Tuesday, March 31, 2009

How to Protect Your Computer Against the Conficker Worm

From the House of Commons in the United Kingdom to servers of corporations in the United States to the average user across the globe, the Conficker Worm is attacking anything and everything in it's path, wreaking havoc and killing Internet connections, slowing corporate functions and infiltrating the most sensitive of data. April 1st of 2009 is supposed to be a payload date, which as of this article, is only two days away. So, how can you stay protected?

Instructions

Step1:
If you have a Mac or a Linux machine, breath a sigh of relief; you don't have the right code to be infected. If you're running Windows as your platform of choice, listen up, because this is critical; time is of the essence. You may experience any number of symptoms which are common like loss of Internet connection and loss of local network connection and which are less common like Automatic updates and Microsoft services being disabled.

Step2
Update your anti-virus software. Disconnect your computer from the Internet and scan your system, if you believe you are already infected. To stop the spread of the worm, see step 3. If possible, back up your data ASAP.
Step3
Disable Auto-play in Windows. For Vista: Start > Control Panel > click Play CD's or other media automatically > uncheck Use Autoplay for all media and devices. > click OK. For XP: Start > Run Enter GPEDIT.MSC >
The Group Policy dialogue box will appear. On left panel, double-click Computer Configuration > Administrative Templates > System > Double-click the Turn autoplay off option. The reason behind disabling autoplay is that Conficker can be spread through USB flash drives infected with code that starts on auto-play when the infected drive is inserted into the computer. Disabling auto-play is a good way to ensure against any malicious code automatically gaining access to your computer.
Step4
If you have the Conficker worm, DO NOT DO A SYSTEM RESTORE. Like most malware, Conficker hangs in the restore points and reactivates when you do a system restore. Utilize a decent anti-virus solution such as AVG, Avast!, or Malwarebyte's Anti-Malware. Again, disconnecting your computer from the Internet is critical to prevent the spread of the worm or the continued use of your computer by the worm for devious purposes. Windows Malicious Software Removal Tool can be used to detect and remove the Conficker worm as an option as well.
Step5
Regardless if you are on a network or a standalone computer, download the Microsoft update patch KB958644 (MS08-067) This will fix a security vulnerability that is exploited by the Conficker worm. For more information on how to exactly deploy this update across a network as well as additional information on Conficker, please visit the link in the Resources section.

Conficker C Worm April 1st Virus and April 1 Virus: Info and Removal Tool

The April 1st virus (C Worm and April 1 Virus) has been a threat since 2008, according to reliable sources. I have not actually experienced any Conficker C attack or threat firsthand. Maybe that’s because I always update my antivirus databases everyday. Yeah, that’s one way to prevent the Conficker C virus or April 1st Virus. Update your antivirus software virus databases daily and turn on the Windows Update ALWAYS. The Conficker C worm will exploit a Windows vulnerability called MS08-067. So far, no report has been made on its impact on computers running Linux especially Debian/Ubuntu/Fedora.

What damage can Conficker C do or how does it behave? Let me quote below Symantec’s partial analysis of Conficker C worm behavior:

On April 1st the Conficker worm will simply start taking more steps to protect itself. After that date, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt.

The Conficker worm, sometimes called Downadup or Kido has managed to infect a large number of computers. Specifics are hard to come by, but some researchers estimate that millions of computers have been infected with this threat since January. Current users of Symantec’s Norton security products are protected. Users who lack protection are invited to download a trial version of Norton AntiVirus 2009, Norton Internet Security 2009 or Norton 360. All of these products will detect and remove this worm.

How to remove Conficker C virus/worm? First, let’s be clear about one thing. The Conficker C threat can be prevented. Why think about cure before prevention? In the first paragraph of this article I have offefred some ways to prevent Conficker C infection. In addition to that, Norton (Symantec) also advised thatyou should turn off the “autorun” feature in your Flash/USB drives and Memory sticks (both removable storage media frequently infected by viruses).

However, if push comes to shove and you are infected with Conficker C, don’t worry too much. On April 1st, antivirus softwares will most likely have the cure already and all you’ll need to do is run a virus check on your computer on April 1st to make sure this virus gets eliminated from your system. Stay safe from malicious programs like these. Schedule a virus check daily if you’re a heavy computer user.

How to Protect Your Online Privacy and/or Access Blocked Sites

If you want to access a site anonymously (to prevent your IP address from being tracked or protect yourself from from online spying, phishing and pharming). Anyway, no matter what your reasons are, this week’s toolkit is dedicated to bypassing website access restrictions:
  1. Use Google cache (only helps for indexed pages, e.g. those that do not require to login or do not prevent Google from accessing it by meta tags or Robots.txt). Use cache: Google advanced operator to access the saved version of the page.
  2. Use IP address instead of the domain name (this won’t protect your online privacy but will allow to access some blocked sites): use this tool to convert any domain into the IP address.
  3. Use a public proxy server. PrimeProxies.com claims to offer the ultimate list of proxy servers and also continuously check if each of them works. Here is another (old) list: most of the proxy servers do not work any more, but if you check in the comments, you can find a few new ones. This article detailing how to access blocked sites also lists a few quite fresh proxy servers to use.
  4. Use online translation tools. Google Translate can perform the role of a public proxy server (but you will have to translate the page as Google doesn’t support “from English into English” translation).
  5. Get web pages via email: WebInMail is the newest service that will send you a page HTML copy to your email address (another wonderful service offered by the site is “search by email” feature by the way that sends you the copy of Google search results page). WebToMail is a similar and older service.
  6. Use tools allowing for anonymous browsing. Hopster (paid) hides your IP address to protect you from anyone who wants to know who you are while you’re on the Internet.
  7. Use FireFox addon to protect your privacy:
    • Use any of the FireFox addons from the list allowing you to switch between available proxy configuration for save and anonymous browsing.
    • RequestPolicy will block any cross-site requests (Google analytics, hotlinked images, etc) to protect you from any third-party attempts to access your browsing history and habits.

