Tony Narlock Living life in the cloud

27Mar/100

Privacy tips for computer data and storage

Computer's are akin to personal black boxes. It records things without you consenting or knowing. A common folk would think they deleted a file, when it's merely be cleared from sight. Files aren't gone until they're overwritten. What's more, applications leave databases, caches, and other logfiles which are impossible to keep track of.

You can help protect and maintain privacy of your data using various methods:

  1. Avoid creation of extraneous logs - Use privacy mode in your browsers, avoid making logs in the first place. Watch out, vendors are always finding new ways to sneak spyware into your PC.
  2. Erase files securely - Overwrite data with scrambled junk, then delete.
  3. Overwrite empty space - Inflate a file with zeroes or random junk to swallow up any remaining data.
  4. Use light encryption for your Hard Disk or User folder - Using crypto will offer piece of mind if a laptop is lost or stolen.

Adobe Flash (cross-platform)

(Formerly known as Macromedia Flash.)

Delete flash cookies (Locally stored objects)

Flash settings manager will allow you to delete flash cookies.

Mozilla Firefox (cross-platform)

Grab, Flashblock and BetterPrivacy.

Locally Stored Objects

Get BetterPrivacy.

Flash junk

Grab Flashblock.

Javascript

Grab NoScript.

Advertisements

Grab Adblock Plus.

Launch Firefox by Privacy Mode by default

Launch Firefox.

In the location bar, type about:config.

It will "void your warranty", click OK.

In "Filter", type "private" and hit enter. This will help filter all those config variables.

Change browser.privatebrowsing.autostart to true.

Change browser.privatebrowsing.dont_prompt_on_enter to true.

Microsoft Windows

Internet Explorer 8 in Privacy Mode

Right-click an Internet Explorer Icon. Properties.  Shortcut.  After target, add " -private". Apply, OK. Click the icon, IE should launch in InPrivate mode.

By right clicking the IE icon on your taskbar, you'll also have the "task" of starting IE in inprivate mode. See this also.

Use Chrome in Incognito mode.

Go into your start menu, search "Chrome". Google Chrome will appear, right click. Go to properties, append (add to the end) -incognito.

Click the wrench icon, Go to Options. Click the "Privacy tab", Uncheck everything under privacy.

Your shortcut will look something like: C:\Users\<Your username>\AppData\Local\Google\Chrome\Application\chrome.exe -incognito

Pin this new shortcut to your taskbar.

Also consider using a privacy-friendly version of Chromium, SRWare Iron has been getting a lot of attention lately.

Shred documents

Download Eraser. Install it. You will now be able to right-click your trash bin to secure delete those files.

Download Ccleaner, go to "Options", Go to "Settings". Change Secure Deletion to "Secure file deletion (Slower)" and choose DOD 5220.22-M (3 passes). Check everything except "Wipe free space", even your form histories, close your browsers, Analyze. Run cleaner.

Wipe your free space

In CCleaner,  Every week or so, check "Wipe free space" then Run Cleaner.

Encrypt your Hard Drive

In 10+ useful applications for Windows 7 I recommended Truecrypt as a free solution for HD encryption. This How-to can help.  With truecrypt you can create containers for your documents and even your whole OS. If you keep a laptop with anything personal or professional on your computer make this a common practice.

Mac OS X

Chrome and Firefox

Use the tips above the Windows section. Firefox will let you go into about:config and change those variables. CoolGeex.com has a helpful post about making an incognito shortcut for Google Chrome.

Delete Locally Stored Objects

Download, install (Drag to Applications) and run Flush.app.

Encrypt your HD

Clear at least half of your hard drive space.

Go into System Preferences. Click Security. Enable Filevault.

Wait like 10 hours.

Secure delete files

Click a Finder Window.

Click File, click Secure Empty Trash.

Grab Cocktail. Drag it to your Applications folder (install) and open.

In Cocktail Preferences, choose to secure delete those files. Schedule it to run nightly and rotate/erase logs, clear browser caches, etc. If you're not open to shelling over a few cents to protect yourself, you can try Onyx.

Wipe your freespace

Open Disk Utility.

Choose your partition on the left. It may be named Macintosh Hard Drive.

Click the Erase tab.

Use Erase free space and run over it at least once. If you have more time, do more passes.

Linux

Chrome and Firefox

Use the tips above the Windows section. Firefox will let you go into about:config and change those variables.

If you use Google Chrome, open ~/.bashrc and append alias chrome='google-chrome -incognito &'. Run source ~/.profile or source ~/.bashrc. Now chrome will run google-chrome in incognito mode.

Encrypt hard drive

Fedora and Ubuntu all offer options on installation to encrypt your /home/ folder. Be sure to pay attention to your install wizard and encrypt them. Remember your password, the encryption is based upon it.

