IT Admin

All 3 major search engines have local search results, these local results are mixed into the normal ranking pages. These local search can be a major benefit if you know how to use it. However, if your not using this guide you loosing traffic.

When does a search engine show a local result?
Typically, Google, Yahoo! and Live will show a local result if a region name is in a keyword search, like ‘Camas feed stores’, and if it’s clearly a locally-focused business. The search engines may also check the users IP address. But the search engines won’t say for sure.

Register with the search engine
Google, Yahoo and Live all have webmaster logins. If you don’t have an account, you’ll need to register with each one first.
On Google, go to Google.com/Accounts.
On Yahoo, go to Yahoo.com and set up a ‘my Yahoo’ account. On Live, go to Webmaster.Live.Com
Fill out all the required information. That gets you an account so that you can add or edit local listings.

Add/edit your listing
On Google, go to Google.com/local/add .
On Yahoo, go to listings.local.yahoo.com/account .
On Live, go to llc.local.live.com .
Follow the instructions there. Make sure your address is correct!

Hit the directories
You also need to get your site listed and indexed in the third-party directories the major search engines use to inform their local search rankings.
Those directories include Yelp.com , SuperPages, YellowPages.com, and a host of others.
Click Here for the full list.

Don’t forget plain old optimization.
It’s still a search engine! Make sure your address appears in at least a few places on your site, as crawlable text. Also make sure your city name shows up in key places like title tags and headings here and there, and that you’ve got a good, crawlable contact us page with all your information on it.

Good Luck…

A little preparation goes a long way. We show you how to avoid the most common tragedies to befall a PC user—guaranteed!

Stop whatever it is you’re doing. We know your time is valuable, and what you’re about to read could save you hours, if not days, of damage control. What could be so important? Your work documents, for one thing. And then there’s your entire digital collection of family photos cataloguing every birthday, vacation, and other special occasion over the past several years. Common PC pitfalls don’t just affect your digital files, either. Should disaster strike—say a power surge or a hacker attack— you could be looking at hundreds, or even thousands, of dollars of damaged hardware—or even worse, damage to your good name and credit if someone manages to steal your identity.

Are you thoroughly spooked yet? You needn’t be, not if you follow our nine-step guide to disaster-proofing your PC. On the following pages, we show you how to prepare for everything from acts of God to hacker attacks, and every other mishap you’re likely to encounter as a power user. And if you’re an old pro who already knows how to disaster-proof your PC, then treat this as a checklist of things you know you should be doing, but probably aren’t.

1. Back up Your Data

With a modicum of effort you can save yourself a whole lot of heartache

You hear it being preached all the time, but most of us wait until it’s too late before learning the value of maintaining a backup solution. Yet the longer you go without one, the more likely it is your hard drive will give up the ghost at the most inopportune time. Unlike solid state drives (SSDs), which are still too expensive to serve as a high-capacity storage solution, hard disk drives (HDDs) rely on the pinpoint precision of moving parts. Over time, wear and tear can take a toll on an HDD’s motor, but that’s not all that can go wrong. To prevent the read and write heads from damaging a drive’s platters, a thin layer of lubricant about 1nm thick is applied to the surface. Once it wears off, things can quickly come to a screeching halt, sometimes without warning. In addition, faulty firmware, a busted controller, accidental bumps, sudden power loss, and just plain bad luck can spell doom for your delicate drive.

Without a backup system in place, recovering data becomes tricky at best. Some users have reported temporarily bringing a hard drive back to life by sticking it in the freezer for 15 minutes, but this is a long shot. Replacing the controller board might also do the trick; however, that won’t do you any good if the platters are scratched or the read/write heads are worn. The only option left is to ship your drive off to a costly data recovery service, and that can set you back thousands of dollars—ouch!

To prevent being caught with your pants down, you need a backup solution. A common misconception is that a RAID 1 setup negates the need to back up your data, but nothing could be further from the truth. RAID 1 mirrors your data across multiple drives, which is good for drive failures. But if files are deleted, whether accidentally or as the result of a malware infection, they’re deleted from all drives.

The best strategy for backing up your data involves a secondary hard drive, either in your PC or in a USB enclosure, and an automated software solution. Most hard drive makers offer some kind of all-in-one solution, like Western Digital’s My Book and Seagate’s FreeAgent series, but you can accomplish the same thing with any ordinary hard drive and the right software. We’ve had great results with True Image 2009 ($50, www.acronis.com), which allows us to schedule full or incremental backups, or to take a snapshot of an entire partition through a user-friendly GUI.

Acronis’s True Image sports a slick interface that makes it easy to create an image of your entire system, or just the data you specify.

There aren’t any complicated steps here—just click the Back Up icon and follow the prompts. Feeling frugal? SyncBack (http://www.2brightsparks.com/freeware/freeware-hub.html) will accomplish the same thing for free, minus the ability to image your entire drive. You can choose to duplicate your data on another drive, through a network, or even to an FTP server.

SyncBack offers a boat-load of configuration options, most of which are unlocked by choosing Expert mode. Best of all, the program’s free!

---

2. Take Your Data Off-Site

A backup plan for your backup plan

No one likes to sit around and think about life-altering catastrophes such as fires, floods, or earthquakes—and far be it from us to be harbingers of doom. We hope it never happens, but the cold reality is, no matter where you live in the world, bad things happen to good people. Should you be one of them, the least of your worries will be the saved games you’ve lost, but there’s no need to compound the stress of disaster with the loss of all your family photos, email contacts, engineering blueprints, and whatever else you never anticipated losing (after all, you were backing up to a secondary hard drive, right?).

Anticipate it now by supplementing your routine backup solution with an off-site backup contingency plan. There are a couple of ways you can approach this. The first is to put your data in the “cloud,” which is really just a metaphor for the Internet. In this case, we’re suggesting that you upload your data to a server hosted in another location. The upshot is twofold: By having your files backed up to a remote location, you can rest easy knowing they will be safe even if your home isn’t, and you can access your files whether you’re at work, home, or elsewhere.

To get started, register an account with Mozy (free, http://mozy.com/home) and download the executable. Mozy is free for home use and provides 2GB of online storage, which should be more than enough to store your mission-critical documents, various email contacts, and other odds and ends. The idea here isn’t to back up your entire movie collection to the cloud—that could take days, or even weeks, on a typical upstream connection—so be selective and treat this as a virtual safe deposit box for your most valuable files. If 2GB still won’t cut it (and it may not if you upload a bevy of high-resolution photos), then you can subscribe to Mozy’s unlimited plan for $5/month.

Can’t figure out where Outlook stores your emails and contacts? Mozy knows right where do look, and will even back up your browser bookmarks.

Mozy’s installation wizard holds your hand through the initial setup. The first few steps ask you what types of files the program should zero in on, as well as what type of encryption method to use. The recommended 448-bit Blowfish is overkill for most users, but it doesn’t hurt to stick with the default option. Switching to expert mode gives you fine-tune control over how Mozy operates, such as the ability to throttle bandwidth during specified time periods, set up a schedule, and plenty more.

Saturating your Internet connection’s upstream can bring things to a crawl. Counter this by throttling Mozy’s upload bandwidth during times when you’re most likely to be accessing the web.

The second approach to off-site backups simply involves physically storing your backup drive somewhere safe, like a bank safe deposit box. This requires a bit more work because you’ll need to retrieve your drive any time you want to add to or update your files, but you’re also not relying on someone else’s hardware to keep your top-secret documents both safe and secret. You’ll have to decide for yourself if the added security is worth the additional hassle.

3. Keep Malware at Bay

Trojans and dialers and worms, oh my!

The next time you park your car, why don’t you roll down the windows, leave the keys in the ignition, and toss your wallet on the dashboard? Go about your business, and if everything’s as you left it when you return, then keep repeating this routine. Sounds ludicrous, doesn’t it? It is, and if you’re surfing the Internet without any form of malware protection, then you’re taking the same risks with your PC. Hackers continue to develop increasingly sophisticated code designed to harvest your personal information (e.g., your bank login credentials and credit card numbers), which they then turn around and sell to the highest bidder. In less-severe cases, performance-hampering malware can drag your PC to a crawl, inundate you with pop-ups and redirected searches, corrupt your files, and inflict all kinds of other annoyances. To prevent any of these scenarios from playing out, you should install an antivirus program.

Whether you opt for an all-in-one paid security suite or prefer to roll your own free security package is entirely up to you. In our most recent antivirus roundup, we examined 10 of the most popular AV apps from both camps to help you weigh the pros and cons of each. To summarize, we found Symantec’s Norton Internet Security 2009 ($70 3/PCs, www.symantec.com) and ESET Smart Security ($60, www.eset.com) to work best for comprehensive protection, and we favored Avira’s AntiVir (free, www.free-av.com) for a cost-saving, bare-bones approach, although Avira has since added antispyware scanning to its free AV app. Whichever route you choose, be sure to install only one antivirus program, as these integrate tightly with your OS and can conflict with one another. And if you’re attracted to the promises of a program we haven’t reviewed, do your research before running the installer. Though an unknown AV app may seem innocuous, you might actually be installing malware masquerading as a legit program. It’s OK to be narrow-minded and stick with reputable vendors; and don’t ever trust an unexpected pop-up trying to sell you security by claiming it found infections on your PC—11 times out of 10, these are scams.

Hey, we’re as surprised as you are, but Symantec’s Norton Internet Security 2009 offers all-in-one protection without the bloat we’ve come to expect from Norton.

We don’t recommend you make a habit of downloading suspicious files, but every now and then you might encounter a file that seems so suspect you’re not even sure you trust your AV program’s clean bill of health. You can solicit a second opinion from a free online service called Virus Total (www.virustotal.com). Once you upload the fishy file, Virus Total will analyze its makeup with the aid of up to 40 antivirus and antimalware scanning engines, then list the result of each one. While not fool-proof, Virus Total updates the scanners regularly with the developers’ latest signature files, making the chances of an infected file slipping through the cracks highly unlikely.

Installing 40 AV apps on your PC would be nothing short of a nightmare. Instead, upload a suspicious file to VirusTotal.com to have it checked out by more than three dozen scanning engines.

---

4. Your Power Supply Matters

Trying to save a few pennies on a PSU could cost you dearly

You might be tempted to grab the least expensive power supply with the highest wattage rating you can find and call it a day. After all, a PSU won’t make your games run faster or MP3s sound better, so why bother spending any more than you have to? Take it from us, a higher-priced PSU can be worth every bit its weight in gold, and here’s why.

The hotter it gets inside a PSU, the less power it’s able to produce. Some manufacturers take advantage of this by rating their PSUs at a much lower temperature than what they will ever see inside a case. For example, a unit rated for 600W at a chilly 25 C might only be capable of 450W at a more realistic 40 C to 50 C. On top of that, knock off another 100W or so if the label represents a peak power rating instead of continuous. But wait, there are even more ways of double-dealing. Some manufacturers will skimp on their PSUs’ internal components­­—a practice that’s often associated with lower-weight units. While this helps the manufacturer cut costs, you’ll pay dearly for it with voltage fluctuations that can damage your components, cause intermittent reboots, and lead to premature failure. Suddenly, that bargain-basement unit doesn’t seem like much of a bargain anymore. You can avoid all this by biting the bullet and paying more up-front for a reputable brand, such as PC Power & Cooling, Corsair, and Seasonic, to name just a few.

Take the guesswork out of determining what size PSU will keep your system humming along. OuterVision’s online eXtreme PSU Calculator (http://extreme.outervision.com) analyzes your parts and does a good job of estimating how much power your system is likely to pull. Likewise, both ATI and Nvidia maintain a list of CrossFireX-certified (http://game.amd.com/us-en/crossfirex_components.aspx?p=3) and SLI-certified (http://www.slizone.com/object/slizone_build_psu.html) PSUs. As a general guideline, shoot for 550W to 600W for a midrange build, and 750W or more for a fully loaded rig. Pay particular attention to how many amps are rated for the +12V rail, as this is where today’s systems draw the bulk of their power from.

