Archive for the ‘Computer’ Category

IT Security for home users – keep your applications up to date

Friday, March 1st, 2019

Windows

ninite

My personal suggestion is ninite, to be found at https://ninite.com/

Select the applications you want to use, download the installer and run it only a daily basis – it will keep you up to date and safe(r)

MacOS

AppStore

Love it or hate it, but minor applications can easily be installed via the AppStore e.g. Line or Slack

Advantage: You will get an update notification from the AppStore if an update is available

Brew

Follow the instructions on the brew HP: https://brew.sh/

Once this is done, you can install, update or uninstall applications from the command line

Installs

brew install wget

brew cask install macvim

brew cask install gimp

brew cask install libreoffice

brew cask install quodlibet

brew cask install virtualbox

brew cask install chromium

brew cask install projectlibre

brew cask install vlc

brew cask install skype

brew cask install minikube

brew cask install firefox

brew cask install keepassx

brew cask install box-sync

Uninstall

brew cask uninstall <cask_name>

Upgrade

brew update && brew outdated && brew upgrade && brew cleanup

IT Security for home users – upgrade your OS

Thursday, February 28th, 2019

The mainstream operation systems (including mobile OSes) have an upgrade function (in case of a mobile OS, whether your carrier releases updates is a different story….)

Use that function and install those updates!

macOS: Go to the Apple icon, select “About This Mac” and click on “Software Update…” Most of the updates require a reboot, even on MacOS.

Windows: From the “Windows Settings”, go to “Update & Security”. Check for updates, install what’s available and reboot.

Ubuntu: Run ‘sudo apt-get update && apt-get dist-upgrade’
(if you feel like protesting because <your valid reason here>, then you already know what you’re doing and you shouldn’t be reading this anyway (unless you want to fact-check my ramblings))
Other Linux versions use different commands, if you’re unsure, google for the appropriate command on your platform.

IT security for home users – a simple guide (overview)

Tuesday, February 26th, 2019

I have been thinking about writing about this for a while… there is much information on staying secure out there and everything, I repeat, everything can already be read and practiced, even as a home user.

But maybe it bears repeating… so why not summarize some good practices here and maybe add my two cents.

Trying to stay secure as a home user usually comes down to just a couple of things:

  1. Upgrade your OS
  2. Disable what you don’t need
  3. Upgrade your application
  4. Change default passwords
  5. Upgrade anything else

Did I mention “upgrade <your stuff here>” already? You should do that.

If you fear breaking stuff by upgrading, then don’t upgrade *right away* – in IT, we say “avoid x.0 releases”. This applies to both OS and applications.
Wait for a x.1 or better x.2 release and install that one. Many vendors work hard to release good products but just as many release under time pressure and cut corners to make it in time, to save costs etc. It happens.

Keep coming back to read the details.

anti-mining malware measures

Tuesday, February 5th, 2019

A recent article on heise (https://www.heise.de/ratgeber/Mining-Parasiten-erkennen-und-loswerden-4198965.html) outlined how one can investigate a possible infection of a mining trojan on one’s computer. Typical symptoms of such an infection include a high CPU usage (usually resulting in the fan spinning despite running no high-load applications).

The general way to go on about this is to identify the process causing the high load and terminating it. On Windows, the OS-included application to use for that is TaskManager, on MacOS it’s Activity Monitor. On Windows platform, one other freely available tool is ProcessExplorer by Sysinternals.
Using those tools, it’s easy to list the running processes, sort them by CPU percentage and terminating them.

There is a serious limiting factor to this solution, however.

As malware creators are also getting more proficient, some of them include checks in the malware binaries which terminate the mining processes as soon as tools resp. their process names such as Taskmgr.exe, Activity Monitor or procexp64.exe are detected running.

The article therefor recommends to rename the binaries and running them again. This way, the malware will not suspend its activity and can easily be identified and subsequently be terminated.

On earlier Windows platforms, copying taskmgr.exe and renaming it was straightforward. On Windows 10 however, a renamed Task Manager binary does not display any data – I’m still trying to figure this one out.

Renaming procexp64.exe however is straight-forward. Extract the binary from the downloaded zip file, rename it and off you go.

On macOS Mojave (10.14.x) and High Sierra (10.13.x), Activiy Monitor can be renamed as follows:
Open the Utilities folder
Copy and paste Activity Monitor (provide an administrator password if asked)
From the context menu of the copied item, select “Rename”
From the context menu of the renamed item, select “Show Package Contents”
In the subfolder MacOS, rename Activity Monitor
In the Contents folder, open Info.plist
Change the following strings to the name you chose: Executable file, Bundle name, Bundle display name

Run the renamed Activity Monitor binary by running the Unix executable in the folder MacOS

phone number? f*** u, twitter

Thursday, December 20th, 2018

For some reasons I spent a lot of time recently thinking I would like to try twitter. Probably it’s because there is twitter desktop client availabe in linux distributions… corebird

So I signed up on twitter using my email address. After a couple of days, the account was suspended for “breaking the rules” – which is pretty amazing given that I’ve never twitted anything so far.

the only way to un-suspend the account? (re-animate?) provide a (mobile) phone number. well, fark you… not going to happen.

