How to Generate a Public Key With ssh

Useful ssh tricks

I don't like to let people log in to sensitive servers with passwords.  I generally disable this feature on servers I maintain.  I will explain.  ssh is used for many things.  I use the openssh flavor of ssh, but there are many other flavors.  For Windows, Putty is a popular ssh client.

 There are many things that you can do with ssh besides just establish a login session on a remote server.  scp and sftp are programs that allow you to connect to a server and copy files securely.  When you use plain old ftp to copy files, you are sending your passwords across the Internet in clear text, bad, mmkay.

One of the more useful things about a good ssh client is that it takes advantage of the features of a good ssh server (sshd).  A good ssh client will allow you do tunneling.  An example would be using ssh to connect securely into a Virtual Private Network, then using the tunnel created to secure a Windows Remote Desktop connection between the client and another machine on the VPN. A good ssh client can be used by other programs to connect to the ssh server, like in the case of svn, where you can include svn+ssh://yourhost/yourrepo instead of just svn://yourhost/yourrepo, which will also use the same ssh client.

There are lots of cool things you can do with ssh, but it all depends on getting the username and password set up properly so that authorized user (A), well call him "Joe",  can get into the server and copy files and check out things with subversion and tunnel remote desktop connections.  In a default kind of setup, you would create a user account on the server for Joe, then assign Joe a password.  Joe would then connect to the server, it would ask for his password, and he would enter it.  That's all good, unless, someone else had Joe's password.

Brute Force and Dictionary Attacks

When you use only usernames and passwords to protect your server, you are vulnerable to these types of attacks.  This type of attack involves attacker (X), well call him "Snidely", gaining access to your system by trying as many passwords as he can until one lets him in.  Snidely doesn't have to type these passwords in, he can just get passwords from the dictionary, or from a cracker library, and have an automated program keep trying until one works.   Your only protection against this type of attack, when you are using passwords, is to assign a "Login Limit".  This causes the account to be locked after a pre-defined number of unsuccessful login attempts, and shuts Snidely's little game down.

Public and Private Keys

Lucky for us, there is an even more secure method, Public/Private key exchange.  First I should explain what a public and private key is.  If Joe wants to send user (B), well call her "Sally", a secret  message, Sally can receive this message secretly by generating a public and private key.  Sally generates her public and private key, then she gives her public key to Joe.  Joe then writes the message and locks it up with Sally's public key.  Once the message is locked with Sally's public key, only Sally, with her private key can unlock it.  For an added level of Security ,  Sally was smart, and she also locked up her private key with a password, known only to Sally, when she generate the "Key Pair".

How to generate ssh  Public/Private Keys

Now let's say that Joe is the System administrator, and Sally wants in to the server.  What needs to happen is sally first needs to generate a public/private key pair.  If Sally has openssh, either in Cygwin (Under Windows), or openssh in Linux/Mac OS X, the ssh-keygen utility can be used as follows:

$ ssh-keygen -t dsa

If you do not add the "-t dsa" part, it will generate an rsa key.  Either will work, but I like DSA as RSA keys are not exportable outside the US, DSA keys are.  Also the default length of the key is 1024.  The length of the key determines how secure the key is.  The longer the key the more secure it is.  Theoretically nothing is "secure", when you talk about key lengths and whether or not it's secure you get into the whole argument about, is there enough computing power available to Snidely so that he can easily crack your key and gain access.  The longer the key, the more computing power Snidely will have to use to crack the key.  You can also specify a longer key (Up to 2048) if you use type RSA with "-t rsa".

After you hit enter, it will prompt you for where you want to store your files, it will look something like:


Generating public/private dsa key pair.
Enter file in which to save the key (/home/scott/.ssh/id_dsa):

You can enter a different filename, but I usually press enter, as the default is usually sufficient.  After you hit enter here, you will be prompted for a password.  This is important, you can choose to have no password (not recommended), or you can pick a password that locks up use of your private key.   As explained before, secret message locked up with this public key, will only be able to be read by using the private key.  Anyone in possession of the private key can de-crypt Sally's secret messages.  Any time you use this private key you will have to re-type this password.  This is important to note because when Sally tries to connect to the server, after Joe has installed her public key there, Sally will enter the same password she used to lock up her private key, NOT a password that is stored on the server.

Enter passphrase (empty for no passphrase):

After Sally has entered her passphrase, she will be prompted again:

Enter same passphrase again:

Then A nice little message with some additional randomart will display


Your identification has been saved in /home/scott/.ssh/id_dsa
Your public key has been saved in /home/scott/.ssh/id_dsa.pub
The key fingerprint is:
66:27:fc:27:8e:1d:43:ab:25:2b:3c:b7:8f:7b:16:69

