Search this blog

Wednesday, May 25, 2016

Remembrance time: was your LinkedIn account caught up in the 2012 hack? will your _____ account be caught in the 2018 hack ?

It is never fun to discover that your identity has been stolen. This ZDNet article drew my attention to the recent exposure of the entire data set that was stolen on the great hack on LinkedIn that took place almost 4 years ago, on june 2012. 

Back than, in 2012, LinkedIn responded with commendable speed to that breach of security, and I remember receiving the following message on the day of the hack: 
warning email from linkedin, telling of the data breach

It is one thing to know that your data has been stolen, and another to know that it is still being a commodity. Following the article, I checked haveibeenpwned, and indeed, among other users, my identity is part of the LinkedIn hacking merchandise sold out there.... 

Still. it could have been worse. After all, the password in question was changed immediately after I received the warning. As sad as one might be about one's email being exchanged among malicious hackers. this does not change reality, it only clarifies it. 

Online existence has its prices. We have to install doors and windows in our homes if we wish to get out to the world or receive guests. We have to display an online presence if we wish to utilize the remarkable advantages of the Internet. The reminder of the existence of criminals is not a reason to be scared or to avoid things, it is just another reason to take care. 

Taking care means the following steps:
  1. Don't use the same password for different websites. I know it is hard. Don't. 
  2. Adopt a password regulation scheme, which should be especially rigorous regarding services in which you keep sensitive information. With 'rigorous' I include:
    1. password complexity;
    2. frequency of change;
    3. intelligent memorization/personal storage of your password. 

Further Reading 

Monday, May 16, 2016

Microsoft is finally joining the linux world ! (or - Bash on ubuntu on windows is not an April fool's joke)

Sometimes experience leads you astray. It happened to me about a month and a half ago, when I published the post "Bash on Windows". I was sure the recent Windows news about Microsoft providing a linux shell within windows were another classic April Fool's joke. 
turns out I was wrong.

But first, a little bit of apologetics:
I had good grounds for this assumption, in the form of past April Fool's jokes:
True, none of those jokes is in the same league of the now legendary clippy returns, and it is also true that Microsoft has been outperformed in the April Fool's caregory by Google for years. And yet, the combination of the timing and the content sent me to a completely wrong conclusion.

Now it is high time to state the correct facts.
In the last month accumulating pieces of technology news made me doubtful about that earlier liar-liar pants on fire call. A recent April 26th Microsoft blogs update made me realize that this news item is the real thing. 

Still, being a doubtful person, I wanted to see for myself if and how this works. So I followed the instructions on Microsoft developer that explain how to install "Bash on Ubuntu on Windows"
Naturally, it wasn't as swift and quick as one could have anticipated. Why? mainly because this bash on windows option is still in beta. 

So, what one has to do to install Bash on Microsoft:
1) Configure windows update so that it will deliver new Windows beta features, through Microsoft's Windows Insider.

Before I explain how to do that, let's stop for a minute.
Don't take this lightly.
Working with Windows Insider builds means that your entire workstation is working with a beta stage operating system.
Do this with your own judgement and care.
Me? I use Linux Mint most of the time nowadays, so what do I care if my Windows 10 gets less stable ?

Having decided to boldly go into Microsoft betas world, first you need to become a registered Windows Insider.
.
Afterwards, on your machine, open Settings \ Update & Security.
Click The "Advanced options".
Click the  "Get Started" button and sign in using your Microsoft Account and password (the one which you used to register into the Windows Insider program).
I don't know if it is universal, but my Windows thought it necessary to reboot at this stage.

Theoretically, you'd expect that afterwards Windows update would promptly bring you the latest builds in the insider program. But however frequently you are going to check for updates and new preview builds, they will take their time before they appear.

Windows update is its own master, it has its own pace (as following discussion - "windows 10 insider preview build 10240 not appearing on windows update" teaches).

