Book Report – Little Brother

Title: Little Brother Author: Cory Doctorow

Set in mid-2000s San Francisco, Cory Doctorow's Little Brother brings a tale of what can go wrong when yuo have a society that values compliance over independence.

A story of technology innovation, hacker culture, information sharing and data freedom all set against the backdrop of a modern-day terrorism nightmare. Cory Doctorow highlights a number of different things in our everyday world that allow other people to learn more about you, to track you and build a profile about you. These are extended to the next level in Little Brother talking about some of the what-ifs and could-bes that today's technology could allow.

You can get a copy of the book online for free, that's how the author has always released his material. Doctorow has been a strong believer in the Creative Commons and has managed to work out deals with publishers that allow that to happen. But if you do, and if you enjoyed it, buy a copy for a library or a school in your neighbourhood. Give someone else a chance to read a paper copy of the book.

Server Hardening Strategies

Staying secure is a full-time gig. It doesn't matter whether we're talking a datacentre or your smartphone, there are always steps to be taken to keep your machines and your data as safe as possible. With the increasing popularity of virtualization for applications and services and the ability for people to "roll your own" cloud comes the need to secure those machines. This becomes increasingly challenging when you consider the fact that by their very nature these machines are constantly exposed to the Internet.

Minimize Your Attack Surface

Don't install it unless you need it One of the best things you can do to harden a server environment is to take a minimalistic approach. Don't install components that you think you "might need" somewhere down the road, or things that are optional or unnecessary.

Do you need a database? Do you need to install PHP or ASP.NET? What do you need for your project? Take stock of all the components you need to have to implement your solution or your project and install just those pieces.

Uninstall it when you're done with it If you have components that are no longer needed, remove them. Old versions of tools or frameworks, services or server components that are no longer required, or documentation and information which no longer needs to be published, are all examples of things that can be removed.

Understand how to secure it Know your tools. Become a professional. If you're going to install something, take a few minutes and just search for "how to secure [insert application name here]." This will inevitably give you a ton of solutions and options for securing tools.

Secure Remote Access

Being able to access your server or environment remotely is key, particularly in this age of cloud-based virtual environments. To that end there are three things you can do to help secure that remote access and reduce the attack surface.

Change SSH port Security by obscurity. On its own this isn't a valid strategy, but as one more measure for helping to secure the machine it is certainly helpful. By changing away from the default SSH port you make it that much harder for attakers to determine what services are exposed on your server and where they might be hiding.

Disable root SSH access The root account does not need to access your server over SSH. Period.

Require key-based access Securing access over SSH with a public/private key pair makes accessing an account over ssh much more challenging. Only the best passwords are even remotely secure, but those strong complex passwords are frustrating to use and often lead to insecure shortcuts to make data entry easier.

If you go the extra step of also requiring a passphrase for that key you have, for all intents and purposes created two-factor authentication for your server without having to implement any third part token systems or have a complicated keying setup.

Read Your Logs

Your system will log a whole bunch of information day in and day out. There is potentially a lot of information in these logs that just goes unnoticed unless someone actually reads it. Think of it as Schroedinger's logs -- the data about problems or possible attacks both exists and doesn't simultaneously. We won't know for sure until we look.

Some key log files to monitor are: * /var/log/auth.log or /var/log/secure * /var/log/faillog * /var/log/boot.log * /var/log/httpd/*

Go forth. Secure your server(s). Look after yourself.

Image credit: Blue Coat Photos on Flickr

Vivaldi – Chrome Reimagined

For several years I've been wanting to make the switch to Chrome from Firefox, but the lack of a couple of key plugins has held me back. One of these was the way that windowed plugins were handled initially (the popup for LastPass in Chrome was hideous, but that's no longer an issue.)

The bigger issue for me was the lack of a good vertical tabs plugin for Chrome. I've tried several tabs but none of them seem to work the way I've gotten used to with the venerable Tree Style Tabs in Firefox.

Enter, Vivaldi. This is a Chromium-based browser that offers a lot in terms of UI customization over the stock Chrome implementation.

