is it safe?

Today’s title comes from the movie Marathon Man with Dustin Hoffman as the lead. I must admit that I haven’t seen it. The concept sounds scary enough, though: someone is expected to know information which they simply don’t possess. Somewhere in the movie the lead character is mistaken for a spy, perhaps and finds himself in a dentist chair where he is asked repeatedly this question.

Believe it or not, we have a very big security problem at the moment and few people are focusing much attention on it. Let me explain…

IPv6

IPV4

For a long time, we’ve all enjoyed the Internet. Packets of information are sent here and there. The underlying mechanism is usually called TCP/IP and that last “IP” part is described as version 4 or simply IPV4. Within all these specifications, there’s the concept of the sending computer’s address and the recipient’s. These “IP addresses” are critical to delivering content. A popular IP address is 8.8.8.8 which is Google’s primary DNS server. There are four numbers in each case, separated by periods.

Zipcodes

A good analogy here is the zipcode system in place at the United States Postal Service, for example. Some five-digit combination of codes like 90210 points to a specific post office. If you were fortunate enough to have a P.O. box there, 90210 plus that box number would allow you to receive your copy of Beverly Hills Magazine or similar.

Often, though, cities grow bigger and the USPS needs to break up zipcodes (re-issuing new ones) or other clever methods to accommodate more and more people. They decided to extend the five-digit system to add four more digits to the end. An example might be 90210-1234.

IPV6

In a similar fashion, the Internet got more popular and something needed to be done. We ran out of IP addresses a long time ago, to be honest. There’s only so many individual computers which may be addressed using those four numbers from the IPV4 section above.

For decades, they’ve been putting off doing anything serious about this problem because of some reasonably-good workarounds. The best of these is to have everyone inside their own homes, businesses and even colleges use what is essentially, an unusable set of IP addresses. The technical term is a private IP address range. Buy a Netgear router for your home, plug it in and I could reasonably guess that your new home router now has the IP address of 192.168.0.1 just like other consumers. In one way, it’s not really a valid, routable address but things just work because of some trickery involved.

So, making those four-number styles of IP addresses longer in theory might make everything better, right? For two decades now, various people have been pushing hard to add those extra numbers to everyone’s computers, to every router, to all routing software, to all computer operating systems, to all software development kits.

Imagine thousands and thousands of ants silently working hard to build something that most of us cannot see, don’t understand and then one day twenty years later we find out that some huge anthill has taken over. The work happened so slowly that we didn’t take much notice.

IPV6 is here and we didn’t even know it. In fact, few know anything about it at all.

Rest Inertia

Unfortunately, the current system is what everyone understands. If you ask the average computer geek to “issue an IPV6 address” you will be met by a blank stare, shortly followed by hostility in many cases. Nobody wants to deal with these new addresses. Nobody wants to test their computers with these new addresses. Nobody wants to test their software or their websites with these new addresses.

I will go further to suggest that nobody knows how to do any of these things.

Too Long, Didn’t Read

Here’s an excerpt from the Wikipedia page on IPV6. Part of the problem is that these technical descriptions are written by people who don’t understand that end-users ultimately must understand what’s being talked about.

The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as four hexadecimal digits (sometimes called hextets) and the groups are separated by colons (:). An example of this representation is 2001:0db8:0000:0000:0000:ff00:0042:8329.

For convenience, an IPv6 address may be abbreviated to shorter notations by application of the following rules.

  • One or more leading zeroes from any groups of hexadecimal digits are removed; this is usually done to either all or none of the leading zeroes. For example, the group 0042 is converted to 42.
  • Consecutive sections of zeroes are replaced with a double colon (::). The double colon may only be used once in an address, as multiple use would render the address indeterminate. RFC5952 recommends that a double colon not be used to denote an omitted single section of zeroes.

An example of application of these rules:

Initial address: 2001:0db8:0000:0000:0000:ff00:0042:8329
After removing all leading zeroes in each group: 2001:db8:0:0:0:ff00:42:8329
After omitting consecutive sections of zeroes: 2001:db8::ff00:42:8329

The loopback address, 0000:0000:0000:0000:0000:0000:0000:0001, may be abbreviated to ::1 by using both rules.

As an IPv6 address may have more than one representation, the IETF has issued a proposed standard for representing them in text.

For most computer professionals, avoidance has been their interaction with this feature.

Security

The problem, then, is our network security globally. Silently, people are adding a routing feature into everything-that-is. Usually, when something like that happens, all computer professionals then are trained about how this new feature works. That definitely has not happened. We are in for such trouble on this one.

