Monday, July 29, 2013

Utilite, a $99 quad-core ARM-based PC running Ubuntu


Recently I have been reading about the quad-core ARM-based PC running Ubuntu called Utilite. Utilite packs a single-, dual- or quad-core Freescale i.MX6 Cortex-A9 MPCore processor (up to 1.2 GHz), up to 4GB of DDR3 RAM (1066MHz), an mSATA SSD (up to 512GB), WiFi b/g/n, Bluetooth 3.0, HDMI 1.4 up to 1920×1200 @ 60Hz, and DVI-D up to 1920×1200 @ 60Hz, Video Processing Unit supporting multi-stream 1080p H.264, VC1, RV10, and DivX decoding, Graphics Processing Unit supporting OpenGL ES 1.1 and 2.0, OpenVG 1.1, and OpenCL EP, two Gigabit Ethernet sockets, four USB 2.0 ports, one micro-USB OTG connector, audio jacks (analog and S/PDIF), a micro-SD XD slot and two ultra-mini RS232 serial ports interfaces. All this in a chassis mesuring just 5.3 x 3.9 x 0.8 inches
ports on back

The PC can be purchased with either Ubuntu Linux or Android.

CompuLab and its resellers will start accepting orders for the little computer in August. Originally full pricing wasn't announced, with CompuLab saying only that "Utilite will be offered in several configurations starting from $99." I did find this page with Utilite models, specifications and pricing.

To receive notification when Utilite is available for sale, please send us an email to sales@utilite-computer.com or follow Utilite on Twitter or Utilite on Google+

Please if you have anything to add or comments on the new box please share.

Sunday, May 12, 2013

Taskwarrior-androidapp

I mentioned in my last post that I have been using Taskwarrior. I have grown fond of this command line application. Applications like this remind me that just because it is a command line only application does not mean that it skimps on the features.
One concern I had is I wanted an application for my Android phone. After subscribing to the Google Group I realized their  is a functional Android app in development. Although still in development it looks promising, I installed it on my Android phone and have been using it the last couple weeks. One drawback is no auto sync capability yet so you have to manually copy over your completed.data and pending.data files.
If interested in trying out the Android app I will briefly outline the steps. You can get the APK here. If you subscribe to the mailing list new versions will be posted as they become available. I downloaded the APK to my computer and copied it to my phone. I copied it to the base level of my SD card so it was easy to find. I then installed the application APK manager developed by Magma Mobile Apps. Their are a couple versions of this app, by different developers, but this particular one was recommended to me and is available in the app store. After launching this app select 'Install' and the application should find the APK for you. On my phone the APK was called org.svij.taskwarriorapp.
NOTE:Be sure to enable the option to install the applications from unknown source on our Android. Open your Android system settings and click on Applications (Programs for some of the HTC devices) and check the option Unknown source. Those of you who are on Android ICS 4.0 you will find these settings under the Security settings.
After installing the app you can copy your completed.data and pending.data files from the hidden directory. ~/.task on your Ubuntu computer to the Taskwarior folder on your sdcard.
If you are interested you can get the code from the git repo here. The project is looking for some android developers so If you would like to build up some karma points please consider lending your skills to this fine project.

Saturday, April 27, 2013

To Do Applications

For quite some time I have been trying out different to do applications that will integrate with my Android phone and Ubuntu computer. Before I had a smart phone I loved Emacs OrgMode. However I recently switched to vim.

I tried Remember The Milk and Toodeldo. Both are very good apps. I use a form of GTD and their are several guides to use these apps as a GTD system. However I found myself spending more time setting up to do items then I would have liked. I guess my impatience got the best of me.

Since I use so many Google services GTasks seems liked an obvious next choice. I like that I can create different lists. I have a  personal-actions lists, school-action lists,work-action lists, reference. and tickler file. This is my modified GTD system. I also like the easy integration with Google calendar. Gtasks does not have an overwhelming amount of features, which I kind of like. However I continue to look at different to do apps in case their is a real jem out their i am missing.

