The TinyOS source code is available for free online for many operating systems, however it takes a long time to get the environment set up and it is not portable at all. I came across XubunTOS but it did not seem to be in active development anymore, so I endeavored to install TinyOS 2.1 and 2.x from source into a regular Ubuntu image. The most help came from Matt Keally’s Blog. While doing this, I thought it might be useful to many others who wish to develop in the TinyOS framework but might not have the skills necessary to install it. Therefore, I developed this VirtualBox image so that you can install it on any system for which VirtualBox is available and supports USB passthrough for the programming of the motes. I’ve tested on Windows 7, Windows XP and it should work on any other host OS, but I would love to hear your feedback. All funny business aside, I present to the world UbunTOS:

Features

• Ubuntu 9.10 OS (patched through 2/5/2010)
• Complete TinyOS development environment
• TinyOS 2.1 Installed
• TinyOS 2.x CVS Installed (default environment)
• Portable for development in a variety of host environments
• Patched motelist for MIB520 programming board

Directions

1. Unzip the file and import into VirtualBox. I recommend at least 768M RAM
2. Boot system
3. Enable USB passthrough for the programming board. Check off the USB device in the menu as shown:
   
4. Check ‘motelist’ to see which port it has been assigned to (motelist has been patched to see MIB520 programming board)
5. Program away! TinyOS resides in /opt/

Download

MD5 sum:    9a27ba7902337139c2eae0121ec6ca4e

Download via torrent:     UbuntuTOS_Ubuntu-9.10_TinyOS-2.x.zip.torrent

If you happen to have spare bandwidth, please send me a note and I will link to the file via http or ftp.

Notes

• The default username is wcu and password is nosecurity
• The hostname is wcu-desktop, in honor of West Chester University which is sponsoring my research into Wireless Sensor Networks.
• To switch between the TinyOS 2.x and 2.1 environment, run the shell script /opt/tinyos-2.1.0/tinyos.sh or /opt/tinyos-2.x/tinyos-2.x.sh. By default the 2.x environment is loaded via ~/.bashrc/.
• To update TinyOS 2.x with latest CVS Code:
  cd /opt; cvs -z3 -d:pserver:anonymous@tinyos.cvs.sourceforge.net:/cvsroot/tinyos co -P tinyos-2.x
• I’ve testing this using Mica2 and Micaz. Let me know if you have success with other combinations as I just do not have the hardware to test.
• Usually the programming port and the data port are on consecutive ports. In the example above, the programming device is /dev/ttyUSB0 and the data port, for serialforwarder, is /dev/ttyUSB1

Known Bugs?

If you have issues while enabling USB Passthrough, such as an error like:

Version:1.0 StartHTML:0000000105 EndHTML:0000001970 StartFragment:0000000127 EndFragment:0000001952

Reboot your host system. I believe this happens while reinstalling the passthrough driver for the USB device for the first time. Rebooting seems to fix this problem, and after the initial setup this problem seems to disappear.

If you have any other problems (or compliments!) please leave a message via the form below.

FourSquare is a growing service that allows you to “Check in” to restaurants, grocery stores, museums and just about any place you can imagine. However, I have seen several of my friends checking in to locations which, I must say as a security research student, set off warning bells. Although I am calling out FourSquare specifically, these also apply to just about any other location based software where you broadcast your location to other folks, whether they are your friends or the general public. GoWalla and BrightKite are in the same boat.

As with any list, there are exceptions to the rule. So although I would say that you should generally avoid checking in at these locations and you can use it as a rough guide, things might be different for you personally.

Without further ado… here is my list of top FourSquare Check-in Locations To Avoid:

1. Checking In At Home

This one would seem to be obvious a few years ago. Remember the “old rules” when you got on the internet – don’t give anyone your real name, address, phone number or other personally identifiable information? It seems like this one went out the door when social media came into the picture. I’ve seen many folks posting the exact coordinates of their home, as well as when they are home. Between that and the fact that many users have their real names associated with their user ids, this becomes a huge security problem. Stalkers would love to get their hands on this information.

2. Checking In At Your Significant Other’s Home

Similarly to checking in at home, does someone need to know the location of your boyfriend’s, girlfriend’s or fiance’s residence? This information should be public knowledge.

Photo by epicharmus

3. Checking In At Your Bank

One thing you should never, ever let scammers, con artists, and identity thieves know is where you do your banking. Checking in even once at this location gives them not only an idea of the company where you bank at, but which branch you go to and the time of day you typically visit. This should definitely be a no-no. It’s like wearing an “I’m carrying cash” sign on your back.

