Developing java application fro windows 7 ?
Then look at this library, it might help integrate better with windows 7.
Not a "must have" but your users will appreciate it as a "nice to have".
And 50% of application functionality are "nice to have"
http://www.strixcode.com/j7goodies/
Monday, January 17, 2011
Wednesday, January 5, 2011
Your computer has no CD/DVD drive ?
A simple way to install most older and current linux systems is by creating a bootable USB stick.
Some distributions have a option to do this from the live CD, but you still have to first boot from that downloaded iso file.....
Here is a simple flexible solution:
http://unetbootin.sourceforge.net/
Just follow then instructions.
Beside this:
Some distributions have a option to do this from the live CD, but you still have to first boot from that downloaded iso file.....
Here is a simple flexible solution:
http://unetbootin.sourceforge.net/
Just follow then instructions.
Beside this:
UNetbootin can also be used to load various system utilities, including:
- Parted Magic, a partition manager that can resize, repair, backup, and restore partitions.
- SystemRescueCD, a system repair, backup and recovery tool.
- Super Grub Disk, a boot utility that can restore and repair overwritten and misconfigured GRUB installs or directly boot various operating systems
- Dr.Web Antivirus, F-Secure Rescue CD, and Kaspersky Rescue Disk, which remove malware from Windows installs.
- Backtrack, a utility used for network analysis and penetration testing.
- Ophcrack, a utility which can recover Windows passwords.
- NTPasswd, a utility which can reset Windows passwords and edit the registry.
- Gujin, a graphical bootloader that can also be used to boot various operating systems and media.
- Smart Boot Manager (SBM), which can boot off CD-ROM and floppy drives on computers with a faulty BIOS.
- FreeDOS, which can run BIOS flash and other legacy DOS utilities.
Tuesday, December 14, 2010
Group policy for password changing
Here some nasty info, when adding a password policy to a ADS:
- Password policy can only be set at the domain level.
If you like to have different password policies, you have to
- create a subdomain
or
- change to server 2008, where you can use Fin grained password poliy, that gives you the option for using different password policies.
or
- You look out for a a 3rd party tool
What might be the technical reason for this ?
The whole login/authorization of windows (before windows 2008/Vista) is based on NTLM, which basically means you are logging on into a NT style domain.
So all users in that domain have the same (NT style) password restriction.
If all your systems are Windows 2008 or newer, then kerberos is used for authentication/logon, and here apparently password policies are applied as normal users would think.
Monday, November 15, 2010
Upgrading CentOS 5.4 to 5.5 32Bit DomU on a Xen 64 Bit Dom0
Normally upgrading centos is very simple by doing a
yum update
But when you run centos as a 32bit DomU under a 64 Bit Dom0 server, you will receive strange error messages.
This is due to the fact, that the rpm command looks at the installed kernel, and that one is a 64bit build. So it then trys to move everything to 32 AND 64 bit.
To prevent this, just create the file /etc/rpm/platform and place the line:
After this, all the yum rpm commands work fine, since they are fixed to the i386/i686 platform. No confusion about the 64bit kernel.
yum update
But when you run centos as a 32bit DomU under a 64 Bit Dom0 server, you will receive strange error messages.
This is due to the fact, that the rpm command looks at the installed kernel, and that one is a 64bit build. So it then trys to move everything to 32 AND 64 bit.
To prevent this, just create the file /etc/rpm/platform and place the line:
i686-redhat-linuxin it.
After this, all the yum rpm commands work fine, since they are fixed to the i386/i686 platform. No confusion about the 64bit kernel.
Wednesday, November 10, 2010
ipv6 in the wild
In the last year we did many steps toward ipv6 enabling our networks and servers.
Many things are simple, but there are also many pitfalls.
Here some infos about ipv6 in Ubuntu/Debian
- The Ubuntu distribution 9.04 and newer have good IPv6 support, most applications work with ipv4 and ipv6. Some applications however have problems with ipv6 addresses in some places. Here a upgrade to the most recent 10.10 release solves many issues.
- Debian, yeah, most things work fine in lenny, you can do most things you need, but there are still a few places where you may stumble. The real "full" ipv6 support is coming up in squeeze.
Here a two places where you might struggle:
- Assigning a static IPv6 address in debian lenny just does not work....
Nothing to worry about on workstations/desktops, but on firewalls and servers... it would be nice to always have the same ipv6 address assigned.
The reason for the problem is, that when the eth0 interface (or any other) is activated, the kernel module ipv6 is not yet loaded. So it's not possible to assign the ipv6 settings specified in the /etc/network/interfaces file.
The simplest solution is to just add ipv6 to the file /etc/modules (and rebuild the initramfs), that way ipv6 is directly loaded on boot and everything works as intended.
- RSYNC has only partial ipv6 support.
What does this mean ?
Rsync is able to resolve host names into ipv6 addresses and then connect to them via ipv6.
But if you with to specify the ipv6 address of the host directly on the commandline, then it fails parsing the address.
The simplest way to solve the problem is to install the rsync from the debian backports.
Don't forget, ipv4 addresses are running out in the next year, so prepare slowly to add ipv6 support to your network.
You don't have to do it in a big-bang way, rather just implement it step-by-step.
Many things are simple, but there are also many pitfalls.
Here some infos about ipv6 in Ubuntu/Debian
- The Ubuntu distribution 9.04 and newer have good IPv6 support, most applications work with ipv4 and ipv6. Some applications however have problems with ipv6 addresses in some places. Here a upgrade to the most recent 10.10 release solves many issues.
- Debian, yeah, most things work fine in lenny, you can do most things you need, but there are still a few places where you may stumble. The real "full" ipv6 support is coming up in squeeze.
Here a two places where you might struggle:
- Assigning a static IPv6 address in debian lenny just does not work....
