miércoles, 29 de septiembre de 2010
A New, Happy Mandriva User!
One of my colleagues, a proud owner of a netbook HP Mini, but not so proud of the crippled Windows 7 Starter it came with, had asked me to help her switch to GNU/Linux.
Her netbook, although little as a netbook can be (though not quite like my Toshiba NB-100, which literally looks like a toy) put up a titanic struggle to block me from installing Linux.
After some research and tests, I finally had everything ready to install the friendly penguin on a dual boot as my colleague's primary operating system. Yes, she was totally fed up with Windows--in spite of all the praises Microsoft sings about it--but I told her to keep her Windows 7 as a secondary OS. Why? Because then she will have the opportunity to actually compare Linux and Windows fairly and will make her decisions based on her own experience. That is more valuable than a million words in favor of Linux, I'd say.
Then, I had to settle for which distro to install. I chose Mepis 8.5 because, following my line of thought, it would be easier for her to learn and for me to help her out in case of need. Unfortunately, the HP-Mini wanted to put some more struggle. Mepis was not the best choice for that netbook: even though all the computers in which I've tested or installed Mepis--desktop, notebooks, or netbooks--presented no problems, this one seemed almost Mepis-proof (at least from my limited Mepis knowledge.)
I was getting closer to solve the hardware incompatibilities, but then I decided to try a different approach. I had read that Mandriva did a very good job specifically in those headache-causing HP-Minis, so I asked Mechatotoro to bring along a Mandriva One Spring live CD and let the legacy of Mandrake do its magic where Mepis magic didn't work.
Right, Mandriva did it. What would have taken me some extra time configuring in Mepis, Mandriva got it out of the box. My colleague was also dazzled by Mandriva's KDE effects (I knew she would!) She kept Mandriva, that was a no-brainer.
Today, she told me a friend had seen her new computer and wanted Mandriva, too. ^_~
She also told me that she had used her little Mepis knowledge trying to place a different wallpaper on each desktop, but had not succeeded. I offered some help. I did my best, but even though I actually placed different wallpapers, KDE refused to show them. I knew I was missing one step in the process, but which one? I am not very acquainted with Mandriva.
Then, I remembered Mechatotoro had placed a tutorial for that on his blog. Following it, I discovered the missing link and got the four different wallpapers happily rotating along the desktop cube.
My colleague's satisfaction was beyond words. She had her netbook running exactly as she wanted and with no absurd limitations. Can somebody say the same of Win7 Starter? :P
When Mandrake Linux was first released, the slogan was "A new star is born." So, let me borrow those words and say "a new, happy Mandriva user is born." Congratulations, Mandriva! ^__^
¿Será el fin de OpenOffice.org?
Aparentemente, los desarrolladores de OpenOffice.org decidieron romper los lazos con Oracle (la compañía que compró Sun y adquirió por ende Open Solaris y Open Office). ¿Por qué rompieron con Oracle? Aparentemente, Oracle canceló el proyecto de Open Solaris a pesar de que los desarrolladores de Open Office esperaban que no lo hiciera.
¿Qué pasará ahora con Open Office? ¿Será el triste adiós? ¿Y todas las distros de Linux que usan esta poderosa suite ofimática? ¿Quedaremos condenados a usar el legado de Open Office sin posibilidad de actualizaciones o mejoras?
¡No! Al igual que con Mandriva y Mageia, los desarrolladores de Open Office formaron "The Document Foundation", en la cual planean continuar con el proyecto de Open Office, que ahora se llamará LibreOffice, a menos que Oracle les done el nombre "Open Office.org".
Ya la Document Foundation cuenta con el apoyo de Google, Red Hat, Canonical y The GNOME Foundation.
La versión Beta de LibreOffice para Windows, Linux y Mac se puede descargar aquí.
¿Qué pasará ahora con Open Office? ¿Será el triste adiós? ¿Y todas las distros de Linux que usan esta poderosa suite ofimática? ¿Quedaremos condenados a usar el legado de Open Office sin posibilidad de actualizaciones o mejoras?
¡No! Al igual que con Mandriva y Mageia, los desarrolladores de Open Office formaron "The Document Foundation", en la cual planean continuar con el proyecto de Open Office, que ahora se llamará LibreOffice, a menos que Oracle les done el nombre "Open Office.org".
Ya la Document Foundation cuenta con el apoyo de Google, Red Hat, Canonical y The GNOME Foundation.
La versión Beta de LibreOffice para Windows, Linux y Mac se puede descargar aquí.
Etiquetas:
Libre Office,
Open Office,
Oracle,
The Document Foundation
domingo, 26 de septiembre de 2010
Experimentos...
Mis experimentos con Mepis y Antix en mi sujeto de pruebas (una computadora realmente vieja) no resultaron tan bien como esperaba; parece que los requisitos mínimos de memoria de ambas distros (256 Mb. de Ram para Mepis y los 128 Mb.de Ram para Antix) fueron demasiado para los escasos 64 Mb.de Ram de esta pieza de colección. Mepis no llegó a mostrarme la pantalla de ingreso y Antix, a pesar de hacerlo, consumió el último Kb. de Ram antes de desplegar el escritorio.
Como temía una eventualidad similar, también me aseguré de que las dos distros fueran acompañadas por Puppy Linux (quien también exige alrededor de 128 Mb. de Ram). Puppy sí logró llegar al final y me mostró el escritorio. Desgraciadamente, el ratón de la computadora neolítica atestó un golpe fatídico a mis progresos: funcionaba a través de un puerto D-Sub...¡Sí, el anterior al Ps/2!
