We are very happy to announce the arrival of our second daughter, Elizabeth, today. She was born early this morning. 9lbs. 7oz (big baby!), 22″ long. She and mother are doing fine and resting.
If this site has been useful, please consider participating in the Fundraiser.
As I’m sure is the case with the rest of you (particularly if you use Twitter), I’ve been hearing more and more about the Iranian Election and the difficulties the people there are having in getting connectivity outside of the country. Without getting too detailed, it sounds like the incumbent president has cut off internet access to most major social networking sites. Sites that the protestors were trying to use to organize peaceful rallies and request recounts on the polls.
If you are interested in helping them fight to have their voices heard you can setup a Squid Proxy which will allow them to anonymously access Facebook, Twitter, YouTube and other such sites in order to organize and move forward. I have already personally setup and volunteered two proxies. The more that are available the better chance these people will have to continue to communicate with the outside world. If you would like to help out, please keep reading for instructions on how to setup a proxy and securely communicate the details to supporters inside Iran.
Note: please only configure and volunteer proxies for servers and internet connections that you own. Please do not run these on corporate or educational internet connections unless you have express permission.
Installing Squid
By following these instructions you should be able to have a Squid proxy available for use within just a few minutes. Even if you have setup Squid in the past, please make note of these customized instructions. The include access control restrictions to disallow Iranian government offices, and have logging disabled for anonymity.
To install squid use the command (or click on the link):
sudo aptitude install squid
Finding Your Public IP Address
You will need to document your public IP address for the configuration and for use by the protestors. You can find your public IP address by visiting the site: http://whatismyip.com. Make note of the address as you will need it for the configuration below.
Configuring Squid
We’ll now customize three things within the squid configuration.
Open your squid configuration file, which is found in /etc/squid/squid.conf and search for the line “http_port 3128″. Change the port number to a different, random port. Do not use the following port numbers: 81/8080/8181/9090/3218. These are globally blocked within the country.
Next we’ll define the access control restrictions. What this will do is allow proxy access to the Iranian residential address ranges but not include the government offices. It will also block all other use of your proxy.
Search for the line beginning with “# INSERT YOUR OWN RULE(S)” and add the following on the next blank line:
acl TRUSTED src 62.60.128.0/17 62.193.0.0/19 62.220.96.0/19 77.36.128.0/17 77.77.64.0/18 77.104.64.0/18 77.237.64.0/19 77.237.160.0/19 77.245.224.0/20 78.38.0.0/15 78.109.192.0/20 78.110.112.0/20 78.111.0.0/20 78.154.32.0/19 78.157.32.0/19 78.158.160.0/19 79.127.0.0/17 79.132.192.0/19 79.170.144.0/21 79.175.128.0/18 80.66.176.0/20 80.69.240.0/20 80.71.112.0/20 80.75.0.0/20 80.191.0.0/16 80.242.0.0/20 80.253.128.0/20 80.253.144.0/20 81.12.0.0/17 81.28.32.0/20 81.28.48.0/20 81.31.160.0/20 81.31.176.0/20 81.90.144.0/20 81.91.128.0/20 81.91.144.0/20 82.99.192.0/18 82.115.0.0/19 83.147.192.0/18 84.47.192.0/18 84.241.0.0/18 85.9.64.0/18 85.15.0.0/18 85.133.128.0/17 85.185.0.0/16 85.198.0.0/18 86.109.32.0/19 87.107.0.0/16 87.247.160.0/19 87.248.128.0/19 89.144.128.0/18 89.165.0.0/17 89.221.80.0/20 89.235.64.0/18 91.98.0.0/15 91.184.64.0/19 91.186.192.0/19 91.206.122.0/23 91.208.165.0/24 91.209.242.0/24 91.212.16.0/24 91.212.19.0/24 91.212.252.0/24 92.42.48.0/21 92.50.0.0/18 92.61.176.0/20 92.62.176.0/20 92.242.192.0/19 93.110.0.0/16 93.190.24.0/21 94.74.128.0/18 94.101.128.0/20 94.101.176.0/20 94.101.240.0/20 94.139.160.0/19 94.182.0.0/15 94.184.0.0/17 94.232.168.0/21 94.241.128.0/18 95.38.0.0/16 95.80.128.0/18 95.81.64.0/18 95.82.0.0/18 95.82.64.0/18 95.130.56.0/21 95.130.240.0/21 188.34.0.0/16 188.93.64.0/21 188.121.96.0/19 188.121.128.0/19 188.136.128.0/17 188.158.0.0/15 193.189.122.0/23 194.225.0.0/16 195.146.32.0/19 212.16.64.0/19 212.33.192.0/19 212.50.224.0/19 212.80.0.0/19 212.95.128.0/19 212.120.192.0/19 213.176.0.0/19 213.176.32.0/19 213.176.64.0/18 213.195.0.0/18 213.207.192.0/18 213.217.32.0/19 213.233.160.0/19 217.11.16.0/20 217.24.144.0/20 217.25.48.0/20 217.64.144.0/20 217.66.192.0/20 217.66.208.0/20 217.146.208.0/20 217.172.96.0/19 217.174.16.0/20 217.218.0.0/15
