Tuesday, September 03, 2013

 While at the Iowa Star Party we witnessed a Rapture Release cosponsored by Whiterock Conservency and SOAR.  I am posting them here for those who follow this blog instead of my Facebook.













Monday, August 05, 2013

Dry Camping will never be the same.

I like going to Star Parties. But Electrical Power has always been an issue. Electrical Sites at NSP has always been in short supply and there are no electrical sites at the Iowa Star Party unless you rent one of the rooms at the bed and breakfast.

Well last Christmas my Wonderful Wife gave me a 45 watt Solar Panel kit. 45 watts, that doesn't sound like much. There are light bulbs that use more power then that. Well you might be surprised what you can do with that.



I recharged my cell phone several times. I had ran my laptop down to 50% last night, so I fired it up this morning and with a cheap $30 inverter had it fully charged within 30 minutes. And most importantly, I got my marine battery recharged after running my CPAP on it all night (We got clouded out last night.)



The all important Charge Controller, yes that is my phone being charged on it.

The one thing I didn't get done was make coffee. Well actgully I did, but I had to cheat. The drip coffee maker I brought with me is powered by a/c and the inverter I brought with me will go up to 150 watts. Well the coffee maker must take more power then that. Well I heated the water on the stove and poured it through the dripolator from a pan. It worked and I got coffee. A 12 volt coffee maker may be in my future!!!

Saturday, July 13, 2013

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 6 Parting Thoughts


Network Security:

Keep all of your local ports closed. Use your Desktop and go to one of those free port scan utilities on the web and run it. This should probably be done quarterly and you want to make sure that no port is answering. Running a service on a home network is dangerous. If a port is open, go through your router and close it.

For the record, you can use this desktop computer for almost any reason that you would normally use a Windows PC. There is lots of software available, look around. On your desktop computer at least lock the screen before you walk away. Preferably, you should just sign off. Don't give your kids physical access to your desktop, let them know it is off limits. There was a story I heard in college, where one of the students created a fake sign on screen. By the end of the semester, this student had captured every other persons user ID & Password (including the teachers). It would be harder to pull off today, but not impossible. If the kids want to use the desktop, make them ssh in. There is a setting that would prevent your kids from signing on to the desktop via the desktop.

Passwords need to be strong. As I said before, your children know you. Use special characters and numbers in the password and use words or phrases that they don't connect with you. Don't make it easy for your kids to crack your network.

Known Issues

1. Raspberry Pi, it's a great little computer and has a 1001 uses. But it is cheap and your child could get a hold of one and go around all of your security and have free reign on the Internet without your knowledge. Ok, the router will still stop most of it, that's why we have several tiers of security. Most modern routers allow the owner to setup an Access List, which allows you to limit the computers that can connect to only those with approved MAC Addresses. Another issue is that your child could boot their laptop from a memory stick, which would also allow them to go anywhere on the internet. If you can't ssh in, something is wrong. Based on the MAC Address you should be able to figure out what computer it is.

2. Almost all browsers have a private browsing mode. I don't know of any way to completely disable this. I know of a add on for Firefox that will allegedly remove the menu item, but there is supposed to be an easy way to get around this. I don't know of a good solution for this other than locking the laptop down in such a way they can't be taken to another network.

Cutting the Rope

When your Children are young, you will want to have the security settings as tight as possible, but as they get older it will be necessary to relax them. Start with the e-mail and chatting. Relax the rules a little and if they behave responsibly leave them alone. If they are irresponsible, tighten it back up. By the time they are 15 or 16, they should be allowed a more free hand and hopefully if they have problems they will come to you.

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 5 How to Make your Life Easier


By doing a little bit of preparatory work, we can make the numerous tasks involved with monitoring of the children considerably simpler and also it would require less typing.

IP addresses are assigned on first come first serve basis. So one day, if your oldest son signs on first, he may get 192.168.0.2. On the next day, if he signs on late, he might get 192.168.0.4. This makes it harder for you to determine which computer is which. There are several things that can be done about this.

  1. On most routers, there is a setting to assign a specific IP address to a computers MAC address or Host Name. If you enter:

ifconfig

The first line displayed will have the word Hwaddr, followed by a series of numbers, that will be your MAC address. But you will have to get the right network interface. Eth0 is Ethernet, that is the one if you are using a cable to connect the laptop to the router. More then likely, it is going to be the paragraph starting with wlan0. That will be the wireless network.

  1. If when you set up each laptop, you set the hostname to the child that was going to use the laptop. Upon ssh in the prompt would display something similar to:

parent@johnslaptop

That tells you immediately whose computer you are on. Therefore, if you have already checked that computer this week, sign off and move on to the next one.

If you didn't set that up, it's not too late. Sign in to John's Computer and just type the following command:

sudo leafpad /etc/hostname

And change whatever name is there to johnslaptop and save the file.

If you are unsure of whose computer you are signed on to, you can type “w” (on the terminal program) and it will display any users signed on.