Monday, March 30, 2009

Boot an ISO image from hard disk?

1st Method:

1. Create a mountpoint to mount the ISO with loopback:
mkdir /mnt/LiveISO

2. mount the image:
mount -t iso9660 -o loop,ro /DOWNLOADS/debian-5.0-i386-en.iso /mnt/LiveISO

3. Create a directory on the device where you are going to boot from:
mkdir /mnt/hda4/Debian-Lenny

4. Copy the contents of the mounted image to that directory:
cp /mnt/LiveISO/Debian-Lenny/* /mnt/hda4/Debian-Lenny/

5. copy kernel and initrd files to your boot device:
cp /mnt/LiveISO/boot/* /boot

* Grub:
title Debian-Lenny
root (hd0,0)
kernel /linux26 ramdisk_size=100000 fromhd=/dev/hda4
initrd /minirt26.gz
savedefault
boot

* Lilo:
image=/boot/linux26
initrd=/boot/minirt26.gz
label=Debian-Lenny
append="ramdisk_size=100000 fromhd=/dev/hda4"
-------------------

The basic idea is that you copy the contents of the ISO to a partition. Then, in your current linux OS, you copy the kernel and initrd images from the ISO to your current boot directory. Last, you edit LILO so that it points to the kernel and initrd images you just copied, and make sure you append the "fromhd" line so that the "livecd" will know where the rest of the Debian-Lenny files are.


2nd Method:

It is possible to boot and install from an debian.iso/ubuntu.iso file on hard-disk. You will need a spare partition on your hard drive and an existing grub menu (on livecd, floppy or hd). This is sometimes known as fromiso or frugal install.

The basic steps are as follows.

* Create and format (if you don't already have one) a partition to boot fromiso.
* Download debian.iso file to a folder and extract to the same folder the vmlinuz and initrd.gz files.
* Add the correct entry to the existing grub menu.

Example: LinuxA grub on sdb1 (hdb1), LinuxB on sdb6 (hdb6)

* Make a directory/folder in sdb6 called Debian-Lenny.
* Download debain.iso ( from http://cdimage.debian.org/debian-cd/5.0.0/i386/iso-dvd/ ) and the available vmlinuz and initrd.gz files to /mnt/sdb6/Debian-Lenny
* Customize the boot/grub/menu.lst of LinuxA on sdb1 (hdb1). Add this entry to the end.

title Debian-Lenny GNU/Linux

kernel (hd1,5)/Debian-Lenny/vmlinuz vga=791 fromhd=/dev/sdb6 fromiso=/Debian-Lenny/debian.iso en xres=1024x768

initrd (hd1,5)/Debian-Lenny/initrd.gz

boot

Note:
You can get the vmlinuz (kernel binary) and initrd.gz (ramdisk image) files from here:


http://http.us.debian.org/debian/dists/lenny/main/installer-i386/current/images/hd-media/gtk/
http://ftp.de.debian.org/debian/dists/lenny/main/installer-i386/current/images/hd-media/gtk/

Note: Typically, FTP is faster, and therefore the preferred method. There is no difference in the quality or content of the HTTP download compared to the FTP option.

To extract the vmlinuz and initrd.gz files from the debian.iso

1. mkdir -p /mnt/sdb6/Debian-Lenny/test
2. mount -t iso9660 -o loop,ro /mnt/sdb6/Debian-Lenny/debian.iso /mnt/sdb6/Debian-Lenny/test

Now copy the vmlinuz and initrd.gz files from the mounted iso image to the directory

1. cp /mnt/sdb6/Debian-Lenny/test/boot/vmlinuz /mnt/sdb6/Debian-Lenny/
2. cp /mnt/sdb6/Debian/test/boot/initrd.gz /mnt/sdb6/Debian-Lenny/

Note: Please do not change download ISO file. In some cases it doesn't work.

HOWTO: Use Blackberry as Bluetooth Remote Control

INTRODUCTION
I hook up my laptop to the tv to watch my videos. One thing that always bugged me was that I would have to get up if I wanted to forward, change audio or subtitles, etc. Then I read some guides of people using Nokia and Sony Ericsson phones as bluetooth remote controls. Since my Blackberry Pearl has bluetooth, I decided to try it out but had no luck in Windows. After some hard work and research, I was finally able to make this happen in Ubuntu.

This guide is written specifically for the Blackberry Pearl 8100 but should be applicable to other Blackberry phones as well. Also it can probably be adapted to work with other cellphones as well. Lastly, I accomplished this on Ubuntu 8.10 Intrepid Ibex, so I have no idea if it will work with other versions too.

PREREQUISITES
"Your cell phone should support JSR-82 or event-reporting feature. If You do not have any information just try to use anyRemote, firstly in Server mode, then in AT-mode" -anyRemote website.

Basically your phone has to be able to use Java with bluetooth (most modern phones with BT will probably have no problem). As far as I know, the 8xxx Blackberry phones have support for this.

For getting Java files on Nokia phones, you might want to read this: http://www.tim.id.au/blog/2007/05/25/anyremote-on-ubuntu/

GENERAL IDEA
To get the computer and the phone talking to each other you need to make sure the bluetooth service is active (if it is you'll see a bluetooth icon in the panel). Next you will need to install a program on your phone and on your computer (this program will translate your phone keystrokes to commands in Ubuntu).

