Sunday, January 31, 2010

Ten Tips for Keeping Windows Fast and Secure (Part 2 of 3)

5. Don't install free or cheap applications unless it's open source.
    There are some exceptions to this too such as AVG Virus Scanner. However most free or cheap closed source applications want something in return for that low price. Perhaps they give you spyware, or they will start harassing you to buy a license. Even if this is not the case the coder can unintentionally create a vulnerability or fail to patch a vulnerability. Adobe Acrobat Reader is a free application supported by a major software company and even that has introduced vulnerabilities. Open source applications are exceptions because they can be maintained and critiqued by others. With all software though you have to justify the risk with the rewards. These applications also have to be updated, windows will not do it for you. Ubuntu will keep all your applications up to date which is a huge plus for linux security.

6. Don't install extra applications.
    When installing any application, use advanced install and un-check any offer to install additional applications. Even applications from Adobe and Apple ask to install something else, always say NO. If you are installing iTunes, don't accept Safari too. Don't install any software if you aren't going to use it.

7. Turn off nearly every program that is running near the clock.
    Programs running in the background are a huge risk because they can be listening for or communicating with the internet without you knowing. Each one also takes a little speed away from the computer. While turning all all unneeded background tasks can require a degree in computers, most of us can get the tasks near the clock to stop running. Of course there are windows provided icons and your virus scanner that must remain. But you don't need that office toolbar, Adobe updater, etc.

Saturday, January 30, 2010

Ten Tips for Keeping Windows Fast and Secure (Part 1 of 3)

1. Use Firefox for internet browsing.
    Internet Explorer has been one of the weakest points in windows security. Using Firefox eliminates a huge portion of risk and supports web standards better than internet explorer. Did you know most websites run special compatibility code just for internet explorer?

2. Turn on automatic updates. Ensure it runs daily.
    Many people don't even turn on automatic updates. And if you aren't updating because your Microsoft Windows is an illegal copy, you are even more vulnerable. If you need a legal copy and have more than one computer in the family you can save money by getting a family pack. If you can not afford it, switch to Ubuntu for free.

3. Ensure you choose shutdown and install updates before turning off your computer.
    Every night you should choose to shutdown and install updates. This ensures updates are getting installed, it also reduces the number of lockups and slowdowns you can have from running windows too long. Also you are helping to stay green by not keeping the computer on all night.

4. Don't install browser toolbars or plugins.
    There are some exceptions but toolbars and plugins in general are another point of vulnerabilities and web speed issues. They just aren't worth the risk no matter how cute they are. Plugin exceptions are flash and ad blockers.

Friday, January 29, 2010

Building a Mini Computer at a Mini Price

I have been excited by the idea of Mini ITX computers recently. These motherboards usually have everything built on them with the exception of drives and memory. So put one of these in a case, add some drives and a stick of memory and viola, you have a great little computer. (hopefully cheap too).

Mini ITX motherboards start at around $60 for older models and go up to about $200 for some graphics beef. However I have really liked Intel's newest offering (Released 12/09). The Intel D510MO Mini ITX. This latest motherboard boasts a 64bit Dual core hyper-threaded 1.6ghz CPU. It's not the fastest but it draws under 20watts of power and is passively cooled, meaning no fans are needed. The price of this board is supposed to be around $75 but this early in the release, the cheapest I could get one is $79 + $9 shipping from mini-box.com. Mini-Box also sells one of the smallest ITX cases too, the M350.

With this design it's possible to build a decent computer with no moving parts. I however decided I would spend a little less and opted for a 250GB WD Blue hard drive and a Rosewill Mini ITX case. Solid State drives are still a little pricey.

Since my purpose is for a low power linux server with nice upgrade options, I skipped the DVD drive. I have an external DVD I can use to load the OS and after that all upgrades and new software is installed online.

I managed to build the entire computer for $220. Though I know some of these prices may fluctuate and it could cost up to $260 for the same computer depending on the day of the week.

Here is my parts list (shipping included) as well as possible upgrade options for those who want them:
Intel D510MO Motherboard/CPU $90
Rosewill Mini ITX Case $40
Crucial 2GB DDR2 800 $40
Western Digital 250GB Blue SATA drive $45
Ubuntu Linux 9.10 - FREE!

Total $215

Optional Upgrades:
Internal Mini PCI Express Wireless $15
Wireless Antena - Get the antena and pigtail cable from the bottom of the wireless card page. about $10
Slim Internal DVD Reader/Writer $45
Broadcom HD Mini PCI-E decoder Card $25 on ebay.
m350 Case and powersupply $79

Thursday, January 28, 2010

Security Camera Recommendations

There have been some break-ins in a few neighborhoods around my house. Mostly just smash and grabs with stuff left in cars. My Wife had her ipod stolen and a dvd player two years ago, so I have been personally affected.