Let's start first with the desktop and the ugly fping utility. So, log into your desktop and start a terminal. We need to check that there is a “bin” directory and that it is in your path. So, type in the following command:

ls -l | grep bin

If nothing is returned, we need to create a bin directory. So type the following:

mkdir bin

Now to see if bin is in our path (case is important):

echo $PATH

If you don't see bin in the output, type

export PATH=$PATH:bin

Almost all Linux Distributions come with a basic GUI editor. Gnome and Xfce usually come with gedit, KDE usually comes with kate or kedit. Bohdi comes with leafpad, but you can install gedit to keep things consistent. Whatever your system came with, run that program. Now enter the following into the editor:

#!/bin/bash
echo 'My IP Address: '
ifconfig | grep 192
echo 'Network IP Addresses'
/usr/sbin/fping -s -g 192.168.0.0 192.168.0.255 -r 1 2> /dev/null | grep alive

Now save the file as “bin/myfping” and then issue the following command

chmod +x bin/myfping

Now when you type in “myfping”, your output will list your IP address first and then followed by all of the “alive” IP Addresses on your network.

Now on each laptop, you will want to create a bin directory on your user account. You will also want to make sure the bin directory is in your path statement. Do all of this as you did on the desktop.

In the E-mail step we determined what the profile name was. We can put this in a script making easy and quick starting of your childs E-mail Program. Note each laptop will have a unique profile filename, therefore your script will also need to be unique on each laptop. Using a text editor we will create a email script as follows:

#!/bin/bash
thunderbird -offline -P “”

Then between the double quotes, put in the Profile File Name. Save the file to something like bin/tbird and then run a:

chmod +x bin/tbird

Which will give the script execution rights. To run it, just type tbird.

Now we will do something similar for sqliteman. Again the places.sqlite filename will be unique on each laptop, so you will have to customize this script for each laptop.

#!/bin/bash
sqliteman /home/charles/.mozilla/firefox/mwad0hks.default/places.sqlite

Then save the file to something like bin/ffhistory and issue a chmod command to give it execution rights.

Eventully, your child will outgrow his or her laptop. They will need to run programs that won't run on these older computers. Make them make a case for it. If it is for entertainment you can always say no. But if the need is real, you can install the needed program on the desktop and then create a user id on the the desktop for them. If it is a Windows application, most will run under wine. And then from their laptop they can ssh into the desktop and they can run the needed programs.

This will maximize your investment in the desktop and their laptops will still be usable as dumb terminals.

Unusual behavior

You may notice one of your children keeping long hours on his or her laptop and be defensive about what they are doing. You can get an Approximate idea as to what they are up to. One easy thing that you can do ssh into there laptop and run the top command. This will show what programs are running. To make it easier to look at, run it as follows “top -u ” Where User ID is your child. This will just show the programs that are owned by your child and not system processes. By looking at the process names, you can determine if they are chatting, doing e-mail or just on the web. If you want a longer term idea of what is going on, you can set up a script like the following:

#!/bin/bash
echo `date` >> /home/parent/ CharlesLog.dat
ps -eo pcpu,pid,user,args | sort -k 1 -r | head -25 | grep >> /home/parent/ CharlesLog.dat

Replacing with your Child's user ID.
The 2nd echo command even though it goes 2 lines is actully just one line.
Note the quotes here are backward ticks (to the left of the one on most keyboards).

Now save this to bin/cmonitor & issue a “chmod + x” to it.

Now create a 2nd file and give it any name you like

*/5 * * * * /home/parent/bin/cmonitor

Save the file and issue the following command

crontab

With being the file you just created. Now the script file bin/cmonitor will run every five minutes adding the output to logfile. The Logfile will end up looking something like the following:

Tue Apr 17 13:28:47 EDT 2012
0.9 3752 charles gedit
0.9 3309 charles /opt/libreoffice3.4/program/soffice.bin --writer
0.3 2913 charles compiz --ignore-desktop-hints glib gconf gnomecompat
0.1 2761 charles /usr/libexec/multiload-applet-2


Each Program Run first writes the Date/Time.
The Columnar data has the first column being percent used, the 2nd has the program pid, the 3rd is the user who owns the script/program and the last column is the script. The next day, you should ssh back into this computer and enter the following command:

crontab -r

That will stop the script from running every 5 minutes. If you don't do this eventually the child would run out of disk space.

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 4 Monitoring Web Activity

We are going to ssh into the childs computer, like before:

    ssh -X [ParentName]@192.168.0.3   

First of all, you need to know what the file name is of the Firefox Database.  So we will run the following command on your childs laptop:

    locate places.sqlite | grep firefox

We are looking for something in the childs home directory that ends in “places.sqlite”.  If you want to make it easier to look at, you can grep your childs name against it, thus:
       
    locate places.sqlite | grep firefox | grep charles

Now just do a copy of the whole file name and add it to the command sqliteman, like so:

    sqliteman /home/charles/.mozilla/firefox/mwad0hks.default/places.sqlite

A GUI app window will open.  Copy and paste (use a control-V to paste) the following command into the top right pane of the app and then press the green arrow above it.


    SELECT datetime(moz_historyvisits.visit_date/1000000,'unixepoch'), moz_places.url
    FROM moz_places, moz_historyvisits
    WHERE moz_places.id = moz_historyvisits.place_id

There is an icon 2nd from the right is a Save As.  Save your script because you are probably going to be using it a lot.
Click anywhere in the second pane and do a Control-A, followed by a Control-C.  Open Libre Office's Calc Program on your desktop computer, Click on the A1 Cell and do a paste.  Select all of the data, go to Data->Sort and descending on Column A.  The History file will now be listed with most recent at the top.  You can now go through and spot check the web sites and see that they are ok. 