SETTING UP THE PHONE
1. Go to http://anyremote.sourceforge.net/dload.html. Go to the 'Java Client for WAP download' and from there download any of the jar files (they are all the same program - the only difference is that the files have different icon sizs - I used the file with 16x16, 32x32, and 64x64 icon sets).

2. After getting the jar file, transfer it to your Blackberry. If you have a media card, you should be able to use the 'massive USB storage feature' to get it on there. You might even be able to transfer the file via bluetooth, although it will probably be slow.

3. On your phone, go to Media, click the menu button, and select explore. Browse to the jar file and select it. Click 'Download' to install the application.

SETTING UP THE COMPUTER
1. Open Synaptic, search for 'anyremote', and mark it for installation. Also search for 'pybluez' and mark it for installation as well. Then hit apply to install. (Note: the anyRemote package from the website is newer but depends on libbluetooh2. Ubuntu 8.10 has libbluetooh3)

2. Go back to the anyRemote site (http://anyremote.sourceforge.net/dload.html) and download the following (.deb packages):
-gAnyRemote (kAnyRemote if using Kubuntu)
-anyRemote2html
-java client
After downloading, double click on the .deb packages to install.

CONNECTING

1. After installing everything, pair up the phone with the computer (For Blackberrys go to 'Set Up Bluetooth' and follow the directions. It should be able to find your computer after which it will ask you to enter a PIN. Enter any PIN and press ok. You should now see a popup in Ubuntu asking for the PIN. Click on it and enter the same PIN and your devices should be paired up.

2. Start up gAnyRemote (Applications > System Tools). If it gives a message about the Bluetooth service not being active just ignore it. You should see a remote icon in the panel. Click on it to bring up the anyRemote window. Go to Setup > Preferences and under 'Show in list' check 'all.' Click OK.

3. Select the application you want to run and click start (more on this later).

4. In your phone, start up anyRemote, and from the menu, select search. It should find your computer and any other bluetooth devices you may have. Then select your computer device and from the menu click connect.



Now key presses on your phone should translate into actions on your computer.

CONFIGURING ANYREMOTE
This application is very powerful and has a load of configurations that will allow you to control a variety of applications, keyboard, and even mouse movements. The key to configuring to your liking is to get familiar with the configuration files in /usr/share/anyremote/cfg-data. There is thorough documentation available on the anyRemote website.

I have attached my personal gnome-mplayer configuration below, which was edited from the mplayer configuration file. With this I can browse media files on my phone, open them up and play them in gnome-mplayer. Since I mostly watch dual-audio .mkv files, I added the option to change audio language and subtitles. My configuration is below:

1 2 3
4 5 6
7 8 9
* 0 #

1: Seek back (equivalent to down key)
2: Change audio track
3: Seek forward (equivalent to up key)
4: Rewind (equivalent to left key)
5: Pause
6: Forward (equivalent to right key)
7: Toggle fullscreen
8: Toggle/change subtitles
9: Toggle control ((equivalent to C key)
*: Help
0: In-phone file browser
#: Quit player

If you want to use this configuration, download it to any directory and, in gAnyRemote, go to Setup > Preferences and add the directory containing the configuration file. The application will be available in the main window. Just start it, connect your phone to your computer and you will be good to go.

Saturday, March 21, 2009

100 Search Engines in 100 Days - rofiles of Internet Search Engines

Profiles of Internet Search Engines - More Internet Search Engine Information and Profiles at A to Z Search Engines and Directories

Days 1-10
Days 11-20
Days 21-30
Days 31-40
Days 41-50
Google Clusty Answers.com Yahoo Reference ZapMeta
Blinkx Interview with Chris Tolles of Topix SingingFish.com Search Engines/Web Pretrieve
MrSapo Dogpile Search Engines Defined Travel Search
A9.com Yahoo Special Properties Interview with BigClique Search Engine Quiz
Kelkoo Indeed.com Shopping Search Engines Kartoo FoodieView
Info.com BigClique.com MSN Search Google Cheat Sheet LookSmart
Scirus AltaVista MyStanky Yahoo Shortcuts
Spiders GoDefy.com AOL Search Lycos Google Facts
Topix Zabasearch.com AskJeeves Isohunt
Ask Jeeves for Kids Podscope.com Kids Search Engines AlltheWeb

Days 51-60
Days 61-70
Days 71-80
Days 81-90
Days 91-100

Tech Crunch, AOL Search Releases Private Search Logs For Over 500,000 Searchers

According to Tech Crunch, AOL Search has released 20 million web queries from 650,000 AOL users:
The utter stupidity of this is staggering.

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to.

The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

Obviously, this is a gross invasion of privacy, security, common sense, you name it. AOL has always struggled to keep itself from being overly demonized in the eyes of the consumer, yet keeps digging holes for itself to climb out of. I have NO idea how it's going to cover this one; this is a PR nightmare.

Here is how this affects you if you are an AOL customer:

  • All usernames in the search logs have been changed to random numbers. However, if someone really wanted to, they could group all the searches together from one user and eventually figure out who someone is. If they wanted to. It's really not that difficult.
  • If you've input personal information, you might be in trouble. If you are an AOL user and have for some reason typed in your social security number, your first and last name (vanity searches, we've all done them!), your birthday, etc., then dedicated search miners will have all they need to start stealing your identity.
So what can you do? Unfortunately, the data is already out there - Google still has a cached version, and at least one mirror site has popped up. If you have searched on AOL in the last six months, and have searched for anything that might be embarrassing or a potential breach to security, I suggest that you watch your personal identity and information very carefully.