http_access allow TRUSTED
http_access deny all
access_log none
cache_store_log none
visible_hostname <your public IP>
Once you have saved these changes run the following two commands to activate things:
sudo squid -z
sudo /etc/init.d/squid start
If you don’t see any errors you should be ready to go. You can now submit your public IP address and random port to the following email addresses for secure propagation within Iran.
me@austinheap.com and smallworldnews@gmail.com
I hope you are able to volunteer toward this cause. The stories that I have read and the videos and images I have seen show a real injustice is going on in that country. There are many young people who are trying to vote in a real Democratic election, yet their votes are being ignored and their voices are being silenced. If you believe that Freedom is something we all deserve, get involved.
You can find more information and inside updates here here and here.
Recently I asked for some user-contributed content for the site, and while I didn’t get the amount of feedback that I’d like, I did get one good suggestion that I knew I needed to pass on. How to share your internet connection. This tutorial outlines, in a very simple way, how to share your wired connection by creating an ad-hoc wireless broadcast. I imagine this would be great for LUG meetings and small gatherings where wireless is lacking but there is limited wired connectivity. Thanks to Aaron for the suggestion.
Requirements
In order to share your wired connection and create an ad-hoc wireless network you will need the following:
Installation and Configuration
The requirements above are pretty easy to come by. Network Manager 0.7 or later should be installed by default on any Ubuntu version past 8.10 (Intrepid, Jaunty and later). The dnsmasq-base package can be installed using the command (or clicking the link):
sudo aptitude install dnsmasq-base
At this point you should have all of your requirements met and we can move on to creating the ad-hoc wireless network.
Click on the Network Manager icon and select “Create New Wireless Network”.
You’ll be prompted to define a Network Name and optional Wireless Security Level. Once you define these values and activate you should be able to see a new SSID listed and begin sharing your connection. Enjoy!
I came across a short how-to on the Ubuntu Forums today that I wanted to pass along. I don’t take credit for coming up with these steps. The credit belongs to user dragos240 of the Ubuntu Forums. I figure there have got to be a few of you that are interested in trying this out, or passing it along as well, so here it is.
Step 1: Disclaimer
Before you start following these steps be aware of the potential consequences. As outlined in the Ubuntu Forums tutorial:
DOING THIS WILL VOID YOUR WARRANTY AND HAS A POSSIBILITY TO PERMENENTLY BRICKING YOUR SANSA FUZE.
It may also be prudent to read through the entire thread at the Ubuntu Forums before you get started. This way you can avoid any surprises.
Step 2: Download
The author has put together a single archive with everything needed to update your Sansa Fuze to run Rockbox. This archive is available for download here. There is not a published MD5 on the Ubuntu Forums post, but this is what I got:
MD5 (Rockbox.tar) = 6a4fc70b13c00e5f35926125a64effe9
Step 3: Connect Sansa Fuze
The next step is to connect your Sansa Fuze via USB and make sure the mode is set to “MSC”.
Step 4: Copy the Archive
At this point you should be ready to copy the contents of the previously downloaded archive onto the root of your device. Make sure you get everything copied. You can press ctrl-h within Nautilus to view any hidden files, just to make sure.