If you find a porn site, don't panic, and don't blow up!  Just like anyone else, the child could have gone there by accident or been tricked; it happens.  If he or she isn't spending significant time on these web sites, everything is probably ok.  Otherwise, use your best judgment.

If it was a porn site it probably didn't happen at the house.  They may have taken it to a friends house.  Talk to your child and find out where it happened.  If it was at a friends house, talk to the parents of the child and show them how to change their DNS settings so that it won't happen again.

     If it happened at the house, check your router settings, maybe change the router password. But the best guess is that your child attached to a hotspot that didn't block anything.

Friday, July 12, 2013

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 3 Moniitoring E-Mail


Identify your own IP address.  To do this type the following command in at a terminal:

    ifconfig | grep 192

And then you should see something like:

    inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0

In this case your IP address is 192.168.0.2

Now to find your childs IP address run the following command:

    usr/sbin/fping -s -g 192.168.0.0 192.168.0.255 -r 1 2> /dev/null | grep alive

Be aware that this command takes a few minutes to run.  The output will look something like:

    192.168.0.1 is alive
    192.168.0.2 is alive
    192.168.0.3 is alive

If the command didn't work, check to see where fping is, by typing:
    whereis fping
And then change the command so it looks in the right directory.  I have seen it in both bin and sbin.
       
IP addresses ending in either 1 or 254 are probably the router (but not both).  In this case, the first address is probably the router, the 2nd is yours and the third is your child's.  Each child that is using their computer will have their own unique IP Address.  If you think of a computer as a house, the IP Address is the street address of each house and therefore each house (computer) gets their own unique street address.

Now just issue the following command from a terminal:

    ssh -X @192.168.0.3

with being the user ID you created for yourself and it will prompt you for your password.

Make sure the child isn't running email, you can't run email if he or she is already in it.  To find out type the following:

    ps -ef | grep thunderbird

If the output has a .bin, they are running Thunderbird.  If they are working on a paper or something, you can probably quietly kill Thunderbird and then start it up for yourself.  To kill it, type:

    sudo killall thunderbird

But be quick, get in spot check it and get out.  The longer you are in, the more likely he or she is going to catch on.

Now issue the following command to find their Thunderbird ini file

    locate profiles.ini | grep .thunderbird

If you didn't find the file, run “sudo updatedb” from the terminal and try it again.  Note: updatedb will run a few minutes. After updatedb finishes, redo  the locate command.  Now copy the whole file name.  Just highlight it and go to Edit → Copy.

Finally, you are ready to run thunderbird.  Type the following command and just do a File->Paste  with the cursor between the double quotes:

    thunderbird -offline -P ""

You should see their email client come up.  Just read sent or received e-mail.    Don't go ballistic over little discretions, you are looking for e-mails from sexual predators or something indicating your child could be getting in a lot of trouble.  Watch for e-mail volume dropping.  If your child is technically proficient he or she may have caught on and set up another e-mail account. Don't allow this, and Don't allow him or her to use Gmail. If they really need a gmail account, set it up so that it gets popped into their local hard disk, that way you can monitor it, Android Phones all require a Gmail Account.


You can save the command to start Thunderbird for each child, so that you don't have to go through these steps each time.  Each child will have their own unique profiles.ini file, but once it has been set up it won't change.

The easiest thing to do with e-mail is just create a filter that deletes any e-mail from someone who isn't in the Child's Address Book.  To set this filter up just go to Tools->Message Filters and click on New.  Give it a name, change the first drop down box to From, the 2nd drop down box to “Isn't in my Address...” and then the third drop down box to Personal Address Book.  Finally change Perform Action Drop Box to “Delete”.  Then just click the “OK” Button.  You will want to check periodically that your child hasn't played with these settings.  Of course you will want to make sure your child's teachers, relatives, school friends, club members, and members of your religious organization are added to his or her address book.

You may want to spot check the addresses in their address book.  If you don't know who it is ask the child.

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 2 Samba

For extra credit install and configure Samba.   Samba is a system that creates Network Drives.  There are some very good reasons to do this:

1. At some point one of your kids (or all) are going to accidentally delete an important file.  Probably an important school paper.  If instead of saving files to the local hard disk, they are saved to each child's private network drive and there are periodic backups made of the network drive, all that you would have to do is restore from the backup.

2. Your children won't be depleting their local hard disk (which is probably going to be small anyway.)

3. You can set it up a common common drive that everyone has access to, making file sharing easy.


 4. Your Children's Documents will be stored on the Desktop in your kids Samba Directories, making easy for you the parent to monitor them for quality.  If their is an Educational Issue, you could possibly catch it before it is turned in.  You may also get a heads up to a looming educational issue and perhaps be able to take corrective actions.

The following web page describes a very basic and easy way to configure Samba:

    http://www.unixmen.com/how-to-configure-samba-using-a-graphical-interface-in-ubuntu/


Sign on to each laptop as your child and issue the following commands from within their home directory:

    mkdir bin
    mkdir PrivDir
    mkdir ShareDir

Now on each laptop start the text editor  with “leafpad” and create the following file and save it to bin/AttachSamba

#!/bin/bash
mount -t cifs // [IP Address]/[Samba Share] /home/charles/PrivDir -o     rw,username=[Samba User Name],password=[Samba Password],uid=nnnn,gid=nnnn
mount -t cifs //[IP Address]/[Samba Share] /home/charles/ShareDir -o     rw,username=[Samba User Name],password=[Samba Password],uid=nnnn,gid=nnnn


Note the above file is only three lines long.  The mount command is one line long from the word "mount" to "gid=nnnn".  It won't fit in one line in this blog, but it is just one line.  If you break it up, the script will fail.

