Browse the Internet Securely

Oook, I'm tired of the fear-mongering I'm seeing surrounding this non-sense about the recent security flaws in Java. First off, this stuff happens ALL THE TIME folks, no need to panic. If you feel like making yourself a nervous wreck, you can check out the government website which tracks ALL current vulnerabilities here:

http://www.us-cert.gov/cas/bulletins/

I know, scary right? Don't worry yourself, us computer geeks know how to protect ourselves against this stuff without fretting about it. Apparently it's time to share this information again. Don't worry, it's pretty painless.

Step 1) Almost none of you will want to do this. So don't. Get rid of Windows and install Linux. 98% of all the vulnerabilities on your computer are part of Windows. If you want to be rock solid secure from any hacker, this is where you start. In all actuality if you don't make yourself the target of a hacker, you don't really need to worry about it. I'll leave it at that. If you can't figure out how to install Linux, don't worry about it, k?

Step 2) Firefox PWNS all other browsers. Firefox has nearly ironclad security -within- the browser. It obviously is NOT going to protect you if you open up a virus in your email program. So, if you already have Firefox, great! Now update it. The very newest versions of Firefox now auto-update when there is a security update. If you don't already have Firefox, get it:

http://www.mozilla.org/en-US/firefox/new/

NOTE: Apparently everybody on the planet is downloading this stuff right now, you may have the pages time out a couple of times before you get through. Firefox served 5 million downloads in one day before, so it will be fine.

'But I LOVE Chrome.. Safari.. whatever..' Do you want to be secure, or not. The head of security for the NSA uses Firefox, get the picture? At least use Firefox for your daily browsing, and only switch to Chrome or whatever when you REALLY have to.

Step 3) We need to add a couple of things in to Firefox to make it rock solid. Note that things are going to force you to be aware of when you are trusting some new website to run scripts on your computer. That's ok. Once you tell it to trust Facebook and Yahoo and Google and stuff you use every day, you will find that you have completely forgotten about these things.. until you need them! The first one, you'll thank me for, AdBlock Plus:

https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
AdBlock Plus is going to speed up your internet, block all the stupid advertisements before you ever see them, and keep you from accidentally clicking something you shouldn't have, because it won't be there for you to click. The next one is the one that will be a hassle at first, but you'll forget it's even there after a while. NoScript:

https://addons.mozilla.org/en-US/firefox/addon/noscript/

Once you install this and restart Firefox, you will see a little yellow bar across the bottom or the top of the page that says 'Scripts Currently Forbidden...' on the left side with an 'Options' button on the right side. First things first, click the 'Options' button, and un-check 'Place message at the bottom'. Once you forget that this is installed, it's much easier if the bar appears right there at the top of the webpage. ;) Now click the little circly arrow in the Firefox address bar to reload the page, and the bar will be at the top of the page. Perfect!

So, what this does is automatically block EVERY script from running in your browser. Fortunately, you don't need to be able to figure out what all those scripts are. All you need to do is click the 'Options' button, then click 'ALLOW facebook.com' (for example), then NoScript will ALWAYS allow all scripts made by facebook.com! Woo-Hoo!! One more step for facebook. You should see one that says 'Allow fbcdn.net' This is another domain that facebook uses. Go ahead and allow it. Awesome! That's it, you never have to worry about Facebook working right again. The yellow bar will disappear until it sees something else on the Facebook website.

Why would it see something else? Two reasons. Either you go to a game or app you want to play.. or it's for advertising. Just use your common sense. If you try to play Farmville, you will have to allow Zynga the first time. You will NOT have to allow akamaihd.net. Akamaihd.net is an advertiser. Baaad advertiser!! To get rid of the yellow bar, click 'Options' then point at 'Untrusted' then click on 'Mark akamaihd.net as Untrusted'. Now NoScript will never bother you about that advertiser again!

That's it, it's a simple 2 step process

1) Allow the website, and it's other domains

2) Untrust any freaky advertiser domains.

If you somehow get yourself jammed up, you can always go back and trust yahoo or whatever you did to mess it up. Now if you ever get in a corner, and a webpage won't work (perhaps a coupon website that makes you use an advertiser??) You can click the 'Temporarily allow all this page' button. You may have to click it again when the page reloads, these advertiser people try to be sneaky and track you by making one script start another one, then another one and etc. Never EVER click 'Allow Scripts Globally' If you ever run into a website that says it needs global permissions, IT'S A SCAM!! Global Permissions let the script do whatever it wants to on your computer. -I- might allow it to test a script I am writing. -YOU- should never need to use it. If you ever run across a valid website (college or a bank) that claims they need it, write them a nasty letter. They are being lazy about writing their website correctly, and they should know better, in this day and age.

Step 4) Go to Add / Remove Programs, and scroll down to 'Java' Uninstall all of them. The older versions of Java stayed there on purpose, to make sure that business people didn't show up to work one day and discover that their programs they use were broken because something updated. You're not a business and the new ones auto-update (so you'll never have to do this again).  Uninstall them. K, now go here and install the new one:

http://www.java.com/en/download/manual.jsp

Now that we've got that out of the way let's check the other browser plug-ins:

https://www.mozilla.org/en-US/plugincheck/

Update anything that needs it. If you have junk at the bottom that says 'Unknown Plug-in', you probably don't need to worry about it.. but if you want to, knock yourself out.

Step 5) Pat yourself on the back for a job WELL DONE!! Seriously. It may not seem like much now that you've done it, but most people will put it off and forget, then call me and ask if I can come help them uninfect their computer in a few months.

If you like you can install a better Firewall, I recommend searching Google for ZoneAlarm. AVG makes a great free anti-virus program. The rest of it you really don't need to bother with. You should still steer clear of porno sites and other seedy websites, and don't give them your email address! If you feel yourself compelled to do these things, go back to step 1 and install Linux! :P

As I final note, Firefox really is an amazing thing. Install it on your android phone, and install ABP as well. Surf faster! Explore some add-ons and all of the cool features it has to offer! Enjoy, and peace out!!

Take action now!

Yep there goes the right to bear arms. Anyone catch all the 'Take action now' "NEWS' articles mixed in with the tragedy articles? This is precisely what Obama has been waiting for. (Feel free to read between the lines there.) They are jumping at the opportunity, tugging at the reigns. They're going to do whatever they can to disarm our populace.

Here's a thought.. Following the 911 tragedy, we required all pilots to carry handguns. Well then.. let's require all teachers to carry handguns. Nobody on the planet would be dumb enough to take on a teacher protecting her students with a Glock semi-auto.

Share this with everyone you know. If this doesn't catch on fast, God only knows what Obama is going to do to our constitutional rights.

Complete and Utter Fools are trying to run our Government

Have you heard of these Jokers from the Brady Campaign? ..the Mayors coalition against private handgun sales? These idiots (in true 'Blame Someone Else' fashion) are trying to blame the Columbine Massacre on.. hand gun sales. Yup, throw the second amendment out the window, We've got to make sure high school kids can't buy handguns. ..wait.. isn't that already against the law?

Anyway, here's my open letter, already signed, sealed and delivered:

You are all a bunch of bumbling morons. This is the information age, get a clue. You can't keep people from doing things by innocuously passing laws as a band-aid or stop gap. In this day and age people are going to find ways to do things. You want to teach them something? Teach them to be responsible with firearms. THAT'S the key that's missing in today's youth. You want to know why kids blow up high schools? Because no one in this 'nobody fails' government will allow the two kids to duke it out behind the library in the third grade.

Unfortunately, by doing this, you folks have basically 'screwed the pooch' on an entire generation. I can only see one way to actually repair the damage, and this is it.

Step 1) Force everyone in the country to carry a handgun.

Step 2) Watch society get really polite, really quick.

In a couple of months all the psychos and gang-bangers will kill each other off and everyone will be happy.

Let's just call that a win / win / win scenario.

Time to roll up the sleeves

Windows is hosed. The military has a special acronym for it. FUBARed. I wouldn't be a bit surprised at the '10,000,000 worms and counting' figure.

When you consider how buggy the code base is, it is simply not worth it. Even if it is free. Microsoft has spent more than a dozen years piling one layer of programming on top of another. Each time it has resulted in making Windows slower, burying bugs that may never be found by experts, and leaving old archaic code in place. Does anyone recall that Vista was SUPPOSED to be a total re-write? Windows is so hosed, even with the near limitless resources of Microsoft, they couldn't reverse engineer it. If it looks like a dead cat, feels like a dead cat, and smells like a dead cat.. it MUST be a dead cat. Windows is dead. Bury it in peace and move on.

