I decided it was a little much having two “netbooks” around, so I sold my trusty Sharp MM20 (a netbook that came out before anyone heard of netbooks) to another MM20 owner with all the accessories.

So I’ve dedicated myself to the Acre Aspire One and it’s doing a great job.  One complaint was the horribly slow 16GB SSD drive that it came with.  It’s pitifully slow and loading a full blown Linux distro on it started showing its shortcomings.  Well this was solved by replacing the drive with a better performing RunCore based SSD drive.  Now the machine is quick and responsive.

I’ve loaded up Fedora 12 on the machine with “Desktop Effects” enabled, SELinux enforcing, and an encrypted hard drive via dm-crypt.  In truth, I notice no performance loss, it’s quick responsive and no stuttering.  Works great for Web Browsing, SSH sessions, and email.  That’s all I really need from a Netbook.  Oh and 5 hour battery life is no problem for this little 2.5lb machine.

So I’m finally getting near the end of my Grad School career and will slowly have some small bit of life back.  Hence the need to post.  Just a quick recap of events from this year since the last post:

1. OpenSource World, San Francisco – All speakers were lined up and presented, heard some great things about them, but the show in general seems to be having trouble finding its rhythm.  Unfortunately once again I had to miss it because…

2. The family of three expanded by one!  So now there are two little ones keeping their parents awake, which of course adds to…

3. The lack of sleep I’m getting because of my last class for Grad School!  Finishing up an independent study class where I’m working on some research into Identity Management on the web.  Kind of a if you really don’t have any privacy anymore, how do you make the best of a bad situation?  It’s been tough squeezing in the work given…

4.  That my day job has changed somewhat.  My original group I worked for has actually been broken apart and individuals sent to different groups.  Basically, we accomplish our original mandate of getting engaged with researchers and it’s now time to help them integrate in and take advantage of the rest of University Information Services.  My role remains about the same, but I’m now charged with managing a couple more projects while seeking out ways in which other researchers can be assisted.  Of course all these things caused me to miss…

5. My BEST FRIEND CINDY LI GETTING MARRIED!!!!  Unfortunately she moved out to the west coast and there was just no way I could get out there in the short time I had.  But I’m SO VERY HAPPY for her.  I just wish I could have been there.

So that’s basically where I’m at now.  There were a few other items to update on like laptops, computers, cars, etc…  But I’ll save those for other posts.

So much for my concerted effort!

So small update, EeePC is gone, had to return it for work, but it was replaced with an Acer Aspire One.  I received the AOA110-1698.  This model comes with Linpus Linux Lite, 1GB Memory, 16GB SSD drive, and the 6 Cell big battery.  Linpus lite was fine, but I needed a full-blown Linux and it’s now running Fedora Core 10.  Even have SELinux running enabled on it as well as encrypted file systems.  Works very well, everything works except suspend to RAM right now.  Not too big a deal as hibernate (suspend to disk) works great.  Probably better to use that anyway, so that my battery lasts longer when I forget to plug it in when I get home.  Takes a little longer to get started up, but it runs reliably!  I’ll need to write a how-to on setting this up, just have to find time.

Next note, OpenSource world is looking good, just finished recruiting my last speaker so the Security Track is complete.  I really like the lineup this year; I’m happy with the track!

UPDATE: Suspend to RAM works very well now on the Aspire One, kernel update seems to have patched it.

I’m going to make a concerted effort to post more frequently this year.  I’ve got several projects going on at home and at work that I’d like to document.  Here are a few things I’ll be writing up:

1.  Some MythTV HD updates like the move to a Promise NS4300N 1.5TB Raid 5 NAS box for storage

2.  The return of the EeePC 1000 to work, the resurrection of the Sharp MM20 with Ubuntu (yes, not Fedora)

3.  The new EeePC 1000 replacement on the way (it’s a surprise what’s coming)

4.  The end of LinuxWorld and the birth of OpenSource World!!! (Yeah, new freedom new conference just new new new!!!  Did I mention new?)

5.  DC*BSDcon and Shmoocon coming up next week in Washington, DC.

So yes, some updates coming.

Looks like I’ll have to do some cleanup on my blog.  Appears that the recent update to the software has caused misc  and †to show up in all the posts.  Ugh, this could take a while…

UPDATE: ok the  are taken care of, but the †are going to be a little more challenging.

UPDATE2: Ok, the †are now back to —

Well, I finally dumped the stock Xandros on the EeePC 1000 in favor of Fedora 9.  Must say I’m much happier, and it wasn’t too bad of an install.  I’ll write up details later, but the basics were download Fedora, install, reboot, download latest kernel, install (no net without it on the EeePC), reboot.  Yum update then reboot.  To get wireless working, had to download the driver from the card manufacturer, compile, install, and good to go.

