Mike Southby

As promised, an update on where I am at with trying to get a working installation of Microsoft Office 2010 on Ubuntu.

After numerous hours spent trying various options and configurations of WINE I’m still unable to get it working.  Sure, I can get it to install but it won’t run so I can’t really call it a success.  I’ll have some time over the Christmas break so will keep trying and hopefully will have a stable solution soon; these things have a habit of ‘falling into place’ and the answer is usually staring me in the face!

My original post showing how to install Office 2007 can be found here – http://www.mikesouthby.co.uk/2009/11/ubuntu-9-10-installing-microsoft-office-2007

Does anyone actually use the Amazon MP3 app that comes bundled with the Cyanogen ROMs? I’ve always found it annoying that it is not able to be removed from the Manage Applications applet, but of course, there is another way to cleanly uninstall it.

Simply open your Terminal Emulator app and type the following:

su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock03 /system
rm /system/app/com.amazon.mp3.apk

That’s it, no more Amazon!

Of course you can also use this method to remove other apps by changing the appropriate file in the code.  Enjoy!

Recently, Google announced the release of the Chrome OS source code, after all of the build up it turned out to be quite a low key affair but within a few hours, the internet was full of images running within virtual machines such as VMware or VirtualBox.  Soon after, images began appearing which could be transferred onto a USB stick and run directly without the need to install or change any of the partitions on your machine which is great news as it allows you to try the new OS without having to undertake a major upgrade.

Caveat: before you decide to download Chrome OS, there are a few things that you should consider.  Remember that it is still very much in the early stages of development, so it may not work as well as you are expecting.  In fact, depending on your hardware it may not work at all.  You should also fully understand that by design, the new OS is very simplistic as it is intended for use on the new generation of netbook computers.  By definition, a netbook is designed to perform simple tasks.  When Chrome OS is launched, all you get on the face of it is a web browser.  Don’t be too surprised after trying Chrome is you wonder why you bothered in the first place, personally, I won’t be using it again on my machine but that said, I am glad I gave it a try.  Also, don’t forget the obvious, if trying it on your production machine backup any important data first!

OK, so you’ll need a USB drive that you can use to be able to try it out and a BIOS which allows you to choose a temporary boot device so that you can boot from the USB drive once you have the image written to it.  I’d recommend using a USB stick with 4GB of storage capacity.  Remember also to check if you have any files already on it before going any further, you’ll need to back these up in a safe place if so as the USB stick will be repartitioned during the following process.

You will also need a little bit of luck. Chrome OS may or may not work on your computer hardware. I did successfully run it on my Lenovo T61p but it did not successfully recognise the wireless network adapter.  Finally, you’ll need to download the necessary files to put Chrome OS onto your USB stick.

• Download the Chrome OS for USB Torrent [here]

You’ll need a good BitTorrent client like uTorrent to download it.

The torrent has a zip file that includes the disk image, as well as a Windows tool for putting the image onto the USB drive.  The program you’ll use to create the Chrome OS USB boot disk is called Image Writer for Windows.  It’s a great little tool for writing disk images, it’s free, and it’s open source.  You won’t need to download it separately as it is included in the download.

Installing Chrome OS onto your USB Stick

Unzip chrome_os_usb.zip and launch Win32DiskImager.exe to copy the image onto your USB stick.  You may get the following warning when you launch Image Writer if so then simply cancel the error and continue.  The problem is that it will be looking for a floppy disk that’s not there (a:/) so once you have cancelled the error, hit the refresh icon and you should now see the option of your USB stick.  Once you have got Image Writer running, click the folder icon and select the chrome_os.img file (which should be located in the same location as you launched Image Writer from).  Next, click on the device dropdown box and choose the drive letter which corresponds to your USB stick (check in My Computer if you are unsure).  Then, click Write and the program will create a bootable Chrome OS on your USB stick.