Then there are the issues of following the best practices to make Windows secure. Root Kits and Ghost Ware are well over a year old now, and no one has come up with an all encompassing solution yet. So, step one to running Windows is to run it as a virtual machine. Preferably something distinctly non-Windows, such as OpenSolaris, Linux or Mac. Step two, you need to protect your documents and data, even if you are sure your machine won't get permanently hacked to pieces. Configure automatic updates for Windows and Office. Install real-time Anti-virus, then configure automatic updates. Install MS Defender (or whatever they're calling it this week) and configure automatic updates. Install real-time anti spyware, ad-ware, browser hijacking, etc, etc. protection, and schedule automatic updates. Install a firewall (that doesn't SUCK like the MS one does). Don't forget about updates. Keep tabs on all your anti-windows-bug software, so you can install a new one if your brand falls 'behind the curve'. If you want some protection from new threats, that nobody knows about yet, grab some sort of real-time registry and service lock-down software, and a sandbox to run everything in which you aren't certain is 100% safe (which is basically everything). So now you have a full time job managing the security of your desktop or laptop (god help you if you have 2 or more), your internet connection is constantly being jammed up with updates and checks for updates, and even the shiniest, fastest new computer starts choking on a simple 'cut and paste' routine. How many end users want to sign up for that joy ride? I'll tell you how many, the exact some percentage of people who did NOT return their OEM Linux computer. NO one else wants to deal with the learning curve or the commitment. They want it to just work.

I must make a completely separate category for the 'sprawl' of the Windows OS. Has anyone noticed that MS adds layers upon layers of programming code (essentially adding 'hoops' to each new version of windows) that slows even the most efficient programs down to a crawl? Unless of course you are using a brand new computer. I personally fully believe that IBM would have a decent lawsuit against Windows, and I think they could sue for OWNERSHIP. Bill left IBM on the supposed grounds that he wanted to develop an operating system that everyone could use, even on their old computers. Well, that lasted till Windows 3.1. After that, they started to pile crappy code on top of crappy code, instead of fixing things properly. That's why they now have a code base that they can't fix, and that's why we have the Windows OS trying to 'pack its butt into a pair of pants' smaller than 1.5 gigabytes. Absolute insanity.

So there you have it. It's time to put Ol' Betsy out to pasture, her milk has turned sour. Microsoft already has their 'Project X' operating system, or whatever they are calling it this week. My advise is that they start over with that nice clean core. Drop all the essential components to assembly language and freeze them. Permanently. Then they can impress everyone with the OS GUI Bill promised them a couple of decades ago.

While they are at it, they could impress those of us that are sick of their bull**** by finally converting to open document formats. Think of where the world could be today if the entire computer industry hadn't been forced to spend billions upon billions UPON billions of dollars trying to re-write everything they had every time Microsoft decided to 'pull the rug out from under them'. The days of changing document formats, and embedding web features that FORCE people to use Microsoft products is over. Microsoft is going to have to grow up, or get out of the game.

Finally, and for-most, the topic at hand.. Microsoft should give a Windows 7 upgrade away, and pray enough people buy the OEM version to pay for the development costs. While they're at it, they should cover their butts against releasing crappy software to lock features into the OS from Windows 3.11 to the present day. I'm certain there are a couple of class action lawsuits in there somewhere that nobody has explored yet.

In my (hopefully) esteemed opinion, Microsoft will face some dire roads ahead if they don't start changing the core ways they do business. Virtue has won out. Microsoft can't simply prey on the greed of small business ventures to buy the features they want anymore. The valorous code warriors of this era have integrity and honor, and are giving it away for the common good. I couldn't be more proud.

External Link

Oh Wow.

Ok, I give up. Microsoft is going to take over the world, and there is nothing we can do about it.

Ready for your Star Trek style desk that you just touch and move stuff around?

Nope you don't have to wait 200 years, it will probably be ready to ship by Christmas, if the prototypes are as good as they look. I am referring to the Microsoft Surface.

External Link

RE: Linux ready to replace Windows? Not yet

Some jerk posted a reply to an article on ZDnet that pissed me off. Here's my response:

On behalf of the Linux community.. Blow me.

Linux would be ready for the sheep.. er masses, if it wasn't for the licensing crap that M$ providers shove down their throat. Give one of the end users a computer and a windows cd, and see how long it takes them to get frustrated. People aren't used to windows, they're used to having all their applications and add-ons pre-installed so they don't have to deal with it.

They don't want to sift through setup options for windows, or install 6 hours worth of updates, or find their hardware drivers, or install and setup the antivirus and firewall programs, then install office and update it, then install acrobat and sun java and macromedia flash.

I'll guaran-F'IN-ty it. If they did, us resellers wouldn't make the meat of our money doing all that crap so business clients don't have to. It's an industry set up and maintained by M$ and friends' endless bevy of updates and upgrades. WHEN the SOFTWARE breaks, they call us to fix it.

Put me out of a job. Quit using windows.

Furthermore, and speaking of updates, if they would leave the document types the hell alone, the entire computing world wouldn't have to keep switching gears and 'reinvent the wheel' every FREAKING time M$ decides to add floating smiley faces or something just as idiotic to the Word document format. The bastards promised to go open document format years ago then never did. Adobe never will. They're just as bad, but hey I still curse Macromedia regularly for selling out to them.

..and who's the genius who made it ILLEGAL to burn cd's if you're not using Windows?? Talk about abuse of a technological patent. Someone should be thrown in prison over that one. I have no qualms about installing that software on my Linux machine. Let them come to my shop and try to do something about it. They'll leave walking funny and in dire need of a proctologist.

Linux has NOT spent 15 years trying to COMPETE with windoze. They've spent 15 years beating a stick against a concrete fortress. If all of this crap wasn't going on behind the scenes, Microsoft would be a page in history. They're code base is so screwed up THEY can't untangle it. The sheep of the world are paying top dollar for bloatware CRAP programming, and their money is being spent to keep the rest of the programming world in a permanent spin cycle.

Go go Corporate America!

Somebody make up a suitably despicable sounding name for Microsoft enthusiasts. I'm so sick of them I could wretch.

External Link

Clickjacking - solved before the skript kiddies can mount an offense!

Some of you have undoubtedly heard about the new zero hour clickjack attack. If you don't already have No-Script (and Ad Block Plus) installed.. what are you thingking?? Go to the Firefox add-on web site https://addons.mozilla.org/en-US/firefox/ and install it / them. Direct from the makers of No-Script for Firefox, here's how to lock down the vulnerability to keep yourself safe:

NoScript covers the most dangerous clickjacking attacks in its default configuration.

NoScript covers 100% on untrusted pages if you've got all the Plugins|Forbid... options checked (the only one which is not checked by default is Forbid IFRAME).

If you want protection also on trusted pages (which would need to be seriously compromised to be used as an attack vector) you just need to check Plugins|Apply these restriction to trusted sites as well.

I know exactly how the attack works but I can't tell you more than this, because Fx+NoScript is the only way to effectively protect yourself and we can't force everybody to convert ;)

External Link

Designed for the Linux Operating System

p1600b.jpg (JPEG Image, 1600x1200 pixels) - Scaled (72%)

External Link

Gnome Menu Editing - Mystery Cracked!!

After tireless questing and relentless diligence, I discovered a copy of the long lost 'Notes on menu editing in Gnome 2' from a mysterious website which vanished from the internet, http://www.redtux.demon.co.uk/docs/gnome_menu_edit_doc.20_6.html

I discovered an unexpected treasure, a hacked version of Gnome Panel which has the menu editing functions put back in gnome-panel-menu_edit-2.0.1.tar.bz2. I'm not sure yet how terribly valuable this is, but given the lack of resources in the area, it could be an invaluable key item. ..or just another useless patch.

Anyway, here's the long lost text I've been looking for in it's entirety. There's no copyright notice on it anywhere, so I would assume a generic 'in it's entirety' license, as opposed to public, if you're planning on copying it off anywhere. I'm certain I'm not the only who has gone searching for this document.. just the first to find it! :D Enjoy!

Gnome2 Menus

Notes on menu editing in Gnome2

This has been a problematic issue in gnome 2 leading to its complete removal between Gnome2 RC1 (gnome-panel-2.0.0) and gnome-panel-2.0.1 which will probably be the version in Gnome2 final.

So if you want to have panel based menu editing you will need to have gnome-panel version 2.0.0 (or my hacked version of 2.0.1 with menu editing put back in , all other packages should be fine.
The oustanding problem is dealing with gnome 1.4 desktop files.
The current spec for .desktop files depends on a Categories line in the file

Eg: Categories=Application;Network for galeon etc
In gnome 1.4 this information was provided by the sub-directory that the desktop file was in ie: for galeon the file was in Data directory/Network
In gnome2 there is a file called /etc/gnome-vfs-2.0/vfolders/application.vfolder-info (if gnome is built in a different directory prefix that to /etc), which is copied to $Home/.gnome2/vfolders when a succesful edit takes place.
This file together with the .desktop files per application and a .directory file per menu category determines the menu layout
The structure of application.vfolder-info is fairly simple

>/etc/X11/applnk/<;>

@datadir@/gnome/apps/


/usr/share/gnome/apps/



@datadir@/control-center-2.0/capplets/
@datadir@/gnome/capplets/

@datadir@/gnome/vfolders/

starts off with a list of directories to look in for .desktop files

Applications
Applications.directory

gnome-search-tool.desktop



Core


Merged

Then has a header entry defining the root menu followed by entries for each menu category eg: applications, with the display name being determined by the name field in the appropriate .directory file, which must be referenced here.
ie: for Accesories the Folder name will be Accessories referring to a file called Accesories.directory, which has a Name=Accessories field

This listing is then sorted alphabetically depending on the name field in the relevant .directory file
This is per level so sub-folders will be sorted seperately
Then the menu items are sorted in the same way depending on the name field in the ,desktop files included.