My own personal experience? having configured everything to work with windows 10 insider, it took less than 24 hours but more than 12 before I got to see the following sight:

windows update downloading inside preview 14332

  (I know, I can go over Windows logs and find the accurate time. I have a life. Let's settle with 12-24, ok?)

 2) Now, with the build applied, go to Settings\Update&Security, choose "For developers" and choose the "developer mode" radio button.

 Afterwards, open “Turn Windows Features on or off” from the start menu, and configure windows to activate the option "Windows Subsystem for Linux (Beta)".

how to activate the option "Windows Subsystem for Linux (Beta)"

As always with Redmond's best -  a reboot shall be required after your "OK"...

Windows completes requested changes and needs to reboot


3) Having rebooted and returned, we can enter cmd (as admin) and execute bash for the first time... in which you shall be asked to confirm the license terms, and afterwards ms-bash will download and install the assortment of tools that is ubuntu (minus the kernel. this isn't about virtual machines, this isn't about an operating system to replace windows, this is more about windows emulating linux). 

command prompt image with download beginning


Afterwards, at the end of installation you are requested to provide a username and password. By this you are creating your user and password (for sudo and such). Write those down somewhere or memorize them.

download complete. we are asked to provide a UNIX username


You will need them. 

And then,
at last,
one can play a little with the new toy!

My first impressions - a rather messy and confused report on my first usage of Microsoft Bash. 
Line completion acts quite  like bash, but as far as complex folder names are concerned, it still has some window-ish drawbacks in it (try cd-ing into a folder with spaces in its name)

A small test with working with environment variables went quite well: 
export PS1="\u@\h:"

image of output of bash commands to dispaly and change environment  variable PS1


(I hate long prompts and I don't really trust them, so that they don't spare me the necessary pwd-ing)

