Archive for the Category » computing «

Friday, September 11th, 2009 | Author:

Peace in the land of USB

Under a *nix operating system, having multiple partitions on a USB drive isn’t rocket science, it just works. In my case, my USB drive has two partitions because the first partition is a bootable Arch Linux installer.

I have Windows on a desktop at home – mostly for gaming – and many of my colleagues use it too. Since Windows doesn’t do very well with non-Windows partitions I figured I could create a FAT32 partition on the memory stick after the bootable Arch Linux partition. FAT32 is almost ubiquitous and is usable on every common desktop operating system in the world.

Bleh

Unfortunately it doesn’t work straight off the bat. Apparently, Microsoft in their infinite wisdom decided that memory sticks are supposed to have one (and only one) partition. In reality Windows finds the first partition and then ignores any others that happen to be set up:

Please Format

Err, no, I do not want you to format my Arch Linux installation partition

The trick to getting it working is to fool Windows into thinking the device is not a regular USB memory stick but perhaps a solid-state hard disk which happens to be connected via USB. Yes I know, this is seriously stupid that Windows behaves this way. A solid-state hard disk is just a whopping big (and fast) memory stick after all!

I found a few sources on how to do this however I still had to figure out some things on my own. Specifically, the guides I found either skipped some steps or didn’t provide enough information on where to download the driver package.

This procedure involves manually changing hardware drivers and installing “non-signed” drivers “not intended for your hardware”. I know someone is going to break their system and blame me so I say now that I take no responsibility for any damage you may do to your Windows system as a result of this. Read that again. 😛

Instructions

remove the highlighted text

click for larger version

Download and unzip the driver, originally created by Hitachi, here. Open the cfadisk.inf file in notepad (or your favourite plaintext editor), and find the section labeled [cfadisk_device]. Remove the section highlighted on the right:

Minimize (don’t close) the editor and go to your desktop icons – right-click on My Computer and select Properties. Select the hardware tab and then select [Device Manager]:

System Properties

Find the device under “Disk drives”, right-click your memory stick and select Properties:

Device Manager

Click the Details tab and in the dropdown box on that page, select “Hardware Ids”. Click the first line in the list of Hardware IDs and press Ctrl+C to copy the name:

USB Hardware Ids

Don’t close this dialog, go back to notepad (which was minimised) and paste the hardware ID into where the previous content was removed.

Changes pasted into notepad

Save the file in notepad and go back to the device’s property dialog window. Click the “Driver” tab and click the [Update Driver…] button. In the windows that pop up, select “No, not this time”; [Next] -> “Install from a list or a specific location (Advanced)”; [Next] -> “Don’t search. I will choose the driver to install.”; [Next] -> [Have Disk…].

Unsigned Drivers - Click Continue Anyway

Browse to the folder where you have saved the modified cfadisk.inf file. Click [OK]. You will find

there is a Hitachi Microdrive driver listed. Select this and click [Next]. When the warning

appears, click [Yes]. Another warning will pop up regarding a similar issue (these are the “unsigned” and “not intended for your hardware” warnings I mentioned earlier). Click [Continue Anyway]:

At this point I recommend closing all the dialog boxes related to the setup. Finally, remove and re-insert the memory stick into your USB port and you should find that the extra partitions on the stick are accessible. In the worst-case scenario, you might still need to partition the disk however the hard part is over. 🙂

Share
Wednesday, August 26th, 2009 | Author:

If you’re using *nix and you’ve found this middle-click behaviour annoying, change Firefox‘s middlemouse.contentLoadURL about:config option to false.

Big thanks to Ayman Hourieh for the tip.

Share
Friday, August 21st, 2009 | Author:

Have we here a Facebook Stalker?!

Of great consideration to online privacy are facebook stalkers. If a stalker randomly manages to add a few of your friends and you have your Profile Privacy Settings allowing “Friends of Friends” to see everything then your stalker effectively has access to your profile even without having added you.

I’ve now adjusted my privacy settings more strictly and I’ve used the “See how a friend sees your profile:” tool to get an idea of how it changes things.