Lately I have been trying out an app on my Android phone called Catch. You can have up to 5 spaces(notebooks/lists) for your free account and sync your to do list online. You can add more space if you go Pro. Some of the features I like is the ability to take notes via notes – obviously, checklists, audio notes, and pictures. Also Catch is a collaborative note application. You can share your space with anyone who has a Catch account – and even if they don’t you can invite them via e-mail.This is great for collaborating on projects.

Another app i really like is Evernote. Packed full of features it is very useful. I use it to take photos of brainstorming sessions off grease boards at work or school. By the time I am back at home the picture is there waiting. I also use it to clip things off the web.  Evernote has a set of organizational tools: tags, notebooks, and stacks. It has a ton of features. I use it a lot but not as a to do application. I need something a little simpler to get my to do tasks down quick. Maybe if I buckled down and got through the learning curve of some of these feature rich apps I would love them as to do apps.

When Google Keep came  out I was excited. I like the less is more approach. Too simple, maybe. I know, I know I am a  paradoxical creature. I am anxious to use it for a little while and see how it fits in my work flow. I have started using it for some of the things I used Evernote for, like taking pictures related to my to do items.

Just today I started using Taskwarrior on my Ubuntu box. I really like this app. I have a certain fondness for command line apps. I was pleasantly surprised at the features available. A quick read of the tutorial and I was up and going. They have a thirty second tutorial and a more detailed tutorial. It has features that allow a GTD type system to be used. Only problem with Taskwarrior is no Android app. However their is hope on the horizon. I read on the Taskwarrior site their is an Android app being developed. They are looking for Android developers to help with development. If this sounds interesting to you please check it out.

Please let me know what you use?

Tuesday, March 26, 2013

My favorite movies, mostly indie.

La Moustache:  Marc is sitting in his bath one morning and asks his wife, "how would you feel if I shaved off my mustache?" She doesn't think it's a great idea, for the 15 years they've been married, she's never known him without his 'stache. He shaves it off anyway, but when he sees his wife, she doesn't notice, neither do their friends at dinner that night, neither do his co-workers. Marc finally flips out,

Four Lions: A group of British jihadists who push their abstract dreams of glory to the breaking point. The wheels fly off, and their competing ideologies clash, what emerges is an emotionally engaging (and entirely plausible) farce. Four Lions is a comic tour de force.

Buddy Boy:
An introvert relieves the tedium of caring for his invalid mother by spying on his neighbor. He has halucinations of the  vegan girl eating meat leading to...well you will see.

Choking Man  The social anxiety of a morbidly shy Ecuadorian dishwasher working in a Queens diner provides the psychological engine that powers this blend of drama and magical realism.

Tsotsi:
Six days in the violent life of a young Johannesburg gang leader, leading to him caring for an infant.

Millions:
A 7-year old finds a bag of Pounds just days before the currency is switched to Euros and within a short time they wrestle with what to do. 

11:14:
Tells the seemingly random yet vitally connected story of a set of incidents that all converge one evening at 11:14pm. The story follows the chain of events of five different characters and five different storylines that all converge to tell the story of murder and deceit.

13 Tzameti :
Sebastian, a young man, has decided to follow instructions intended for someone else, without knowing where they will take him. Something else he does not know is that Gerard Dorez, a cop on a knife-edge, is tailing him. When he reaches his destination, Sebastian falls into a degenerate, clandestine world of mental chaos behind closed doors in which men gamble on the lives of others men.

Man Push Cart:
Every night while the city sleeps, Ahmad, a Pakistani immigrant, struggles to drag his heavy cart along the streets of New York to his corner in Midtown Manhattan. And every morning, from inside his cart he sells coffee and donuts to a city he cannot call his own. He is the worker found on every street corner in every city. He is a man who wonders if he will ever escape his fate.

