CIALUG

All posts tagged CIALUG

Here’s a quick write-up from my presentation on The Amnesic Incognito Live System (TAILS) at the August 2014 CIALUG meeting.

The main TAILS Web site: https://tails.boum.org/

TAILS is intended to make it easy for non-technical end users to boot into a live, Linux-based OS which automatically routes its traffic over The Onion Router (TOR) network. The intention is to provide anonymity, privacy, and plausible deniability for dissidents, whistle-blowers, or anyone who feels the need to conduct searches or communicate securely while leaving little to no trace of those activities on the host system.

While TAILS does succeed at providing a bootable system that defaults to a TOR-routed connection, non-technical or even non-Linux end users will need some training from a more savvy user to make the best use of this system. Keep the following points in mind:

  • TAILS is still susceptible to any issues which effect the TOR network. Know and understand how to limit your behaviors when using TOR and apply those to your use of TAILS.
  • Out of the box, the current version (as of this writing, 1.1 released July 2014) of TAILS had 34 packages which were out of date, and TOR itself was one of those pending updates. Installing updates before each use should be top priority, but more on that later.
  • It does NOT appear that TAILS uses the TOR Browser Bundle. This makes it more important to apply updates before each use as Firefox, Vidalia and the TOR Button may need to be updated (no updates were pending for these in version 1.1 as of this writing).

As mentioned above, the very first thing which should be done after successfully booting to TAILS and connecting to the Internet and TOR network is to apply updates. This is accomplished by logging in to a terminal, elevating to root, and running ‘apt-get update’ followed by ‘apt-get upgrade’. Note that I ran in to the following issues when updating version 1.1 of TAILS in this manner:

  • Updating was slow. This is actually a good thing because the updates are grabbed via the TOR network.
  • When the TOR package gets updated, it prompts whether or not to replace the configuration. I recommend keeping the existing configuration (the default choice).
  • When the TOR package gets updated, it stops the TOR service but doesn’t restart it. Later in the update process, some other packages need to download firmware. Because the TOR service is stopped, that process fails. I had to start the TOR service again, then re-run ‘apt-get upgrade’ to successfully update those packages.
  • When the TOR package gets updated, it breaks the running Vidalia process. I simply closed it. TOR continued to work without that process running.

While this isn’t a complete summary of my presentation, I hope it is helpful. Please share this post if you found it so. Thanks!

  • Meeting topic was “graphics”, but we pretty much had a free-for-all discussion.
  • Last night I complied this list of graphics-related links. We really didn’t talk about this list all that much.
  • Dave Weis from Internet Solver had swag to hand out (spiffy tees) in celebration of being recognized in the Business Record as a Best Of
  • I brought some miscellaneous electronics and books to give away.

CHDK – Firmware hack for Canon point-and-shoot cameras

  • TJ reviewed the installation procedure and discussed some of the extra functionality to be gained.
  • Installs to a CF card (must be under 4 GB).
  • Booting to it does not replace anything on your camera, so camera’s firmware remains un-touched (read: you won’t void your warranty).
  • CHDK Wiki

Linux-y stuff

  • It does help to connect an antenna to your internal wireless card.
  • What happens when you send /dev/null to /dev/null? How do you get it back?

Social Media

  • Origins: USENET and IRC. MUDs, MUSHes and MOOs.
  • Photo sharing sites such as SmugMug, Picasa, Flickr, Shutterbug, PhotoBucket, etc.
  • OpenID use with sites.
  • Facebook, MySpace, etc.

After-meeting at Raccoon River Brewery

I didn’t take any notes during the meeting itself, so these are the high points as my memory serves:

The focus of this meeting was Security, and we didn’t stray too far off that core topic.

InfraGard is a partnership between the Federal Bureau of Investigation and the private sector.

Some of the interesting security tools or concepts discussed at this meeting:

  • netcat is literally THE Swiss Army Knife of IP tools.
  • port knocking and webknocking involves sending patterns of traffic to a server to trigger it opening ports and services to your IP address.
  • MetaSploit Framework automates the exploitation of the latest vulnerabilities.

After the meeting, a large group of us walked over to Raccoon River Brewery for dinner, drinks and discussion.

This meeting’s theme: Programming

Eclipse IDE presented by Dan Juliano

  • http://www.eclipse.org
  • UI layer runs on top of SWT libraries, so it should be more responsive.
  • Engineered differently than most other IDEs
  • Fairly memory-intensive. Just launched, it took 135 MB of RAM on Dan’s demo system (an Intel Mac).
  • IBM has put a lot of support behind this project.
  • Primarily supports Java development, but there are versions and plugins for other languages.
  • Aptana http://www.aptana.com is an online web dev environment that fits nicely with Eclipse.
  • Good code validation plugin which will validate various languages.
  • Standard IDE stuff like syntax highlighting.
  • Has a large undo feature that remembers every change made since you started the session and can revert to any point. That causes a lot of the memory usage.

