First, let me say that Google has been, in many ways, the biggest success story for the cause of Linux and Open Source, surpassing even the venerated Mark Shuttleworth and Ubuntu.

Today, however, I found a real problem. I will be careful to not point fingers, but I am somewhat suspicious.

After much resistance, I ventured into Cloud Computing with Google Docs. What to do first? I took my business’s general ledger (which I maintain in OOo 3.0 .ods) and tried to upload it to Google Docs. Fail. Unknown Server Error. That seems odd. It lists .ods as a valid import type. Ok, the file is around 30 sheets deep, so I’ll make it a single sheet. Same error. Well, just to see what happens, let me save it as a .xls. Uploads fine. What???

After some digging around on the interwebs, it seems that this is a common problem. There are various explanations about OOo, ODF, and the like, but the consensus is: It won’t upload .odf formats.

Why? I want so very much to say that there are some technical issues that Google is diligently working on to resolve the issue, but my inner fears keep screaming. Could it be that Google is trying to squash the only real threat to Google Docs (and MS-Office), OpenOffice.org? OOo is a WONDERFUL product, and I use it exclusively.

I want to give Google the benefit of the doubt on this. ODF has changed standards, and it could just be a technical thing. Either way, they need to figure it out, because they are making it look like the problem is with OOo. (Which is suspiciously close to Netscape “crashing” on windows oh so many years ago).

If you have any clarifying information, please email me.

osprey at tranquilpenguin dot com

So, you’re here, and you read something interesting or have a question, but you can’t comment because my site doesn’t allow comments. Why? Well, I agree that Blog’s are best as 2 way communication, but the simple fact is that I got tired of chasing down and blocking the ENDLESS parade of spam bots that submit bogus posts to my site. I get thousands of hits a day, and it takes me a long time to figure out which are real and which are bogus (The ration of real to bogus is 1:1000).

Got a question? You can shoot me an email at osprey at tranquilpenguin dot com and I would be happy to reply here or via email.

Well, I’ve finished my move and now that the smoke has settled, here’s where I ended up:

My webhosting business is now all on a co-located server in Seattle, WA. I am selling VPS’s to my business customers and all is well. See the good people at http://inmotionhosting.com if you need large scale hosting. See http://blmservices.com if you need end user web hosting.

My blog domain is still running on my dynamic DNS IP via my local cable internet provider.

My main workstation is running on an Athlon II x3 CPU on Ubuntu 10.04 LTS. The Dual Monitors are working great.

I’ve upgraded my Netbook and my Qosmio 17″ Worstation Laptop to Ubuntu 10.04 LTS as well. I’ve installed Ubuntu 8.04 LTS on my older IBM Notebook.

What does the future hold?

Well, that’s a good question. I’m doing quite a bit of web design work lately, but with the economy as it is, work is spotty. Folks are looking for good deals now so by cutting my prices I’ve been able to pick up a few new customers.

I may try out and review a few new distro’s in the near future. I am wanting to run the latest version of WINE though the paces and see what I can and cannot get to work.

Stay tuned.

I hate moving. Especially when it’s an unplanned move. Even more so when it’s on short notice, and you are a freelance network consultant running multiple web server out of your home. To make matters worse, I crashed a hard drive along the way, and won’t have a business internet connection for some time. Fortunately, I use no-ip.com so I am able to temporarily host this site on my dynamic IP. Hopefully life will return to normal soon.

Encrypted USB drive in Ubuntu

Today I went to the Linuxforum BOF day where I attended a session about encrypting your personal files. This made me remember a post read some time ago (check out the screen cast). I guessed that this functionality would be in Ubuntu Edgy by now so I just went ahead and tried to make my USB pen drive encrypted.

This is how I did it:

1. First install the needed software

   sudo apt-get install cryptsetup
   

2. Make sure your USB disk isn’t mounted. Then partition the USB pendrive the way you want it, if it isn’t already partitioned (I made one big partition on mine /dev/sda1).
   Note: Don’t mount the disk afterwards!
3. If you havn’t rebooted your computer since you installed the cryptsetup package, you might have to load the device mapper crypt module manually:

   sudo modprobe dm-crypt
   

4. Now make the partition encrypted:

   $ sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sda1
   
   WARNING!
   ========
   This will overwrite data on /dev/sda1 irrevocably.
   