Nothing to worry about on workstations/desktops, but on firewalls and servers... it would be nice to always have the same ipv6 address assigned.
The reason for the problem is, that when the eth0 interface (or any other) is activated, the kernel module ipv6 is not yet loaded. So it's not possible to assign the ipv6 settings specified in the /etc/network/interfaces file.
The simplest solution is to just add ipv6 to the file /etc/modules (and rebuild the initramfs), that way ipv6 is directly loaded on boot and everything works as intended.
- RSYNC has only partial ipv6 support.
What does this mean ?
Rsync is able to resolve host names into ipv6 addresses and then connect to them via ipv6.
But if you with to specify the ipv6 address of the host directly on the commandline, then it fails parsing the address.
The simplest way to solve the problem is to install the rsync from the debian backports.
Don't forget, ipv4 addresses are running out in the next year, so prepare slowly to add ipv6 support to your network.
You don't have to do it in a big-bang way, rather just implement it step-by-step.
Monday, October 25, 2010
Collect linux statistics with collectd
Collectd is a great tool to collect various parameters of a running linux installation.
It can monitor disk space, cpu load, temperatures and much more.
One thing to note, is that collectd can cause system load by itself.
To prevent this, enable caching in the rddtools.
For more details read on in this post:
https://jeremy.visser.name/2010/02/23/enable-caching-in-collectd/
It can monitor disk space, cpu load, temperatures and much more.
One thing to note, is that collectd can cause system load by itself.
To prevent this, enable caching in the rddtools.
For more details read on in this post:
https://jeremy.visser.name/2010/02/23/enable-caching-in-collectd/
Thursday, October 21, 2010
IPSec VPN with AVM 7170 / 7270 and linux (Ubuntu) OpenSwan and Dnydns
With the current Firmware the AVM ADSL routers 7170 and 7270 support creating IPSec VPN's.
That makes them interesting for connecting remote offices, small point of sales etc. to the enterprise network, also when the remotes don't have a fixed IP address.
Unfortunately the documentation of the IPSEC stuff from AVM is "very limited".
TO get it working it's important to configure the correct settings in the VPN configuration file for the AVM routers.
The wizard for creating the VPN config files generates something like this:
To be able to connect to a openswan/linux server, we have to twea some settings:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "IP_OF_ENTERPRISE";
always_renew = yes; // Make sure the connections autostarts
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "remote.dyndns.org";
localid {
ipaddr = IP_OF_ENTERPRISE;
}
remoteid {
fqdn = "remote.dnydns.org";
}
mode = phase1_mode_idp; // Change this from aggressive to normal mode
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "**********";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.10.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 172.18.1.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-3des-sha/ah-no/comp-no/pfs"; // this is the compatible setting for openswan
accesslist = "permit ip any 172.18.1.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
In the avm documentation you see the possible combinations of phase1ss and phase2ss. It is important to know, that ONLY the listed combinations work. So you can't use other non-listed combinations. (Took me a whole day to figure out)
On the openswan side you have to define a connection like this:
and of course in the ipsec.secrets you have to add the PSK
Currently we have a problem, that when the fritz boxes receive a new public IP,
the openswan does not always update the IP address for the connection.
This can be partially solved by upgrading to a more recent openswan version (2.3.16 or newer), which does a dns resolve when the vpn tunnel breaks.
But sometimes it still hangs in a state where it receives IPsec packets and drops them because they do not match the old resolved ip.
That makes them interesting for connecting remote offices, small point of sales etc. to the enterprise network, also when the remotes don't have a fixed IP address.
Unfortunately the documentation of the IPSEC stuff from AVM is "very limited".
TO get it working it's important to configure the correct settings in the VPN configuration file for the AVM routers.
The wizard for creating the VPN config files generates something like this:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "IP_OF_ENTERPRISE";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "remote.dyndns.org";
localid {
ipaddr = IP_OF_ENTERPRISE;
}
remoteid {
fqdn = "remote.dyndns.org";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "**********";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.10.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 172.18.1.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 172.18.1.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
To be able to connect to a openswan/linux server, we have to twea some settings:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "IP_OF_ENTERPRISE";
always_renew = yes; // Make sure the connections autostarts
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "remote.dyndns.org";
localid {
ipaddr = IP_OF_ENTERPRISE;
}
remoteid {
fqdn = "remote.dnydns.org";
}
mode = phase1_mode_idp; // Change this from aggressive to normal mode
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "**********";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.10.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 172.18.1.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-3des-sha/ah-no/comp-no/pfs"; // this is the compatible setting for openswan
accesslist = "permit ip any 172.18.1.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
In the avm documentation you see the possible combinations of phase1ss and phase2ss. It is important to know, that ONLY the listed combinations work. So you can't use other non-listed combinations. (Took me a whole day to figure out)
On the openswan side you have to define a connection like this:
# VPN connection for remote.dyndns.org
conn remotedyndnsorg
right=remote.dyndns.org
rightid=@remote.dyndns.org
rightsubnet=172.18.1.0/24
left=IP_OF_ENTERPRISE
leftsubnet=192.168.10.0/24
auth=esp
pfs=yes
authby=secret
dpddelay = 20
dpdtimeout = 60
dpdaction=hold
auto=start
keyingtries = %forever
keylife=45m
rekey=yes
ikelifetime=20m
compress=no
and of course in the ipsec.secrets you have to add the PSK
Currently we have a problem, that when the fritz boxes receive a new public IP,
the openswan does not always update the IP address for the connection.
This can be partially solved by upgrading to a more recent openswan version (2.3.16 or newer), which does a dns resolve when the vpn tunnel breaks.
But sometimes it still hangs in a state where it receives IPsec packets and drops them because they do not match the old resolved ip.
Subscribe to:
Posts (Atom)