4. Checking In While On Vacation

“I’m in Florida for the next 7 days with my whole family” is just begging for a burglar to come ransack your house. Maybe you have someone house sitting for you, or have some sort of security system in place, but I suspect many do not.

This is a tough one to follow. When you are on vacation in some interesting place, you want to tell your friends about it. What I tend to do is to check in, but not mention that my family is with me. This obfuscates some of the information and would hopefully give enough doubt to any would-be intruders to actually trying to break into your home.

5. Checking In At Your Doctor’s Office

In addition to calls of “TMI” this is another one that you should keep to yourself for privacy purposes. Someone could in theory call or visit your doctor’s office and get your personal medical information.

Photo courtesy of tidewatermuse

6. Checking In At Work, Depending on Your Job

This one depends highly on your job. If you are a security guard, you probably don’t want anyone knowing when you are on or off the job. However if you are a desk worker, you won’t mind if your friends, or anyone knows that you are indeed at work as this can be assumed.  If you are in the military and are deployed on a secret assignment in a foreign city, don’t think it is proper to check in anywhere in that city. (In fact, you might want to check in at a false location for misdirection, but that topic is for another day.)

Alternatively, if you are supposed to be at work but have called in sick, don’t check in at your favorite bar that night. It will reveal your ruse in an instant to anyone who is in-the-know enough to follow you on 4square.

7. Checking in at Your Child’s School

This is an addition from a friend, he mentioned that he makes sure that he never checks in at his children’s school. You don’t want to give someone a direct map and time table for when your kid is at school. This is another check in place that should be strictly off limits.

In conclusion, when checking into a location, be aware of what someone would do with that information if they had a malicious purposes. Maybe it is a bit paranoid, but I try to think of the above reasons before I check in at locations which could divulge sensitive information to unknown parties.

Sure you can restrict who you friend on these networks, but increasingly it has become obvious that criminals are using fake accounts to friend folks and “grow” their network. Be careful with who you friend and send all of your location information to. In addition to the above specific locations which can reveal sensitive information about you, any 4square user checking in at restaurants or other places divulge a pattern of travel that could be used against them.

dd if=/dev/zero of=zero.filename bs=1024 count=1000

You do the same using /dev/urandom:

dd if=/dev/urandom of=random.filename bs=1024 count=1000

Resulting in a 1MB file:

1000+0 records in
1000+0 records out
1024000 bytes (1.0 MB) copied, 0.0294247 s, 34.8 MB/s

This is transferring random data from the virtual device urandom to the output file. We use /dev/urandom instead of /dev/random because the /dev/random source generates random data very slowly. urandom is much faster at this but remains very random, if not quite a random as /dev/random. This should work with any system with dd and /dev/urandom.

However what I recently found out is that many LCD and Plasma televisions do not broadcast the correct 16:9 resolution via EDID, and therefore the computer doesn’t know what resolution to display and you have a stretched image.

I have an LG DU-37LZ30 which according to its specs at least has a 1366×768 native resolution (It is a 720p/1080i set). However its EDID system broadcasts a resolution of 1024×768, resulting in the signal looking stretched. Some programs, like Boxee for example, can correct this by forcing an aspect ratio while outputting the video and the result looks fine. However in many situations this doesn’t work.

On Windows XP, this was a pain but buying a program like PowerStrip by EnTech was able to correct the problem as you can force a resolution even if it is a “non-supported” one. However on Windows 7, and with nVidia graphics cards/drivers at least, it apparently ‘enforces’ the resolution which is broadcast via the EDID. Which means you are stuck with your weird resolution.

There are some hacks for overriding EDID info, but none of them seem to work on Windows 7. For example:

Thread over at AVS Forum on overrided EDID
Modifying your VGA cable to disable EDID broadcast (this nuked my VGA cable! Do not recommend!)
Forcing 1366×768 on Windows 7 forums

None of these solutions worked for me. Windows 7 even allows you to add a “custom” resolution but it still reads from the EDID to see if it is compatible and it has rejected my attempts at this.

Although I appreciate the “ease” that reading the EDID provides for general users, I wish there was an “advanced” section so that us users can force a resolution on a monitor. Maybe this is disabled because people were breaking their monitors, but it puts others like us in a lurch.  Has anyone seen this issue and/or have a resolution? Or do I just have a great reason to get a new TV?