Puppy no supo qué hacer con ese ratón milenario...ni yo qué hacer con un escritorio de Puppy y su puntero inmóvil en su centro. Después de varios intentos inútiles por localizar el modo de movilización mediante el teclado, me vi forzado a cerrar la sesión y terminar mis experimentos.
El dinosaurio ganó la primera batalla, pero no la guerra; hoy aprendí la forma de desplazarme mediante el teclado: se oprime ALT+F1 para activar el menú y se utiliza TAB para seleccionar.
También aprendí que Puppy posee una especie de centro de control del cual se puede escoger entre varias posibilidades para intentar habilitar al lánguido ratón. Ese será mi próximo proyecto.
¿Y si Puppy falla?
Linux siempre presenta alternativas; ya tengo un nuevo aliado para esta batalla por revivir una computadora prehistórica: Damn Small Linux.
Damn Small es una mini-distro basada en Knoppix y pesa tan sólo 50 Mb. Según afirman sus desarrolladores, funciona incluso en equipos con tan sólo 16 Mb.de Ram.
Hoy probé esta mini-distro iniciándola desde mi llave USB y ejecutándola en Windows...funcionó sin problema. Todavía no he logrado adaptarla para que se ejecute desde mi llave USB directamente, pero pronto lo lograré. De todos modos, lo de la llave USB es inútil para mi sujeto de pruebas ¡esa pobre computadora ya había visto la luz del sol cuando apenas se estaba desarrollando el puerto USB en 1994!
¿Podrá Puppy revivir una computadora tan vieja? Si no reconoce del todo al ratón, será el turno de Damn Small entonces.
Como temía una eventualidad similar, también me aseguré de que las dos distros fueran acompañadas por Puppy Linux (quien también exige alrededor de 128 Mb. de Ram). Puppy sí logró llegar al final y me mostró el escritorio. Desgraciadamente, el ratón de la computadora neolítica atestó un golpe fatídico a mis progresos: funcionaba a través de un puerto D-Sub...¡Sí, el anterior al Ps/2!
Puppy no supo qué hacer con ese ratón milenario...ni yo qué hacer con un escritorio de Puppy y su puntero inmóvil en su centro. Después de varios intentos inútiles por localizar el modo de movilización mediante el teclado, me vi forzado a cerrar la sesión y terminar mis experimentos.
El dinosaurio ganó la primera batalla, pero no la guerra; hoy aprendí la forma de desplazarme mediante el teclado: se oprime ALT+F1 para activar el menú y se utiliza TAB para seleccionar.
También aprendí que Puppy posee una especie de centro de control del cual se puede escoger entre varias posibilidades para intentar habilitar al lánguido ratón. Ese será mi próximo proyecto.
¿Y si Puppy falla?
Linux siempre presenta alternativas; ya tengo un nuevo aliado para esta batalla por revivir una computadora prehistórica: Damn Small Linux.
Damn Small es una mini-distro basada en Knoppix y pesa tan sólo 50 Mb. Según afirman sus desarrolladores, funciona incluso en equipos con tan sólo 16 Mb.de Ram.
Hoy probé esta mini-distro iniciándola desde mi llave USB y ejecutándola en Windows...funcionó sin problema. Todavía no he logrado adaptarla para que se ejecute desde mi llave USB directamente, pero pronto lo lograré. De todos modos, lo de la llave USB es inútil para mi sujeto de pruebas ¡esa pobre computadora ya había visto la luz del sol cuando apenas se estaba desarrollando el puerto USB en 1994!
¿Podrá Puppy revivir una computadora tan vieja? Si no reconoce del todo al ratón, será el turno de Damn Small entonces.
Etiquetas:
AntiX,
computadoras viejas,
Damn Small Linux,
experimentación,
Knoppix,
Mepis,
Puppy Linux
viernes, 24 de septiembre de 2010
Meeting AntiX! An Informal Review
Yesterday, I downloaded AntiX, a lightweight Linux distro based on Mepis. I had heard of it before, but had never downloaded it. The reason? As I understood, Antix was intended for old computers, and even though my computer is quite old, it handles Mepis very well, so I had no reason to try it...well, that was what I thought.
I also heard about some features Antix has that made me curious, so I wanted to try them. According to what I had learned on the Web, those features were:
1. Even though it is intended for old computers, AntiX runs as well on new boxes.
2. AntiX is a rolling distro.
3. AntiX is based on Mepis, but it uses Debian testing (Mepis uses Debian stable).
4. AntiX can be configured to support Spanish with no further download (that's a very important point in my country!)
5. Remastering is a reality for AntiX.
6. In spite of its light weight (the full Live CD is less than 600 MB), AntiX handles multimedia quite well.
Well, those features called my attention, so I downloaded this distro. To be more precise, I downloaded AntiX 8.5 "Marek Edelman." Thus, the very first thing I learned from AntiX was a bit of history (I really liked that, by the way!)
The second aspect that called my attention was the visual theme of the desktop. The colors combine with the wallpaper to create an effect of nostalgia intertwined with underlying vitality. It is quite the same feeling one gets after finding an old black & white photograph of a very happy moment, if I could compare it to something. I almost felt as if I had been in front of a resurrected computer from the early 90's just by looking at the desktop. And sure, the OS was in Spanish. ^__^
From my quick glimpse, Antix comes with:
Abiword for text processing
A spreadsheet
Web browsers
A calculator
Synaptic as a package manager
Pidgin for chatting
Several applications for multimedia and graphics
Games
A control center
Partly influenced by my experience with old games running on new machines, I expected AntiX to perform way too fast to be functional (younger generations might not know what I'm talking about). But the distro ran beautifully. The menus, the windows, everything ran flawlessly even though it was from the Live CD.