Accesories #name of menu category
     Accessories.directory# in prefix/share/gnome/vfolders
     


Application#words to look for all words in 
Utility # have to be in the file
   

System #cannot be in the file
   

additional keywords can be added inside Or brackets
These keywords which appear in the Categories line in gnome2
Desktop files determine where a menu entry appears.

I have two scripts on my http://www.redtux.demon.co.uk/docs which solve the problem by basically putting a Categories line in each legacy desktop file.

After this you just need to play around with $prefix/etc/gnome-vfs-2.0/volders/application.vfolder-info, a modified copy is at the same location.
The scripts are very simple, a bash script desktop_create1, which creates a list of files needing work, and a perl script, desktop_create which adds the line.
Both files can be amended to suit your system and taste.

Also neither do anything destructive.
Simply copy both files into the same directory.

Easy editing

(only applies to apps that generate good .desktop files and files modified by the above scripts, and not at all to gnome-panel-2.0.1)

To add menu item

Click on applications menu, move mouse to any item, right click, move mouse to entire menu , right click again, choose add new item
Fill in properties window as required

To delete menu item

Click on applications menu, move mouse to any item, right click, move mouse to entire menu , right click again, choose remove item
Fill in properties window as required

To add menu item

Click on applications menu, move mouse to any item, right click, move mouse to entire menu , choose properties
Fill in properties window as required

To move menu items

Open Nautilus
Find item you want to move to a different category, copy, move to directory entry where you want it to go, paste it.
Nautilus is liable to freeze but it works.

Hard(er) way but fullproof

Cp appropriate desktop file to your ~/.gnome2/applications/directory (or for a new one choose an appropriate file as a model) Edit the file for

Name=(descriptive name)
Type=application
Exec=(command)
Categories=Application;then other keywords from your ~/.gnome2/vfolders/application.vfolder-info

Works on all applications

Adding modifying new categories

Edit ~/.gnome2/vfolders/application.vfolder-info to taste following style of file (submenus created by nesting subfolders)
If you create a new category, create a new .directory file to match, primary location $prefix/share/vfolders/, use existing one as a model.
If you try to add,edit any old app menu item from the menu editor it will dissappear until you add the Categories field.
This works all the time, so if you want to edit menus in gnome2, this is how you do it, even if it seems a bit hacky.

Mike Martin
mike@redtux.demon.co.uk

26 June 2002

External Link

When Google Owns You | chrisbrogan.com

When Google Owns You | chrisbrogan.com: Just a quick reminder to all of us. In this blog, we see that Nick came back from lunch one day to find Google had locked his account. His ENTIRE account.. gmail, documents, web apps, adwords, everything. No explanation, and no recourse. Now it would appear that Google didn't have a secondary email account or phone number for him, so had no way to contact him. We learn in the second installment to Nick's dilemma, they had a very good reason for locking his account, they flagged a bogus charge of $490 and locked everything up for security sake.

The moral of the story? If you're going to depend on a third party for services, especially business class services as many of us do, backup, backup, backup!! You just never know when you're acount might get hit. This incident hit right between the eyes for thousands of people. I'm sure a large percent of people out there are playing around with Googles' various services, and are considering using them in their business. Some already are using them. You never know when some server glitch is going to erase half your email account, or documents stored online.

Throughout the responses to the blog (of which there are thousands) we find responses from Google Rep extraordinaire Matt Cutts. He passes out various links and tips for account recovery, security and etc. as pertains to Google services, but there is one that I found invaluable. Creating a backup for Your Google Account gives us advise on what Google services we should be keeping backups on, what services it would be wise to install a backup account in (in case the primary account gets locked out) and various other tips.

Read it. Heed it. Do it. Trust in the mighty Googles' services and prowess is no excuse to not prepare for disaster recovery. Once bitten, twice shy.. they say. I'll guaranty you Nick is backing up all his third party services now. ;)

External Link

Yet Another Microsoft Catastrophe

As all GOOD Systems Administrators know, You never touch any new product from Microsoft for at least the first year. At least that was the saying back in the old days. Recent opinion is don't touch it until they release service pack one. That way (cross your fingers) most of the security flaws and glaring non-functional items would be fixed before your desktop users were exposed to it. I'm sure most of us remember the hastles with SP1 for Windows XP. I had one system I had to downgrade to Win2000 because the Windows XP SP1 killed it, and Microsoft couldn't fix it.

Well, now SP1 for Windows Vista has been released to manufacturers. End users probably won't be exposed to it for a few more weeks now, but the initial feedback from 'the net' isn't promising. The best results I've heard is an operational test system (see - in a closet). It took over an hour, and five reboots, but it still runs, reports Adrian. The poor guy (George) in the article I'm referencing killed his laptop, and broke his desktop computer. Actually, that's why Adrian installed SP1 on a test system, because he didn't want to crash his 'in production' systems.

So.. once again Microsoft has flubbed up their initial service pack release. I'm not terribly surprised. I still refuse to support Vista, if I can get away with it. I've had a few clients purchase laptops with it, and none of them are happy. I'll just pat myself on the back, since I was smart enough not to implement it yet. The question is, should we change the industry standard, and wait for service pack 2 before implementing Microsoft solutions? I get throbbing headaches when I do a rollout, then five minutes later my phone starts ringing off the hook with reports of broken desktops.

I suppose this would be a good place to insert a promo for my favorite flavor of Linux, but I'll restrain myself, since all you need to do is read my blog to find out all you need to know on that subject. ;)

External Link

It's Official, Vista sucks.

eWeek just posted an article about how bad Vista sucks on new laptops here:

Cheap Laptops Bad for Vista, Good for Linux

Here is my response:

Im a VAR, and I can guaranty you Vista is slow on ANY laptop. We had one client buy a new Vista Home laptop because he couldn't hang with his old slow Win2000 one. Then he decided to pay us to clean out his old one for his wife. It had decent stats on it, so I wiped the hd and put XP on it. After installing office and antivirus and etc., the old laptop ran circles around the new Vista one. It was pretty rediculous, the old XP machine was WAY faster. I was just glad we hadn't recommended that he buy the Vista laptop, he did that on his own.

Now then, I also design websites, and do a lot of graphics and marketing stuff. So, about 6 months ago I bought a brand spanking new $3600 Dell XPS laptop with the fast hard drive, big graphics card and the whole nine yards (except the internal tv card, I heard they just drain the battery faster). Don't be too jealous, I waited 8 1/2 years between top of the line laptops. So, I was ecstatic when I got my shiny new laptop home.

What to do with a shiny new super fast WinXP laptop? Step one: update windows and office. Step two: install and update antivirus, a good firewall, live spyware and adware protection, Windows Defender, Firefox and script blocking applets.. and a sandbox for good measure. Step three: run around the house ranting and raving because your brand spanking new super fast laptop has all the speed and pizazz of a bowl of split pea soup. Still in the can.

Step four: Repartition your hard drive and install Linux.

I've been running OpenSUSE since day 2, and haven't looked back since. Screw Windows, My XP partition crashed three months ago (for NO apparent reason) and I never bothered fixing it. I'm recommending all my clients with any sort of security problems start migrating to Linux. Servers first, then the workstations as the need arises.

With a stable Linux distro and Crossover Office, there is no reason to maintain slow clunky security hole ridden Windows software. Ok, Quickbooks only has a Linux server, so there's one reason, but there are business accounting solutions in place in Linux, and the powers that be are predicting that Quickbooks is going to get they're butts handed to them if they don't come up with a Linux client BUT quick.

So there you are, hands on experience from a guy in the field with tons and tons of real world experience. Quit whining that Vista is ok. You are wrong, and 9 out of 10 conspiracy theorists believe that Microsoft pays you to troll websites promoting Windows anyway. ;)

External Link

Now it's Official

Well, now Comcast has jumped on board with Verizon and AT&T. Not only is it blatant, but it's hitting home. The bastards are officially screwing with the internet. I just contacted the Colorado State Attorney General about starting a class action lawsuit. Anyone else want a piece of the pie? The recommended payout being asked of the FCC is $195,000 per customer. No, that is not a typo.

Here's an artists depiction of what we can look forward to without intervention:

External Link

Save the Free Internet!!

Corporate bigwigs want to choke off free internet access and force you to use their canned services. Watch the video if you don't believe it. Then, go to the website and sign the petition. It's the least you can do if you consider yourself a 'netizen' or if you enjoy free speech on the internet.