We don’t like leaving anything to chance. By using the eXtreme Power Supply Calculator, we can get a pretty good idea of what size power supply we’ll need for our next build.

After choosing a reliable PSU, consider investing in an uninterruptable power supply (UPS), otherwise known as a battery backup. Should you lose electricity as the result of a thunderstorm (or any other reason), your battery backup takes over long enough for you to save any documents you might have been working on. A quality UPS will also offer power conditioning to insulate your system from voltage spikes, line noise, and brownouts.

Choosing a UPS is a little different than picking out a power supply. Most battery backups come with a volt-ampere (VA) rating, with an 800VA unit being roughly equivalent to 540W of output capacity. This will be enough to provide up to about 15 minutes of backup power for most systems. A 1,500VA unit will keep you up and running even longer—anything higher is overkill for just about any desktop system. If you’re still unsure what size you should look for, play around with APC’s UPS selector (http://www.apcc.com/tools/ups_selector/index.cfm).

A surge protecor won’t prevent your PC from turning off if there’s a power outage. For that, you need UPS. Some UPS software will even save open documents and shut down your system automatically before the battery runs out.

5. Practice Safe Computing

Without constant vigilance, the Internet can be a dangerous place

We’ve found that the best recipe for avoiding most problems you’re likely to encounter consists of one part common sense and two parts safe computing habits. Installing an antivirus application isn’t a free pass to go romping around the web willy-nilly; you still need to exercise some sound judgment. Start by being selective in which websites you visit. Stay away from the seedier sides of the web offering up warez, keygens, and other illicit downloads, as they’re not only morally unsound, but also dangerous. Also avoid unknown sites that try to install ActiveX controls or toolbars.

Avoid clicking suspicious links, especially if they show up in an email. Hackers have become really adept at sending out legitimate-looking emails claiming there’s an urgent matter with one of your online accounts, such as a Paypal dispute or a discrepancy with your banking institution. Once you click the link, you’re taken to a fake website that looks and acts just like the one it claims to be, but there’s nothing innocent about it. The sole purpose of these sites is to harvest your personal information, including your username, password, credit card numbers, social security number, and anything else you’re fooled into divulging. Typos and bad grammar serve as dead giveaways that someone’s trying to dupe you, but it’s not always that obvious.

You also need to be wary of email attachments. As sophisticated as today’s attacks have become, malware writers know the easiest way to spread a virus is still by email. Live by the rule of thumb that if you weren’t expecting an attachment or don’t know who it came from, don’t download it. And if you were expecting an attachment, scan it with your antivirus software before opening it.

Use different passwords for different sites, and make them hard to guess. You should use a combination of letters and numbers to make a password impervious to brute force dictionary attacks, but nothing so complicated that you won’t remember it and thus feel compelled to write it down. (For more ideas on creating and storing strong passwords, check out our How-To “Hack Your Dropbox”)

Make it a habit to periodically check for software updates, and whenever possible, configure your programs to check for updates automatically. By keeping your software patched, hackers will have a harder time exploiting your machine and will move on to easier targets. If you’re not updating your software, then you are the easier target.

Don’t be tempted into turning off Automatic Updates to avoid nags to reboot. A secure PC more than makes up for the minor inconvenience.

And finally, set up a separate account for any guests or kids you might have, and then restrict their permissions. Only you should have administrative control over your Windows installation. In both XP and Vista, the option to do this is found in the Control Panel under User Accounts. In XP, create a Limited account for anyone else who might use your PC, and in Vista, create a Standard User account.

One of the problems of being a power user is that others usually aren’t as savvy as you. You might not be able to change that, but you can set up limited user accounts for anyone else who uses your PC.

---

6. Set up a Virtual Machine

Experiment all you want without putting your rig at risk

Virtual machine (VM) software allows you to run another operating system on top of your existing OS, thereby giving you access to a secondary PC without the costly hardware investment. It does this through a combination of tapping into the host PC’s existing resources, such as the CPU and RAM, and providing its own abstract hardware, such as a virtualized motherboard and videocard.

There are several advantages to setting up a virtual machine, the primary one being the ability to experiment with software without the risk of mucking up your system. Being a beta tester keeps you on the cutting edge of software development, and with a VM installed, you never need to worry about a poorly written program thrashing your pristine installation of Windows. You’re also given the freedom to explore potentially dangerous applications that might be laced with malware. However, there’s a caveat: Some virus strains can now recognize a VM and lay dormant until installed on the host PC, so it’s best to leave any suspicious files on the VM.

A virtual machine works just like a real PC, so if you’re having trouble installing Windows (or Linux), go into the VM’s BIOS and double-check the boot order.

You can also use a VM to learn a brand-new OS and explore different Linux distributions without the hassle of dual-booting, or to set up a legacy OS, like DOS, for revisiting old games. Maybe you want to test out your programming acumen, or simply have an alternate OS in place for troubleshooting. In short, there are a lot of things you can do with a VM.

For best results, you’ll need a PC with at least a 1GHz processor and 512MB of RAM. You’ll also need a separate license for each OS you plan to install, but you don’t need to pay for VM software. We like Microsoft’s Virtual PC 2007 (free, http://www.microsoft.com/downloads/details.aspx?FamilyID=04D26402-3199-48A3-AFA2-2DC0B40A73B6&displaylang=en) for its easy setup, although it lacks USB support and other features found on VMWare’s Player and Server packages. Microsoft should be putting the final touches on Windows Virtual PC by the time you read this, which will remedy its shortcomings and add a ton of new functionality.

Depending on what you plan to do with your VM, you can allocate more or less RAM from your primary PC. Allocate too much, however, and your PC could become lethargic.

After installing Virtual PC 2007, you’ll need to set up your VM. It’s here where you’ll allocate resources to your VM, and you’ll want to be careful not to go overboard and adversely impact the performance of your main PC. We typically set the amount of RAM to one-quarter the total installed, putting a ceiling at 1GB. When setting up the virtual hard disk, set aside anywhere from 10GB (Linux) to 50GB (Vista) or more, depending on how you plan to use your VM. Once you’re finished, your VM will act like a separate PC, complete with its own BIOS. Put your Windows or Linux installation CD/DVD in your optical drive, start up the VM, and install just as you normally would. Once you’re finished, apply any security updates, just as you would on your main PC, and then start experimenting. If you manage to mess up your VM, simply start the process over from scratch—no harm, no foul!

7. Configure Your Router, the Right Way!

A vulnerable router is an invitation to all sorts of abuse

Your home security is only as strong as its weakest link, and oftentimes that’s the router. Wireless routers have made it possible to share a high-speed Internet connection with multiple PCs without having to run a mess of cables throughout your home, but if you haven’t secured your Wi-Fi connection, you’re inviting anyone into your network that is able to pick up your Wi-Fi signal. The danger goes far beyond just saturating your bandwidth; those leeching off of your Internet connection can intercept data packets and sniff out login information, lift files from your PC, or share copyrighted material over your IP address so if the authorities come knocking, it will be on your door.

To avoid such unpleasantness, you need to lock down your wireless signal. Most router settings can be accessed by typing 192.168.1.1 into your browser (consult your router’s manual if this doesn’t work). You’ll be prompted for a username and password, and unless you’ve already set one up, type admin for both fields (again, this may vary by router).

Once inside your router, look for an Administration tab and enter a more secure password. If your router gives you the option of changing the username, go ahead and do that, too. Next, head over to the Wireless section and put in a unique SSID. Then look for a Wireless Security subheading and select the strongest encryption method your hardware supports, which for most modern builds will be WPA2 (if your hardware supports only WEP, consider upgrading to a more modern router, as WEP is easily cracked). When entering a passphrase for WPA2, use a combination of letters, numbers, and even symbols, and make sure it’s at least eight characters long. Alternately, you can use one of the many passphrase generators found via a Google search. Keep this information handy, as other PCs in your home network will ask for it when attempting to connect for the first time.

The now ironically named Wired Equivalent Privacy (WEP) will only keep casual war drivers at bay. With the right tools, that script kiddie next door can break through WEP and start serving up illegal files through your IP.

If you’re particularly paranoid about stumbling onto a phishing site not already blocked by your browser, you can replace your ISP’s Domain Name System (DNS) servers with OpenDNS (www.opendns.com), a free, ad-supported alternative with added security. Whenever you type in a web address, DNS translates the URL into the actual IP address. OpenDNS’s name servers maintain an actively updated list of known phishing sites, and can recognize common misspellings that could potentially redirect you to a harmful site. To configure your router to use OpenDNS, follow the site’s instructions for whichever make/model router you own.

Above and beyond protection from phishing sites, OpenDNS’s Dashboard lets you configure various security settings and filter Internet browsing, like blocking known porn sites.

The last thing standing between you and an Internet-borne attack is a firewall. Most routers come with a built-in hardware firewall, but it’s a good idea to supplement this with a software firewall. Both Windows XP (SP1 and later) and Vista include a software firewall already installed and turned on by default, but if you want to add outbound protection to the mix, you’ll need a third-party solution, like Comodo (free, http://personalfirewall.comodo.com/download_firewall.html) or ZoneAlarm (free, http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm).

---

8. Get in Tune with Your System

More often than not, there are signs of impending disaster, if you know where to look

Whether you’re a professional race car driver or a power user pushing your PC to the limit, it’s imperative you become one with your hot rod. By doing so, you can pick up on subtle nuances that would otherwise fly under the radar and predict problems before they happen. But you don’t need to rely on your instinct alone.

Are those new videocard drivers helping or hampering performance? You’ll know if you first establish a baseline for comparison. Benchmarks aren’t just for bragging rights, they can also serve as helpful diagnostics and clue you in when something is amiss. Futuremark’s 3DMark Vantage runs your GPU through a series of 3D gaming tests, while its PCMark Vantage analyzes your system as a whole (both free, www.futuremark.com). Run both of these and refer back to your scores whenever you make a change, be it new hardware or a driver update. See our online benchmarking guide for a list of even more free benchmarks that will tax various subsystems of your PC.

Benchmarks are a handy way of monitoring your system’s health. We like PCMark Vantage because it runs a variety of scripts intended to stress all the major components rather than focus on a single piece of hardware.

To ensure your rig doesn’t overheat and blow up (figuratively), get in the habit of monitoring temperatures. SpeedFan (free, www.almico.com/speedfan.php) will help you do this and can even adjust your system’s various fan speeds based on the temperature of your components. SpeedFan also comes with a S.M.A.R.T. tab, which reports the health of your hard drive and can sometimes be useful in predicting when a drive might be on its last legs.

By using SpeedFan to monitor your system’s temperatures and dynamically adjust fan speeds accordingly, you can run a quieter PC without overheating your components.

If you find that your temperatures tend to run high, there are a number of different ways you can lower them. Most third-party CPU heatsinks offer far better cooling potential than the stock units AMD and Intel provide. In most cases, you get what you pay for, so don’t expect to slap a $5 cooler on your Core i7 and unleash a new level of overclocking headroom—it won’t happen. Switching to a high-performance thermal compound, like Tuniq’s TX-2 or Arctic Silver 5, can also shave off a few more degrees. For case cooling in general, be sure you have enough fans in your system. You should have at least two 12cm fans, one in the front to pull air in and one in the back as an exhaust. If it’s an option, add another exhaust fan on top. Some cases even come with 20cm or 25cm side-panel fans, giving your entire setup a blast of cool air.

