Protect and Serve

Got kids? Yeah? So… you have a firewall and antivirus and some kind of content filter on their PC so they can be safe right? Good luck with that.

Here’s a dose of reality for you – every 10 year old, yes even yours, knows how to bypass ALL that protection, and most can do it with out you ever finding out. Kids trade hacking secrets like we used to trade hockey cards. They share key-tools and decrypters passed on USB drives like passing notes in math class. If all the protection you have for them is sitting on a PC that they control, well, think about that for a minute……

OK, that minute’s over, now lets do something about it. There are some fantastic tools available to give you better control in an environment that you as a parent control. The easy path is to buy some retail software for $49 and install on their PC, but we already discussed where that leads. The more difficult, but more reliable way is to build a remote caching filter. This is a combination of hardware and software that sits between your family PC(s) and the internet, it intercepts every page and only passes on the ones that pass your rules, and you can build one for almost nothing.

Step 1: If you don’t have one already, get a router. Even if you don’t follow the rest of this, do yourself a favor and install a router. Linksys and D-Link make decent residential routers in the $100 range that will do everything you need. The router connects between the Cable/DSL Modem and your PC’s. Follow the boxed instructions to set this up, they are usually pretty straight forward.

Step 2: You will need a PC to act as a filtering server. This does not have to be anything huge, in fact, the one I used was a 5 year old P4 that was headed for recycling. It should have 512Mb of RAM or more, bit otherwise nearly any relatively new PC will do.

Step 3: Install Linux. You can download a free copy of CentOS-5 Linux from http://ftp.telus.net/pub/centos/5.3/isos/i386/CentOS-5.3-i386-bin-1of6.iso
This is a 640Mb download, so make sure you have the time and speed before you start. Download this to a different PC, then use whatever CD burning tools you have to burn this iso image to a disk. Place the disk in the new “server” PC and reboot. When the firs screen appears, type ‘linux text’ and press ENTER.
You can choose the defaults, or the obvious for most of the install questions, but when asked about packages and options, de-select everything including the optional packages. If you skip this, it will ask you for a CD you don’t have. Answer all the questions to the end then reboot. After the reboot, log in and run an ‘ifconfig’ and record the IP address – you will need it later.

Step 4: Get Squid. First, make sure your system is up to date by typing ‘yum update –y’ . Then ‘yum install squid –y’

Step 5: Get Dansguardian. Go to http://dansguardian.org/ and read over some of the docs so you understand what it does. Bookmark the page as you may need to come back here for configuration hints later. You can download the latest version from here: http://usmirror.dansguardian.org/downloads/2/ the instructions are pretty straight forward, follow them.

Step 6: Configure web browser proxy. Locate the communication settings for your web browser. In Internet Explorer is it in TOOLS > OPTIONS > CONNECTIONS. Find the PROXY settings and set the IP address to the address of the server you collected earlier. Set the port number to 8080. Now test your web browser with any site. If it works, then you can move on, if not, check to make sure Dansguardian is talking to Squid properly.

Step 7: Close other access with router. When you are able to connect to the internet through the proxy port, then you need to cut off all other access routes. Connect to the router and set the access rules so that the PCs you want to protect are blocked. This is usually done by IP address, so you will need to get these from the PCs you want to protect.

So now your family PC(s) connect to the content filtering Dansguardian that uses the Squid cache that gets the web pages from the internet. You can set a wide range of content filtering rules as well as control application access such as chat programs.

This may be a little more complicated than buying a $49 “nanny” program from Wal-mart, but it gives you more control over more functions with more flexibility all in a package that is separate from the PCs that need to be protected…and keeps it away from the 10 year old hackers.

My “Life with Vista” series ends here with a “good bye” and some helpful instructions for anyone else feeling like abandoning the Vista ship. I’ve written two how-to documents giving step by step instructions for replacing Vista with Windows XP or Ubuntu, a Linux distribution intended for desktop users. These are available at http://mairs.ca/tom/papers/VistatoXP.html and http://mairs.ca/tom/papers/VistatoUbuntu.html respectively.

This does come with a caveat or two, however. MS Vista is the current operating systems offering from Microsoft and as such they no longer support anything with Windows XP. Going back to XP means the possibility of not being able to find drivers for new hardware. It also means that the 17 year old “tech” at future shop won’t know how to help you if you ask questions because they may have never actually used it before. On the other hand, it also means faster operation, less cryptic weirdness and familiar (yet still useless) error messages.

