Cheap and easy SSL certificates

Found out about www.startssl.com yesterday. If you need a basic free SSL certificate have a look there, no trouble at all to get setup. NGINX and the Murmur server both have valid SSL certificates ūüôā

Upgrade your OpenSSL as soon as you can

http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/

The flaw can potentially be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.

This bug not a problem with OpenSSL’s inherent design. It’s an implementation problem. That is to say it the result of a programming mistake. There is already a fix available for the problem for the 1.01 program in OpenSSL 1.0.1g. Work is proceeding rapidly for a pair of the 1.02-beta line.

 

Problems encountered setting up SCOM 2007 R2 in a lab

While setting up a SCOM 2007 deployment to do some testing from 2007 to 2012 I came across some annoying as F issues, this is what I did to clear the logs. If more pop up I shall append to this post.

The first hurdle with installing SCOM 2007 I came across was the default database not installing. The workaround is in the toolkit on the install disk/iso under SupportToolsAMD64DBCreateWizard.exe . This will walk you through setup of the Database. Once that is done rerun the installation tool and you should be good to go.

The next bump in the road was what looked to be a common issue where you get a periodic event in the Operation Manger event log with ID 11464, even after I thought I had created the SCOM AD SCP correctly. For some reason the SDKServiceSCP was not being created. Creating that manually using ADSIEdit solved that WTF.

For some reason the permissions on the OperationsManager container where also screwed up, adding the SCOMAdmin group resolved that tidily.

Of course I had to remember to restart the HealthService (net stop HealthService && net start HealthService) each time otherwise you will wait around an hour to see if the error has been eradicated.

How to enable exFAT in Ubuntu

Today’s modern filesystems were built with spinning-disk hard drives in mind. This is true for Linux’s Ext2/3/4, Windows’ NTFS, and server filesystems like XFS and ZFS. And, of course, so was the original FAT though it wasn’t so much optimised, more simply being one of the first filesystems designed to address magnetic media.

However it’s the simplicity of FAT that makes it attractive for the new generation of storage mediums based on flash memory. Usually, flash memory devices (think SD/memory cards and USB keys) don’t have the fastest interfaces to the computer, and any overhead a filesystem introduces simply slows it down. And, because flash storage devices don’t often approach the volume of spinning-disk drives, you don’t need advanced filesystems to handle them.

How to enable exFAT in Ubuntu.

 

Customising actions on USB using USBDLM

There are many problems with USB in Windows. One being that every time you insert a drive it can have almost any drive letter, another running something automatically from the drive. Will discuss the second first:

Microsoft had Autorun for many years, since Windows 95, but they have had to nerf the hell out of it to stop the prevalence of virus‚Äôs and Trojan’s propagating using sneaker-net. A clever chap by the name of Uwe Sieber (http://www.uwe-sieber.de) has come to the rescue with USBDLM (USB Drive Letter Manager).

USBDLM is a Windows service that gives control over Windows’ drive letter assignment for USB drives. Running as service makes it independent of the logged on user’s privileges, so there is no need to give the users the privilege to change drive letters.
It automatically solves conflicts between USB drives and network or subst drives of the currently logged on user.
Furthermore you can define new default letters for USB drives and much more.

On my flash drive I have a TrueCrypt install with a 4GB container for my documents and wanted it to mount automagically whenever that drive is inserted into one of my computers. One of the features of USBDLM is to execute a command when a specific device is attached.

First things first, go fetch USBDLM ZIP file from http://www.uwe-sieber.de/usbdlm_e.html and unzip to a folder. I recommend using C:Tools for this sort of stuff, makes backups easier. Once unzipped run the _install.cmd file as Administrator, if you are not logged on as an Administrator use the RunAs Administrator option in the context menu. To get started rename the USBDLM_sample.INI to USBDLM.INI, this file is read every time a device is inserted so no need to restart the service while testing.

To have the ‚ÄúAutorun‚ÄĚ mount a TrueCrypt you will need a section like this one

[OnArrival20]
DeviceID1=USBVID_125F&PID_312A9021000000000003637772282
FileExists=%drive%MyTrueCryptFile.TC
open=”%drive%TrueCryptTrueCrypt.exe” /q /v %drive%MyTrueCryptFile.TC /letter N

To open an item on the drive you need to create an [OnArrival] section.
The DeviceID can be determined using the included ListUsbDrives_To_Notepad.cmd which will open a text file through which you can find the USB DevID for the USB device your Truecrypt file is on.
The FileExists portion is optional, use this to first check the file is actually on the device. The %drive% is a placeholder for whatever drive letter the USB device is mounted as.
The open portion is where you will put the command line to open whatever you want, here it is a TrueCrypt file.

Once my TrueCrypt container is mounted another OnArrival section opens my KeePass database. A really useful feature when you have applications automatically running is the OnRemovalRequest section which can then run the commands to un-mount the TrueCrypt volume after closing my KeePass database.

