Tuesday, 21 October 2014

MAC based licensing in VMWare and cloud

The problem:

The requirement: To move a linux software product licensed by MAC, from the physical machine into the virtualized environment or the cloud and to have it still running.

Solutions:

1. Contact the software vendor and get a new license based on the new MAC address in the virtualized environment. 

That's the perfect solution in case the software vendor is NOT a mother-fu***r, as hungry for money as a fat kid for chocolate (this is not mine, it is from a song :)

In my case, I wasn't lucky and they asked for money for this operation "not covered by the license".
Just a small piece of info: the software I talk about costs ~20,000 euro and the support for it is "just" 16% from the cost, per year. Define greediness...


2. Change the MAC address of your main network card in VMWare

This can be done in Linux by adding (or modifying) the HWADDR=aa:bb:cc:... / MACADDR=aa:bb:cc:.. configuration options in /etc/sysconfig/network-scripts/ifcfg-eth0 as to indicate the new MAC address.

I added them both but in my VMWare Workstation 10 environment, this didn't work until I modified the advanced parameters of the network interface and put there the new MAC too.

On my Ubuntu host having VMWare 10 and CentOS as guest VM, this is done in:
VM Settings->Hardware->Network Adapter->Advanced->MAC Address

Then it worked perfect.

3. Create a dummy interface with the needed MAC address

Then I moved to the cloud, where things were not totally in my control. The cloud guys didn't know how (or didn't bother) to set the MAC for me, saying that OnApp virtualization doesn't accept this. Maybe they are actually right, but wat to do wat to do...

I followed this tutorial: http://www.question-defense.com/2012/11/26/linux-create-fake-ethernet-interface but it doesn't work because it has some typos and wrong indications, so I thought I should re-publish it here, edited. So: how to create a dummy interface on your CentOS machine, just to use its MAC address for licensing purposes:

Assumptions:

- you will create a new fake / dummy interface, named eth1 with MAC address: aa:bb:cc:dd:ee:ff . If you need another interface number, please modify in the code below. Also replace aa:bb:cc.... with your own MAC address you need to clone.

Step 1

Add the following lines to /etc/rc.d/init.d/network , on top if the file.
/sbin/modprobe dummy
/sbin/ip link set name eth1 dev dummy0
/sbin/ifconfig eth1 hw ether AA:BB:CC:DD:EE:FF

Notes:

  • the tutorial linked above, indicates you should put this in /etc/rc.local to work, which is WRONG. /etc/rc.local is executed after /etc/rc.d/init.d/network, and so, you'll get an error at boot time, saying: device eth1 does not seem to be present, delaying initialization
  • I know that altering /etc/rc.d/init.d/network it is not ok in case of upgrades, etc. In my case it is ok because I have no intention to upgrade it ever (the software works anyway only on CentOS 5 so I need to keep it 5 and not upgraded it to the latest 7). Still, if you know about a script similar to /etc/rc.local that executes before the others in /etc/rc.d/init.d/, I'd like to hear from you!

Step 2

Add to /etc/sysconfig/network-scripts a new file named ifcfg-eht1. Actually, just copy ifcfg-eth0 with the new name, then edit the ifcfg-eth1:
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1

After editing it, my ifcfg-eth1 looks like:
DEVICE="eth1"
ONBOOT="yes"

So only a couple of things were mentioned: that is named eth1 and that it should be brought up when system starts. Nothing else, since it will be unused for networking; just to have it in the system with a MAC. The tutorial linked above, misses this step.

Step 3

Reboot the system or reload networking. Then, issue a ifconfig at command prompt and admire your new MAC faked interface.

Notes:

  • If you follow the boot messages you'll see that there is a warning though when it tries to bring up eth1: RTNETLINK answers: no such device
    Fortunately, it is just a warning and the eth1 is present in ifconfig afterwards. Still, if anyone knows how to get rid of this warning too, I'd be happy to update this post.

4. Fake your MAC dynamically, per request

Instead of doing something definitive like creating a new network interface or so, what about reporting a fake MAC to those apps that are known to ask for it?


All are some type of wrappers that launch the executable and intercepts any calls to the SIOCGIFHWADDR (the low level C function returning the real MAC Address), replacing it with the one we want.