If you look inside the id_dsa.pub file, you will see your public key.  It will look something like:

ssh-dss AAAAB3NzaC1kc3MAAACBAO2A0f//TUz1cx/23vRk7kfqEt81pQz6s0qbbjBaKPAn1eIbe7xHVogZNPdVhqWBMJ4xAWH5Fldayy4tJp5oDY0QqxsBVEvx81PUkmTD3cWMtysTaKqS6jjSNrGimRvL+xZf2jt4FvN1LQhFfeKI0Q1+MkoJ8GWD7ggmWC4/2GWhAAAAFQCJ2DgZMyN6AUTt+rW9Me2TZf4JhQAAAIAy2ehqfts19c+SNqKiIpII8kFI/u8N1tjKAV9sw2BDC5aJinqcoGGFXCI8J43ni4g/GPu+vAxWi2MPiGbw6MFnFvQRWdOPAjM5FJFU3mKqM3Vhk+29Qr25x/0cdDKh7hSPcmRRPTPTHwVEZwTErp8hG8JqFRlc0iSx/kMmLL6HCAAAAIEAiXy69U6zdYQitJfIMrc6dG61l/R7Rs+7Z9zsGpW5MmgyMMzAXU3gKO+0NEpUv9lMyDOqEYwEviU/0lyeesFmIl0T1/c/TOTtlgqpv9S5KAparVfkVXL3U4Gq7tNyzeGncbOd5u1tYdLh8dKgLPMtgmoHNzw+5m/Mc70TpVwLzZA= scott@monstro

All Sally needs to do is to e-mail the above text to Joe, and he'll know what to do.

What's a Joe to do? - Installing the public key on the server.

Now for Joe's part, he needs to take Sally's key, and if the /etc/ssh/ssh_client file has things in the standard place, and assuming home directories are in the standard place, and assuming that Sally's username is "sally".  Joe will put the above key (without any line-feeds or carriage returns) into:

/home/sally/.ssh/authorized_keys2

or

/home/sally/.ssh/authorized_keys

(Depending on how old your server installation is.  NOTE: I've seen both filenames needed in certain instances)

It is important that the ".ssh" directory in /home/sally be readable and writable, only by Sally.  In addition the authorized_keys file can only be readable and writable by Sally.  Just to be sure you can do the following commands as root.

$ sudo chmod 700 /home/sally/.ssh
$ sudo chown sally /home/sally/.ssh

$ sudo chmod 600 /home/sally/.ssh/authorized_keys2
$ sudo chown sally /home/sally/.ssh/authorized_keys2

If you leave out the above and the permissions are not correct, then Sally will not be able to log in, and Joe's authorized_keys file will be ignored.

How the ssh Authentication Handshake Works

I like this story, because it's the same way that Friend or Foe identification works in fighter aircraft.  So Sally want's to connect to the server.  Joe has done his part as administrator, and put Sally's public key into her authorized_keys2 file and Joe has also updated permissions on said files, using chmod and chown.  Sally can now use the command

$ ssh sally@joeserver.com

What happens next is that the ssh server, generates some random data.  It then uses Sally's public key, put on the server by Joe earlier, to lock up that random data.  It then sends the data to Sally.  Sally is prompted for a password, and she puts in the password she used to lock up her private key, when she generated the keypair.  Sally then unlocks the random data sent by the server, and sends it back, unlocked.  The server compare the unlocked version with it's pre-locked version and if they match, the server let's Sally in.

I get asked about the above quite a bit, and there is always consternation from the users when they have to generate keys, but it's a necessary evil.  Security, or convenience, pick one :)

Excerpt from New Mr. Tech Book on Telecommuting

As I promised, more techiness for your geeking enjoyment.   I've been head down in a book for some time.  Hoping to release it by the end of this year, early next year.  I'll be talking about how to be a telecommuter.  There are so many great tools out there that are free or inexpensive that enable the average person working in an office to work from home, full or part time.

According to one survey, 62% of firms have remote workers and 34% of employees surveyed, work away from the office.  For those job seekers, being telecommute prepared can allow you to save money and time in commute and gas.  Following is a short excerpt from Mr. Tech's, upcoming,  book on telecommuting. 

How to work from Home - Introduction

I work from home, set my own schedule, except for meetings during the daytime.  Us telecommuters have to make some concessions to those that still have to work in flourescent light jail.  Sorry guys, but there is a better way, and you don’t have to get on the freeway every day, and you don’t have to go siteat a boring desk under flourescent lights like some bad nightmare from a comedy about working in such a place.

People ask me all the time, “How do you do it”?  I got tired of telling everyone, so I decided to write a book.  That way, next time someone asks, how I did it, I can hand them a business card with my number and a link to the website where they can purchase my book.  If it works for them, it only cost the price of a book.  If it doesn’t, they bought me  a couple of martini’s at a decent establishment, and someday maybe I can return the favor.

I have been doing this for around 20 years now and salaries have varied, but I make a decent living, live where I want the only requirement being decent Internet access.  Other than that, the beach, the mountains, another country, all are fair game.  As long as your work gets done, you are available when needed, and you can do it consistently, you’re in.  All you need is a few tips a plan and some elbow grease.

This is not a get rich quick manual, this plan will involve hard work.  I will also say this type of work is not for everyone.  You have to be a “motivated self starter”.  You have to be able to work on your own with little direction, and most importantly, you have to put in your time.  It’s very easy to fall into the trap of not putting in a full work week.  The flexibility to be able to take a day off when you want, and a long weekend every once in awhile, can quickly turn into a job-ruining slack fest.

This book will delve into all of those issues.  From humble beginnings to a full fledged telecommuting machine.  This book will give you the tools to succeed as a telecommuter and point you in the right direction in the types of training you will need, and the types of jobs that are available to telecommuters.

The future is now, throw away your commuter mug, and get one of those nice fat cups that takes up a large area of your desk, and prepare to join the growing ranks of the remote workforce.