Finally, investigate any sounds that are out of the ordinary. A failing hard drive will often make a clicking or grinding noise shortly before it stops working completely, so if you hear this, back up any important data right away. If your system suddenly seems quieter than it used to be, check to see that one or more fans haven’t stopped spinning.

9. Keep a PC First-Aid Kit

In case of emergency, you should keep handy a repository of spare parts that can address a PC’s most common points of failure

1. Cables

If you’re lucky, hardware that appears to be faulty might really just need a new cable. We’ve seen it happen. You should keep an assortment at your disposal, including SATA, IDE, Ethernet, and USB cables of various sizes.

2. Optical Drive

There are many symptoms to a failing optical drive, including slow performance, corrupted files when installing Windows, or the inability to work at all. Keep a spare drive around for good measure.

3. Hard Drive

Grinding noises coming from your PC are never a good thing, and usually mean your hard drive is about to go belly-up. Keep a spare hard drive within reach for emergency backups and troubleshooting.

4. Thermal Paste

Over time, your thermal compound may dry up and lose its ability to transfer heat. Always keep a tube of thermal paste on hand, whether you’re applying a fresh coat or installing a new heatsink.

5. Boot Disc

If your system suddenly refuses to boot, you only need to panic if you didn’t have the foresight to create a boot disc. Use this to get into your system to retrieve files, clean up malware, and fix other issues.

6. Screws and Standoffs

We don’t know why we end up with fewer screws than when we first started, but we always do. Keeping a supply of various-size screws and standoffs solves this problem so we can focus on the task at hand.

7. USB Hard Drive Adapter

Whether your motherboard is fried or you’re trying to move your desktop files to a notebook PC, migrating data is made a million times easier with a USB hard drive adapter.

8. Thumb Drive

Thumb Drive With the price of flash media plummeting, there’s no reason not to keep a spare thumb drive around. Use it to transfer files in a pinch, store diagnostic utilities, or even as a bootable drive.

9. CMOS Battery

CMOS Battery A faulty CMOS battery can cause your system to forget the date and time, refuse to boot, display quirky error messages, or lose your BIOS settings. Thankfully, these tiny batteries are ultra cheap and a cinch to replace.

10. Arcticlean

Some thermal-grease cleaners leave behind a nasty residue as a result of perfumes and other foreign substances that have been added. ArctiClean doesn’t and it works better than isopropyl alcohol at breaking
down thermal paste and pads.

That shiny new netbook is light and portable, plays music and movies, and cost less than an iPhone (with service). Problem is: you might be ready to chuck it off a bridge. Running the Intel Atom processor at only 1.60GHz, netbooks are a bit on the clunky side when it comes to actual data processing. No one is going to play World of Warcraft on one of these thin machines, but it sure would be great if OpenOffice, a music player, and Mozilla Firefox could run a little faster.

The answer to the netbook dilemma is: find an alternative operating system. Of course, this is a time-consuming proposition, considering you have to download the OS, burn it to a CD or USB key, load the OS, and then configure it. To find out which OS will actually add pep to your Sony P – or any number of low-cost, Atom-based netbooks – we loaded six different options on the same machine and performed a series of tests – looking at the interface, networking features, the browser and built-in apps, and how much customization you can do and ended up picking a clear winner.

For testing, we used the Acer Aspire One AOD250. It uses the Atom N270 processor running at 1.60GHz, has a 533MHz front side bus, and a 512KB L2 cache. The unit ships with Windows XP, which made our baseline testing a hair easier. It has a 10.1-inch 1020×600 screen, runs on the Intel 945GSE graphics chipset, has 1GB of DDR2 533MHz DRAM, a 160GB 5400RPM hard disk, built-in 802.11g Wi-Fi, three USB ports, and a slim form factor – all for about $298. We picked it because it is so common, but also because it supported the most operating systems. We also did a sanity check on the Lenovo S10, HP Mini 1100, and the Asus Eee 1000HE with each OS. In a few cases (e.g., with Moblin on the Lenovo S10), the OS just did not load right. We had the best success with the Acer.

For the test criteria, we wanted to cover a wide gamut. We first tested install time and boot time. Those are important for saving time initially (hey, maybe you are not going to like the new OS) but also for every single time you power on the machine. We also tested the interface and for extra features, software support, customization and personalization, RAM usage, and speed. Since there are no benchmarks we know of that work with all of the OSes we tested, the speed test was a manual grunt test – we timed browser load speed, how quickly a photo opens, PDF load time, and document load time. We also just used the system as we normally would and formed an overall impression.

The operating system options are expanding all of the time. The latest and greatest alternative to Windows XP is Moblin (www.moblin.org), which shows a lot of promise but is a bit rough around the edges. We also tried Slax, a Linux distro that is light and fast. We used Ubuntu for Netbooks Remix, and also tested Windows 7 – which was surprisingly nimble but not our first choice.

Windows XP

Our baseline test was with Windows XP. Everyone has their own opinion about this age-old OS, but we have to state first off that using it feels like a time warp back to 2003. One way you can get around the time-warp factor of Windows XP is to run a cloud-based OS such as iCloud or EyeOS, which at least seem aware of the trends in computing related to social networking and Twitter. Windows XP is a solid OS that works reliably, but our main problem with it is that we are just bored by the interface, and the idea of using an OS that thinks you still have a floppy disk drive installed is just wrong. The latest service packs take care of most networking issues (such as support for 802.11n), but Windows XP is just showing its age and is not exactly inspiring in terms of computing in 2009.

Load and Boot

One of the main complaints about both Windows XP and Windows Vista is that they take quite some time to install. On the Acer Aspire One, the install time was compounded by the fact that the machine we used for testing would not even let us install Windows XP Professional from a non-OEM DVD disc at first. The model we used came with Windows XP running already, so to do the installation we had to use a different DVD (actually, the one that came with the Asus Eee 1000HE) and performed a restore. This loads the OS install files onto the hard disk so you can run the installer. We used a Plextor PX-610U USB drive, and the total install time was 22 minutes including the restore time. That’s the longest of any of the OSes we tested, including Windows 7, and one clear reason to avoid XP.

This is one issue that netbook users will face – there are no models we’ve found that provide a built-in DVD drive, so the assumption is that you will live with the installed OS. Fortunately, most Linux distros let you install from a USB key. Boot time for Windows XP was 35 seconds, which is one of the longer boot times we experienced compared to the other operating systems.

Interface and Extra Features

Windows XP is a known quantity, so we won’t dwell on any specifics here other than to say that the OS now seems excruciatingly dull and woefully out of touch with modern computing. There are no signs of being able to update your Twitter status from within the OS (as you can from Moblin).

The familiar control panel in Windows XP is yawn-inducing but functional.

Software Support

The built-in software options included with Windows XP are actually quite limited when you consider that Linux distros typically come with a productivity suite (usually OpenOffice), a full featured mail client (Evolution is most common), and a modern browser (such as Mozilla Firefox). Adding all of these components just adds to the total installation time. The Asus installer we used for Windows XP does add some handy extras, and that’s typical with most netbooks and notebooks. For example, we were able to open PDF files and Internet Explorer support Flash out of the box.

Our install of Windows XP supported Adobe Flash in IE without having to do an extra install

Thanks to the OEM version of Win XP we used, the OS supported PDF out of the box

Customization and Personalization

Windows XP is fairly easy to customize, and supports a bevy of extra utilities such as Unsanity WindowShade X and many other tools. The main issue with Windows XP themes, color treatments, and desktop wallpapers is that we have seen them for so many years they just seem outdated. For power users who run a single-color background, turn off the screensaver, and live with the basic blue colors of Windows XP, this is not a major problem, but it is still a detriment.

Windows XP is easy to personalize, even if it seems as though you are taking a time warp.

RAM Usage

Windows XP falls somewhere between a light OS such as Ubuntu for Netbooks Remix or Moblin, and a memory hog like Windows Vista. Using the Performance Monitor in Windows XP, we noted that RAM usage stayed right around 30% with a browser and a few small apps running. However, when we ran Windows Live Mail, StarOffice Writer (included with the Asus OEM version of Windows XP) plus IE and other small apps, memory usage spiked to 100% frequently. This meant the Aspire One would slow down whenever we started a new app, using up all of the 1GB of RAM. However, once the apps were running, Windows XPO felt nimble enough, although we never tried a more performance-hungry app such as Adobe Photoshop, which is not really intended for a netbook.

RAM usage — shown here in yellow – spiked repeatedly when we started new apps.

Speed

Okay, the rubber meets the road. Windows XP runs fast on netbooks, which is why it is the OS of choice for companies like Asus, Acer, and Lenovo. See the graph for all of the details on speed testing all of the alternative operating systems, but Windows XP took 8 seconds to open an MSN page, two seconds to open a large word processing document, and 10 seconds to open a PDF. That’s a few seconds faster, in total, than Windows 7, but still slower than the Slax distro.

MSN.com loaded in 8 seconds, which is just a hair faster than Ubuntu for Netbooks Remix.

A long document opened quickly – just two seconds – in Wordpad.

This 5MB photo loaded incredibly fast in the Windows XP preview app – just two seconds.

Conclusion

We ended up viewing Windows XP as a “live with it, not like it” OS for netbooks, something you use if you can’t stand any of the other more updated OSes, such as Ubuntu or Moblin. It’s just not that exciting to think you will go back in time and use an OS that has worn out its welcome.

---

Windows 7

Ask Microsoft about their view on Windows 7 running on a netbook and their first answer will be: what is a netbook? The company has gone on record saying they view the category as “mini notebooks” instead of a distinct segment worth a specific OS version. Still, we had to find out if Windows 7 RC would run adequately on the Acer Aspire One. The short answer is that: it runs okay.

The boot time was a rather disappointing 57 seconds, despite how Microsoft has stated that boot times will be lightening fast (apparently, not on a netbook running a slow processor). To double-check our results with Windows 7, we tried installing the OS on an Asus Eee 1000HE, and it would not boot up at all after the installation. And, there were other problems: no Flash support, no PDF support, and mediocre games meant more time installing those add-ons after the install.

Load and Boot

Windows 7 took 20 minutes to install on the Acer Aspire One netbook – only Windows XP took longer to install. Boot up time was 57 seconds, which is much longer than we expected. Windows 7 has this annoying tendency to look like it has crashed during install, but if you look closely, you can see tiny dots moving from left to right as the OS copies files over. These annoyances might be fixed for the final release when Windows 7 ships some time this fall.

Interface and Extra Features

Windows 7 is essentially a root level fix for Vista, solving some of the most common complaints. On a netbook, it is more power than anyone would likely need for a machine that is intended for the 30-minutes-of-use window (compared to 3 hours for a notebook and 3 minutes for a smartphone). Still, at least Windows 7 has features designed for the current era of computing. There’s a built-in search that actually works – it finds documents quickly and accurately, for example. The games are not exactly stellar, a mild improvement over Windows Vista and XP. (Someday, Microsoft will decide to include a real shooter with every copy of Windows just to showcase the OS gaming power.) Moblin is much better when it comes to social networking features – such as updating Twitter form within the OS.

There are no built-in features for updating your Twitter status, which makes it a bit outdated.

Windows 7 found all of our network-attached storage drives easily enough.

Searching in Windows 7 actually works fast and reliably – unlike Windows Vista search

Games in Windows 7 are similar to what you find in Windows Vista – nothing too special.

Software Support

Windows 7 RC is just the barebones OS – when it debuts on systems this fall, the OEM version will likely include PDF and Flash support. As it stands now, the RC does not support PDF files or Flash, so you have to install those extras yourself. Or, not. We were not able to find an Adobe Flash that works with Windows 7. We did find a version of Adobe Reader for Windows 7.

