanied me back to the receiving area. I told him to contact us if anything turns out. We’d be happy to help. We can patch up directly to Novell Asia (Malaysia and Singapore) should anything will be unresolved on our end. He affirmed and all is well. We exchanged hand-shakes. However this time, it was warm and accommodating. That showed he was pleased with the presentation (rather I hope he was).

I went back to the lobby, the taxi was waiting, and we’re on our way back to the office.

Trip Back
My trip back will be via Trans Asia 1 still. I don’t care if it will arrive late. My work here in Cebu is done. One owned, and I’m satisfied.

Yep, its my birthday today. However, the day remains relatively normal and ordinary. I intend to go to the cathedral today at lunch time to offer prayers of thanks and light some candles.

This is my first birthday with my wife and our baby. Despite the absence of fancy food and otherwise useless material gifts, this birthday is the most special by far for very obvious reasons. I think it’s really true that as a man ages, his outlooks tend to widen most specially when it comes to matters of family. I could still remember during my previous birthdays that I would either go and buy something for myself, go splurge on the latest food cravings, or perhaps watch a movie, or buy something for my pc. I haven’t even thought of anything for my self today. Instead of buying something for my self, I’ll buy something for my baby. Things like baby vitamins, milk, more diapers, baby food, a simple present for my wife (say chocolates?), or what have you. But I will not definitely buy something for my self.

Guess I’ve gotten over my selfish pride? I dunno. However, I’ve definitely grown ‘wiser’. Have I aged? Definitely not. I’m still the same person, but wiser…

I just finished creating a simple how-to guide on installing SuSE Linux 10.0. You can post your comments here. Check out the page at this page

If the guide/how-to is helpful to you, please feel free to leave your comment here. Thanks!

I just created the first issue of The Adventures of Mookie Meekball. I know later on you will be able to releate with his travails and circumstances. However, read it now here

Here’s the Bellevue Linux Group’s 25 Reasons to Convert to Linux.

For those of you who has reservations and second thoughts of moving to Linux, read and comprehend. You’ll thank yourself later.

Visit BellevueLinux.org

Ian Howell has just put up some logically sound marketing rules for opensource.

Check it out http://blogs.alfresco.com/ianh/category/open-source-marketing/

I have also added his blog in the Blogroll just to keep up to new things.

I’ve heard this before but has never used or explored it — yet. I’m willing to take a look at this. Ever since I became a father to a baby girl of 5 months, I’ve been thinking what will happen to my child once she learns how to use the Internet at a very early age? I know it is the responsibility of my wife and I to watch over our child while online, aside from putting parental controls etc.

However, it is definitely not going to be enough. Despite all the parental control and web access control applications, a lot of “engineered” malicious applications and components still make their way into our computers regardless of how crafty we are, let alone plain users. That will mean my child will still be exposed to undesirables no matter what.

The “darknet” idea seems credible and logical. Definitely work looking into. Check out The Freenet Project

Just utterly amazing. A lot of advertisers were in a way “ripped off”. And somehow, I don’t think Yahoo, or even Google for that matter, has any way of checking if what their servers perceive as “clicks” to be valid user clicks. I’ve already foreseen this quite a while back. Pay-per-click advertising will in no way be profitable to advertisers.

Read the complete article at
BenEdelman.org

Wow… marketing guys really amaze me. I wonder what they would think of next? Perhaps “Loch Ness monster seen using Winblows!”. Could be.. could be..

BetaNews | MS: Windows More Reliable Than Linux

Another exploit… another day in the life of IE..

Nothing out of the ordinary. Still the same ol’ burlap sack IE.
Exploit Unleashed for IE Hole

With Xgl already released and Novell providing significant contributions to Xgl, plus Ubuntu already incorporated it in Dapper, I am relishing at the thought of having more than just a plain Linux desktop.

However, sadly, I wasn’t able to download Dapper’s Flight releases. And SuSE Linux Enterprise Desktop 10 is still no where in sight, I am currently downloading and going to take Kororaa Live CD for a spin.

Kororaa’s lead Chris Smart immediately created this demo sweetie after getting hold of Xgl last February and disappearing for a few days. Out of the public’s sight, he put together this sweetie for download. Visit http://kororaa.org/ for more of Kororaa.

As for Novell’s SuSE Linux Xgl foray, I tried contacting a Novell Tech Support partner in Malaysia hoping that he might have a beta of SLED 10. However, no reply as of yet. I’m also anxious to take this beastie for a spin. So what I did was visit Novell’s OpenSuSE.org site, and proceeded checking out for any how-tos in putting Xgl onto your current SuSE install. And found it i did! You can find it at http://en.opensuse.org/Using_Xgl_on_SUSE_Linux

As for Dapper, sadly I wasn’t able to download any of it’s flights. When I visited shipit.ubuntu.com to request for Dapper when it ships, the site is updating or upgrading or something like it so, no dice. My only chance to take a glimpse at Xgl firsthand will be through Kororaa, which by the way is Gentoo-based.

Can’t wait… can’t wait… will put a little review on Xgl when I manage to take it for a spin. CIAO!

Note: This is an update to my previous post. However, this post is courtesy of a good friend and mentor — Sir Botp — who studied the script I presented in the previous post. Every word in the succeeding article is HIS.

An Analysis of the “OnlyShowin” Script
by Sir Botp

on the first test run, i get,

botp@jedi-hopeful:~$ ./test
grep: OnlyShowin=foo1.bar: No such file or directory
grep: OnlyShowin=foo2.bar: No such file or directory
grep: OnlyShowin=foo3.bar: No such file or directory

the grep is treating the search text as part of the file name and is only searching for the beginning of line marker “^”. The test fails of course and therefore the text “OnlyShowin=GNOME” is always appended… which appears to work

on the successive test runs, the text is being appended _always,

botp@jedi-hopeful:~$ cat foo1.bar
test
OnlyShowin=GNOME
OnlyShowin=GNOME;
OnlyShowin=GNOME;
test
OnlyShowin=GNOME;
OnlyShowin=GNOME;

..ergo the original file is being bloated..

so we have the ff initial modifications again,

botp@jedi-hopeful:~$ cat test
!/bin/bash
for i in *.desktop; do
if ! grep -q ^OnlyShowin= $i; then # modified line
echo "OnlyShowin=GNOME;" >> $i;
fi
done

the modified line means, if you do not see the text “OnlyShowin=” at the beginning of the line, then append the text “OnlyShowin=GNOME” (the -q is silent mode)

this works without the errors but it will not append the text we want if
1 there is a space before OnlyShowin..
2 the line contains OnlyShowin=XFCE or anything
3 the line contains OnlyShowin=KDE. Therefore, if the line contains OnlyShowin=KDE, you cannot replace it with GNOME…

another modification again, we do not want to replace if GNOME is there

botp@jedi-hopeful:~$ cat test
!/bin/bash
for j in *.desktop; do
if ! grep -q ^OnlyShowin=GNOME $j; then # modified line
echo "OnlyShowin=GNOME;" >> $j;
fi
done

(note i replaced the “i” var with “j” kay na-igo ko sa “i or 1″ syndrome
Trans: (note i replaced the “i” var with “j” because of the “i” and “1″ syndrome

This works but it has problems with files containing lines like these,

botp@jedi-hopeful:~$ cat foo2.bar
OnlyShowin=GNOME
OnlyShowin=test;
OnlyShowin=KDE;

in the meantime, it may be better to do brute force na lang which will always work. We just remove the conditional…

botp@jedi-hopeful:~$ cat test
!/bin/bash
for j in *.desktop; do
echo "OnlyShowin=GNOME;" >> $j;
done

This works because the last setting always overrides.. but as expected, you get a bloated and dirty ends of files with

botp@jedi-hopeful:~$ cat foo2.bar
OnlyShowin=GNOME
OnlyShowin=test;
OnlyShowin=KDE;
OnlyShowin=KDE;

We can use awk to resolve and fine tune but i much prefer ruby… That will be for next time..

This might be very common for everybody else, however, I still posted this just in case somebody else is reading and is looking for a fix, a solution, or just something to read.