Next, lets see if we can run something with dependencies. Although I can barely handle Emacs, being a vi person myself, lets try:
myuser@mycomputer:emacas
No command 'emacas' found, did you mean:
 Command 'emacs' from package 'emacs24-nox' (main)
 Command 'emacs' from package 'emacs23' (universe)
 Command 'emacs' from package 'emacs24' (main)
 Command 'emacs' from package 'e3' (universe)
 Command 'emacs' from package 'emacs23-nox' (universe)
 Command 'emacs' from package 'emacs23-lucid' (universe)
 Command 'emacs' from package 'emacs24-lucid' (universe)
 Command 'emacs' from package 'jove' (universe)
emacas: command not found
Ooops... 
myuser@MYCOMPUTER:emacs
The program 'emacs' can be found in the following packages:
 * emacs24
 * emacs24-nox
 * e3
 * emacs23
 * emacs23-lucid
 * emacs23-nox
 * emacs24-lucid
 * jove
Try: sudo apt-get install <selected package>
Being a smart alec, I curiously tried instead 
myuser@MYCOMPUTER:sudo apt-get install emacs
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  os-prober
Use 'apt-get autoremove' to remove it.
The following extra packages will be installed:
  acl at-spi2-core ...  x11-common
Suggested packages:
  emacs24-el ... fonts-unfonts-core
The following NEW packages will be installed:
  acl ...  x11-common
0 upgraded, 114 newly installed, 0 to remove and 0 not upgraded.
Need to get 47.6 MB of archives.
After this operation, 192 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main imagemagick-common all 8:6.7.7.10-6ubuntu3 [37.2 kB]
.... [ a long list ] ...
Get:68 http://archive.ubuntu.com/ubuntu/ trusty-updates/main libgtk-3-0 amd64 3.10.8-0ubuntu1.6 [1,960 kB]
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main libgudev-1.0-0 amd64 1:204-5ubuntu20.18
  404  Not Found [IP: 91.189.88.161 80]
...
Get:113 http://archive.ubuntu.com/ubuntu/ trusty/main librsvg2-common amd64 2.40.2-1 [4,990 B]
Fetched 47.6 MB in 1min 33s (508 kB/s)
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/libgudev-1.0-0_204-5ubuntu20.18_amd64.deb  404  Not Found [IP: 91.189.88.161 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Ok, first, lets make sure we are on ground level. 
myuser@MYCOMPUTER:sudo apt-get update
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
Ign http://archive.ubuntu.com trusty InRelease
Get:2 http://archive.ubuntu.com trusty-updates InRelease [65.9 kB]
Get:3 http://security.ubuntu.com trusty-security/main amd64 Packages [462 kB]
Hit http://archive.ubuntu.com trusty Release.gpg
Get:4 http://archive.ubuntu.com trusty-updates/main amd64 Packages [758 kB]
Get:5 http://security.ubuntu.com trusty-security/restricted amd64 Packages [13.0 kB]
Get:6 http://security.ubuntu.com trusty-security/universe amd64 Packages [127 kB]
Get:7 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4,982 B]
Get:8 http://security.ubuntu.com trusty-security/main Translation-en [254 kB]
Get:9 http://security.ubuntu.com trusty-security/multiverse Translation-en [2,570 B]
Get:10 http://security.ubuntu.com trusty-security/restricted Translation-en [3,206 B]
Get:11 http://security.ubuntu.com trusty-security/universe Translation-en [75.1 kB]
Get:12 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [15.9 kB]
Get:13 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [359 kB]
Get:14 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [13.2 kB]
Get:15 http://archive.ubuntu.com trusty-updates/main Translation-en [380 kB]
Get:16 http://archive.ubuntu.com trusty-updates/multiverse Translation-en [7,227 B]
Get:17 http://archive.ubuntu.com trusty-updates/restricted Translation-en [3,699 B]
Get:18 http://archive.ubuntu.com trusty-updates/universe Translation-en [188 kB]
Hit http://archive.ubuntu.com trusty Release
Hit http://archive.ubuntu.com trusty/main amd64 Packages
Hit http://archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://archive.ubuntu.com trusty/universe amd64 Packages
Hit http://archive.ubuntu.com trusty/multiverse amd64 Packages
Hit http://archive.ubuntu.com trusty/main Translation-en
Hit http://archive.ubuntu.com trusty/multiverse Translation-en
Hit http://archive.ubuntu.com trusty/restricted Translation-en
Hit http://archive.ubuntu.com trusty/universe Translation-en
Ign http://archive.ubuntu.com trusty/main Translation-en_US
Ign http://archive.ubuntu.com trusty/multiverse Translation-en_US
Ign http://archive.ubuntu.com trusty/restricted Translation-en_US
Ign http://archive.ubuntu.com trusty/universe Translation-en_US
Fetched 2,800 kB in 12s (216 kB/s)
Reading package lists... Done
Now, lets do it properly 
myuser@MYCOMPUTER:sudo apt-get install emacs24
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  os-prober
Use 'apt-get autoremove' to remove it.
The following extra packages will be installed:
  acl ...  x11-common
Suggested packages:
  emacs24-el ... fonts-unfonts-core
The following NEW packages will be installed:
  acl ...  x11-common
0 upgraded, 113 newly installed, 0 to remove and 22 not upgraded.
Need to get 145 kB/47.6 MB of archives.
After this operation, 192 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty-updates/main liblcms2-2 amd64 2.5-0ubuntu4.1 [131 kB]
Get:2 http://archive.ubuntu.com/ubuntu/ trusty-updates/main libgudev-1.0-0 amd64 1:204-5ubuntu20.19 [14.1 kB]
Fetched 145 kB in 0s (190 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
E: Can not write log (Is /dev/pts mounted?) - openpty (2: No such file or directory)
Selecting previously unselected package imagemagick-common.
(Reading database ... 24998 files and directories currently installed.)
Preparing to unpack ...
...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
....
Setting up libasound2-data (1.0.27.2-3ubuntu7) ...
...
Now, lets see how that went...
myuser@MYCOMPUTER:emacs
and .... its working ! 