Now the explination of this is kind of messy.  The [IP Address] needs to be the IP Address of the Desktop.  The [Samba Share] is probably going to be the child's name.  The Samba User Name and Password would be this child's Samba User Name and Password. This is the share name that you set up with the Samba GUI Tool.

There is a GUI User Add utility that you can just use to display your child's User info with and it will display the gid and uid numbers or you can type the following command into a terminal:

    cat /etc/passwd | grep charles

There will be two 4 digit numbers displayed, they will probably be identical.  These are the uid and gid.

With charles being your child's name.  Finally from a terminal type the following command:

    sudo chmod +x /bin/AttachSamba


If you only set up a Private Directory for your child, delete the 2nd mount command.  But really, a common directory for files the whole family needs access to is going to be really useful.

Now create the following file in the Desktop Directory on your Child's computer.

    #!/bin/bash
    gksudo /home/charles/bin/AttachSamba

And save it as Connect.sh.  Then issue a chmod to make it executable:
    chmod +x Desktop/Connect.sh

Now your child will have an icon to connect to his/her private network drive and the common drive.   

There is one last thing that has to be done, right now your child can't run this command because he or she doesn't have super user rights.  You can give them the rights to just mount and unmount file systems though.  This can't be done from your child's account.  The easiest thing to do, since you are already logged into your childs account is issue the following command from a terminal:

    su - [Parent Account]

It will prompt you for your password and then issue the following command:

    sudo visudo

and then find the line that has “root    ALL=(ALL:ALL) ALL” and add the following line below it:
charles ALL=(ALL) /bin/mount, /bin/umount, /sbin/halt

Press F3 to save and F2 to exit.
Here is a webpage that discusses how to set up backups on a Linux System.

http://www.kubuntuforums.net/showthread.php?39666-Using-tar-scripts-and-CRON-to-back-up

 For backup media I recomend using usb hard drives.  I have tried in the past to use cd and then dvd, but their storage capacity is just inadequate.

This whole Samba setup is probably the most difficult thing I have talked about to set up.  If you are having trouble contact a local Linux User or ask question someplace like LinuxQuestions.org.  There are also books, which is how I originally did it.

Protecting Your Children on the Internet with Linux or How to be a Sneaky Parent Part 1

Recently a friend mentioned to me that he didn't have a computer.  He needed one, but couldn't afford it.  My wife had an old Pentium-4 laptop which wasn't being used.  It still had XP on it, which isn't very safe on the web, with only a 60 gb hard disk.  I blew XP away and put Bodhi Linux (after trying a half dozen lite distros) on it. Bodhi is a lite Linux Distro that is based on Ubuntu that actually looks pretty good. Bohdi runs the Enlightenment Window Manager, it will run Firefox web browser, LibreOffice (Formerly OpenOffice) and e-mail clients like Thunderbird. I came to the realization that pc's like these would make a good child's computer.  There performance is adequate, but not exceptional.  It got me thinking about what it would take to keep a child safe on the internet using Linux based computers.

To totally lock down Windows Computers, takes an expert, which is what Corporate America does..  The more recent and more secure Windows Operating Systems also require fairly fast and robust computers. If you use older Windows 98 laptops for your child's computer, you will find that they are virus magnets.  Therefore, to go the Windows route, you will need to be spending $350 - $500 per laptop, while if you install Linux on older laptops the price range will be in the $100 - $150 range.  And the sad fact is that these computers will perform about the same.  Why is this, Windows 7 and 8 require a lot horsepower just to run the Graphic User Interface, while Bohdi and a number of other Light Linux Distros have Graphic User Interfaces that use very little horsepower.Also, be aware that if you buy your child a Windows laptop and install one of those child protection apps, your child can boot a live distro and go around all of your security measures.  No system is perfect and your children and their friends will be exchanging info.

Basically, you as the parent can use a Multi-tiered protection scheme to keep your children safe on the internet.  On the outer level, OpenDNS will keep most of the bad sites away.  The second line of defense is your router. The Third line of defense is limiting the applications your child has access to.  And the last line of defense is you watching what your child is doing.

1. Most Router's today can filter out Phishing and Porn sites from getting onto your network.  This can be turned on for just certain computers or for the entire network.

2. There is a family friendly DNS Server that is free to use.  A DNS Server is a computer out on the internet where other computers go to look up Human Readable addresses and convert them into Computer Readable addresses (known as IP Addresses.)

3. By running a basic Linux Distro with only a few programs installed, we can limit your child's exposure to dangerous places.  If chat is dangerous, we don't have to install a chat Client.  And Bohdi Linux comes with nothing installed.

4. Good old fashioned spying.  Which is what I intend to spend most of this article talking about.

Using Linux technology, you the parent can monitor what web sites your child is visiting and what email they are receiving and sending and your child need not know and if they do find out, you can say I am the parent and I have the right and a duty to know.  If they are still giving you a hard time, give them the M3 rule: My Home, My Network, My Rules!!!