Just a note though. The method I’m stating below might not work with your setup. I’m using Ubuntu 5.10 Breezy with customized partitioning.

The original thing I needed was to have a dual boot system using Windows 2000 and Ubuntu. Although I really do not need to dual boot, an urgent need arose since I needed to have a working Windows machine to test the agent deployment of Zenworks 7 Patch Management Server.

To start off, I determined how I am going to go about my installations. It is much better for you to plan whatever you want to accomplish with your Linux box even before you do any install. So I decided to divide my 80 GB HDD into 2 partitions (actually 3 if swap is included). 20 GB will go for the Windows partition, 1 GB for the swap, and the rest is for Breezy.

Proceeding with the partitioning itself, I booted the Breezy Install CD, and typed “expert” (without quotes) on the boot prompt then pressed . When I got to the partitioning part, I chose “primary” then chose the mount point as “/windows”. I then chose the partition type as “FAT”. I then proceeded to create the rest of the partitions, choosing “primary” and then Resierfs, with mount point specified as “/”. And then also created the swap partition.

I did not continue the install process. Since it is in expert mode, I was presented with a set of menus where I can choose which portion of the install to perform. Since I already created the partitions, I scrolled down and chose to finish the installation. Then restarted. I then inserted the Windows 2000 install disc on the CD drive and allowed the disc to boot. Luckily, the disc booted without a hitch. Then when I got to the section where you need to choose which partition to install Windows to, I chose the FAT partition (the first partition I created on the Breezy install cd), disregarding my Linux partitions. I then allowed the installer to format the partition, then proceeded with the Windows installation as normal.

When the system restarted for the first time after completion, Windows started normally without a hitch. I then restarted and proceeded installing Breezy on the other partition as normal. Breezy install was able to detect the existing installed Windows and proceeded with the installation. After completion, I was presented with a white-text-on-black Grub menu allowing me to select which OS to boot. I guess everything went ok. I proceeded to boot with Breezy first, then booted with Win2K.

The problem started when I tried to install Rise of Nations on Win2K. The installer might have been corrupted that when it completed installing the game including DirectX 9 and restarted the system, I found Win2K no longer continues to boot. Instead the OS was messed up. Instead of finding out what went wrong, I decided to install WinXP instead.

Installing WinXP from CD went without a hitch. However, when I restarted after the install, I found out I can no longer see the Grub menu nor am I able to boot to Breezy. Although not at all shocked, I just hated XP for doing so.

Well, to rectify the situation, I pulled out Knoppix 4 (thanks Matt for this copy! it saved me lots of time) and booted on the minimal by typing “knoppix 2″ (no quotes) on the boot menu.

When Knoppix finished loading, I was greeted with the sweetest root prompt I’ve seen during the day. I then proceeded in mounting my second partition to the /mnt/hda2 directory. Knoppix by the way creates folders on the /mnt that matches your existing partitions however will not mount them. That makes it easy for you to mount your existing partition coz Knoppix uses the same name as your partition number.

Here’s what I typed:

root@knoppix:~# mount /dev/hda2 /mnt/hda2
root@knoppix:~# chroot /mnt/hda2


After mounting the Breezy partition, /dev/hda2, I chrooted to it via the command “chroot /mnt/hda2″ in order to perform the reinstallation of Grub into that partition.

I then proceeded in restoring Grub using the ff:

sh2xx:~# grub
sh2xx:~# root (hd0,1)
sh2xx:~# setup (hd0)


“root (hdo,1)” is our way of telling grub that our root partition is located in the second partition of our first hard drive. Grub by the way is 0-based so it starts counting from 0. So to tell grub we mean the first hard drive (hda), we tell it “hd0″. When we passed (hd0,1) we meant the second partition of the first hard drive.

Examples:
(hd0,0) - first partition of first drive
(hd0,1) - second partition of first drive
(hd1,0) - first partition of second drive
(hd1,1) - second partition of second drive

The command “setup (hd0)” was meant to tell Grub to reside in our hard drive. That’s it.
Then I exited from Grub’s interface by typing “quit” then “exit” in the bash prompt.

I then rebooted the system and found the old Grub menu back. However, when I chose the entry “Windows 2000″, Windows XP booted . No problem, it’s just the Grub menu entry not being updated. I can modify it by going to /boot/grub then editing the menu.lst file. But I didnt have the need to do so. So I left the menu entry alone, at least my box now boots both Breezy and XP without a hitch.

Note though that I use XP only as a test subject and nothing more . CIAO!

Have you ever found yourself scratching your head after you installed a second GUI in your Ubuntu box just because Gnome-only items were appearing on KDE, and KDE-only items appearing on Gnome? I’ve had that experience myself. I said to my self I better find a way to keep Gnome-only items within Gnome, and KDE-only items in KDE.

Googling paid off and found a little “hack” within the official Ubuntu forums. Sorry forgot the links. The original script was done on the command line. But I had problems executing the little script so I put it in a single file.

To do it, edit a file:

root@vine:/usr/share/applications# vi restr_toGnome

The code is:

#!/bin/bash
for i in *.desktop; do
if ! grep -q ^ OnlyShowin=$i; then
echo "OnlyShowin=GNOME;" >> $i;
fi
done

Save the file. Then allow the file to be executed:

root@vine:/usr/share/applications# chmod 0755 restr_toGnome

Execute the file like so:

root@vine:/usr/share/applications# sh restr_toGnome

The script might give you an error which says “No file or directory.” Just ignore this. Check your file (ex. less yelp.desktop) and check the end of the file if the line “OnlyShowin=GNOME;” without quotes is there.

To use the script for KDE, make sure you have KDE or kubuntu-desktop installed (apt-get install kubuntu-desktop). Then copy the script to /usr/share/applications/kde. Rename the file to restr_toKDE, then edit the file via vi. Change the “OnlyShowin=GNOME;” to “OnlyShowin=KDE;” then you’re set to go.

Execute the script like the first one and check if at the end of the .desktop file there’s a line that says “OnlyShowin=KDE;”.

Reboot and you’re all set.

It has been a very busy week for me. The previous week has been extremely busy since I was one of the speakers at the recently concluded “Here Come’s the Sun, a Cagayan de Oro Roadshow” which was held at Ballroom 1 of the Grand Caprice Restaurant at LimKetKai Mall.

I was of course asked to discuss about Novell as a company, and to discuss about Novell’s latest products the Zenworks 7 Suite, most specifically Zenworks Asset Management. A good friend of mine, Botp Pena, also talked about Zenworks Patch Management.

Sun’s x4200 server and x2100 servers were also showcased during that day, as well as Novell’s SuSE Linux distribution. Sun’s servers boasted AMD’s Opteron processors that supports both 64-bit and 32-bit concurrently in a single machine.

I was just amazed at the turnout of people from all over Northern Mindanao. Most of the attendees were admins, users, and curious techies wanting to take a glimpse at Sun’s new offerings as well as Novell’s new management tools.

The roadshow was actually my second time to talk in public, and infront of a lot of people. Although I’m kinda used to talking infront of crowds, but not THAT many. I’m just glad I got through it all without much of a hitch. The experience ws quite good, and I would certainly do it again when another chance comes.

Right now, I’m back to normal work, doing technical support work, some little research using Linux (I have to admit, I don’t know everything about this platform) and it’s applications. A lot of clients are interested about some things that I really haven’t tried yet. But everything’s cool, at least I get to try things first hand, then deploy them to clients. What a way to spend a working day… you get to do the work you really love.

Sad news, but hopefully this will only be temporary.

Bad timing. All the rallying and momentum that the Philippine Peso has made, and all the gains the economy is slowly getting, were all flushed down the drain. Investors are again jittery, apprehensive. The peso plunged sharply. And where will this put all of us that are common hardwordking, and tax-paying citizens? NOWHERE.

All the rally, politicking, coup, cha-cha, and all those shananigans do not, i repeat, DO NOT represent what the general Philippine populace really need. All those traffic-barring rallies, lousy and repetitive debates on cha-cha, grossly overdone politicking, only bring more and more hardship to the country. All these activities doesn’t even bring food to the tables of every family in the country. The only gain? PERSONAL. It is not the country who ultimately benefits from the activities of the people who are privy to these shananigans. They are doing these things for THEIR own benefit.