(Too lazy to take a screen shot. How do you exit emacs? It always surprises me, that too frequently, people who know how to exit vi , don't know how to exit emacs  ) 

Now lets get a tad more serious.
ifconfig and top don't give us what we expect
(try it yourself; they are practically unfunctional)

Installing sqlite3  went smoothly, and although it was a small test, it worked just as usual. 

Python3 worked out of the box. 

I had to struggle a bit with cowsay, but the solution suggested here (the problem is not related to  running on windows. it is a general debian issue) solved the problem. 
Now, time for some heavier work. Let's see how some real shell scripts work. 
To make it fair, at first, we'll use relatively short and simple scripts, checking compatibility: 



It didn't work. I guess the problem is with the implementation of file system. If it shall remain this way, such scripts shall require conversion. 

A second attempt. A scraping script of sorts (more accurately, a skeleton script, used for other, more sophisticated ones), worked like a charm, as is.
This script used curl, sed, cut and tr, and a simple for loop. 

So, in summary, this bash on windows thing actually works, and it will make working with windows 10 more attractive. (and her predecessors, if there will be any)

Thinking about the impact of Bash on Ubuntu On Windows 
Microsoft claims that this should make open source work with Windows significantly easier. 

I personally think it is part of their recognition that linux (in the guise of android) has gained the upper hand in the end-less war of operating system dominance, and that Microsoft, realizing that she can't beat them, has finally joined them. Adding this to the latest 'steal' of Linux legend Wim Coekaerts' from Oracle (and  I checked, his linkedin states he really is a Redmond employee now. It wasn't an April Fool's joke either (-; !) 

What does it mean down the line? I believe that what interests Microsoft most right now, is probably out-of-the-box support for android apps, google-play support, and a great addition of openness into the rather small world of Windows. Without those, Windows shall die sooner than later. With those, Microsoft may find some interesting angle in which to make it a more attractive O/S than the other major alternatives manufacturers of the future may consider.

Microsoft may have lost the war of smart phones, but the war of the Internet of things is just beginning. Who is to say what operating system shall dominate cars ? refrigerators ? doors?

In the shorter term, this may be the first step in a wave that shall bring down the walls between other app stores, making consumer's life in the iOS/Android/Microsoft/specific-vendors ghetto spaces much simpler and richer.

But let's leave those guesses aside, and concentrate on the really immediate conclusion: the final mote of windows is down. Microsoft itself has brought Linux inside!

Let's play with bash on ubuntu on windows!

Bash on Ubuntu on Windows Start Menu






Wednesday, May 4, 2016

Howto download Windows 7 - from Microsoft !

With my 'love' for Windows 10 spread over this blog in recent months, it won't come as a great surprise for loyal readers that I was very glad to run into this MakeUseOf article, explaining how one can freely download various versions of Windows builds, including good old Windows 7 from the Microsoft Website!

For those who find this official path for installing the aging Windows 7 interesting, 3 pointers:
1) Pay attention that the article has a little error, and that the code they suggest interweaving into Microsoft's website (using the browser's console in a very simple manner) should be taken from another place - the original pastebin of the people who worked on this hack.
2) you need to really dislike Windows 10 to be willing to fight the drivers war that new hardware may require for Windows 7 to properly work.
3) Having the software build and using it legally are two completely different things. You will need to legally obtain a Windows 7 product key. For that purpose, check the following ZDNET article.
Don't want to use a key ? Then why use Windows at all ?

Other people who for some reason like Windows 10, may also be excited about this item. Why? Because this gives you access to many more builds of Windows 8 and Windows 10 from Microsoft's own website. They don't officially give you that option, but they can't be completely against a hack that is running around the web for about 6 months now. 

Want to know how many builds? check out the following combined droplist from Microsoft's techbench, as is displayed using the hack. If you inspect the scrollbar you can guess how many screen shots were used in the making of this combined droplist, and realize its length...

dropdown list of the windows o/s builds actually available to download from Microsoft's website
Windows editions that can actually be downloaded from Microsoft.com