Let’s face it, you don’t want all of the content that your cable provider offers. Cable providers have fought a-la-carte programming tooth and nail for this very reason. Much of it is specialty programming, and though I admit it is nice to know it was there, my family and I rarely watched any of it. My new setup brings many new sources as well as a CHOICE to what you want to view. I am very happy with the results so far.

My Requirements

There are a few requirements I had made for myself when deciding to go this route:

• Live Broadcast TV in HD must still be possible. Bonus for being able to DVR television shows.
• Ease of Use – must be usable by my family. I don’t expect it to be as ’simple’ as a vanilla cable box, but I want it to be close
• Access to Local Media – I want to be able to stream my backed-up movies, photos, and music

Backend Systems

I have an existing network infrastructure in my house, which I admit most non-geeks would not have set up. This is necessary for the “Live TV” portion of my setup as it includes the HD Tuner cards which do not fit into my new system as well as the muscle to compress these recordings. My current setup includes:

• 10/100/1000 Gigbit router with Wireless-N
• File server with 1.5TB of RAID storage space to store movies, music and other files
• External “Computer” acting as a server for BeyondTV. This computer includes a tuner card which handles unencrypted QAM streams

The Hardware

The system is actually very simple on the hardware side. Besides the TV, only 2 pieces of hardware are needed.

Acer Aspire Revo Computer (3610)

This is a dual-core Intel Atom computer running at 1.6Ghz. My specific system included 2GB of RAM and a 320GB hard drive. It has built in Wifi-N network connectivity, a card reader, multiple USB ports, optical audio, HDMI port, VGA port and analog audio jacks.

I picked this system not only because of its low cost (~$300) but because of the Nvidia ION chipset running under it’s hood. This chipset is optimized to handle 1080p HDTV video along with high def audio. In includes the Nvidia CUDA accellerations and is optimized to work with Windows 7. This chipset is also capable of handing HD video using Flash 10.1 (currently in open beta). This means that it can handle the HD Flash video since the main Intel Atom CPU is not doing the heavy lifting on the decoding of this content.

Snapstream Firefly Remote

This is a RF Remote which is customizable via XML configuration profiles. There is a profile available for both Boxee and Snapstream BeyondTV.

The Software

I decided to run Windows 7 for the OS. Windows 7 Home Premium runs great on this system and the drivers that are currently published work very well on it. It includes Windows Media for as a possible frontend but I have decided to use Boxee due to the plethora of content available and the active development of the platform.

BeyondTV Link

This software connects via the wireless wired network to the BeyondTV server in my house which actually has the tuner cards. This offsets some tasks handled by the server such as heavy disk I/O required for recording HD video streams and compressing them into smaller video files.

I did have some problem with High Definition video at first. When I used wireless-N, which should have plenty of bandwidth to handle even HD video, I had very stuttery playback. After going through a lot of testing, it seems that even though the bandwidth is plenty, the BeyondTV software suffers from a lack of flexibility when it comes to any sort of network latency. Therefore any sort of wireless connection does not appear to support streaming HD video. 100/1000 seems to be the only way to go if you are going to view live HD video on this machine.

After a show is recorded, is is re-encoded (they call it “ShowSqueeze”) using the H.264 codec. You save about 80% of the space of a normal HD TV show and the quality if very good. The default decoder that BeyondTV uses seemed to do fine, but I also installed CoreAVC codec which is CUDA optimized for handling H.264 video decoding. CoreAVC uses nVidia CUDA optimization which the system supports.

Boxee

Boxee handles everything from internet streamed video content to local content playback. The full capabilities of the Boxee interface is beyond the scope of this post, but it has numerous features:

• Streams Hulu, Fancast, Netflix and Pandora (to mention just the big players)
• Custom “Apps” to handle many other video sources
• Local Media handles streaming from a mapped network drive. Plays many codecs and containers including: MKV, AVI, DivX, Xvid, WMV, MP3, etc.
• Social Media Connectivity
• Refined ‘10 foot’ UI

Boxee is slick. Using it with the remote is a joy and you can really stream a LOT of video and audio from MANY different sources. This also might be its downfall. Along with the big name streams there are 100s of other ones available that would not be suitable for someone used to cable TV content. Also it seems to require a lot of clicking. Television is a different beast – you set a channel and can leave it on 24/7. With Boxee you need to select your content – which is both good and bad. It is good in that you get to watch what content you want, but bad in that you are not introduced to new content in a way a television station will.