Since then I have been on the look out for outdoor security cameras which have a decent image at night and don't cost a fortune. I've not been happy with many of the options I have found but after quite a bit of research I have narrowed it down to two cameras.

Both cameras are capable for outdoors. Both can perform at night. Though the Panasonic may need SOME light from a porch light.

Panasonic bb-hcm531
Offers Pan/Tilt controls.
Power Over Ethernet (PoE)
Must buy a PoE adapter or switch
Sample Images: http://www.amazon.com/gp/customer-media/product-gallery/B000P7X438/ref=cm_ciu_pdp_images_1?ie=UTF8&index=1


Y-Cam Black - $269 or $999 for 4
http://www.y-cam.com/y-cam-black
Wireless networking, just need power.
No Pan/Tilt. Its fixed
IR LED for night illumination
Must buy outdoor housing for $99 more per camera.
Sample Live Camera here: http://ycam3.dtdns.net:8150/en/login.asp
Login is guest Password guest


At this point I don't see the need for pan tilt because once it's set there should be little reason to move it. I've looked for other options but with the low light requirement and outdoor mounting you can't get much better image wise without spending at least $1200.

The cameras can serve the video themselves over the internet, but I'm going to try to use ZoneMinder. A free security application which can control multiple cameras.

As of now, I'm going to buy the Y-Cam Black because it seems to be easier to install and has a true night vision mode. The pan and tilt just isn't that important for what I need. To install the Y-Cam properly you should run the power cable through the soffet(sp) and in the attic run an outlet from the nearest junction box. I'm thinking of avoiding ladders and just mounting it outside a window and run the power through the window. We'll see.

Wednesday, January 27, 2010

The big photography question.

I have many people ask me what they should buy for a digital SLR or for a lens. If you are new to SLR photography or if you care about your budget, I recommend the Canon Rebel XSi.

Why Canon?
Because they are generally cheaper than the other manufacturers. Sure you can get a good deal on a body from other manufacturers but you will start to pay for it later when you want to expand. Another benefit from using Canon is more choices. Canon has more lens options and accessories than any other manufacturer.

Why a Rebel XSi?
If you are bothering to ask what to get, it means you don't know what you need. Until you know you need a very specific feature and you know you will actually use that feature, don't buy it. The easiest thing you can do is over buy on the body and skimp on the lens. Don't buy a Canon 50D or 5DII if you don't know what truly makes it different in a practical manner. Your pictures will NOT look better and your wallet will be much lighter. The other rule is don't get sucked into megapixels. 3 Megapixels can make a decent 8x10 and after 5 megapixels it will be hard to tell the difference between that and an 8x10 from a similar quality 22 megapixel camera. The rebel XSi is an outstanding camera. It's pictures will look just as good as the pictures from a 50D or a 5DII which is why the others are a waste.

Video?
I don't buy still cameras for video and I don't buy video cameras to take stills. These cameras aren't made for that. The controls and handling are messy, memory is limited, and battery life won't hold up the same. In the end, I just say don't buy camera x because the manufacturer also decided to put video into it. There are videography enthusiasts who buy some of the recent SLRs just to use them for video. But those people are buying only for the video and not the still. It's different, they have a very specific need and they have researched enough to know how one of these SLRs will help them and in which ways they will hinder them.

Which lens?
If you have the money (because you decided to save money and buy the XSi) I would put money into the lens. The first thing a beginner wants out of an SLR is super telephoto zoom. They see some gigantic lenses on an SLR and assume that they really 'zoom' in. This is not always the case. Lenses get bigger as their 'quality' improves. They also start to cost a fortune! Either way, here are some recommendations:
If you don't have extra money, just stick with the kit lens until you have money and know what you are missing.
Also popular once you figure out why you need them:
If these prices scare you, perhaps you should consider staying with a high end point and shoot camera. One of my favorites is the Canon s90. For photographers, all the lenses above are considered inexpensive. Some readers may notice a slight contradiction between my lens recommendations and body recommendations. Yes many people get outstanding pictures from the pure consumer lenses like 70-300 or 18-55, etc. However if you really want to do some of the more creative work with photography you need to avoid buying your lenses at big box stores.