External Link

Microsoft = Two Faced Bastards

In recent News, It has been reported that, due to Vista's new built in DRM (Digital Rights Management), Your average everyday company will go broke just trying to purchase and license the rights to STANDARD business software and Media.

They did finally release some of their source to Symantec and McAfee, so that they could better protect against new viruses. Mainly because no one in their right mind would trust Microsoft to do the job themselves. Goody for Symantec and McAfee, but what about all the other anti-virus providers?

You may recall a few months ago that Microsoft promised to work hand in hand with novell, to provide support for MS Office document architecture and Virtualization solutions, In SUSE Linux.

So NOW it seems Microsoft is back at their old tricks. Trying to dominate the world by making their software the only one you can use. The list of the companies indicting Microsoft includes some serious heavy hitters. IBM, Nokia, Sun Microsystems, Adobe, Oracle, Red Hat, Corel, RealNetworks, Linspire and Opera to name a few.

Among other things, Their 'open xml' document format, for MS Office documents is designed to run seamlessly only on MS Office products. That makes me really mad. This is following on the heels of them agreeing to release those formats to end the document incompatibilty that has plagued inter-office systems since.. well since Microsoft introduced MS Office for Windows for Workgroups 3.1. There are kids who can drive now that can't remember that far back.

They are also accused of creating their own (Microsoft only, of course) markup language to replace the internet standard, html. It's not bad enough that they have refused for years to make Internet Explorer totally www compliant, NOW they are going to be muscling businesses into writing their websites in Microsoft code, so you won't be able to browse those websites without using an Internet Explorer based web browser.

When will the madness end? It will serve them right if the global hacker communtiy hacks Vista to pieces, and infects it with undetectable root kits. I certainly don't plan to buy a copy of it EVER. Of course I'm sure I will need to, at some point some business client of mine will buy a computer with Vista on it. That's ok though, I'll just refuse to provide support until the client buys me a machine with Vista pre-installed on it. ..then locks the machine in a closet far, far away from any of my machines. ;)

At any rate, they've added yet more layers to the Vista operating System, so it will by nature run slower than XP by levels, and suck up more computing power. You know, Bill Gates left IBM to make his own company because they wanted him to make an Operating System that would only run on new computers. I think IBM would have a valid case to sue Bill for ownership of Windows. Talk about the pot calling the kettle black, yeesh.

End the madness, Use your Windows CD as a coffee cup coaster, and download Linux. I'm sure you all know I prefer Novells' SUSE Linux, but there are other flavors out there to pick from. Just be sure to warn your friends NOT to buy Vista, It's going to be a worse fiasco than Windows ME. ..and it may be illegal in the European Union anyway, the way things are going.

Rivals Attack Vista as Illegal Under EU Rules

External Link

Internet Explorer in Linux

Mua-ha-ha-ha!!

One of the problems with using Linux is that it becomes a pain in the rear to test web sites in Internet Explorer. There are also those pain in the @$$ web sites who REFUSE to switch from IE only coding to things more compliant. Well, Here's your solution. I'm using SUSE Linux 10.2, and this thing installed slicker than snot. I only wish I had ran across it first. :/ Oh well, I couldn't be happier now. :D

Download it, extract it, open a terminal and type ./ies4linux

That's it. The friendliest install script I've ever seen pops open, and tells you it's going to install IE6 and flash and etc. and asks if you would like it to install IE5.5 and IE5 as well.

I wish I had some sort of award thingy to give these guys, slickest thing I've found for Wine yet.

Woo-hoo!

External Link

Hacking OpenSUSE 10.2

Here is some more SUSE Linux goodness for your review.






Well, SUSE is about as rounded as it can get. It's perfectly acceptible for home and business use, and it's servers have developed a rock-solid reputation. Even the Mighty Microsoft has agreed to waive a few copyrights in the interests of keeping some standard file formats and such available in both worlds.

The everyday user should be quite happy with their install just the way it comes from the factory (or the free OpenSUSE download). Of course some of us enjoyed tweaking our windows to get it 'just so'. If you are one of those people, then this article is for you.

We still look forward to more integration with Windows. That's still in the works. Everything else you could want to do to hack your SUSE install, is explained in the article below.

The Link for this article may not work. At the moment, the entire domain softwareinreview appears to be down. I snagged the article off of Google cache so it didn't get lost entirely. Hopefully the site comes back up, but that doesn't help now. The article was written by someone else, but according to the creative commons license, it's ok to copy it in it's entirety, as long as you give credit. That's exectly what I want to do, so I'm copying it below. :)

*** The article is complete, including the original off-site links. I'm sure they're all ok, but I'm not responsible for them none-the-less. So :P

Enjoy. :)