This is what you will need

1. Desktop preferably an i5 (an i3 would work) with at least a terabyte hard disk and wireless networking.  Cost $500 - $1000.  You could also get one of the AMD Desktops for as little as $350, but they don't perform quite as well.

2. One up to date wireless router. Cost $50 - $200.  

3. One low end laptop for each child. At least a Pentium-4, wireless networking, 512 Megabytes of RAM. Cost $50 - $100 on ebay.  If you can afford it get each child a little faster computer, that way they would be less likely to notice when you are poking around on them.  You can get Intel Core  2's on pricewatch.com for around $150, these probably would make a better laptop then old P4's.  I have found that the P4 was a little bit underpowered even for Bohdi and they are starting to become hard to get a hold of.

4. A single printer could be shared by the whole family.  Most printers now are wireless,  so the printer could be setup so that each computer send jobs to the printer independently or they could all go through the desktop.  I don't know of any real advantage to doing it either way.  You the System Administrator will have to set it up either way.

Setup the router.  This is usually done via a web browser.  Turn on all of security features, if you arn't real computer literate seek help from someone who is.  Set the DNS Addresses to the OpenDNS Servers, currently 208.67.222.123  and 208.67.220.123. OpenDNS is a family safe DNS Server and will return only safe sites to your childs computer.

On each laptop, install Bodhi Linux. Set the Laptop's hostname to the name of the child who will be using it, believe me, it will make everything easier. So if your son John is going to be using the laptop, set it's hostname to “johnslaptop” or just “john”, this is setup durring the Bohdi install as the computer's name. Create a user for yourself with full sudo rights, this is the normal way and you won't have to do anything special.  Set each laptop's Parent's User ID the same and give them all the same password, but don't make this password easy to guess.  A good password scheme for the Parent's Password would be to chose an obscure hobby like Astronomy.  And in Astronomy's case download a list of Common Star Names and choose one at random and then replace any “B”s with 8's, I's or L's with Ones and O's with zeros and E's with 3's.  So the word Denebola would become D3n3b01a. If you are a Macho Male leading a family chose a feminine hobby.  Or a Single Mother, chose a masculine hobby, like hunting or fishing.  Basically choose a hobby your kids won't expect.  If you have to write it down, lock it away in a safe.  

 Then create a user id for the child by typing in a terminal “sudo adduser ”. Of course remove the double quotes and replace with the actual child's name.  The child's name needs to be all lower case and you will be prompted for your password.  You will be prompted for about 6 fields, the only important one is the password. Next we need to install LxTerminal because it doesn't come preinstalled.  Click on Accessories->Applications->Preferences and then start “Synaptic Package Manager.” After entering your password search for lxterminal and then have Synaptic install it. From this point I will refer to LxTerminal as just Terminal. 

Finally we need to install some utilities on each laptop by issuing the following commands from a terminal:
   
    sudo apt-get update
    sudo apt-get bum
    sudo apt-get install openssh-server openssh-client
    sudo apt-get install sqlite sqlite3
    sudo apt-get install sqliteman
    sudo apt-get remove midori
    sudo apt-get install cifs-utils
    sudo apt-get install pcmanfm

Have more then one laptop to setup???
It may be a easier to prepare a script on a memory stick which then can be run on each laptop.  Open a text editor and save the following text to a file on a memory stick:

#!/bin/bash
apt-get update
apt-get install libreoffice
apt-get install firefox
apt-get install thunderbird
apt-get install openssh-server openssh-client
apt-get install sqlite sqlite3
apt-get install sqliteman
apt-get install bum
apt-get install cifs-utils
apt-get install pcmanfm

apt-get remove midori

You will have to copy this script file to each laptop and then run a
sudo chmod +x
Where [filename] is the file you saved it to.

Then type a:
    sudo ./ [filename]

For young children, I would defiantly not install a Chat Client.  If they want to chat, let them use Facebook.  Facebook allows you as the parent or guardian to go in after the fact and read the chat contents.

We are removing Midori Web Browser because it would complicate the monitoring of your children's computers. Also, I have noticed that new software doesn't show up in the menus until a reboot has occurred.

As soon as the installs here are done issue the following command from the terminal:

sudo bum

And then click on ssh-server so that it runs at boot up.

Now to set up the Desktop, I would recommend using Linux Mint Cinnamon or Mate spins. With minor modifications any other flavor of Linux on the desktop would also work.  For ease of explanation, we are doing everything on Debian descendant versions of Linux.  I am not doing this because I dislike rpm (Fedora/RedHat) systems, it just is easier to explain if it is consistent across the board.  On Linux Mint LxTerminal isn't installed, but Xterm or “Terminal” are, they are all pretty similar and I would recommend using what ever comes installed.  Now run the following commands in whatever terminal app you have on the desktop:

    sudo apt-get install openssh-server openssh-client
    sudo apt-get install fping

Via the router give the Desktop a Static IP Address on the network, the process of doing this will vary based on the router.  I would set the static address to something like 192.168.0.100.

Monday, June 03, 2013







SkyGlobe running in a dosbox on a Fedora 16 system.  The computer is a older AMD 64 bit quad processor, but this could be done on any Linux Distro, running virtually any user interface.  If you are curious, I am running the Mate User Interface.