I am not a pro-Arroyo citizen and I am not against Arroyo either. All I want is to provide food for my family. But all these nonsense rallying, etcetera is not doing good for me, my family, my job, and the business of the company I work for. As far as I am concerned, after Marcos was toppled, the Philippines never really found true recovery. From then on, everything was downhill for the country. Regardless of who the president is, people will never really be satisfied. We keep crying “democracy”. Then when democracy manifests itself, we call it non-democratic simply because it is not what we expected it to be.

It’s just sad that a lot of them so called “freedom fighters” and rights activists guise their agenda under so called “people power”. It’s not even supported by the masses, “masses” in the truest meaning of the word. The word “masses” or “masa” has also been corrupted by power hungry politicians and spin doctors specially during the Estrada administration. The one they call “masa” doesn’t even represent the Filipino in its entirety. And those who are IGNORANT enough to be dazzled by the propaganda being brandished by these spin doctors, sing and dance to the distorted view (or even purposedly distorted) that these opportunists present. Sad. So sad.

And now, a portion of the military is also dancing to the very same tune that the stupid spin doctors are playing. Power hungry? ambitious? pretty obvious. It’s just sad that instead of doing good for the country, they only digging an even deeper hole for the country.

I only hope that Ms. Arroyo will not let this emergency state go for so long. Because if it will, I don’t think me and my family will survive the already hard atmosphere of the country. Leaving is a last resort and only to protect my family.

So Madam President, all of us humble workers in the country appeal to you. Do what you must for the mean time, but do it quick. Our wages are spread pretty thin that we might not be enamored to stay any longer and join others who left and helped another country to prosper instead of our own.

Enterprise Management Associates (EMA) has just concluded its study regarding Linux Management which was co-sponsored by Open Source Development Labs (OSDL) and Levanta.

The study entitled “Get the Truth On Linux Management” was conducted in response to Microsoft’s campaign, which some professionals refer to as “spreading more FUD (fear, uncertainty, and doubt) among current and would-be Linux adopters.

The study rebuts a lot of key ideas that the Microsoft campaign propagated regarding the use/adoption of Linux within the organization.

You can download the EMA study at http://www.levanta.com/linuxstudy/EMA_Levanta-Linux_RR.pdf

FasterFox is a good extension when looked at a user’s perspective. However, it becomes a pain on the neck for Web Admins since it will consume so much of your bandwidth in order to download portions of its website so it can cache it on the user side make it appear that the pages load faster.

As of FasterFox 1.0.3, the file “robots.txt” on the site being viewed is being checked by FasterFox whether it will prefetch the site for the viewer or not. Admins can now take advantage of this feature to block FasterFox from prefetching your site and conserve precious bandwidth.

All you need to do is add the following anywhere in your “robots.txt” file:

User-agent: Fasterfox
Disallow: /

The “robots.txt” file must be located on the root directory of your site ie (yoursiteordomain.com/robots.txt). You can fine tune the setting to allow or restrict Fasterfox in prefetching certain portions of the site.

Thanks to Skatter Tech for this.

If you happen to evangelize how safe Macs are (that includes me), then better change your sales pitch. Mac-based systems, specially Mac OS X, are now valid targets for trojan , virii, and malware authors.

Dreadful? Awful? I dont think so. It’s just proof that nothing is really invulnerable. A determined mind, or minds, lurk at the corners and just waiting for the right time to put his “craft” into action. And one person actually did decide that it is already the right time.

Behold Leap-A, a trojan-cum-malware that propagates thru iChat as a file called latestpics.tgz and spreads by sending itself thru to contacts in the buddy list. The file is a compresed Unix shell script. Unwary users will be prompted for Admin password/credentials in order to launch the code.

Mac users who are active in iChat, better not supply root credentials.

The trojan is also featured in The Register

I just came across this “blissful” article illustrating Linux beating Windows at booting on the Intel-based iMac.

The feat is obviously a good ring to the ear for opensource advocates. However, achieving this feat is not really as easy as one two three. It entails hacking the kernel, the elilo bootloader, and adding several drivers into the concoction.

The hardware used was a usb hard disk attached to a 17″ iMac Core Duo. The project members used the vesafb driver to inherit the bootloader’s framebuffer, keyboard, and to make the usb network card work.

Oh by the way, Gentoo was used to compile the modified kernel.

The project’s feature site is at
Mactel-Linux

Made a little button for Make Poverty History.org.

Anybody can use this in their site as long as you put a link here telling your visitors you got the button from me.

This is a very good article to read specially for employers looking to hire some good talent.

Reduce the Risk …Hire Programmers From Open Source @ LINUXWORLD MAGAZINE

SecurityFocus.com
Published: 2006-02-10

Two employees have been injected with RFID chips this week as part of a new requirement to access their company’s datacenter.

Cincinnati based surveillance company CityWatcher.com created the policy with the hopes of increasing security in the datacenter where video surveillance tapes are stored. In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access, a release from spychips.com said on Thursday.

read more at SecurityFocus.com

We felt the need to take a look at doing RAID 5 on an IBM machine and making it dual bootable with Windows 2000 Server and Novell’s SLES 9. And here’s what we found out.

Machine: IBM 226 eServer
CPU: 3.0 Intel Pentium 4 with HT
Memory: 1 Gb
Dual Booted OS: Novell SLES 9 and Windows 2000 Server Standard Ed.
Disks: 3x 73Gb SCSI Hotswap
RAID: RAID 5 (striping) using IBM Server RAID 6i add-on card. The builtin BIOS RAID only supports only RAID 1.

Initial observation:
Out of the box, the IBM Server functioned well using RAID 5 after initially installing Windows 2000 Server. The OS was installed by going through IBM’s bundled Server Guide in order to properly setup RAID 5.

We followed the setup with SuSE Linux Enterprise Server 9, allowing SLES to do the partition resizing through its partitioning tool. The partition we allotted for the Linux partition was about 50% of the resulting logical drive after implementing RAID 5. The chosen bootloader was Grub. First few reboots went ok for the day. The second day proved to be challenging.

On the second day, first cold boot went ok. On the second reboot, Grub refused to budge after selecting Linux in the graphical menu. Another restart and we chose to boot Windows, however, it too refused to continue. Only the Grub menu entry for the Windows partition was visible.

We opted to redo the whole setup. And still ended having the same results as the initial install.

We looked over to the BIOS and searched around, until my coworker Ray found something. He noticed the Parallel ATA setting was disabled. Selected it and enabled it. Then performed a restart. We chose to redo the whole setup on last time WITH THE PATA setting turned on.

Everything went on without problems. Installed Windows 2000 Server through the Server Guide, followed installing SLES 9 after that. Then tried a couple of restarts. No more Grub errors and no hung-ups. Proceeded installing a couple of packages & services for Linux. Added some more packages to the Windows 2000 install. Did some more restarts. The system proved to be stable.

Conclusion: Enable Parallel ATA (PATA)

A client came to us asking for help regarding installing his SuSE Linux Enterprise Server 9 on his new computer. Guess what? The machine wasnt able to detect the new SATA drive attached to the machine.

Thought it might be connectors, or even the BIOS. Turns out, the BIOS identifies the disk properly, and initializes it. However, when we tried to install Linux, the disk just seem to vanish without a trace - “No hard drives found.” Now, where could the darn disk be? Search again…

Lucky strike! I rechecked the mobo again, and found out that the new mobo - an ASUS P5V800-MX, uses the VIA8251 chipset for its southbridge. A southbridge is a chipset that manages basic input/output functions for USB, serial, audio, IDE, and ISA I/O (courtesy of WhatIs.techtarget.com) .

The VIA8251 chipset hasnt yet been fully integrated into the Linux kernel. Some forums over the net has experimented in modifying their distros and patched the kernel in order to make the 8251 chip work properly on Linux to be able to use SATA and/or PATA. However, results still vary and quirky at best.