My “Basic” Information I had available to “Friends of Friends”. This includes “Gender, Birthday, Hometown, Political and Religious Views and Relationship Status” according to Facebook’s description. You might think it fair that friends of your friends have an idea of how you roll.

But can you trust all your friends anti-stalker spidey-senses?

I think NOT.

I previously had it that friends of friends can see my photos and videos but not much else. I’m thinking of changing that now too.

But wait, there’s More!

Further to this, we should be vigilant of “fake” Facebook profiles. Stalkers are usually apt enough to create more than one account with fake names. If you block one they create another and attempt to get a glance at your profile once more. I’ve created a friend group called “Privacy Pls”. This group is limited from being able to see anything other than a very basic page. This “basic” view is akin to when you first started using Facebook and didn’t know you could add lots of stuff in there (stuff you later realised you didn’t want anyway).

If someone adds me and I’m not absolutely sure who it is, I add them to my “Privacy Pls” group. Also if someone adds me and I don’t want to offend them by ignoring their invite I’ll rather add them to this group. Perhaps you feel you have a pervy boss for example.

But Wait! There’s More – and this time you can do it TOO!

To do this for yourself, go to your Friends page, click “Create New List”, and name it something appropriate – “Privacy Pls” in my case. Add the appropriate friends to this list now or add any future “suspect” friends to the group.

Next, go to the Profile Privacy Settings page. Underneath each section you will find a “Edit Custom Settings” button. Click the first one and, at the bottom of the dialog that pops up, you will find “Except these people”. Add your “Privacy Pls” group here. Do the same for all the sections you don’t want them to see. When done, use the “friend’s view” tool to confirm what is made available to persons on that list.

And the Friend-of-Friend Stalker?

To prevent your “Friend-of-Friend” Stalker from being able to see your profile, do yourself a favour and think very critically about what you want potential stalkers to be able to see. Now go change those Privacy Settings to “Only Friends”.

For the Photo Crazy

Check up on your Photo Album Privacy settings. This is set up much the same as your profile settings. Consider carefully who you want to be able to see which photo albums and adjust the permissions appropriately!

Your Personal Contact Information

Lastly, check up on your Contact Information: Click the “Profile” button towards the top left of the Facebook page to get to your profile. Then click on the “Info” tab within your profile. When you mouseover the Contact Information section you will see an “Edit” link pop up on the right. Click this button to start editing your details.

Next to each item you will find a “lock” icon. Click this lock to define further permissions for which friends are able to see the items. You’ve never give your address and phone details to a dodgy stranger you meet on the street. Why do we then go and give it away to everyone on the Internet. I recommend the following:

  • Allow “No one” on:
    • email address
  • Allow “Only Friends” on:
    • IM Screen Names
  • Remove completely or allow “No one” on:
    • mobile phone number
    • landline number
  • Limit the following:
    • address details – give your area or suburb – but NOT your full address

Hopefully we don’t all have to learn our lessons the hard way.

P.S. (especially to the guys and gals who have asked) I’ve been extremely busy these last couple of weeks. I have a lot of unedited content I’m hoping to make publishable very soon!

Share
Category: privacy, security  | Tags: , , ,  | One Comment
Friday, June 05th, 2009 | Author:

Well it turns out that the problem is a little more subtle than that. It is only the root user that does not have syntax highlighting.

You see, vim does have syntax highlighting but vi and vim are different binaries. A shell startup script only aliases vi to vim if the user id is higher than 100 – which excludes root. The simplest workaround is to just add an explicit alias to root’s .bashrc at /root/.bashrc :

alias vi='vim'

run the command manually or just log in again to “activate” the alias.

Btw, I’m starting to like vi… a lot. For a long time it made no sense to me – but now I am found. 🙂

Share
Sunday, April 26th, 2009 | Author:

Trust me. We’re still dealing with regexes – just in a roundabout (and vaguely practical) way. This is a pretty comprehensive listing of how to go about flushing DNS caches while using regexes to show where similar methods deviate.