It happens that I've liked fakeuname that allows for faking also hostname, so that's the one I tried (not that the others are not ok!). To make it work you need to:

Step 1

Download the fakeuname.c file and save it somewhere.

Step 2

Compile the fakeuname.c program into a dynamic libfakeuname.so library, as instructed in the .c file itself:

gcc -o fakeuname.o -c -fPIC -Wall fakeuname.c
gcc -o libfakeuname.so -shared -W1,export-dynamic fakeuname.o -ldl

Step 3

Prepare the environment a bit, before launching your command that takes into account the MAC address, like this:

export LD_PRELOAD=/tmp/libfakeuname.so
export FAKEMACADDR=AA:BB:CC:DD:EE:FF

Step 4

Launch your command and you'll see that magically it takes the new MAC address from the FAKEMACADDR environment variable.

Step 5

Make the exports of the above variable part of your bashrc, profile,... whatever init script you use for launching your server (automatically or manually). Maybe even the /etc/rc.local is now very good to be used for this.






Monday, 16 June 2014

Why elance sucks (and others too)

After two month of working with elance, one month as a "free", one month as a paid one, here are some of my thoughts:

- Their commission fee is indecently high.
They do nothing for the bidder or for the client, except to provide a meeting point for those clients that didn't think about searching google for technology specific meeting points (e.g. a PHP specialized forum or a Linux job list) where they could find someone knowledgeable on the subject.
So, why have elance (guru, odesk, others) take about 8.75% - 10% of your money when any other company that allows you, e.g., to buy goods over the net using your credit card, have a comission of just about 2%-4%? What is their added value?
Nothing I'd say, just tools that you'll never need. Milestones for example, can be easily replaced by a common sense email exchange between client and freelancer. They offer an "escrow" payment to make sure the money exists but this is only for some jobs and not for all (besides, if the client is really looking for a freebie, he can refuse payments anyway, escrow or not, invoking that the freelancer didn't do it in due time or not up to client's standards). So none of these justify the high commission rate or the crazy 10$ per month paid subscription (add 5$ more for any other field of activity).

- elance has become an IT moral sewer.
If you analyse the daily IT jobs coming from elance, you'll notice that more than half of it pertain to create sites similar to competition's, spamming others or collecting email addresses from certain sources and feed them back the lists with poor guys that'll be spammed subsequently. Sometimes the freelancer is required to break captchas, use anonymous proxies or ignore the site's terms of use that specifies clearly that any site scrapper activity is not allowed. This is a method for western clients to pass the responsibility to countries that are known for illicit activities.
It's also "interesting" to point out that these type of spam / spam support jobs, get the highest number of bids from the freelancers. 

So how can you urge me sign the childish "elance pledge" that stipulates "freelancer integrity", when you allow job posting that are clearly requesting illegal activities and would worsen the world's (already bad) spam situation?

- There is unfair competition.
This problem is caused by the costs of living in various countries versus the rates you can afford to ask in those countries, but this was largely discussed on other blogs & sites unhappy about these freelancing websites, so I don't insist on it. I completely agree that globalization is not good in these cases and, as long as the Asian guys can also provide quality work, the European and American freelancers are doomed.
It is still highly debatable if the quality is indeed the same, and both parties have their best interest to pretend differently. The moral answer will be probably that it cannot be judged globally, based on race and location, only on case by case basis.

- Many requests for bidding are racist.
I can accept that some guys had multiple bad experiences with certain races (Indians fill elance preponderantly indeed because they are so many in the world, anyway) and don't want to work with them anymore.
Still, elance is allowing racism and do not moderate the job posting in any way (for those money they take) and I find it unfair, despite the fact that my chances get better in these cases (cause I am white, by the way).
The system is wrong and I don't want to give them free solutions (but there are some I could think of ;)

- Many requests for quotations are badly formulated.
This is another subject present on many of elance's detractors blogs / websites and unfortunately is true. Non technical guys try to say what they want and how they want it and it takes hours and many emails exchanged that will clarify the things up, and finally the job could be got by someone else, indirectly benefiting on your work.
In conjunction with the badly formulated RFQs, it formed a special breed of freelancers that bid no matter if they understand what's requested or not, just to win it and probably pretending more money afterwards.