Moving to a Linux based operating system (Ubuntu) is not for the faint of heart either. This is a community supported, open source set of packages and as a result, not everything… well, actually nothing… is guaranteed to work. What is available has been built by geeks who built their own drivers and interfaces and made them public for you to use as you see fit. This has the benefit of variety, but also there is the lack of quality assurance. For instance, there may be 5 different drivers for your video card and you will need to pick which one is best based on research. People who are used to Linux are okay with this because it only takes a few minutes to do the research and most Linux users are gear heads or programmers anyway. Ubuntu does a pretty good job of picking the best driver for your hardware, but some things are still hard to find – like the finger print reader on my Dell Studio 1735 notebook.

Which way you choose to go depends on how comfortable you are with computers. If you are a geek or wanna-be geek, then try out Ubuntu, you may be surprised at how good a Linux desktop OS can be. If you are a typical user specifically looking for MSN Messenger, Media Player, and other Microsoft specific tools, then you should probably follow the XP path. Either way, don’t dive in without being prepared.

I’ve done both routes and I personally prefer Ubuntu. My wife preferred the XP route. In either case, MS Vista got the boot – “Ciao Baby!”

I hope you get value out of the how-to documents posted here, even if it is to make the decision to keep working with Vista – someone has to keep Microsoft in business.

I recently had an opportunity to travel to San Francisco on business. Well, I flew into San Francisco Airport, but that’s about as close as I got to SF Proper. I did, however get to visit pretty much every other place between there and San Jose in three days.

If you’ve never been there, the San Francisco Airport (SFO) is not actually in San Francisco, it’s in San Bruno – just south of the Airport’s namesake. If you are planning a trip the Bay Area and Silicon Valley, I recommend a stay at the SFO Marriott Courtyard in San Bruno. It’s about 5 minutes from the airport, the rooms are clean, people are nice and they serve a wicked omelet for breakfast.

I’ve spent quite a bit of time in Southern California in the Anaheim to San Diego area, but had not been to the Bay Area for about 30 years. It’s changed since then… but then again, I was only about 10 years old. In any case, l really enjoyed my few days there.

My business meetings spanned from San Bruno to San Jose and included Redwood City, Menlo Park, Sunnyvale, and San Mateo. In fact, I covered about 9 cities in the time it normally takes me to get from home to the Calgary airport – about 40 minutes. If I had to live in Cali, I certainly would not complain about moving to any of these locations.

If you happen to be in the Bay Area and you have a hunger for a great bagel, I highly recommend hunting down a “Noah’s” Bagel Shop. There is one in San Mateo on 4th that served me quite possible the best bagel I’ve ever tasted.

For the geeks reading this, a trip past the Oracle complex is sure to impress. This place has six towers that look ironically like old data drums placed around a huge fountain on Marine Parkway in Redwood Shores. I absolutely had to stop and take a picture or two. The Sci-Fi Museum is another must if you are at all interested in that genre of writing. As a Sci-Fi writer myself, just finding it was a thrill.

If you’re looking for a quick and delicious lunch I recommend In and Out Burger. To Cali residents this comes as no surprise, but to outsiders looking for a great burger, this is a real find. They make basically two things – hamburgers and cheeseburgers – but they do it very well.

I look forward to the next trip – Maybe I’ll actually make it into San Francisco next time.

So, I’m sitting here in the Air Canada wing at Boston Logan Airport and just had to write about it. My flight was supposed to leave Boston at 6:25PM, so being the intrepid traveler that I am, I made sure I was at the airport in plenty of time. Actually my afternoon appointments cancelled so I headed to the airport a few hours early, otherwise I would just be scraping by as they loaded the plane, but in this case, I was actually early.

I’ve never been through Boston airport, so I expected it to be like any other – enter, get your ticket, find your gate then explore and find munchies. Not. On one hand the simplicity is wonderfully handy if you are prepared for it, but on the other hand, there could be at least one warning sign saying that there is virtually NOTHING past the security checkpoint going into the “wing” which cannot be more than about 2000 sq ft in total. I have friends with houses bigger than this.

I get to the airport about 3 hours early and I think, “hey, I’ll be able to explore after I find my gate.” I enter the terminal and take 5 steps to the escalator that takes me up to the second floor where ticketing is. The escalator deposits me right at the entrance to the Air Canada ticketing area – talk about convenient! So far I am blown away with the amazingly well laid out airport.
I process my ticket easily and head toward the security area so that I can enter [what I thought was] the international wing to find my gate. Security was a breeze (usually is if you know what you are doing) and I happily collected my things and carried on.

As I leave the security area, I enter what looks like one of those tiny regional airport waiting areas, but it is completely decorated in Air Canada colors, logos, flags… hey wait-a-minute….. Gate 1… Gate 2… Gate 3… that’s it.