---------------------------

Hacking openSUSE 10.2

Written by Jem Matzan

Dec 10, 2006 at 05:25 PM

Novell's openSUSE 10.2 is an exciting desktop operating environment that includes or supports nearly every program you need for work and play. But there are those last few programs and issues that make openSUSE just short of perfect. Web browser plugins for some kinds of online content; MP3, Windows Media, and DVD movie playback support; and drivers for Atheros wireless devices and Nvidia and ATI video cards are the chief things holding openSUSE back for some users. This guide will help you remove as many of those barriers as possible. Is this the right version of Hacking SUSE? This guide is for openSUSE 10.2. If you are looking for a previous version of this guide (SUSE Linux 10 or 10.1, or SUSE Linux Enterprise Desktop 10), you can find them in this directory listing of how-to articles on Software in Review. Why you need this guide openSUSE 10.2 -- as the name implies -- is comprised entirely of open source software. This guide primarily tells you how to install proprietary add-ons for which there are currently no free replacements. Generally this will require you to agree to restrictive software licenses. The DVD playback capabilities are in violation of the U.S. Digital Millennium Copyright Act (and similar laws in other countries), which many believe to be unconstitutional, unethical, silly, and a violation of consumer fair use rights (Click here for more information on DMCA reform). In other words, installing the DVD decoding software could be illegal where you live; therefore I'm not suggesting that you do it if it is, but the instructions are still here for educational and informational purposes, and for those who live in areas where DeCSS is legally acceptable. Furthermore, if you morally disagree with proprietary software and refuse to use it, this guide will be meaningless to you. Before you install If you are coming to this guide before installing openSUSE 10.2, you can make post-install configuration easier for yourself by downloading the Extras CD in addition to either the openSUSE CD set or the DVD. If you did not download this ISO and have not installed SUSE yet, go ahead and get it now from the openSUSE download page. Note that there is only one disc for both the 32-bit and 64-bit editions of openSUSE; this is because the proprietary extras are mostly 32-bit and will work with a 32-bit build of Firefox in the 64-bit edition. Issues related to bit-ness are addressed below where applicable. To add the Extras CD during installation, click the checkbox next to Include Add-On Products from Separate Media in the Installation Mode screen (it's after the license agreement), then follow the directions for adding the Extras CD. If you skip this step, you will have to restart the computer to get back to it -- there's no "Back" functionality for this screen. Near the end of the installation process you will be asked to set up some update servers. Most of that process is automatic, but you will be asked to look at a list of three installation sources and click the checkboxes for the options you want. Make sure you have marked the checkboxes for the /repo/oss/ and /repo/non-oss/ servers (these should be the first and third items in the list). Be warned that this entire repository installation process may take a long time -- anywhere from 30 minutes to more than an hour, even on a high-speed connection -- and you may have to retry some parts of it several times before they completely download. In some instances this process will fail; there is a section below that tells you how to fix it after installation is complete. If you've already installed openSUSE, don't bother downloading the Extras CD unless you plan on reinstalling -- just add the non-oss directory to your YaST software sources as directed below. Prerequisites This guide assumes you are using the traditional SUSE desktop environment, KDE. If you're using GNOME or a window manager, you're on your own as far as getting to the YaST utility and any other KDE-specific instructions. The majority of the information in this guide is environment-agnostic and you should be able to easily figure out how to translate the few KDE-specific steps. Hacking openSUSE 10.2 applies only to the x86 and AMD64/EM64T processor architectures. It does not cover the PowerPC architecture. If someone who has such a machine is willing to contribute a section specific to PPC, please email me at jem at thejemreport.com. The "CD not found" error before installation If you have a Core 2 Duo-capable motherboard and are getting an error message about the installer not being able to find the CD/DVD after you have already booted from it, the problem is likely with your IDE controller. In some modern motherboards, the parallel ATA controller has been taken out of the chipset and moved to a third-party drive controller. That third party is JMicron, and this problem most famously occurs in the Asus P5B motherboard, though other brands and models can be affected as well. First, it will help to do a quick workaround in your BIOS. Press the Del, F1, or F2 key to get into your system BIOS just after powering it on. There should be a message somewhere on the screen that tells you which key to press; if you are not sure, press all three repeatedly and you're sure to get there. Somewhere in the BIOS setup you should see an option for the JMicron drive controller ("Onboard Devices" in the P5B BIOS menu). Set it to AHCI mode, then save and exit the BIOS setup utility. Boot from the openSUSE 10.2 CD 1 or DVD. You'll still get the same message, but now you're better enabled to work around it. Press Enter to get past the error message, then choose your language in the following screen. That will bring you to the main menu. Use the down arrow key to select the Kernel Modules option and press Enter. In the next screen press Enter again to select the default option for IDE/RAID/SCSI Modules. In the long list that follows, find both the JMicron and the Generic IDE drivers, select them, press Enter, then press Enter again when you're asked for special options to pass to them. You will have to do this twice -- one time for each driver. When you return to the kernel module screen, use the Tab or arrow keys to select Back, and press Enter. That should put you back into the Main Menu. Now select the option for Start Installation or System and press Enter, then select Start Installation or Update and press Enter, and lastly select the CD-ROM as the source and press Enter. The normal graphical installation procedure will commence. If the above does not work, write down installation source mirror addresses from the link in the installation source section below and use them to install openSUSE over FTP. The only difference in the procedure will be to change the above instructions to select FTP instead of CD-ROM as the source. Adding sources to YaST By default, openSUSE 10.2 adds online software repository sources to YaST; previously you had to do this manually. There are still several third-party sources that may need to be added to bring your computer up to speed, though. To add sources, go into the YaST utility by clicking on the green chameleon menu icon in the lower left corner of your screen. Select the Computer tab, then scroll up and click on Administrator Settings (YaST). You'll be prompted for your root password. Go ahead and type it in and press the Enter key. You're now in YaST, and the Software category is already selected by default. Click on the Installation Source icon. This will bring up a window that will allow you to add software repositories so that you can download add-on software. You'll notice that your CD or DVD installation media is already listed, along with Web-based sources for OSS and non-OSS software and software updates. Make sure that "On" is listed in the Status field for your OSS and non-OSS Internet sources. If it is not, select the source, then click on the Source Settings button, then select Enable or Disable. To add a source, click the Add button, then click on HTTP in the popup menu. Add the following Internet addresses to the Server Name field and then click on OK (follow the directions below for the sections that apply to your situation): Windows Media, MP3, and DVD playback support Add this address: packman.unixheads.com/suse/10.2 You can also select a mirror from this list if the above address doesn't work or is too slow, or if you are not in the United States. When you add the above address and click Next, a warning message about an unknown GPG key will come up. Click the checkbox next to Do Not Show This Message Again and click Yes. The next screen will ask if you'd like to import the aforementioned GPG key. Click Import. Atheros wireless network devices Add this address: madwifi.org/suse/10.2/ When you add the above address and click Next, a warning message about an unknown GPG key will come up. Click the checkbox next to Do Not Show This Message Again and click Yes. The next screen will ask if you'd like to import the aforementioned GPG key. Click Import. Nvidia graphics cards Click the radio button next to FTP, then add this address: download.nvidia.com/opensuse/10.2/ When you add the above address and click Next, a warning message about an unknown GPG key will come up. Click the checkbox next to Do Not Show This Message Again and click Yes. The next screen will ask if you'd like to import the aforementioned GPG key. Click Import. Adding distribution software sources If you did not have an Internet connection when you installed openSUSE, if the registration of update servers failed, and/or if you did not use the Extras CD, you will need to add some Internet installation sources. While it may be automatic and convenient during the installation process, there is no documented way of getting YaST to set up sources on its own. To do it manually, find a local mirror in this list, and in the table for the mirror closest to you, copy-and-paste the link addresses for Installation Repository and Addon-NonOSS-Installation Repository into the YaST Installation Source screen (minus the "http://"). It will take several minutes for these to register with your system. Once they're in, make sure Status is set to "On." At this point you can disable the CD installation sources by clicking the Source Settings button and then clicking on Enable or Disable from the drop-down menu. To register an update server, click on Online Update Configuration in YaST's Software section. This process is automatic and requires only some obvious button-clicking on your part. Installing the extras When you're done adding sources, click the Finish button in the lower right corner. The new server addresses will synchronize with the ZEN Management Daemon, then the Installation Source window will close, bringing you back to YaST. Click on Software Management. When you get to the next screen, you'll see a search box and a big empty field on the right side of the window. In the search box, type in the search terms below and select the following packages that apply to your situation. When you've selected all of the packages you want to install, click on the Accept button to install them unless otherwise directed: The Flash, Java, and RealPlayer browser plugins These are all installed by default if you used the Extras CD. If you did not, then add the installation sources as instructed above, and search for and mark the following packages for installation in the YaST Software Manager: flash-player realplayer java-1_5_0-sun java-1_5_0-sun-plugin Proprietary audio and video codecs, and DVD playback capabilities Type in "w32" and press Enter. In the right-hand field, mark the w32codec-all package for installation. Go ahead and complete the software installation screen by clicking the Accept button. As soon as the process is complete, right-click on the ZENworks update icon in the lower right. It should look like a blue globe or an orange circle with an exclamation point in the middle (if there are updates waiting). In the small popup menu, click on Refresh. If you have not yet applied any updates to your system, you will be asked to add a privileged user at this point; follow the simple directions for completing this process and then click Refresh again. As soon as ZENworks is done polling the new server addresses you added, it will show some updates. Go ahead and install all updates by clicking on the ZMD icon again (it should be an orange circle now) and go through the obvious steps to apply the updates. You may notice that the xine-lib or totem-plugin packages are slated for removal; this is normal and expected. The last step is to add a DVD decoder. 