Then came my first "serious" tests...(I am no technician, so my tests cannot be that "serious," but I'm quite a demanding computer user!)
First test: Web connectivity
No problem. AntiX picked my wired connection out of the box. It comes with IceApe as the Web browser. I thought about challenging AntiX with a difficult Web task. Why not YouTube for a start? No big deal. The page loaded without any glitches and so did the videos I picked.
Second test: Can Antix see my other partitions and have access to them?
In this case, I had a problem. I could mount my Mepis partition, but I could not mount my old XP "storehouse." Apparently, I need to be granted root access for that. I felt a bit disappointed at first, but then I thought "Hey, this is not a big deal! You just have to learn how to grant root access." Actually, it counts for more points in security.
Third test: Some leisure applications
All work and no play makes Jack a dull boy, so I ran the preloaded games. It comes with a DOS emulator. Hehehe! You won me over with this, little distro! I am a fan of retro DOS games!
Besides the emulator, the breakout game is a little jewel! I spent more time "testing" it than I intended to!
I also ran the basic drawing application (the equivalent of MS Paint). The black background made it look so "DOS-like"...but still, it ran perfectly. It even has some features that beat its MS counterpart!
Because of time (I had a lot of work to do), I could not keep testing this new distro, although I definitely intend to continue doing it as soon as I have some more free time. Actually, I also plan to try it on a real dinosaur computer that someone I know has in a cardboard box, forgotten in a corner of a storeroom. I don't know this ancient PC's specs yet, but I am sure it is old! Will AntiX run on it and bring it back to life?
I still need to continue my tests and I still need to learn a great deal about this distro, but meanwhile let me say that AntiX is definitely a keeper! Congratulations to its developer, contributors, and community!
I also heard about some features Antix has that made me curious, so I wanted to try them. According to what I had learned on the Web, those features were:
1. Even though it is intended for old computers, AntiX runs as well on new boxes.
2. AntiX is a rolling distro.
3. AntiX is based on Mepis, but it uses Debian testing (Mepis uses Debian stable).
4. AntiX can be configured to support Spanish with no further download (that's a very important point in my country!)
5. Remastering is a reality for AntiX.
6. In spite of its light weight (the full Live CD is less than 600 MB), AntiX handles multimedia quite well.
Well, those features called my attention, so I downloaded this distro. To be more precise, I downloaded AntiX 8.5 "Marek Edelman." Thus, the very first thing I learned from AntiX was a bit of history (I really liked that, by the way!)
The second aspect that called my attention was the visual theme of the desktop. The colors combine with the wallpaper to create an effect of nostalgia intertwined with underlying vitality. It is quite the same feeling one gets after finding an old black & white photograph of a very happy moment, if I could compare it to something. I almost felt as if I had been in front of a resurrected computer from the early 90's just by looking at the desktop. And sure, the OS was in Spanish. ^__^
From my quick glimpse, Antix comes with:
Abiword for text processing
A spreadsheet
Web browsers
A calculator
Synaptic as a package manager
Pidgin for chatting
Several applications for multimedia and graphics
Games
A control center
Partly influenced by my experience with old games running on new machines, I expected AntiX to perform way too fast to be functional (younger generations might not know what I'm talking about). But the distro ran beautifully. The menus, the windows, everything ran flawlessly even though it was from the Live CD.
Then came my first "serious" tests...(I am no technician, so my tests cannot be that "serious," but I'm quite a demanding computer user!)
First test: Web connectivity
No problem. AntiX picked my wired connection out of the box. It comes with IceApe as the Web browser. I thought about challenging AntiX with a difficult Web task. Why not YouTube for a start? No big deal. The page loaded without any glitches and so did the videos I picked.
Second test: Can Antix see my other partitions and have access to them?
In this case, I had a problem. I could mount my Mepis partition, but I could not mount my old XP "storehouse." Apparently, I need to be granted root access for that. I felt a bit disappointed at first, but then I thought "Hey, this is not a big deal! You just have to learn how to grant root access." Actually, it counts for more points in security.
Third test: Some leisure applications
All work and no play makes Jack a dull boy, so I ran the preloaded games. It comes with a DOS emulator. Hehehe! You won me over with this, little distro! I am a fan of retro DOS games!
Besides the emulator, the breakout game is a little jewel! I spent more time "testing" it than I intended to!
I also ran the basic drawing application (the equivalent of MS Paint). The black background made it look so "DOS-like"...but still, it ran perfectly. It even has some features that beat its MS counterpart!
Because of time (I had a lot of work to do), I could not keep testing this new distro, although I definitely intend to continue doing it as soon as I have some more free time. Actually, I also plan to try it on a real dinosaur computer that someone I know has in a cardboard box, forgotten in a corner of a storeroom. I don't know this ancient PC's specs yet, but I am sure it is old! Will AntiX run on it and bring it back to life?
I still need to continue my tests and I still need to learn a great deal about this distro, but meanwhile let me say that AntiX is definitely a keeper! Congratulations to its developer, contributors, and community!
martes, 21 de septiembre de 2010
Mepis: Thanks for all the Fish!