I'll post more juicy tidbits soon.  The following is from the Introduction and gives a bit of background on the author and his qualifications on the topic of telecommuting.

The day I met Dennis Ritchie

I know I haven't posted in awhile, and I'm sorry, but you know I've been real busy, working on new projects and finishing old ones. I just had to post a little something though as a tribute to our fearless leader and geek of all geeks. I only met him once but I got to speak with him for a full hour and ask him all the questions I ever wanted, well maybe not all, but most of them.

First I have to say that Jeong Kim, president of Alcatel-Lucent Bell Labs, described him best as a "humble and gracious man". In the tech industry, when people get to a certain level of knowledge, they tend to go one of two ways. Either they share the wealth and are happy to tell you what they know, or the get all "Ivory Tower" and become aloof and uncaring. Dennis Ritchie definitely went the "share the wealth route". Most people have no idea how much this man contributed to computing, and how what we do is only possible because we stand squarely on his shoulders.

I met Dennis Ritchie over 10 years ago. I have to qualify my story, with, it was 10 years ago, and I may not get every detail right (In case the story police happen by :p). At the time, I was producing and hosting a talk radio show called RadioNet. We broadcast on the AM radio on KSCO in Santa Cruz, California and we also streamed our show on the Internet using RealAudio and TrueSpeech. We interviewed the stars of technology and talked about this great "new" thing the Internet. The RadioNet crew, packed up the show and took it to Networld/Interop, which was THE big networking show of the day. Dennis Ritchie was there with his new operating system he called "Plan 9", named after the science fiction movie.

Of course I asked him about C and Unix. First came C. The need there I was told was a result of the old programmers adage, "Laziness is a virtue". They had some code on a PDP-11 that they wanted to run on a different piece of hardware, maybe it was the other way around, but back then, if you wanted to write a program that did X on one machine, you'd have to write a whole new program to to X on a machine from a different hardware vendor.

The Answer was C. You could write one program, and with a "quick" compile you could run the same set of code on multiple machines, Brilliant!!! Lazy :) C is still the language of choice if you want something ultra fast and tight, and a large number of Internet Servers out there are written in C. It's not the easiest programming language to write in, but it's certainly one of the fastest and most widely used.

I also asked him about Unix. I was told by the master, that there were 3 main things they did with Unix. First was the whole idea of files and directories in a hierarchical structure. It wasn't until Windoze, that the whole drive letter thing and backslash got introduced to confuse things.

The second idea behind Unix was no matter where you read and write from whether it be a file on the disk, a screen or a printer, you do it the same. Everything you could ever want to read or write to is represented by a file you can open and read and write. Want to write a text file, open and write, want to print something on the screen, open the file that represents the screen and write to it.

The last thing and in my opinion the most brilliant thing was the ability to take the output of one program and make it the input of another program. This functionality allows me to do really groovy things like "find . -print | xargs grep foo". I won't explain what that means here, that's fodder for another article, suffice to say, I use input/output redirection at least once a day and have done so for the last 20 or so years.

No offense to Mr. Jobs, it sucks that anyone should die, but it saddens me to think that Steve is lauded as a hero an a pioneer, when all he really did was take existing technology and made it really slick and sexy. All this, while a titan, who invented the operating system that Apples run on today (BSD Unix), goes largely unsung.

You will be missed by all who knew you and all who know who your are. Fare the well my gentle giant.

Aren't you ready for Linux Yet?

"A Classic Drive By Attack" is what this article says.

So Microsoft Outlook has another bug that allows machines to be infected and taken over without the users clicking on an attachment or anything.

Plus many other security holes, in Office, and other security holes that have to be patched manually. I always hear much gnashing of teeth and wailing over the high cost of hiring the staff to administer Linux or Unix boxes, but once you install a Linux box, and once it's configured and running, administration is minimal.

I used to fix the Windoze boxes of family and friends when they got infected with a virus or malware, or crippled by spyware. Not anymore, now when someone brings me an infected box, I give them two options. Let me install Linux, or take it to someone else. So far nobody has turned me down. And of the 10 friends/family I have installed Linux for over the last two years, none of them have had a single virus or blue screen of death or other system issue. I also haven't received a single phone call about how does this work or that work, or this broke or that broke.

This has been typical of the Windoze environment ever since Windoze for Workgroups when they added networking and allowed the rest of the world in. I just don't get why people continue to buy the marketing hype of Redmond and continue to throw money at this swiss cheese platform.

And if you haven't worked with Windoze 2008 Server yet, let me tell you, you are in for big administration headaches and backwards compatability issues. In order to try to fill the holes in their swiss cheese, so many security "features" have been added, it pretty much rewrites the book on configuration of security on one of these machines. Things like authentication and networked filesystems and file permissions are very much fubar'd and require a whole new level of expertise to configure and maintain.

So to close, I'll relate a story. A friend of mine asks me about why their machines are running so slow in their office. This friend tells me they are going to buy new machines because everything is so slow now. I tell them, they probably have some kind of virus or malware, or something slowing the machines down and they don't need new hardware.

I speak with the business owner, and she tells me that everything runs great, it's just the slow machines. She also tells me Windoze if fine for their office (she forgets the compatability issues they had last month where people couldn't read each others documents).