With tab handling in particular there's a lot to like about Vivaldi. The vertical tab bar allows you to take advantage of the vast amount of horizontal real estate modern wide-screen monitors provide. By placing your Windows Taskbar or MacOS Dock on one edge of the screen and your browser tabs on the other you give yourself the maximum amount of vertical space for your browser to display content.

Vivaldi also offers "tiled" tabs which give a much larger surface area and a live preview of tab content. This is useful for quickly locating what you need in a more visual way.

The biggest drawback to Vivaldi compared to its more established counterparts is the lack of synchronization for settings and extensions. Not being able to quickly establish the same browser environment across multiple machines (never mind mobile) is a pretty substantial stumbling block. Add to that the lack of a mobile browser and the platform just seems incomplete.

I really enjoyed using Vivaldi for the time that I had it installed. Being able to take advantage of Chrome/Chromium features was a big plus, but ultimately the lack of a good sync option was a deal breaker for me and I've had to return to using Firefox for the time being.

Think Different(ly)

In a recent conversation with Knightwise we were musing that it doesn't seem that it's very long since we were both ragging on Dave to get off Windows and get a Mac. Today we're both seriously entertaining the possibility that our next primary computing device might be running an OS from Redmond. What changed? Has Windows gotten that much better?

Yes. It's undeniably better.

But we're also different.

And Apple is different.

I think when we switched to the Mac we saw it as the Valhalla of everything we were looking for. A better system with a unix terminal which would give us the best of both worlds: open source, and a first-class GUI driven OS.

In a lot of ways the Mac hasn't progressed since the Intel transition. Sure there have been feature additions, and if you use iOS regularly there is a lot to help you work with those devices and in that ecosystem.But for switchers and sliders there hasn't been significant change in the Mac operating system for the better part of a decade.

Long in the Tooth

And the hardware? Well as of this writing, the best rating for the "when to buy" page for Macs is a neutral rating for the Macbook Pro.

  • iMac: 16 months since last refresh
  • Mac Mini: 28 months since last refresh
  • Mac Pro: 38 months since last refresh

These machines need some love if you expect knowledgable people to buy them. And if you don't well then I guess that'll be where we part ways.

  • Mac Pro
    • Ships with a CPU released in September 2013
    • Costs the same as it did when it was new
    • Pretty much every component is outdated
  • Mac Mini
    • The best CPU option was released in July 2014 -- there have been 3 generations of i7 CPUs since then
    • The max RAM is 16GB
    • Costs the same as it did when it was new

And Windows? Well you can get BASH on Windows now, on reasonably inexpensive and current hardware.

Book Report – Hamlet’s Blackberry

Title: Hamlet's Blackberry Author: William Powers

I've been trying to get this book read for about the last 18 months. It had come highly recommended by a friend who found the book to be a good look into the technological overload of our modern times, and the inherent constant connectivity to the crowds provided by the Internet.

It took me quite a while to get into this book. Powers' continual assertion that the technology that we have come to rely on is disconnecting us from ourselves, and our reality. The same technology that we use to keep us connected and allow us to collaborate and communicate with people all around the globe was, in turn, not allowing us to actually experience and enjoy that connection because it's giving us the attention span of a squirrel on speed.

Ultimately there's more to it than that. Unfortunately Powers doesn't get into most of the rest of the minutiae and the possibilities for managing the technology that tries to take over. It feels like 80-90% of the book is spent framing the problem and drilling it into your head over and over again without offering much in the way of strategies or tactics to deal with it.

Overall, this book is ok. It raises some valid points and will make you think about just how critical it is to have your phone on your bedside table (I use mine for an alarm clock, so I left it where it is) but it does little to help address these challenges.

Creating Spaces in MacOS

Virtual desktops are an extremely useful feature of modern operating systems. It's a feature that provides some of the benefits of multiple monitors without the extra space or expense of adding more displays to your computer. Generally speaking the feature allows you to group together windows on one or more additional logical desktops without the need for multiple monitors.

Preference pane for Mission ControlOn the Mac this feature is known as "Spaces" and was originally introduced way back in OS X 10.5 "Leopard", and was integrated into the Mission Control preference pane a couple of years later. This merge into Mission Control works very well, as long as you know where to look — because the preference pane doesn't really tell you where it is or how to find it.