Now there were some tricks and hoops involved (fixing the wireless card source, moving the updated kernel over with a USBkey, messing with a couple config files), but it wasn’t too bad.  Almost everything works, only thing not working yet is external displays, and that’s only because I haven’t gotten around to it.

Much happier now with a real firewall via IPTables, SELinux, and working English spell check!  Oh, and I went ahead and encrypted the file systems as well, why not.

Til I write my how-to, here are some useful links:

This thread contains most of the info you need:

http://fedoraforum.org/forum/showthread.php?t=195429

The wireless driver:

http://www.ralinktech.com/ralink/Home/Support/Linux.html

The Fedora EeePC wiki:

http://fedoraproject.org/wiki/EeePc

So been playing around more with my EeePC 1000.  Still really like it, but I’ve got two major complaints now besides the security issues I’ve mentioned before.

  1. There is NO English spellchecking installed for StarOffice.  The install of StarOffice includes spellchecking for Polish but apparently not English.  I’ve checked all over and that’s it, no English spell checking and no easy way to add it yet.  This is a major problem for me, I’m a terrible speller.
  2. The right shift key is too far to the right.  I’m a touch typist and key placement is important.  I’m used to having the right shift key and instead I hit the up arrow while typing.  I’ll probably solve this by remapping the shift key and the arrow key, but it’s a bad design.  Luckily it’s something I can work around, just annoying.

I really do need to find a solution to the spell check, or bite the bullet and do the Fedora install.

Last week on Wednesday my family became incomplete.  Our dog, Muirna, passed away from an unknown illness.  It has been hard and it hurts, but we have begun the slow healing process.  She will always be remembered for all the cute little things she added to our daily lives.  We miss you, Muirna, your pack misses you.

Ok, so I’ve had my new Eee PC 1000 for several days and am loving it.  But, I did find a few really glaring security issues.  So with a lot of research I’ve come up with a basic list of must do’s for any new Eee PC owner.

  1. Shutdown Samba and Portmap – These services are on by default and there are known security issues with the version of Samba that comes with the EeePC.  Here is how to make sure they are stopped and don’t come back on.  Be warned, if you do this you will not be able to share files with others from your computer, though you can access files on other computers:
    • First start up a terminal window by pressing Ctrl + Alt + T
    • Next issue the following commands:
    • sudo invoke-rc.d samba stop
    • sudo update-rc.d -f samba remove
    • sudo update-rc.d samba stop 20 0 1 2 3 4 5 6 .
    • sudo invoke-rc.d portmap stop
    • sudo update-rc.d -f portmap remove
    • sudo update-rc.d portmap stop 20 0 1 2 3 4 5 6.
    • Next edit the services file using the following commands:
    • sudo vim /usr/sbin/services.sh
    • Press the “i” key to begin edit mode
    • find the line:
      start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
      and comment it out like:
      #start-stop-daemon –start –quiet –oknodo –exec /sbin/portmap
    • find the line:
      /usr/sbin/invoke-rc.d samba start
      and comment it out like:
      #/usr/sbin/invoke-rc.d samba start
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
  2. There is a webserver that runs on the EeePC any time you launch the anti-virus icon under settings.  It by default hides the content from the internet, but the webserver is still listening on the internet port.  To force the webserver to ONLY listen to your local machine (and not advertise to the rest of the world) do the following.
    • You need to edit the following file using the commands:
    • sudo vim /usr/lib/esets/webi/nginx/conf/nginx.conf
    • find the http {} section,  then the server {} section and
    • Press the “i” key to begin edit mode
    • change “listen 20032;” to “listen localhost:20032;”
    • Press the “ESC” key, then press the “:” key, then type “wq” followed by pressing the enter key
    • Reboot the computer as there is no clean way to stop the service.

Ok, so now the why part.

The EeePC (including my brand new one) ships with a old version of samba enabled to start on boot by default that has a known remote attack that can grant root priveleges.  That is VERY bad:

http://risesecurity.org/blog/entry/6/

Also the webserver that runs when you start up the anti-virus program on the EeePC is the legacy stable branch (one entire version behind current stable) and several revisions of that behind the current legacy stable revision:

http://nginx.net/CHANGES-0.5

The EeePc runs version 0.5.33 from November of 2007.  You’ll notice in the change log several fixed segfaults and other bugs, some of which could lead to security issues.  It’s best not to take chances and make sure it doesn’t report to non-localhost requests.

I just posted my review of my new EeePC 1000. This is the Linux version with the 10″ screen and 40GB worth of solid state drive. So far I like it, hardware is great, software is good, security sucks.

Go here to get the details.

« Previous PageNext Page »

Copyright © 2015 · All Rights Reserved · Cafaro's Ramblings