Related:

  • Ten Ways To Keep Your Search History Private: Events such as AOL's release of private search history have prompted many search engine users to be a bit more cautious with their searching habits. Now, most of us have no need to hide our search history, but there's no harm in more cautious Web surfing. Here are a few ways you can keep your searching history private.
  • Search Engines and Internet Privacy: Ever wondered what a search engine's privacy policy looks like? Here's a few for you the next time you'd like some light reading.
  • Anonymous Surfing 101: Are you concerned about privacy on the Web? Then anonymous surfing, the ability to surf the Web without being tracked, is for you. Here are some frequently asked questions about anonymous Web surfing.
  • Internet Safety Checklist: The Internet is a vast resource of information. There's a good reason why it's called the "Information Superhighway!" However, just like you as a responsible parent would not let your children run around on the highway unsupervised, it's also a good idea not to let them run around the Net without your input.
  • Free Adware and Spyware Removers On The Web: If you've ever had weird pop-up windows that just won't go away, hijacked browser settings, internet preferences inexplicably changed, or a very slow web search experience, than you've most likely been the victim of spyware, adware, or malware.
Ref. here

Ten Ways To Protect Your Web Privacy

Events such as AOL's release of private search history have prompted many search engine users to be a bit more cautious with their searching habits.

Now, most of us have no need to hide our search history, but there's no harm in more cautious Web surfing. Here are a few ways you can protect your Web privacy:

1. Private information

Do a search for yourself in any search engine and see what comes back - you might be surprised! A good Web safety rule of thumb is to avoid filling out forms that require personal information.

2. Clean out your search history

Most Internet browsers keep track of every single Web site you type into the address bar. In Internet Explorer, you can delete your search history by clicking on Tools, then Internet Options. In Firefox, all you need to do is go to Tools, then Options, then Privacy.

3. Clean out your cache

In order to promote a faster browsing experience, all browsers keep copies of Web sites you've visited in a temporary "cache" file. The same process I described above to clean out your search history can be used to clean out your cache (just different buttons, it's very simple!).

4.Search with a proxy

Surfing with a proxy is one of the best ways to stay anonymous on the Web. Read more about it in my article titled Anonymous Surfing 101.

5. Avoid registrations

If you're as tired as I am of sites forcing you to go through registration just to view their content, than BugMeNot is for you. It's easy to use and makes life much simpler, not to mention it's a good guard of your online privacy and enables you to surf anonymously.

6. Clean up your cookies

Most websites have "cookies", tiny software programs that track your visits. You don't want to completely disable cookies because your Web search experience will definitely suffer, but you should clean them out every once in a while. PCWorld has an excellent article for Internet Explorer users titled Protect Yourself: Clear Your Cookies and History; for Firefox users, try Using the Cookie Manager.

7.Use an independent search engine

If you log onto the Web through an ISP such as Comcast, Earthlink, etc., don't use their search tools to browse the Web, because they'll be able to keep tabs on everything you're doing. Use an independent search engine such as Google, Yahoo, Ask, etc. (you can take your pick of 100 search engines!).

8. Disable auto-complete

Many browsers and even search engines have an auto-complete feature that suggests endings for whatever word you might be typing in. This is a very convenient feature, however, if you're looking for privacy it's something you'll want to get rid of.

9. Careful of your downloads

Not only is this a good idea for privacy advocates, it's also a great way to keep your computer from freezing up. Be very cautious when choosing what to download from the Web; some programs include adware that will report your surfing habits back to a third-party company that will then use that information to send you ads (spam). A good place to find credible free downloads (I test them myself) is the About Web Search Free Downloads section.

10. Be careful where you surf

This is pretty self-explanatory: don't go places on the Web that you would be embarrassed to have your spo, husband, children, or employer see. This is a very low-tech way to protect your Web privacy.

Note: If you want to protect your privacy and keep your secrets then use Ixquick - the world's most private search engine!

Friday, March 20, 2009

GPRS Internet over Bluetooth with Debian GNU/Linux

My Configuration

  • Debian 5.0 (Lenny/Etch)
  • Integrated Bluetooth on my laptops
  • Sony Ericsson P910i Cellphone
  • Vodacom GPRS/EDGE/3G connection

This should be portable across all Debian-based distibutions, and telecoms. But the configuration might vary from phone to phone (notably the channel number).

See GPRS for more general information.

Any "#" prompt means root, i.e. run sudo -s before you do this.

Install the relevent packages

# aptitude install bluez-gnome pppconfig

Permissions

Your user needs to be able to dial-out (if you are the first user on an ubuntu system, this is already done):

# adduser my-username-here dialout

Log out and in again.

Connect to your phone

Turn on bluetooth on your phone and computer.

If you've already tried connecting them before, delete any reference to your computer from your phone's list of Bluetooth devices. And delete any reference to your phone's ID from the files in /var/lib/bluetooth/computer-id-here/.

If the gnome bluetooth applet doesn't appear, run:

$ bluetooth-applet

It should make your computer discoverable by default.

Do a bluetooth scan on the phone, and add your computer as a paired device.

Enter the same number in both phone and computer. They should bond.

Now you can edit the properties of the computer on the phone's list of Bluetooth devices and tell it to always accept connections from the computer.

Debugging connections

If you need to find your phone's bluetooth ID, make the phone discoverable, and run

$ sdptool scan

If things go wrong here, go into /var/lib/bluetooth/*PC-Address*/ and look for your phone's address in those files. If it's there, remove it, and

# invoke-rc.d bluetooth restart

and try again.