Investing:
Also lenses are more of an investment. They don't loose value like a Camera will and you will generally keep them longer than your camera. I have had a lens which I bought for $800, used it for an entire year, and sold it to someone for $750 on ebay. Basically I paid $50 to rent a $800 lens for an entire year. And no it wasn't luck. Lenses can go up in value too. Exception: The cheap kit lenses, ie 70-300, always drop in value the instant you buy them.  Camera bodies always drop in value in relation to how many newer models there are from the same line.

Enjoy your camera.

Tuesday, January 26, 2010

FTP Server with Ubuntu 9.10 Server

I still use FTP. Mostly because all the other methods I looked at (WebDAV, SFTP, and Web Based file server) were all missing one thing or another that I feel I need. I have the following types of needs:
  • I need a ftp location that a user can upload into, but not download or see. (Drop box)
  • I need someone else with the ability to download and delete files from that dropbox
  • I need an group that can read/write one particular folder (shared workspace)
  • Another group that can access that same shared workspace while also giving access to another folder with read only permissions (Library).
  • I need a group that can access the same Library folder mentioned above. But not access the shared workspace.
I had other types of configurations which I decided I could drop from the requirements for now just to make my life easier.
Other requirements:
  • Minimal configuring, management, trouble shooting for individual users
  • per user bandwidth control, 
  • nat support, 
  • simple client instructions/requirements, 
  • and for most of the shared files to come from a SMB NAS.
I have used a windows FTP server for over 5 years to achieve all of the above. The windows FTP server I preferred was called bulletproof or G6 depending on how far you go back. It is actually an excellent server that I recommend to anyone in the windows world. Here are some of the features that I used:
  • Virtual Users (A user list managed by the FTP server instead of the OS)
  • Virtual Groups
  • Per User/Group bandwidth throttling
  • Easy user setup by just picking their group.
  • Chrooted Users (Keep the user from getting to the rest of your file system)
  • Virtual Links and Link traversing
  • Virtual Folder Permission control
  • Nearly all folders on a network NAS device (Buffalo Terrastations)
  • NAT Traversal/Passive FTP
  • Non Standard Port
  • etc.
In the next FTP posting I'm going to show how I came close enough to these features in Ubuntu 9.10 Server to eliminate another windows machine using Pure-FTP. Surprisingly there wasn't just one hurdle for accomplishing this, but nearly every feature had to be painfully worked out. On the plus side I have more features than I had before and I have better options to manage the server.


Monday, January 25, 2010

More about my blog

The reason I have this blog is so I can record solutions to problems. Sometimes these solutions in part or perhaps in full come from another blog, forum, etc. I am not here to take any credit away from the original authors (who themselves most likely got the solution in a similar manner) but to have a log of things that worked for me.

I have solved problems in the past and one day needed to reapply the solution only to discover that I can not find where I got the original solution from. This is where my blog comes in. These solutions are important to me and I may need them in the future. In every case, if I can find where I got some of my information I will link to it. But at the same time I'm going to list a copy of the critical steps, in case the link doesn't work one day.

I encourage you all to go to the original solutions because it may have more detail, additional instructions, and perhaps screenshots. All of which I won't copy because it doesn't apply to what I need.

Sunday, January 24, 2010

How-To: DOD CAC Card on Ubuntu 9.10 (Webmail, AKO, DKO)

Whenever I'm faced with a problem I first turn to google. I used to go to a particular forum and just search that but now the forum searches are used if google doesn't find the answer first. Well the other day I needed a way to use my CAC card at home. And I preferred to use it inside Ubuntu.

This is the article I used to configure my CAC: http://www.hrgeeks.com/2008/11/21/using-a-dod-cac-with-ubuntu-and-firefox/

Below I'm pasting the actual commands from the article above: (slightly modified as I noted some changes)
  • apt-get install libccid pcscd coolkey
  • In firefox  Edit-Preferences-Advanced-Encryption-Security Devices-Load
  • Use DoD CAC for the module name and /usr/lib/pkcs11/libcoolkeypk11.so for the file.
  • Click OK on the next few popups. 
  • Back on the Security Devices page, insert your CAC, and make sure Login lights up. 
  • You may want to make sure you have the security device under DoD CAC selected.
If you can't get the login button to activate, you may need to update the CAC reader or get a new CAC reader. I chose to just buy a new keyboard with a CAC reader from Dell.

Go to http://dodpki.c3pki.chamb.disa.mil/rootca.html and select each of the certificate links starting at the top. Firefox will prompt you, just accept the prompts. If you believe the DOD page has been hacked you can validate the certificates before accepting them, but that's up to you.

