Author Archives: benfranske - Page 7

Creating free installers for Windows applications

Posted by on January 8, 2007 Comments Off on Creating free installers for Windows applications

On a recent trip around the web I discovered two open source tools that allow you to create installer packages for Windows applications. The Nullsoft Scriptable Install System (NSIS) has been around for quite a while, I even used it once upon a time to package up a few scripts of mine. A chief complaint at that time was that it didn’t look or operate in the same way the Microsoft Installer (MSI) programs did which has the potential to confuse some users or make them feel that your software was of a lesser quality. In fact recent versions of Mozilla Firefox, Gaim, OpenOffice and many other popular applications use NSIS for the installer. An interesting thing about NSIS is that you can cross compile the Windows installer on POSIX OSs such as Linux.

An alternative to NSIS is Inno Setup which has been around since 1997 when the author grew frustrated with InstallShield Express (ahh the days of InstallShield). Since that time a community of support for this installer has developed leading to tools such as ISTool, a graphical intergface for creating the installer script. One of the interesting things about Inno Setup is the extensive support claimed for installing 64-bit applications, something bound to catch developer’s eyes as more consumers move towards 64-bit computing.

The open source library, for books that is

Posted by on January 6, 2007 Comments Off on The open source library, for books that is

One of the things that really warms my heart is to see governmental and pseudo-governmental agencies (which often have quite limited budgets as individual entities but collectively have both talent and money) contribute to the common good (and help themselves) by creating open source software which meets their needs and the needs of their peers. This is a great example of how there are a lot of agencies in different geographical areas paying for the same software but which could work collaborativly to develop open source solutions saving everyone money.

The example coming to mind right now is the Georgia PINES library consortium which has developed a free ILS (integrated library system). Libraries often pay quite a bit of money to commercial vendors for nightmarish ILS systems and these fees can easily break the budget for smaller library systems or standalone libraries. A solution like this is an excellent opportunity to have some control over the development of features and costs while contributing back to peer libraries.

From congress to you

Posted by on January 6, 2007 1 comment

Because of my historical association with providing an audio recording of the yearly presidential state of the union address to the Internet Archive project I’m interested in avoiding any chance of copyright infringement by getting my audio as far upstream as possible. Last year I wrote to my congressional delegation and asked a fairly simple question about how congressional programming got from the floor to me on C-SPAN (a public-private partnership which does have some copyright issues). I did get a couple of calls asking for clarification on my question. Apparently it’s not one they get asked a lot because they needed to go do some research. Eventually I got answers, but not good ones. I was able to learn about how the house and senate are responsible for creating the video of floor proceedings and even some about the specific departments responsible but nothing about how C-SPAN is able to get a split of that feed or how I might be able to. Anyway, I got busy with other things and haven’t really thought about it until recently when these two things came to my attention.

The first is the METAVID project at the University of California (Santa Cruz) which is capturing, archiving and streaming legislative proceedings. I thought they might have an in to an pre-CSPANified feed of proceedings which is why I looked into it, but it seems they are actually just taking the C-SPAN feed and covering the logo and text which are copyright C-SPAN, not the really copyright unencumbered answer I am looking for.

It also came to my attention that C-SPAN’s president has been out campaigning for “independant camera” access to the house and senate floor. This sounds like a good thing until you look at what it means. It means that instead of the government produced feed of floor proceedings we now get (and which is public domain) what you get on C-SPAN would be under their copyright control allowing for no reuse, etc. As my initial inquiry suggested last year it seems quite difficult to get a non C-SPANified feed now but at least even the C-SPANified version now is at least in murky copyright waters and not clearly owned by C-SPAN. Thankfully the changes proposed by C-SPAN have been rejected by congressional leadership for the time being but it’s critical to remain vigilant. At the very least I would like to think that completely public domain proceedings would be available live on a free-to-air satellite so they could be viewed, archived and distributed by people such as myself without fear of legal attacks.

Samba as PDC for a small domain

Posted by on January 6, 2007 Comments Off on Samba as PDC for a small domain

One of the changes in my recent server upgrade was moving from using Samba on Linux as a workgroup server to making it a primary domain controller and implementing a small domain. I’m still waiting for O’Reilly to publish their updated Samba book which comes out this month so in the meantime I turned to the internet for answers.