If your phone isn't a P900

You'll need to find out what channel to connect to:

# sdptool browse 00:0A:D9:EA:A4:F8        <- Insert your phone's ID here
Browsing 00:0A:D9:EA:A4:F8 ...
Service Name: Voice gateway
Service Description: Voice gateway
Service Provider: Sony Ericsson
Service RecHandle: 0x10000
Service Class ID List:
"Headset Audio Gateway" (0x1112)
"Generic Audio" (0x1203)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 8
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Headset" (0x1108)
Version: 0x0100

Service Name: OBEX Object Push
Service RecHandle: 0x10001
Service Class ID List:
"OBEX Object Push" (0x1105)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
"OBEX" (0x0008)
Profile Descriptor List:
"OBEX Object Push" (0x1105)
Version: 0x0100

Service Name: OBEX File Transfer
Service RecHandle: 0x10002
Service Class ID List:
"OBEX File Transfer" (0x1106)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 2
"OBEX" (0x0008)

Service Name: Bluetooth Serial Port
Service Description: Bluetooth Serial Port
Service Provider: Symbian Ltd.
Service RecHandle: 0x10003
Service Class ID List:
"Serial Port" (0x1101)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 3
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100

Service Name: Dial-up Networking
Service Description: Dial-up Networking
Service Provider: Sony Ericsson
Service RecHandle: 0x10004
Service Class ID List:
"Dialup Networking" (0x1103)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 4
Language Base Attr List:
code_ISO639: 0x656e
encoding: 0x6a
base_offset: 0x100
Profile Descriptor List:
"Dialup Networking" (0x1103)
Version: 0x0100

The number you want is the Channel number for Dial-up Networking.

Configure bluez

# vi /etc/bluetooth/rfcomm.conf

Add this stanza at the end:

rfcomm0 {
bind yes;
device 00:0A:D9:EA:A4:F8; <- Insert your phone's ID here
channel 4;
comment "P900 PPP connection";
}
# /etc/init.d/bluez-utils restart

Configure PPP

# cat > /etc/ppp/peers/bluetooth << EOF
hide-password
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/bluetooth"
debug
/dev/rfcomm0
115200
defaultroute
noipdefault
user "x"
remotename bluetooth
ipparam bluetooth

usepeerdns
lcp-echo-interval 0
novj
EOF
# cat > /etc/chatscripts/bluetooth << EOF
ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT 'NO DIALTONE' ABORT 'NO DIAL TONE' ABORT 'NO ANSWER' ABORT DELAYED
ATZ
OK-AT-OK "ATDT*99***1#"
CONNECT \d\c
EOF

You might need to change the *99***1#. See GPRS#Cell Phone for details.

# echo '"x" bluetooth "x"' >> /etc/ppp/pap-secrets

Test and debug

$ pon bluetooth
# tail -f /var/log/syslog

You should see the connection progress.

Enjoy.

BTW: You can make your phone undiscoverable again :-)

Troubleshooting

  1. The above instructions can easily be adapted for USB cable use. The earlier bluetooth specific steps can be skipped, start at the ppp configuration step. The device specified must be the USB appropriate modem device, eg. /dev/ttyACM0. If you are unsure of what device to use, monitor the log files (eg. /var/log/syslog) to see what device is detected when the phone is plugged via USB.
    • The main disadvantage to using bluetooth is it increases the battery consumption of the phone. The advantage to using bluetooth is that you can put the phone in a further away location where it gets a better cellphone signal.
  1. The dial number specified is critical, if by mistake, you use your MMS connection, it will appear to connect fine, but nothing will work :-)
  1. If for some silly reason, you already have a default route, ppp will not replace it with a new one. You'll have to sort this out yourself.

Thursday, March 19, 2009

Bluetooth, GPRS mobile phone with Debian GNU/Linux

Setup walkthrough/guide for Bluetooth on Debian GNU/Linux, make your laptop/desktop communicate with your mobile phone, and use the latter as a modem to connect to the Internet.

In this article, Sony Ericsson K750i is being used as an example, which should however be applicable to most of the current available mobile phones in market.

Here it is focused on the Bluetooth connection only, you can easily replace it with an IRDA connection, or use the USB cable provided with your phone , although it is tried for any of these alternatives with Sony Ericsson K750i mobile phone.

I believe that the reader is already used to PPP connections using pppd, and all the examples will be based on Orange mobile phone provider.

Setting up Bluetooth on Debian GNU/Linux (Lenny/Etch/Sid)

The bluez project goal is to make an implementation of the Bluetooth wireless standards specifications for GNU/Linux. On Debian, you need to install the bluetooth meta-package, which will automatically the required dependencies/packages.

When inserting a Bluetooth USB-adapter, you should check these entries in the logs:


usb 1-2: new full speed USB device using uhci_hcd and address 2
usb 1-2: configuration #1 chosen from 1 choice
Bluetooth: HCI USB driver ver 2.9
usbcore: registered new interface driver hci_usb

If you are a GNOME user and need to install the bluez-gnome package, you should be able to see the bluetooth icon in the notification area. A right click on this icon will give you access to the options (visibility, connectivity etc.).

Communicationg with a mobile phone over a bluetooth connection

You should now be able to communicate with the phone.

Run hcitool scan and check that your phone name appears in the device list:

$ hcitool scan
Scanning ...
00:1B:59:2F:5E:E1 K750i

With nautilus-sendto, you can send files from your laptop to the mobile phone:
nautilus-sendto.png
Make sure the phone is visible to other devices.

