While I respect the fact that a command line interface is the most secure server implementation for Linux, I am very excited about the basic user interface provided by the open-source project Webmin. Have you ever wanted all of your commonly used server functions centralized in one easy-to-read, tree-based webs interface? Webmin's checkboxes make server configuration easy, and prevent common mistakes due to incorrect task settings. Although you can use the command line tasksel function to select server roles or "tasks," you can also verify your server tasks and their settings through the Webmin interface. Initial installation and configuration of Webmin is simple and you will most likely access Wemin at http://my host:10000, where my host is typically the name of your machine, for example "ubuntu_one." Webmin accepts third-party plug-ins from a variety of open-source projects, including Squid proxy server and CUPS print server, and open-standard IPSec VPN.
Webmin may not be necessary on a single-purpose dedicated server that only needs to be configured once, however on an actively modified server, it can save time and prevent configuration mistakes.
Whenever you interact with a customer or contact through a website, you open your web server to potential exploits accessible through the user's input. Security standards suggest that all web input should be validated, before being passed to php or SQL routines. While a reverse Turing test, such as a "Captcha" function, can prevent robotic intrusion, a secure website must go further and prohibit certain forms of regular expression that would not be valid for the input field. Hacker tools such as Armitage's Metasploit implementation can be used preventatively in penetration testing, or may be encountered "in the wild," operated by malicious hackers. Programs of this nature will probe your site for SQL implementation problems, and attempt to exploit code vulnerabilities in the user interface. Input validation becomes your line of defense, and regex your key to excluding unwanted command input.
RAID stands for Redundant Array of Independent Disks. There are many forms and flavors of RAID, but the goal is the same: data storage and rapid retrieval. RAID [disk arrays] typically provide two or more linked hard drives that either back up or speed up data storage and delivery. The simplest form, RAID 0, provides disk striping, which uses two or more hard drives to speed up data storage and retrieval. RAID 1 provides mirroring, which means the data is duplicated across two or more hard drives. That way if one drive fails, the other can still provide the information, while the failed drive is being replaced. Other RAID levels, such as RAID 6 provide even more redundancy, allowing two or more disks to fail before data is lost.
I recently designed a web server for a local translation agency, and I was asked to provide a RAID solution for worldwide data delivery at a reasonable cost. The server is running Linux CentOS, a Red Hat clone.
A RAID card can provide a hardware-based RAID solution, but a good RAID card is expensive, ranging from $150 to $650. The RAID card determines which drive receives data in which phase of the write process, and where that data is stored. However there are two other methods of creating a RAID that do not require an additional card.
The server's motherboard has a SoftRAID on chip, allowing me to set up a RAID in the BIOS, but Cent OS requires that its boot partition be separate from the RAID, and with Intel SoftRAID it is not easy to create a small, non-RAIDed partition. The SoftRAID wants to put the whole disk into the RAID, while we only need a small space on one disk for the boot partition.
I chose to use an open source tool called mdadm, multiple device administrator, to create a software RAID called an md (multiple device). Md0 uses four 1Tb hard drives to stripe and mirror data for redundancy and speed. I chose a RAID 1+0 array, because it increases the speed of disk access (RAID 0) and mirrors the data (RAID 1), simultaneously. That means that any one drive can fail without data loss, and up to two drives can fail if they are in separate mirrors.
The mdadm configuration tool also allows the administrator to configure where on the disk to write. I chose to use an f2 layout, or "far" layout. In this case, "far" means that data is written to two locations on the drive, one that is quicker for the drive to access, and one that is "farther" for the drive to access. While this means that write speed is slower (the drive spindle has to move farther to write), read speed (from the closer block) is much faster, coming close to, or equaling RAID 0 speeds. As users worldwide hit the database, I am assuring optimal availability and redundancy.
I recently dove into a thorny Mac issue. My client's MacBook Pro wasn't waking from sleep. It seemed to be stuck in hibernation mode. This would happen when the lid was closed, and could be easily observed by adjusting the sleep settings to their shortest value. At the same time a slower-than-molasses startup seemed to hang at the blue screen (indicating the loading of the user profile). Diagnostics revealed nothing: The hard drive checked out OK and memory tests came back with no errors.
Of course I tried the usual Mac routine: Restart in Safe Boot, Zap the PRAM, Reset the system configuration by holding down the power button with the battery and power cord removed, and Verbose Boot. Verbose boot gave me a clue: The delay occurred when the video chip drivers initialized. This MacBook contained an Intel video chip, which activates a software kernel extension on startup to operate correctly. The boot would hang for two minutes while initializing the video. Could the kernel extension (kext) be corrupted?
