So been playing around more with my EeePC 1000.  Still really like it, but I’ve got two major complaints now besides the security issues I’ve mentioned before.

  1. There is NO English spellchecking installed for StarOffice.  The install of StarOffice includes spellchecking for Polish but apparently not English.  I’ve checked all over and that’s it, no English spell checking and no easy way to add it yet.  This is a major problem for me, I’m a terrible speller.
  2. The right shift key is too far to the right.  I’m a touch typist and key placement is important.  I’m used to having the right shift key and instead I hit the up arrow while typing.  I’ll probably solve this by remapping the shift key and the arrow key, but it’s a bad design.  Luckily it’s something I can work around, just annoying.

I really do need to find a solution to the spell check, or bite the bullet and do the Fedora install.

Ok, so I’ve had my new Eee PC 1000 for several days and am loving it.  But, I did find a few really glaring security issues.  So with a lot of research I’ve come up with a basic list of must do’s for any new Eee PC owner.

  1. Shutdown Samba and Portmap – These services are on by default and there are known security issues with the version of Samba that comes with the EeePC.  Here is how to make sure they are stopped and don’t come back on.  Be warned, if you do this you will not be able to share files with others from your computer, though you can access files on other computers:
    • First start up a terminal window by pressing Ctrl + Alt + T
    • Next issue the following commands:
    • sudo invoke-rc.d samba stop
    • sudo update-rc.d -f samba remove
    • sudo update-rc.d samba stop 20 0 1 2 3 4 5 6 .
    • sudo invoke-rc.d portmap stop
    • sudo update-rc.d -f portmap remove
    • sudo update-rc.d portmap stop 20 0 1 2 3 4 5 6.
    • Next edit the services file using the following commands:
    • sudo vim /usr/sbin/services.sh
    • Press the “i” key to begin edit mode
    • find the line:
      start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
      and comment it out like:
      #start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
    • find the line:
      /usr/sbin/invoke-rc.d samba start
      and comment it out like:
      #/usr/sbin/invoke-rc.d samba start
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
  2. There is a webserver that runs on the EeePC any time you launch the anti-virus icon under settings.  It by default hides the content from the internet, but the webserver is still listening on the internet port.  To force the webserver to ONLY listen to your local machine (and not advertise to the rest of the world) do the following.
    • You need to edit the following file using the commands:
    • sudo vim /usr/lib/esets/webi/nginx/conf/nginx.conf
    • find the http {} section,  then the server {} section and
    • Press the “i” key to begin edit mode
    • change “listen 20032;” to “listen localhost:20032;”
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
    • Reboot the computer as there is no clean way to stop the service.

Ok, so now the why part.

The EeePC (including my brand new one) ships with a old version of samba enabled to start on boot by default that has a known remote attack that can grant root priveleges.  That is VERY bad:

http://risesecurity.org/blog/entry/6/

Also the webserver that runs when you start up the anti-virus program on the EeePC is the legacy stable branch (one entire version behind current stable) and several revisions of that behind the current legacy stable revision:

http://nginx.net/CHANGES-0.5

The EeePc runs version 0.5.33 from November of 2007.  You’ll notice in the change log several fixed segfaults and other bugs, some of which could lead to security issues.  It’s best not to take chances and make sure it doesn’t report to non-localhost requests.

I just posted my review of my new EeePC 1000. This is the Linux version with the 10″ screen and 40GB worth of solid state drive. So far I like it, hardware is great, software is good, security sucks.

Go here to get the details.

Well it’s coming up, LinuxWorld Conference and Expo is only three weeks away.  I had the opportunity again to chair the Security Track, and though it was a rough year getting the session together (This is the first time since I’ve volunteered at LinuxWorld that it conflicted with BlackHat Las Vegas, perfect timing for the security track 😛 ) I think it’s a pretty well rounded track.

I’ve finished getting all my travel arrangements together and looking forward to San Francisco (nothing against Vegas, but I love the local food in San Francisco!).

If you haven’t done it yet, and are still interested in joing the fun out in San Francisco here is a code to get 20% off registration for LinuxWorld packages: PRC20 It’s a “Friend’s of the Program Committee” Special.  Here’s the link to the show:

Busy once more trying to finalize the Security Track for LinuxWorld San Francisco. Will be hard to top some of the speakers from last year, but I’ve got some very interesting topics this year. I just always forget how hard it is to coordinate all the different speakers’ times and communication.

Last year I actually missed out on attending LinuxWorld as I was on baby watch (the little one was due any day around that time), but looking forward to making it this year!

I added the Fedora 7 install page to the collection. There wasn’t that much to it, I just added some tweaks from previous write ups and new things I’ve found. The base install works perfectly fine, but I like these changes which seem to make the laptop a little more affective. I still wish I could figure out why you have to suspend to ram at least once before the screen brightness keys work and the mode selector will work.

You can find it here.

Well, I finally got MythTV all setup and running how I would like. Thanks in part to the work of Jarod Wilson’s Fedora Myth(tv)ology and the MythTV.org Wiki I’ve installed all the software and configured everything to work with my hardware. I’ve also converted over to the new TV listings supply from Schedules Direct since Zap2It labs is closing the end of this month.