Customization and Personalization

Windows 7 is a functional, practical release this time around – it is meant to address the problems in Windows Vista such as User Account Control and boot-up speed. That said, the customizations options are similar to what you find in Vista. We prefer the more modern UI design in Moblin and Jolicloud. At the smaller 1200×600 screen size of the Acer Aspire One, Windows 7 felt a little bulky with its larger buttons and large-footprint windows for selecting Wi-Fi networks and browsing files.

Windows 7 offers quite a few options for adjusting colors and themes, but they lack the OS does not have the pizzazz of Moblin or Jolicloud.

RAM Usage

While we can’t say Windows 7 is a memory hog (in fact, it was quite snappy with just one or two apps running), it is overkill for a netbook because the OS is designed to support robust apps such as Adobe Photoshop or music production software such as ProTools. It’s a multi-tasking behemoth that taps in quiet well to the processing power of the Intel dual-core line of processors, and is far from a light OS. In tests during several days with Windows 7, memory problems became a serious problem, – consuming 100% of the 1GB RAM repeatedly when we ran IE, a photo browser, and just one or two other apps. One of the benefits of using a light OS such as Ubuntu for Netbooks Remix is that the OS and the apps are light – the Evolution mail client barely takes up any RAM in Ubuntu.

RAM usage — shown here in yellow – spiked repeatedly when we started new apps.

Speed

Windows 7 is not as fast as Windows XP, but we already knew that. In the photo load test, Windows 7 took 10 seconds to open a 5MB file, over twice as long as Windows XP. Windows 7 took 5 seconds to load our multi-page document and 6 seconds to load MSN.com in IE8. Overall, Windows 7 did feel sluggish compared to Ubuntu for Netbooks Remix and Slax when we ran multiple apps, while other OSes breathed life into the Acer Aspire One and made it a more usable system.

MSN.com took a couple seconds longer to load than Windows XP, taking ten seconds.

Windows 7 loaded our test document in 6 seconds, the same speedy result as the Slax OS.

We can’t explain why, but this 5MB photo took a full ten seconds to open in Win 7.

Conclusion

We didn’t really expect Windows 7 to run fast on the Aspire One, but Microsoft may still surprise everyone and release a stripped-down version that runs faster on netbooks. In the end, we were not impressed with the boot time, long install process, and sluggish behavior with multiple apps running.

---

Ubuntu for Netbooks Remix

The testing results heated up when we started testing Ubuntu for Netbooks Remix, which has a new UI design and runs without some of the overhead of the big brother Ubuntu 9.04, such as extra security protocols and built-in apps meant more for the desktop than mobile use. Ubuntu for Netbooks ended up being our top pick, a nimble OS that made the Aspire One snappy and more useful.

Load and Boot

It all starts with a relatively fast install time – about 14 minutes, compared to 20 minutes for Windows 7 and even longer for Windows XP. It means you can get up and running with your netbook and move on to configuring the system and adding extra software faster. Ubuntu is a great match for netbooks, even for those who do not normally use Linux or understand how it works, because you likely won’t need to add your normal stable of apps (just keep using them on your Windows notebook), probably won’t use the netbook as a gaming machine, and will likely just use it for e-mail and writing the occasional OpenOffice doc. Ubuntu for Netbooks Remix also had a quick 30-second boot time, a hair slower than Moblin (at 25 seconds) and Slax (at 20 seconds) but still much faster than Windows.

Interface and Extra Features

Ubuntu for Netbooks Remix is remarkably easy to use. The main interface places all common functions and tools on one screen, a stark departure from the blank desktop of Ubuntu 9 and Windows (or a Mac, for that matter). We prefer how Moblin provides easier access to social networks and instant messaging, but the downside with that OS is that it is buggy (in an early beta) and runs slower.

Ubuntu for Netbooks places all the configuration tools in one window.

Ubuntu for Netbooks found all of the attached network drives easily.

Not as fast as the search in Windows 7, but the search results were accurate.

Ubuntu had a problem with an uncompressed MP3 audio file, but otherwise has built-in options for listening to Internet radio, Last.fm (an online radio service), and local music.

Ubuntu for Netbooks provides a few tools for communicating with Internet pals, such as this instant messaging client.

Customization and Personalization

Like any good Linux distro, Ubuntu for Netbooks provides a wealth of color options to change the look of the interface, themes to make quick widespread changes, and a few wallpapers.

Ubuntu for Netbooks recognized the correct size for the Acer Aspire One display, which is a common problem with some distros that do not work with irregularly shaped notebook screens.

Quick theme adjustments mean you don’t have to adjust specific colors for the OS and can get a fresh look without spending any extra time. Still, the UI is not quite as slick as Moblin.

RAM Usage

Memory usage stayed right at about 25% running most apps alone, and jumped only a small amount – to 50% or so – when running multiple apps. Ubuntu for Netbooks did the best job of managing apps – there were rarely any slowdowns like there was with Moblin, and apps started up quickly without the lag you might experience with Windows 7 on a netbook.

Ubuntu for Netbooks handles memory chores easily enough, even with only 1GB of RAM.

Speed

We were impressed with Ubuntu for Netbooks and its ability to manage memory and run all open apps smoothly. The slight surprise is that it was not the fastest of all the OSes we tested. The MSN.com test took 11 seconds, opening the 5MB photo took 5 seconds, and the word processing test took 13 seconds (the highest of score on any OS). Still, Ubuntu is faster than Moblin over (which had problems loading Web sites quickly). We also ran a PDF test with a very large document that was about 2MB and Ubuntu for Netbooks opened the file in just two seconds – the fastest score of all the OSes.

It took only two seconds to open this large data sheet from Seagate.

Conclusion

We picked Ubuntu for Netbooks Remix because it runs the fastest with multiple apps open, had some of the best UI features (such as a main screen intended for those unfamiliar with Linux), loaded and booted quickly, and just looks the best compared to all of the other OSes.

---

Moblin

Moblin is the new netbook operating system developed originally by Intel and now part of the Linux Foundation. The main claim to fame with Moblin is that it is designed to make it easier to access Web 2.0 sites such as Last.fm and Twitter (with built-ion controls right on the taskbar). The OS uses a zone concept where you can place apps in their own zone and then switch quickly between them. During our test period using the build dated June 16, we had a lot of problems getting the distro to work correctly – it crashed when we went to the browser, when we added a Twitter account, etc. Crashes do not freeze the entire system, though, and pop up a dialog box where you can send in the feedback.

Load and Boot

We installed Moblin in 13 minutes, besting the Ubuntu for Netboosk install time by one minutes. (Slax installed in only 10 minutes, however.) the boot time for the OS is 25 seconds, so not quite as fast as Slax but still faster than every other OS. The install process is straightforward enough that you do not need to know anything about Linux to use it and asks only for a username and other info.

Interface and Extra Features

What you sacrifice with Moblin is that it is not equipped as a full distro that includes all the tools you might expect, such as a full word processor. Instead, it is designed to install with a basic set of apps and let you get on with your work. As an early beta, Moblin has a raft of problems, including lack of USB keydrive support (we tried about six of them) and problems playing even basic MP3 files.

The interface is slick and trendy, but requires some learning. The toolbar drops down from the top of the screen, and there are icons for browser, statsus update, zones, applications, and IM. What is refreshing – and unusual – is that Moblin doesn’t really look like an OS, and mimics the look and feel of a Web site instead. The extra features for Twitter updates and IM are great, and there are plenty of extra apps such as calculators, schedulers, and a media player, but there are no full word processing apps – and no clear way to add them. (In our tests, the Moblin library for adding apps did not let us install OpenOffice.)

Moblin offers a way to sync your data on the netbook with a service such as Funambol

An unusual feature, you can add your Twitter account and update your status right form the OS toolbar.

We liked the search functions in Moblin, and they worked perfectly, although – if you look closely – you can see that they look almost exactly the same as they do in Ubuntu.

The UI paradigm for holding apps in zones is a common Linux construct, but one that will seem unusual to users who have decided to ditch Windows XP on their netbook.

Moblin had trouble playing even the built-in music files, let alone the uncompressed MP3 we added by sending an e-mail to our own Gmail account (since USB keys did not work).

Moblin found our wireless network just fine, but could not find any network drives.

Software Support

Moblin supported both Flash and PDF without having to install any extra software, which saves time in hunting those tools down and installing them. It’s a little surprising, given the fact that the OS does not come with any superfluous software. It meant Moblin was a pick-up-and-go OS that worked without a lot of extra customization, and means you could install it and start using it without extra effort.

Flash support on a Linux netbook is hit or miss, but with Moblin it worked out of the box.

You can open PDF documents as well, using a built-in doc reader that loaded files quickly.

Customization and Personalization

Moblin does not pretend to be a full-featured OS, but that is also what makes it attractive to netbook owners who crave speed and not necessarily extra features. As such, the customization options are quite slim – you can change wallpapers and themes, but there’s not the depth of color adjustments and interface tweaks that you will find in Windows or Ubuntu.

You can change themes but not adjust too many colors for the UI.

Like any good Linux distro, there’s a way to change default fonts for the OS layer.

RAM Usage

We did not find a utility for testing RAM usage on Moblin, but we can tell you that – as long as you only run one or two apps, the OS is speedy enough. At times, Moblin did seem like it was trying to catch up with our mouse clicks, but we presume that is due to the beta code.

Speed

Moblin either worked extremely fast or had problems with even basic tests. For example, in our MSN test loading the built-in browser, which is essentially a re-designed Firefox, MSN.com loaded in 17 seconds, the slowest of all of our tests. Yet, the 5MB photo loade din just four seconds, and a PDF file appeared in the doc viewer in just two seconds. We couldn’t test the document load tiem, since Moblin does not provide a full word processing app and only read our test doc as a TXT file.

Our doc file did not format correctly using this built-in text editor.

MSN loaded in 17 seconds – time enough to visit three site son other netbook OSes.

This photo loaded in four seconds, a hair faster than Ubuntu for Netbooks.

Conclusion

We’re big fans of Moblin, it just needs work before it is ready to take up disk space as our netbook OS of choice. Ubuntu for Netbooks has the leg up here, but we do prefer the Moblin look and feel, quick access to Twitter, and the fact that it runs reasonably fast (with occasional stall-outs).

---

Slax

The main story with Slax (www.slax.org) is that it’s a light Linux distro that makes sense for netbooks, with a few weak spots that need to be ironed out before we can fully recommend it.

Load and Boot

The only install we could find was a Live version that loads partially onto the hard disk. As such, the install comparison is not really fair (Slax took 10 minutes to configure in total for the Live version) and there is no comparison for boot time, since each time you use it, the installer kicks in from the CD. That made Slax less flexible, and required that we bring an external DVD drive with us at all times. (We also could not find a USB version of the distro.) Once loaded, Slax ran quickly on the Aspire One.

Interface and Extra Features

Slax looks like the older Linux distros we have used for years, and it uses the KDE desktop environment – which is also not our favorite UI. Slax had several problems running on the Acer Aspire: the music player did not play movies or music at all, and the hardware buttons on the netbook did not work right. For example, while the volume buttons on the netbook worked with the other OSes we tested, it did not work with Slax. We also could not get the Wi-Fi connection to work. Oddly, Slax could find our Netgear router and connect to it, but could not get an IP address. We tried setting it manually, and could still not get the Internet to work on the device. There is probably some trick, but a new user to the distro would likely not know those tricks – it should be easier.

Slax presents the typical offerings for adjusting your desktop settings and configuring a network.

The included games were the least compelling of the OSes we tested.

You can set up instant messaging –we had to use a wired connection – but there are no functions that help you update your status or access social networks quickly.

The search functions work as stated, even if there was a lag in finding documents.

Slax did not play any MP3 files we tested, including this uncompressed audio file.