Boxee Beta works well for most content but I did find issues with online content from several different sources such as ABC and the WB. The software is in active development so if you find this issues make sure to report them to the developers.

Here is a gallery of shots of the Acer Revo 3610, BeyondTV and Boxee Beta

The Initial Results

All being said and done, some not-too-obvious strengths and weaknesses appeared from using this setup. Media companies – please pay attention to these so you can improve your offerings!

Strengths

All Boxee content is on demand. All of your media is now available on your television and in your living room. LiveTV via this method retains the all-important DVR but is a fraction of the cost, which is the real monetary benefit to moving to this system from a proprietary cable system solution.

Running BeyondTV not only gives you the ability to watch TV on any PC throughout the home (with BeyondTV Link), but allows you to stream it online – so for example if you are at work you can watch any recorded shows or live TV.

You no longer live on the timetable of the major television stations but can feel free to view content when you are ready. Content on Boxee usually appears the day after it is on live TV, but I find more and more this is how I prefer to watch TV anyway.

Weaknesses

BeyondTV development seems to have been all but abandonded by the Snapstream team, who are now focused on enterprise markets. Although it is a capable system (still) it has not been in active development for 2 or more years. The age is starting to show, and I hope Snapstream comes around and continues development. As far as alternatives go, MythTV and SageTV are both out there but I was never a fan of either. I am investigating switching to the Windows Media Center platform for television but don’t have any results of that so far.

Boxee is still in Beta status and does have some bugs. Some random crashing and the inability to stream some content it told me was available is frustrating. The wide variety of content available via a ‘10-foot’ interface more than makes up for this drawback.

The lack of premium television stations is also notable. The whole Cablecard debacle of the past 8 years shows the resistance from the industry to modernize our television systems. With more premium content available on Amazon Video on Demand and iTunes, this becomes less of an issue. Since this is actually a PC, you can play this content albeit not via the Boxee interface.

The Future

So what will the future bring? The market is prime for a Boxee app which is basically a streaming television provider. Like a traditional cable company (or FiOS), you will install this app and pay a monthly fee for television program which is streamed over the internet. Premium channels are available a-la-cart finally as well as the traditional packages. Although due to licensing restrictions it won’t be free, you will be able to save 20-30% over traditional cable provider’s television programming. It may be offered for about $40-50 a month.

Paid, on-demand video is also lacking. If Boxee got on board with Amazon Video on Demand, it would be a powerful combination. This would allow you to both “rent” and “own” movies and television from Amazon’s streaming service. Boxee recently announced that it is developing Boxee Payments which will allow payments from the content consumers, to the content providers. I am looking forward to what this will bring the platform.

I may have jumped the gun a bit since the Boxee Box is soon to be available but my system does handle a few tasks that would not be possible on a streaming media box, namely live TV with DVR. If you are happy with you current cable situation, you would not likely see a lot of benefit moving to my setup. However if you want control of your media and are tired of the big named cable companies dictating how and when you get your entertainment, then you would definitely enjoy the freedom this setup provides.

Here are my own predictions for the 2010s:

1. Continued Convergence – Phone/Camera/Internet – Look for the decline of the “Point and Shoot” pocket camera as mobile phone cameras increase in quality to being on-par with smaller pocket cameras. Many pocket cameras already have miniscule sensor sizes that could fit into a cell phone device. A manufacturer will include this into a cell phone with an a new UI which will match P&S cameras for usability and customization. Internet will continue to grow in presence and utility on mobile devices.
2. Location Tracking Everywhere – Your device will automatically report to your friends where you are and what you are doing. Privacy controls will be built in to allow as much or as little sharing as possible, with many folks opting to disable the ability altogether. However, parents will still be able to “track” their kids.
3. Wireless Sensor Networks Will Become Ubiquitous – The continuing decline of the cost of these platforms will allow embedding in almost every imaginable place. Anywhere from road sensors to bridge monitors to traffic cameras will feature these devices.
4. The Rise of Data-Only High Speed Mobile Providers – Look for providers who provide plain high speed mobile access via WiMax or existing 3G/4G infrastructure. While the cost will be more than the current $30-$60 a month for current providers, the net-cost of mobile voice+mobile data will decrease because of the use of VoIP providers. Dual GSM/WiMax devices like the HTC Max 4G will become common.
5. Existing providers will fight tooth and nail to resist becoming “dumb pipes” – Much as with landline connections, existing wireless providers (specifically AT&T and Verizon) will fight for their lives using lobbiers and lawyers to prevent themselves from becoming a content-neutral data providers. They will provide shoddy mobile connectivity and blame it on technical restrictions to prevent other providers from piggybacking on their wireless data connections. Have you read your Terms of Service? They already prohibit anything other than Voice and Web, although I have almost never seen it enforced.