Update Fatigue

Another contributing factor to all this is the recent trend to push updates to end-users relentlessly, daily, (too often). For many people, toggling on some auto-update feature lowers their own sense of being nagged into daily updates. The “magic” just seems to happen and the users assume that literally hundreds of people have tested the safety of everything before it’s put out there for an upgrade. The dirty little secret is that it isn’t tested at all in areas like IPV6.

Conclusion

In short, turn off IPV6 support from every computer, router, device and smartphone in your life. Do it as soon as you learn how to do so.

Turn off IPV6 support on everything you own and everything you can control within your life. It’s a ticking time bomb from the standpoint of Internet security.

There will be a time when this new technology is safe. I’m guessing that this will be at least one decade in the future.

For more information, search for “turn off ipv6” in your favorite search engine.

Advertisements

windows 10 from vm on ubuntu

If you’ve been reading my blog for any time whatsoever, you know that I have been irritated with Microsoft lately. I purchased a new HP laptop with Windows 8, upgraded it immediately to 8.1 Pro and then took advantage of the free upgrade to Windows 10 Pro.

Things seem to work out okay for a bit. I must admit my frustration at Microsoft for trying to be just like Apple. The Microsoft Store mentality, the logging in via Internet-based credentials rather than local credentials, the inability to innovate rather than to just copy. It’s a little sad, actually. There was a time when Microsoft led the industry and now they can’t make a move unless they’re mimicking something that Apple’s already done.

And yet, Microsoft is still the leader in business applications for the moment.

Ubuntu 16.04 LTS

After some ugly automated update that left my laptop is a non-working status, I decided after three months of this that I needed something else. I reformatted the hard drive completely and installed the free operating system Ubuntu Desktop. It’s nearly bullet-proof at this point. There is a manageable glitch regarding the ethernet adapter after a Restart but I’ve got a work-around. (And I’ve installed it on many other computers without this issue—it seems to be related to the wi-fi adapter only.)

Virtual Machine Manager

I was playing around with its features today and remembered that it includes a working VM solution. You can create a virtual machine, spin it up and run it from Ubuntu. I wondered if I could then run Windows 10 Pro again in a VM session on this same laptop.

WindowsOnUbuntu

Windows 10 Pro in a Virtual Machine

Why yes I can. (As in “been there, done that”.) The actual download of the ISO image of Windows 10 took more time than the actual installation itself. Here’s the overview of that install.

  1. Download an ISO image for Windows 10 and indicate your language choice
  2. In Ubuntu, select the Search item and look for Virtual Machine, selecting Virtual Machine Manager
  3. Create a new virtual machine, selecting the ISO file from the first step
  4. Give it at least 20248 RAM and at least 16GB hard drive space (I initially selected 3072 and 80 for these)
  5. Go with the defaults and give your VM a name, I chose Win10Pro for this
  6. Watch it go through the standard Windows 10 Pro installation and at the Product Key entry screen choose the option to do that later
  7. It will quickly run through the installation (much faster than it normally would or so it would seem)

Activating It On-the-Cheap

I followed the prompts afterwards to see what Microsoft wanted to charge on their Store for a legitimate Product Key. Microsoft wanted $199.99 for this.

So I searched on Google for anything less than this and wasn’t disappointed. eCrater just sold me the same thing for $10. They provided the Product Key, I entered it in and it’s now activated without any hassle.

Oddities

Since this is one of my first forays into VM on Ubuntu, I’ll note a couple of strange things which I saw.

  • Choosing the full-screen option seems to select a more squarish/middle part of the laptop’s screen rather than using its entirety.  I will likely have to research this or just ignore it.
  • Once in full-screen mode it’s not apparent how one gets out of that and back to Ubuntu.  It looks like pressing Ctl-Alt may bring down an upper menu. I’ve also heard that Ctl-Alt-F seems to toggle the cursor out of the VM window’s control. I was ultimately able to toggle from full-screen AND be able to move the cursor from its window, (a major breakthrough).

That said, I was able to finish up a session running Windows 10 Pro and then within that window, shut it down as you might normally do. The Virtual Machine Manager then informed me that this VM was down.  It’s possible then to alter the VM’s device settings, say, to change the available amount of RAM.

And the next time I need Windows, I can just spin up the virtual machine image again. I’m thinking that this is better than multi-booting, as I’ve done in the past. (I’m looking at my dual-boot MacBook with Ubuntu on it.)

Believe It Or Not…

The original Windows 10 Pro networking bug isn’t seen in this Windows-on-Ubuntu setup. It actually works… better?