Software Support

Slax did not support PDF or Flash, a sign that the OS has fallen behind other distros in supporting the latest tools for Web browsing. However, there are plenty of apps included with the distro, including OpenOffice tools and the Evolution mail client.

Customization and Personalization

Slax provides only a few options for personalization – even though there is a theme manager, and the ability to change colors, most of the work involved with customizing the UI falls to the end-user, who has to wade through a lot of options to get the right look and feel. We prefer the fastest theme controls in Windows 7 and in Moblin. In many ways, the controls for personalization in Slax are more like the Linux distros form the last few years and are not as slick or user-friendly as those in, say, Moblin.

There are only two background wallpapers included with Slax.

If you take the time to adjust colors, you can get your own custom look.

RAM Usage

Slax actually used a healthy amount of RAM, about 40% of the 1GB available, which was a lot compared to the roughly 25% usage in other OSes.

Slax uses a lot of RAM for a light distro, more than Ubuntu or Windows 7 in fact.

Speed

Where Slax did shine, though, was with application speed. In fact, the OS scored the best results in our tests. The 5MB photo we used loaded in just five seconds, the document loaded in six seconds, and the PDF file loaded in three seconds (after we installed a PDF viewer). We decided not to include test results for MSN.com in the browser over a wired connection since we tested over Wi-Fi for the other operating systems. (The site actually loaded in four seconds over an Ethernet connection.)

Kword loaded the test document in just six seconds, twice as fast as Ubuntu for Netbooks.

Near-instant photo loading is one perk of using the light Linux OS, Slax.

Conclusion

So, if Slax performed so well in our tests, you might wonder why we did not pick it as the best choice for netbooks. Speed is important, and a main goal was to make the Aspire One run faster. However, we just were not as impressed with the OS overall, especially in terms of customization options, software support, and options for how you install it. You might be able to find a USB install and get Slax running well on a netbook, but one criterion we had was that the download and install process be easy and the OS work well without a lot of tweaking, and Slax falls short.

---

Is Jolicloud worth your time?

One other option for netbooks is called Jolicloud, a hybrid OS from the creator of the Netvibes.com Web aggregator. Based  on the Ubuntu for Netbooks Remix distro, the OS offers some truly innovative features, but for the most part works almost exactly like Ubuntu.

The major new feature is that the OS lets you install software using the same paradigm that you might already known from the iPhone and Google Android. Apps are listed in a dashboard — which also reports on the latest Jolicloud news and support forum info – with an Install button. When you click Install, a small progress bar appears. The idea is that you can click this option and then perform other tasks, although in the beta we tested, as soon as we left the dashboard, the install would stop. Still, it is a novel idea because it means new users don’t have to figure out the relatively complex process of installing applications – a gating factor for new Linux users.

Jolicloud also lets you install links to common Web services, such as Facebook and Twitter. This feature is less interesting because you are really just adding an icon that takes you to the browser and loads the Web site. It would have been much more impressive if Jolicloud actually loaded a custom app for the sites – similar to what you find on the iPhone, the T-Mobile G1, or the Palm Pre. These apps would save time, even if they were truncated versions of the full site, if all you want to do is post your status or view the latest moronic thread about the news topic of the day. It is possible that Jolicloud users will create these apps in the future instead of just relying on links.

Otherwise, once you close the Jolicloud dashboard, the OS operates exactly the same as Ubuntu – there are no discernible differences in terms of the interface, speed results, or apps you can load. Jolicloud shows promise, but for now the actual benefits to netbook users is questionable.

If you’re like me, your USB key should come with its own flame retardant coating. That’s because I tend to use my little four-gigabyte device to great excess on a near-daily basis. It’s an easy fix for transferring files from a desktop PC to a laptop, and it’s great for carrying batches of files I need to access (especially if I’m without an Internet connection, making Dropbox useless). If I’m heading over to a friend’s house, I can slap a movie on the drive for us to watch on an attached PC or home theater device. I can throw down a game or two if I’m going to be travelling and don’t feel like reading about overpriced devices that will pet my cat for me. USB keys are more than just a geek’s trusty friends. They’re uber-tools in their own right.

Application suites for USB keys are another popular way of extending the functionality of your desktop into the portable realm. Install these batches of software and you can take your favorite programs along with you wherever you go–perfect for when you’re using a computer that isn’t yours, yet you would prefer to be able to access to a better range of apps than Windows’ default programs. Better still, you can stick these batches of applications on smaller USB keys to extend the life of these sub-gigabyte devices. The storage might stink, but the functionality will rule.

PortableApps

What it does: The alpha and omega of portable application suites is conveniently called, “PortableApps.” Were there any software suites on this list that you would have already heard of prior to this article, this would be the one. And there’s a good reason why. PortableApps packs a great deal of functionality into its three software bundles, which take up space ranging from 1.3MB to 355MB. You get the standard suite of Mozilla applications, a portable antivirus scanner, games, the OpenOffice suite, and more! Check out the full list here.

Download it here!

Lupo PenSuite

What it does: If you thought PortableApps was packed, just wait. The three versions of Lupo PenSuite range from 3MB to 300MB in space. The latter includes a more than 200 apps themed around nine main categories: Internet, Multimedia, Graphics, System, Security, Office, Utility, Extra, and Games. Highlights included a portable version of uTorrent; more audio editing and CD ripping/burning apps then you ever thought you needed; Gimp for photo editing; CPU-Z and JkDefrag Plus for system information and drive cleaning; CCleaner for keeping your system clutter-free; and Notepad++ for adding colorful syntax to your file editing. I tried to say all of those in one breath, but failed. Check out the full list of apps here.

Download it here!

LiberKey

What it does: Although LiberKey doesn’t stand out against its peers, like Lupo PenSuite, as a result of its applications, one of the suite’s cooler features is that it allows for updates to any of its applications via a simple utility. It’s like having a customized edition of the Filehippo version tracker right there on your USB key. This process isn’t always as simple with the other application suites, nor would I imagine that you would ever want to go through the official Web sites of hundreds of applications just to find new versions. LiberKey takes care of that all for you so you can get back to, you know, using the applications you downloaded. Fancy concept, that.

Download it here!

MyApps

What it does: Tired of grabbing application suites in which you only end up using five percent of the listed programs? Think you can do better than your average suite developer when it comes to picking and choosing the top apps that should go in a bundle? Alright, tough person. Hit up the Regional Support Centre Scotland North & East’s official Web site and create your own customized MyApps listing. Pick the programs you want to have on your key, and the site will automatically create the single install file for you. It’s as easy as that (or, if you’re stubborn, grab one of the three pre-built packages: AccessApps, LearnApps, or TeachApps)

Download it here!

Mojopac

What it does: I lied. Mojopac isn’t an application suite so much as it is an entire virtualized operating system–sort-of. Load this onto your USB key and you can boot into a separate Windows environment on any Windows XP-based PC. While the program ties into existing files on the system’s hard drive to create this second operating system, the contents of said OS remain yours to install programs into, modify, and tweak. When you’re done, shut down your personalized OS and it’s as if you were never sitting at the attached PC to begin with. Neat, huh?

Download it here!

Upgrading the Processor isnt going to happen

Sorry everyone, I can testify that the normal computer geek cannot upgrade the processor in their MacBook. I have one of the 2.4ghz MacBook’s and decide to see if I could replace the processor with a faster one. No such luck. After opening the case, removing the fan and then painfully removing the mobo I found out that Apple has soldered the processor in place.

If you have any idea how to remove a processor that has been soldered in let me know.

As for ram, no problem. I purchased 2 x 2gb of DDR3 from Tiger Direct for $60 and replaced the 2 2gb sticks that came from Apple. The MacBook is running great. As soon as the price drops on 4gb sticks I will upgrade to 6gb.

I also replaced the hard drive with a 7200rpm drive the day I got the computer. This was a very simple upgrade. Sorry, but I cannot attest as to the improvement since I never turned the computer on with the factory hard drive.

Good Luck with your upgrades

Browsing the Internet.

So how many hours a day do you spend searching the internet? Have you ever looked into the tools available to make browsing the internet faster and more enjoyable? When you think about how many hours a day a person may spend searching the internet it is shocking to see how many people just use the web browser that came on there computer.

What is a Web Browser?

A Web Browser is a computer program or application that allows you the user to interact with text, images, video and any other information typically found on a web page or web site. The Web Browser reads the HTML, JAVA, PHP or whatever language may be used then renders that code into something you can understand. It is in the way a Web Browser renders this code that determines how fast, or how well a web page displays.
Picking a Browser
Before you can pick a browser you need to know which web browser are available. The most well know are Internet Explore, Safari and Mozilla Firefox, but Google’s Chrome is defiantly trying to make a name for itself. A few other less known are Opera, Konqueror, Amaya and Flock. Things like AOL Explorer and MSN Explorer are not true web browsers. They are a graphical front end to Microsoft’s Trident engine and would require another article to explain.

Things to Consider?

Surprisingly with the latest round of updates there isn’t a lot differences as far as features. All major browsers have excellent security features built in.  I have found little information about Google Chrome. Tabbed browsing is also included in all of them. All of them except Google Chrome have a built in RSS reader and Ad blocker. I’m not picking on Google Chrome it is still new in its conceptual stages and should be given some time before a real decision is made about Chrome’s potential. But at this point Chrome does not have all of the standard equipment.

Age of your computer; If you have an older computer you may want to try smaller browsers such as Opera. It doesn’t matter how good a browser is if it slows your computer down. IE 8, Firefox and Chrome use more resources then Opera.

Customizing and exploring, if you are really into customizing your web browser or are very tech savvy you will defiantly want to check out Firefox. Firefox destroys the competition if you are looking for plug-ins or themes to improve your browsing experience. Personally, I couldn’t live without a few of the coder plug-ins for Firefox.

Type of Computers, if you use both Macs and PCs such as myself then you are limited to Firefox or Opera that is if you want to use the same browser on both machines.
Current Failures, does your current browser often stall or crash. It is possible for code on a certain page to cause a browser to crash or stall out. I have noticed that my beloved Firefox hangs up a lot on my Mac Book. Strangely Firefox runs perfectly on my hackintosh. This hang up has me looking into new browsers.

Download Managers, Browsers such as Firefox have superior downloading features such as the ability to pause and resume a download.
Open Source- You may want to consider Firefox and Opera simply because they are open source projects. I often try to support open source, as a way to give back to the community.

Which one is Faster?

The question is a lot harder to answer then I first thought. Truthfully there isn’t a simple answer. It depends on what you are doing and what you are using. Traditionally, Internet Explorer has the fastest start up time, this is because the majority of its resources load on start up. Opera is the fastest as in resources and processes. Opera clearly uses less processing power then any other browser therefore it will run faster on older machines. According to Microsoft Firefox is the fastest at loading webpage’s, but the margin is narrower then the speed at which the human eye blinks (0.02 of second).

In Summery

I recommend Firefox, it does everything you could want, it does it as well if not better then everyone else and the plug-ins available simply cant be matched by other browsers. In reality it seems to be more of a personal preference. A few years ago Firefox dominated the market but Mac and Windows have once again learned from the Open Source community and improved their products. However, I strongly recommend that you constantly upgrade the most current version of any browser. I still find people using IE 6 and often hear that web pages don’t look right. Well, that is simply because the code used to create web pages is ever changing and the older browsers simply don’t understand the newer code.

Downloads

Firefox
IE 8
Safari
Opera
Chrome
Flock
Amaya

Are you looking to create you own website?
Do you want to test websites on your computer?
Are you running OS X 10.3 or higher?

Then you are in luck. This very simple tutorial will give you your very own web server. What must people don’t realize is that Apache and php are per-installed in every current version of OS X. The trick is just knowing how to turn them on.