- Many requests for quotations are for non-existent jobs.
As some other sites pointed out, there are some freelancers that use elance to get an idea about their their market value, by posting a fake job that would need their own skills and then analysing the received bids' money.
The job will never happen and the bidding freelancers will suffer a time waste, whilst the faker will eventually come to the conclusion that the results are not relevant: The guys from Asia will always have prices much less than Europe and US, and placing yourself in these ranges might not work because you cannot afford it, or because you don't know the client's preferences in terms of money/quality and if he thinks that everything that's american is better than everything else. So... it's a lottery.

So, all in all, I decided to give up this system in which a freelancer might earn some money, a client might get happy, but in which, clearly, elance is a winner the more people try their "services". 

The only question remaining is: can I do it better? Or, better, can we? 

What about a similar website that could be launched to put together the clients with freelancers that will intervene less (if at all) in the circulated money but more in the quality of jobs and the freelancer's moral virtues? What about a website that could request just a bit of money (eg: a 5$ yearly subscription or even donations from freelancers/clients) to finance its hosting and to give complete liberty to freelancers and users to connect, discuss, negotiate and pay/getting paid directly?
Think about it as an opensource platform that could be a benefit for those that can further find jobs through it. 

Ok, I don't know all details now, but still, anyone interested in starting such a thing? If so, let me know.

Wednesday, 9 April 2014

How to continue living with the XP zombie

In a previous post I tried to demystify the need to upgrade from the freshly retired Windows XP to a newer version, now that Micro$oft's support has been finally stopped.

But what can I do to protect myself, the "small office, home office" user, from the evil hacker that will attack XP computers, like a maniac, from now on?

First, you need to relax and to understand that you have never been completely protected anyway, unless your computer is not connected to the internet and you don't bring any files from the outside world, which is quite unlikely these days.

At most, you have been as protected as possible in a particular moment of time (and few minutes later you could have been exposed again by a new threat that no antivirus could catch for few days, before the next update).

So, we can continue to do our "best effort" in protecting our XP computer, as follows:
  • Install an antivirus and keep it updated.
    (In fact, if you had no Windows antivirus installed until now, please ignore this whole writing and Micro$oft's urge to switch to a newer operating system. It either means that you're an incredibly careful user, or that your don't care if you computer is already infected and you find "normal" the way it behaves.)

    When choosing an antivirus, ignore the marketing crap they throw at you and pre-installed trial versions that came with Windows, and ask yourself relevant questions like: what antivirus has the best detection rate? (i.e. which one finds the most of the viruses in the wild)
    You can search the net for this and you'll find out there are some independent testing bodies that test periodically the detection rate of all antiviruses on the market. Here is one but do your own homework. Then choose an antivirus that is in top 3 each month.
    . 
  • Sometimes, antiviruses cannot detect annoying malware (like that one that hijacks your home page in your browser). For this, there is a different category of programs, named anti-malware.
    Malwarebites anti-malware has (also) a free version for home use, that had great results for disinfecting already infected Windows, but I'm sure there are some others with good results out there. Beware though that some anti-malware programs are in fact malware themselves... so research a bit to see if it is legit or not, before installing.
    .
  • Backup your files now and then (or even regularly)

    Don't overwrite the last backup with the current one, better keep 2-3 backups on your backup disk or usb stick; if the last backup is compromised by viruses, at least you'll have the one before that's clean.

    Simply copying the files onto a stick from time to time is the basic form of backup but you can also use free tools like Micro$oft's SyncToy. Also, keep in mind to backup your emails and your browser history, bookmarks and saved passwords. Do a bit of research to learn out how for your specific set of programs.
    .
  • Have a firewall installed.

    If you're at home and using a router given by your ISP, then probably you already have a firewall on that router and you're protected, since they come preconfigured this way.
    .
  • If on the road and connecting to various hotel/airport/public networks, then you should install your own firewall product or, at least, activate the one that comes with Windows.

    Test your firewall by searching for "online firewall test" on the web. My choice is the one at Gibson Research Corporation (choose "Shields Up!" service, then click "Proceed" button and test your "Common ports" or "All service ports") but you can use others too.
    .
  • Use anything but Internet Explorer, use anything but Outlook.

    Firefox and Thunderbird to name two, are as intuitive to use as their Micro$oft counterparts (if not more), and inherently more secure.