To send a file from the phone to the computer, you need to install the deprecated gnome-bluetooth package, avialble from repository.

gnome-bluetooth.png

After starting gnome bluetooth, and making the computer visible (edit the preferences from the bluetooth applet), you will be able to transfer files from your mobile phone to the laptop.

Using the modem

Setting up rfcomm device

Edit /etc/bluetooth/rfcomm.conf as follows ( use your favorite editor, I use Emacs) :

rfcomm0 {
bind yes;
device 00:1B:59:2F:5E:E1;
channel 1;
comment "Example Bluetooth device";
}

Where:

  • the device is what you can see thanks to hcitool
  • the channel is the number referring asthe “Dial-up Networking” service when running sdptool browse

After restarting the bluetooth service, you will have a new /dev/rfcomm0 device which you will use a the modem device in the pppd configuration files.

GSM connection

A GSM connection will allow 9,600 bps, but can be usefull if you are out of the GPRS network.
Simply create a new connection with the newly created device as modem device. I would suggest you use the pppconfig to create the ISP connection.

GPRS connection

Thanks to GPRS, you can reach the speed of 56 Kbps. For information only, Edge allows 247 Kbps and UMTS 384 Kbps.

Before trying to connect from your laptop, please be sure you are able to connect to GPRS from your mobile phone.
If you haven’t yet configured your mobile phone, most of the providers have the settings available publicly on their website.

Note that Orange requires a free option to be activated (this is automatically done if you are a new subscriber). Also pay attention to your SIM card which should be GPRS aware .

Here is the configuration file I use to connect to Orange:

hide-password
noauth
connect "/usr/sbin/chat -f /etc/chatscripts/orange-gprs"
/dev/rfcomm0
57600
defaultroute
user "orange"

ipparam orange-gprs
idle 300

# most of the phones don't answer to LCP echo requests
lcp-echo-failure 0
lcp-echo-interval 0

usepeerdns
noproxyarp
noccp
novj
nobsdcomp
novjccomp
nopcomp
noaccomp

# pppd must not propose any IP address to the peer!
noipdefault

# Accept peers idea of our local address
ipcp-accept-local

# Ignore carrier detect signal from the modem
local

Here is the chat script:

# ispauth chat
# abortstring
ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT 'NO DIALTONE' ABORT 'NO DIALTONE' ABORT 'NO ANSWER' ABORT DELAYED
# modeminit
'' ATZ
OK-AT-OK 'ATD*99***1#'
# ispconnect
CONNECT \c

The phone number is very important. The last digit must be the external ID of the GPRS profile setup in your mobile phone. This seems to be closely tied to Orange, but if you can’t connect, contact your provider to get a valid dialing sequence.

You can test the connection running pon orange-gprs. Debugging can be improved by adding a nodetach option in the configuration file. Also add a line debug debug debug to increase the verbosity.

Monday, March 16, 2009

How To Install Microsoft Internet Explorer on Linux in Two Easy Steps

I'am not a fan of Internet Explorer but sometime you need Internet Explorer on Linux for:

=> Testing purpose (web developers)

=> To see IE only sites (many sites still only works with IE for example my bank site and few essential government site)

You need to use Wine to run IE. But there is a small collection of shell script exists which makes your life quite easy. It is called Ies4linux.

IEs4Linux is the simpler way to have Microsoft Internet Explorer running on Linux (or any OS running Wine).

No clicks needed. No boring setup processes. No Wine complications. Just one easy script and you'll get three IE versions to test your Sites. And it's free and open source.

Install the package with:

apt-get install wine msttcorefonts

Install Internet Explorer under Linux

Open terminal and type the following commands:
$ wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
$ tar -zxvf ies4linux-latest.tar.gz
$ cd ies4linux-*
$ ./ies4linux

Just follow on screen installations. Once installed type the following command to start IE6:
$ ~/bin/ie6

Saturday, March 14, 2009

Vnc Configuration in Debian Etch/Lenny

VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing `desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

Install vncserver (as root):

This package provides a vncserver to which X clients can connect and the server generates a display that can be viewed with a vncviewer.

It contains an X server connector so clients can connect to your local X desktop directly.

Note: This server does not need a display. You need a vncviewer to see something. This viewer may also be on a computer running other operating system.

#apt-get install vnc4server

Choose your desired window size and color depth, then, as an ordinary user, open a terminal and type:

Vnc4server -geometry 1024x768 -depth 24

This will prompt you to create a password:

You will require a password to access your desktops.

Password:
Verify:

This will save a scrambled password in the file ~/.vnc/passwd.

Once that's been done you can create a new server by invoking:

vnc4server

This will start a new server and show you the "desktop" it is running upon. This is something that you'll need to know when connecting to the server.

The server will start and tell you where to access it:

New 'X' desktop is debian:1

Starting application specified in /etc/X11/Xsession
Log file is /home/test/.vnc/debian:1.log

Open the VNC viewer on your remote machine, enter the hostname:screen and password (use a hostname or IP that your client machine understands), and your Linux desktop will open in a window! Network speed and processor power will affect performance, but it's amazing how many apps will run fine under VNC. You might not be able to play Frozen Bubble, but you can use productivity applications without any trouble.

To kill the server enter a command similar to this, using the appropriate settings:

vnc4server -kill :1

If you wish to change the way the server runs you've got a couple of choices.

You can modify the global configuration by editing the file /etc/vnc.conf, copying this file to your home directory and naming it .vncrc will affect just servers you start.

Another common option is to adjust the window manager that remote users will recieve

once you've started one of the servers you'll need a client. One popular client is xvn4cviewer.