The next day, this same business owner is reading e-mail and all of a sudden, a picture of a woman lacking clothing, doing the spread eagle appears on her screen. Needless to say, I went by their office and ran malware and anti-virus scan's on all the machine in the office. Turns out only one of the machines wasn't infected with multiple virus'

The moral to the story here is get off of the Redmond crack. Take the needle out and put something in your business that isn't prone to getting attacked every month from some new threat. It's great that there are security patches available, but before there is a patch, someone has to find the bug, and by the time you get the patch, it's already probably too late. Kinda like the old saying of "Closing the barn door after the horse is already gone".

Conficker - Still paying for the mistakes of the past

I've been specializing in Analytics lately and I use Linux on all my desktop machines, so I haven't really paying that much attention to the Windoze arena other than the nicely manicured, maintained by a team of overseas engineers Windoze machines. I was reading this article from The Atlantic the other day, and I think the time has finally come to migrate off of Redmond Swiss Cheese once and for all.

The Conficker worm is one MF, for sure. The problem is this. You don't have to get infected by it directly. If there's a machine that's on the same network you're on, and it has the Conficker worm. That machine will actively attack your machine. It will try new security holes, and it will even try password cracks to try and guess your passwords.

First detected back in 2008, this thing has just gotten bigger and badder ever since. Sure there are patches, and apparently only some unreleased Beta of Windows 7 was vulnerable, but most of the other release before it were at one point vulnerable.

So let's say that you have one of these Windows systems and you are installing it fresh. It's probably vulnerable out of the box and will need an update. Well guess what, you have to connect to the Internet, to get the patch to close the hole. If you are on a network and there are machines that are infected, they will be actively attacking your machine. It's a race against time to see if you can patch your system before the nasties get in.

I just don't get it, I'm talking with my significant other's employer, they have seem to be having the same problems every network with Windows has, things work, then don't work, machines get infected with virus' and other nasty stuff, compatibility issues with older version and when I tell them they need to get off Windows and onto Mac's or Linux, they say "Well Windows has been working fine for us". When in fact they have all of the problems I just described. It's funny how people computers can run slow, crash and have all kinds of other issues that keep them from working and things are "working fine for us". The very next day, this same person I had the conversation with has the nastiest picture she has ever seen, spread eagle on her screen with the message "Watch Me Masturbate!". I think their ready for Linux now :)

Windows vs. Linux the candy bar analogy

So I was trying to explain to my significant other, this morning, about why, having worked with both *nix systems and Windows systems, do I dislike working with the OS from Redmond so much? Do I have something personal against Bill Gates? I mean come on man what's the deal yo? I really should like Windows, many of the things I do take much longer in Windows than just about any other OS, so there are more billable hours to be had. As an ethical consultant though, I really do want what's best for the customer. Also billable hours where the customer is in a panic because they are trying to recover important files that were lost because of some weakness in their operating system is not a fun call. I kind of summed up my dilemma in analogy that went something like this.

It would be like being a great chef, able to create any dish that tasted like anything in the world. But all people wanted to order from you, or have you prepare. were deep fried candy bars. They taste yummy to the customers, but the problem is, the customers keep keeling over dead. But it doesn't stop there, because you fed them the candy bar in the first place, you have to round up the Pope, the Local Witch Doctor and a guy from India named Bob to have a lengthly ceremony, where small animals are sacrificed to resurrect the now lifeless customer.

The customers is alive again, they are missing some fingers off of their left hand. Not to worry though, "Give me another candy bar!" the customer cries, "I'll pay anything, I love it!,and besides, it's what everyone is eating, I get a side of deep fried candy bar with almost every meal I order from any restaurant, why not? Oh and do I get a discount on you sewing my spare fingers back on?"

So I send the Pope, the Witch Doctor and Bob home with a healthy donation to the church, a goat and a support contract, or did I send the goat to the Pope? Well, regardless, the very next thing the customer does is order another deep fried candy bar. I say to the customer, "Look man, if you eat that you will just die again, and I'll have to call the Pope and things will get ugly, but you know, I can make you something that will taste just like that other candy bar, it will have the chocolate, the nougat, the caramel, everything the other candy bar has, and it won't kill you, except it's totally magical and organic, made by little elves in a far away land with chocolate rivers and houses made out of gingerbread, at least that's what I might as well be saying when I start to talk to the customer about the advantages of Open Source and the protected memory architecture of a *nix system vs. other operating systems that don't have these nifty features, not to mention the savings in time and money in maintenance, performance, downtime, etc.

You just can't beat a LAMP system (Linux, Apache, Mysql, PHP) for small to medium sized deployments. I just set up a small store owner with Ubuntu and Zoneminder on an 8 year old PC that would no longer run Windows, and now it's a low cost security camera server replacement for her 3 Axis Video cams in her store. Whenever my friends or family come to me with their Windows machines infected, again, I have just started to wipe them and put Ubuntu on them. If they want to keep their Windows, fine, but I'm not going to try to unravel their messes anymore. Oh and if you want to know what kind of new computer to buy, get a blue one :p

If you've got the dough, nothing will give you that low end torque like a Solaris Risc box running a well tuned Oracle database, oh baby! I put in a Sun box at a large deployment to process credit cards on the Internet a few years back, and it's still running without a reboot, chugging away. The Windows server that was processing credit cards for only a few local machines, had to be rebooted every night or the machine would hang, requiring someone to go down to the server room and hit the reset buttton in the middle of the day while cash registers were pumping and plastic was sliding. The problem was because of a poorly written application, but therein lies the big difference between most *nix systems and Windows based systems. In *nix land, it's much more difficult to write a program that will completely hang or crash the machine. Because of protected memory, which I won't go into detail about in this article, it makes it harder for a regular user to run a program that will cause the system and other users grief, it also makes it harder for virus' and other malicious programs to do extensive damage should they happen to get in.