I stumbled today upon a curious episode in the history of Mepis Linux, which I called "The Fishy Debate"
It seems that during its early days, SimplyMepis shipped with a preloaded KDE applet in the Kicker. In other words, the "taskbar" included a "gizmo."
The thing was basically a small fishtank in which several cartoonish fish went by swimming...nothing less, nothing more.
Apparently, some users considered the fishtank negative because it sort of made a "bad first impression" of the OS. They mentioned the terms "for teenagers" and "unprofessional."
That reminded me of how professionalism is taking over the computer world, leaving little room for creativity and fun. Heck, Microsoft Office even got rid of the assistant, for example!
Other Mepis users said "what's the big deal with the fish? Don't like them? You can get rid of them in 2 seconds!"
Yet, others stated their full support to the little fish with ideas like:
"Its to keep the Penguins happy, they like fish"
"Also my cat refuses to use the computer without the fish...."
Then, the thread went to something deeper, like distro popularity:
"Remember how much everyone hated the brown earth colours of Ubuntu? And it's moved to position one on Distrowatch. And now note how many people hate the little fishes on Mepis? And it's up to positon five.
If we create a distro with fish, unpleasant brown colours, and one more visual flaw, we could take over the desktop world!"
To which another user responded:
"I like your analogy.. hehehe.. ;D ;D ;D How about changing the "K" in the K-menu to "Start".. that is total domination.. hehehe..."
There was even one user mentioning the deep cultural base for Mepis to come with the fishtank:
We have strong evidence that Herman Melville used Mepis as he typed out Moby Dick, because he started his great novel with a joke for all his computer friends, "Call me Phishmael". (Phishmael was spelled differently in subsequent editions.) And his first rough drafts describe the whale as blue, not white. Pretty conclusive I think!
After reading such a long and weird thread, I could not help but looking for the fishtank. (I guess the Anti-fish party ended up winning in the long run, for Mepis does not come with the fishtank anymore!)
The applet is Kaquarium. I installed it using Synaptic and added it to my Kicker. After seeing it for a couple of seconds, the only thing left for me to say was...
LONG LIVE THE FISHIES!!!
It seems that during its early days, SimplyMepis shipped with a preloaded KDE applet in the Kicker. In other words, the "taskbar" included a "gizmo."
The thing was basically a small fishtank in which several cartoonish fish went by swimming...nothing less, nothing more.
Apparently, some users considered the fishtank negative because it sort of made a "bad first impression" of the OS. They mentioned the terms "for teenagers" and "unprofessional."
That reminded me of how professionalism is taking over the computer world, leaving little room for creativity and fun. Heck, Microsoft Office even got rid of the assistant, for example!
Other Mepis users said "what's the big deal with the fish? Don't like them? You can get rid of them in 2 seconds!"
Yet, others stated their full support to the little fish with ideas like:
"Its to keep the Penguins happy, they like fish"
"Also my cat refuses to use the computer without the fish...."
Then, the thread went to something deeper, like distro popularity:
"Remember how much everyone hated the brown earth colours of Ubuntu? And it's moved to position one on Distrowatch. And now note how many people hate the little fishes on Mepis? And it's up to positon five.
If we create a distro with fish, unpleasant brown colours, and one more visual flaw, we could take over the desktop world!"
To which another user responded:
"I like your analogy.. hehehe.. ;D ;D ;D How about changing the "K" in the K-menu to "Start".. that is total domination.. hehehe..."
There was even one user mentioning the deep cultural base for Mepis to come with the fishtank:
We have strong evidence that Herman Melville used Mepis as he typed out Moby Dick, because he started his great novel with a joke for all his computer friends, "Call me Phishmael". (Phishmael was spelled differently in subsequent editions.) And his first rough drafts describe the whale as blue, not white. Pretty conclusive I think!
After reading such a long and weird thread, I could not help but looking for the fishtank. (I guess the Anti-fish party ended up winning in the long run, for Mepis does not come with the fishtank anymore!)
The applet is Kaquarium. I installed it using Synaptic and added it to my Kicker. After seeing it for a couple of seconds, the only thing left for me to say was...
LONG LIVE THE FISHIES!!!
lunes, 20 de septiembre de 2010
Dolores de cabeza...
La HP Mini de una de mis colegas está especialmente diseñada para obstaculizar, por no decir impedir de plano, la instalación y el uso de Linux. He encontrado todo tipo de problemas "sutiles":
1. Impide iniciar desde USB
2. Posee ya cuatro particiones activas (el máximo de la tabla)
3. Incluye el acceso a la BIOS en una de las particiones anteriores
4. El Wi-Fi no es reconocido por Linux
5. No reconoce proyectores de multimedios
¿Culpa de Linux? Ciertamente no. Mi netbook Toshiba NB-100, definitivamente no la más poderosa en el mercado, no presentó ninguno de los problemas anteriores. Algunos fabricantes sencillamente complican las cosas un poco más para que los usuarios inexpertos desistan y se olviden de Linux.
No entiendo. Si Linux no representa ninguna amenaza para el Monstruo de Redmond, ¿para qué recurrir a estas alianzas y sabotajes? ¡Y dicen que Linux crea paranoia! ¿No es más paranoico actuar tan en contra de algo que no representa amenaza alguna?