Finaly word? The VIA8251 southbridge support might not be available on your beloved distribution. Make sure to check your distro’s kernel version. If you have kernel 2.6.15, chances are you will be able to use SATA. If not, better use IDE disks instead. Honestly, IMOO, SATA support is still relatively new and unstable. Its better to wait and let it mature and be fully supported by the next distro releases. Better yet, choose a mobo that doesnt use the 8251 southbridge chip.

Tested OS: SuSE Linux Enterprise Server 9, SuSE Linux 10.0
MoBO: Asus P5V800-MX

Side Note: SATA works well with SuSE Linux Enterprise Server and SuSE Linux 10 on the Sun Ultra 20 Workstation on an x64 Singlecore Opteron CPU .

Kama Sutra virus set to strike on 3 February
Thursday 2 February 2006

A worm is likely to cause some problems on3 February, though security researchers hope that by stressing the risks in advance, businesses may be able to avoid serious disruption.

The Nyxem worm, dubbed the Kama Sutra worm because of its enticement to would-be users through pornography, is programmed to overwrite all of the files on computers it infects on the third day of every month.

Although most antivirus vendors have issued updated definitions, Nyxem is still spreading rapidly, possibly because it is taking advantage of computers that have already had their antivirus software disabled by other viruses such as Bagle.
read more at ComputerWeekly.com

Since January 16, got a new job as Novell Suse Tech Support for a local computer company.

Got kind of busy helping admins setup the mailserver, dns, proxy, etc…

Will post significant updates later.

by Antony Savvas
Thursday 5 January 2006

The open-source Firefox browser now has almost 10% of the browser market, and is still taking market share away from Microsoft’s Internet Explorer browser.

Figures from web analytics company NetApplications show that Firefox, distributed by the Mozilla Foundation, had 9.6% of the browser market last December.

Read more… (Computer Weekly)

by Antony Savvas
Thursday 5 January 2006

A new version of the Sober worm is set to strike at midnight tonight to correspond with the founding of the German Nazi party and a major German political conference tomorrow.

A warning about the attack was issued by security software companies at the end of last year, after it was discovered that the previous version of Sober had been programmed to trigger new attacks on the internet.
Read more.. (Computer Weekly)

Now that my Linux box is kinda stable, I finally decided to put up my own webserver.

The decision didn’t come easy for me. First, there’s the thought of security and abuse. However, as far as I’m concerned, this is one project that I have been dreaming of for a long time. Now that I have the gear, the software, the little knowhow, I guess its high time to be on the roll.

What I have implemented so far is Apache 2.2. I think it is the latest stable (not sure), PHP 5.1 (latest stable), PHPMyAdmin 2.7, and I am still going to implement MySQL 5.0 Community Edition.

Im thinking of using Mambo or Plone. And Drupal also seems to be a good CMS. And sometimes, due to responsibilities and obligations, I rarely have time to evaluate a lot of good CMS and other tools. Maybe you guys can enlighten me on this. I could surely use your opinions .

Sure hope this setup will go along fine. CIAO!

Gaim 2.0 Beta was released weeks ago, and I only decided to get it now. Perhaps letting the “pie” cool down for a while before taking a slice.

I am not very keen on jumping down immediately onto latest release. I tend to sit down and wait for a while until I get what is considered latest. Same is my case with Gaim 2.0 Beta. It was released about 2 weeks ago, but I only got it last night. Something tells me that within the 2 weeks, there might have been minor changes so I decided to sit it out.

When I finished downloading the binaries, backed up the old .gaim folder, installed Gaim 2.0 and went about with the stuff it brought. Since I am a YM user, full VV support wasn’t yet available. Alhough I have to admit, Gaim 2.0 now feels a lot better to use than 1.5.0. Setting away messages is a breeze, enabling accounts is now in the menu bar, and some other internal changes. Over-all, it looks cleaner now.

However, the feature I’m looking for is still the -vv support. I’m still looking for the voice and video over YM. But I think it won’t be long now, and vv support will be present once the version freeze will take effect on Gaim 2.0 before releasing the full version.

Hope they’ll have it sooner than expected.

Happy New Year to all!

It’s been a few weeks since I have made another post. However, I’ve been really busy with so much things to do plus me and my wife are still trying to get used to family life . I forgot to write about my wife’s giving birth to our new bouncing baby girl - Rorie Kyne. I’ll put the details in here later.

Anyways, some little updates and/or news about me while offline. Hmmm dunno where to start, but here goes.

1. Applied as a Novell Suse Linux Tech Support/Trainer for a local computer distributor. (good as hired. Pay is not lucrative though but good learning environment. I can do R&D for Suse which is cool!).

2. Applied for Network Admin for a manufacturing group. (still need to hear from them for my final interview)

3. Doing a project for E-Soft Sdn. Bhd. Malaysia.They asked me to do designs for their product box and cdrom face/cd cover. (work in progress)

4. A Malaysian print firm (owned by the father of a close friend of mine) wants me to go over and help them design the King’s Book. YES, you’ve read it right! They want me to help design the yearly book report of activities and accomplishments of the reigning King of Malaysia - “Yang Dipertuan Agong”. (I still have to say yes on this. But my wife begs to differ. Oh well.)

5. A friend is asking me to market some of their custom-developed software. They’ve developed accounting/finance, school, inventory/ERP, and various other systems. They don’t have branding yet though, but will see what we can do.

6. Fixed some little quirks in the CSS layout and added some links to this blog. Will add more later. And some more articles. Will add late-breaking tech news (when I see cooler ones!)

Other than these things, pretty much nothing to put. Oh, I might be joining Deviant Art, but I dunno if I really have to. There are a lot of impressive artists over there . Nice place to learn too.

CIAO!

Finally, I was able to move to Firefox 1.5 on my Ubuntu 5.10 Breezy Badger. It was a bit harrowing for a while, but everything went on smoothly except for a little glitch on Chrome.

To make the move, I followed some steps posted by tadelste in Tom Adelstein’s site LXer which can be found here - http://lxer.com/module/newswire/lf/view/45917/

To try and make some extensions work with Fx 1.5, I referred to an article in Dan Cameron’s Blog “Scattered” (http://dancameron.org), to make some old extensions work on Fx 1.5 (that is if that extension was not ported to Fx 1.5 yet). But chances are, the extensions already have the Fx 1.5 equivalent.

The glitch I was talking about was when I add an extension, or start Firefox, a dialog appears saying that something cannot be installed because it there was some error registering to Chrome or something like that. I forgot to list it down. I’ll just put it in the follow-up post on my Firefox 1.5 use.

For now, I’m relishing the speed at which I’m surfing. Although not that fast really, but I noticed considerable difference between how fast the new Fx 1.5 worked compared to the Firefox 1.0.7 that came with Breezy.

No more memory leaks, and blazingly fast. Temporarily stops here. CIAO!

Thanks to Sir Botp for sharing this How-To and for allowing me to put it here for all of you to learn from. Procedure/steps performed and tested by Sir Botp. Texts, explanation/description were made by me.

You might be here because you are interested about the Ruby programming language. Actually, there are a lot of guides, how-tos, and tutorials for Ruby on the web. What this article is, is just a simple guide on installing Ruby on Linux from scratch. This article came about due to the need to know how to safely and properly install Ruby without a hitch into a Linux box. For newcomers to Ruby (and perhaps to Linux) just like me, installing Ruby properly might be cumbersome, tedious, or confusing at best, depending on your skill level. Good thing for me, I was able to find mentors and go-to guys regarding these types of problems. That is why I would like to thank and acknowledge the help of Sir Botp without whom this article will not be possible.

What is Ruby?
There are a lot of articles describing Ruby, and I leave it to them to fully describe what Ruby really is. To put it simply, and for brevity’s sake, Ruby is a fully Object-Oriented Scripting language. If you have heard of Perl or Python, Ruby is almost similar. However, Ruby has different roots than Perl or Python. Ruby is reminiscent of Smalltalk.

Born from Japan, through the sheer genius of Yukihiro Matsumoto, this fine gem of a programming language became a sensation and is fast becoming a huge player among scripting languages and is fast becoming a favorite tool builder for systems administrators, applications programmers, agile developers and the lot. And not only that, with it’s small size (only about 4Mb), within this tiny gem lurks power that only Ruby can provide at a fraction of the development time than you would using other programming languages. Sad to say this guide is not about how to program in Ruby. This is the installation guide. So, Lets Install Ruby!

