Cafaro’s Ramblings

Well, I finally dumped the stock Xandros on the EeePC 1000 in favor of Fedora 9.  Must say I’m much happier, and it wasn’t too bad of an install.  I’ll write up details later, but the basics were download Fedora, install, reboot, download latest kernel, install (no net without it on the EeePC), reboot.  Yum update then reboot.  To get wireless working, had to download the driver from the card manufacturer, compile, install, and good to go.

Now there were some tricks and hoops involved (fixing the wireless card source, moving the updated kernel over with a USBkey, messing with a couple config files), but it wasn’t too bad.  Almost everything works, only thing not working yet is external displays, and that’s only because I haven’t gotten around to it.

Much happier now with a real firewall via IPTables, SELinux, and working English spell check!  Oh, and I went ahead and encrypted the file systems as well, why not.

Til I write my how-to, here are some useful links:

This thread contains most of the info you need:

http://fedoraforum.org/forum/showthread.php?t=195429

The wireless driver:

http://www.ralinktech.com/ralink/Home/Support/Linux.html

The Fedora EeePC wiki:

http://fedoraproject.org/wiki/EeePc

So been playing around more with my EeePC 1000.  Still really like it, but I’ve got two major complaints now besides the security issues I’ve mentioned before.

1. There is NO English spellchecking installed for StarOffice.  The install of StarOffice includes spellchecking for Polish but apparently not English.  I’ve checked all over and that’s it, no English spell checking and no easy way to add it yet.  This is a major problem for me, I’m a terrible speller.
2. The right shift key is too far to the right.  I’m a touch typist and key placement is important.  I’m used to having the right shift key and instead I hit the up arrow while typing.  I’ll probably solve this by remapping the shift key and the arrow key, but it’s a bad design.  Luckily it’s something I can work around, just annoying.

I really do need to find a solution to the spell check, or bite the bullet and do the Fedora install.

Ok, so I’ve had my new Eee PC 1000 for several days and am loving it.  But, I did find a few really glaring security issues.  So with a lot of research I’ve come up with a basic list of must do’s for any new Eee PC owner.

1. Shutdown Samba and Portmap – These services are on by default and there are known security issues with the version of Samba that comes with the EeePC.  Here is how to make sure they are stopped and don’t come back on.  Be warned, if you do this you will not be able to share files with others from your computer, though you can access files on other computers:
   • First start up a terminal window by pressing Ctrl + Alt + T
   • Next issue the following commands:
   • sudo invoke-rc.d samba stop
   • sudo update-rc.d -f samba remove
   • sudo update-rc.d samba stop 20 0 1 2 3 4 5 6 .
   • sudo invoke-rc.d portmap stop
   • sudo update-rc.d -f portmap remove
   • sudo update-rc.d portmap stop 20 0 1 2 3 4 5 6.
   • Next edit the services file using the following commands:
   • sudo vim /usr/sbin/services.sh
   • Press the “i” key to begin edit mode
   • find the line:
     start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
     and comment it out like:
     #start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
   • find the line:
     /usr/sbin/invoke-rc.d samba start
     and comment it out like:
     #/usr/sbin/invoke-rc.d samba start
   • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
2. There is a webserver that runs on the EeePC any time you launch the anti-virus icon under settings.  It by default hides the content from the internet, but the webserver is still listening on the internet port.  To force the webserver to ONLY listen to your local machine (and not advertise to the rest of the world) do the following.
   • You need to edit the following file using the commands:
   • sudo vim /usr/lib/esets/webi/nginx/conf/nginx.conf
   • find the http {} section,  then the server {} section and
   • Press the “i” key to begin edit mode
   • change “listen 20032;” to “listen localhost:20032;”
   • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
   • Reboot the computer as there is no clean way to stop the service.

Ok, so now the why part.

The EeePC (including my brand new one) ships with a old version of samba enabled to start on boot by default that has a known remote attack that can grant root priveleges.  That is VERY bad:

http://risesecurity.org/blog/entry/6/

Also the webserver that runs when you start up the anti-virus program on the EeePC is the legacy stable branch (one entire version behind current stable) and several revisions of that behind the current legacy stable revision:

http://nginx.net/CHANGES-0.5

The EeePc runs version 0.5.33 from November of 2007.  You’ll notice in the change log several fixed segfaults and other bugs, some of which could lead to security issues.  It’s best not to take chances and make sure it doesn’t report to non-localhost requests.

I just posted my review of my new EeePC 1000. This is the Linux version with the 10″ screen and 40GB worth of solid state drive. So far I like it, hardware is great, software is good, security sucks.

Go here to get the details.