Step 5: Unplug, Shut Off
Once everything is copied and you safely eject the device (right-click, eject), unplug it from the USB connection and turn it off. Give it a few seconds and then turn it back on again. This is the point where you cross your fingers, offer up any sacrifices and otherwise pray to whatever gods you believe in that everything worked.
Step 6: Enjoy Rockbox
If all went according to plan (and the Gods smiled upon you!) you should have Rockbox up and running when you turn the device back on. You’ll end up with a lot more features than you find in the default Sansa Fuze interface and, the best part, its good ‘ol Free Software.
I surely hope you don’t run into any problems, but if you do I would advise you to stop by the Ubuntu Forums and ask for help in the thread. It is only three days old at the time of this writing so it should still be pretty active. If you have anything to add or, more importantly, clear pictures of the finished product please share them here!
For those of you that enjoy the bleeding edge and want to help test the next release of Ubuntu, the second Alpha release of 9.10 is now available. You should be warned that this release is not meant for the faint of heart or production machines. It will very likely break before it is done, leaving you with all kinds of interesting problems. On the other hand though, a little bleeding edge never killed anyone (plus, you learn a lot when things break).
Some of the upcoming features in Ubuntu 9.10 are:
If you’d like to help test this release you can find more information regarding known issues, download locations and how to report bugs here. Let the testing begin!
This article is part of a series regarding firewalling and network security using the Firewall Builder tool on Ubuntu. This is user-contributed content. If you would like to contribute an article, please see the About page for contact information.
Using Built-in Policy Importer in Firewall Builder
 |
Author: vadim@fwbuilder.org |
This article continues the series of articles on Fireall Builder, a graphical firewall configuration and management tool that supports many Open Source firewall platforms as well as Cisco IOS access lists and Cisco ASA (PIX). Firewall Builder was introduced on this site earlier with articles
Getting Started With Firewall Builder.
More information on Firewall Builder, pre-built binary packages and source code, documentation and Firewall Builder Cookbook can be found on the project web site at www.fwbuilder.org. Watch Project Blog for announcements and articles on all aspects of using Firewall Builder.
This article demonstrates how you can import existing iptables or Cisco router configuration into Firewall Builder.
There are two ways to activate the feature: Main menu “File/Import Policy” or “Tools/Discovery Druid” and then choose option “Import configuration of a
firewall or a router”. Only import of iptables and Cisco IOS access lists is possible in the current version.
Importing existing iptables configuration
iptables config that the program can import is in the format of iptables-save. Script “iptables-save” is part of the standard iptables install and should be present on all Linux distribution. Usually this script is installed in /sbin/ . When you run this script, it dumps current iptables configuration to stdout. It reads iptables rules directly form the kernel rather than from some file, so what it dumps is what is really working right now. To import this into fwbuilder run the script to save configuration to a file:
iptables-save > iptables_config.conf
Then launch fwbuilder, activate “Import Policy” function and use “Browse” button in the dialog to find file iptables_config.conf. You also need to choose “iptables” in the drop-down menu “Platform”.
Recently a friend of mine was talking about starting his own consulting business and it got me thinking about how viable it might be to completely run a small business on free software like Ubuntu. I mean completely run your business on free software, down to the last detail. I don’t mean mostly, but 100% create, manage and run your small business using free software. That got me thinking about what is required to get a small business off the ground, which quickly led to marketing materials. Business cards. Labels. Letterhead. The things you just assume you’d have as a small business, but don’t really think about creating until you’re in the situation.
While I was thinking about this I came across an application that looks like it’d fit this need perfectly. It’s called gLabels, and is designed specifically for creating labels and business cards in the GNOME desktop environment. From the website:
gLabels is a program for creating labels and business cards for the GNOME desktop environment. It is designed to work with various laser/ink-jet peel-off label and business card sheets that you’ll find at most office supply stores. gLabels is free software and is distributed under the terms of the GNU General Public License (GPL).