Preparatory Steps
Prior to installing your latest Ruby version, it is much better to check if your system has one installed. You can do so by doing:

root@jedi-hopeful:~# ruby -v
ruby 1.8.2 (2005-11-28) [i686-linux]
root@jedi-hopeful:~# irb
irb(main):001:0> VERSION
=> “1.8.2″

If an old Ruby version exists on your system, you will need to remove the old version in order to prevent version conflicts. The steps that I will be using is for the Debian/Ubuntu distribution. There are different ways of removing pre-installed Ruby packages for every Linux distro which, I’m afraid will not be covered by this guide.

Removing Old Version Ruby
To remove the pre-installed Ruby version currently in your system, do the following:

root@jedi-hopeful:~ # apt-get remove ruby
Reading package lists… Done
Building dependency tree… Done
The following packages will be REMOVED:
ruby
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
Need to get 0B of archives.
After unpacking 98.3kB disk space will be freed.
Do you want to continue [Y/n]?
(Reading database …
24364 files and directories currently installed.)
Removing ruby …

Check again if Ruby still exists:

root@jedi-hopeful:~ # ruby
-su: ruby: command not found

When you get “command not found” then everything’s a go.

Getting/Downloading Ruby
There are a lot of ways to get a copy of Ruby source code. However, the safest bet would be to get it from the source itself - http://www.ruby-lang.org. They have the most recent source code packages you could find.

To download, just fire up your good ‘ol Terminal and type:

root@jedi-hopeful:~/download# wget ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz

–03:12:27– http://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz
=> `stable-snapshot.tar.gz’
Connecting to 10.2.10.4:3128… connected.
Proxy request sent, awaiting response… 200 OK
Length: 4,353,264 (4.2M) [application/x-tar]

100%[==================================================>] 4,353,264 69.15K/s ETA 00:00

03:13:31 (67.91 KB/s) - `stable-snapshot.tar.gz’ saved [4353264/4353264]

After downloading, extract the Ruby source code package:

root@jedi-hopeful:~/download # tar xvf stable-snapshot.tar.gz

Then change working directory to the extracted directory.

root@jedi-hopeful:~/download # cd ruby

Then do the rest:

root@jedi-hopeful:~/download/ruby # less README
root@jedi-hopeful:~/download/ruby # ./configure
….
root@jedi-hopeful:~/download/ruby # vi ext/Setup (or use pico/nano)
…
root@jedi-hopeful:~/download/ruby # make
….
root@jedi-hopeful:~/download/ruby # make test
test succeeded
root@jedi-hopeful:~/download/ruby # make install
….

root@jedi-hopeful:~/download/ruby # ruby -v
ruby 1.8.4 (2005-11-28) [i686-linux]
root@jedi-hopeful:~/download/ruby # irb
irb(main):001:0> VERSION
=> “1.8.4″

Links:
http://www.ruby-lang.org/en/
http://www.ruby-doc.org/docs/ProgrammingRuby/
http://www.rubycentral.com/book/preface.html
http://poignantguide.net/ruby/

I hope this guide is of use to you as it is for me. Enjoy, and happy scripting!

I finally made the switch to Ubuntu 5.10 “Breezy Badger” and ditched “Hoary Hedgehog”. For starters, there were quite some changes between Breezy and Hedgehog.

When I shifted, I didn’t do the “apt-get way” where one only needs to change “Hoary” to “Breezy” in your /etc/apt/sources.list declaration. I considered going that path to be time consuming, and a bandwidth waster specially since I only have a not so modest broadband link. Good thing a friend got hold of 5.10 ahead of me (sir botp already gave me a copy but didn’t try it. The one I got was the 5.10 distro set sent via snail mail/parcel.)

So, off I go backing up some important files, bookmarks and proceeded doing a complete re-install. I even used my ATI-Radeon 9200 SE (which by the way gathered dust on the shelf) for this experiment. You might be asking why I didn’t use the Radeon before in my Hoary. Well, the system hangs when I used the Radeon on Hoary, and acceleration isn’t a big issue for me so I did not use it. But this time, since Breeezy is new, I thought they might have fixed some bugs so I decided to put the Radeon in.

Everything about the pre-install phase went on smoothly as always until the time the system had to reboot to complete the installation. I expected a login screen to appear, but lo and behold, nothing happened. All I saw was a light grey screen with my mouse cursor displayed at the center. I tried to move the mouse, and it responded. However, I pressed the NumLock key several times and no response. Technicians know that kf the NumLock indicator doesn’t respond, chances are, your system already hanged. Though this problem is new to me, I suspected the Radeon, or perhaps the driver (ati) that came with Breezy might be the culprit. I remember the problem I had with this card when I used it with Hoary that caused me to ditch it in the first place.

What I did is reboot, press ESC while Grub is trying to load and went to Recovery Mode. I logged in using my account and tried su root but it keeps telling me “Authentication Failed” so I fired up sudo passwd root, changed the password to root and poof!, I’m on root. What I did next is to update, the driver for my Radeon. The default driver loaded was “ati” when I checked /etc/X11/xorg.conf.

Section “Device”
Identifier “ATI Technologies, Inc. Radeon 9200 SE (RV280)”
Driver “ati”
BusID “PCI:1:0:0″
EndSection

Next step is I did the following:

root@Ubuntu:/$ apt-get update
root@Ubuntu:/$ apt-cache search fglrx

apt-get update will update the package list that are present in the repositories declared in your /etc/apt/sources.list file.

apt-cache search fglrx will search for fglrx which is the driver package for ATI Video Accelerators.

After identifying the packages I need for my distro, I did the rest:

root@Ubuntu:/$ apt-get install xorg-driver-fglrx
:
:
root@Ubuntu:/$ apt-get install fglrx-control
:
root@Ubuntu:/$ dpkg-reconfigure xserver-xorg

Putting it short, I downloaded and installed xorg-driver-fglrx, fglrx-control, and then used dpkg-reconfigure to choose and use the newly installed driver for the graphics card and also make changes to some settings for X.

That’s the only hardware problem I encountered so far. And I think that problem’s solved.

What I found out also with Breezy default install is that a lot fo the icons were new, the Terminal is found on Accessories and not in the System Tools, there’s no Root Terminal in the System Tools menu that leaves the user only the Terminal to use with, added also is Serpentine Audio-CD Creator in the Sound and Video menu. Another obvious change is you can now add applications by clicking “Add Applications” button in the Applications menu which obviously is the “Add/Remove Programs” in System Tools in Hoary and it is now where “Run Application…” used to be in Hoary, you can now also edit the Applications Menu by using Applications Menu Editor found in System Tools menu, you can also now choose your language by using “Language Selector” in System/Administration menu, “Disks” and “Add Application” are also newcomers in the System/Administration menu.

One last observation I have with Breezy default is that it now comes with OpenOffice.org 2.0 which is good news for me.

So far those are still the only things I’ve observed to be obvious changes with breezy from Hoary. Perhaps a lot of fixes underneath the hood, but I seldom venture that far. I have so much things to do besides tinkering under the hood. As long as Breezy will be doing good, I’ll be sticking with it.

As soon as I’ll find some more oddities, new features, and I’ll problems with Breezy, I’ll put that in Part II. But for now, lets just wait, see, and keep using Ubuntu.

I have made another little twist to Tux’s clothing just for fun. Thanks again for Larry Ewing for putting the pics for the public. The base Tux artwork was the sitting Tux Larry Ewing made. See his art and other things at http://www.isc.tamu.edu/~lewing/linux/.

Click to enlarge.

Shantih! Shantih! Shantih!

It’s been a while since I made any updates here. Anyways, due to a bit longer holiday for All Souls and All Saints’ Days here in the Philippines, I managed to dress up Tux in the Higaonon Tribal costume. I was proposing it to the Kagay-anon Linux Users Group, which is a local LUG in Cagayan de Oro City, as a mascot.

Click to enlarge

Original Tux artwork was done by Larry Ewing(http://www.isc.tamu.edu/~lewing/linux/)

Boredom really brings the creativity in a person . Cheers!