Do you have any predictions for the mobile world in 2020?

Sure we get a ton of channels from Verizon FiOS, but we hardly ever watch them. Our television viewing habits mainly consist of a few programs that my wife watches and a few programs that I watch, but we almost never watch them live. We typically DVR them and then watch them on our own time. For the few instances where we would like to watch live TV, for example when a Penn State game is on, we would like to be able to watch that. Normally the games are on ABC/NBC/Fox so premium cable channels such as ESPN aren’t necessarily needed. There will be some instances where a game may only be available on the Big 10 network or some other premium channel, but honestly I am not that big into sports and the times that this might occur will be few and far between, maybe 1 or 2 times a year, which I can deal with.

Of course the other thing I have to consider which kicking out the cable box is the “Wife Acceptance Factor” or WAF. I believe my solution has a very high WAF ratio and I am hoping she will agree.

The other main “Audience” of our TV is our kids. They shouldn’t be watching it much anyway, but let’s be honest here. They like their kids programs, but they are all DVRed and watched time-shifted anyway. For the programs they enjoy, we can either catch them on the public channels, or we can buy the DVDs and watch them that way.

The current setup:

• Verizon FiOS Premier TV Plan
• LG TV 37″
• 2-tuner HD DVR Box

So here is the tentative planned system:

• Eliminating our cable package and going with the “Local” plan at $12.99 a month. This should give us the local OTA in an Uncrypted QAM format that at a minimum our TV can decode using it’s tuner, and at best via our media streaming server. We could go with an antenna and pick them up but we are pretty far from the broadcast sources and it is questionable whether we would be able to pull them in. (~-$60/mo)
• Acer Aspire Revo 3610 Dual-Core Intel Atom machine with  Nvidia Ion Graphics. This will allow me to run the applications which I will explain further below. ($295 w/o OS, +$50 for Windows 7 [I already have a copy of Win7 to install])
• BeyondTV will be running on my main desktop system. I have a tuner card which receives QAM content. BeyondTV link, from reports, will run on this Revo system and allow me to stream HD TV to it as well as play any DVRed content. ($99 + $30)
• Hauppage WinTV tuner card. I currently have a single tuner card but if this works out will likely upgrade to a dual tuner card for more recording sources and the ability to watch a channel while recording another. (~$100)
• Snapstream FireFly remote to control the system. ($50)
• Boxee as the main non-TV user interface. ($0)
• Upgrade network to Wireless-n. Currently running B/G and I could run a physical network drop to the TV but I think just for future purposes upgrading the wireless network will be the best way to go.

The Acer Aspire Revo 3610 system is the core of the system besides the desktop which will do some of the heavy lifting with the TV tuner. It is a dual-core Intel Atom (1.6 ghz) system with the highly vaulted Nvidia Ion graphics chipset. This will allow much of the video processing to be sent to the graphics chip, which lets this little system handle 1080p video without problem, from the disk at least. One thing that is hanging out there is the question of will I be able to stream the video from my file server – so this is definitely a concern I have. From report’s I’ve seen from others, it can handle the workload but honestly until I see it working I will be skeptical. It was also recommended by the Boxee team as being a system to use and which will be supported in development in the future.

Television, both live and recorded, will be handled by Snapstream BeyondTV. My main PC upstairs contains the tuner card, and this system essentially acts as the interface for it. Anything non-television will be handled by Boxee which has a stellar interface. The Snapstream Firefly remote works with both BeyondTV and Boxee, allowing for one remote for all content.

So how do I plan on using the system:

1. Television

Using BeyondTV and BeyondTV Link, I will be able to watch Live, High Def television. Also will be able to time-shift content and have the ability to archive programs for watching later.

This beats Verizon’s HD DVR box in several ways. First of all, it is limited to 120GB which only holds several hours of HD content. We often find ourselves up against this limit. I’ve tried contacting them via multiple channels to inquire about expanding this with the built in USB/Firewire ports but they are not interested in having customers do this. Their loss.