I guess I’ll need to use it more to find out but it somehow seems faster than I remember. How is that even possible? Before, the native-mode Windows 10 Pro had access to all 6MB of RAM and now, it has only 3MB. Granted, I haven’t tried to run several programs at once on it and I haven’t installed Office 365, for example. We’ll see. I’ll keep an eye on it and let you know.

how cool is electron?

I’ve been working the past couple of days with Electron, a Node.js cross-platform desktop app tool which uses JavaScript, HTML and CSS to create what look like native OS-style applications for Windows, OS X and Linux.

electron_atomelectron

Cool stuff, indeed. Out-of-the-box, it looks like you publish your Electron-based app like you would anything on github:

git clone https://github.com/Somebody/Repository.git
cd Repository
npm install
npm start

But there’s also a way of downloading OS-specific images and then adding your own app into this subdirectory structure. The result is a stand-alone EXE and folderset which reasonably looks like a drop-in replacement for something you normally would build locally using Microsoft Visual Studio perhaps. In this version though, you’d run Electron.exe but there are instructions on their website for renaming your application, updating the icon’s, etc.

I’ve just used it today to build a basic music player. I wouldn’t say that the layout is as responsive as a typical mobile app’s ability to move content but I did tweak things so that it can squash down to a mini-player and it stills looks great.

mplayer

I can thank KeithIG/museeks for the open-source code behind this. They have several OS-specific downloads available if you don’t want to build this yourself.

Pros

  • This allows you to build cross-platform desktop apps in much the same way that you’d use Adobe PhoneGap, say, to build for mobile apps.
  • You code in the familiar HTML/JavaScript/CSS trilogy of disciplines and it’s Node.js centric. It is also React.js-friendly, as I’m finding on this project.
  • So far, it seems to be well-behaved.
  • If you don’t want others to easily see your code, there’s a step where you can use asar to zip-up everything into a tidy package.
  • I didn’t have to digitally-sign anything like you might have to for a Windows 10 application or for OS X, say.
  • For people who have git and npm, the install is as easy as anything you’ve seen in the open-source space and a familiar workflow.

Cons

  • Currently, I don’t see any support for mobile platforms.
  • The complete foldedset comes in a 216MB which strikes me as a little big for what it’s doing.  The app itself for the music player weighs in at 84MB of this so the remainder is everything that Electron is doing to present all this.
  • You would need to setup three different build sites to maintain a specific download for your own app.  (It’s not like PhoneGap in which you just submit the common code and Adobe builds it in the cloud.)
  • Given that you’re not digitally-signing your code, you might have to talk your users through the hurdles of having the user “trust” the content within their particular OS.
  • This might be so popular soon that none of us can really afford to just use Electron.exe by default to serve up our app; we’ll need to rename it before publishing, in other words.

Overall

I can see myself wanting to really learn this one deeply. It has a lot of potential for delivering a more native-app experience for users.

android os

I got tantalizingly close with Android OS on this attempt, manually creating my own USB install disk with the very good UBootin open-source software. I can see now that the folks from Remix OS had customized both code bases for their own use in an attempt to make things easier but fell short, it would seem.  UBootin appears to allow you to create almost any sort of live/install USB drive and well worth the time spent with it.

I managed to “live boot” (without installing) Android OS from my USB drive only to find that the Google Play Service appears to be crashing on the Dell Vostro 200 upon initialization, a known bug. The software appears to expect that 1) I have cellphone service, 2) I have wi-fi. I have neither and it doesn’t seem to know how to drive forward to the point of using DHCP on my Ethernet adapter to continue.

I’ll check the documentation to find out how I might get further but this is the best attempt so far within the Android OS—compatible collection.

Eureka…?

I’ve finally gotten the live boot to work by sneakily removing the Ethernet connection in order to get past the Google Play Service screen. It has an interesting interface that looks a lot like a cellphone might. So I’ve decided to boot again and actually install this time.

I’ve managed to navigate around the interface a bit during the live boot session. Oddly-enough, you get to a terminal screen with the Ctrl-Alt-F1 screen and back to the GUI with Ctrl-Alt-F7. There’s a very thin setup of UNIX under the covers and some familiar commands if you are savvy to such things.

It appears to be a little heavy-handed with the processor fan control, in my humble opinion. There are many times when the fan is adjusted to full while it’s doing anything. For example, it’s blaring away while presumably formatting the first drive.

The installation process is shy on status. I couldn’t honestly tell you how much of the drive is formatted at the moment, for example. In old Western movies the Indian scout would put his ear to the ground in order to hear distant horses. Here, I put my ear to the side of the chassis in an attempt to hear whether or not the drive is being written to. Color me “worried”.

If At First You Don’t Succeed…

Okay, that didn’t work. So I reboot, reformat but this time without GRUB. It now appears to be going further.