The Tiger and the Snow:
Love and injury in time of war. Attilio de Giovanni teaches poetry in Italy. He has a romantic soul, and women love him. But he is in love with Vittoria, and the love is unrequited. Every night he dreams of marrying her, in his boxer shorts and t-shirt, as Tom Waits sings. Vittoria travels to Iraq with her friend, Fuad, a poet; they are there with the second Gulf War breaks out. Vittoria is injured. Attilio must get to her side, and then, as war rages around him, he must find her the medical care she needs. In war, does love conquer all?

Starting Out in the Evening:
Against the backdrop of Manhattan's changing literary and publishing world, aging novelist Leonard Schiller is asked by Heather Wolfe, a graduate student and budding literary critic, to agree to interviews. He's reluctant to spend the time: his health is failing and he wants to finish one more book. He agrees, hoping Heather can help resurrect interest in his work. As Heather probes Frank's writing and his past, Ariel reconnects to a former lover. Emotions can be raw and messy, and as relationships change, who gets the better part of the bargain?

The Talent Given Us:
Judy and Allen are 70 years old, retired now, and at that point in their unremarkable marriage and lives that the farthest the day calls them from the crossword puzzle is to the Fairway supermarket. On one such excursion they run into two of their son Andrew's teachers from high school who want Andrew to return to New York to teach at his alma mater. Judy promises to pass the offer along, concealing the disappointment that she rarely speaks to her son. In the day that follows she spirals into a regret which ends in her epiphany to remedy her relationship with him.

Sorry, Haters:
gainst the anxieties and fears of post-9/11 America, an Arab cab driver picks up a troubled professional woman with unexpected results.

This is England: 

A story about a troubled boy growing up in England, set in 1983. He comes across a few skinheads on his way home from school, after a fight. They become his new best friends even like family. Based on experiences of director Shane Meadows.

Mother Night: Howard W. Campbell, Jr., an American expatriate playwright, Nazi radio propagandist, and Allied spy, writes his memoirs during his pre-trial confinement in 1961 Haifa and learns that people are what they pretend to be.

Fido: Timmy Robinson's best friend in the whole wide world is a six-foot tall rotting zombie named Fido. But when FIDO eats the next-door neighbor, Mom and Dad hit the roof, and Timmy has to go to the ends of the earth to keep Fido a part of the family

Bright Young Things: a cash strapped writer needs cash to marry. Takes on Persona Mr Chatterbox.
 

Waking Ned Divine: Ned dies and an entire town plots to get the money for his winning lotto ticket.

Wristcutters: dark romance comedy?. People who commit suicide go to special afterlife.

Puffy Chair: Josh and Emily are in a relationship, but he can be inattentive and unromantic and she can shift her focus from small things to emotional issues in a moment. He invites her to drive from New York City to somewhere in Virginia to pick up a chair that he's bought on eBay for his father's birthday. 

Hannah Takes the Stairs: Hannah is a recent college graduate interning at a Chicago production company. She is crushing on two writers at work, Matt and Paul, who share an office and keep her entertained. Will a relationship with one of them disrupt the delicate balance of their friendship?

All Over: Me Coming of age lesbian, Hatecrime (soundtrack)

Thursday, March 21, 2013

System administrators need to seek new approaches to computer and network security

Reading my weekly digest of security blogs I came across a great and free course on Survivability and Information Assurance

A brief excerpt from the website:

"Today's organizations rely on networked systems powered by fast-changing technology. This reliance makes them more vulnerable to attacks and forces system administrators need to seek new approaches to computer and network security. To help them, the CERT Program has developed a downloadable curriculum in survivability and information assurance (SIA)."


With the increasing security threats, knowledge about the protection of information systems and their contents is very important for anyone working in the computer industry. I have learned a lot from this course and I hope you do to.