Here are the specs of my MythTV Box:

  • Fedora Core 6 (may migrate to CentOS 5)
  • AMD Athlon 64 x2 3800 CPU
  • 2 GB DDR Ram (512MB x 4)
  • 2x Seagate 400GB SATA 300 HD in Raid 1 (will migrate to Raid 0 soon)
  • nVidia 6150 Chipset motherboard with built in HD scaling component video out
  • MCE USB IR sensor
  • Hauppauge PVR-500 Dual Analog Tuner (NTSC)
  • Silicondust HDHomeRun Dual High Definition Tuner (ATSC/QAM)
  • NMediaPC HTPC 200 Case
  • Logitech Harmony 880 Remote (makes it all easy to run).

LiveTV and programmed listing recording works perfectly. I have about 360GB of space dedicated to Media storage. I’ve found that even Analog TV takes a lot of storage space (about 1GB per 30 minutes) to get good quality video that scales well to the 1920x1080i resolution I’m running on my HD TV. I’ll probably play with the analog recording settings more to try and find the optimal quality to still create nice images, but right now the picture of analog TV looks better through MythTV than it does with the TV’s built in Analog tuners. My only complaint is fast action shots show a little tearing/pixeling, but that’s more an artifact of 1080i than the MythTV. Wish the TV accepted 1080p or even 720p, but it’s an older Toshiba CRT HDTV that only does 1080i, 480p, and 480i. Still, the picture is beautiful!

Well, LinuxWorld San Francisco Expo and Conference wrapped up this week. I was the Security Track Chair (Part of the Program Committee) and hope that people found the talks helpful and full of quality tech info. Unfortunately I missed out on attending this year, as I’m currently on baby watch (waiting for our first child to make his debut into the world). Looking forward to getting some feedback and finding out how things went.

LinuxWorld Expo San Francisco 2007

Excellent news for the Linux community, Judge Dale Kimball ruled late yesterday that SCO does not own the Unix and Unixware copyrights, that in fact Novell owns the copyright. This seriously guts SCO’s lawsuits with IBM, RedHat, AutoZone, and the Linux world in general. After having failed to provide any examples of code in Linux that infringed, then changing their case to a contract dispute with IBM over copyright, they have now been told they don’t even own that copyright. Doesn’t look good for SCO, hopefully this is the end of their FUD (why do I doubt that 🙁 ).

Judge rules Novell owns Unix copyrights.

Well, looks like I won’t have to lug my heavy MacBook Pro 15″ to work anymore. I work with computers a lot, and it’s generally helpful to have a laptop with me on my commute in and out of work. It’s also nice to have a laptop at work in case I need to do some emergency work outside of the office. It’s also nice to be able to have a full size laptop at home to sit on the couch and catch up on tech news, newsgroups, mailing lists and chat with my friends who are scattered around the world.

I have two laptops, my old good friend the Sharp MM20 ultralight I bought new 3 years ago, and a nice MacBook Pro issued to me by work. Though I love the Sharp, it has a small screen and limited power for relaxing and playing on the net at home, hence I use the MacBook at home. I love the MacBook (Core Duo 2Ghz, 2GB RAM, 160GB HD), but the thing weights a ton (though it’s not much heavier than the smaller 13″ MacBooks) and is not much fun to lug around in a bag on my commute in and out of work. Ok, you might say that I should just leave the MacBook at home, catch is I need some of the admin tools and gui provide by the MacBook to manage Apple specific resources at work. So for the past year I’ve lugged the MacBook into work every day. It’s nice having the power, but it’s just too heavy (why did Apple not develop a 12″ MacBook Pro? The 13″ is just not a replacement for that).

Well, things have changed. My work replacement cycle computer has arrived and I now have a Mac Pro desktop at work. A nice one at that: Two Dual Core 2Ghz Xeon Chips, 4GB of Ram, Two GeForce cards for dual 1600×1200 displays, and a 250GB HD). Coupled with VMWare Fusion and it’s a great workstation for my needs. I can easily manage Mac and Linux resources from one machine, do development work, testing work, and I’ve got my trusty command line when I need it.

So out of retirement comes my old Sharp MM20 laptop (1Ghz Transmetta Efficeon CPU, 512MB RAM, 20GB HD, Ati Radeon Graphics 16MB Ram, 10.4″ LCD). It’s not a screamer but it’s very light, think 1.9lbs! That’s with the normal battery! Barely even feel it in my bag. I decided it was time that I see what Fedora 7 had to offer. All my personal machines currently have Fedora Core 6 installed and since I was bringing this back to active service I wiped it and started fresh with Fedora 7. The install went smooth (I’ll do a write up later) and, with some minor tweaks, looks and runs well. Now this laptop doesn’t have incredible 3D acceleration ability, but I couldn’t help giving the “Enhanced Desktop” ie compiz a try. Wow, it’s perfect. That is what this little laptop need to make it more effective. Though it’s not perfectly smooth on transitions, I think it’s smoother than without compiz enabled. Also, the small screen isn’t as limited with access to the mac expose like affects. A quick mouse pointer to the upright corner brings a collage of all open windows, allowing easy and quick selection and navigation. With a refreshed standard battery, this should be a great travel companion as I commute or walk around work outside of office. Not to mention, even though it is three years old, people are amazed at how small, light, and slick looking the Sharp is. Too bad they don’t make them like they used to.

« Previous PageNext Page »

Copyright © 2015 · All Rights Reserved · Cafaro's Ramblings