Well, I decided about a month ago that the old Treo 650 was getting old and needed a little refresh, I generally keep my PDAs for about 3 years before upgrading, and that’s about how long it’s been. Unfortunately, there wasn’t really anything compelling to upgrade to. None of the new Treo’s out provide much improvement over my current 650 on GSM networks. The iPhone is cool and all, but the lack of third party apps and no 3G network, really doesn’t make it a compelling upgrade to my old 650 (I can do already do just about everything the iPhone can do, just not in as cool a way). With no sight of the Linux based palms and a 3G iPhone or Blackberry, wasn’t sure what to do.

Well, decided for now I’d just do a minor upgrade when I found a real good deal on a used but practically new Treo 680. It gives me a slightly smaller and lighter form factor, no antenna stub, more onboard ram, and better bluetooth than the Treo 650. Minor improvements, but enough hopefully to hold out till Palm, Apple, or Blackberry put out something compelling.

Oh and for the record, I’m not very impressed with any of the Windows or Symbian based smartphones out currently. The few Symbian phones that look cool are only available overseas and lack the US frequencies I need.

So I have a little more breathing room to wait for the smartphone of my dreams, and keep dreaming…

Well, I finally got MythTV all setup and running how I would like. Thanks in part to the work of Jarod Wilson’s Fedora Myth(tv)ology and the MythTV.org Wiki I’ve installed all the software and configured everything to work with my hardware. I’ve also converted over to the new TV listings supply from Schedules Direct since Zap2It labs is closing the end of this month.

Here are the specs of my MythTV Box:

• Fedora Core 6 (may migrate to CentOS 5)
• AMD Athlon 64 x2 3800 CPU
• 2 GB DDR Ram (512MB x 4)
• 2x Seagate 400GB SATA 300 HD in Raid 1 (will migrate to Raid 0 soon)
• nVidia 6150 Chipset motherboard with built in HD scaling component video out
• MCE USB IR sensor
• Hauppauge PVR-500 Dual Analog Tuner (NTSC)
  
• Silicondust HDHomeRun Dual High Definition Tuner (ATSC/QAM)
• NMediaPC HTPC 200 Case
• Logitech Harmony 880 Remote (makes it all easy to run).

LiveTV and programmed listing recording works perfectly. I have about 360GB of space dedicated to Media storage. I’ve found that even Analog TV takes a lot of storage space (about 1GB per 30 minutes) to get good quality video that scales well to the 1920×1080i resolution I’m running on my HD TV. I’ll probably play with the analog recording settings more to try and find the optimal quality to still create nice images, but right now the picture of analog TV looks better through MythTV than it does with the TV’s built in Analog tuners. My only complaint is fast action shots show a little tearing/pixeling, but that’s more an artifact of 1080i than the MythTV. Wish the TV accepted 1080p or even 720p, but it’s an older Toshiba CRT HDTV that only does 1080i, 480p, and 480i. Still, the picture is beautiful!

Well, once again, I seem to be sparse on the posts. Maybe it’s because I’ve been busy with LinuxWorld Summit NY, or trying to get a new software project at work finished, or maybe cause I’m devoting my free time to my new Nintendo Wii. Well truthfully it’s a little of all the above (and a lot of getting my new software project working), but I did run across this little interesting tidbit:

http://www.nintendoworldreport.com/newsArt.cfm?artid=12687

I hadn’t seen this published broadly, but it appears that the version of opera currently under beta testing to Wii users (any Wii owner can download and play with Opera 9 on their Wii for free) has a vulnerability that can at minimum cause the Wii to hard lock. Currently there is no reported exploit that can run code on the Wii, which would normally be a threat from this exploit, and not clear if it ever will given that Game Consoles are usually pretty strict in what code is or isn’t allowed to run.

Anyways, interesting to see how the age of the desktop vulnerability has come to the game consoles world, even Nintendo. Wonder how long it takes them to issue a fix?

Well, here’s an interesting one, a cell phone Java based trojan. It’s not a huge threat at the moment (requires a lot of user interaction), but good to know about anyway:

Description of Trojan

This just means that like your normal computer, you should not open files that you don’t know about or trust 100%. It will only affect phones with Java, and only if you let it (i.e., you click on the link and say yes to it sending SMS messages).

What’s more important are the possibilities, this isn’t as much a failure of technology as a failure of user education if this goes anywhere. Get used to this, it’s the future.

Ok, I figured I’d post this since I need some content, but I love my Treo 650. At some point I’ll add more information on what I’ve done with it (like syncing with linux and such), but for now, let’s just say it’s very cool.

Oh, here’s a good site for support and information on them:

TreoCentral