Start by going to System Preferences:

Then go to Sharing:

From this point you simply need to check the box for web sharing. At first you would think this is some sort of file sharing but it isn’t. This simple check-box enables Apache.

Next, you need to know where your www folder is located. In the default Apache install on OS X your www folder is called documents. Go to root folder / Library / WebServer / Documents. You simply need to place you index file and other html files in this directory.

At this point your webserver isn’t live to the world. As of right now you have a home server commonly used for testing. If you would like this server to be live you need to give your computer a static ip address and then forward port 80 to your computer. Assuming you are using some sort of a router.

In my netgear router you login to the web interface. open a web browser and try 192.168.1.1. Your router may have a different ip address, so hopefully you remember what it is. Once logged in go to port forwarding and forward port 80 to your computer/server.

Congratulations, you have an OS X server and can host your own websites. The last step is to buy a domain name and point it to your external ip Address. Make sure your Internet provider gives you a static IP, must home plans are dynamic.

Start by downloading mySQL from here:

Once the file has downloaded you should have a disk image mounted on your desktop. Simply double click on the disk image to open the installer. Everything is very straight forward at this point. Just keep saying ok until the installer is finished. You need to install both mysql and the mySQL start up.

Once you have finished installing both packages you need to open terminal. Then use the command:

To stop mySQL use the command:

Add a root password with the command:

What separates average Linux users from the super-geeks? Simple: years spent learning the kinds of hacks, tricks, tips and techniques that turn long jobs into a moment’s work. If you want to get up to speed without having to put in all that leg-work, we’ve rounded up over 50 easy-to-learn Linux tips to help you work smarter and get the most from your computer. Enjoy!

#1: Check processes not run by you

• Difficulty: Expert
• Application: bash

Imagine the scene – you get yourself ready for a quick round of Crack Attack against a colleague at the office, only to find the game drags to a halt just as you’re about to beat your uppity subordinate – what could be happening to make your machine so slow? It must be some of those other users, stealing your precious CPU time with their scientific experiments, webservers or other weird, geeky things!

OK, let’s list all the processes on the box not being run by you!

ps aux | grep -v `whoami`

Or, to be a little more clever, why not just list the top ten time-wasters:

ps aux  --sort=-%cpu | grep -m 11 -v `whoami`

It is probably best to run this as root, as this will filter out most of the vital background processes. Now that you have the information, you could just kill their processes, but much more dastardly is to run xeyes on their desktop. Repeatedly!

#2: Replacing same text in multiple files

• Difficulty: Intermediate
• Application: find/Perl

If you have text you want to replace in multiple locations, there are several ways to do this. To replace the text Windows with Linux in all files in current directory called test[something] you can run this:

perl -i -pe 's/Windows/Linux/;' test*

To replace the text Windows with Linux in all text files in current directory and down you can run this:

find . -name '*.txt' -print | xargs perl -pi -e's/Windows/Linux/ig' *.txt

Or if you prefer this will also work, but only on regular files:

find -type f -name '*.txt' -print0 | xargs --null perl -pi -e 's/Windows/Linux/'

Saves a lot of time and has a high guru rating!

#3: Fix a wonky terminal

• Difficulty: Easy
• Application: bash

We’ve all done it – accidentally used less or cat to list a file, and ended up viewing binary instead. This usually involves all sorts of control codes that can easily screw up your terminal display. There will be beeping. There will be funny characters. There will be odd colour combinations. At the end of it, your font will be replaced with hieroglyphics and you don’t know what to do. Well, bash is obviously still working, but you just can’t read what’s actually going on! Send the terminal an initialisation command:

reset

and all will be well again.

#4: Creating Mozilla keywords

• Difficulty: Easy
• Application: Firefox/Mozilla

A useful feature in Konqueror is the ability to type gg onion to do a Google search based on the word onion. The same kind of functionality can be achieved in Mozilla by first clicking on Bookmarks>Manage Bookmarks and then Add a New Bookmark. Add the URL as:

http://www.google.com/search?q=%s

Now select the entry in the bookmark editor and click the Properties button. Now enter the keyword as gg (or this can be anything you choose) and the process is complete. The %s in the URL will be replaced with the text after the keyword. You can apply this hack to other kinds of sites that rely on you passing information on the URL.

Alternatively, right-click on a search field and select the menu option “Add a Keyword for this Search…”. The subsequent dialog will allow you to specify the keyword to use.

#5: Running multiple X sessions

• Difficulty: Easy
• Application: X

If you share your Linux box with someone and you are sick of continually logging in and out, you may be relieved to know that this is not really needed. Assuming that your computer starts in graphical mode (runlevel 5), by simultaneously pressing the keys Control+Alt+F1 – you will get a login prompt. Insert your login and password and then execute:

startx -- :1

to get into your graphical environment. To go back to the previous user session, press Ctrl+Alt+F7, while to get yours back press Ctrl+Alt+F8.

You can repeat this trick: the keys F1 to F6 identify six console sessions, while F7 to F12 identify six X sessions. Caveat: although this is true in most cases, different distributions can implement this feature in a different way.

#6: Faster browsing

• Difficulty: Easy
• Application: KDE

In KDE, a little-known but useful option exists to speed up your web browsing experience. Start the KDE Control Center and choose System > KDE performance from the sidebar. You can now select to preload Konqueror instances. Effectively, this means that Konqueror is run on startup, but kept hidden until you try to use it. When you do, it pops up almost instantaneously. Bonus! And if you’re looking for more KDE tips, make sure you check out our article, 20 all-new KDE 4.2 tips.

#7: Backup your website easily

• Difficulty: Easy
• Application: Backups

If you want to back up a directory on a computer and only copy changed files to the backup computer instead of everything with each backup, you can use the rsync tool to do this. You will need an account on the remote computer that you are backing up from. Here is the command:

rsync -vare ssh jono@192.168.0.2:/home/jono/importantfiles/* /home/jono/backup/

Here we are backing up all of the files in /home/jono/importantfiles/ on 192.168.0.2 to /home/jono/backup on the current machine.

#8: Keeping your clock in time

• Difficulty: Easy
• Application: NTP

If you find that the clock on your computer seems to wander off the time, you can make use of a special NTP tool to ensure that you are always synchronised with the kind of accuracy that only people that wear white coats get excited about. You will need to install the ntpdate tool that is often included in the NTP package, and then you can synchronise with an NTP server:

ntpdate ntp.blueyonder.co.uk

A list of suitable NTP servers is available at www.eecis.udel.edu/~mills/ntp/clock1b.html. If you modify your boot process and scripts to include this command you can ensure that you are perfectly in time whenever you boot your computer. You could also run a cron job to update the time.

#9: Finding the biggest files

• Difficulty: Easy
• Application: Shell

A common problem with computers is when you have a number of large files (such as audio/video clips) that you may want to get rid of. You can find the biggest files in the current directory with:

ls -lSrh

The “r” causes the large files to be listed at the end and the “h” gives human readable output (MB and such). You could also search for the biggest MP3/MPEGs:

ls -lSrh *.mp*

You can also look for the largest directories with:

du -kx | egrep -v "\./.+/" | sort -n

#10: Nautilus shortcuts

• Difficulty: Easy
• Application: Nautilus

Although most file managers these days are designed to be used with the mouse, it’s also useful to be able to use the keyboard sometimes. Nautilus has a few keyboard shortcuts that can have you flying through files:

• Open a location – Ctrl+L
• Open Parent folder – Ctrl+Up
• Arrow keys navigate around current folder.

You can also customise the file icons with ‘emblems’. These are little graphical overlays that can be applied to individual files or groups. Open the Edit > Backgrounds and Emblems menu item, and drag-and-drop the images you want.

#11: Defrag your databases

• Difficulty: Easy
• Application: MySQL

Whenever you change the structure of a MySQL database, or remove a lot of data from it, the files can become fragmented resulting in a loss of performance, particularly when running queries. Just remember any time you change the database to run the optimiser:

mysqlcheck -o <databasename>

You may also find it worth your while to defragment your database tables regularly if you are using VARCHAR fields: these variable-length columns are particularly prone to fragmentation.

#12: Quicker emails

• Difficulty: Easy
• Application: KMail

Can’t afford to waste three seconds locating your email client? Can’t be bothered finding the mouse under all those gently rotting mountains of clutter on your desk? Whatever you are doing in KDE, you are only a few keypresses away from sending a mail. Press Alt+F2 to bring up the ‘Run command’ dialog. Type:

mailto:plop@ploppypants.com

Press return and KMail will automatically fire up, ready for your words of wisdom. You don’t even need to fill in the entire email address. This also works for Internet addresses: try typing www.slashdot.org to launch Konqueror.

#13: Parallelise your build

• Difficulty: Easy
• Application: GCC

If you’re running a multiprocessor system (SMP) with a moderate amount of RAM, you can usually see significant benefits by performing a parallel make when building code. Compared to doing serial builds when running make (as is the default), a parallel build is a vast improvement. To tell make to allow more than one child at a time while building, use the -j switch:

make -j4; make -j4 modules

#14: Save battery power

• Difficulty: Intermediate
• Application: hdparm

You are probably familiar with using hdparm for tuning a hard drive, but it can also save battery life on your laptop, or make life quieter for you by spinning down drives.

hdparm -y /dev/hdb
hdparm -Y /dev/hdb
hdparm -S 36 /dev/hdb

In order, these commands will: cause the drive to switch to Standby mode, switch to Sleep mode, and finally set the Automatic spindown timeout. This last includes a numeric variable, whose units are blocks of 5 seconds (for example, a value of 12 would equal one minute).

Incidentally, this habit of specifying spindown time in blocks of 5 seconds should really be a contender for a special user-friendliness award – there’s probably some historical reason for it, but we’re stumped. Write in and tell us if you happen to know where it came from!

#15: Wireless speed management

• Difficulty: Intermediate
• Application: iwconfig

The speed at which a piece of radio transmission/receiver equipment can communicate with another depends on how much signal is available. In order to maintain communications as the available signal fades, the radios need to transmit data at a slower rate. Normally, the radios attempt to work out the available signal on their own and automatically select the fastest possible speed.

In fringe areas with a barely adequate signal, packets may be needlessly lost while the radios continually renegotiate the link speed. If you can’t add more antenna gain, or reposition your equipment to achieve a better enough signal, consider forcing your card to sync at a lower rate. This will mean fewer retries, and can be substantially faster than using a continually flip-flopping link. Each driver has its own method for setting the link speed. In Linux, set the link speed with iwconfig:

iwconfig eth0 rate 2M

This forces the radio to always sync at 2Mbps, even if other speeds are available. You can also set a particular speed as a ceiling, and allow the card to automatically scale to any slower speed, but go no faster. For example, you might use this on the example link above:

iwconfig eth0 rate 5.5M auto

Using the auto directive this way tells the driver to allow speeds up to 5.5Mbps, and to run slower if necessary, but will never try to sync at anything faster. To restore the card to full auto scaling, just specify auto by itself:

iwconfig eth0 rate auto

Cards can generally reach much further at 1Mbps than they can at 11Mbps. There is a difference of 12dB between the 1Mbps and 11Mbps ratings of the Orinoco card – that’s four times the potential distance just by dropping the data rate!

#16: Unclog open ports

• Difficulty: Intermediate
• Application: netstat

Generating a list of network ports that are in the Listen state on a Linux server is simple with netstat:

root@catlin:~# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5280 0.0.0.0:* LISTEN 698/perl
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 217/httpd
tcp 0 0 10.42.3.2:53 0.0.0.0:* LISTEN 220/named
tcp 0 0 10.42.4.6:53 0.0.0.0:* LISTEN 220/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 220/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 200/sshd
udp 0 0 0.0.0.0:32768 0.0.0.0:* 220/named
udp 0 0 10.42.3.2:53 0.0.0.0:* 220/named
udp 0 0 10.42.4.6:53 0.0.0.0:* 220/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 220/named
udp 0 0 0.0.0.0:67 0.0.0.0:* 222/dhcpd
raw 0 0 0.0.0.0:1 0.0.0.0:* 7 222/dhcpd

That shows you that PID 698 is a Perl process that is bound to port 5280. If you’re not root, the system won’t disclose which programs are running on which ports.