Several random discussions took place at this point in the meeting.

Hudson (https://hudson.dev.java.net/) presented by Dan Juliano

  • Billed as an “Extensible continuous integration engine”
  • Tons of plugins.
  • Dan exploring using this for automated scheduled jobs as a replacement for doing the same with cron.

Several members of the group adjourned to Hessen Haus for food and beverages.

I’ve got a couple of ideas boiling in my head, building up pressure. I’ll be letting them out on this site over the next month or so. In the mean time, here are some updates on older posts.

  • 420 Picture Of The Day# is up to 23 pics.
  • CIALUG meeting minutes for April are missing ‘cause there wasn’t much discussed.
  • For Good Places to Eat in the Des Moines Area add Daddy O’s to the list. Close to my home, and they have Yam Fries! Yummy!
  • Tip: Catching up on podcasts at 2x speed works, but only if you don’t get too far behind. Had to perform some triage on my back log of podcasts this week.
  • SomaFM donation required me to sign up again for PayPal. UGH. Guess that just shows how much I like SomaFM, right?

Zimbra Open Source Collaboration Suite

Presented by Rich Harms

Intro

  • Zimbra is more than just a simple mail server. It is a full collaboration suite.
  • Web browser client and offline client are extremely similar.
  • Supports IMAP and POP3 clients. Outlook, Thunderbird and the like.
  • Shared Calendars, document spaces and such not only within the company but with external users as well.
  • Powerful built-in search features.* Wiki-like document features.
  • Spamassassin and virus scanning built in.
  • Built on several other Open Source projects.
  • Zimlets scripting language for administrative and feature add-ons.
  • ZMProv utility for scripting admin tasks.
  • Import utility for pulling in Exchange data (licensed).

Installation from scratch

  • CentOS 5.2 virtual machine for the demo.
  • Download the OSE edition as a tgz file.
  • Run the included installer shell script which walks you through the install.
    • Install script is text-based, and starts out with some questions.
    • After the interview, it unpacks the RPMs, installs them and configures itself.
    • After it unpacks and installs, there are a few more questions, then completes the install.
    • At this point, you should have a basic running configuration.

Administrative Interface

  • Accessible via https://{siteurl}:7071/zimbraAdmin
  • Domains are pretty easy to set up, just a few steps configures all the services on the back end.
  • User setups are pretty easy. Password is not required, but you can’t log in with a null password!
  • Resources have their own management section.
  • Class of Service controls what features that client sees and can access.
  • Built-in IM server which uses the Jabber protocol.
  • Full control over what themes are available on the webmail interface.
  • Domains can be configured to be hosted on a specific server (clustering features).
  • Can also use the Zimbra server for LDAP authentication on your network to provide authentication for users on workstations.

Good Things

  • Lots of Zimlets, or plug-ins to add features. Some which are available are Bugzilla integration, Asterisk integration, WebEx integration, etc.
  • Good statistics gathering and reporting interface.
  • Some basic Exchange integration is built in to the Open Source version. The more advanced features require licensing, though.
  • Rich search features for building custom searches for Admin accounts, locked out accounts, inactives, etc.
  • Client can pull e-mail from multiple servers such as Gmail, Yahoo, mail-enabled PBX, etc.
  • Works with smartphones such as the Iphone (via IMAPS).
  • Two-month “try before you buy” license is available for the non-OS version.

Complaints

  • Web interface sometimes truncates HTML messages.
  • Most, but not all PCI requirements can be met within the configuration. Logging login failures is a bit wonky, so hard to bring into compliance.
  • User training can be tricky. Recommend leaving all unnecessary features disabled and only enable them as needed.
  • Non-core Zimlets require manual updating. No package management system for them.
  • Large mailboxes (10+ GB) can cause issues requiring more server-side RAM.
  • Be sure to install cron on your server! Zimbra will happily re-import logs, which it expects to be rotated by cron.
  • Backup management is missing from the OS version, but present in the licensed version.
  • Missing the Assigned Tasks feature Outlook/Exchange users are used to.
  • Exchange import wizard did not import recurring calendar appointments.

At the Central Iowa Linux User’s Group meeting this Wednesday (10/15), the theme is “Linux Gaming.” I intend to demo the Linux Gamers Live DVD on an older AMD 2 GHz box I have.

The problem with that? I need a better video card, more RAM and to download the bootable iso! The on-board SIS video sucks for gaming, the system has only 512 MB of RAM installed, and I deleted my copy of the iso file a couple of weeks ago, thinking I wouldn’t need it. . .

I managed to purchase an ATI Radeon X1550 this afternoon, so that’s one thing off the list. I’m downloading the 3+ GB iso image as I type this. The only thing left is the RAM. I went to two local computer shops today and neither had the RAM I need (either PC2100, PC2700 or PC3200). I’ve got one more local shop to check tomorrow.

Wish me luck.