For ‘archived’ television programs, I will be able to manually or automatically convert the programs into a higher compression format for indefinite storage. BeyondTV even includes “StreamSnip” which can cut out the commercials from your content. The alternative is doing this manually or just skipping commercials while they are playing.

For television programs that are not available via broadcast network television there are several options which this setup will supports.

Hulu

Many CBS, Fox, ABC and MTV shows are on Hulu with other networks signing up all of the time.

Fancast

This is another website, sponsored by Comcast, which includes shows from Hulu but also from other sources. There is a Boxee app which allows you to view these shows via the interface. Fancast is mainly an index of shows available online in streaming format.

iTunes/Amazon

For the remaining shows that aren’t available for free you can usually find them online in the iTunes or Amazon library. While you won’t be able to see them as they broadcast, they are usually available on the sites a day or 2 after they air. I will admit that my main holdup for switching over will be how I will not be able to see Mad Men as it airs, as it is one of my favorite shows currently airing and is only available on AMC, which doesn’t stream for free.

On the flip side, only AMC in standard definition was available via Verizon FiOS. Through the Mad Men subscription via Amazon or iTunes, the high def version will be available and also you get to keep it, without risk of ‘running out of room’ on your DVR device.

Other

You could either buy the season DVDs or acquire them through other means [torrent] if the above all fails. For some specific content, options are available online for purchasing a season or some type of other streaming pass, such as the Big10 Network.

2. Movies

We have an extensive DVD and Blu-ray collection and I am planning on ripping these for both backup purposes and to be able to access them on-demand using the media server. Boxee has a great interface for watching these movies, for example it automatically adds the disk covers.

Boxee also includes an app to allow you to stream Netflix movies to the device. If you are just looking for this feature there are several devices out there that will do it, such as Popcorn Hour, a Netflix-connected Blu-ray player, PS3/Xbox or the upcoming Boxee box. But I thought that having a machine to handle this will allow you to do other things as well.

Eventually I am hoping that Boxee will add an app to allow viewing of Amazon Video On Demand. While not currently available, this essentially gives any Boxee machine ability to view movies “On Demand” much like a cable box does. It would also allow the viewing of “Season Passes” for television shows. This is where the future is at – so I hope both Amazon and Boxee are on board with getting together on this.

I am going to keep the Blu-ray player we currently have attached, but I am hoping in the future to eliminate it either by ripping the movies to storage or by attacking a blu-ray drive to the machine.

3. Music/Audio

We did occasionally use Verizon’s music channels, but lets be honest, there are a lot of better options out there. I am a Pandora One subscriber and there is a Boxee app to connect into Pandora. There are a ton of other choices out there, and in the long run even a subscription to something like Rhapsody might be worth-while if we find outselves listening to a lot of music.

Boxee will also allow us to stream all of our downloaded music and stored MP3s, something that Verizon boxes can do but they charge $20 for their “Media Manager” package. While their setup might work for those who don’t know how to set something like this up, I thought it was a bit of a rip at $20 monthly for something you already own.

Boxee also has a great podcasting interface, and although I don’t think that I would use this feature for someone who is into podcasts this could be a neat function.

4. Other content

This is beyond the scope of this post, but via the Boxee interface there is a ton of content out there that is available for free. Everything from YouTube to OpenCourseWare to any type of video RSS feed. Developers are adding more content daily. A lot of it is niche content and not everyone will want to be navigating around the interface looking for things, but there is  TON of information that is available via the Boxee software. After I get this set up, I plan on writing a post about how my family actually uses the setup.

In Conclusion

In summary, the above is my plan for the great switchover. With the savings from not paying for Cable TV and all of those channels that I never use, I am hoping the up-front investment will pay for itself in about 6 months. I’m sure there will be some items which I forgot to include and will be last moment purchases but I think since I’ve thought this through pretty thoroughly they will keep to a mimimum.

Up front costs: $600 (personally defrayed 50% since I have most of the required software and hardware)
Monthly savings: $60

Let me know if you have any thoughts about my solutions or recommendations on anything you think I will need to add to the system. I’ll be writing  series of posts on the hardware and my progress in getting the system set up. I plan on documenting the setup, and the speedbumps, to assist others in setting up a similar system. You can also follow my progress via @ddrager.

This is due to how TCP frames data packets and optimizes them for connections. I believe by default TCP on most systems assumes about a 10mbit max capable transfer rate, so it does not show performance gains on a larger pipe without modification to the kernel options which govern TCP/IP frame size and features. Some distributions may make this change for you automatically however many will not.