Installing VNC Client is simple:

#apt-get install xvnc4viewer

Once it's installed you can connect to a running server by using:

Xvnc4viewer hostname

If invoked with no arguments you'll be prompted for the host you wish to connect to, and if necessary a password.

Wednesday, March 11, 2009

WiFi Ad-hoc Network

Debian Method

  1. On each node, open /etc/network/interfaces in a text editor:

    $ su
    # sensible-editor /etc/network/interfaces
  2. Define stanzas for each node's wireless interface, setting the network SSID and the device's operating mode to ad-hoc:

    Node A

    auto wlan0
    iface wlan0 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    wireless-channel 1
    wireless-essid MYNETWORK
    wireless-mode ad-hoc

    Node B

    auto wlan0
    iface wlan0 inet static
    address 192.168.1.2
    netmask 255.255.255.0
    wireless-channel 1
    wireless-essid MYNETWORK
    wireless-mode ad-hoc

    {i} MadWifi users: You are required to provide driver-specific options (madwifi-base, madwifi-mode), in order to recreate the VAP in ad-hoc mode:

    • auto ath0
      iface ath0 inet static
      address 192.168.1.1
      netmask 255.255.255.0
      wireless-channel 1
      wireless-essid MYNETWORK
      madwifi-base wifi0
      madwifi-mode ad-hoc
  3. Save the file and exit the editor.
  4. Raise the interface on each node:

    # ifup wlan0
  5. Scan for ad-hoc cells in range (necessary for some drivers to trigger IBSS scanning):

    # iwlist wlan0 scan
    wlan0 Scan completed :
    Cell 01 - Address: 02:0F:B5:4F:74:ED
    ESSID:"MYNETWORK"
    Mode:Ad-Hoc
    Frequency:2.412 GHz (Channel 1)
    Quality=42/70 Signal level=-53 dBm Noise level=-95 dBm
    Encryption key:off
    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
    9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
    48 Mb/s; 54 Mb/s
    Extra:bcn_int=100
  6. To test, ping node A from node B:

    you@nodeB$ ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
    64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.073 ms
    64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.061 ms
    64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.062 ms
    64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.063 ms

    --- 192.168.1.1 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3001ms
    rtt min/avg/max/mdev = 0.061/0.064/0.073/0.010 ms

For general /etc/network/interfaces information, see the interfaces(5) man page.

Manual Method

  1. On each node, bring the wireless interface down, change the device's operating mode and SSID, then raise the interface:

    $ su
    # ifconfig wlan0 down
    # iwconfig wlan0 channel 1
    # iwconfig wlan0 essid MYNETWORK
    # iwconfig wlan0 mode ad-hoc
    # ifconfig wlan0 up

    {i} MadWifi users: You need to destroy the existing station VAP and create a new one in ad-hoc mode:

    • $ su
      # wlanconfig ath0 destroy
      # wlanconfig ath0 create wlandev wifi0 wlanmode adhoc
      # iwconfig ath0 channel 1
      # iwconfig ath0 essid MYNETWORK
      # ifconfig ath0 up
  2. Scan for ad-hoc cells in range (necessary for some drivers to trigger IBSS scanning):

    iwlist wlan0 scan
    wlan0 Scan completed :
    Cell 01 - Address: 02:0F:B5:4F:74:ED
    ESSID:"MYNETWORK"
    Mode:Ad-Hoc
    Frequency:2.412 GHz (Channel 1)
    Quality=42/70 Signal level=-53 dBm Noise level=-95 dBm
    Encryption key:off
    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
    9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
    48 Mb/s; 54 Mb/s
    Extra:bcn_int=100
  3. On each node, assign an IP address to the wireless interface:

    Node A

    # ifconfig wlan0 192.168.1.1 netmask 255.255.255.0

    Node B

    # ifconfig wlan0 192.168.1.2 netmask 255.255.255.0
  4. To test, ping node A from node B:

    you@nodeB$ ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
    64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.073 ms
    64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.061 ms
    64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.062 ms
    64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.063 ms

    --- 192.168.1.1 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3001ms
    rtt min/avg/max/mdev = 0.061/0.064/0.073/0.010 ms

Troubleshooting

  • Etch users: The rt2x00 "next-generation" drivers (rt2400pci, rt2500pci, rt2500usb, rt61pci, rt73usb) supplied in the EtchAndAHalf (2.6.24) kernel may not support ad-hoc operation. Install a 2.6.26 kernel from Debian Backports to provide updated drivers.

  • The default operating frequency/channel (2.412 GHz: channel 1) is frequently congested. Try using a different channel in the event of station association difficulties.
  • Wireless LAN devices compliant with IEEE 802.11 specifications will only support a maximum bit rate of 11 Mbit/s.

See Also

Atheros drivers: HowTo configure Wifi on Debian

The following instructions were written for models using the madwifi driver, and therefore refer to ath0 as the wireless device name. If you have a model using the Ralink driver, use ra0 instead. Also, you probably want to consult rt2860sta.

Atheros drivers

If you have a model with an Atheros AR242x wireless adapter, you have a choice between two kernel drivers for this adapter.

Historically the madwifi driver has been used. In addition to being not entirely free software, the madwifi driver apparently has some limitations. For information on why the madwifi driver is not free, see ../../FreeYourEee

New kernel versions, for example 2.6.26 currently in Debian Lenny, come with an entirely free ath5k driver, developed by the same team as the madwifi driver, but newer and apparently more featureful. Unfortunately, issues with the ath5k driver which have since been fixed still exist in the 2.6.26 version currently in Debian. In my experience, this amounted to the ath5k driver loading out of the box after a fresh Lenny install, presenting me with a wlan0 interface, but not listing any access points. Until more recent kernel versions are in Debian, you can follow these steps to use the more recent ath5k driver with the current 2.6.26 kernel.