Another very useful feature of USBDLM is the initial purpose behind the service, the ability to enforce the assignment of USB drives to specific drive letters. This is done thusly

[DriveLetters]
Letters=F,G,H,I,-

[DriveLetters10]
DeviceID1=USBVID_125F&PID_312A9021000000000003637772282
Letters=A

This is far simpler, [DriverLetters] defines what letters are available to be assigned to USB drives.

[DriveLetters10] is a bit more complex, a very small bit. Using this example it will assign the drive letter A whenever the device with DeviceIS1 is attached.

There are lots of additional things you can do, all well documented in the help file included with the download.

Create an USB key to lock and unlock Windows 7 to enhance security via The Customize Windows Blog

Excerpt

It is possible to lock down  with a USB key, so that no one can start  without having this USB pen drive or thumb drive. The principle of this tutorial stands on the database security accounts manager (SAM Security Accounts Manager). This database Data is encrypted with a key system and stored locally.

You can use the utility SysKey to further secure the SAM database by storing the encryption key for this database outside of the computer.

If you store this database on a USB key at every system startup, Windows will ask you to insert the USB key, and without this key can not boot into Windows 7.

Read more: Create an USB key to lock and unlock Windows 7 to enhance security

Setting up FreeBSD for the BSD n00b (ie me)

This is not intended for those that have an idea of what they are doing. I have mostly been a Debian user, so much of this is new especially the way apps work.

Once you have downloaded your ISO of choice from www.freebsd.org you can put it on to an optical disk of USB thumb drive, or like I did mount it in VMware.

The basic wizard should get you setup fairly quick, what I would advise though is installing all the options, especially the src (which are needed when installing stuff like the OpenVM tools).
Continue reading “Setting up FreeBSD for the BSD n00b (ie me)”

Basics: Introduction to Zener Diodes – Evil Mad Scientist Laboratories

A good intro to Zener diodes can be found @ Mad ScientistZener

Diodes are a special type of semiconductor diode– devices that allow current to flow in one direction only –that also allow current to flow in the opposite direction, but only when exposed to enough voltage. And while that sounds a bit esoteric, they’re actually among the handiest components ever to cross an engineer’s bench, providing great solutions to a number of common needs in circuit design.

In what follows, we’ll show you how (and when) to use a Zener, for applications including simple reference voltages, clamping signals to specific voltage ranges, and easing the load on a voltage regulator.

My experience with tablets

I had been able to avoid the tablet “craze” for a while, but the need for a more portable computing device that wasn’t under 4″ in size started becoming a reality after lugging a Dell XPS L502X around for 6 months.

I tried to survive using a GalaxyS and a Blackberry but the screens and browser experience was just not up to par with something a bit larger.

So I started looking around at the tablets available. I tried a Galaxy 10.1″, and the 7″ along with a Toshiba wi-fi tablet someone acquired from Dubai. They are all great devices in their own rights but they all suffered from the same lag issue I have with my GalaxyS, especially when flipping thorough pages.

I have now ended up with the only tablet that seems to do as advertised, provide a smooth stable consistent experience. First National Bank are running a promotion where you get a 16GB iPad with 3G for ZAR220 a month over 24 months which if you exclude the monthly cheque account is fee is R420 less than retail. BARGAIN!!!

I have now had the thing for a week and am wondering why it took so long to take the plunge. I am actually typing this post using the WordPress app, and am able to type at a fair tick, even though I am unable to actually “touch type”. Other uses I have found useful

  • Watching Podcast video
  • House shopping for the move end of the month
  • Reading my Google Reader and Twitter feed using FlipBoard
  • General Browsing
  • All in all I think I can safely give the iPad an A+ for doing what they say and doing it properly.

    The only con I have is OMG why did they bother with the cameras, these ones SUCK more than those in my old Blackberry 8520

    Timesheets – You’re doing it wrong – Dominic White

    Dominic has this so right

    Timesheets – You’re doing it wrong

    When managing teams of “information workers”, I believe the use of time sheets is indicative of a management failure. Here’s why:

    If you have to rely on a timesheet to know what your staff are doing – you’re doing it wrong

    If you can’t trust your staff to work hard – you have problems a timesheet won’t fix

    If you believe you have too many staff to manage – get more managers

    If you think anyone completes them accurately – you drank the kool aid

    If you think the time it takes to actually complete them accurately is worth it – you hate your staff

    If you manage your business from these inaccurate stats – you’re making bad decisions

    If your senior people have PAs complete their timesheets for them – you’re a hypocrite

    If you spent millions on a new timesheet system, but didn’t make it any easier for the staff using the system – you just suck

    Posted by Dominic White in Life at 20:00 | Comments (3) | Trackbacks (0)

    via Timesheets – You’re doing it wrong – Dominic White.