    Maybe even use OpenOffice (or LibreOffice) instead of Microsoft Office? I'll write more about this and Linux in another post.
    .
  • Finally, educate yourself NOT to:
    • enter websites that are not well known (unless your XP installation is not so important for you and you keep it mainly for these purposes)
    • click "yes" or "OK" or "Download" buttons in any popup window offering to install search bars, emoticons etc. You can surely live without any of those.
    • double click any files received by email or any messenger, if you don't expect them, even if they come from a known friend. If your friend's computer is virused, it might be that the virus sent himself to you by email, without the human suspecting anything.
      So, save the attachment somewhere first and then right click on it and scan it with your antivirus. If ok, you can open it.
    • double click any executable file received by email or any messenger. I'd suggest you simply delete that email; almost nobody should send you executable files these days.
So, my proposal to all of you having Windows XP is: respect the above and resist the emotional pressure induced by the media to upgrade XP. Just out of curiosity (and for the sake of "science"), let's see how much time can we resist spending additional money if we're happy with what we have now. 

Think about it this way: If you switch now to Windows 8, it means you have to reinstall your computer and change your habits. Postpone this operation until something starts to go wrong indeed, if ever.

Need more incentives? For those more frugal, like me (and I know there are some out there), here are some direct costs for switching to newer Windows:
  • An upgrade from XP to Windows 8 costs 120$ but your computer might not support it or can become be very slow after, that means they push you implicitly to buy a new computer.
  • A new laptop that has the hardware for windows 8 (and windows 8 pre-installed) starts at of 446$ on Amazon.
  • A full Windows 8 license (no upgrade) costs around 120$.
  • Office 2013 Home and Business costs 279 $ whilst professional (with Access) is an incredible 500$ !!!
Depending on community response, I intend to build a small website where XP users can record their achieved XP afterlife duration, i.e. how many days/weeks/month/years their XP computers worked ok even if updates were no more provided by Micro$oft.

Myths about Windows XP's death

There is a lot of fuss these days about the end of XP's support on 8th of April, 2014. An almost apocalyptic image is created by many content writers and lots of specialists around the world have been invited in Micro$oft's flashmob, to scare the hell out of people and make them pay their dues to the software giant.
Fabulous amounts of money started to reveal, to give more weight to the whole problem:

"The UK government announced last week that it had negotiated a special deal with Microsoft to provide Windows XP support and security updates across the whole UK public sector for the next 12 months, at a cost of £5.548 million."
(I wonder if an investigation will follow and some important persons will be beheaded, since this 5.5 million transferred to Micro$oft are paid from the UK's budget due to someone's negligence and incapacity to migrate the public sector's computers to something else, in due time) 

"Microsoft has offered to provide special custom support for Windows XP after 8 April at a cost of $200 per device, which doubles to $400 per device after 12 months, and then doubles again to $800 the following year."
(Whoooa...)

Seeing all these, I have researched the web on this major piece of news in a try to understand if getting rid of Windows XP is indeed "a must" in the coming days or months, and what are the real risks of keeping Windows XP still running. 

Here is a list of the most frequent and major "Boo-hoou-hoous" I could find in a couple of hours (and some personal comments on each):

  • "As late as June 2013, Windows XP still held onto more than 30% of the world’s computers. It’s on 95% of American ATMs"

    Anyone knowing a bit about ATMs and banking knows that they're not exposed to the internet at all, and have dedicated lines (or VPNs) to connect to their bank. So, susceptibility to attacks is really low not to mention that the XP present on ATMs is a trimmed down version of the regular one.
    Still, bad choice of operating system, banks! Not paying licences to M$ would've lower your fees and could have attract more clients!
    .
  • "Estimates vary but it’s thought that as many as a third of the world’s computers are still running the operating system and Microsoft themselves have said that infections for XP will rise 66 per cent after 8 April."

    This sounds bullshitting to me. It's either that M$ put some time bomb in the latest XP update to affect exactly 66% and exactly after 8th of April, or they simply try to seed panic in the XP users. In both scenarios they want the users flocking-in, in an orderly fashion to the new Windows 8.
    .
  • "There's certainly a possibility of some vulnerabilities that were already known that haven't been exploited yet. From 8 April or 9 April you could see a number of attacks that people have been holding back"

    Judging the response time Microsoft historically had to vulnerabilities, I'd say this is a fake problem too. Besides, any evil attacker would launch his exploits as soon as possible, before someone else would do it instead of them, or the users would upgrade to the latest Windows.
    .
  • "Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats."