1. Impide iniciar desde USB
2. Posee ya cuatro particiones activas (el máximo de la tabla)
3. Incluye el acceso a la BIOS en una de las particiones anteriores
4. El Wi-Fi no es reconocido por Linux
5. No reconoce proyectores de multimedios
¿Culpa de Linux? Ciertamente no. Mi netbook Toshiba NB-100, definitivamente no la más poderosa en el mercado, no presentó ninguno de los problemas anteriores. Algunos fabricantes sencillamente complican las cosas un poco más para que los usuarios inexpertos desistan y se olviden de Linux.
No entiendo. Si Linux no representa ninguna amenaza para el Monstruo de Redmond, ¿para qué recurrir a estas alianzas y sabotajes? ¡Y dicen que Linux crea paranoia! ¿No es más paranoico actuar tan en contra de algo que no representa amenaza alguna?
Etiquetas:
GNU/Linux,
HP-Mini,
obstáculos,
Toshiba NB100
domingo, 19 de septiembre de 2010
Mandriva to become MAGEIA?
Last night, I got news from Mechatotoro that left me speechless: Mandriva Linux is actually forking. It seems that the members of the community couldn't put up any longer with the company behind Mandriva and decided to create a new distro on their own. This new distro will be named "Mageia" (White Magic), and many of its contributors are former Mandriva employees. You can read more about Mageia here. The new Mageia model will include a non-profit organization instead of a company, for business decisions are somewhat what members of the community are not pleased with. Let's remember that Mandriva was born out of the merging of two companies: Mandrake Linux and Connectiva.
Needless to say, the decision of splitting roads with Mandriva to create Mageia was not hasty. Members were thinking about it and discussing the subject for quite a long time. They even conducted a poll in which they asked fellow members what distro they would use if Mandriva folded. Most of them (26%) responded that they would start a new project. The most popular choice was PCLinuxOS (a Mandriva-based distro, with a 17% and OpenSuse with a 15%.
And the least popular distro among Mandriva followers? That was Mepis, with an unbelievable 0%!
T__T
miércoles, 15 de septiembre de 2010
Stay Protected with Windows...Nah!!! Now .DLLS??!!
This is a short list of vulnerabilities you must pay attention to on a daily basis if you intend to keep your Windows system secure (enough):
1. E-mail viruses
2. Internet viruses
3. Macro viruses
4. Rootkits
5. Spyware
6. Ransomware
7. USB viruses
8. Beacons
9. Pdf exploits
10. flash exploits
You have them all covered, you say? Great! Now, what happens if your very system files become part of the problem? Let's say, your .DLL files?
Did you know that your dynamic library files (.Dll), used vastly by Windows OS and windows applications are now being hijacked? Did you know that your Windows system can download unwanted .dlls from sources you did not ask it to? This problem is listed as KB 2269637
Did you know that this problem affects the powerful Windows Seven as well as Vista and XP? However, it affects just a few applications nobody uses, such as:
1. Adobe Dreamweaver
2. Adobe Photoshop
3. Adobe Illustrator
4. Avast!
5. BS Player
6. Camtasia Studio
7. Corel Draw
8. Daemon Tools
9. Google Chrome & Google Earth
10. Intervideo WinDVD
11. iTunes
12. Microsoft Office Powerpoint
13. Microsoft Office Word (with its acclaimed .docx!)
14. Microsoft Virtual PC
15. Microsoft Windows Mail & Live Mail
16. Microsoft Media Encoder
17. Mozilla Firefox (fixed in version 3.5.12 & 3.6.9)
18. Nullsoft Winamp
19. Nvidia Driver
20. Oracle Java
This is by no means a full list. Interestingly enough, open source applications have responded more quickly to fix the vulnerability. Anyway, there is a very simple process to auto-audit your system and find its vulnerable applications. Needless to say, you must first grab a copy--the latest copy--of DLLHijackAuditKit. Then, you must follow a series of simple steps listed on Metasploit, like:
1. Download the DLLHijackAuditKit v2 and extract it into a local directory on the system you would like to test.
2. Browse to this directory and launch 01_StartAudit.bat as an Administrator. The Administrator bit is important, as it will allow the script to kill background services that are spawned by the handlers and prevent UAC popups.
3. After the audit script completes (15-30 minutes), switch to the Process Monitor window, and access File->Save from the menu. Save the resulting log in CSV format to the local directory with the name "Logfile.CSV".
4. Launch 02_Analyze.bat as an Administrator. This will scan through the CSV log, build test cases for each potential vulnerability, try them, and automatically create a proof-of-concept within the Exploits directory should they succeed.
5. Identify the affected vendor for each generated proof-of-concept and ask them nicely to fix their application. Send them the calc.exe-launching PoC if necessary.
What? This is for techies you say? These are the EASY instructions with the newest version of the software! Well, if what you want is a list of applications with the problem, then take a look here, but keep in mind that the list there is not extensive either.
To protect yourself, you can follow the "easy" steps Susan Bradley describes in her article here, for example:
Based on my reading and testing, thus far, simply downloading patches to fix the problem might break some of my critical business applications. If you use the DLL patch process offered by Microsoft in MS Security Advisory 2264107 (more on that below), do so on a separate test PC first and then look for problems with your apps. If you do run into a problem, look for updates for your software and consider disabling WebClient Service, if possible (discussed below).
Security expert HD Moore has two DLL-fix recommends in his blog, but home users may find them difficult to implement.
First, check that your local firewall is preventing outbound Server Message Block (SMB) file processes. To do this, see whether the local firewall lets you block traffic through ports 135 and 445. But be careful: if you have a peer-to-peer home-network environment, you may need these ports.