32-bit users can do this by downloading the following RPM: http://download.videolan.org/pub/libdvdcss/1.2.9/rpm/libdvdcss2-1.2.9-1.i386.rpm. Right-click the link and save it to your desktop, then right-click it on your desktop, select the Actions section of the popup menu, then click on Install software with YaST. Theoretically you should be able to open it with "Install Software" as well, but that method does not seem to work for some people. Log out, then log back in again and you should be able to play DVD movies. DVD playback on 64-bit machines Instead of the 32-bit RPM listed above, you must download the DeCSS source code and compile it yourself. So right-click the following link and save it to your desktop: http://download.videolan.org/pub/libdvdcss/1.2.9/libdvdcss-1.2.9.tar.gz Now open a Konsole terminal by going to your chameleon main menu, then clicking on Applications, then System, then Terminal (you may have to scroll down the list a little to see it), then Terminal Program (Konsole). A Konsole window will come up. In it, type this command to switch to the Desktop directory: cd ~/Desktop Now you need to switch to root permissions: su It'll ask for your root password -- go ahead and type it in, then press Enter. Next, decompress the file you just downloaded: gzip -d libdvdcss-1.2.9.tar.gz Then unpack it from its archive by using this command: tar xvf libdvdcss-1.2.9.tar The file will un-tar to its own directory, so you can now safely delete the tar archive: rm libdvdcss-1.2.9.tar Now you need to compile the DVD decoding library. Change to the directory first: cd libdvdcss-1.2.9 And then run the configure program with this command (don't leave out the dot and slash): ./configure When it's done configuring, run the make command to build the files (if you don't have make or gcc installed, stop here and add them via YaST): make Finally, it's time to install the library: make install You can now safely delete the libdvdcss directory: cd .. && rm -rf ./libdvdcss-1.2.9 You now have DVD playback support. It won't work until your library path is updated. There are a variety of ways to do that, but the easiest is just to restart your computer. The Adobe Acrobat and Totem browser plugins WARNING: There is a reason why this section is where it is in this guide. If you added the Packman repo in a previous step, you probably had to remove the browser plugin for your video player. I said that this was expected before; now you are going to fix the problem. Search for acroread and press Enter. Click the checkbox next to the acroread package in the right-hand pane. Search for totem-browser-plugin and install it. Do not install the totem-plugin package; that is the old, broken package that doesn't do Windows media files. Theoretically you could install the vlc-plugin instead, but it seems to have more package overhead than the Totem plugin, especially for GNOME users. Use whichever you want -- they both do the same thing. The MPlayer plugin is no longer available through Packman for openSUSE. 64-bit browser plugins 64-bit users will have some trouble with the Java and video browser plugins because they are 64-bit by default, whereas Firefox in openSUSE is 32-bit by default so that it can better support proprietary plugins. I haven't had much luck trying to install i586 RPMs for these plugins in 64-bit openSUSE, but I did find that using the 64-bit version of Konqueror solved nearly every problem. Anything that wouldn't play or run in Firefox would play or run in Konqueror. Since Java Web applets are fairly rare, and most video sites are currently publishing in Flash or offer RealPlayer as an alternative, I suggest using Firefox for most things, and Konqueror (or Epiphany in GNOME) when Firefox can't play something. Atheros drivers Type in "madwifi" and press Enter. In the right-hand field, click the checkboxes next to these packages: madwifi madwifi-kmp-default Click Accept or skip down to the next appropriate heading to install more packages. You may be asked to agree to a license; you know the drill here. Now that you have the driver installed, you have to load the driver modules. You can do this from the command line by typing sudo modprobe ath_pci and pressing Enter, or you can simply shut down and restart the computer. Next, go into YaST again and click on the Network Devices tab on the left. Click on Network Card on the right. When the setup screen appears, click the radio button next to the User Controlled with NetworkManager option (it may be selected by default, depending on what method you selected during installation), then click Next. The next screen shows you a list of network cards. If you have a wired connection, it will already be shown as configured if you used it during installation. Your wireless network card will be shown as Not configured in the list, and it'll be named by its brand, model, and chip name. Click on the Atheros-based device, then click Edit. Click Next unless you have a static IP address, in which case you should know what to do here. The next screen sets the ESSID name and encryption options. If you have an open wireless access point, just click Next here, then click Yes, then click Finish -- you're done! If you have a restricted network, put in the appropriate settings here, then click Next, then Finish. To change between wired and wireless, or to change to a different wireless network, click the KNetworkManager in the lower right corner. It's usually between the clock on the Klipper icon, and resembles either a signal meter or a graphical representation of whatever device (wired or wireless) is connected. If there is no connection, it appears as an X. Nvidia video drivers Search for nvidia and mark the following packages for installation: nvidia-gfx-kmp-default x11-video-nvidia Click Accept or skip down to the next appropriate heading to install more packages. You may be asked to agree to a license; you know the drill here. Now open a Konsole terminal by going to your chameleon main menu, then clicking on Applications, then System, then Terminal (you may have to scroll down the list a little to see it), then Terminal Program (Konsole). A Konsole window will come up. In it, type this command to switch to root permissions: su - (The dash after the su command gives you the root user's environment path). Once you type in your root password, type in this command to load the module you just built (restarting your computer will do this automatically): modprobe nvidia Close all open programs, then press Ctrl-Alt-Backspace to restart the X.org server. You should now have hardware 3D acceleration. ATI video drivers WARNING: These instructions are only a placeholder for a future ATI driver release. If you are reading this paragraph, then ATI has not yet released a driver that supports X.org 7.2, which is what ships with openSUSE 10.2. Following the below instructions will cause X.org to fail to start. I am not sure if this procedure will work with an X.org 7.2-compatible ATI driver when one is released, but it should as far as I can tell. There is also an ATI YaST installation source that may work in the future, but does not currently have a driver that works with openSUSE 10.2. In other words, if you have a late-model ATI video card, 3D acceleration is unavailable at this time. The only workaround is to downgrade to an earlier X.org release, which is a lot of work and will ultimately be unmaintainable, so I strongly suggest that you either wait a few weeks for ATI to catch up to Novell, or choose a different GNU/Linux distribution that better meets your 3D rendering needs. openSUSE 10.2 ships with the newly revamped open source radeon driver. That may be fine for 2D rendering, but it doesn't do direct rendering for 3D graphics. To get hardware 3D acceleration (and for XGL support), you still need the proprietary ATI fglrx driver. To install the hardware-accelerated ATI driver, the following packages have to be installed. Some are installed by default -- check to make sure they're all there by typing these names into the Software Management's search box. If they are not there, install them and all of their dependencies before you continue: gcc make kernel-source kernel-syms compat-expat1 expat After that, open up a Web browser (it doesn't matter which one) and go to the ATI driver Web site. In the left field, click on Linux x86 or Linux x86_64 depending on which version of openSUSE you installed (x86 is 32-bit, x86_64 is 64-bit). In the middle field, click on the brand that matches your video card. For most people this will be Radeon or Mobility Radeon, though a small number of readers may have one of the other cards listed. If you are not sure which card you have, consult the documentation that came with either your video card or your computer. After you have clicked the link for your card brand, the far-right field will show a list of model numbers. Click the one that corresponds with your video card model, then click the little green GO button under the field. If you do not see your model in the list and it is an older card (the original Radeon or the Radeon 7000, for instance), openSUSE should already have hardware 3D support for it in the open source radeon or ati drivers. Right-click the green link that says ATI Driver Installer. It should be in the first row under the Download Link column. Select Save Link As (or Save Target As, or whatever it is in your browser of preference) and in the ensuing file dialogue, choose to save it to your user's home directory. If your username is onyxia, then save the file to the /home/onyxia directory. After the file finishes downloading, open up your home folder by clicking the house icon in the lower left portion of the screen. You should see the file you just downloaded among a few standard directories. Right-click on the ati-driver-installer file, then click Properties in the popup menu. When the properties window comes up, click the Permissions tab, then click the checkbox next to is executable, then click OK. Now open a Konsole terminal by going to your chameleon main menu, then clicking on Applications, then System, then Terminal (you may have to scroll down the list a little to see it), then Terminal Program (Konsole). A Konsole window will come up. Type this in and press Enter to make sure you're in the right directory: cd Now it's time to run the ATI driver program as the super user. But first, a note about long file names: When you have to type in a long file name, you don't have to type the whole name into a terminal window. Instead, you can have the terminal do the work for you. Just type the first few letters of the filename and press the Tab key, and the file name will be automatically completed for you. This is useful in situations like the one you're in now, where there is a long and complex file name to type in. This feature is known as tab completion. So type the following command into your terminal, and use the Tab key to complete the ATI driver file name, then press Enter to execute the command: sudo sh ./ati-driver The sudo command runs the command that follows it as the root user. You could also use the su command to switch to root, but it's easier to cut-and-paste if everything's in one line. The sh command runs a shell script, which is basically what the ati-driver-installer program is. The window will go blue and you'll be presented with a basic analysis of your computer's architecture and operating system. Don't worry if it shows your 64-bit system as "x86" -- that's a bug in the message. Press Enter to continue, then press Enter at the next screen as well. For some reason, as of this writing, the program will again show you the system analysis screen. Press Enter to get past it again. Welcome to the license agreement. Basically it says that you can't do anything with anything, ever, no matter what -- more or less a standard proprietary license agreement. Read it if you want, but press Enter to get to the next step, which is to agree to the license. Whether you agree or not, if you want to install this driver you have to press Enter here (Yes is selected by default). The next screen asks what kind of installation you'd like to perform. Just press Enter here. After that you'll see a brief progress meter that shows the driver's many little pieces being transferred to your operating environment. When it's done, you'll be asked if you would like to launch a Web browser. Since this only leads back to the ATI/AMD site, press the right arrow key to select No, then press Enter. A parting message tells you to run the aticonfig program. Don't bother with that -- all it does is overwrite your X.org configuration file, which you don't need to do because you have YaST to do it for you. Or more specifically, you have SaX2, the component of YaST that handles X.org configuration. You can't do sudo on this command because it won't allow access to your X session, so you will have to switch to root permissions by typing this and pressing Enter: su - The dash after the su command gives you the root user's environment path. Anyway, once you type in your root password, type in this command to load the module you just built (restarting your computer will do this automatically): modprobe fglrx Now type this in: sax2 -r -m 0=fglrx That brings you to SaX2 and forces it to use the proprietary ATI driver instead of the open source one that it wants to use by default. You may notice that your monitor settings have gone awry here; you may have to change the monitor, resolution, and color depth. Ideally you want the maximum resolution that your monitor is designed for (or slightly less if you like big text), 24-bit color depth, and make sure the checkbox next to Activate 3D Acceleration is marked (it's at the bottom of the window). When you're done, click OK. A popup message will ask if you'd like to test the new configuration. Click Save, then click OK. Close all open programs, then press Ctrl-Alt-Backspace to restart the X.org server. You should now have hardware 3D acceleration. The End And that's all you need to do to make openSUSE into a maximally useful desktop operating environment. Aside from running Windows and OS X binaries, openSUSE 10.2 can do everything that proprietary operating systems can and more. If you have trouble with the directions in this guide, or if you run into problems that aren't covered here, click the link below to visit The Jem Report's discussion forum -- we'll do our best to help you. Please note that you are not entitled to support through this forum; it is offered purely as a gesture of goodwill, so be nice, be patient, post in the appropriate forum topic, and try to describe your problem in detail. In return we promise not to demean you or call you a "noob." Discuss this article or get technical support on our forum. Copyright 2006 Jem Matzan. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.