Why do we want to clear DNS caches exactly?

There are a number of reasons to clear DNS caches, though I believe these are the most common:

  • An intranet service has an private (internal) IP address when on the company network but it has a public IP address for outside access. When you try to access that service from outside after accessing it from inside, there’s a chance that you would have cached the private (inaccessible) IP. A good long-term solution is to make the service inaccessible except via VPN. A simpler solution is to leave work at work. 😛
  • An internet service or web site changes their DNS settings and your desktop/laptop is looking at the “old” setting. In this case, the new setting has not yet propagated. Hosting Admins come across this case very often.
  • Privacy: If someone can track your DNS history then it wouldn’t be too hard to figure out which web sites you’ve been viewing. Though the individual pages you’ve viewed can’t be tracked in this way, the hostnames, such as “dogma.swiftspirit.co.za” or “google.com” will be in the DNS cache, likely in the order you first accessed each site. There are better ways to do this though. One example is to use a Tor network for all DNS requests.

Flushing Windows’ DNS cache, from command prompt:

Evidence suggests that prior to Windows 2000, Windows OS’s didn’t cache DNS results. The ipconfig command, run from the command prompt, was given some control over the DNS cache and has remained roughly the same since.

To get to the prompt if using Vista as non-Admin: Start -> Programs -> Accessories -> Right-click “Command Prompt” -> Run As Administrator

Otherwise: Start -> Run -> [cmd     ] -> [ OK ]

ipconfig /flushdns

Flush the DNS Resolver Cache in Windows

It is also possible to clear the cache in Windows by restarting the “DNS Client” or “Dnscache” service.

Flushing Mac OS X DNS cache, from shell prompt:

Since Mac OS X, Apple Macs have been running a Unix-based, POSIX-compliant, operating system based on Nextstep, itself originally containing code from FreeBSD and NetBSD. Mac OS X uses lookupd or dscacheutil to manage the DNS cache, depending on the version.

To get to the prompt: Applications -> Utilities -> Terminal

(lookupd|dscacheutil) -flushcache

What have we here? As per part 1, the vertical bar indicates that either “lookupd” OR “dscacheutil” are acceptable. The parenthesis indicate that the vertical bar only applies to the “lookupd|dscacheutil” portion of the expression. Thus, the ” -flushcache” is not optional and must be included in the command in order for it to work. Note that these commands produce no output unless there is an error.

Use dscacheutil if you’re using Mac OS X 10.5 (Leopard) or later.

Mac OS X:

lookupd -flushcache

Mac OS X Leopard:

dscacheutil -flushcache

Use dscacheutil to flush the cache in Mac OS X Leopard

There is also a GUI tool, DNS Flusher, which automatically uses the correct command available.

Flushing Linux/Unix’ DNS cache, from shell prompt:

N.B. If you don’t already have either bind (with caching lookup enabled), nscd, or dnsmasq installed and running on your *nix-based desktop/server, you are probably not caching DNS at all and there is nothing to flush. In that case you will be utilising your DNS server for every web request, probably slowing your web experience.* If so, I recommend at least installing nscd as it is the easiest to set up. **

Flushing nscd’s cache

As with the Mac OS command, this produces absolutely no output unless there is an error:

(|sudo )(|/usr/sbin/)nscd -i hosts
  • Use sudo if you’re not already root otherwise the first selection is blank.
  • Specify /usr/sbin/ if nscd is not already within the “path”. If your distribution has nscd in a strange place, locate it first:
locate -r bin/nscd$

Notice that the above “bin/nscd$” is itself a regular expression. 🙂

Using nscd, invalidate the “hosts” cache, logged in as a user:
sudo nscd -i hosts
Using nscd, invalidate the “hosts” cache, logged in as root:
nscd -i hosts
Using nscd, invalidate the “hosts” cache, logged in as root, specifying the full path:
/usr/sbin/nscd -i hosts

Flushing bind’s cache

To flush bind’s cache, we issue a command via rndc. Use sudo if you are not already root:

(|sudo )rndc flush

Restarting the cacheing services also works!