Mission Control view of spacesTo create a new space, or desktop you need to launch the Mission Control interface. This can be done either by pressing F3 on a modern Mac (or fn-F3 if you have your function keys enabled by default), pressing ctrl-Up or by doing a 4-finger swipe up on a trackpad. Once you open up Mission Control you can see a plus sign on the far-right hand side of the screen. Clicking that will allow you to add a new Space to your Mac. You can add up to 15 new virtual desktops, to your system.

Once they're created you can switch between spaces a few different ways: 1. Four-finger Swipe: performing this swipe left or right will move you between desktops. 1. Ctrl-arrows: Holding down the ctrl key, and pressing the left or right arrow will move you between desktops. 1. Cmd-tab: Using the regular application switcher will move you to the first space where that application is open. 1. Mission Control: You can select a space directly from Mission Control to activate it.

Once you find it, this is a very useful feature, and can make operating on a smaller screen (like my 11" Macbook Air) a lot easier by allowing quick and easy context switches to move from browsers to text editors to terminal windows. It's something I definitely recommend if you've never tried it before.

Grand Plans

I have a habit of coming up with (grandiose) ideas for things I want to do. Be they small things or large things, or amorphous life goals, I talk a lot and tend to be rather stingy on the follow through. Sometimes these goals are stopped by other projects, sometimes they're stopped by my "better judgement" when I talk myself out of them, sometimes is exhaustion, sometimes it's pure laziness. Whatever the reason or excuse I don't do nearly as much doing as I feel that I should, or that I want to.

Tonight I was mulling these things over as I proceeded about my cleaning and folding of laundry and had a minor brainwave about a couple of the projects that seem, on the surface, to be complementary but were leaving me in a loop of "I want to do x, but I really should do y first. But y is hard and will take a long time, I can't take that on right now."

So I'm not going to do y — probably ever — and I'm ok with that. I can move on with x, and if I break x up into reasonable size pieces, I might be able to do some other things in between those pieces.

I've started on piece #1, and really don't want to stop. It pays to know my own tendencies and make the decisions that can capitalize on some and minimize the effect of others.

Intentionality and the Struggle with Perfectionism

Wow. It's been a while since I posted something. Not the first time there's been a big gap, and probably not the last, so let's not dwell on that.

Something that's been on my mind for a while now and kind of relates to me not getting blog posts written is the idea of not being organized to get done what you want to get done when you want to get it done. Part of it is organization and part of it is motivation. However in my case another part of it is my constant struggle with perfectionism and over-planning.

This may sound surprising to anyone who's ever seen my office (or my car) but it's a real challenge for me on anything that I'm trying to create. I tend to get sucked into the constant battle of doing things "right", following all the best practices, and most dangerously, trying to get all of that done before I begin work on the project. The ultimate result of which is that the projects never get started.

I also struggle with this in my day job, but since those nice folks are paying me I end up having to start before I feel things are ready to avoid missing deadlines. This means I get things done, and people are typically happy with them, but I always feel like there could have been a better way and ultimately I'm not happy with the results.

I had a conversation with a friend of mine and that resulted in his creating a podcast about getting things done. I'm glad I was able to inspire someone, and it sort of inspired me. I listened to that show about four times over the next couple of weeks trying to figure out the magic, the secret, the hidden gem of wisdom. I didn't find one.

Yesterday it hit me as I was out for a rather long late-night drive. The podcast itself was the answer to my question. The secret wasn't a secret at all. The truth was so simple I completely missed the point. What is the secret? Intentionality. Simple intentionality. He said he was going to do a thing, and he did it. Simple. Uncomplicated. Why couldn't I do that?

So here we go, my first crack at intentionality.

I leave you with these words, attributed to Voltaire: "Perfect is the enemy of good."

Ctrl-Alt-Delete – Rebooting Me

I sit here staring at a blank screen, a blinking cursor, and I wonder what I'm going to write about. There are a great many topics to choose from over the last year. Technical topics, personal topics, gadget topics, relationship topics, job topics the list seems almost endless. In a way that's been part of the challenge for me getting content to post. Every time I come up with what seems like a good topic idea, I come up with 10 more that seem more important, or better in some way. Ultimately, if I'm going to write, I need to write; I need to put the fingers to the keyboard and make the clackety noise.