Android OS starts up at least. I does still throw an error that Google Play service is stopped, like before. Like before, I need to temporarily disconnect the Ethernet cable to get past the same bug as seen during the live boot attempt.

Finally booting from the hard drive results in Error: no such partition, entering rescue mode, Grub rescue>. Really?

I think we need to vote Android OS off the island as a viable solution.

And yet…

I just keep imagining that this will work. So now I’m trying again with the previous (perhaps more stable) version of Android OS x86 5.1 rc1. This version plows right through the previous installation bug involving the Ethernet adapter, always a good sign. And the browser actually comes up without crashing, another bonus.

Finally, I’ve managed to find a working version of an Android OS for a PC. I’ll continue my review in depth and follow-up with what I find.

phoenix os

Continuing the testing of replacement operating systems I next attempted to install Phoenix OS of Beijing Chaozhuo Technology Co. Unfortunately that failed during the multiple attempts to get the installer onto the USB drive. I’m not sure what format they’re looking for but it errors out with a message complaining about NTFS partitions. I attempted using the FAT and FAT32 styles but neither made the installer happy.

Again, it looks like we’ll need to pass on another Android-like operating system for PCs.

windows 10 “free upgrade” is over

Bummer. We had a year to upgrade from Windows 7/8 to the latest Windows 10 for free and we missed it. It’s not because we’re lazy. Sometimes it’s just because I.T. is under-funded and it literally takes all of our time to do other things. A fraction of those workstations only had 2GB of RAM, for example, and couldn’t be updated. And sometimes you have a collection of Windows XP computers that didn’t quality for the update.

So here you are, August 2016 and you have several aging computers that may or may not be worth the $$ to pay for the Windows 10 license. If you’re anything like me then you review alternatives.

MaaS (metal-as-a-service)

One very cool option that you can do with a pile of old Dell Vostro 200 workstations is to convert them into a private cloud. I recently did just this. Imagine a rack of computers—all without monitors/keyboards/mice—and they all do something you rarely see: they boot over the network via Ethernet to pull down an image you’ve setup. Once you’ve set everything up it’s wonderfully automatic. The name of the collection of services is called Openstack.

What’s even better is that once each node has fully provisioned itself with an image, it goes to sleep, turning itself off. And then the cluster control can wake it up remotely over Ethernet and it goes to work again.

And the best of all is that the entire thing is free from a software standpoint. (Free is good.) Note that for the default installation you’ll need a spare Ethernet hub/switch, one of the computers needs to have two Ethernet adapters and at least five of the computers will need double hard drives. Since I had so many spare computers I just cannibalized where necessary.

If you’re interested in reviewing this as well, check out this link on Ubuntu’s website. Once you’re finished you’ll have a system in which you can spin up virtual computers and allocate them as you wish. You may securely remote into these virtual computers using the putty software client. If you’ve configured it to use public IP addresses you can even publish websites, for example.

The version that I reviewed was a few back from the current release and hopefully everything is much more stable now. I noted then that it wasn’t quite ready for “prime time” but I’d guess that it’s ready to go by now.

Ubuntu Server or Desktop

Even if you don’t go all the way and create a private cloud you can always just install the free Ubuntu operating system as a server or a desktop computer. It seems to be a very usable collection of well-maintained code. Canonical is the company behind this effort.

Remix OS

And today I’m trying something I’ve just discovered called the Remix OS for PC. It’s essentially the Android operating system for smartphones, just setup especially for a standard computer. Jide Technology appears to be the underlying developer.

At the one-hour mark: Things looked good for the first fifteen minutes or so of the installation. Unfortunately, after an hour I would guess that it’s possibly stuck. The Dell Vostro 200 appears to have an acceptable graphics adapter (Intel GMA 3100) and yet I still don’t have a full installation yet. Since the status light on the USB drive does still randomly blink perhaps it’s just taking a very long time. I’ll not interrupt it and see what happens.

At the two-hour mark: I’m still staring at the same pulsing Remix OS logo. The status light seems to indicate that progress is still happening or so I’d hope.

End-of-day: At this point I think I’m going to just let it run all night if it wants and see if it’s finished in the morning.

digital inflation

I spent most of the morning retiring an old Compaq Presario server; it’s perhaps fifteen years old. It was in with some things in storage and I thought I’d get rid of it since the hardware wasn’t even compatible with an Ubuntu server install attempt.