To keep things short and sweet, we took the following advice from Speedguide.net on tweaking TCP parameters on linux kernel systems. This will cover Linux 2.1 and above – which means CentOS, RedHat, Ubuntu, Debian and many more distributions.

The TCP Parameters we will change are:

• /proc/sys/net/core/rmem_max - Maximum TCP Receive Window
• /proc/sys/net/core/wmem_max – Maximum TCP Send Window
• /proc/sys/net/ipv4/tcp_timestamps - (RFC 1323) timestamps add 12 bytes to the TCP header…
• /proc/sys/net/ipv4/tcp_sack – tcp selective acknowledgements.
• /proc/sys/net/ipv4/tcp_window_scaling – support for large TCP Windows (RFC 1323). Needs to be set to 1 if the Max TCP Window is over 65535.

If you recall /proc/ is the volatile portion of kernel configuration, you can change it on the fly but it will be reset on reboot unless settings are changed via an init file or setting the options in /etc/sysctl.conf. To change the settings once (to test):

echo 256960 > /proc/sys/net/core/rmem_default
echo 256960 > /proc/sys/net/core/rmem_max
echo 256960 > /proc/sys/net/core/wmem_default
echo 256960 > /proc/sys/net/core/wmem_max
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling

And to apply them for good, add the following lines to /etc/sysctl.conf:

net.core.rmem_default = 256960
net.core.rmem_max = 256960
net.core.wmem_default = 256960
net.core.wmem_max = 256960
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1

Use ’sysctl -p’ to apply the changes in this file to your running Linux instance. Feel free to experiment with these numbers to see how they impact your transfers, it depends a lot on how many and how large the files are that you transferring. These changes must be made on the SERVER side, any change on the client side would not impact the download speed from the server.

There are several other variables to consider, and these all depend on your application so change them if you know what you are attempting to do. After changing these settings, you will see speeds of about 10MB/sec (80mbps) on a 100mbps connection. The other 20mbps are lost in TCP and other network layer overhead, which is unavoidable.

A Higgs-Boson walks into a church, the priest says “We don’t allow Higgs-Bosons in here.” The Higgs-Boson says “But without me how can you have mass?”

from fora.tv via reddit

Posted via web from Dave’s Desktop

Tools used:

• Unetbootin
• Ubuntu 9.10 Desktop ISO
• One flash drive, 1 gig or larger
• chntpw

Accessing the Filesystem

First we use unetbootin to install Ubuntu 9.10 to a flash drive. The flash drive needs to be at least 1GB to install the image.

Select “Diskimage” and then the .iso file we downloaded of the Ubuntu 9.10 image.

Select the USB Drive and Drive Letter to install the ISO onto. Click OK:

Once the program is done, click ‘exit’ and remove the USB Drive. You now have a bootable live image of Ubuntu 9.10.

Plug the usb drive into the target system. Boot off of the drive, you may need to change the boot options in the BIOS if it is set to boot off of the hard drive. Select “Default” in the unetbootin boot menu to boot into the Ubuntu OS. It will automatically log you in.

Once booted you already have access to the Windows filesystem since the ntfs filesystem driver is included in the kernel. This is nice and wasn’t the case not too long ago.

We chose two reasons to use unetbootin and Ubuntu 9.10. The first is the ease of use of installing a bootable image. After downloading the two packages, it is trivial to load the OS onto the drive, and since it includes ntfs drivers it allows us to access the unencrypted hard drive on boot. Since it is on a USB drive, any system made since 2000 or so should be able to boot this. You don’t need to lug around a CD or even access the CD drive.

To prevent easy access to the hard drive, encryption of the hard drive partition would be necessary using Microsoft EFS or TrueCrypt hard drive encryption software. After encrypting the hard drive, any live operating system running would not be able to decrypt the hard drive easily.

Furthermore, installation of a BIOS level password would ensure that any unauthorized users would not be able to boot alternative operating systems via USB, CDROM, Floppy or other method. The only way to defeat a BIOS level password would be to reset the BIOS (requiring entrance into the hardware of the system) or using an Evil Maid style attack.

The Evil Maid attack is performed by a theoretical malicious party that has access to the target PC without alerting the legitimate user. Without knowledge of the authorized; a root kit or device would be installed (for example, on the USB connector of the keyboard) to sniff out the password as entered on bootup. After the user boots the system and finishes her work, ostensibly shutting down the system securely, at least to her knowledge, the Evil Maid would then collect the password entered into the BIOS, thereby defeating the BIOS password security measure.