What I found was a jumble of things using a variety of different methods of configuration to accomplish this. Needless to say I spent quite a bit of time untangling all this different (and sometimes conflicting) information. Although my server runs Debian the singlemost useful resource was this howto from the Gentoo wiki. The domain is up and running but the jury is still out on whether this is actually useful enough to justify the extra setup time and headache for such a small (six client PCs) installation.

Cisco 7940/7960 SIP Firmware

Posted by on January 6, 2007 5 comments

October 2008 UPDATE: It seems that Cisco has re-arranged things on their website again and I can no longer find a free SIP image. If I find them on the Cisco site again I’ll post updated information, until then Google is your friend and Cisco SIP images are easier to find floating around the Internet than they were when this was originally written.

When I first started using Cisco 7960 phones with the open source Asterisk PBX I had to jump through a lot of hoops like getting SMARTNet contracts and CCO access to download SIP firmware (to replace the SCCP protocol based one) I could use on the phone. Since that time things have gotten much easier (much being a relative term). If you have a phone with very old SCCP or SIP firmware you may still need CCO access to download older SIP firmware and upgrade the firmware loader but if your phone has newer SCCP, MGCP or SIP firmware you can now download the SIP v8.2 firmware (without Cisco CallManager support) for free from the Cisco website. The two other catches are that the firmware isn’t quite the newest (at writing the newest is v8.6) and that the links are quite difficult to find on the Cisco site.

Lucky for you I’ve located this page on the Cisco website which allows you to download v8.2 and the relase notes that go along with it for free. Of course, like most Cisco products, the 7960s are not designed for consumer use but to be managed in large numbers by trained IT staff. I think this is one reason that Cisco has been slow to make firmware available for free. If you look on various message boards and websites you’ll see a lot of people who are unsuccessful in getting these phones to work. I hate to say it but most of the time this is because they have no idea what they’re doing. The phones themselves are not faulty and there are specific reasons why things like TFTP configurations are recommended (easy central management in a large company) and there is poor configuration through the phone itself and no web configuration interface (saves image space). On the other hand, if you take the time to learn “the Cisco way” you’ll find you have an excellnt phone that sounds and operates remarkably better than the consumer based options.

TV for IT

Posted by on January 6, 2007 Comments Off on TV for IT

I was recently introduced by friends to the British sitcom “The IT Crowd“. This is quite a funny show appealing to both technically inclined and normal people. In fact, it’s been a long time since I’ve found a sitcom that is as fun as this. So far only one short season (6 episodes) have aired in the UK and later in Australia but more have been filmed and will be shown this spring.

In doing a little research I found out that NBC is actually planning to bring this to the US. Hopefully, they do a good job and retain some of the trademark British quirkyness. I’d like it if someone would show the British episodes in the US as well. The first season is out on DVD (including some nifty extras such as l33t sp33k subtitles) but there are two problems. The first is obviously region encoding, but that’s easy enough to get around; the second which is a bit more challenging (especially when you want to reatin the extra features) is the encoding for the PAL standard. Hopefully someone can make these available in the US as well!

Chaining LVM with software RAID for a scalable server

Posted by on January 4, 2007 Comments Off on Chaining LVM with software RAID for a scalable server

I recently procured and configured a new storage server and knew I wanted a scalable, redundant way of storing the large amount of data this server will hold. Despite what Steve Gibson has said about the so-called hardware RAID on modern motherboards it’s dangerous! It’s not really a hardware solution and requires that the same propriatary chipset be used to recover the data which is a dangerous thing to rely on when it’s your data you need back.

Sidebar: One of these days I’m going to get around to creating a blog or netcast devoted to correcting the misinformation on TWiT and SecurityNow (I understand that it’s difficult for them to stay on top of all this, but speculating on what you don’t understand in front of hundreds of thousands of people who worship the ground you walk on is a poor choice and seems to happen more often that I think is acceptable). They need a technical editor and fact-checker and since they apprently aren’t doing it in house someone else should.

Anyway, with modern processing power there’s little reason to use hardware RAID in a much other than a large corporate environment (or if you like spending a good sized chunk of money). I’ve had good luck with the Linux mdadm software RAID and have actually been impressed with how well it works. What I have not done is to utilize LVM (logical volume manager) to make it a more scalable solution where drive size can be increased or drives added down the road.