Another method is to check your DSL- or cable company–supplied router's firewall settings. See whether you can adjust it to specifically block ports 135–139 and port 445. On my Linksys router, the port-filtering section lets me control up to five different ranges of ports.
Moore's second recommendation is to disable the WebClient Service, which will then block the Webdav vulnerability. (WebClient lets Windows apps create, access, and change Web-based files.) But this, too, should be done with caution — it might disable services such as Skydrive and JungleDisk. To turn off WebClient, go into Control Panel, Administrative Tools, and then Services. Scroll toward the bottom and click WebClient. On the WebClient control windows, find Startup type and select Disabled.
Whoa! Did you get it??!!
But don't fear, my friend! Microsoft won't let you fall! You just have to download and apply a patch to your already ragged and fully patched system. Here is the explanation by Microsoft. However, as with everything in life, you must brace yourself and pray that the patch won't break any of your important applications:
If you want to test Microsoft's DLL-blocking solution, go to MS Support article 2264107 and scroll down to the Update Information subsection and find the update for your specific platform. Install it and reboot your computer.
Now you're ready for step two: go to the Fix it for me subsection in article 2264107 and click the Fix it button. Clicking the button automatically creates a Registry entry that blocks "nonsecure DLL loads from WebDAV and SMB locations."
Should one of your applications stop working after the fix, you can try the following tweak to the Registry:
* Click Start and Run, then type in regedit and click OK or hit the Enter key. Scroll down the Registry list to HKEY_LOCAL_MACHINE and expand the tree below it.
* Now, navigate down the tree through SYSTEM, CurrentControlSet, Control, and Session Manager (circled in yellow in Figure 4).
* Click on Session Manager and look for CWDIllegalInDllSearch in the list to the right (also circled in yellow in Figure 4). Double-click it.
* In the Edit DWORD Value window that pops up, change the Value data from 2 to 1 and try again. If you still have problems with an app, change it to 0 and push that vendor to fix their application.
Great! This is a piece of cake! :P
I definitely agree with Joany, a fellow Mepis user who let us know about this situation in the Mepis Forum: How can Windows fanboys still say that Linux is hard?? Does that mean that following all these steps just to check if your system is at risk (which probably is) and then to fix it is actually simple??
Give me a break!
1. E-mail viruses
2. Internet viruses
3. Macro viruses
4. Rootkits
5. Spyware
6. Ransomware
7. USB viruses
8. Beacons
9. Pdf exploits
10. flash exploits
You have them all covered, you say? Great! Now, what happens if your very system files become part of the problem? Let's say, your .DLL files?
Did you know that your dynamic library files (.Dll), used vastly by Windows OS and windows applications are now being hijacked? Did you know that your Windows system can download unwanted .dlls from sources you did not ask it to? This problem is listed as KB 2269637
Did you know that this problem affects the powerful Windows Seven as well as Vista and XP? However, it affects just a few applications nobody uses, such as:
1. Adobe Dreamweaver
2. Adobe Photoshop
3. Adobe Illustrator
4. Avast!
5. BS Player
6. Camtasia Studio
7. Corel Draw
8. Daemon Tools
9. Google Chrome & Google Earth
10. Intervideo WinDVD
11. iTunes
12. Microsoft Office Powerpoint
13. Microsoft Office Word (with its acclaimed .docx!)
14. Microsoft Virtual PC
15. Microsoft Windows Mail & Live Mail
16. Microsoft Media Encoder
17. Mozilla Firefox (fixed in version 3.5.12 & 3.6.9)
18. Nullsoft Winamp
19. Nvidia Driver
20. Oracle Java
This is by no means a full list. Interestingly enough, open source applications have responded more quickly to fix the vulnerability. Anyway, there is a very simple process to auto-audit your system and find its vulnerable applications. Needless to say, you must first grab a copy--the latest copy--of DLLHijackAuditKit. Then, you must follow a series of simple steps listed on Metasploit, like:
1. Download the DLLHijackAuditKit v2 and extract it into a local directory on the system you would like to test.
2. Browse to this directory and launch 01_StartAudit.bat as an Administrator. The Administrator bit is important, as it will allow the script to kill background services that are spawned by the handlers and prevent UAC popups.
3. After the audit script completes (15-30 minutes), switch to the Process Monitor window, and access File->Save from the menu. Save the resulting log in CSV format to the local directory with the name "Logfile.CSV".
4. Launch 02_Analyze.bat as an Administrator. This will scan through the CSV log, build test cases for each potential vulnerability, try them, and automatically create a proof-of-concept within the Exploits directory should they succeed.
5. Identify the affected vendor for each generated proof-of-concept and ask them nicely to fix their application. Send them the calc.exe-launching PoC if necessary.
What? This is for techies you say? These are the EASY instructions with the newest version of the software! Well, if what you want is a list of applications with the problem, then take a look here, but keep in mind that the list there is not extensive either.
To protect yourself, you can follow the "easy" steps Susan Bradley describes in her article here, for example:
Based on my reading and testing, thus far, simply downloading patches to fix the problem might break some of my critical business applications. If you use the DLL patch process offered by Microsoft in MS Security Advisory 2264107 (more on that below), do so on a separate test PC first and then look for problems with your apps. If you do run into a problem, look for updates for your software and consider disabling WebClient Service, if possible (discussed below).
Security expert HD Moore has two DLL-fix recommends in his blog, but home users may find them difficult to implement.
First, check that your local firewall is preventing outbound Server Message Block (SMB) file processes. To do this, see whether the local firewall lets you block traffic through ports 135 and 445. But be careful: if you have a peer-to-peer home-network environment, you may need these ports.