I've been lazy. There's no other way to look at it. I've been afforded the ability to have a significant amount of control over a large portion of my free time and when I look back over the past few months I'm not satisfied with how that time was spent. What scared me into this realization is that I had let this sense of laziness become second nature. It had become my default mode of operation in many facets of my life, not just the blog. I had begun making excuses for not doing, instead of finding reasons for doing. Projecting my course out over the next 12-18 months scared me, and as much as I don't like to be motivated by fear, I didn't relish the prospect of where things were headed.

The Plan

I'll be honest. I don't really have one yet. I've started to make some progress over the last week or so, but it is something that will take continual effort in the coming weeks and months to not allow myself to slip back into those old bad habits. I've restarted (for the fourth or fifth time) David Allen's Getting Things Done to help get myself get a handle on the multitude of work, home and technical tasks that I have going on around me. I've found elements of the system to be helpful in the past, and I'm hoping to (re-)implement a few more things this time around.

I'm going to commit to myself that I'll get at least one blog post done each week for the next month. Making it part of my regular routine will help keep me organized, and develop habits of doing rather than of excusing... at least that's the idea.

My Journey to Linux & OSS for Hacker Public Radio

I recently recorded and submitted my first podcast for Hacker Public Radio, which is something I've been planning to do for several months. I figured I might as well dump the transcript to the blog as well for those who don't subscribe to HPR and/or are allergic to audio. Telling the tale of how you came to be an active user of Linux or open source software has become the de facto first show topic, so here's my story.

Early Years

The first computer I ever owned was purchased second-hand from a local company who had recently upgraded their systems. It was a second-generation Intel Pentium system with precious few system resources. But it was mine... all mine. I played with it for a few months trying out different configurations, different software packages and of course different operating systems. I pretty well tried every OS I was familiar with - Windows 2000, Windows ME, Windows 98SE, Windows 2000 Server, Windows NT...

Anyways, after a few months of running it in its default configuration I became curious about Linux. I had seen the distro CDs attached to magazines and the back covers of “Linux for Dummies” books. I picked up a copy of Red Had Linux for Dummies and began my triumphant march into the world of open-source software.

Well, maybe it wasn’t so triumphant after all.

I was able to get the system to install but I had trouble getting it to recognize anything more than the most basic hardware. After a couple of hours I had a working system, with no network card, no sound card and no webcam. I poked around for a while but before the night was over, I was back into Windows and my Red Hat partition just sat there taking up space for a few months.

I tried off and on over the next year or so to get Linux working the way I wanted it. Red Hat 7 had drivers for my NIC and once I got online I was able to get my sound card working (no thanks to a half dozen people telling me to RTFM but not telling me where to find the m). Ultimately though, I didn’t find that Linux was going to suit my needs. As much as I enjoy a project I didn’t feel like I wanted to spend all my time just trying to get things working.

It would be years before I made another serious dive into the Linux world.

The Interim

While Linux wasn't for me, at first, my interest in open-source software had been piqued. I soon discovered that there was a great deal of free software available for Windows as well. Sometimes you hear the long rants of people who try to insinuate that if you buy a computer with a proprietary OS, you're also then stuck paying for your expensive proprietary software as well. as most of us know, that really isn't the case. Whether it was the days of shareware and freeware available from all sorts of places during the 90s, or the days of open-source software in the 2000s, there has pretty well always been a way to get free or very low cost applications for nearly every platform.

A quick aside: when I say "free" throughout this podcast, I'm only speaking monetarily. I'm not going to make the distinction today between "free as in beer" and "free as in freedom". It's a complex issue that I just don't have the time (or the patience) to get into today.

I began to really enjoy playing with various kinds of open-source software. Some of these are things that most of us are familiar with, the Firefox browser for one. Other applications that I picked up during this period are things that I continue to use to this day on the various platforms I interact with on a daily basis like Audacity. There are even a couple of open source apps that are only for Windows like Notepad++. There are even large corporations making light versions of their software available for those who can't afford or can't justify spending hundreds of dollars on a large commercial software package. Microsoft has been offering an express edition of its Visual Studio software development tool since 2005. While it doesn't have all the bells and whistles of the commercial product it's a very serviceable IDE for students and hobbyists.