In preparation for this configuration I read a great howto on the topic which you can find on the JerryWeb Wiki. Things went quite smoothly and I’ve been very happy with the configuration so far which includes four SATA II drives (with working hot-swap capability in a drive cage) in a RAID 5 array. As soon as I get another AHCI SATA controller in I’m going to be adding another drive to the array so we’ll see how easy the LVM makes that!

Offline Windows Patching

Posted by on January 4, 2007 Comments Off on Offline Windows Patching

Not that long ago I ran across some nifty scripts from the British Heise-Security site. These scripts allow you to automatically download Windows updates for offline installation on other systems (a great idea, espcially before you connect a brand new installation to the Internet). The scripts even go so far as to create an ISO for a CD or DVD which will allow you to easily install the updates on other machines. The list of updates is actually gathered for a file published online by Microsoft for use with their Baseline Security Analysis tool so it stays up to date automatically without the need to constantly update the scritps as with some other similar programs.

Unfortunatly the scripts are command line based and do not allow for easy slipsreaming into a new Windows XP installation CD which is the golden egg for me. Ideally soemthing like this would be integrated into a tool such as the excellent nLite OS slipstream tool which I have mentioned before. All the better if such a solution were open source. If you’re aware of anything like this please comment here and share the wealth of knowledge!

Adding Greylisting and SPF support to Postfix

Posted by on January 4, 2007 Comments Off on Adding Greylisting and SPF support to Postfix

For quite some time now I’ve been running my own Linux (Debian w/ Postfix) mailservers. For the past several years I’ve had good luck basing my installations on the fantastic instructions available at workaround.org but this summer even these systems were failing to filter a lot of my spam. Naturally, I went looking for other anti-spam technologies I could add.

For a few years now I’ve published SPF records for my domains and I’m a strong believer that wider implementation of SPF would greatly reduce the amount of spam using forged addresses. Anyway even though I had been publishing SPF records I had not gotten around to implementing SPF checks on my own server so this was one thing I was looking for.

Another was that I had heard a little bit about something called greylisting. Greylisting is a process by which mail from unknown senders is initially bounced with a “service temporairly unavailable” message but when the remote server tries a second time after waiting some period the message is allowed through. This works on the premise that real mail servers which comply with the mail RFCs will keep retrying to send a message until it goes through or a hold timer expires (usually several days) but spamming programs (often trojans on unsuspecting users’ systems) will only try once. Obviously this won’t stop all spam, especially that from legitimate companies using legitimate spam servers and it could easily be bypassed by the trojan writers by trying to send a message several times. I beleive the latter has not happened because of the additional processing overhead this would create and so far it’s simply not efficient for spammers to track all this.

Eventually I settled on implementing both SPF checking and greylisting based on this guide. The guide actually contains a full howto on setting up a Debian/Postfix mailserver similar to the workaround.org guide I mentioned before. I have only briefly glanced at this other information as I already had a working mailserver but I can say that the method they propose is quite similar, but not entirely the same as the workaround.org method.

Since implementing these changes my own mailserver has been rejecting much more spam (without any increas in false positives) than before. When I temporairly turned this off to migrate to a new mailserver I immediately saw a marked increase in spam getting through. While I have not tested it extensively it is my belief that more is being stopped by the greylisting than the SPF, mostly because many domains do not yet publish SPF records (though several large ISPs which are commonly spoofed now do).

Submarine Cable Resources

Posted by on January 2, 2007 Comments Off on Submarine Cable Resources

Being a network geek I’m naturally interested in submarine (sometimes called underwater or undersea) cables used to make internet and voice connections across oceans. I recently had the opportunity to spend a brief amount of time researching these and found a few useful sites.

The Eyeball-series website has two pages, one describing cables under the Atlantic Ocean and another for cables under the Pacific Ocean. They list origination and termination points of cables along with maps indicating roughly where they cross.

The International Submarine Cable Protection Committee has several interesting pages including a narrative history of submarine cables, timeline of submarine cables and a database of cables which did and do exist among others.

The Smithsonian Institute has an online exhibition about submarine cables and has arranged for the 1959 book The Atlantic Cable by Bern Dibner to be readable online.

Finally, Alcatel/Lucent has some animations showing the laying of a submarine cable and the repair of a submarine cable.