I don't want to go over encryption via pure command line because there is too much chance you can destroy your data if you make a mistake. If you google an article on this, just be sure to go into /home and copy cp -r /home/yourusername /home/yourusernamebackup so your data doesn't just die.

Secure delete commands

Note: These commands are for experienced Linux users. Don't use these unless you can understand what the commands inside mean, or else it's simply too much risk.

Open your terminal of choice. Open .bashrc vim or nano. vim ~/.bashrc.

Append this to the bottom of your .bashrc:

alias deleteeverything='find . -type f -execdir shred -u '{}' \;'
alias salttheearth='dd if=/dev/zero of=junkfile ; rm junkfile'
alias fogettaboutit='shred -u ~/.bash_history'

Run source ~/.profile or source ~/.bashrc. Here is an overview of these commands:

deleteeverything will shred files cursively then delete them. When you're done with this, type rm -rf because the -u flag in shred won't rm folders. This command works relative to the current directory your in. Thanks opentux from LinuxForums.

salttheearth will erase free space by inflating a gigantic file with /dev/zero to fill up all remaining free space, then delete the file. It takes a while. /dev/random can give you better security. Thanks ssd.eff.org.

fogettaboutit will securely delete your .bash_history. When you're done with this, you can exit your term session.

In combo moves, I like to use salttheearth & fogettaboutit.

Safely parting with your old hard drive

Don't sell people equipment with your hard drive data. Destroy it. Buy a cheap one. Find a computer geek friend to help with the hard drive. Go to best buy with your computer (which has your Windows license on a sticker) and ask them to install a windows from an on-hand OEM disc. You just gave someone a cleaner computer.

  1. Secure delete data - delete everything and fill the disk with 0's. Kill Disk is a solution that lets you put the software onto an ISO or floppy to run at boot. Do at least a single run of random data. The more passes and more randomness, the longer it will take. Theoretically, more randomness and passes is more secure.
  2. Physically destroy it - Get a Torx screw driver set. This will help you unscrew the screws that hold the drive together. Many drives now have multiple levels of wafers. Get a hammer to break them. Sand them. Shatter them into a million pieces. Put orange juice and pancake syrup on them. Get creative, make an art project out of it, put the digital flakes into colored sand-filled bottles and sell them at Sea World. Put them in a dumpster. You are secure my friend.

Overkill

Spybot Resident - Spybot resident prompts you everytime a registry alteration is made. This is annoying and unnecessary unless you know computers well enough to understand the warnings.

Norton and other chunky antiviruses - Norton is notorious with slowing and bogging down computers. In my Top 10 applications for Windows I tip my hat to Nod32 for a light, effective and fast AV solution.

Too much encryption - Unless you're really paranoid, is too painstaking. Many encryption appliances simply use your password as a key to encrypt your user folder. Typical people only need very light encryption. However if you have very important data know that using a portable medium is not a good idea, consider consulting professionals.

Updates

Monday May 17th, 2010 - Added Internet Explorer 8 InPrivate Mode.

23Mar/100

Debugging and troubleshooting postfix

Error: Postfix isn't working with mail() on PHP automatically.

Common problem: You have exim or something else running.

Solution: try lsof -i :25. If you intend on using postfix, kill the pid of the app, remove the package of exim or sendmail if you have it installed. See This postfix thread on Ubuntu Forums.


Other issue: Postfix isn't working (miscellaneous)

Solution: tail /var/log/maillog or tail /var/log/mail.err (source)

Error: fatal: open lock file /var/lib/postfix/master.lock: unable to set exclusive lock: Resource temporarily unavailable

You may have another copy of postfix still open. Use lsof -i :25 to track down which process. kill the pid and postfix reload.


Error: postfix set-permissions returns
chown: cannot access `/usr/lib/postfix/dict_cdb.so': No such file or directory.

May be by design, #274108 in ubuntu launchpad says this command doesn't necessarily mean something's wrong.

Helpful resources

Ubuntu handbook page: https://help.ubuntu.com/community/Postfix

17Mar/100

Add your user groups to sudoers file

sudo allows system administrators to delegate authority to other users on a server. In this post, we will show how user groups can sudo.

Sudo (su "do") allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

Some users mistakenly attempt to add themselves to the /etc/sudoers file directly. This doesn't work. Use the command visudo.

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

You can have add a user called penguin to users: useradd -G users penguin

Then, you can add penguin to the admin admin group. usermod -a -G admin penguin

Now penguin can sudo.

You can also give users ability to sudo without a password (for cron-type stuff).

Type visudo in terminal.