After booting, the computer appeared to operate correctly, with no observable problem other than not waking from sleep. Because the blue screen indicates the loading of the user profile, I first removed the login items, then renamed the user profile, triggering the creation of a new, generic user. No luck! At this point I had to consider reinstalling the OS to replace corrupt system files.
I repartitioned the drive, and reinstalled the OS. The startup issue was gone, but the sleep issue remained. And as soon as I updated the OS the startup issue returned! Could the update for the Intel video kext be the problem? But Apple thoroughly tests their updates, and reinstalling the OS should have resolved any software issues. After all, there is no non-Mac hardware involved, the machine worked fine until recently, and there was no update concurrent with the start of the problems. I was also experiencing intermittent problems with the DVD drive.
In the end, I brought the MacBook to the Apple Store where they plugged in a diagnostic tool. The tool could not read the diagnostic information from the MacBook, indicating a failure on the main board. My client decided to send the MacBook in for refurbishing, and it was returned with a new screen, new main board, new DVD drive, and with the scratches buffed off of the case (possibly a new case?). She says it runs better than when she got it!
This is one example where it took a lot of work to pin down the issue. There were no clear diagnostic indicators, other than the delay in the Verbose output on boot. The machine ran fine after the slow boot, and the sleep mode could be turned off or delayed. But a Mac user expects their machine to function with high quality performance, and logic board issues could worsen over time, causing data loss. I'm glad we were able to pin down and repair the problem!
I priced, purchased and installed the hardware for a retail grocery point-of-sale system, with only one hitch. Instead of the USB scanner I ordered, they sent me an RS-232 scanner. After the vendor failed to respond to my complaints, I realized that I needed an immediate solution to get the shop up an running on the new POS. I tested the RS232 connection on COM1 and COM1 received input from the scanner, but that data did not show up in the POS.
The problem: Although a serial connected scanner can easily send data to the OS through the COM1 port, our POS uses an internet browser for its touch screen GUI. COM1 data must be translated into keystroke text strings to register in the (browser-POS) UPC display fields.
The solution: After some research I found an excellent tool that runs extremely light on the system, called PC Wedge. PC Wedge translates the COM1 messages for the browser and bang, we are off an running! I have PC Wedge and the internet browser activate with the OS startup, so when the staff turns on the machine, all they have to do is to log in on the POS and they are ready to ring up customers.
Windows Vista oftens ships with limited sound processing functionality. For example, Sony VAIO and Toshiba laptops ship with fully functional sound cards, but if you try to record you will find only a microphone input available. That may be fine for video chat, but what if you want to process sound in a production environment? There is a solution:
Click the Start button, and select Control Panels. Choose the Hardware and Sound control panel. From the Sound section, select "Manage Audio Devices." The Sound manager window will appear, with three tabs: Playback, Recording and Sound. Click on the Recording tab. On many systems, only a microphone input will be listed. To see the full range of your sound card options, right-click in the blank area of the window. Check the line for "Show disabled devices."
You should now have a choice to activate "Stereo Mix" or other sound card functions. Stereo Mix will give you an extra slider in your volume controls (at the lower right of the taskbar), allowing you to control the volume of your mix. Now you can record from software inputs.
As wireless networks proliferate, wireless interference is becoming a bigger issue, especially for small business in a metropolitan area. The number one symptom is an intermittent connection. If your signal strength is already low, you may be receiving an interfering signal from a neighboring router. Two solutions are possible.
Some routers allow you to boost the power of the signal, for example the new 2-WIRE boxes from AT&T, which offers power settings from one to ten. Your other option is to scan the surrounding signals to determine if there is a free channel. Channels 2, 3, 4, 5, 8, 9, and 10 simply overlap the main U.S. channels of 1, 6, and 11. Therefore it's really only beneficial to use the non-overlapping channels. Switch to 1, 6 or 11 and retest. Higher frequency channels may provide better resistance to interference.
A client brought me a beautiful XPS system. The hardware is neatly packed into a small case and is easy to remove. Unfortunately the system failed to start up. I checked the BIOS and it was detecting the hard drive. Other settings seemed normal, however the Advanced Host Controller Interface was active.
AHCI enables hot-plugging of SATA devices, and is normally enabled in a RAID array. As there was only one hard drive present, SATA cabled, I wondered if AHCI was necessary. The alternative was plain-vanilla SATA. After disabling AHCI the computer started up properly. Obviously the AHCI/RAID drivers were not installed or had been corrupted, so the computer halted when booting the drive at startup.