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - Author

I had just started trying the Ubuntu Linux distribution (http://www.ubuntulinux.org/) and I have to admit, I’m beginning to like it.

However, I noticed that after default install, the display resolution only stays at 800x600. I’ve searched around for solutions and came across some articles advising on updating the video drivers (which makes sense). Since my video is a RIVA TNT2-compatible card made by Inno3D, I downloaded a driver pack from nVidia’s website that supports my video card. In my case, I got the file NVIDIA-Linux-x86-1.0-6111-pkg1.run which will install the necessary drivers on my system.

But following the steps outlined in Ubuntuforums (http://ubuntuforums.org) regarding updating Nvidia drivers didn’t work for me. And my only need is to make my video display resolution 1024x768, that’s it. So I searched around and came across forcing X to ignore the values provided by EDID.

For those who do not know yet:

EDID - Extended Display Identification Data is a VESA standard data format that contains basic information about a monitor and its capabilities, including vendor information, maximum image size, color characteristics, factory pre-set timings, frequency range limits, and character strings for the monitor name and serial number.

The information is stored in the display and is used to communicate with the system through a Display Data Channel (DDC ), which sites between the monitor and the PC graphics adapter. The system uses this information for configuration purposes, so the monitor and system can work together.

The latest version of EDID (version 1.3) can be used in CRT displays, LCD displays, and future display types because EDID offers general descriptions of almost all display parameters.

Definition courtesy of webopedia.com

To successfully ignore EDID’s reported values to our xorg.conf do the following steps (you have to make sure that your graphics card can display 1024x768 resolution):

goto command line: CTRL ALT F1

turn off display manager:
/etc/init.d/gdm stop { Gnome is default in Ubuntu; in KDE must be kdm }
you can prefix it with sudo just in case you are not logged as root. better to log as root to make sure =)

back-up xorg.conf: { just in case you end up having black screen on X }
cp /etc/X11/xorg.conf /etc/X11/xorg.conf.backup

edit xorg.conf:
pico /etc/X11/xorg.conf { I prefer pico =) }

refer to the ff and modify xorg like so:

Section “Device”
Identifier “your graphics card model”
Driver “your graphics card driver”
BusID “PCI:1:0:0″
Option “IgnoreEDID” “true” < < put this line if this is missing
EndSection

Section "Screen"
Identifier "Default Screen"
Device "your graphics card model"
Monitor "your monitor"
DefaultDepth 24
:
: {go to Subsection 24 to change resolution}
:
SubSection "Display"
Depth 24
Modes "1024x768" "800x600" << put this line replace old one
EndSubSection
EndSection

Save xorg.conf.

Restart display manager:
/etc/init.d/gdm start { or kdm }

Please note that when you try to use the command xresprobe “driver” , it will report the value that EDID reported and not the custom values you modified in xorg.conf.

Enjoy!

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy of some of the information that may be found within the article. - Author

THE MANILA TRIP
It has been quite a while since I added something to this blog. It is due mostly to my accompanying my sister going to Manila for a Visa Application Interview at the US Embassy. Although I was looking forward to a good trip, I rate the trip as so-so.

First off, the weather sucked when we arrived. Humid and hot, with sporadic rainfall. Add that to the perpetual pollution that Manila sports - a very far cry from my beloved Cagayan de Oro (which I admit is starting to have tell-tale signs of pollution - but is still prestine compared to Manila).

Second, as soon as the plane landed and we were on our way to my Aunt’s house in Quezon City, the big toe on my right foot started to hurt which became my Golgotha throughout the whole 2 weeks that we were there. Just imagine how hard it is limping your way around Metro Manila dodging fast-walking pedestrians and unscrupulous motorists! One kind of hell if you ask me.

Main purpose of the trip was basically for my sister to have her medical examinations at St. Luke’s Extension Clinic near U.N. Avenue in Ermita area on the 10th and then have her interview on the 19th of September. So we had about more than a week of boring wait. Despite my aching foot, we still roamed around the metropolis visiting SM (despite CDO having its own branch), went to DVSoria for some cheap trinkets and what-have-yous as pasalubongs (presents), managed to meet up with a “sis”,whom I knew way back during my Yahoo Messenger days (yes! I too do chatting once in a while), at Robinson’s Place Ermita. She even brought a present for her inaanak(godchild).

A day before the interview, we checked in at Miramar Hotel at Roxas Blvd., directly infront of the U.S. Embassy. That would allow my sister to go there early. The embassy is quite notorious for long lines of Visa hopefuls thus the decision to stay at Miramar.

At the end of the day, my sis got the pink slip (a sign of approval) from the embassy clerk - a sign that everything is a go for my sis for the US. I said to myself “It’s about friggin time! I need to go back to Cagayan to have my foot fixed up.” My bodyguard days finally came to an easing end to my aching foot.

BSA RAIDS and LINUX MIGRATION
Recently, the entire Philippines has been all shook up regarding “raids” supposed to be conducted by the NBI in coordination with BSA (Business Software Alliance) and the Optical Media Board. However, BSA/NBI/OMB issued statements which were highlighted at INQ7.net’s article, denying of any raid being conducted.

Many of the internet cafe outfits, business establishments and educational institutions were alarmed regarding the latest development. When I was in Manila for a few days, I observed a lot of internet cafes either closed, or displayed signages saying “Upgrading”, “Temporarily Closed”, etc… It’s like the Philippines has become an internet ghost town.

How the small internet cafe operators and other institutions react to this situation is quite astonishing. Instead of going for licensed copies of Microsoft software applications and its popular operating system Windows (which are the commonly copied software and used without proper license), they instead chose to install and use open source and free software in retaliation to the actions conducted clandestinely by BSA/NBI/OMB.

Small internet cafes and businesses are now using Linux and OpenOffice as an equivalent to Windows and MS Office as the most cost effective desktop solution. Their chosen Linux distros (distributions in techie jargon) are Mandriva, SuSE, Ubuntu, CentOS, Red Hat, and some flavors of BSD Unix distributions. Although their main concern for now is gaming support and compatibility with popular games currently running in Windows, it’s not long before these games will be running through emulators or ported natively to the Linux platform.

Internet surfing and chatting is very much alive in the Linux platform as well as support for new devices like printers, scanners, webcams, etc. With gaming aside, Linux can be considered toe to toe with Windows in terms of productivity.

With an ever stringent measures coming from Microsoft and other software companies regarding software use, you can bet that some of those who can’t afford rising costs of software to be looking to open source software.

Kagay-anon Linux User’s Group [KLUG] Tech Sessions Started
Recently, I attended the first Technical Session of the Kagay-anon Linux User’s Group of which I am a member. The group was formed sometime mid-August as an answer for calls on unity among Linux/Unix, OpenSource, and Free Software afficionados. The timing could not have been better. With the BSA/NBI/OMB raids looming on the horizon, the time is right for KLUG to shine in becoming a stalwart for Cagayan de Oro in educating the masses about alternatives to the popularly used Windows operating system and software applications that run on it.

For starters, the participants were mostly enthusiasts from colleges and universities, hobbyists, and some technical people employed in various private institutions who are eager to learn about developments in the open source community. Participants are very eager to try out open source software as a cost-effective alternative to commercial proprietary software. Not only do these softwares cost next to nothing, the support from developers and programmers all over the world is astounding.

With stable software releases being rolled out almost once every 1-6 months depending on distros, open source is surely keeping up with the times and most likely will become software of choice for many Filipino users looking for stable, cost-effective, and widely supported software.

For more information about KLUG - Kagay-anon Linux User’s Group, visit http://cdo.linux.org.ph

CNN.com - Web inventor: Online life will produce more creative children
Aug 30, 2005

(CNN) — Since he invented it more than 15 years ago, Tim Berners-Lee has watched the Web change the way the world communicates, works and learns.

He laid the groundwork for the World Wide Web in 1980 when he wrote a program called “Enquire” to help him organize his computer files with links. He later built on the idea and created a network of linked information that would be available to everyone across the Internet.

Today, Berners-Lee directs the World Wide Web Consortium at MIT, an organization dedicated to standardizing Web guidelines and components.