Uncomment # %sudo ALL=NOPASSWD: ALL by removing the #, or add %sudo ALL=NOPASSWD: ALL

Now add penguin to sudo group.

usermod -a -G sudo penguin

For more information on sudo, you can see the manual pages at man sudo.

10Mar/100

Remove services (mpd) from system startup in Linux

I'm using MPD on Ubuntu and Debian and get annoyed by mpd starting at boot time under root.

Your startup services lie in the /etc/rc.d folder. You will observe that ls -l /etc/rc4.d for instance, will show you these files are weighted to run in order and symlink to their corresponding startup scripts in /etc/init.d.

To disable mpd, for instance, update-rc.d can help:

sudo update-rc.d -f mpd remove

Now you will be able to add mpd to a local user script on startup without having to sudo mpd --kill or sudo killall mpd.

5Mar/100

Troubleshooting locales in the cloud on debian and ubuntu

If you use Amazon EC2 or Rackspace Cloud Servers, you may end up running into this after your create your instance. I often get these on Debian and Ubuntu (since it's debian based also).

lennycloud:~# perl
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

You're missing locales.

Update your apt database. sudo apt-get update

Download locales. sudo apt-get install locales

Now configure it, and download what locales you need. dpkg-reconfigure locales on Debian. sudo locale-gen en_US.UTF-8 on Ubuntu Hardy Heron 8.04 (Note: on server, you may be logged in as root).

I pick en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15 and en_US.UTF-8 UTF-8.

And that solves it.

Updated April 03, 2010 to include locale-gen.

5Mar/101

Use s3sync.rb + screen to move your files to the cloud

Move to your s3sync dir.

screen ./s3sync.rb -r /home/tony/backups/ backup:backups -v

screen means you will be able to run the command as a screen process. ctrl-d to detach screen, screen -r to resume.

-r means recursive copy.

/home/tony/backups is where cron stores you backupps. You can replace this with whatever dir you want to sync.

backups is the name of the bucket. Do ./s3cmd createbucket to create your bucket

: is a seperator

backups is a prefix for the bucket.

-v means verbose, so you can see the progress in your screen.

If screen quits too fast, the command may not have worked.

If you detached and screen doesn't resume, your job may done, check your s3 to see if files transferred.

Also, make sure you have your s3config.yml file ready, you need to copy your key from your Amazon AWS account.

26Dec/090

10-plus essential applications for Windows 7

As a full-time Linux user, I'm not a very big Windows fan. However, I'd like to present some apps I zealously adhered to over my old days as a poweruser.

When a friend or colleague has a bogged-down system (be it by viruses, badware or general oldness), I often ask if they're willing to Backup their Documents/Music and reformat. This means installing applications over again, but the improvements are always substantial.

Updates

  • March 20, 2010 - Dress up article with some screenshots / images.
  • March 17, 2010 - Added Sumatra PDF, a free, open source PDF viewer.

A note

The install wizards on these programs may bait you into downloading Yahoo! or Ask.com software. If the Terms of Service/Privacy policy in the install wizard says "I agree to xxx and to Installing Yahoo!/Ask.com", Don't check it. Just click next/Install. If you accidentally do, go to Add/Remove apps and uninstall, you don't want them.

Here are some of the apps I download after a fresh OEM install:

Grab all your essentials in one sitting: Ninite

Type (License): Freeware (Proprietary)

Website: http://ninite.com/

This program is a deliverance from the almighty himself. Check the boxes for the programs you want to install and it will create a batch installer. You need internet access to do this. It includes everything from Java and Flash to Dropbox, to VLC, to steam, Open Office, Abiword, Skype, etc.

I could end this post right here, but I'll go on.

Tweaking: TuneUp Utilities 2006-2010

Type (License): $49.00 / Demo (proprietary)

Website: http://www.tune-up.com/products/tuneup-utilities/

The king of all system control apps. Has full features for performance tweaking, removing junk files, optimizing network settings and even theming. The 2010 version even has a turbo mode that removes system services to make your computer zip. It has so many features I can't fit them.

Privacy / Performance: CCleaner

Alternative to: TuneUp Utilities

Type (License): Freeware (proprietary)

Website: http://www.ccleaner.com

This is a free registry/cache/junk file cleaner.

Tip: Make sure you go into settings and choose to "Secure delete". Choose the DoD 3-pass clean.

Tip 2: Consider checking the box to erase "Free space" too. Not all the time because it's time-consuming.

Privacy: Eraser

Type (License): Freeware (Open Source)

Site: http://eraser.heidi.ie/

Description: Delete means delete. Microsoft considers hard drive encryption to be a feature you pay for and its filesystems are extremely insecure (FAT32 has no security, anyone can view anything, NTFS has little). Microsoft is very deceptive that Windows doesn't notify you that you're not really permanently deleting your files until you overwrite them.