Finally go to the site you want to access (webmail, AKO, DKO, etc). For me I needed webmail. When I visited the site it asked me which certificate to use. I first selected the certificate that indicated it was for authentication. This didn't work and the site refused to work again. I undid this mistake by doing the following:
  • In firefox  Edit-Preferences-Advanced-Encryption-View Certificates-Servers
  • Find the website in the list and delete it.
Now go back to the DoD site and choose the correct certificate. For webmail access it ended up being the email signing certificate.

Here is the official Ubuntu help page. It may have more guidance if you get stuck. I didn't find this page until now so I wasn't able to use it.
https://help.ubuntu.com/community/CommonAccessCard

To Do Another Day:
  • My browser asks for my pin and for me to choose the certificate on every visit. Not bad, but I would like it to remember the certificate.
  • Enable email signing via webmail.

Saturday, January 23, 2010

Photography 101

I am a photographer. As such I have lots of advice I can share. Please drop a question below and I'll try to answer it or send you in the right direction.

However for now I'd like to share a series of books which I found are packed full of great information for the beginner or advanced photographer.

The Digital Photography Book by Scott Kelby.














This book was amazing to find. So many of the books I have bought really have to be scoured to find nuggets of information. This book just piles them all on!

Check it out, and btw its not very expensive.

Friday, January 22, 2010

Watch Out! You are getting ripped off.

If you aren't aware, or you have believed these devices to be obvious, please look at some of these photos of ATM Skimmers. ATM Skimmers are devices built to look like they are a part of the ATM machine, but they are made and attached by theives. They record your card and have a camera which 'sees' what pin you type. Some skimmers even have a cell phone hidden away so they can send the data remotely.

Here are links to some articles with pictures, and below I will suggest a partial solution.
http://www.boingboing.net/2010/01/16/atm-skimmer----could.html

Here is a pic of a slot with a skimmer in place: http://twitpic.com/4pkn3
Here is a pic of a panel mounted to the top of the ATM which captures your pin and transmits via cell phone: http://twitpic.com/4pknu

A google search leads to many other pictures:
http://images.google.com/images?q=ATM+skimming

TIPS:
  • Avoid ATMs placed in secluded areas.
  • Be wary of anything that looks suspicious about the ATM slot (extra seams, different color plastic, etc)
  • Try to cover your hand while typing your pin.
  • Fake type numbers with your pin. Meaning between actual key presses make it look like you are pushing other keys.
  • If possible only use your bank ATMs and learn what they really look like.

    Thursday, January 21, 2010

    Project Ubuntu

    I like the idea behind linux and open source. I like the cost in general which is usually free. Also I don't mind paying for good closed source applications which at least play nicely with the open source community, ie. runs on linux

    In general I use the Ubuntu Operating System www.ubuntu.com for my day to day activities. It was amazingly easy to install and use. It runs much faster than windows ever has and I don't worry as much about viruses and spyware. I've given it to some people who love it and some people who didn't like it. If you are open to trying something new AND FREE, I recommend you give it a fair try. In the long run the benefits will outweigh any shortcoming.

    If you need any help, there are local groups all over the world who would be happy to help you get going. You can find them here: https://wiki.ubuntu.com/LoCoTeams

    If you aren't ready to take the plunge, I recommend trying some of this free software on windows:
    Open Office - www.openoffice.org
    A great stand in for Microsoft Office. It can open and save in Microsoft formats saving you tons of money. It also can save as PDF making life much easier.

    Firefox - www.getfirefox.com
    Excellent web browser recommended by geeks. While Microsoft Internet Explorer is free, in my experience it is too risky to use. Just by using Firefox as my browser I have saved myself from many viruses and spyware infections.

    Picasa - www.picasa.google.com
    Photo manager/editor. Not open source, but free. The reason I recommend it is because it is very user friendly and if you ever do move to Ubuntu it is also available there.

    GnuCash - www.gnucash.org
    Money Manager. I have used others and this application works very well. It allows import from many formats and has served all my needs well for the past year.

    I believe that if you get used to using free software, you will want more free software. Also when you finally move to Ubuntu you will already be familiar with the majority of your daily software.

    Ubuntu is free, but if you want to get some disks and a book here is a link for amazon:

    Wednesday, January 20, 2010

    Ohh Wow.

    Here is my first post to the Techorator. A Blog about tech and more. I'm not a great writer and for the most part, my blog will be a personal record of tech problems, solutions, and things I find interesting. At this point it's more of a virtual note pad for me to remember things while occasionally giving something back to the readers.

    Just a little about me:
    1 Wife
    1 Boy
    1 Dog
    1 Fish
    3 Jobs
    Lots of computers and other toys.
    Strange sense of humor.