Less Was More

I realize in going through the motions of archiving all my many coding projects from years ago just how much bloat we’ve taken into our computers and our computer languages these days. I think the laptop I’m on right now has 8GB of RAM and this NT 4.0 Server only had 384MB of RAM, running instances of IIS, SQL Server, NT Server, WINS, DNS Server as well as a VSS server. It also hosted QuickBooks Pro 99, Adobe Photoshop 5.0 LE and Visual Studio. Come to think of it, it also easily ran my own NT services, custom-made IIS ISAPI filters and custom SQL Server extended stored procedures that I’d written. It had Microsoft Office, Adobe Acrobat and Illustrator, Flash-development tools by Macromedia.

It ran all this on 384MB of memory.  And those fifteen prolific years’ worth of accumulated everything only resulted in about 4GB of storage, perhaps the equivalent of a mere three movies on my laptop now. I almost have to laugh as I store it on a terabyte external drive.

Digital Inflation

graph

Seriously, though, what have we gained by making everything so heavy? I recall being able to accomplish anything I needed to do in that older version of Adobe Photoshop and using a fraction of that 384MB of memory. Just now, it took Adobe Photoshop CC about five minutes to load up so that I could paste this graphic in and start to work on it. I select the Spot Healing tool and begin clicking.  One, two, three… and then I wait as the tool freezes up and I have to wait for the spinning cursor to resolve itself. I then Step Backward to remove the garbage that the tool added and try to repeat, only this time slower. This sucks. I know that older version from over ten years ago didn’t do this.

So now, every day we get faster and faster microprocessors with multiple cores. But that Windows 10 upgrade from this year demanded that we have no less than 4GB of RAM just to install it. Why?

The answer is that we’re under a form of inflation that’s taken over the digital world. The same resources we had last year just aren’t good enough.

Back in this post I suggested that open source projects are suffering from this bloat, too. Big companies like Google believe that programs have to be big to be good. I disagree. Sometimes quality and project size are in direct opposition with each other. The more code you have, the more code that could be potentially bad.

Who Do We Blame?

Is it the microprocessor manufacturers who are behind this? I don’t think so. How about the operating system makers like Microsoft and Apple? Probably. I do know that .Net is a huge, bloated layer of code that’s supposed to be Microsoft’s version of Java. But the reason for both Java and .Net is to write machine-independent code. And since nobody really writes .Net code to run on an Apple computer or on a Unix box then what’s the point?

And now that .Net has seen its heyday Microsoft is ready to do the “new, new thing” which is to chase Apple’s app-based iTunes-delivered store. So we as consumers picked up this thick layer of code in the form of .Net which honestly does little for us. And yet most of the software written for a Windows-based computer has to use this foundation. No wonder it takes so much to do so little.

I’d like to blame Adobe’s bloat on all the code which is designed to permission their new subscription-based model. Try to buy Adobe Acrobat now and you’re left with the choice of paying $500 or something like $20-per-month. Neither option is worth it, in my humble opinion. Much of that startup lag I mentioned before could be the client app talking to mothership Adobe to see if my licensing this month is paid.

Predictions

Honestly, the pendulum has to swing back the other way. Consumers will reject subscription-based pricing models, will turn in greater numbers to open source operating systems and desktop tools and eventually the big players will come back with their apologies and revised ideas about how to win back their former customers.

In earlier times you couldn’t expect an average computer person to use a command line interface. But younger computer users are trained in public school and they’re not so timid. Strangely enough, Microsoft is turning to a similar mechanism to do advanced things in their software using PowerShell commands. And there is even an option to install their server software without a GUI environment at all… like a UNIX server, if you think about it.

The original IBM PC didn’t have a Windows interface since that didn’t come until many years later. The very popular (free) Ubuntu server software now does the same. You’d be surprised how much work the computer can do when it’s not unnecessarily displaying graphics.

I believe that we’ll eventually build simpler interfaces. The Windows 10 “Metro” menu and those of smartphones now are visually simpler if you think about it. They’re essentially flat squares that you can push with your finger rather than the fussy-little, 3D-styled buttons from twenty years ago in Windows 95.

Hardware like Google Glass may remove the need for such specialized interfaces. Since this hardware doesn’t include a keyboard your ability to interact with the interface is limited to pointing your head toward a spot on the screen and holding it until it’s selected. When they add voice commands to this interface we’ll see yet another revolution in how we expect software to behave. Hopefully we’ll get to the point where there are no more buttons to push—all commands would be accomplished verbally in your own language of choice.

Back to simpler interfaces, however, must we have all the visual candy? Could we not focus on the work to be done, the spoken commands to trigger that work and remove everything else but the text-based status? On today’s hardware we could do that now if we really wanted to. But since companies like Apple/Microsoft/Google want their store-like delivery model we’ll likely not get what we want unless we build it ourselves.