External Link

Novell and Microsoft — Working Together for Customers

Well it's about time. It appears that my only reservation about Suse Linux has been ironed out. The two industry giants have called a truce and have promised to work together. The three main areas affected are:
1) Document format compatibility (MS Office and OpenOffice will be 100% compatible)
2) Virtualization (ie: running Windows stuff in Linux)
3) Web services for managing servers (ie: running both servers and managing them both at the same time)
If that's not enough, Microsoft is going to distribute coupons to buy Suse Enterprise to encourage people who want to use Linux to use Suse.
How could you POSSIBLY lose with that kind of endorsement? If you've got money, buy Novell stock while it's (relatively) cheap.
Novell and Microsoft — Working Together for Customers

External Link

Whois Hijacking

Security Watch from PC Magazine - Squatters Jumping Claims To Domain Names: "Whois Hijacking"

Have you ever researched an Internet domain, waited a bit and then, when you go to buy it, it's gone? You may have been a victim of whois hijacking.

Through a mechanism not yet well understood, some domain squatters are able to get information on domain lookups, which are performed using a protocol named "whois". They use it to quickly—and automatically—register the domain. This practice is usually combined with domain tasting, so the domains may be available again before too long.

In the meantime, the squatters put up an ad page on the site. If it gets hits, they keep the site. They also usually put up a link through which you can buy the site from them (at a vastly higher price than if you had gotten it first).

What can you do? Until there is a good understanding of how the whois requests are intercepted, all you can do is to move quickly to register domains once you see they are free. It's likely that some domain-checking services are more secure than others, but there is no reliable way to tell which ones they are.

External Link

They're HEEEEERE!!!

Remember my rant about unstoppable rootkits? Guess what? Yup, you can unplug your Windows machine and use it for a planter now.

Rootkits get better at hiding | Tech News on ZDNet: "Rootkits get better at hiding"

Here's a copy of the text, in case the news article goes down some day:

A new Trojan horse is so good at hiding itself that some security researchers claim a new chapter has begun in their battle against malicious-code authors.

The new pest, dubbed "Rustock" by Symantec and "Mailbot.AZ" by F-Secure, uses "rootkit" techniques crafted to avoid the detection technology used by security software, Symantec and F-Secure said in recent analyses.

"It can be considered the first born of the next generation of rootkits," Elia Florio, a security response engineer at Symantec, wrote in a blog late last month. "Rustock.A consists of a mix of old techniques and new ideas that when combined make a malware that is stealthy enough to remain undetected by many rootkit detectors commonly used."

Rootkits are considered an emerging threat. They are used to make system changes to hide software, which may be malicious. In the case of Rustock or Mailbot.AZ, rootkit technology was used to hide a Trojan horse that opens a backdoor on an infected system, putting it at the beck and call of an attacker, according to Symantec.

In their continuing race with security software makers, the creators of this latest rootkit appear to have looked closely at the inner workings of detection tools before crafting their malicious code, said Craig Schmugar, virus research manager at McAfee, which calls the pest "PWS-JM."

"Security companies are trying to stay one step ahead of the bad guys, but the bad guys already have the technology that is available from the security vendors," he said. "A number of techniques have been combined to really strengthen and harden this particular threat. They have done a pretty good job at closing all the doors."

The mixture of cloaking methods makes Rustock "totally invisible on a compromised computer when installed," including on a PC running an early release of Windows Vista, Symantec's Florio wrote. "We consider it to be an advanced example of stealth by design malicious code."

To avoid detection, Rustock runs no system processes, but runs its code inside a driver and kernel threads, Florio wrote. It also uses alternate data streams instead of hidden files and avoids using application programming interfaces (APIs). Today's detection tools look for system processes, hidden files and hooks into APIs, according to Florio's post.

Additionally, Rustock defeats rootkit detectors' checks for the integrity of some kernel structures and the detectors' efforts to detect hidden drivers, Florio wrote. Furthermore the SYS driver the rootkit uses is polymorphic and changes its code from sample to sample, according to the blog posting.

Still, chances of people being attacked by this rootkit and its malicious Trojan horse payload are slim, experts said. "People are blogging about it not because it is highly prevalent, but because of the challenges it poses to existing rootkit detection tools," Schmugar said. Symantec and F-Secure also both state the threat is not widespread.

F-Secure updated its BlackLight rootkit detection tool that can detect current versions of the pest, the company said in a blog. Symantec and McAfee are still working on tools to detect and remove rootkits from computers.

External Link

The Newbie's Guide to Detecting the NSA

27B Stroke 6:
The Newbie's Guide to Detecting the NSA
It's not surprising that an expert hired by EFF should produce an analysis that supports the group's case against AT&T. But last week's public court filing of a redacted statement by J. Scott Marcus is still worth reading for the obvious expertise of its author, and the cunning insights he draws from the AT&T spy documents.

An internet pioneer and former FCC advisor who held a Top Secret security clearance, Marcus applies a Sherlock Holmes level of reasoning to his dissection of the evidence in the case: 120-pages of AT&T manuals that EFF filed under seal, and whistleblower Mark Klein's observations inside the company's San Francisco switching center.

If you've been following Wired News' coverage of the EFF case, you won't find many new hard revelations in Marcus' analysis -- at least, not in the censored version made public. But he connects the dots to draw some interesting conclusions:

* The AT&T documents are authentic. That AT&T insists they remain under seal is evidence enough of this, but Marcus points out that the writing style is pure Bell System, with the "meticulous attention to detail that is typical of AT&T operations."

* There may be dozens of surveillance rooms in AT&T offices around the country. Among other things, Marcus finds that portions of the documents are written to cover a number of different equipment rack configurations, "consistent with a deployment to 15 to 20" secret rooms.

* The internet surveillance program covers domestic traffic, not just international traffic. Marcus notes that the AT&T spy rooms are "in far more locations than would be required to catch the majority of international traffic"; the configuration in the San Francisco office promiscuously sends all data into the secret room; and there's no reliable way an analysis could infer a user's physical location from their IP address. This, of course, directly contradicts President Bush's description of the "Terrorist Surveillance Program."

* The system is capable of looking at content, not just addresses. The configuration described in the Klein documents -- presumably the Narus software in particular -- "exists primarily to conduct sophisticated rule-based analysis of content", Marcus concludes.

My bullet points don't come close to conveying the painstaking reasoning he lays out to back each of his conclusions.

Perhaps the most interesting -- and, in retrospect, obvious -- point Marcus makes is that AT&T customers aren't the only ones apparently being tapped. "Transit" traffic originating with one ISP and destined for another is also being sniffed if it crosses AT&T's network. Ironically, because the taps are installed at the point at which that network connects to the rest of the world, the safest web surfers are AT&T subscribers visiting websites hosted on AT&T's network. Their traffic doesn't pass through the splitters.

With that in mind, here's the 27B Stroke 6 guide to detecting if your traffic is being funneled into the secret room on San Francisco's Folsom street.

If you're a Windows user, fire up an MS-DOS command prompt. Now type tracert followed by the domain name of the website, e-mail host, VoIP switch, or whatever destination you're interested in. Watch as the program spits out your route, line by line.

C:\> tracert nsa.gov

1 2 ms 2 ms 2 ms 12.110.110.204
[...]
7 11 ms 14 ms 10 ms as-0-0.bbr2.SanJose1.Level3.net [64.159.0.218]
8 13 12 19 ms ae-23-56.car3.SanJose1.Level3.net [4.68.123.173]
9 18 ms 16 ms 16 ms 192.205.33.17
10 88 ms 92 ms 91 ms tbr2-p012201.sffca.ip.att.net [12.123.13.186]
11 88 ms 90 ms 88 ms tbr1-cl2.sl9mo.ip.att.net [12.122.10.41]
12 89 ms 97 ms 89 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
13 89 ms 88 ms 88 ms ar2-a3120s6.wswdc.ip.att.net [12.123.8.65]
14 102 ms 93 ms 112 ms 12.127.209.214
15 94 ms 94 ms 93 ms 12.110.110.13
16 * * *
17 * * *
18 * *

In the above example, my traffic is jumping from Level 3 Communications to AT&T's network in San Francisco, presumably over the OC-48 circuit that AT&T tapped on February 20th, 2003, according to the Klein docs.

The magic string you're looking for is sffca.ip.att.net. If it's present immediately above or below a non-att.net entry, then -- by Klein's allegations -- your packets are being copied into room 641A, and from there, illegally, to the NSA.

Of course, if Marcus is correct and AT&T has installed these secret rooms all around the country, then any att.net entry in your route is a bad sign.

External Link

Novell ZENworks and Groupwise on the chopping block. Literally.

Novell's 66 yr old CEO was asked to step down. While Novell's revenue on Linux is only at 4%, the future of Suse Linux is secure. However, don't count on ZENworks and GroupWise being around much longer.

Excerpt:
Last fall, these investors wanted Novell to divest its "noncore businesses," such as ZENworks, GroupWise and Cambridge Technology Partners. Both also want Novell to become more of a leader in Linux and identity management through joint ventures and selective acquisitions.

Given this public opposition and Novell's recent lackluster financial results, few were surprised when the board dropped the ax on Messman. The former CEO himself though had intended to stay the course.

Here's the full article:
http://www.eweek.com/article2/0,1895,1980300,00.asp

External Link

We are slaughtering wolves in Alaska

I have a couple of things on the back burner that need posting, but this just came across my desk, and I want to get the word out now.

- T
--------------------------

It will take no more than 30 seconds out of your life to sign this petition and stop a horrible injustice. The slaughter of wolves in their last refuge, the wastelands of Alaska. On your honor, do it now:

http://www.thepetitionsite.com/takeaction/867854889

If you want to take the time to read more, here's my take on it, just don't delete this email until you've gone to the link above and signed it:

We are massacreing wolves living in tight knit family units in Alaska. I feel like throwing up when I think about what the surviving wolves must think of us humans. I am completely outraged. We are responsible for them as the caretakers of the earth. We are breaking almost every virtue there is. Trust, honor, valor, justice.. all right out the window. What is the motivation behind this? Greed? Avarice? This must stop, NOW!