Monday, April 01, 2013

Another letter to the Editor of Linux Format

January 2013's Linux Format had the Article "Think of the Children", which turned out to just be a review of Dan's Guardian.  Dan's Guardian is a Web Content filter and to my understanding is quite good.  I admit that Web Filtering is part of the solution of protecting children on the internet, but only part of it.  E-mail and Chat also need to be monitored, so I thought the article was at least inadequate based upon the title.  

Well my letter to the editor was published in the April 2013 issue after they edited it a bit.

My version:


“Think of the Children” is fine as far as it goes, but to really understand a child’s online activity, you will need more. Fortunately, Linux offers many resources that can assist parents. For example, you could install Bodhi on the child’s computer, with a parent as admin, and the child as a user without sudo rights. Since Bodhi does not pre-install hardly any applications, the parent has complete control over which apps are installed.

Be sure to install Secure Shell Server on the child’s computer. If the computer is on a home network, you, as admin, should always be able to ssh into it. If you can’t, someone may have decided to thwart you by running a live distro.

It’s easy enough to ssh into a remote computer. With
ssh -X @
you can access the e-mail client to spot check activity there.

When a web browser stores the browsing history in an sqlite database (Firefox does), you could also install sqlite and sqliteman on the childs computer.

To access the browsing history:
locate places.sqlite | grep firefox | grep
Copy the file name returned and issue the following command:
sqliteman
In the top right pane, use the following SQL statement:
SELECT datetime(moz_historyvisits.visit_date/1000000,'unixepoch'),
moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id
Click the green arrow to see what web sites the child is visiting.

To access your child’s email, ssh in and then issue the following command:
locate profiles.ini | grep .thunderbird
Copy the file name returned and issue the following command:
thunderbird -offline -P
Now just go through and spot check their inbox.

What got Published:

Mike Saunders' Think of the Children Feature [LXF166] is fine as far as it goes, but to really understand a child’s online activity, you will need more. Fortunately, Linux offers many resources that can assist parents. For example, you could install Bodhi on the child’s computer, with a parent as admin, and the child as a user without sudo rights. Since Bodhi does not pre-install hardly any applications, the parent has complete control over which apps are installed

Be sure to install Secure Shell Server on the child’s computer. If the computer is on a home network, you, as admin, should always be able to ssh into it to check e-mail activity. If you can’t, someone may have decided to thwart you by running a live distro. When a web browser stores the browsing history in an sqlite database (Firefox does), you could also install sqlite and sqliteman on the childs computer and use them to access their browsing history.

And then Linux Format responded:

This has been in the news recently, with the usual suspects demanding that ISP's take responsibility for children's internet access. As always, though, it's best to take responsibilkity for your own children rather then a tech illiterate government,so your suggestions are timely.

Phew, I was afraid I would be accused of being "politically incorrect"!!!


 

 

Tuesday, January 22, 2013

My Linux Path

 Political Entry


I have no intellectual issues with paying for a service or product including software. What I have had an issue with is how Microsoft does business. To put it mildly, they are a Monopoly and have shown all of the traits of a bully in their pursuit of having 100 percent control of the software industry. They have bullied competitors into pulling out of the industry, walked all over other organization's legal patents and pretty well ignored the law. Several companies have successfully sued Microsoft for their excesses.

So in the early 90's I was running OS/2 partly because of my dislike of Microsoft and partly because it was an interesting OS  which we studied during a Operating System Theory class  I took at Simpson. It was technically superior to the MS product of the day and even though IBM was a huge Computer and Software Co., I felt they at least behaved like a responsible citizen. MS did manage to keep the software available for the OS/2 platform to a minimum though, but could not completely kill it.

Something New


It was 2000 and I knew I was about to lose a job (due to a merger,) so I broke down and bought an Windows 98 box for a new job search. I won't say I hated it because I didn't. OS/2 was getting weaker all of the time and the word processing program I was using didn't convert well enough to Word in order to send professional looking Resumes.  But on the minus side, viruses bacame a problem for the first time and I had problems with the Registry.  There are benefits to running a Alternative OS.

We started to hear about a new Operating System that was totally free called Linux, and even better yet it was based on a earlier OS called UNIX, which I had studied aforementioned at Simpson. So with my Wife's approval I bought a used p90 to try it out.

Well, first I tried to load RedHat 6.0, which failed. So, I loaded RedHat 5.2 and then ran an upgrade to 6.0. That worked. I named this computer Oldboy, since the computer wasn't that new to begin with. Shortly thereafter I had figured out how to share the dialup internet connection with the two Windows boxes we had in the house and the Oldboy network was born, well it was funny for a little while.

Up to this point, whenever my Wife wanted to get on the internet, I had to get off and vice versa. This was a huge improvement. But dial-up is slow, and so cooperative internet use became the standard. When my Wife was going to download something big, I did light internet use (usually chess on FICS) and when I needed to do something that would use a lot of bandwidth, she would slack off

Next, I started playing with Samba (Samba creates network drives for computer workstations) and within a week or two we had a real home network and then followed learning about MySQL. MySQL became my all time favorite database and still is. I could write Delphi apps that would hit my MySQL server running on my Oldboy Server.