Another method is to check your DSL- or cable company–supplied router's firewall settings. See whether you can adjust it to specifically block ports 135–139 and port 445. On my Linksys router, the port-filtering section lets me control up to five different ranges of ports.
Moore's second recommendation is to disable the WebClient Service, which will then block the Webdav vulnerability. (WebClient lets Windows apps create, access, and change Web-based files.) But this, too, should be done with caution — it might disable services such as Skydrive and JungleDisk. To turn off WebClient, go into Control Panel, Administrative Tools, and then Services. Scroll toward the bottom and click WebClient. On the WebClient control windows, find Startup type and select Disabled.
Whoa! Did you get it??!!
But don't fear, my friend! Microsoft won't let you fall! You just have to download and apply a patch to your already ragged and fully patched system. Here is the explanation by Microsoft. However, as with everything in life, you must brace yourself and pray that the patch won't break any of your important applications:
If you want to test Microsoft's DLL-blocking solution, go to MS Support article 2264107 and scroll down to the Update Information subsection and find the update for your specific platform. Install it and reboot your computer.
Now you're ready for step two: go to the Fix it for me subsection in article 2264107 and click the Fix it button. Clicking the button automatically creates a Registry entry that blocks "nonsecure DLL loads from WebDAV and SMB locations."
Should one of your applications stop working after the fix, you can try the following tweak to the Registry:
* Click Start and Run, then type in regedit and click OK or hit the Enter key. Scroll down the Registry list to HKEY_LOCAL_MACHINE and expand the tree below it.
* Now, navigate down the tree through SYSTEM, CurrentControlSet, Control, and Session Manager (circled in yellow in Figure 4).
* Click on Session Manager and look for CWDIllegalInDllSearch in the list to the right (also circled in yellow in Figure 4). Double-click it.
* In the Edit DWORD Value window that pops up, change the Value data from 2 to 1 and try again. If you still have problems with an app, change it to 0 and push that vendor to fix their application.
Great! This is a piece of cake! :P
I definitely agree with Joany, a fellow Mepis user who let us know about this situation in the Mepis Forum: How can Windows fanboys still say that Linux is hard?? Does that mean that following all these steps just to check if your system is at risk (which probably is) and then to fix it is actually simple??
Give me a break!
Etiquetas:
.dll,
hijacking,
Linux vs. Windows,
patches,
security
lunes, 13 de septiembre de 2010
Cuatro tristes cuadrados...
Los Cuatro Tristes Cuadrados son una jaula y quienes se encuentran atrapados en ellos no son capaces de entender.
Quienes se hallan atrapados en ellos no pueden comprender las Estrellas como Mandriva, que brillan sobre ellos. De hecho, serán capaces de ver la luz reflejada desde el cielo, pero correrán a esconderse de ella presa del miedo. Aquellos cuyas mentes han sido moldeadas secretamente para encajar a la perfección en el estrecho espacio que los Cuatro Tristes Cuadrados han provisto por gracia no pueden ver más allá del rojo, le verde, el azul y el amarillo. No existen otros colores; no existen otros mundos. Las dos pirámides de Mepis y la luna sobre ellas se convierten en una visión horripilante para ellos: romperá en pedazos su frágil sentido de seguridad, provisto mayormente por espejismos externos actualizados diariamente o auto inducidos con el humo intoxicante de herramientas esenciales que nunca alcanzan la esencia. El verde refescante de Menta es más mortal que veneno para ellos; el gato de Pardus no constituye un amigo o compañero sino un depredador salvaje del que deben escapar. Más fácil es para un tigre saltar através de un aro de fuego que para ellos acercarse a los círculos de Ubuntu...
Los Cuatro Tristes Cuadrados te atrapan.
Algunos dicen que te arrebatan la libertad, pero no es cierto. No posees ninguna importancia para ellos, así que no seas tan presumido. No les importas como persona o como criatura viviente y no tomarán nada de ti aparte de tu dinero. El resto--tu libertad, tus derechos, tu voz, tus escogencias--tú se lo regalas a ellos ya sea por tu voluntad o sin saberlo...pero no los culpes porque quien renuncia a ello eres TÚ solamente.
domingo, 12 de septiembre de 2010
Four Sad Squares...
The Four Sad Squares are a cage and those trapped within them cannot understand.
Those trapped within them cannot comprehend the Stars like Mandriva shining above them. In fact, they will see the light reflected from the sky but will run and hide from it in fear. Those whose minds have been secretly molded to perfectly fit in the narrow room graciously provided by the Four Sad Squares cannot see beyond the red, the green, the blue, and the yellow. There are no other colors; there are no other worlds. The two pyramids of Mepis and the moon above them are a vision of horror to them: it will shatter to pieces their fragile sense of safety, mostly provided by external mirages updated on a daily basis or self-indulged with an intoxicating smoke of essentials that never reach the essence. The refreshing green of Mint is deadlier than poison to them; the Pardus cat is not a companion nor a friend but a wild predator they must escape from. Easier it is for a tiger to jump through a ring of fire than for them to approach the circles of Ubuntu...
The Four Sad Squares trap you.
Some say that they take your freedom away, but that is not true. You are of no importance to them, so don't be so self-conceited. They don't care for you as a person or as a living creature and won't take anything from you beside your money. The rest--your freedom, your rights, your voice, your choices--you give it away to them either willingly or without knowing...but don't blame them because the one who gives it up is only YOU.