No, really… that’s it. I turn the corner to look for more and find… a wall. There is a nice young lady standing by a till against the east wall beside a row of 2 beverage coolers with a fine selection of water, soda, fruit and either decaf or regular coffee. Period. There is a washroom (singular) and about 200 seats, which is a good thing because all 4 (yes 4) flights expected tonight are delayed and the place is wall to wall full of people.

So four and a half hours later, I am working on my 3rd coffee, 2nd muffin and have exhausted my walking options. Good time to sit and catch up on my blog.

If you do have to travel through Boston Logan Air Port heading back to Canada, don’t expect to explore the “Air Canada” wing for very long – 5 minutes should do it for you. If I had known, I would have stayed and explored downtown Boston for another 3 hours. That’s a whole other blog.

Life with Vista (part 3)

It’s been three months since my last “Vista” post [La vida con Vista (part 2)] and I can tell you things have not gotten much better. I thought products were supposed to get better with each new version, like when each new book from an author gets better because the author is more experienced, or how a winery produces better wine each year as the vines mature. So what happened to Windows?

Vista sucks. How’s that for a professional opinion? They can promote their “Mohave Experiment” all they like, but the fact is that after the shiny bobbles get old, we all need functionality and it just isn’t there. Is it just a coincidence that Bill handed the reigns to Steve at the same time Vista was being prepped for market? Is this the shape of the new Microsoft? I hope not.

I work all day with three systems at my finger tips. There is the laptop with Windows XP that I use for client work, the PC with Windows Vista Ultimate that I [try to] use for all my personal stuff, and the CentOS-5 server (RedHat Linux without the support) I do all my software development and testing on. Guess which one gives me the least grief? (hint: it didn’t come from Microsoft) As far as the Windows boxes go, I’ll take the XP one over Vista any day.

There are numerous reasons why I believe XP is better than Vista and this is speaking strictly from experience.

Occasionally I need to reboot my router and switch, bringing the network down temporarily. When it comes back up again, the Linux server is always the first to access it followed closely by the XP box, but the Vista PC can take up to 5 minutes to re-establish a connection. When it does finally establish a connection it always (always) resets my “private” network to “public” which disables file and printer sharing. Talk about frustrating.

Windows has always been able to save username and password credentials for commonly used applications, like mail or secure web sites. When I first installed Vista this worked, but after a “security update” that was apparently mandatory and installed itself without asking, it does not work any more. Not only did all of my saved credentials vaporize, I can’t re-save them again or add any new ones either. Even manually added credentials are completely useless.

Active-X add-ons have taken on a life of their own. In XP, removing a bad or damaged add-on program was as easy as opening the “Downloaded Programs” folder and clicking “DELETE”. Not with Vista. Now it’s next to impossible to remove one even if you are logged in as Administrator will all the security turned off.

And what’s the deal with changing perfectly good terminology? If I click on SAVE, I want the dialog questions to be YES or NO not SAVE or DON’T SAVE. Worse are the moronic questions when you try to copy over existing files. Was “are you sure you want to replace this file” such a bad question that it had to be replaced with three separate equally confusing questions like “ do you want to copy and save the original”?

I believe Vista has drawn its last refresh across my screen as my frustration has reached overload level. After trying to work with Vista (Ultimate) for three months, I’m packing it in and tossing it. If anyone is interested in $298 worth of slightly used Microsoft Operating System, let me know – it’s going cheap.

This is still a question, but not as big a one as it used to be. Five years ago I was building web sites with a combination of PERL, PHP, HTML, and JavaScript. Today they are almost entirely PHP. Over the last few years, the PHP language has developed into a powerful, flexible language that has shown strength in not just the web arena, but in mainstream application programming as well.

Recently I was asked to write a script to inject mail to a Mail Transport Agent (MTA) in order to send several thousand emails in a short period of time (no, this was not SPAM) and I had my choice of languages to write it in. My first choice was PERL because I have had great success with PERL when I need to search and strip text data and access databases quickly. However, this time I chose to test how far PHP has really come so I wrote the script in both PERL and PHP and ran them on the same job data.

To my surprise, the PHP script performed as well, if not better than the PERL script. Both were fed the same information and had to perform the same task and over 25000 iterations, the PHP script may have actually beat the PERL script, by a few nanoseconds – too close to call.

I am currently re-writing a couple of my older web applications and replacing all of the old PERL and JavaScript chunks with equivalent PHP and have been able to actually reduce the code size and increase functionality along the way.

The moral here is… if you are a programmer and have ignored PHP because it is “just for dynamic web pages” then take another look. You might be surprised.

Life with Vista (part 2)

OK… One of the things I have learned in this whole process with Vista is that Microsoft obviously names their products based on price points, not functionality. Vista Home is priced for the person who won’t pay more than $99 for any OS. Home premium is for the guy who will pay an extra $30 to play movies on his PC. Vista Business is obviously priced for the business OS market that is used to paying $200 for any network capable operating system and Ultimate is clearly priced for the geek who will pay anything for “all the toys”. Unfortunately they all have the same defective thinking behind the framework.