The old p90 did pretty good as long as I didn't log into X, My Wife said she could feel the internet slow down every time I started an X Session to do something. I started to learn to do more and more via telnet. But the p90 was kind of tired and when I inherited a newer computer, I quickly replaced Oldboy with Youngster. But the network was still called the Oldboy Network and my wife was getting tired of that joke. Around this time, I replaced my 98 box with a desktop that ran RedHat alone. Somewhere in there I started to learn a little PHP and Web Programming.

I transferred the Samba and MySQL servers from Youngster to my new desktop. But I left Youngster up running as an IP Gateway. I became a Gnome user, got my Wife to use Linux part of the time at least. She became a Ubuntu user and I continued to use RedHat. I read a lot and as it turns out that is a very good way for me to learn (read some, putter some.) The more I did, the more comfortable I became with the command Prompt.

I still could run most Windows Programs though.  I had purchased a product called Win4Lin, which was an early attempt to run a Virtual Computer.  It mostly worked, but it made updating Linux Versions difficult, so eventually I dropped it.  Fortunately, Wine has become much better and can now run most Win32 apps.  There are still a few programs that don’t run well under Wine, with ChessBase being my biggest headache.  To run ChessBase, i have to run  it under a Virtual Machine or boot up under Windows.  ChessBase if you are listening, please fix this.

Things haven't changed hugely. I find I can do 98% of what I want without touching Windows. My first Linux Desktop has been retired and I have moved on to a second. The current Desktop is also approaching retirement and I would like to replace it with an i5. My current Desktop is running Fedora and I also have a laptop running another Linux Distribution (Mint.) I still run Samba and MySQL on my Desktop. Since the Gnome debacle, my Windows Manager of choice has moved around, I have ran KDE, XFCE and Mate and haven't totally decided on any one. I am slowly replacing my Delphi Programming with Lazarus, which is multi platform. We have retired Youngster and replaced him with a Router and replaced dial-up with a Cable Modem and have wireless through out the house. My Wife uses a combination of Linux Mint and Windows, basically she has certain things she does on Windows and others that she uses Linux.

Wednesday, January 02, 2013

Backing up Home Computers

-->
I should note that our home network is a mixed network, with the data being saved to Linux, but also being used by several Windows Computers.   The Windows Computers are currently not being backed up, but the network drives that they use is. Backups of our computers at home have always been a little bit haphazard. I have tried to get periodic backups done, but it has always been such a bother. It's probably more important than we like to admit. And since I host the network drives on my desktop, it is doubly important. It's not especially complicated. 

  1. Run the backup scripts in cron. That is easy. For my home network, monthly should be quite adequate.
  2. Copy the backups to external media.

Remembering to copy the backups to external media has always been the issue.

At first, the media was cd-rom, then dvd-rom. When memory sticks started to climb in capacity and their prices started dropping, I started to use them. But now with terabyte hard disks relativly cheap, I use them. At best, I was probably doing quarterly backups. Also, I have found that the USB hard disks are not always the most reliable media. I have had several of them go bad.

One thing I have always done is make sure I have a good backup before doing any system upgrades, such as upgrading one of my Linux Distros.

With the Rasberry Pi being cheap, low power and readily available, I am starting to use it as a backup server. This way, backups will occur if I remember it or not.

I have set up four separate scripts in Cron:
  1. Dump MySQL Databases.
  2. Run Dumps of home Directories.
  3. Move the dumps to my home account.
  4. Use ssh to transfer the Home Account Dumps to the Rasberry Pi.

The MySQL script is just something I found on the internet:

#!/bin/bash
# sonia 16-nov-05
# backup each mysql db into a different file, rather than one big file
# as with --all-databases - will make restores easier
set -x
echo '/**************************************************/'
echo '/**Job Backs up the MySQL Databases to flat **/'
echo '/** Files **/'
echo '/**************************************************/'
date
USER="root"
PASSWORD="MyPass"
OUTPUTDIR="/home/myacct/Documents/MysqlBackups"
MYSQLDUMP="/usr/bin/mysqldump"
MYSQL="/usr/bin/mysql"
# clean up any old backups - save space
rm "$OUTPUTDIR/*bak" > /dev/null 2>&1
# get a list of databases
databases=`$MYSQL --user=$USER --password=$PASSWORD \
-e "SHOW DATABASES;" | tr -d "| " | grep -v Database`
# dump each database in turn
for db in $databases; do
echo $db
$MYSQLDUMP --force --opt --user=$USER --password=$PASSWORD \
--databases $db > "$OUTPUTDIR/$db.bak"
done
date

I added the two date commands, just so I could see how long it runs. I also added rm commands to delete my old backup files to this script. (I have removed those lines from this example for security reasons.) I scheduled this to run at 00:10 on Sundays and it runs less than a minute. There isn't a lot of data out there, but I do rely on MySQL a lot. I would hate to lose my data.