Resetting the Password

We can now reset the Administrator or any other password on this system using the tool chntpw. To install this package, ensure the system has a connection to the internet (via dhcp perhaps?) and run the command:

sudo software-properties-gtk --enable-component=universe --enable-component=multiverse; sudo apt-get update; sudo apt-get install chntpw

Alternatively, you can download the executable and place it on the USB drive to give access without connecting to the internet. chntpw is the software that modifies the SAM (Security Accounts Manager) database file. Use the terminal to change directories to the password file

cd /media/path/to/disk/WINDOWS/system32/config/

Then execute the chntpw utility:

  # sudo chntpw -u username SAM SYSTEM

View the sample output:

ubuntu@ubuntu:/media/B830C9BC30C981BC/WINDOWS/system32/config$ sudo chntpw SAM SECURITY
chntpw version 0.99.5 070923 (decade), (c) Petter N Hagen
Hive <SAM> name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0x7000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 6 pages (+ 1 headerpage)
Used for data: 255/20736 blocks/bytes, unused: 9/3648 blocks/bytes.

Hive <SECURITY> name (from header): <emRoot\System32\Config\SECURITY>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 666c <lf>
Page at 0xe000 is not 'hbin', assuming file contains garbage at end
File size 262144 [40000] bytes, containing 13 pages (+ 1 headerpage)
Used for data: 1074/49024 blocks/bytes, unused: 9/3808 blocks/bytes.

* SAM policy limits:
Failed logins before lockout is: 0
Minimum password length        : 0
Password history count         : 0
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator                  | ADMIN  | dis/lock |
| 03ec | ASPNET                         |        | dis/lock |
| 03ed | CSC603                         | ADMIN  | dis/lock |
| 01f5 | Guest                          |        | dis/lock |
| 03e8 | HelpAssistant                  |        | dis/lock |

---------------------> SYSKEY CHECK <-----------------------
SYSTEM   SecureBoot            : -1 -> Not Set (not installed, good!)
SAM      Account\F             : 1 -> key-in-registry
SECURITY PolSecretEncryptionKey: 1 -> key-in-registry

***************** SYSKEY IS ENABLED! **************
This installation very likely has the syskey passwordhash-obfuscator installed
It's currently in mode = -1, Unknown-mode
SYSKEY is on! However, DO NOT DISABLE IT UNLESS YOU HAVE TO!
This program can change passwords even if syskey is on, however
if you have lost the key-floppy or passphrase you can turn it off,
but please read the docs first!!!

** IF YOU DON'T KNOW WHAT SYSKEY IS YOU DO NOT NEED TO SWITCH IT OFF!**
NOTE: On WINDOWS 2000 it will not be possible
to turn it on again! (and other problems may also show..)

NOTE: Disabling syskey will invalidate ALL
passwords, requiring them to be reset. You should at least reset the
administrator password using this program, then the rest ought to be
done from NT.

Do you really wish to disable SYSKEY? (y/n) [n]
RID     : 0500 [01f4]
Username: Administrator
fullname:
comment : Built-in account for administering the computer/domain
homedir : 

User is member of 1 groups:
00000220 = Administrators (which has 2 members)

Account bits: 0x0210 =
[ ] Disabled        | [ ] Homedir req.    | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account  | [ ] NMS account     |
[ ] Domain trust ac | [ ] Wks trust act.  | [ ] Srv trust act   |
[X] Pwd don't expir | [ ] Auto lockout    | [ ] (unknown 0x08)  |
[ ] (unknown 0x10)  | [ ] (unknown 0x20)  | [ ] (unknown 0x40)  | 

Failed login count: 1, while max tries is: 0
Total  login count: 1

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (make user an administrator)
 4 - Unlock and enable user account [probably locked now]
 q - Quit editing user, back to user select
Select: [q] >

Depending on the status of the SYSKEY password security, you may only be able to blank the password and not actually change it. I recommend blanking the password and then resetting it once you log into the system.

You can also unlock a system if the user accounts have all been locked out due to too many login attempts or any other reason. Using these tools you can gain access to almost any unencrypted Windows system, from Windows NT up to Windows 7.

As a warning, If there is data on the hard drive you wish to keep, make sure to make a backup of the hard drive before performing this password as it can corrupt the Windows installation.