In a recent e-mail interview with CNN.com’s Lila King, the Briton, now Sir Berners-Lee, reflected on the impact of the online revolution and where he thinks it’s headed.
full story at CNN Tech

Creative’s patent award could hit Apple
Maker of portable music players says it has patent covering iPod technology; could go after Apple.
CNN-August 31, 2005: 7:02 AM EDT

LOS ANGELES (Reuters) - Creative Technology, a maker of portable music players, said it was awarded a U.S. patent that applied to Apple Computer Inc.’s iPod and other rivals.

Creative (Research) said late Tuesday it was considering its alternatives, but did not say whether it would file a patent suit, which is typically an expensive process, seek licensing agreements or whether if it had even talked with Apple.

Apple (Research) had no immediate comment.

Analyst Phil Leigh of Inside Digital said he considered the patent award a significant development for both companies.

“We consider it a dead certainty that Creative will go after Apple for royalties or some other type of compensation for what Creative will assert is infringement of its patents, currently and in the past,” Leigh said.

But Leigh said it was highly probable that Creative will have a hard time getting its “bite” out of Apple because the applicability of patents can be difficult to prove.

Creative’s shares jumped 2.5 percent to close at $7.94 on Nasdaq on Tuesday, while Apple’s shares rose 1.6 percent to $46.57.

Creative said the patent covers the way music tracks are selected on a device using a hierarchy of three or more successive screens. On the iPod, for instance, users can scroll from artists to albums to songs.

full story at CNN Tech

Hidden-code flaw in Windows renews worries over stealthly malware
Robert Lemos, SecurityFocus 2005-08-31

A flaw in the way that several security programs and systems utilities detect system changes could allow spyware to spread surreptitiously and have renewed worries about stealthier attack code.

“ Even though bots are often used for spyware, adware or other financially motivated activity, they are programmed as if they were just general-purpose utilities–for some reason they almost always go with the tried-and-true ‘Run’ registry key. ”

Joe Stewart, senior researcher, Lurhq

Last week, the Internet Storm Center, a group of security professionals that track threats on the Net, flagged a flaw in how a common Microsoft Windows utility and several anti-spyware utilities detect system changes made by malicious software. By using long names for registry keys, spyware programs could, in a simple way, hide from such utilities yet still force the system to run the malicious program every time the compromised computer starts up.

Already, some spyware authors seem to be playing with the rudimentary technique to try and hide their programs, said Tom Liston, a handler for the Internet Storm Center and a network security consultant for Intelguardians.

“We have seen indications that someone is trying this technique out,” Liston said. “Basically, we have seen code that is stuffing a key in the registry with a huge length. Yet, the author still doesn’t have it working.”

A Microsoft representative said that the company is investigating the report, but does not consider the problem an operating system flaw.
full story at SecurityFocus

Look closely at the left column and you will notice a wee little section called “Advocacy”.

There are certain idealisms, belief and principles that each of us uphold, and firmly belive on. Though I am not a direct advocate of campaigns and belief systems, I am putting the Advocacy section in support for such campaigns which I feel related to, and somehow believe in their ideals.

I made and added a custom 80 x 15 button for Open Source Initiative. You can download it, and use it as you like. Oh by the way, I only made it using MS Paint. Im lazy.

or you can copy and paste this code to your site:

<a href=”http://opensource.org/”>
<img src=”http://i4.photobucket.com/albums/y150/romar_micabalo/oss.jpg” alt=”OSS 80x15 button” />
</a>

You know sometimes, a person can overlook a lot of things. No matter how good you are at doing something, you will still fumble at it and end up disgusted with your self. Take my case for instance.

Somebody came into my parent’s internet cafe to have some documents printed out in short bond papers. The good customers’ man that I am, accepted her floppy disk(with a smile, my wife beside me of course armed with an occassional elbow nudge), inserted it into the drive and tried to open the file with the trusted double-click of the wee mouse.

Now wait a minute!

There must be something that I have forgotten to perform here. Hmmm… before I knew it, AVG yelled out regarding the floppy drive boot sector harboring a boot sector virus. To make things extra dramatic, AVG put the name simply as “Wyx” with an extra “!” to make it more impacting. Surely you can guess the expression on my face? Yeah, yeah, I slapped my forehead and whispered to myself “darn it!” and a less inconspicuous “ka-yawa ba sad!” (that’s the Cebuano version of “darn it”).

Well, I don’t want to delay the customers do I? So, i finished what they want done and gave them their diskette back (with a smile and a crispy “Thank you” as well). With that done, I’m off to a new task. Removing the nasty Wyx.

A lot of people doesn’t really consider Wyx as “nasty” as nasty goes. It is just a simple boot sector virus popularized during the ’80s and early ’90s. Some people even thought those kinds of viruses are gone, poof, nada, extinct. Well, you are wrong folks! Boot sector viruses are alive and well. Wyx is not THAT harmful since it doesn’t carry what can be considered as destructive “payload”. A payload is a sequence of code that will destroy any targetted system. Destruction will range from missing files, formatted drives, or deleted BIOSes. Wyx doesn’t do that. It just infects the boot sector of a hard drive or a floppy. However, once it infects the MBR (master boot record) it might corrupt (another term for destroy/harm) the FAT.

Now, now, I’m not talking about your momma’s belly you idiot! I’m talking about FAT or File Allocation Table. Your system won’t be able to deal with files and folders in your system without the FAT. Other computers use NTFS,CIFS,EXT,MacFS, WINFS, etc.. Most basic systems use FAT32. And elaborating further about it is another topic.

Anyways, there I was trying to remove Wyx off the hard drive’s boot record. The technician that I am, know an old technique to remove changes in the boot sector. It is by using FDISK. Now how do you do that? Make sure you boot from a clean bootable diskette usually using a Windows 98 Startup disk. Then you do this in the command line:

A:\> FDISK /MBR _

You can actually repeat that several times to make sure you remove the MBR virus.

After that, I restarted the system, and have AVG scan the system area. But wait! It’s still there! Amazingly, Wyx hung on for dear life and wasn’t removed by FDISK. Hmmm… I forgot, Wyx is a stealth and semi-polymorphic MBR virus. It can render itself invisible and may even modify itself later. Now this is certainly a little puzzle for me. I have to admit, its a bit unusual because to my experience, I managed to remove boot viruses before using only FDISK and this one didn’t even suffer a scratch.

“Just quit beating around the bush and on with the solution!”

Alright! alright! Sheesh! All I did was get a command-line antivirus scanner to do the job. Simple eh? Not quite. We have been so used to using GUI-based anti-virii, that we ignore command-line AV scanners altogether. My favorite way back then was Thunderbyte Anti-Virus. have you heard of it? If not, I guess I’m that old already. You may know it nowadays as Norman Anti-Virus (website). But I didn’t use it. I used F-Prot command-line anti-virus scanner I got from F-Secure. You can also get it at F-prot’s website. Before restarting your computer, make sure you got the latest anti-virus definitions from their site. the definitions are SIGN.DEF, SIGN2.DEF and MACRO.DEF. Each also has their own .ASC files. Don’t bother what these files are will you? Just get the damn updates. Then restart your computer using the clean boot diskette, then run F-Prot from where you installed it. You can use this line which is the one I used:

A:\> D:\YOURDIR\f-prot /HARD /DISINF

Just change D:\YOURDIR\ to the installation directory. /HARD will specify you want hard drive scanning. /DISINF will tell F-Prot to disinfect if possible.
Once it finds the virus, it will inform you to disinfect. And voila! bye bye Wyx!

But we are not yet finished. How are you going to prevent yourself from being infected? Well, scan the diskette first, and of course do not boot using infected diskettes. And one last thing, BACK UP your MBR. There are a lot of utilities you can use to play with MBR or you can use the DEBUG command to backup MBR. But beware, be careful when working with MBR or you will end up having to repartition/reformat it. Other than that, I believe my story’s done. Ciao!