   Are you sure? (Type uppercase yes): YES
   Enter LUKS passphrase:
   Verify passphrase:
   Command successful.
   

   If you get the error:

   Failed to setup dm-crypt key mapping.
   Check kernel for support for the aes-cbc-essiv:sha256 cipher spec and verify that /dev/sda1 contains at least 133 sectors.
   

   Make sure that the disk isn’t mounted. And make sure you are using the right device. You can use dmesg to check which device the disk have been assigned. You might also wanna check that the the module dm-crypt is loaded (lsmod | grep dm).

5. Now attach the encrypted partition.:

   $ sudo cryptsetup luksOpen /dev/sda1 sda1
   Enter LUKS passphrase:
   key slot 0 unlocked
   Command successful.
   

6. Now create a filesystem on the new encryptet device:

   sudo mkfs.ext3 /dev/mapper/sda1
   

7. Remove the tempoary device mapped to the encrypted partition:

   sudo cryptsetup luksClose sda1
   

8. Now remove the your usbdisk from the USB plug, and reinsert it and Ubuntu should find it and ask for the passphrase.

In this Article, Microsoft suggests placing taxes on Internet usage to fix security breaches…

Unbelievable. Microsoft produces Windows, which has been security ridden since it first entered the Internet. Microsoft has been pay VERY well for their product. Microsoft has not fixed their problems. Now Microsoft want the consumer to play extra taxes to help fix their problem.

I have another idea:

How about we dump the Microsoft garbage and just use Linux/Unix/BSD based Operating systems, and eliminate 90% of those security threats in a single stroke.

How do them guys sleep at night?

The terms that they use, but what they REALLY mean:

“New”
means
“Different colours from previous version.”

“All New”
means
“Not compatible with previous version.”

“Exclusive”
means
“Nobody else has documentation.”

“Unmatched”
means
“Almost as good as the competition.”

“Design Simplicity”
means
“The company wouldn’t give us any money.”

“Fool-proof Operation”
means
“All parameters are hard-coded.”

“Advanced Design”
means
“Nobody really understands it.”

“Here At Last”
means
“Didn’t get it done on time.”

“Field Tested”
means
“We don’t have any simulators.”

“Years of Development”
means
“Finally got one to work.”

“Unprecedented Performance”
means
“Nothing ever ran this slow before.”

“Revolutionary”
means
“Disk drives go ’round and ’round.”

“Futuristic”
means
“Only runs on a next generation supercomputer.”

“No Maintenance”
means
“Impossible to fix.”

“Performance Proven”
means
“Worked through Beta test.”

“Meets Tough Quality Standards”
means
“It compiles without errors.”

“Satisfaction Guaranteed”
means
“We’ll send you another pack if it fails.”

“Stock Item”
means
“We shipped it before and can do it again.”

In Windows, typing

IPCONFIG /ALL

produces:

Windows IP Configuration

Host Name . . . . . . . . . . . . : host-name

Primary Dns Suffix  . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-24-XX-XX-XX-XX

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 64.XXX.XXX.220

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 64.XXX.XXX.1

DHCP Server . . . . . . . . . . . : 209.XXX.XXX.135

DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220

Lease Obtained. . . . . . . . . . : Thursday, January 07, 2010 12:42:26 PM

Lease Expires . . . . . . . . . . : Thursday, January 07, 2010 8:42:26 PM

You can plainly see all the information you need to know. How do you do that in Linux? Well, the answer depends on which distro you are using and which packages you are using, but here are some answers:

“route -nee” produces (Some fields have been chopped off):

Kernel IP routing table

Destination     Gateway         Genmask

192.168.100.0   0.0.0.0         255.255.255.0

69.XXX.XXX.0    0.0.0.0         255.255.255.0

169.254.0.0     0.0.0.0         255.255.0.0

0.0.0.0         69.XXX.XXX.1    0.0.0.0

“ip route show” produces:

192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.101

69.XXX.XXX.0/24 dev eth1  proto kernel  scope link  src 69.XXX.XXX.225

169.254.0.0/16 dev eth1  scope link  metric 1000

default via 69.XXX.XXX.1 dev eth1  metric 100

“ifconfig” produces:

eth0      Link encap:Ethernet  HWaddr 00:d0:b7:3c:dd:4f

inet addr:192.168.100.101  Bcast:192.168.0.255  Mask:255.255.255.0

inet6 addr: fe80::2d0:b7ff:fe3c:dd4f/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:18365 errors:0 dropped:0 overruns:0 frame:0

TX packets:15981 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:1987703 (1.9 MB)  TX bytes:11111362 (11.1 MB)

eth1      Link encap:Ethernet  HWaddr 00:1a:4d:94:75:43

inet addr:69.XXX.XXX.225  Bcast:69.XXX.XXX.255  Mask:255.255.255.0

inet6 addr: fe80::21a:4dff:fe94:7543/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:59590 errors:0 dropped:0 overruns:0 frame:0

TX packets:11997 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:11600972 (11.6 MB)  TX bytes:3977507 (3.9 MB)

Interrupt:23 Base address:0×6000

lo        Link encap:Local Loopback

inet addr:127.0.0.1  Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING  MTU:16436  Metric:1

RX packets:4709 errors:0 dropped:0 overruns:0 frame:0

TX packets:4709 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:1042664 (1.0 MB)  TX bytes:1042664 (1.0 MB)

“cat /etc/resolv.conf” produces:

#Open DNS

nameserver 208.67.222.222

#Google DNS

8.8.8.8

#Open DNS

nameserver 208.67.220.220

#Google DNS

8.8.4.4

That should give you the information you need.

Content Filtering

(Ubuntu 9.10)

Objectives:

1. Add content filtering to an existing Ubuntu system.

2. Prevent user from bypassing the filtering system.

Software:

Open a terminal and type:

user@system:~$ sudo apt-get install iptables dansguardian squid

Configuration:

1. Squid

Open a terminal and type:

user@system:~$ sudo gedit /etc/squid/squid.conf

change this line:

http_port 3128

to

http_port 3128 transparent

Save file then open a terminal and type:

user@system:~$ sudo /etc/init.d/squid restart

2. Dansguardian

Open a terminal and type:

user@system:~$ sudo gedit /etc/dansguardian/dansguardian.conf

change this line:

UNCONFIGURED

to:

#UNCONFIGURED

Save file then open a terminal and type:

user@system:~$ sudo /etc/init.d/dansguardian start

3. Test Proxy

Open Firefox

Go to http://tits.com or other known bad site.

The site should display.

Now in Firefox select

Edit > Preferences > Advanced > Connection > Settings

Select Manual proxy configuration

In the HTTP Proxy box type: 127.0.0.1 Port: 8080

Place a Check in the box labeled Use this proxy server for all protocols

Click OK then Close

Go to http://google.com and Google should be displayed. Click Refresh and verify it’s still working.

Go to http://tits.com or other known bad site.

The site should show as blocked. You may have to hit refresh for this to work.

At this point, the proxy is working.

Now in Firefox select

Edit > Preferences > Advanced > Connection > Settings

Select No proxy

Click OK then Close

4. Test iptables

iptables is the firewall for Ubuntu. If you are using a firewall front end such as shorewall, etc. then you will have to adapt the concept below to your particular configuration. On a clean install of Ubuntu, this will work as written.

Open a terminal and type:

user@system:~$ sudo iptables -t nat -A OUTPUT -p tcp -m owner ! –uid-owner proxy –dport 80

-j REDIRECT –to-port 8080

This tells the firewall that outgoing web requests requested that are made by anyone other that the proxy should be redirected to the proxy

Open Firefox

Go to http://tits.com or other known bad site.

The site should show as blocked. If so, the firewall is correctly configured as a transparent proxy.

Now, to make the changes permanent.

Open a terminal and type:

user@system:~$ sudo gedit /etc/init.d/tproxy

Add this line:

iptables -t nat -A OUTPUT -p tcp -m owner ! –uid-owner proxy –dport 80

-j REDIRECT –to-port 8080

Save and exit.

Issue this command to make the file executable:

user@system:~$ sudo chmod a+x /etc/init.d/tproxy

Issue this command to make the above script run at startup:

user@system:~$ sudo update-rc.d tproxy

That’s it.

http://www.tranquilpenguin.com