#17: Faster Hard drives

• Difficulty: Expert
• Application: hdparm

You may know that the hdparm tool can be used to speed test your disk and change a few settings. It can also be used to optimise drive performance, and turn on some features that may not be enabled by default. Before we start though, be warned that changing drive options can cause data corruption, so back up all your important data first. Testing speed is done with:

hdparm -Tt /dev/hda

You’ll see something like:

/dev/hda:

Timing buffer-cache reads:   128 MB in  1.64 seconds =78.05 MB/sec
Timing buffered disk reads:  64 MB in 18.56 seconds = 3.45MB/sec

Now we can try speeding it up. To find out which options your drive is currently set to use, just pass hdparm the device name:

hdparm /dev/hda
 /dev/hda:
 multcount    =  16 (on)
 I/O support  =  0 (default 16-bit)
 unmaskirq    =  0 (off)
 using_dma    =  0 (off)
 keepsettings =  0 (off)
 readonly     =  0 (off)
 readahead    =  8 (on)
 geometry     = 40395/16/63, sectors = 40718160, start = 0

This is a fairly default setting. Most distros will opt for safe options that will work with most hardware. To get more speed, you may want to enable dma mode, and certainly adjust I/O support. Most modern computers support mode 3, which is a 32-bit transfer mode that can nearly double throughput. You might want to try

hdparm -c3 -d1/dev/hda

Then rerun the speed check to see the difference. Check out the modes your hardware will support, and the hdparm man pages for how to set them.

#18: Uptime on your hands

• Difficulty: Expert
• Application: Perl

In computing, wasted resources are resources that could be better spent helping you. Why not run a process that updates the titlebar of your terminal with the current load average in real-time, regardless of what else you’re running?

Save this as a script called tl, and save it to your ~/bin directory:

#!/usr/bin/perl -w

use strict;
$|++;

my $host=`/bin/hostname`;
chomp $host;

while(1) {

open(LOAD,"/proc/loadavg") || die "Couldn't open /proc/loadavg: $!\n";

my @load=split(/ /,<LOAD>);
close(LOAD);

print "$host: $load[0] $load[1] $load[2] at ", scalar(localtime);
print "\007";

sleep 2;
}

When you’d like to have your titlebar replaced with the name, load average, and current time of the machine you’re logged into, just run tl&. It will happily go on running in the background, even if you’re running an interactive program like Vim.

#19: Grabbing a screenshot without X

• Difficulty: Easy
• Application: Shell

There are plenty of screen-capture tools, but a lot of them are based on X. This leads to a problem when running an X application would interfere with the application you wanted to grab – perhaps a game or even a Linux installer. If you use the venerable ImageMagick import command though, you can grab from an X session via the console. Simply go to a virtual terminal (Ctrl+Alt+F1 for example) and enter the following:

chvt 7; sleep 2; import -display :0.0 -window root sshot1.png; chvt 1;

The chvt command changes the virtual terminal, and the sleep command gives it a while to redraw the screen. The import command then captures the whole display and saves it to a file before the final chvt command sticks you back in the virtual terminal again. Make sure you type the whole command on one line.

This can even work on Linux installers, many of which leave a console running in the background – just load up a floppy/CD with import and the few libraries it requires for a first-rate run-anywhere screen grabber.

#20: Access your programs remotely

• Difficulty: Easy
• Application: X

If you would like to lie in bed with your Linux laptop and access your applications from your Windows machine, you can do this with SSH. You first need to enable the following setting in /etc/ssh/sshd_config:

X11Forwarding yes

We can now run The GIMP on 192.168.0.2 with:

ssh -X 192.168.0.2 gimp

#21: Making man pages useful

• Difficulty: Easy
• Application: man

If you are looking for some help on a particular subject or command, man pages are a good place to start. You normally access a man page with man <command>, but you can also search the man page descriptions for a particular keyword. As an example, search for man pages that discuss logins:

man -k login

When you access a man page, you can also use the forward slash key to search for a particular word within the man page itself. Simply press / on your keyboard and then type in the search term.

#22: Talk to your doctor!

• Difficulty: Easy
• Application: Emacs

To say that Emacs is just a text editor is like saying that a Triumph is just a motorcycle, or the World Cup is just some four-yearly football event. True, but simplified juuuust a little bit. An example? Open the editor, press the Esc key followed by X and then enter in doctor: you will be engaged in a surreal conversation by an imaginary and underskilled psychotherapist. And if you want to waste your time in a better way

Esc-X tetris

will transform your ‘editor’ into the old favourite arcade game.

Does the madness stop there? No! Check out your distro’s package list to see what else they’ve bundled for Emacs: we’ve got chess, Perl integration, IRC chat, French translation, HTML conversion, a Java development environment, smart compilation, and even something called a “semantic bovinator”. We really haven’t the first clue what that last one does, but we dare you to try it out anyway! (Please read the disclaimer first!)

#23: Generating package relationship diagrams

• Difficulty: Easy
• Application: Debian

The most critical part of the Debian system is the ability to install a package and have the dependencies satisfied automatically. If you would like a graphical representation of the relationships between these packages (this can be useful for seeing how the system fits together), you can use the Graphviz package from Debian non-free (apt-get install graphviz) and the following command:

apt-cache dotty > debian.dot

The command generated the graph file which can then be loaded into dotty:

dotty debian.dot

#24: Unmount busy drives

• Difficulty: Easy
• Application: bash

You are probably all too familiar with the situation – you are trying to unmount a drive, but keep getting told by your system that it’s busy. But what application is tying it up? A quick one-liner will tell you:

lsof +D /mnt/windows

This will return the command and process ID of any tasks currently accessing the /mnt/windows directory. You can then locate them, or use the kill command to finish them off.

#25: Text file conversion

• Difficulty: Easy
• Application: recode

recode is a small utility that will save you loads of effort when using text files created on different platforms. The primary source of discontent is line breaks. In some systems, these are denoted with a line-feed character. In others, a carriage return is used. In still more systems, both are used. The end result is that if you are swapping text from one platform to another, you end up with too many or too few line breaks, and lots of strange characters besides.

However, the command parameters of recode are a little arcane, so why not combine this hack with HACK 26 in this feature, and set up some useful aliases:

alias dos2unix='recode dos/CR-LF..l1'
alias unix2win='recode l1..windows-1250'
alias unix2dos='recode l1..dos/CR-LF'

There are plenty more options for recode – it can actually convert between a whole range of character sets. Check out the man pages for more information.

#26: Listing today’s files only

• Difficulty: Easy
• Application: Various

You are probably familiar with the problem. Sometime earlier in the day, you created a text file, which now is urgently required. However, you can’t remember what ridiculous name you gave it, and being a typical geek, your home folder is full of 836 different files. How can you find it? Well, there are various ways, but this little tip shows you the power of pipes and joining together two powerful shell commands:

ls -al --time-style=+%D | grep `date +%D`

The parameters to the ls command here cause the datestamp to be output in a particular format. The cunning bit is that the output is then passed to grep. The grep parameter is itself a command (executed because of the backticks), which substitutes the current date into the string to be matched. You could easily modify it to search specifically for other dates, times, filesizes or whatever. Combine it with HACK 26 to save typing!

#27: Avoid common mistypes and long commands

• Difficulty: Easy
• Application: Shell

The alias command is useful for setting up shortcuts for long commands, or even more clever things. From HACK 25, we could make a new command, lsnew, by doing this:

alias lsnew=" ls -al --time-style=+%D | grep `date +%D` "

But there are other uses of alias. For example, common mistyping mistakes. How many times have you accidentally left out the space when changing to the parent directory? Worry no more!

alias cd..="cd .."

Alternatively, how about rewriting some existing commands?

alias ls="ls -al"

saves a few keypresses if, like us, you always want the complete list.

To have these shortcuts enabled for every session, just add the alias commands to your user .bashrc file in your home directory.

#28: Alter Mozilla’s secret settings

• Difficulty: Easy
• Application: Mozilla

If you find that you would like to change how Mozilla works but the preferences offer nothing by way of clickable options that can help you, there is a special mode that you can enable in Mozilla so that you can change anything. To access it, type this into the address bar:

about:config

You can then change each setting that you are interested in by changing the Value field in the table.

Other interesting modes include general information (about:), details about plugins (about:plugins), credits information (about:credits) and some general wisdom (about:mozilla).

#29: A backdrop of stars

• Difficulty: Easy
• Application: KStars

You may already have played with KStars, but how about creating a KStars backdrop image that’s updated every time you start up?

KStars can be run with the –dump switch, which dumps out an image from your startup settings, but doesn’t load the GUI at all. You can create a script to run this and generate a desktop image, which will change every day (or you can just use this method to generate images).

Run KStars like this:

kstars --dump --width 1024 --height 768 --filename = ~/kstarsback.png

You can add this to a script in your ~/.kde/Autostart folder to be run at startup. Find the file in Konqueror, drag it to the desktop and select ‘Set as wallpaper’ to use it as a randomly generated backdrop.

#30: Open an SVG directly

• Difficulty: Easy
• Application: Inkscape

You can run Inkscape from a shell and immediately edit a graphic directly from a URL. Just type:

inkscape http://www.somehost.com/graphic.svg

Remember to save it as something else though!

#31: Editing without an editor

• Difficulty: Intermediate
• Application: Various

Very long files are often hard to manipulate with a text editor. If you need to do it regularly, chances are you’ll find it much faster to use some handy command-line tools instead, like in the following examples.

To print columns eg 1 and 3 from a file file1 into file2, we can use awk:

awk '{print $1, $3}' file1 > file2

To output only characters from column 8 to column 15 of file1, we can use cut:

cut -c 8-15 file1 > file2

To replace the word word1 with the word word2 in the file file1, we can use the sed command:

sed "s/word1/word2/g" file1 > file2

This is often a quicker way to get results than even opening a text editor.

#32: Backup selected files only

• Difficulty: Intermediate
• Application: tar

Want to use tar to backup only certain files in a directory? Then you’ll want to use the -T flag as follows. First, create a file with the file you want to backup:

cat >> /etc/backup.conf
# /etc/passwd
# /etc/shadow
# /etc/yp.conf
# /etc/sysctl.conf
EOF

Then run tar with the -T flag pointing to the file just created:

tar -cjf bck-etc-`date +%Y-%m-%d`.tar.bz2 -T /etc/backup.conf

Now you have your backup.

#33: Merging columns in files

• Difficulty: Intermediate
• Application: bash

While splitting columns in files is easy enough, merging them can be complicated. Below is a simple shell script that does the job:

#!/bin/sh
length=`wc -l $1 | awk '{print $1}'`
count=1
[ -f $3 ] && echo "Optionally removing $3" && rm -i $3
while [ "$count" -le "$length" ] ; do
      a=`head -$count $1 | tail -1`
      b=`head -$count $2 | tail -1`
      echo "$a      $b" >> $3
      count=`expr $count + 1`
done

Give to this script the name merge.sh and make it executable with:

chmod u+x merge.sh

Now, if you want to merge the columns of file1 and file2 into file3, it’s just matter of executing

/path/to/merge.sh file1 file2 file3

where /path/to has to be replaced with the location of merge.sh in your filesystem.