I’ve tried to find alternatives… there seem to be some but I’m not going to spend time creating fake phone numbers just to try to stay ahead in a game of cats and mice for a short while as twitter seems to be really strict about it and blocking phone number blocks and not allowing this and that.

update: fixed two typos

My first self-created course on memrise.com

Friday, September 28th, 2018

I’ve been posting about memrise on a couple of occasions. This time rather than bragging how many words I’ve learned and how many points I made, I created my own course:

https://www.memrise.com/course/2053021/qian-shui-shi-shi-yan-nodan-yu/

It’s a Japanese -> English course supposed to help you with vocabulary required to help passing the Japanese dive theory test called 潜水士試験

(I have no idea why the URL uses the Mandarin pinyin pronounciation for the test… I’ve inputted Japanese kanji – I also opened a help call with memrise but no reaction so far)

Creating the course was not difficult but you need to prepare the list(s) ahead and put the colums in the right order if you want to mass-import the lists.

Good luck, give it a try yourself (the course as well as creating your own course ^^)

A script to allow non-admin users to install security updates on CentOS

Thursday, September 27th, 2018

At work, I needed to come up with a script that allows non-admin users to install security updates on CentOS servers.

The only real dependency is yum-utils (because it uses the binary needs-restart to check the status of things) but you should also create a folder to store the script and of course a sudo command for the users to run.

Please also note the creative accumulation of several copied scripts to create the multiple choice menus…. I patched together some code samples found on the usual websites where coding is discussed.

HTH someone out there…

#!/bin/bash

######################################
## only root can run this (or sudo) ##
######################################

# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
echo “This script must be run using sudo (“sudo /opt/yumcleanup/restartsetupscript”) or as root. Exiting…” 1>&2
exit 1
fi

###############
## functions ##
###############

display_help () {
echo “The script can be run without interaction using the following”
echo “command line option: –non-interactive”
echo “This will silently install security updates only and restart”
echo “affected services.”
echo ” ”
echo “Calling the script with –help will also display this help text”
echo “as does calling the script with an unknown option.”
exit
}

set_exports () {
export http_proxy=”http://my.proxy.server.local:11111″
export https_proxy=”http://my.proxy.server.local:11111″
export proxy=”http://my.proxy.server.local:11111″
}

unset_exports () {
unset http_proxy
unset https_proxy
unset proxy
}

outputs_preparation () {
`rm -f $outputs`
touch $outputs
chmod 600 $outputs
}

outputr_preparation () {
`rm -f $outputr`
touch $outputr
chmod 600 $outputr
}

outputs_filling () {
`$mybin -s >> $outputs`
}

outputr_filling () {
`$mybin -r >> $outputr`
}

services_restart () {
while read line
do
# Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs
}

#################
## getopt test ##
#################

getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi

#######################
## setting variables ##
#######################

outputs=/tmp/myoutputs
outputr=/tmp/myoutputr
mybin=/bin/needs-restarting

getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi

LONGOPTIONS=non-interactive,help

PARSED=$(getopt –options=$OPTIONS –longoptions=$LONGOPTIONS –name “$0” — “$@”)
if [[ $? -ne 0 ]]; then
# e.g. $? == 1
# then getopt has complained about wrong arguments to stdout
echo “something wrong, showing help instead in one second”
display_help
exit 2
fi

# echo “$PARSED”

# read getopt’s output this way to handle the quoting right:
eval set — “$PARSED”

# now enjoy the options in order and nicely split until we see —
while true; do
case “$1” in
–non-interactive)
n=y
# echo “doing silent stuff now… TODO: disable this line”
# should do these steps: (probably better to put this in its own function)
set_exports
`yum -y -d0 –security update`
outputs_preparation
outputs_filling
services_restart
unset_exports
exit
shift
;;
–help)
h=y
# echo “displaying help in two seconds”
display_help
shift
;;
–)
#echo “instead of — showing help in three seconds”
#display_help
shift
break
;;
*)
echo “Programming error”
echo “displaying help instead in four seconds”
display_help
exit 3
;;
esac
done

set_exports
#export http_proxy=”http://my.proxy.server.local:11111″
#export https_proxy=”http://my.proxy.server.local:11111″
#export proxy=”http://my.proxy.server.local:11111″