Boot up Chrome OS

You’re now ready to boot into Chrome OS!  Leave the USB stick in your machine and reboot, when the machine reboots press the appropriate boot menu key to interrupt normal boot and choose the USB stick as the bootable drive (on my T61p this was F12).  In around 10 seconds you should see the Chrome OS login screen.  Yes, it’s much faster than Windows!  Login with chronos and password.  This will log you into your new system as a local user.  Once you have logged in, you should see what appears to be just a Google Chrome browser.  If you click on the Chrome sphere in the upper left corner, you will see a Google Accounts login page where you will be able to login with your Google Account details and off you go!  If you do not see this page and you get a browser page that says it could not find the page requested, then luck isn’t on your side and it means Chrome OS doesn’t like your network adapters.  If this is the case you could of course always retry from within Windows in a Virtual Machine.  If you were able to successfully log in, you should now see the application page.

As you can see, all of the applications are in the cloud.  All of the applications that you can see on the application page bring up different webpages and everything you do takes place within the browser.  As I said at the start of the post, a lot of the stuff isn’t working yet, this is all still under development.  You’ll also see right at the top of the application page a message that says UI under development.  Designs are subject to change.  This means what it means so please don’t ask me why certain things are not working!

Let me know if you manage to get Chrome working properly and your thoughts.  Enjoy!

It’s been a while since I last posted, I caught the dreaded swine flu and have been laid up for some weeks now; whilst I don’t think it was any worse than seasonal flu, I wouldn’t recommend it to anyone, nasty stuff.  Still, I’m back now in case you were wondering where I had gone.

Being that I haven’t done much over the past few weeks I haven’t really got much to talk about, but thought I’d share some interesting facts I read last week in one of the journals I subscribe to.  The article centred on password security, something close to my heart being as I act as sysadmin for various businesses.  The article detailed some recent results which had been conducted by the Microsoft Malware Protection Centre, some of them were quite shocking actually considering the world in which we live in today and the precautions we ‘should’ be taking as sysadmins.

Microsoft essentially configured a system and invited automated attacks so that they could monitor the attacks and try to better understand the methods used.  As you will be able to see in the results, the length of the passwords is quite interesting, mainly because the average length according to the data collected is 8 characters and that’s very close to the length of the passwords that many people use for their internet accounts.

So without further ado, here are the findings.

The survey found that the longest username used was 15 characters; the longest password was 29 characters.  The average username length found in the survey was 6 characters and the average password length was 8 characters.

Here is a top 10 list with the most common user names used in the automated attacks, the number in brackets is the amount of instances found:

1. Administrator (136971)
2. Administrateur (107670)
3. admin (8043)
4. andrew (5570)
5. dave (4569)
6. steve (4569)
7. tsinternetuser (4566)
8. tsinternetusers (4566)
9. paul (4276)
10. adam (3287)

And a similar list for passwords:

1. password (1188)
2. 123456 (1137)
3. #!comment: (248)
4. changeme (172)
5. F**kyou [edited] (170)
6. abc123 (155)
7. peter (154)
8. Michael (152)
9. andrew (151)
10. matthew (151)

So what does all this mean?  Well, most importantly it says that as sysadmins we should all have strict password policies in place, users should take good care of what usernames and passwords are being chosen.  If the account has no limit on the number of login attempts (if not, why not?), then knowing the username is giving the attacker a significant head start in breaching your system.  It’s amazing how many systems I have come across that still use ‘administrator’ as a username, looking at the top 10 list of usernames used in automated attacks, I’m amazed why sysadmins do nothing about this obvious flaw in their design.  I can’t stress enough, username and password combinations should not be chosen lightly.

Usually when an end-user chooses a password, they choose something that is either easy to remember or easy to type, but we must all remember that for now at least, those passwords are also most commonly used for authentication on the internet so they really do need to be strong.

The three basic things to remember when creating a strong password are the following:

• Use a combination of letters, numbers and special characters.  Also, remember that some dictionaries have an ‘l33t’ mode, which allows common letter/number to special character substitutions (like changing a-@, 1-1, o-0 and s-$ for example password-p@$$w0rd).  Therefore they must be mixed in different ways so that they are not predictable.
• Use a combination of lower and upper case letters.
• Make it lengthy.  A longer password does not necessarily mean it will be stronger but it will help in a lot of cases.
• Random rules!

A good friend of mine has developed a simple password generating engine which is available freely by visiting http://www.random-password.net.  To check if your passwords are strong, Microsoft has a password checker which is available here.

The moral of the story is to choose the password policy wisely.  Act now, tomorrow may be too late.  I can’t stress the importance of password policies enough, I suggest all sysadmins who may stumble across this post revisit theirs as a priority.