    Let's face it: this was the situation with the Internet Explorer since version 3 (that notably allowed hackers to take full control of your Windows computer). The problem is not only that Internet Explorer was historically badly designed and allowed attacks, but also that Micro$oft tried to give unfair competitive advantage to it over any other browser running on their operating system, by integrating it in the Windows itself (maybe you know that actually Windows Explorer IS Internet Explorer in fact). Through this "nice" move, the M$ specialists exposed the whole Windows system to attacks.
    So, whoever is seriously concerned about security, is not using Internet Explorer for ages anyway. I mean, I know there is a lot of marketing about how good and fast the new versions of IE are (but still...), but due to the horrible errors in its past, I prefer to use anything else: Firefox, Chrome, Chromium, Opera etc. Not that the others are completely protected but at least I believe that a big community of developers can react faster to a new bug than a bureaucratic corporation.
    .
  • "The antivirus is not enough to protect your unsupported XP"

    Actually the antivirus was never enough, never mind if Windows is supported or not.
    I wonder if Windows would be so popular these days if no antivirus exists. Think about it: Windows survived mainly thanks to the antiviruses on the market; antiviruses sprung into life and proliferated due to bad design of Micro$oft Windows, Micro$oft Internet Explorer and Micro$oft Office. Another factor is that people are too obedient and don't ask why they need to pay additional money on a 3-rd party program to protect Windows if they already paid for Windows.
    (Micro$oft had a fake attempt to integrate their own antivirus in Windows when acquiring RAV antivirus in 2004, but over a decade now, it's proved it was just a "kill the competition" move: RAV was the only antivirus on the market that ran on most popular Linux email servers. No RAV meant big punch to the penguin world.)
    Nevertheless, a good antivirus coupled with a firewall and some user education should be enough for any old and unsupported operating system. See the next post.
    .
  • "The new hardware (printers, scanners, etc) will not have have drivers for your old XP"

    This is unfortunately already true and the ones to blame are the hardware manufacturers that play along with Micro$oft to squeeze money out of people as much and as often as possible.
    Still, if your office setup (laptop, printer, scanner, webcam etc) functions perfectly right now and you have your hardware for years working ok, you might ignore for a while more these calls for spending money. Think about it when your printers break down for natural causes or due to planned obsolescence.
    .
  • "[...] technical assistance for Windows XP is no longer available"

    Hmm... that's a tough one. I'm sure I'll miss it...
    Have you ever been in contact with Micro$oft directly in a try to fix an issue with your computer? If so, maybe for one time only, and then you got the idea that it's a waste of time 'cause the technical support is inept and they just serve you boilerplate answers from their scripts.
    The best & more efficient way to fix anything with your Windows computer was always to search the internet because the power of people in need is always greater than of those call center scripts readers.
So... vat to do, vat to do?

Wednesday, 12 February 2014

email smtp/pop proxy solution

I need to have access to my email account when travelling and, surprise, my domain hosting company doesn't allow access to the pop/smtp servers from outside the country. Here is the result of a lot of research generated by their stupid setup:

1. Need to have a server allowed to connect to their pop/smtp servers. This will be an email proxy server. I have a Debian that is always online and has also a fixed internet IP address.

2. Sending emails:
For this I have installed emailrelay and configured it to my needs. The only problem I faced was to set it to run at startup, since it doesn't come with a /etc/rc.d/ startup script.

3. Receiving emails:
This is done on POP3 in my case and I found perdition that does POP/IMAP with loads of other options.

4. The final setup is like this:



5. Details:
- thunderbird is configured to connect to smtp/pop3 servers using non-standard ports: smtp on 60,0001 and pop3 on 60,002.
- My own debian server has installed emailrelay that listens on 60,001 and connects on 25 to the official email server. It also has perdition that listens on 60,002 and connects on 110 on the official email server.
- In case you don't have a fixed IP, you can use dyndns or similar service and use the chosen domain name in thunderbird.

There are loads of config possibilities but that's the way to go if you need email proxy. Both emailrelay and perdition have quite ok docs and senisble defaults so it should be no problem to set it up in 1 hr or less.