# cleanup before we do anything
#`rm -f $outputs`
#`rm -f $outputr`

# install updates, ask user which type of updating he wants to do
echo “”
echo “Please select the type of updates you want to install: ”
echo “”
PS3=’Enter your choice: ‘
options=(“All updates (will most certainly require a reboot)” “Security updates only (reboot probably not required)” “All updates except kernel and kernel-related packages (reboot might be required)” “Quit (you will need to run the script again later)”)
select opt in “${options[@]}”
do
case $opt in
#”Option 1″)
“All updates (will most certainly require a reboot)”)
echo “Installing all updates… please wait”
`yum -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 2″)
“Security updates only (reboot probably not required)”)
echo “Installing only security updates…. please wait”
`yum -y -d0 –security update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 3″)
“All updates except kernel and kernel-related packages (reboot might be required)”)
echo “Installing all updates except kernel and kernel-related packages… please wait”
`yum –exclude=kernel* -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Quit”)
“Quit (you will need to run the script again later)”)
echo “Quitting… bye!”
exit
;;
*) echo “invalid option $REPLY”;;
esac
done

unset_exports
#unset http_proxy
#unset https_proxy
#unset proxy

##############################
## section services restart ##
##############################

outputs_preparation
outputs_filling

# `$mybin -s >> $outputs`
# chmod 600 $outputs

if [ `wc -l $outputs | awk ‘{ print $1 }’` -ge 1 ]; then
echo “”
echo “The following services should be restarted:”
echo “******************************”
cat $outputs
echo “******************************”

while true
do
read -p “Do you want to restart the above services? (y/N)” answer

case $answer in
[yY]* ) #
echo “restarting services….”

while read line
do
echo Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs

break;;

[nN]* )echo “exiting…” && break ;;

* ) echo “Please enter Y or N”;;
esac
done
else
echo “******************************”
echo “No services need to be restarted.”
echo “******************************”
fi

# section reboot

outputr_preparation
outputr_filling

# `$mybin -r >> $outputr`
# chmod 600 $outputr

echo “”
echo “Please check the following output and decide whether a reboot is required:”
echo “***************”
cat $outputr
echo “***************”

while true
do
echo “If you need to disable some kind of monitoring before rebooting the server,”
echo “please cancel this script (Ctrl+c) and disable the monitoring now,”
echo “then re-run this script again.”
read -p “Do you want to reboot the server in 60 seconds? (y/N)” answer

case $answer in
[yY]* ) #
echo “Scheduling reboot….”

shutdown -r -t 1

break;;

[nN]* )echo “exiting…” && exit;;

* ) echo “Please enter Y or N”;;
esac
done

Block Puzzle finally done…

Saturday, March 10th, 2018

… it took only about five years.

Here’s the proof:

Some puzzles on the Expert level have taken me weeks to solve. Now I don’t have to bother with this anymore. Good riddance!

ICT-Manager mit eidg. Diplom geschafft…

Saturday, July 8th, 2017

2017 könnte ein grosses Jahr in Sachen Auszeichnungen werden… im April seit Jahren wieder einmal TOIEC Test geschrieben und mit 985 von 990 Punkten geschafft.

Im Mai dann die ICT-Manager Diplomprüfung und Ende Juni dann endlich die Bestätigung – bestanden. Das letzte Jahr der Wirtschaftsinformatiker Fachausweis und dieses Jahr das Diplom nachgeschoben.

Wenn ich nicht gerade ein PADI Divemaster Praktikum absolvieren und mich auf die Cambridge Proficiency Prüfung im Oktober vorbereiten würde, könnte ich ein wenig durchschnaufen…. naja, vielleicht nächstes Jahr.

Mal schauen, was das Jahr sonst noch mit sich bringt…

Open remote files in LibreOffice (WebDAV)

Monday, April 10th, 2017

Although the feature “Open remote files” has been around in LibreOffice for a while, I only got it working recently, at least for WebDAV. Success on remote files on Sharepoint is still on the horizon, maybe I will follow up with another post once I get that working.

In Writer, go to the menu File, select Open Remote File…
Click Add service
Select WebDAV from the dropdown menu

If the WebDAV url for your host is https://host.yourdomain.orgorg/remote.php/webdav, then fill in the details as follows:

(Selecting “Secure connection” should change the Port number to 443. If it does not change, change it manually.)

After clicking OK, a dialogue box should ask for your usernamen and password, which can be saved if you want to.

If your username and password are correct, the usual Open File dialogue will show but the content is of course your remote location.

To save the file in your webdav folder again, select “Save to Remote Server”. You can choose to overwrite your existing file or save as a different file.