MBR and other tools:
Starman’s MBR and OS Tools
F-Secure’s downloadable tools

Infos about WYX:
Symantec
F-Secure
McAfee

Abu Sayyaf behind Basilan ferry explosions–military chief

Aug 29, 2005
Updated 01:33pm (Mla time)
Joel Francis Guinto
INQ7.net

THE ABU Sayyaf is behind the bombing of a passenger ferry in Basilan province over the weekend that left 30 people injured, Armed Forces Chief of Staff Lieutenant General Generoso Senga said Monday.

“That is the consensus of all investigative agencies that are handling the case. That is the initial conclusion,” Senga told reporters at the military headquarters in Camp Aguinaldo.

When asked how investigators arrived at such a conclusion, Senga said, “[It was] based on the existing threat and the capability of the group to conduct such an atrocity.”

Investigators however have not determined if the Abu Sayyaf staged the blasts with the help of the Southeast Asian terrorist group Jemaah Islamiyah (JI), Senga said.

Meanwhile, Philippine National Police (PNP) chief Director General Arturo Lomibao announced the formation of a joint police and military task force to investigate the ferry explosion and hunt down its perpetrators.

“Definitely it was a terrorist attack,” Lomibao said, although he said he was not sure who did it after investigators briefed him at the explosion site in Lamitan town Monday morning.
Full story at INQ7.net

If you have read the news above, I’m sure you are thinking that what happened above is just another statistic, another desperate act from terrorists. Or is it?

A lot of people could still remember how much the military and the police prided themselves in announcing that they have the Abu Sayyaf on the run, prided on how much they cut their numbers to only a few, and that they have put up a number of intelligence networks way down south to keep tabs of any activities to be perpetrated by terrorists. Guess what? they failed. In my own opinion, they failed big time.

If anyone saw the TV reports last night about the Basilan bombing of a ferry full of innocent civilians, I know you’d also think of them being a failure. Failure of security measures, failure of intelligence, failure in tactics. All they have are hot air, hot propaganda, and 95% bureaucracy. I am airing this grievance as a tax-paying citizen. I am airing this grievance in support of the innocent victims of the bombing and their families. I am airing this grievance on behalf of all Mindanaoans who are caught up in this hulabaloo.

Even if we are not directly affected by the latest incident, we are still affected INDIRECTLY. As persons living in Mindanao, every city, every town, including the peaceful ones are affected. Media MISREPORTS incidents like this as occuring “IN MINDANAO”. And that is also UNFAIR to the rest of Mindanaoans. Our economy not only relies on good governance. As far as we know, one of the factors that affects our economy greatly is the media. Although press freedom is good, but a lot of the media DOESN’T PRACTICE BALANCED AND RESPONSIBLE REPORTING. Get your facts straight. If it happened only on a corner of Mindanao, then tell it like it is, and do not air it like it happened to the whole of Mindanao. Many investors backed down from engaging business and tourists from visiting progressing Mindanao cities and tourist spots simply because they were mislead by erroneous journalism.

Media, listen carefully. Our jobs, our economy here in Mindanao depends on your FAIR and BALANCED REPORTING. A part of Mindanao ISN’T THE WHOLE OF MINDANAO. Set your facts straight.

It kinda got me when I first learned I developed asthma. It was about 4 years ago, I got bronchitis and I dunno where the hell did that damn bronchitis came from. Maybe pollution, maybe the food, who knows. The doc told me that time it’s because of pollution and lack of exercise. Yeah right! And I’m supposed to be Samson.

Prior to having asthma, I’m active in basketball. But when I started fiddling with the computer, trying to finish school, that’s when I started to get symptoms of lung weakness. Coughs and colds came too often. What do you know! The Doc told me I got acute rhinitis too! Sheesh! Like, why don’t you just throw everything at me Doc! I gave him a break, trust me.

Well, where was I? Oh yeah, lung weakness. Everything became worse when I started to work. Working day starts at 9am and ends up well into 10 or 11pm. Then at home, rest never really came. Got things to fiddle with, so the clock ticks and before I knew it, its 5am. Sleep is until 7:30am. Do the math.

That means, lack of sleep, no exercise, and a dash of stress. Perfect formula for asthma. Couple that with the proverbial pollution from our fine, fine city thank you! I end up landing in a hospital room almost every 6 months for 3 years. Do I own the freakin’ hospital? Hell, no! Even the meds are a pain in the butt. Costing 1000 or more shmoolas! And I got no choice but to buy or else I’d be digging my grave pretty early. No way Jose!

I guess I pretty much wised up since then. But not everything’s changed. Some things still remain the same. Not much exercise but hell, if a man’s gotta go, then he’s gotta go. But I pretty much got a lot of rest lately. If I were you, better wise up too.

If you want to know more about asthma, better visit The Lung Association’s website about asthma. You’ll thank me for it.

Asthma Introduction: Management, Medication, Exercise, Nutrition - The Lung Association

Cross Site Scripting security hole found in phpwebnotes reported to Bugtraq.
Read the report at Security Focus

Robert Lemos, SecurityFocus 2005-08-26

UPDATE — Law enforcement officials in Turkey and Morocco arrested two men in connection with the recent release of the Zotob worm, the FBI announced on Friday.
Click here for Core Impact!

“ This case happened very quickly and was successful because of our international relationships and because of the support from Microsoft. If we didn’t have that cooperation, the investigation would still likely be going on to today. ”

Louis M. Reigel III, assistant director, FBI’s Cyber Division

Local authorities arrested 18-year-old Farid Essebar in Morocco and 21-year-old Atilla Ekici in Turkey on Thursday, according to the FBI. The U.S. law enforcement agency believes that Essebar coded the Zotob worm and the Mytob bot software, on which the worm was based, for Ekici, who allegedly paid the programmer.

“The Moroccan was responsible for writing the code,” Louis M. Reigel III, assistant director of the FBI’s Cyber Division, said during a Friday afternoon press conference. “He had a financial relationship with the Turkish man.”
Read more…

This morning almost became a disaster. I logged into my system only to find out that the text in the 3D interface objects were missing. I checked every application and saw that all of them displayed the “anomaly”. I suspected video drivers OR the Control Panel Desk.cpl file might be the culprit.

Off I go googling around looking for answers to make sure my hunch is right or wrong. Sometimes instinct really do come closer than we think. I found one entry after googling (sorry i forgot to copy the link), saying that some problems on missing interface text are the result of corrupted video drivers specially nVidia ones. However, that just doesn’t quite fit. I’m not using nVidia! I’m using an ATI Radeon-based graphics card. Surely there must be something.

So I stuck with my hunch it might be the Control Panel. I tried to open the Display Properties, and there it is - the dreaded message box saying an error with Control Panel’s Desk.cpl. Obviously, I only know two methods to relieve this problem. Either I restart the system, or update IE.

Hey, hey, don’t wince just yet. If you’re asking why update IE, well if you don’t quite know yet, IE and Control Panel are related. How did I know it? Google it and you will see. I messed up all of the Control Panel items once or twice. There was no entry in the Control Panel and I can’t add nor remove applications, make adjustments to anything in the Control Panel. I found something in Google at that time, that to try fix the problem of messed up Control Panel, re-install or upgrade IE.

But I didn’t go that far. I just clicked the wee little Start button and restarted the system. It’s quicker. Before I knew it, everything’s back to normal. If it didn’t, it would have been a whole different story.

So I finally decided to blog. The hell!

Last year, a colleague named Erbie and I talked about his friend in Manila who is passionate about blogs. I just gave him bland reactions regarding blogging. I told him..

“… I really don’t see my self having a blog. I dont see the sense in it.”

His only reply was..

“… well… “

followed by a couple of eye blinks. I guess I haven’t seen yet the need for it anyways.

As time goes by, jumping from forum to forum, site to site, reading publication upon publication, it feels like there are things I know that somehow needs to be shared. I tried making my site. Changed designs over and over until I grew tired of it. Heck, I can’t decide a design for my self yet I can make designs for others. Call me lazy, I’ll give you credit for it.

I guess blogging is not such a bad thing after all. Although I do have reservations upon what and what not to share. But a lot of things I learned really needs to be shared. Give me credit, I do love to share. That’s why I became a teacher earning 50 bucks an hour for 6 friggin’ years!

If you’re asking what to expect from this new project, I guess all I can say is STAY TUNED, WE’LL BE RIGHT BACK.

PEACE.