The original CERT course is no longer being maintained. However Duane Dunston has continued to develop on the original curriculum developed by the team at team at Carnegie Mellon. This updated and maintained course is freely available for anyone to use in the classroom or self-study.  You can find the home page for the new Survivability and Information Assurance Curriculum here http://www.learnsia.org .
The direct link for the maintained courses is  http://www.learnsia.org/curriculum.php .

This link contains docbook and other formats for the course. I found the original download required a little overhead to get started. 

I have spent some time organizing the available curriculum to make it more user friendly. I also downloaded all the required reading for the Survivability and Assurance Curriculum. I have put together the .odt and html formats of the course.  I wanted to put together the formats of the course that are easily readable by a default Ubuntu install.  My organized version of the course, with the required reading documents downloaded and included can be found here http://people.ubuntu.com/~duanedesign/SurvivabilityandInformationAssuranceCurriculum/


I am still uploading all the chapters. However the first several chapters are available for you to get started. I will have the last few uploaded shortly.


You can read the original blog post here: http://www.linuxsecurity.com/content/view/155939?rdf

The new project by Duane Dunston is looking for volunteers. Please visit this page for volunteer opportunities. http://www.learnsia.org/#volunteers

Sunday, March 17, 2013

iptables

The other day I was looking at different options to secure my server. DenyHosts and fail2ban to name a few.After a little research i concluded Ubuntu, and many distros come with a powerful firewall feature called iptables.

Iptables is the userspace module, the part the user interacts with. Iptables allow you to interact
with at the command line to enter firewall rules into tables. Netfilter is a kernel module, built into the kernel, that actually does the filtering.

Below is an example to get you used to the the various iptables
commands. We will create a very simple set of rules to set up a Stateful Packet Inspection (SPI) firewall. This will allow all outgoing connections but block all unwanted incoming connections.

Iptables places rules into predefined chains (INPUT, OUTPUT and FORWARD) that are checked against any network traffic (IP packets) relevant to those chains and a decision is made about what to do with each packet based upon the outcome of those rules, i.e. accepting or dropping the packet. These actions are referred to as targets, of which the two most common predefined targets are DROP to drop a packet or ACCEPT to accept a packet.

For the most part, we are going to be dealing with the INPUT chain to filter packets entering our machine - that is, keeping the bad guys out.

Rules are added in a list to each chain. A packet is checked against each rule in turn, starting at the top, and if it matches that rule, then an action is taken such as accepting (ACCEPT) or dropping (DROP) the packet. Once a rule has been matched and an action taken, then the packet is processed according to the outcome of that rule and isn't processed by further rules in the chain. If a packet passes down through all the rules in the chain and reaches the bottom without being matched against any rule, then the default action for that chain is taken. This is referred to as the default policy and may be set to either ACCEPT or DROP the packet.

1. We can set a default policy to DROP all packets and then add rules to specifically allow (ACCEPT) packets that may be from trusted IP addresses, or for certain ports on which we have services running such as bittorrent, FTP server, Web Server, Samba file server etc. or alternatively,

2. We can set a default policy to ACCEPT all packets and then add rules to specifically block (DROP) packets that may be from specific nuisance IP addresses or ranges, or for certain ports on which we have private services or no services running.

Generally, option 1 above is used for the INPUT chain where we want to control what is allowed to access our machine and option 2 would be used for the OUTPUT chain where we generally trust the traffic that is leaving (originating from) our machine.

The following command lists your current rules in iptables. If you have just set up your server, you will have no rules, and you should see the following.

iptables -L

Chain INPUT (policy ACCEPT)
target     prot    opt source               destination       
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere          
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination       
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Your First Rule Set

I like this example because it illustrates an important mistake i have made more then I care to admit. We will clear the default rule set. If you are connecting remotely to a server via SSH you must be sure to run the first command, well first. If not you will lock yourself out of your server and it is quite a rigamarole to get back in. You must set the default policy to accept before flushing the rules. Then you will add a rule to  prevent locking yourself out.