In my opinion, “Home” should be packaged with a recipe book, encyclopedia, and an on-line guide explaining what to pay the baby sitter. Now wouldn’t that be more useful? Home Premium should also include not only the ability to play movies, but an integrated PVR. A guide to fine wines and a voice activated HDTV tuner would top that one off for me. Vista Business should include Office Pro by default and should be stripped of security assuming it will be installed in a network out of the box. The Ultimate version should have all that and an on-line personal coach too.

I really think if Microsoft won’t make the above changes, they should at least release one more version and call it “Vista Guru”. This would be completely stripped of any security (and those annoying “are you sure” messages) assuming that it will be installed in a properly managed network. It would include remote management by default and all the games, movies, music, and anything else non-business would be non-existent. It would be tuned for speed, not beauty right out of the box and it would only be sold to someone who could produce an MCSE certificate. I’d buy that.

It would seem that Microsoft has created 4 versions of the same product with little regard for the fact that it completely alienates the business market that has been feeding it for years. While “Ultimate” is a really nice product for “Home” use, “Business” is a far cry from business-friendly. Every installation of Vista Business I have seen includes removing or disabling all the annoying, redundant “security”, games, media, etc that seem to be the hallmarks of this OS. This sounds like a really bad move when Red Hat, Novel, and Apple are aggressively going after that business market with trimmed-down, efficient, fast desktop operating systems.

I’ll keep running the Vista Ultimate system that I finally have connected to all the servers and network shares I need, but I don’t know for how long. I keep switching back to my Red Hat server to do anything productive… that’s not good news for the Vista box.

I’ll let you know how it goes….

(Life with Vista)
My PC is an 8 year old box that I put together myself (because that is what I am good at) containing a P4 – 1.7Mhz processor, 640Mb of RAM, 60Gb Hard Drive and a 32Mb Video Card. This probably seems archaic to some, but it was well built and has served me so far. It originally had Windows 98 installed, then I reluctantly upgraded to Windows XP (Pro) and recently I tried MS Vista. Big mistake.

The Vista experiment on this PC lasted all of about 2 hours before I wiped it and went back to XP; it was so slow it was non-functional. Even though Microsoft says this PC falls within the usable parameters, it was far from it.

So I acquired a new PC to put Vista Business on – an HP with an Athlon 64 X2 processor, 2Gb of RAM, 400Gb Hard Drive and a 256Mb Video card. Should be a speed demon right? No. Loaded with Vista Business, it was no faster then my 8 year old box running XP.

I love a good puzzle, so instead of just wiping it and installing “Red Hat Enterprise 5”, I started to look for all the speed tweaks. Ya. Ok. Not. While MS Vista looks really cool, it is functionally retarded (and I mean that in the nicest way possible). Everything takes twice as long to get into, has extra security hoops and more check boxes than ever before.

So I started with the security and turned OFF that annoying “are you really, really sure you want to do that thing that you just clicked with the intention of actually doing something” message. This is also knows as “User Account control”. Turning this off seemed to make most of the system much faster right away. However, there are still the periodic delays when I open, well, anything. Many times when I open a folder, the mouse pointer turns into a green spiral that turns like a clock, obviously timing the opening of an event like the Hourglass used to do. I have to assume this has something to do with indexing files, but it often just stays there, for hours.

Don’t even get me started on the networking issues – I have a Red Hat server and a mixed bag of clients that are Win 98, Win XP, Linux and now Vista. Guess which one I have the most connection problems with. Once I made it through all the hoops to make the connection to the SMB share on my Linux server I thought it would be OK, but even though it is mapped and the credentials are saved, Vista still makes me log in to view files where it was automatic with ‘XP and transparent in ’98. Most of my old remote access tools don’t work and Remote Desktop is a complete write-off.

So now what? XP is dead and Vista is the current standard OS from Microsoft, and any new software I build needs to support it, so I HAVE to make this puppy work… somehow…. I’ll dig in deeper and let you know how it turns out….

Hello ……

For any one out there who has been waiting patiently for me to return to the blog-o-sphere… I’m BACK!

Ya – I know – It’s been 4 years! The last post to my old-style “blog” was July 2004 [ http://mairs.ca/tom/writing.php ] – it seems like yesterday. Well, enough of this working for a living stuff… I’m moving on to more important things like writing and playing in the sand.

I’m in the process of rebuilding all the associated web sites, moving to this “new” blog format, and adding Cell Access, RSS, and other goodies.

Watch this space for more soon.

Ciao!