All that being said, maybe one day, people will start to use an Operating system that is crafted by tiny elves in a far away magical land and forsake the evil king who rules from atop his green mountain of cash, with his armies of briefcase wielding stormtroopers, but then again, to quote a phrase "and maybe monkeys will fly out of my butt". Until then though, I guess I'll just shut up, put a few bills from the mountain in my pocket and go home :p

Mozilla 3.6 and VMWare

I went there, and I went back. Some kinda issues on that baby. Chrome doesn't work at all (yet) with VMWare, but oooohhh what a Sexy browser, I just love Chrome, and now that it's on Linux, it makes it all better.

Anyway, after going down the long dark upgrade hole of Mozilla 3.6 pre2, Well actually the Upgrade was easy, it was what happened afterwards that was a long dark hole.

Firstly, my My VMWare did not work. Wouldn't even let me log into the console. This problem is easy enough to fix. Turns out that in 3.6 (And 3.7) SSL2 is disabled by default. I'm not sure what the story is, but I assume it has something to do with SSL2 being easily cracked. Anyway, the solution to getting it to actually log in, is to enable SSL2.

To enable SSL2, in the address bar at the top of your browser type in:
_
about:config

Scroll down to

security.enable_ssl2

Then click on whre it says false and click "Toggle", it should then say True.

Stop and start the browser (Actually I don't know if that's 100% necessary), and you'll get a login screen.

The next problem I ran into was that I couldn't get the console started, but It may not have been all 3.6's fault. Part of the problem was that because I couldn't get VMWare running, I decided to try to get to my VMWare server w/out Mozilla. Wrongo!!, I try to install the VMWare player and the installation process removed VMWare server, Doh!

After re-installing the VMWare Server and Downgrading my Mozilla to 3.5.9, I was ready to go, or so I thought. My VMWare instance would boot to 95%, then just stop. A poke around the log files found some errors about bad links in /var/run. To solve this, I did the following:

1. Stop the VMWare services by doing:

sudo /etc/init.d/vmware stop

2. Check to make sure no vmware process are running

ps -ax | grep vmware

There may be stuck vmware process' running, you have to kill by hand with kill or kill -9, make sure to kill the vmware-watchdog process first, or it will keep starting up process' you are trying to kill.

3. After everything is stopped, go to the /var/run directory(ies) from your /var/log/vmware log entries and remove any .lck file in the .lck directories.

4. Run vmware-config.pl and select the defaults all the way through.

You installation _SHOULD_ work now, if it doesn't, hey it worked for me :p

Star Trek Online, How to NOT get it working in Linux (Ubuntu)

Well, I wanted to make a short post as I thought I had it working using the method below. When the screen came up to the initial game after I installed, logged in, updated, etc. The Video was scrambled.

Since then I have been hopelessly lost down a road of re-installs and Wine Internet Explorer madness. I won't bore you with details, but just wanted to follow up to my last article and let anyone know that, the guy in the Video made it look, Sooooo.... Easy, nothing about the extra bits and bobs that you might need or that he was using, anyway, suffice to say, I'm still dual booting to get my Kling-On, but I did manage to get Team Fortress 2 working on Ubuntu, but that's another story, I'm going to hit the waves for a bit while I wait for the Excel, Visual Basic, ODBC Macro monstrosity I have written is finished before it's off to the world of Cut, Paste and Glue!

I also saw someone comment about how my later articles were better than my earlier ones, and you know, it's because I'm better too, but that's REALLY, another story, until then Geek on, and I'll see you in space you squishy Federation types :p

Star Trek Online, How to get it working in Linux (Ubuntu)

OK I haven't posted in awhile, but this will be my geekiest post to date. Not only do I talk about Star Trek, I talk about a Star Trek game, not only is it a game, it's an online game, a massively multi-player, online game (MMO). Now if that weren't geeky enough, at the end of this post I'm going to provide links that will allow you to install Star Trek Online under Linux. So if you are not already having spasms of geek joy just thinking about playing your geeky game about your geeky TV show with other geeks on the Internet on the geekiest (and most user friendly, ahem!) operating system on the planet, then read on.

I've really been enjoying this game, it's very cool to get my Kling-On :p. So far PvP as a Klingon is the best part of the game. There's a mission called "A Good Day To Die" where the object is to be killed 50 times in PvP. The only drawback with PvP'ing is that PvP is the primary way for a Klingon to level, Federation types have all types of missions they can run to level up and get good loot. It also means Federation types are soft and squishy. They don't PvP much, whereas the Klingons pretty much have to PvP to level or get any good loot. The alternative for Klingons is to grind exploration missions. I think once more content is added for Klingons, they will become less the PvP elite that they are now and it will balance out a bit. Still though, Klingon vs. Federation at the moment is pretty much a game of burn down the noob, hehe.