Instead of replacing the AHCI drivers (available from Intel), I turned off AHCI. Activating AHCI really isn't worth the effort on a system with a single drive. You already have lightning-fast access with SATA!
I recently added horizontal drop menus to the Portage Park District website (www.portageparkdistrict.org). CSS drop-downs take advantage of unordered lists, which they supplant by applying styles and using opacity to create visual effects. During the process two key CSS rules were reinforced:
Internet Explorer will interpret your CSS differently from Firefox. Where Firefox uses the CSS standard and displays CSS beautifully, IE will require some tweaks and adjustments. There goes Microsoft again, trying to be different. Are they steering us toward their proprietary solution? Looks fine in Firefox? You are going to have to test in IE over and over again!
I just finished cleaning up a Presario 2100, an older model notebook suffering from a keyboard problem. While typing, certain letters drop out, leaving words without h's i's and j's (among others). It has been suggested that this is related to the keyboard connection. However, I suspected that this was not the case (and I did not want to open the case ;^). Digging deeper I began to realize that it was actually the battery that was causing the problem. The battery had been dead for years, but somehow it was still interfering with the bus. When the battery was removed, the keyboard functioned perfectly, but when the battery was back in it started stuttering again.
The solution: I removed the terminal plug on the battery, popped it back in without its connector, and the machine is working great!
Extreme spyware infestations require extreme measures. Repartioning /wiping the hard drive and reinstalling Windows is the safest solution. If you reinstall Windows XP from the original system CD, it will usually install either Service Pack One, which has only limited firewalling capabilities, or Service Pack Two, if you are lucky. However, Microsoft is making the Service Pack 3 update available for download at:
Burn the installer to a CD, and you are good to go. You do not need to boot from the CD to run the Service Pack 3 installer.
In lieu of the SP3 update, you will need to install a third-party firewall (I would suggest the light-weight Filseclab personal firewall) BEFORE connecting to the Internet. After restarting with the firewall active, you can proceed to the Windows Update site to activate automatic updates, and download Service Pack Two and Three. It is a time-consuming process, and when you have a clean system you might wish to ghost it to CD or DVD for future reinstalls.
P.S. The answer to my Windows USB device problems was simple: My old computer was not supporting USB 2.0. So I can't really blame Winrot, can I?
Chalk it up to proprietary software, or call it a case of Winrot: I've been running my XP system for two years now, and with the constant updates it is rapidly filling up my hard drive. I was able to attach a Canon LIDE-certified scanner, by downloading the driver, however installing my other peripherals has been more difficult.
XP registers my Epson 870 printer, and I have been able to download and install the driver. The paper cycles through, the print heads move, but nothing is printed on the paper. I also used the installer CD with worse luck. The driver on the CD fails with a "communication error." I would love to spend hours troubleshooting this printer, but I do not have the time.
The solution: I plugged it into by Ubuntu Linux machine which instantly recognized the printer, and installed the Gutenprint adapter for the 870. I immediately began printing in vivid color!
XP registers my digital camera, and I installed the accompanying software from the CD. Does it transfer photos? No. It fails every time, with no explanation. USB again, however my USB thumb drive and Zip drive work just fine!
The solution: I plugged the camera into Ubuntu, which pulled up a download interface and began copying my photos on command. No need to download or install software.
So why I am I still using XP? It's got support for Adobe Shockwave, but that may be about all it's got going for it. The user interface is good in XP, but I'm tired of the Genuine Advantage program updates. After hearing the horror stories, I shudder every time it installs and runs the Genuine Advantage tester. I know my product key is legit, and I have the original CD, but I feel like I am at the mercy of Microsoft. Of course Genuine Advantage needs to talk to Microsoft Corporation, open a port in the firewall immediately!
A recent Windows XP update (KB951748) caused an internet lockout for Zone Alarm users. I often install ZoneAlarm for my clients with ongoing security issues because it allows them to see incoming and outgoing traffic messages. This can be very informative for users, helping them to understand how many times their computer is connecting to the internet, and where it is reporting. Although the Windows XP firewall is equally robust, it tends to remain invisible to the user, and they may not even be aware if it is on or off.
Of course, the simplest solution to this problem was to activate the XP firewall, and deactivate ZoneAlarm. Thanks Microsoft! ZoneLabs counseled users to turn their Zone security settings from high to medium. ZoneLabs has released an update for Zone Alarm which will fix the problem.