Read more about eraser at Stanford's SLAC: http://www.stanford.edu/services/encryption/desktop/windows/securedelete.html

Tip: Make sure to erase any free space on your hard drive as well.

Tip 2: You can also right click your Recycle bin and securely erase your bin.

Privacy: Truecrypt

Alternative to: Microsoft Bitlocker

Type (License): Freeware (Open Source)

Site: http://truecrypt.org

Even though you'll never need it. You never know when you'll get blindsided. You could lose your laptop, have it stolen, etc. Even having one layer of weak encryption will throw off thieves and give you great peace of mind.

Lite, Effective Antivirus: NOD32

Type (License): $40/yr Subscription (Proprietary)

Website: https://www.eset.de

ASM-based virus scanner. Very low memory footprint. Fast.

It also works great when using Windows 7 as a guest (a la VirtualBox)

Free Antivirus Alternatives

AVG Free

Type (License): Free (Proprietary)

Website: http://free.avg.com/de-en/homepage

ClamAV

Type (License): Free (Open Source)

Website: http://clamwin.com

Micro$oft Security Essentials

Type (License): Free (Proprietary)

Website: http://www.microsoft.com/Security_Essentials/

Audiophiles: Foobar

Type (License): Freeware (License)

Website: http://www.foobar2000.org/

Simple, playlist-based music player with a low memory footprint.

Torrenting: µtorrent

Website: http://www.utorrent.com

Type (License): Freeware (Proprietary)

Torrent client with tons of features, oddly small size and low-memory footprint. Very stable.

Office Essentials: Open Office

Alternative to: Microsoft Office

Website: http://www.openoffice.org

Type (License): Freeware (License here)

Get all your essentials with OpenOffice. Microsoft Word, Excel and Powerpoint are too pricy.

PDF Viewer: Sumata

Alternative to: Adobe Reader

Website: http://blog.kowalczyk.info/software/sumatrapdf/index.html

Type (License): Freeware (Open source)

This is a very lite, stable PDF viewing solution.

Gaming: Steam

Alternative to: Greedy retailers like Best Buy and Gamestop

Type (License): Freeware (Proprietary)

DRM gaming. But steam takes the pain out of it. No limits on redownloading the software you purchase. Stable. Time-tested. (You can grab this with Ninite too.)

You have to pay for the games, of course. However the long-term benefits of using Steam make it worth it. It saves you from scratched CD's and managing all your cd-keys.

Steam store also offers generous software bundles of related games (Civilization, Valve, etc) and can save you tons of money.

Virtualization / Guest OS: Virtualbox

Alternative to: VMWare Workstation, VirtualPC

Type (License):  Freeware (License details here)

Website: http://www.virtualbox.org

If you want to try out Linux or keep a sandbox'd operating system to do programming on, VirtualBox is will accept Windows, Linux and *BSD as guest OS's. It'll run on Linux too.

26Dec/090

Notes: Repairing a broken G1 / HTC Dream

HTC Dream / T-Mobile G1

Recently had a situation where I borked my G1 / HTC Dream. It took me hours to fix. This isn't a tutorial on how to install third party roms or root your G1, it's more of a troubleshooting thing.

Screen would be stuck on the "T-mobile G1 Screen". If it's on there for longer than 5-10 minutes, you have have an issue.

Had to pull battery out many times.

SPL to use is HardSPL. Look here: http://code.google.com/p/android-roms/wiki/Install_Hard_SPL. To check your SPL boot holding Camera+Disconnect buttons. Hold camera to switch between Fastboot and serial.

HardSPL includes fastboot. Fastboot lets you flash recovery images when no other options are available. You can grab flashboot for Linux/OS X/Windows at http://developer.htc.com/adp.html.

Fastboot binary may require you type sudo before, for elevated use permissions.

Download the SDK for your operating system, move fastboot into the /tools folder. If on linux or OS X, chmod +x fastboot.

$ sudo ./fastboot flash recovery recovery_image.img

Recovery images. cm-recovery 1.4 is OK. However RA-Dream (amon recovery) is superior (supports adb, console and sd card mounting from it). Big time saver because you'll be transferring stuff to/from your SD card often.

Reinstalling Cyanogen sometimes means you may need to install the original HTC 1.6 image (MD5sum: b3e12b004c155761a10b1a848288e0c3) http://www.baroukh.com/adp1/signed-dream_devphone_userdebug-ota-14721.zip

For the fastboot image (no signature for updater to check against, fastboot only, MD5: a06a3d24ff4cbe5c81317e41891e6965): http://www.baroukh.com/adp1/signed-dream_devphone_userdebug-img-14721.zip

Then you can grab Cyanogenmod and upgrade via Recovery: http://forum.xda-developers.com/showthread.php?t=567610