Forward this to everyone you know, I did. Everyone I am sending this to knows I NEVER do that, but this time, I am. You took the time to read this much, now do something about it.

- T

-------------------------------------------
Here is a copy of the email I received:

Alaska's wolves won a temporary reprieve when a state court recently ruled against the state's aerial gunning program. But Alaska's Board of Game has already taken emergency action to reverse the court's decision, and as of January 26th, the state was once again able to issue aerial gunning permits for wolves.

Twenty-four wolves have been killed this season alone. More than 400 wolves have been killed over the past 3 winters and the new plans target approximately 400 more.

Aerial gunning is a brutal practice. Marksmen can gun down wolves from the air that are easy targets against the fallen snow. Or they can run the wolves to exhaustion, then land and shoot them at point blank range.

Help us put an end to Alaska's aerial gunning programs once and for all. Tell Interior Secretary Gale Norton to do her job and finally enforce the Federal Airborne Hunting Act.

http://www.thepetitionsite.com/takeaction/867854889

















This brutal murder of innocent wolves must be stopped!!!!They are a much needed part of the food chain, as they only kill the weak and old of the herd.
With that , they insure the strength of whatever prey their after ... The wolf is a much needed part of nature, to keep all balanced! PLEASE PEOPLE, HELP STOP This horrible travisty!!!!!!!!

External Link

Sure you've heard of rootkits, but what about ghostware? Be afraid. Be VERY afraid.

Forget about spyware, the next bad boy to hit windows is called 'ghostware'. Ghostware is loosely defined as malware which can NOT be detected from inside the operating system. Sound scary? Guess what, you could already be infected, and if you are, you are quite bluntly, screwed. Microsoft has no clue what to do about it yet. Microsoft is currently planning on integrating rootkit detection into MS AntiSpyware, but none of their current ideas on ghostware sound terribly plausible. Current best guesses are to use a pre-burned clean copy of the operating system as a 'master' to try to detect the ghostware. Of course you would also need another cd to run the software. How are they going to ensure the computer reboots every night to scan? How are they going to fit your 60 gb system partition on a cd or dvd? Don't ask Microsoft, they have bluntly stated that they need to learn more about it before doing anything. If it takes as long for them to get this fixed as it does most of their patches, we are all screwed.

Here's a link to the full story:
http://www.eweek.com/article2/0,1895,1838294,00.asp

Here's Microsofts own research page on the subject:
http://research.microsoft.com/rootkit/

If you're interested in checking your computer for rootkits, you're best bet is to go to the link at the bottom of this page and download Rootkit Revealer:
http://www.sysinternals.com/Utilities/RootkitRevealer.html

If you're concerned about being infected with ghostware.. like I said, if you are, you're screwed. Keep an eye on these resources for any new developments. The only other people I can think of that have the resources to handle a threat like this are our old friends at the Symantec Antivirus Research Center:
http://sarc.com

Personally, I'm about ready to ditch Windows entirely and switch to Novell SUSE Linux. I'm damn sure gonna pull all my secure crap out of Windows, I'll tell you that.

External Link

WinMX is back in action

Last I knew the parent company of WinMX was moving offshore. Until that happens, the WinMX community has patched the software so that it works without the need for the WinMX server. Go here, download and install the patch, and you'll be back in action in two shakes. :D

http://www.winmxgroup.com/

I have it installed and running as a primary connection. No apparent viruses or trojans or spyware or anything. I am fairly confident that it's clean, since the WinMX community put it together. However be sure to run your own checks on it before installing it on a server thats in production. ;)

Here's the link to the WinMX Community site:
http://www.winmxworld.com/

Here's the backstory, if anyone is interested:
http://en.wikipedia.org/wiki/WinMX

External Link

Really Real Windows XP Powertoys!!

Well, they've been out for nearly a month now, but it's the first I've heard of them. I accidently ran across them while updating my MS AntiSpyware. I haven't even installed them yet, but I did notice a fresh version of the old favorite TweakUI in the list! :D I also noticed that a couple of them are designed to play catch up with Linux. Expect to see those in the next Win version.

This is the first set that MS has actually released FOR windows XP. That I know of. For those of you that have no clue what I'm talking about, Powertoys are a whole bunch of programs that expand the functionality of windows. They are written by actually Microsoft windows developers in their spare time. MS will release the progams free of charge, but they generally won't support them.

Unlike previous powertoy distributions, these are all seperate little install packages. So, here is a list of the current selection, ripped directly from the webpage. :)

Color Control Panel Applet
Professional-level photographers and designers know that getting consistent, accurate color from file to screen to print and beyond is a requirement for great results. This new tool helps you manage Windows color settings in one place.

SyncToy
With new sources of files coming from every direction (such as digital cameras, e-mail, cell phones, portable media players, camcorders, PDAs, and laptops), SyncToy can help you copy, move, and synchronize different directories.

RAW Image Thumbnailer and Viewer
Are you a serious photographer? Now you can organize and work with digital RAW files in Windows Explorer (much as you can with JPEG images). This tool provides thumbnails, previews, printing, and metadata display for RAW images.

ClearType Tuner
This PowerToy lets you use ClearType technology to make it easier to read text on your screen, and installs in the Control Panel for easy access.

HTML Slide Show Wizard
This wizard helps you create an HTML slide show of your digital pictures, ready to place on your Web site.

Open Command Window Here
This PowerToy adds an "Open Command Window Here" context menu option on file system folders, giving you a quick way to open a command window (cmd.exe) pointing at the selected folder.

Alt-Tab Replacement
With this PowerToy, in addition to seeing the icon of the application window you are switching to, you will also see a preview of the page. This helps particularly when multiple sessions of an application are open.

Tweak UI
This PowerToy gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more.
Version 2.10 requires Windows XP Service Pack 1 or Windows Server 2003.

Power Calculator
With this PowerToy you can graph and evaluate functions as well as perform many different types of conversions.

Image Resizer
This PowerToy enables you to resize one or many image files with a right-click.

CD Slide Show Generator
With this PowerToy you can view images burned to a CD as a slide show. The Generator works downlevel on Windows 9x machines as well.

Virtual Desktop Manager
Manage up to four desktops from the Windows taskbar with this PowerToy.

Taskbar Magnifier
Use this PowerToy to magnify part of the screen from the taskbar.

Webcam Timershot
This PowerToy lets you take pictures at specified time intervals from a Webcam connected to your computer and save them to a location that you designate.

http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

External Link

Novell Suse Linux is a winner

Well, I finally got sick and tired of all of my anti-windows-security-hole software sucking up all of my computers CPU cycles. I commonly run Symantec Antivirus, ZoneAlarm Firewall, MS AntiSpyware, Spybot Search & Destroy, and Ad-Aware on every Win machine I have. Then Of course I run Spywareguard and VisualZone and various other programs if there are any CPU cycles left to go around. Don't even get me started talking about the scheduling, and the maintenance, and the updating of all that crap.

So, I looked back in to the Linux world to figure out whats going on these days. The last time I tried installing Linux I used Redhat 4.0. I installed a second hard drive in my computer, told Redhat to use that, and it promptly deleted my Win98 partition without a second thought, or asking me if I was sure. Needless to say, I chucked the Redhat cd over my shoulder, and haven't looked at Linux since, figuring it needed time to mature.

I did some research and discovered that Novell Suse Linux is the most secure of the various stable Linux flavors that are out there today. They have an extra security plugin built for the NSA in their distribution! :D If you could care less about this sort of thing, then I would happily recommend any of the other STABLE Linux flavors.

I was quite impressed. It neatly skimmed off a chunk of my Windows partition (all on its own!) to use for itself. It mapped my Windows partitions so I can still access all my Windows documents in Linux. It set up a handy dual boot utility for me. It comes with all the necessary packages to set up just about any sort of server you want, or you can simply leave them all off and use it as a desktop computer. Of course it already comes with OpenOffice (a replacement for MS Office) and various other handy utilities. I think the thing that impressed me the most was that my HP multifunction printer / scanner / salad shooter worked from the moment the operating system was up and running.

I am still researching some things. I have a single word of caution, but it goes for any Linux flavor. Installing 3d graphics drivers, particularly for older Nvidia cards. If you install the OPTIONAL Linux update and you have an OLDER Nvidia card, it's the wrong driver. There is a 'legacy' driver for older cards that you can get from Nvidia.

That said, Linux seems MUCH more stable than Windows. Of course, 99.9% of the security flaws in Windows don't even exist. Some of the things I still intend on looking into is which commonly used windows business applications (ACT, Quickbooks, etc.) will work in Linux. At any rate, I would recommend that anyone who was bitten by Linux in the past to take another look at it. :)

http://www.novell.com/linux/suse/

External Link