So on with how to get this sucker installed on Linux (Ubuntu Hardy Heron w/ Upgrades was what I installed on). First I tried to install this under VMWare. Even with the latest release and much gnashing of Teeth, no go. Next I tried VirtualBox. I really liked VirtualBox and I think I will move to it for my personal use of things like GotoMeeting, etc. Things I have to run I have to have Windoze for. Anyway, VirtualBox had a problem, even though I had read people had gotten it to work. Of those who reported it to to work it worked very slow.

In comes Wine, yeah Wine. The difference between Wine and VMWare or VirtualBox, is that VMWare and VirtualBox, at their base are hardware emulators. They emulate a virtual piece of hardware, that any operating system can be installed on. Wine on the other hand is an API that interfaces Windows applications to the Linux OS. It's more of a bridge than an emulator. That being said. I found this nifty YouTube Video where this clever chap shows step by step how to install it.

The application he's using is PlayOnLinux, which helps you install your Windoze games on Linux. It can be downloaded from http://www.playonlinux.com

You'll also want to install the PlayOnLinux plugin POL Helper (Also in the video)

Instructions for that can be found in the following thread:

http://www.playonlinux.com/en/topic-2415-Plugin_POL_Helper.html

So my friends, sit back, relax, and geek out!

Paros Proxy - Web Debugging/Testing at it's finest.

I just got this one up and running under Ubuntu Gutsy. This is a very nice Web Development Tool as well as a nice debugging tool for seeing exactly what is going on in an HTTP connection. I think it's really intended as a security auditing tool, but I think people in Web Development are missing the boat if they don't take a look at this tool to test development modifications to existing live sites.

The big thing I like about it is the ability to modify HTML on the fly as it goes from the Web Server to the browser. This is a must have for anyone that needs to get down the the nitty gritty level of debugging sites at the HTTP protocol level as well as picking through generated HTML and Javascript code.

I write different Javascript for Websites. With this tool I can intercept the code in any site, then modify the code before my browser sees it. By doing this I can easily test pieces of Javascript in a live site to see if they work before giving them to the customer.

This is written in Java so you should be able to run it on pretty much anything. Since I run it on Ubuntu I've included a couple of notes about running it there.

This one will require sun Java 6. as the gcj Java that comes with Ubuntu won't work with Paros (at least with the 3.2.13 release I worked with).

If you are on Gutsy you can use apt-get or synaptic package manager to install java-6-sun.

Then in the startserver.sh script uncomment the line that sets
JAVA_HOME=/usr/lib/jvm/java-6-sun

And change the line to run /usr/lib/jvm/java-6-sun/bin/java instead of just java (which will run /usr/bin/java which by default will be gcj)

If you don't make these changes you'll get a java.security.NoSuchAlgorithmException for SunX509. I've sent the small change needed in the Javascript to eliminate this particular error so we'll hope to see it as a fix in a future release, in the meantime though, It seems to work very well on Ubuntu with the Sun Java 6. It's a must have for anyone in Web Development. There is an equivalent product called "Fiddler" for Windoze, but it only runs in Windoze, so there you have it. Bop on over to the Paros Website grab a copy give and give it a go.

ATI, Ubuntu Gutsy , Compiz, BigDesktop - Beautiful :)

Even in 2D mode without Compiz, Ubuntu Linux with Big Desktop is the shiznit. Turn on Compiz and it's a desktop experience that makes is a pleasure to sit at the computer.

So far I've gotten the following goodness working on Ubuntu:
World of Warcraft
Team Fortress 2 (w/ voice coms)
Eve Online (Although I'm still trying to figure out how to get the sound to share)

The key things to watch out for when configuring games is that wine and some of the older Linux audio applications will us oss and/or talk to the sound card directly and not be nice and share.

I couple of options exist to share the sound hardware.

aoss, esd and arts. For me arts has worked the best, I haven't tried esd and I got static with aoss.

To start arts, first start the server by doing the following:

$ artsd -d &

The -d tells it to go full duplex so you can use voice comm applications.

Then do:

$ artsdsp TeamSpeak

or

$ artsdsp wine WoW.exe

Other than that, but "ubuntu" before your searches and there are lots of awesome folks in the Ubuntu community that have been there and documented what they have done to get it to all work.

I have been having a few issues with the ATI card and BigDesktop w/ 3D Acceleration, but on the whole I've been very happy with my new install. You can get the nitty gritty of it on the Ubuntu forums at http://ubuntuforums.org/showthread.php?p=3882866#post3882866

Enjoy and have a nice big cup of Ubuntu!!

World of Warcraft on Ubuntu Gutsy w/ Teamspeak (and Music)

So I've gone upgrade crazy. I've got the Latest Ubuntu Gutsy Gabon (7.10) installed. And I got all my doo-dads working as well.

First off, I found the most useful walk-throughs on answers by prefacing my searches with "Ubuntu"

For example "ubuntu warcraft install howto" on google did wonders. Lots of good advice, etc.

In a nutshell the procedure is

1. Install wine on Ubuntu
2. Get the WOW download or copy the contents of all 4 install CD's into a single directory.
3. enter "wine Installer.exe"

There are many other details depending on your video card, etc. but probably the most useful notes are as follows:

1. Wine will try to "own" the audio device. So only one program at a time when running under wine will have audio. The solution to this is to use either aoss or arts on Ubuntu.