I use Ubuntu so i have included sudo in these commands. If your distro has a root account you can just become root as you run these. Be sure to un-root when done.

sudo iptables -P INPUT ACCEPT
sudo iptables -F
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT ACCEPT
sudo iptables -L -v



Running iptables -L should now give you.

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Now lets look at each of the 8 commands above in turn and understand exactly what we've just done:

iptables -P INPUT ACCEPT If connecting remotely we must first temporarily set the default policy on the INPUT chain to ACCEPT otherwise once we flush the current rules we will be locked out of our server.

iptables -F We used the -F switch to flush all existing rules so we start with a clean state from which to add new rules.

iptables -A INPUT -i lo -j ACCEPT Now it's time to start adding some rules. We use the -A switch to append (or add) a rule to a specific chain, the INPUT chain in this instance. Then we use the -i switch (for interface) to specify packets matching or destined for the lo (localhost, 127.0.0.1) interface and finally -j (jump) to the target action for packets matching the rule - in this case ACCEPT. So this rule will allow all incoming packets destined for the localhost interface to be accepted. This is generally required as many software applications expect to be able to communicate with the localhost adaptor.

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT This is the rule that does most of the work, and again we are adding (-A) it to the INPUT chain. Here we're using the -m switch to load a module (state). The state module is able to examine the state of a packet and determine if it is NEW, ESTABLISHED or RELATED. NEW refers to incoming packets that are new incoming connections that weren't initiated by the host system. ESTABLISHED and RELATED refers to incoming packets that are part of an already established connection or related to and already established connection.

iptables -A INPUT -p tcp --dport 22 -j ACCEPT Here we add a rule allowing SSH connections over tcp port 22. This is to prevent accidental lockouts when working on remote systems over an SSH connection. We will explain this rule in more detail later.

iptables -P INPUT DROP
The -P switch sets the default policy on the specified chain. So now we can set the default policy on the INPUT chain to DROP. This means that if an incoming packet does not match one of the following rules it will be dropped. If we were connecting remotely via SSH and had not added the rule above, we would have just locked ourself out of the system at this point.

iptables -P FORWARD DROP Similarly, here we've set the default policy on the FORWARD chain to DROP as we're not using our computer as a router so there should not be any packets passing through our computer.

iptables -P OUTPUT ACCEPT
and finally, we've set the default policy on the OUTPUT chain to ACCEPT as we want to allow all outgoing traffic (as we trust our users).

iptables -L -v Finally, we can list (-L) the rules we've just added to check they've been loaded correctly.

Finally, the last thing we need to do is save our rules so that next time we reboot our computer rules are automatically reloaded.

Save your configuration to /etc/iptables.rule.

sudo sh -c "iptables-save > /etc/iptables.rules"

To restore, edit /etc/rc.local and add this command anywhere above the
line "exit 0"

iptables-restore < /etc/iptables.rules

Pulseaudio EQ for Ubuntu

Today I was looking for a system wide EQ for pulseaudio. I found  an EQ that is working very well for me on Ubuntu 12.04. According to this blog post the EQ should work on  Ubuntu 12.04, 12.10 and 13.04. The relevant commands to install this EQ are:

sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get install pulseaudio-equalizer

This EQ is no longer developed but works very well as is for many users. However some users have been looking for an alternative. Reading this post I found that their is an alternative available.



from the linked blog post:

"Pulseaudio has, for a while, its own built-in system-wide equalizer. However, the Pulseaudio packages available in the official Ubuntu repositories are not build with equalizer support. In Ubuntu 13.04, Pulseaudio is finally build with equalizer support but the actual equalizer is missing from the package for some reason, even though it's available in the source.

So, to make things easier for you, I've create a PPA for Ubuntu 13.04, 12.10 and 12.04 with Pulseaudio built with equalizer support and with the actual equalizer enabled."

If the you are interested in this option please visit this page. Let me know how it works for you.