As my usage of the Internet grew and grew through the 2000s I began to vary the technologies I use even more. I signed up for a web hosting account in 2005 with a company that provided me shell access to my shared hosting server. The server, running on CentOS, allowed me direct command-line control over some aspects of my hosting service. This became the first time I was able to use a linux machine effectively.

The Slider

Not long after this initial exposure to a practical Linux implementation that I could make use of and really enjoy, it was time for a new computer. I decided that it was time to move myself to an OS that had a nice terminal interface that I could use just like the one on my shared web server. One based on a foundation of a free UNIX based OS. I speak, of course, of the Mac. Despite my recent positive experiences with a server-side Linux implementation I wasn't prepared to hand over my desktop to a Linux system.

I was, however, prepared to start offering Linux a role on the server-side of my computing life. I was in need of a file server, and a LAMP server to use for testing/playing so I decided to re-stage my old Windows desktop as a server running Ubuntu "Feisty." In truth, this was probably more of a "test" server than a "production" server. By that I mean that I never really did entrust any of my data to it, and other than holding backups of data from the Mac and Windows machines in my home, this machine did little else. It did however set very important ground work that would be added to down the road.

As I mentioned in the introduction, I'm a software developer in my day job. My primary experience with software development is on Microsoft's .NET platform. I've written code in several other languages over the years, PHP, Python, C and Java, but I work primarily with .NET in my day job so it was easy for me to turn that direction when I wanted to begin working on more software projects in my spare time. Since it's easiest to work with that platform on Windows, I decided it was time for me to get a second computer, a desktop machine running Windows 7 that I could use for building applications.

Due to the age of my Mac, this became a second "primary" machine. I would use the two of them interchangeably and would need to move data between them fairly regularly. I had tried using the older Linux PC to handle this task, but at this point the machine was nearly a decade old and was starting to experience hardware issues, and the old 80GB IDE hard drives were getting a bit long in the tooth for me to have much faith in them. For the first year I ran the Windows desktop with some file shares open that I used when I needed to share data between the Mac and PC. As the year wore on, I found that I was doing less and less development work on the Windows box, and more and more web-based work from my Mac on the CentOS web-host. It was time for another shift.

This began my great Linux experiment. I had become very familiar with Ubuntu in virtual machines over the past few years. Listening to shows like the Going Linux podcast I kept hearing all sorts of good things about peoples' experiences with Linux as a desktop OS. Having done my stint with a Mac I figured it was time to take another shot at using Linux on the desktop since things had undoubtedly improved during the intervening decade and my initial problems with RedHat would no longer be an issue. For the most part, that was exactly right.

I had initially planned the project to be three months long, but as I detailed in the extensive blog post I wrote at the time there were just too many issues for me to cope with. Not all of these were technical. To be fair some were the result of a major shift between platforms. But ultimately I decided that a Linux machine just was not a good fit for me as a primary desktop machine and the experiment was cut short after only three weeks. While it was very clear that you could do anything on a Linux system that you could do on a pre-installed commercial OS like Windows or OS X, many of these tasks required more investigation, adjustment, tweaking, learning, failing, re-doing, frustration and most importantly time than I was willing to commit. That may not be consistent with the hacker ethos but it was simply the way I felt at the time.

What I didn't do was switch that machine back to Windows. I learned something very important about how I use computers. I needed a server. A good one. Something reliable, with a wide variety of software packages that could do the specific things I wanted. And I wanted something that could run with a minimum of overhead leaving all of the system's resources for the services and applications that it hosted. For me, Linux is almost purely a server OS.

I've now been running a Linux server in my home full time since the conclusion of the experiment in 2010. The original server hardware has been donated to a family member and I recently did a server build (my first in nearly a decade) to assemble it's replacement. It performs a number of services and tasks which keep things running smoothly and provide me with peace of mind as I carry out my day-to-day activities in the digital world. I may take the time to detail these in a future HPR episode. I have also changed hosting providers and now have a dedicated VM running Debian to host the various websites that I'm involved with... but that's another show.

I remain confident that the day will come when a Linux distribution will truly challenge for a spot among mainstream desktop PC operating systems. Until then I couldn't be happier with the performance of Linux as a server OS.