With aoss you do something like:

aoss wine wow.exe
aoss TeamSpeak # the linux binary

I found aoss to be not so good and had static when using TeamSpeak.

I personally use arts. You start up artsd first (the daemon) as follows:

artsd -d

The -d puts it in full duplex mode so you can use your mic.

Then start your applications like aoss, i.e.

artsdsp wine wow.exe
artsdsp TeamSpeak
artsdsp rythmbox

Anything that uses audio in wine or any linux programs that use oss audio need to use either aoss or arts if you want to run more than one program with audio output at a time.

Enjoy...

Seamless Mouse and Keyboard Switching on Windows and Linux

This is by far one of the handiest utilities I've seen for a computer in many years.

It's called Synergy. And what it does is this: Let's say you have two computers a laptop and a deskop. Your laptop is on the left desktop on the right. When you start up Synergy you can move your mouse to the left side of your desktop screen and it shows up on the right side of the laptop screen. You can also use your keyboard input and you can do this with several computers. What it means is you can use one keyboard an mouse to seamlessly control several computers.

It works on both Linux and Windows and is interoperable so you could have 2 windows, 2 linux or a windows and a linux or any combination of up to 5 computers (center, top, bottom, left and right). It's very easy to set up, I've been using it frequently for the last couple of days and it seems to work beautifully.

You can get this baby at http://synergy2.sourceforge.net/

Bye bye desk full of keyboards and mice, Yeah!!!

Vista Again? Not so In Business

I haven't been doing a lot of travelling over the past couple of months, but that's fine with me. It's not so much fun to go places these days, with security, surly airline staff and the like. I read a story recently about a guy who was threatened with arrest when he tried to get some love for the laptop that he says airport security broke.

So I was reading about Vista again *smirk*. Their new service pack one that's supposed to have some performance improvements, really doesn't. It's really kind of funny. I do quite a bit of work with large companies, and not a single one has Vista installed. Most of them run XP on the desktop and Windows 2000 or Windows 2003 in the server room. It's not just because there are hardware costs associated, i.e. need more hardware, it's because of the risk of upgrading. These IT departments have been burned before by compatibility issues and server downtime, they're going on the "If it's not broke don't fix it" methodology, which, in my opinion, is not a bad one.

It's sad to see but in the Windows shops, the IT staff is constantly in an uproar about something. This failing, that breaking, etc. I've seen places where system failure were so frequent, they set up rooms of people that just watch the systems waiting for them to fail. When I go into a *nix shop. (That's Unix/Linux for the uninitiated). Although there are system failure, user support, etc. There isn't the, "Oh my god we've got a huge problem", feeling in the air. The engineers are engaged in creating and designing instead of plugging holes.

As a consultant I have a love hate relationship with Windows. It always takes me longer to do things with Windows than with any other OS I have worked with. It's good when you are charging by the hour, but bad whenever you are trying to get something done for yourself.
Things like copying files from one machine to another, or just downloading something from the Internet almost always takes me longer on a Windows machine. Most people see Windows on a desktop and it doesn't to all that bad of a job there, if you aren't too concerned about security. I see Windows on huge pieces of hardware dealing with large amounts of data. It's always fun to try to copy a large file across the network, after it prepares to copy for 20 or 30 minutes, it will start to copy, get part of the way through and die a horrible death. To be fair, this type of a scenario is usually caused by some 3rd party piece of resident anti-virus software, that corporation are forced to install if they want any semblance of security on their Windows servers.
I'll get off of my soap box again, but I will refer you to an article written by Juergen Haas which goes into some of the more technical details of making the choice between Windows vs. Unix.

Micro$oft vs. Anything Else

You know, I have nothing personal against Bill. As a matter of fact I kind of admire his geek made good story. The software made by his company however is another story.

As a consultant I guess I should like Micro$oft, because any given IT task I have to do, usually takes twice as long (and usually the purchase of additional expensive software) to accomplish as it does under any other operating system. Pick one, Solaris, Mac OS, Any Linux Flavor, HP-UX, AIX, Dec-Ultrix, QNX, to name a few.

What the advent of Windows in the Server world has done is to breed a generation of MCSE's that can regurgitate the requisite points and clicks need to configure a Windows operating system, but they do not understand the underlying concepts of what their network and hardware is trying to do so they build bloated applications and flooded networks. To be fair there are MCSE's out there that know their stuff, but the majority I've run into know about Windows, but ask them an architecture question and they'll start pulling answers out of their arse.

Let's talk about Vista for a moment. They did this to us with Windows 95, Windows 98, Windows XP and up the line. Each successive operating system has been more bloated than the next. Each upgrade causing the customer to have to buy bigger faster hardware just to equal the performance of their old operating system/hardware combination. In addition to that, the new operating system is 64 bit, but most of the applications and drivers are still 32 bit. Which means you'll have to run those suckers under a 32 bit emulator which will give you yet another performance hit. I just don't get it. Let's see, I'm going to cause myself days of un-told pain and suffering so I can upgrade to something that runs slower and is less stable than what I currently have? Ya right..