Etiquetas:
choices,
freedom,
Linux vs. Windows,
reflection,
rights
jueves, 9 de septiembre de 2010
I Got My First Beacon!
Hey, who'd have said it? Today I used a public computer powered by Windows Seven (with its updated antivirus); I inserted my USB stick there and in doing so I got my first beacon!!
If you don't know what a beacon is, please read this post: "On Computers, Cookies, and Beacons."
Wow! The computer was infected with a virus that not only created an autorun.inf file pointing to a special folder in which the virus was hidden, but also gave me as a nice Children's Day present a small file with a code...
Surely enough, none of the three elements could be removed because it lacked the corresponding permissions.
What was left for me to do then? Well, changing their permissions with a couple of clicks and then to place all those files together into a compressed folder for my brother's Outstanding USB Virus Collection Version 2.0
What antivirus did I use? None!
How did I find them? Because I was using Linux. Had I used Windows, probably those files would be invisible and both the virus and my first beacon would be right now working together to send I-don't-know what-important-information to I-don't-know-who.
I really don't like that idea. If you use Windows, please be careful. Double check your USB sticks or don't use them in a public computer. Better yet, try Linux to check their contents after using them in another computer.
martes, 7 de septiembre de 2010
Avances en esta semana...
Hoy simplemente pienso reportar mis últimos avances para evitar olvidarlos en caso de que los necesite más adelante...
1. Enseñándole al egoísta Windows 7 (Vista/7, para llamarlo por su nombre) a compartir:
Logré instalar Mepis Linux 8.5 en la netbook HP Mini de mi colega. Claro, tuve que descargar e instalar EASEUS FREE PARTITION MANAGER para particionar ya que Seven no acepta los métodos convencionales y Starter no posee utilidades funcionales en esta área (¿las poseerá en alguna otra?).
Después de particionar, me encontré con una interesante "casualidad": el disco duro ya poseía cuatro particiones primarias, el máximo que la tabla permitía. Por supuesto, dudo que un disco duro todo picoteado de fábrica tenga algo que ver con un deseo oculto de dificultar a los usuarios inexpertos la instalación otros sistemas operativos en la netbook. Después de todo, ¿quién querría instalar otro sistema operativo (léase LINUX) si la netbook ya viene con el "poderoso y robusto" Windows 7 Starter?
Por supuesto, me vi forzado a borrar una de las útiles particiones de la netbook para poder activar la partición de Linux donde instalaría Mepis. Hice un respaldo en caso de la partición enviada al olvido resultase en verdad útil, aunque personalmente lo dudo.
Luego, por medio de mi unidad de DVD externa (que está a punto de morir, por cierto), instalé en la netbook Mepis Linux. No hubo problema. La instalación desde el Live CD no tardó más de 10 minutos. GRUB funcionó sin problema, de manera que ahora el egoísta Windows 7 Starter no solamente debe compartir la netbook con Linux; también se volvió el sistema operativo secundario (mi colega me pidió que la netbook iniciara con Linux ya que ella no está muy complacida con Starter). :P
2. Winks en Amsn: nada útil, pero valioso para algunos :P
Para los que gustan del chat de Microsoft, Amsn es una alternativa relativamente atractiva. Los que lo han descargado y usado (funciona tanto en Linux como en Windows), se habrán dado cuenta de que los winks (guiños) no funcionan en este programa.
Pues bien, Vijamaro, un usuario de Ubuntu/Kubuntu colocó en su blog Vijamaro y Linux el siguiente tutorial para activar los guiños en Amsn. Personalmente lo probé y aparentemente funciona. ¡Bien por Vijamaro!
Etiquetas:
Amsn,
GNU/Linux,
Guiños,
Instalar Linux,
Live CDs,
Particiones,
software libre,
tutorial
viernes, 3 de septiembre de 2010
SOS! Windows Betrayed ME!!!
Yesterday, as I was inspecting the netbook of a colleague who wants to migrate to Linux (one more customer disappointed by Seven Starter), another colleague told me that she was doomed: the office desktop computer had refused to start and, even though a technician had installed the old hard drive on a new computer for back up purposes, her important files were gone. Those files accounted for a year's work and now they had simply vanished! The biggest problem was that she needed that information for a meeting soon and there was no trace whatsoever of her files.
After hearing her story, I decided to give her a hand. I searched for her files from Windows. Right, Windows was final: there were no files anywhere nor folders with the names my colleague mentioned.
However, I've learned that whenever Windows says "impossible", Linux says "Yessir! Let's do it!"
I inserted my USB stick into the PC and booted SimplyMepis 8.5 from it. My colleague was astonished when I explained to her that the whole system---applications included---were booting from my USB stick and not from the hard drive.
Once on Mepis desktop, I started browsing the PC. Again, she was amazed and asked questions like "But if you are using Linux from your USB, how can you see Windows on the hard drive?"
After some searching, I opened one of the folders Windows refused to open and showed as "empty." All her files were there!
Then, she said "But there is no way you can take them from Windows to Linux, right? After all, those are different systems..."
I thus showed her the complicated way Linux has to copy files from Windows: "Select, copy, paste." Presto, she then had her files on her USB stick in less than a minute!
Now she wants to use Linux, too.
As Mechatotoro stated two months ago, "Nobody takes Linux seriously until..."
People just don't seem to realize that their OS must work for them, not against them!
Etiquetas:
linux,
Linux vs. Windows,
Live CDs,
rescue
Suscribirse a:
Entradas (Atom)