Sweet! Looks like that’d fit the bill perfectly, and it is available in the Ubuntu repositories! To install, enter the command (or click on the link):
sudo aptitude install glabels
Once you’ve got it installed it really looks like a breeze to use as well! I also found a site that has a good, more in-depth tutorial on getting started with it. Printing Labels in Ubuntu outlines some basic usage of gLabels, including screenshots. Worth checking out.
While I was at that link I also found a really detailed tutorial on creating quality business cards using Inkscape, another application available in the Ubuntu repositories. Ubuntu wins again for application availability! If you have never used Inkscape before it really is worth checking out. It can be installed using:
sudo aptitude install inkscape
Inkscape is a great tool for creating business cards, letterhead, etc. It’s great for all kinds of detailed graphic design while on Linux. Again I’ll refer you to the Business Card Tutorial using Inkscape for a great writeup of how to do business cards.
In conclusion, I have to admit that Ubuntu appears to have just the right tools to get a small business going. Business Cards. Labels. Letterhead. The best part about the whole thing is that none of these applications adds any additional cost to the difficulty of starting a small business. You’ve got to love “Free as in Beer”.
I just got word that Google has released a Developer Preview for their browser, Google Chrome. I have not had time to test it on my Linux machine yet, but I have installed in on OS X and it is working great so far! There are bugs, of course. The limitations are mentioned at the download page, but overall it has been working like a champ.
I love that Google released a browser, and not just any browser, but a browser that redefines how browsers should work from the bottom up. I also love that Google doesn’t limit this offering to a single operating system, but shares it with everyone. Granted it has been a while since the Windows-only release, but this really shows that they *have* been working on it, and now have something to offer us.
If you’d like to see some basic screenshots (again, I have not tested this on my Linux machine, only OS X) you can visit my other blog. In the meantime, here is a link to the dirty details and downloads.
Early Access Release Channels: Chromium (Google Chrome Downloads)
Enjoy!
You may have noticed that this site has been a little short on content of late. Things have continued to be hectic for me with one young baby in the house and another one arriving before the month is out. I just have a difficult time finding time to flesh out and publish new content as often as I have in the past.
I would like this site to continue to be a source for Ubuntu user education and skillset improvement, but I’ll need your help to make that happen to the extent that I think we all hope. If you have anything that you’d like to share here please feel free to send me your writeup. You can find my contact details on my contact page.
Please follow these guidelines and include the following details:
Please ensure that your email, particularly the Content portion, is sent in plain text. HTML formatted emails will be rejected. Also only submit content that you have rights to. If you include a license with your content it will be included with your post. If no license is included your content will fall under the global site license of CC-BY-SA.
If you have something to share, no matter the skill level, please take a minute to submit something so the rest of us can enjoy it.
This article is part of a series regarding firewalling and network security using the Firewall Builder tool on Ubuntu. This is user-contributed content. If you would like to contribute an article, please see the About page for contact information.
|
Author: vadim@fwbuilder.org |
This guide starts a series of articles about Firewall Builder. Firewall Builder (also known as fwbuilder) is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Both professional network administrators and hobbyists managing firewalls with policies more complex that is allowed by simple web based UI can simplify management tasks with the application. The program runs on Linux, FreeBSD, OpenBSD, Windows and Mac OS X and can manage both local and remote firewalls. The first article is an introduction to the program. We will follow up with series of articles focusing on more advanced aspects of it in the coming weeks.
Firewall Builder is packaged with most Linux distributions and is available under “System/Administration” menu.
If it is not there, then it probably needs to be installed on your system. You need to install package that has supporting API library libfwbuilder and package fwbuilder that contains Firewall Builder GUI and policy compilers. Use apt-get or aptitude to find and install them:
# aptitude install libfwbuilder fwbuilder
On FreeBSD and OpenBSD Firewall Builder is part of ports, you can find it in /usr/ports/security/fwbuilder.
Packages shipping with Ubuntu are always one or two minor revisions behind. If you want to try the latest version, you can use pre-built binary .deb packages offered on the project’s web site or build from source using our online installation instructions. Pre-built binary packages can be installed using our repositories of rpm and deb packages, see instructions on this page.
If the system menu item is not there or you have built the program from source, you can always launch it from the command line by just typing “fwbuilder” on the shell prompt:
$ fwbuilder