Here’s how to restart either of the caching daemons:

(|sudo )(service |/etc/(rc\.d|rc\.d/init\.d|init\.d)/)(bind|dnsmasq|nscd) restart

That’s starting to get difficult to read. *** Luckily I’ve explained in detail:

  • As with the previous command, use sudo if you’re not already root.
  • The second selection has the first option “service “. This applies mainly to Red Hat/CentOS and Fedora systems.
  • The “/etc/(rc\.d|rc\.d/init\.d|init\.d)/” needs to be expanded further. This is for most other systems. Generally, the rc.d is for if you’re using a BSD-style init system (for example: Arch Linux, FreeBSD, or OpenBSD). The best way to know for sure which command to use is to ‘locate’ the correct nscd or dnsmasq path. Most Unix flavours, even Solaris, use nscd:
locate -r \.d/nscd$ ; locate -r \.d/dnsmasq$ ; locate -r \.d/rndc$
  • The last choice is between “bind”, “nscd”, and “dnsmasq”. This depends entirely on which is installed and in use.
  • The last of the pattern, ” restart”, is the instruction given to the daemon’s control script.

Arch, using dnsmasq, restarting the cache daemon, logged in as root:

/etc/rc.d/dnsmasq restart

Arch, using nscd, restarting the cache daemon, logged in as user:

sudo /etc/rc.d/nscd restart

CentOS / Red Hat, using nscd, restarting the daemon, as root:

service nscd restart

nscdrestart

Flush Mozilla Firefox’s internal DNS cache:

Mozilla Firefox keeps its own DNS cache for performance. Firefox 2 would cache only 20 entries for up to 60 seconds. The default setting as of Firefox 3 appears to be 512 entries for up to 60 minutes which seems much more reasonable for every-day browsing. If your desktop has a built-in cache (which most now do) then the cache here is actually redundant. I’m not aware of any other browsers that implement DNS caching.

I’ve found a few solutions for when you need to clear the cache. It seems there are many ways to do this however these are the easiest, which I’ve put into order of preference.:

  1. Install the Firefox DNS Flusher Addon – provides a button to flush the cache.
  2. Install the DNS Cache Addon – provides a toggle which disables or enables the DNS cache.
  3. Clear Cache (clears browser cache as well as DNS Cache): Select Tools -> Clear Private Data; Deselect all checkboxes except for Cache; Click [ Clear Private Data Now ].
  4. Manually do what DNS Cache does: set the following 2 about:config options “network.dnsCacheExpiration” and “network.dnsCacheEntries” to 0 and then back to the default.

I had a bad cached record and I cleared my browser’s cache. But its still giving me the wrong info. What gives?

Because of how DNS propagation works, you preferably need to flush the DNS on all DNS hosts between yourself and the “authoritive” host, starting with the host closest to the authoritive host (furthest away from your browser).

As an example, if you have a router that is caching DNS, reset the router’s cache before restarting the DNS cache of your operating system, and only then should you clear the cache in Firefox. The reason is that even if you only clear your OS and Firefox’s caches, your desktop is still going to ask the router for its bad record anyway.

What if my DNS server is a server on the net outside my control?

You could try temporarily using a different nameserver, possibly even a publicly open server. OpenDNS shows some good information on how to do this. If you’d like, you should also be able to get relevant information from your own ISP regarding their resolving DNS servers. A local example (South Africa) is SAIX which lists their resolving DNS servers.

* Likely the reason why Firefox has a DNS cache built-in ****
** “((pacman|yaourt) -S|emerge|(yum|aptitude|apt-get) install) nscd” and then ensure that the service is added to the startup scripts. Refer to your distribution’s installation documentation.
*** I’m looking for a syntax highlighting plugin that can work with regex
**** I’ve read statements that restarting the network(ing|) service also clears the DNS cache however I haven’t seen any evidence that this is true. If anyone has a example where this is true, please provide me with the details.
Share