NetworkManager: recommended for beginners

New users are recommended to use NetworkManager. Delete eth0 and ath0 configuration from /etc/network/interfaces, install network-manager and network-manager-gnome (or network-manager-kde) packages, and add your user to netdev group. The GNOME applet works with any window manager, so long as it has a notification area (e.g. LXDE's lxpanel has one).

su
apt-get install network-manager network-manager-gnome
adduser netdev

(You'll need to log out and in again for adduser to take effect.)

Wicd: lightweight alternative GUI network manager

For a more lightweight GUI network manager, although it is still rather new to Debian, wicd is a good alternative. While it is still only in sid and not in lenny, the sid version works on lenny for now. We expect in future it will be supported at backports.org, as it is gaining in popularity.

Wicd is a network manager without specific dependencies, usable also with XFCE, Fluxbox, etc.

Once installed, for stable version launch "/opt/wicd/tray.py" and for testing version launch "wicd-client" to show the tray icon in your desktop.

Simple open network

If you're impatient and want to configure for wifi without encryption to a single access point, you can simply set it up as follows:

Install the wireless-tools package.

(File: /etc/network/interfaces)
auto ath0
iface ath0 inet dhcp
wireless-essid router ID

If spaces are used in the ESSID, do not surround them with quotes.

However, beware that particularly with the rt2860 driver, configuring wifi with this method is prone to failure. It doesn't ... (FixMe: explain here what problems may arise.)

Wpa supplicant with PSK

A more elegant solution to connect to one or more access points either with or without encryption is to use wpasupplicant. This is our recommended way to configure wifi for the Eee. If any of the following is unclear or does not work for you, please check the documentation in /usr/share/doc/wpasupplicant/ for details.

First, you have to "aptitude install wpasupplicant".

To configure for wifi to single access point with WPA(2)-PSK encryption, open a text file and paste this and save it as /etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev
ap_scan=1
fast_reauth=1
eapol_version=1
network={
ssid="ROUTER ID"
psk="your password" # or psk=0123456789abcdef
priority=5
}

Note: some parameters take double-quotes and some don't as shown above, e.g. if psk is a hex key don't use double-quotes, but if it is a passphrase, do.

Then edit /etc/network/interfaces with this:

auto ath0
iface ath0 inet dhcp
wpa-driver wext
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Reboot and you have wifi :)

Wpa supplicant in roaming mode

For multiple access points, you'll want "roaming" mode. Starting with the previous example, in /etc/network/interfaces, change 'auto ath0' to 'allow-hotplug ath0', change 'wpa-conf' to 'wpa-roam'. Also change 'iface ath0 inet dhcp' to 'iface ath0 inet manual' and add a default connection method 'iface default inet dhcp'. When you're all done, your /etc/network/interfaces should look something like this:

auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug ath0
iface ath0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Now we are ready to define additional networks in /etc/wpa_supplicant/wpa_supplicant.conf. For example:

network={
key_mgmt=NONE
}

This is a catch-all that will associate with any open access point within range using dhcp to connect.

You can add additional specific networks, each with their own ssid and specify either the type of encryption to use or specify key_mgmt=NONE for either no encryption or WEP. We can also assign id strings to these networks, so that if, for example, your home network is static, and the local cafe is dhcp, we can alter our files like so.

For WEP, you specify the key as follows:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev
ap_scan=1
fast_reauth=1
eapol_version=1
network={
ssid="cafe"
key_mgmt=NONE
wep_key0=FFEEDD001122
id_str="cafe"
}
network={
ssid="home-router"
psk="your password" # or psk=0123456789abcdef
id_str="home"
}

Note: some parameters take double-quotes and some don't as shown above, e.g. if psk is a hex key don't use double-quotes, but if it is a passphrase, do.

And edit our /etc/network/interfaces as follows

auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug ath0
iface ath0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
iface cafe inet dhcp
iface home inet static
address 192.168.1.5
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

Tip: If you have trouble connecting to a network because it does not broadcast its ssid, add 'scan_ssid=1' to its network stanza.

Tip: Look in the ../Troubleshooting section if you have an error. Also see /usr/share/doc/wpasupplicant/ docs for more details.

Tip: Once you have a working configuration, you can use wpa_gui to easily add, delete, select and scan for networks. wpa_gui is a small, neat program that could do for all your needs, without forcing you to manually edit your configuration every time you connect to a new network.


901 hacks

On an EEE 901, with 2.6.26-1-686, the wireless module is the rt2860sta module. Using the function keys to disable the wireless works correctly. Re-enabling the wireless using the function however may not work. In this case, a rather unsightly workaround exists. This can be achieved by modifying /etc/acpi/actions/wireless.sh.

--- /home/eeeuser/tmpe  2009-01-06 22:24:37.000000000 +1100
+++ /etc/acpi/actions/wireless.sh 2009-01-06 21:46:12.000000000 +1100
@@ -10,6 +10,10 @@
if [ $(cat $wlan_control) = 0 ]; then
echo 1 > $wlan_control
detect_wlan
+ rmmod rt2860sta
+ rmmod pciehp
+ modprobe pciehp
+ modprobe rt2860sta
if [ "$WLAN_MOD" = 'ath_pci' ]; then
# madwifi needs some handholding
modprobe $WLAN_MOD

Re-enabling wireless should now function correctly.