At 00:15 on Sunday Morning, the backups run and the script looks like this:

#!/bin/bash
set -x
date
echo '/**************************************************/'
echo '/**Job Starts Full Backup of home directories **/'
echo '/**************************************************/'
date=$(date +'%Y-%m-%d %H:%M:%S')
read Y M D h m s <<< ${date//[-: ]/ }
if [ $D -lt 8 ] ;then
echo "Run Full Backups"
// who -u | grep terry awk '{printf("kill -9 %d", $2)}' | sh
// ping 1.1.1.1 -n 1 -w 5000 > NUL
at -f /home/myacct/Documents/bash/User1Bkp now
at -f /home/myacct/Documents/bash/User2Bkp now
at -f /home/myacct/Documents/bash/User3Bkp now
at -f /home/myacct/Documents/bash/User4Bkp now
at -f /home/myacct/Documents/bash/User5Bkp now
fi
date

The If Statement checks the day of the month, and if it is less then 8, starts the backups. There is no need to run full backups every week for my home network. The data just doesn't change that fast. Each user's backup is a separate script and is started via the At command, this way they can run concurrently with each other rather than in sequence. Each User Backup Script will be similar to the following:

#!/bin/bash
echo '********************************'
echo '** Backup of User1 Acct **'
echo '********************************'
date
tar -czvf /home/user1bkp /home/user1
date

It is just a basic tar script to back up that specific user home account, which is also their network drive via Samba. I have added date commands at the beginning and end of the script, so I can tell how long they are running. If I start the transfer too soon, the backups would be useless. The output from the scripts are going to be huge and all we really have to look at is begin and end run times. Since I am running this from my Root Cron Account, the output will be sent to the Root Linux/Unix Mail Account and can be read using the mail program. I found though, that reading it with Mutt is even better, since by pressing the '|' key sends the mail message to a shell and then all that would have to be typed in is:

grep 'Sun '

and then something like the following should be listed:

Sun Jan 6 00:15:00 CST 2013
Sun Jan 6 01:58:53 CST 2013

So, in this case the job ran about 1.75 hours. I checked the run time on all of the backups and adjusted the start time of the move and copy scripts respectivly. Currently all of my backups complete before 2:30 am.

The third script runs at 3:10 am and it only runs a few seconds:

#!/bin/bash
echo '********************************'
echo '** Copies backup files to **'
echo '** my home account **'
echo '** and makes me the owner **'
echo '********************************'
date
mv /home/*bkp /home/user1
chown user1 /home/user1/*bkp
date

Finally, the last script runs at 3:20. For this to work, I first had to install the “sshpass” program, which is not included in the ssh utility. It's probably not the most secure. But since this is running on a home network and with only family members having access, I am not too concerned. If this was for a business, I might look for something more secure. I considered installing a ftp server on the Rasberry Pi, but then I found that ssh's Secure Copy was already built in. The -arcfour gives the lowest level of encryption that ssh allows. Again, I don't feel security is a big issue on home networks and if I could have turned encryption off, I would have.

The let "Remainder=$M%3" does a Modulus divide, setting the $Remainder variable to the Remainder of the Current Months number divided by 3. This way, each month will go into a separate directory for 3 months, and if I need to go back to a previous months backup, I can. This job will run for hours, but speed shouldn't be an issue.

#!/bin/bash
set -x
echo '/**********************************************************/'
echo '/**Job Copies Backup Files to my Rasberry PI at: **/'
echo '/** 192.168.0.50 **/'
echo '/**********************************************************/'
date
date=$(date +'%Y-%m-%d %H:%M:%S')
read Y M D h m s <<< ${date//[-: ]/ }
if [ $D -lt 8 ] ;then
let "Remainder=$M%3"
if [ $Remainder = 0 ] ;then
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user1bkp pi@192.168.0.50:/media/usbhdd/Month1
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user2bkp pi@192.168.0.50:/media/usbhdd/Month1
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user3bkp pi@192.168.0.50:/media/usbhdd/Month1
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user4bkp pi@192.168.0.50:/media/usbhdd/Month1
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user5bkp pi@192.168.0.50:/media/usbhdd/Month1
fi
if [ $Remainder = 1 ] ;then
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user1bkp pi@192.168.0.50:/media/usbhdd/Month2
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user2bkp pi@192.168.0.50:/media/usbhdd/Month2
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user3bkp pi@192.168.0.50:/media/usbhdd/Month2
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user4bkp pi@192.168.0.50:/media/usbhdd/Month2
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user5bkp pi@192.168.0.50:/media/usbhdd/Month2
fi
if [ $Remainder = 2 ] ;then
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user1bkp pi@192.168.0.50:/media/usbhdd/Month3
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user2bkp pi@192.168.0.50:/media/usbhdd/Month3
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user3bkp pi@192.168.0.50:/media/usbhdd/Month3
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user4bkp pi@192.168.0.50:/media/usbhdd/Month3
/usr/bin/sshpass -p 'MyPass' /usr/bin/scp -c arcfour /home/user1/user5bkp pi@192.168.0.50:/media/usbhdd/Month3
fi
fi
date

Lastly, the crontab is kind of goofy. I have to look up the format every time I use it. You can read about Cron here. The easiest thing to do is put the runtimes for the root account and the MyUser Account in separate files. The MyUser Cron file is set up as follows:

10 00 * * 0 /home/MyUser/Documents/bash/MysqlBackup
20 03 * * 0 /home/MyUser/Documents/bash/CopyBkp

And then the Root Cron File is set up as:

15 00 * * 0 /home/MyUser/Documents/bash/FullBackUp
10 03 * * 0 /home/MyUser/Documents/bash/RtCmd

In these, the first column is the minute to start, the second column is the hour it is to start and the fifth column is the day of the week.

Then, to change the current crontab with these, just sign into that user command line and type:

crontab FileName

where FileName is the name of that user's crontab file.