The architecture, hmmm... Well I can sum that up with two words, "Protected Memory". All of the other operating systems I mentioned above, Unix and Unix work alikes have something called protected memory. The operating system itself, i.e. the video drivers, disk drivers, passwords, logins, etc are all stored in what's called protected memory. Your applications, like your spreadsheets, web browsers and e-mail programs all run in what's called "User Memory". This is also sometimes referred to as kernel space and user space. The concept here is that while your applications run merrily away, they can only access the core of your system or "Protected Memory" through very well defined API's (Application Programming Interfaces).

In the Windows world everything runs in the same space. In other words, once you're in you're in. This is what makes Windows more prone to virus' than other operating systems that utilize the concept of "Protected Memory". On Windows, Any program you install can access parts of the operating system that it's usually not a good idea for programs to access. Things you run on your user desktop can re-install drivers, write directly to the hard disk and update your system registry where all your important system configuration information is stored. Once you're in to a Windows system it's a fairly simple matter to infect it with something nasty.

In the "Protected Memory" world, once someone gets in, they are in to that application, i.e. a mail server or a web server. The difference here is that just because they have broken in to one application still doesn't mean they can get at your system. Once someone is in to your system they then have to try to break in to protected memory which in a lot of cases just can't be done. "Protected Memory" not only helps protect machines from getting completely compromised by hackers, it also keeps poorly written applications from crashing or locking up your machine.

Let's talk about that time thing. I said up above that it takes twice as long to get things done, and here's why. First, point and click, point and click. A half hour later you've navigated to the places you needed to go to updated your configurations the way you wanted them. In a *nix system there are certainly graphical config programs if pointing and clicking is your thing, but on the back end instead of a cryptic "Registry" where everything is stored in multiple levels in text and hex, there's a directory, with text files (usually /etc) where all your application configuratino is stored. There's usually only one or two files per application and everything is in there, usually with comments telling you what each configuration parameter is for. It makes configuration of systems and applications, nice, simple and less prone to failure.

I've always found, in the IT business, that it is always best to have options. If you have a hammer in your tool box, you can only drive nails. If you have a hammer and a screwdriver in your tool box you can drive screws and nails. The point being is the more tools you have the more problems you can solve. Next time you are out looking for a new server or a new set of desktops think about a Unix or Linux solution. If you have the basic needs of most business', i.e. E-mail, Web, Database, Word Processing, Graphics, then a good Unix or Linux distro may be the ticket. It will cost you less up front, has commercially available support, won't get virus' and will keep people from installing alot of extra chat programs and the like on your nice new desktops or servers.

My current favorites are Ubuntu Desktop and Ubuntu Server, although I've only had the server running about a week, setup was text based, which is OK, but it took a bit, being new to the system, to get it how I wanted it configured. It was, however, very easy to get a postfix mail server with spam assassin and a Courier IMAP with SSL running. I've still got to get my Apache and mySQL set up the way I want them. I'll let you know more about how I like it after I've had it running for a bit.

For Video games, well it's just Windows. The same thing that makes Windows suck at being a desktop, is what makes it great for playing a video game. In an operating system there is something called a scheduler that divides up the single or multiple CPU's to work on any given process at any given time. In Windows the scheduler tends to like to dedicate all of your CPU power to just one process at a time for long periods of time. This is why sometimes when you run Windows and start a big print job, all the other applications either lock up or run very slowly. In *nix, the schedulers tend to divide the CPU time up a bit more evenly (although you can adjust certain process to hog all the CPU if you like, it's generally called a "nice" value). In Windows, if you start a heavy duty game, it will dedicate all of your CPU power to a single game process (although multiple CPU's and multiple core CPU's tend to be a bit under-utilized in Windows as compared to most *nix systems).

I could go on about this for days, and I think I will, but for now, I've got to get back to the consulting biz..

Safe Travels,
GT

Google Earth, what cool things have you been wasting time on?

I'm headed of to Jersey City. Before I went, I found a close hotel, got directions and checked out the neighborhood on Google Earth.

Here's a pic of where I'll be working/crashing for a couple of days, with the 3D buildings options turned on.






You just can't beat it. Just about the coolest thing I've seen on the Internet since the browser.

Download Google Earth, you won't be sorry you did. Google is even as cool enough to have a Windoze, a Mac and a Linux version.

Go Google!

Shout out to Ubuntu

I had to send the good word out to the groovy people at Ubuntu - Linux for Humans.

I've seen quite a few Linux flavors over the years, but this was easiest installing yet.

It did a better job of automagically recognizing things like my sound and wireless cards than Windoze did.

I got my first cup of Ubuntu when I lost a hard drive on my laptop. I was still able to work on my machine while I waited for my new hard disk by booting Ubuntu off of a CD and writing files to my USB drive.

When I got my new hard drive, I made my machine dual boot and put both Ubuntu and Windoze (Some software I have to use for work, but not much, still only runs under Windoze. I know it's totally barbaric, but hey it's a living).

Overall the whole package has a nice finished feel to it. It has lots of great things already pre-installed, like Open Office, The GIMP, and there's even a Windoze Remote Desktop Client!

I dual boot installed my 14 year old daughters machine too with the 64 bit version of Ubuntu and She's loving it. She's in to video and music editing and the package management software makes installing new software a no brainer.

To make a long story short, if you've been thinking about tyring out a new Linux distro, Ubuntu is easy to install, easy to use, and the price is right. It basically the Shiznit!