#34: Case sensitivity

• Difficulty: Intermediate
• Application: bash

Despite the case of a word not making any difference to other operating systems, in Linux “Command” and “command” are different things. This can cause trouble when moving files from Windows to Linux. tr is a little shell utility that can be used to change the case of a bunch of files.

#!/bin/sh
for i in `ls -1`; do
        file1=`echo $i | tr [A-Z] [a-z] `
        mv $i $file1 2>/dev/null
done

By executing it, FILE1 and fiLe2 will be renamed respectively file1 and file2.

#35: Macros in Emacs

• Difficulty: Intermediate
• Application: Emacs

When editing files, you will often find that the tasks are tedious and repetitive, so to spare your time you should record a macro. In Emacs, you will have to go through the following steps:

1. Press Ctrl+X to start recording.
2. Insert all the keystrokes and commands that you want
3. Press Ctrl+X to stop when you’re done.

Now, you can execute that with

Ctrl -u <number> Ctrl -x e

where <number> is the number of times you want to execute the macro. If you enter a value of 0, the macro will be executed until the end of the file is reached. Ctrl -x e is equivalent to Ctrl -u 1 Ctrl-x e.

#36: Simple spam killing

• Difficulty: Intermediate
• Application: KMail

Spam, or unsolicited bulk email, is such a widespread problem that almost everyone has some sort of spam protection now, out of necessity. Most ISPs include spam filtering, but it isn’t set to be too aggressive, and most often simply labels the spam, but lets it through (ISPs don’t want to be blamed for losing your mails).

The result is that, while you may have anti-spam stuff set up on the client-side, you can make its job easier by writing a few filters to remove the spam that’s already labelled as such. The label is included as a header. In KMail, you can just create a quick filter to bin your mail, or direct it to a junk folder. The exact header used will depend on the software your ISP is using, but it’s usually something like X-Spam-Flag = YES for systems like SpamAssassin.

Simply create a filter in KMail, choose Match Any of the Following and type in the header details and the action you require. Apply the filter to incoming mail, and you need never be troubled by about half the volume of your spam ever again.

#37: Read OOo docs without OOo

• Difficulty: Intermediate
• Application: OpenOffice.org

Have you ever been left with an OOo document, but no OpenOffice.org in which to read it? Thought you saved it out as plain text (.txt), but used the StarOffice .sxw format instead? The text can be rescued. Firstly, the sxw file is a zip archive, so unzip it:

unzip myfile.sxw

The file you want is called ‘content.xml’. Unfortunately, it’s so full of xml tags it’s fairly illegible, so filter them out with some Perl magic:

cat content.xml | perl -p -e  "s/<[^>]*>/ /g;s/\n/ /g;s/ +/ /;"

It may have lost lots of formatting, but at least it is now readable.

#38: Find and execute

• Difficulty: Intermediate
• Application: find

The find command is not only useful for finding files, but is also useful for processing the ones it finds too. Here is a quick example.

Suppose we have a lot of tarballs, and we want to find them all:

find . -name '*.gz'

will locate all the gzip archives in the current path. But suppose we want to check they are valid archives? The gunzip -vt option will do this for us, but we can cunningly combine both operations, using xargs:

find . -name '*.gz' | xargs gunzip -vt

#39: Use the correct whois server

• Difficulty: Intermediate
• Application: whois

The whois command is very useful for tracking down Internet miscreants and the ISPs that are supplying them with service. Unfortunately, there are many whois servers, and if you are querying against a domain name, you often have to use one which is specific to the TLD they are using. However, there are some whois proxies that will automatically forward your query on to the correct server. One of these is available at http://whois.geektools.com.

whois -h whois.geektools.com  plop.info

#40: Where did that drive mount?

• Difficulty: Intermediate
• Application: bash

A common problem with people who have lots of mountable devices (USB drives, flash memory cards, USB key drives) is working out where that drive you just plugged in has ended up?

Practically all devices that invoke a driver – such as usb-storage – will dump some useful information in the logs. Try

dmesg | grep SCSI

This will filter out recognised drive specs from the dmesg output. You’ll probably turn up some text like:

SCSI device sda: 125952 512-byte hdwr sectors (64 MB)

So your device is at sda.

#41: Autorun USB devices

• Difficulty: Expert
• Application: hotplug scripts

Want to run a specific application whenever a particular device is added? The USB hotplug daemon can help you! This service is notified when USB devices are added to the system. For devices that require kernel drivers, the hotplug daemon will call a script by the same name in /etc/hotplug/usb/, for example, a script called usb-storage exists there. You can simply add your own commands to the end of this script (or better still, tag a line at the end of it to execute a script elsewhere). Then you can play a sound, autosync files, search for pictures or whatever.

For devices that don’t rely on kernel drivers, a lookup table is used matching the USB product and manufacturer ID. Many distros already set this up to do something, but you can customise these scripts pretty easily. See http://jphoto.sourceforge.net/?selected=sync for an example of what can be done.

#42: Rename and resize images

• Difficulty: Expert
• Application: bash

Fond of your new camera but can’t put up with the terrible names? Do you want also to prepare them for publishing on the web? No problem, a simple bash script is what you need:

#!/bin/sh
counter=1
root=mypict
resolution=400x300
for i in `ls -1 $1/*.jpg`; do
        echo "Now working on $i"
        convert -resize $resolution $i ${root}_${counter}.jpg
        counter=`expr $counter + 1`
done

Save the script in a file called picturename.sh and make it executable with

chmod u+x picturename.sh

and store it somewhere in your path. Now, if you have a bunch of .jpg files in the directory /path/to/pictdir, all you have to do is to execute

picturename.sh /path/to/pictdir

and in the current directory you’ll find mypict_1.jpg, mypict_2.jpg etc, which are the resized versions of your original ones. You can change the script according to your needs, or, if you’re just looking for super-simple image resizing, try looking at the mogrify command with its -geometry parameter.

#43: Secure logout

• Difficulty: Easy
• Application: bash

When you are using a console on a shared machine, or indeed, just on your own desktop, you may find that when you logout, the screen still shows a trace of who was logged in and what you were doing. A lot of distros will clear the screen, but some don’t. You can solve this by editing your ~/.bash_logout file and adding the command:

clear

You can add any other useful commands here too.

#44: Transferring files without ftp or scp

• Difficulty: Easy
• Application: netcat

Need to transfer a directory to another server but do not have FTP or SCP access? Well this little trick will help out using the netcat utility. On the destination server run:

nc -l -p 1234 | uncompress -c | tar xvfp -

And on the sending server run:

tar cfp - /some/dir | compress -c | nc -w 3 [destination] 1234

Now you can transfer directories without FTP and without needing root access.

#45: Backing up a Debian package list

• Difficulty: Easy
• Application: Debian

If you are running Debian and have lost track of which packages you are running, it could be useful to get a backup of your currently installed packages. You can get a list by running:

dpkg --get-selections > debianlist.txt

This will put the entire list in debianlist.txt. You could then install the same packages on a different computer with:

dpkg --set-selections < debianlist.txt

You should bear in mind that you would also need to copy over configuration files from /etc when copying your system to a new computer.

To actually install the selections, use:

apt-get -u dselect-upgrade.

#46: Hardening ssh

• Difficulty: Easy
• Application: ssh

Although SSH is a pretty secure way to connect to your server, there are two simple changes you can make that will boost its security even further. First, you almost certainly don’t want people logging in directly as root – instead, they should logon as a normal user, then use the su command to switch over. You can change this simply in the /etc/ssh/ssh_config file by adding the line:

PermitRootLogin  no

Now the only way to get root privilges is through su, which means crackers now need to break two passwords to get full access. While you are editing that file, find the line which says:

Protocol 2, 1

And change it to:

Protocol 2

This removes the option to fallback on the original SSH protocol, now considered very vulnerable.

#47: Stop replying to pings

• Difficulty: Easy
• Application: sysctl

While ping is a very useful command for discovering network topology, the disadvantage is that it does just that, and makes it easier for hackers on the network to target live servers. But you can tell Linux to ignore all pings – the server simply won’t respond. There are a number of ways to achieve this, but the best is to use sysctl. To turn off ping replies:

sysctl -w net.ipv4.icmp_echo_ignore_all=1

To turn it back on, again use:

sysctl -w net.ipv4.icmp_echo_ignore_all=0

If turning off ping is too severe for you, take a look at the next hack.

#48: Slow down ping rates

• Difficulty: Easy
• Application: sysctl

You may want to keep the ability to reply to pings, but protect yourself from a form of attack known as a ‘ping flood’. So how can you manage such a feat? The easiest way is to slow down the rate at which the server replies to pings. They are still valid, but won’t overload the server:

sysctl -w net.ipv4.icmp_echoreply_rate=10

This slows the rate at which replies are sent to a single address.

#49: Clean up KDE on logout

• Difficulty: Easy
• Application: bash

On Windows there are plenty of programs that do stuff like clean out your web cache, remove temporary files and all sorts of other stuff when you logout. Wouldn’t it be cool to do this on Linux too? With KDE, you don’t need to even install any new software, as the startkde script will automatically run scripts you put in special places.

First, you need to create a directory called shutdown in your .kde directory:

mkdir /home/username/.kde/shutdown

Now create a script to do any stuff you like on shutdown. Here is an example:

#!/bin/bash
#clear up temp folder
rm -rf ~/tmp/*
#clear out caches
rm -rf ~/.ee/minis/*
rm -rf ~/.kde/share/cache/http/*
# delete konqueror form completions
rm ~/.kde/share/apps/khtml/formcompletions

Now make sure you set the correct permissions:

chmod ug+x ~/.kde/shutdown/cleanup.sh

(or whatever you called it). As well as cleaning up sensitive files, you can also have global shutdown scripts for all users, by placing the script in your default KDE folder, in a subfolder called shutdown. To find out which is your default KDE directory, try:

kde-config --path exe

#50: Password-less ssh

• Difficulty: Intermediate
• Application: ssh

Tired of typing your password every time you log into the server? ssh also supports keys, so you’ll only have to type in your password when you log in to the desktop. Generate a keypair on your desktop machine:

ssh-keygen -t dsa -C your.email@ddress

Enter a passphrase for your key. This puts the secret key in ~/.ssh/id_dsa and the public key in ~/.ssh/id_dsa.pub. Now see whether you have an ssh-agent running at present:

echo $SSH_AGENT_PID

Most window managers will run it automatically if it’s installed. If not, start one up:

eval $(ssh-agent)

Now, tell the agent about your key:

ssh-add

and enter your passphrase. You’ll need to do this each time you log in; if you’re using X, try adding

SSH_ASKPASS=ssh-askpass ssh-add

to your .xsession file. (You may need to install ssh-askpass.) Now for each server you log into, create the directory ~/.ssh and copy the file ~/.ssh/id_dsa.pub into it as ~/.ssh/authorized_keys . If you started the ssh-agent by hand, kill it with

ssh-agent -k

when you log out.

#51: Using rsync over ssh

• Difficulty: Intermediate
• Application: Shell

Keep large directory structures in sync quickly with rsync. While tar over SSH is ideal for making remote copies of parts of a filesystem, rsync is even better suited for keeping the filesystem in sync between two machines. To run an rsync over SSH, pass it the -e switch, like this:

rsync -ave ssh greendome:/home/ftp/pub/ /home/ftp/pub/

Note the trailing / on the file spec from the source side (on greendome.) On the source spec, a trailing / tells rsync to copy the contents of the directory, but not the directory itself. To include the directory as the top level of what’s being copied, leave off the /:

rsync -ave ssh bcnu:/home/six .

This will keep a copy of the ~/six/ directory on village in sync with whatever is present on bcnu:/home/six/. By default, rsync will only copy files and directories, but not remove them from the destination copy when they are removed from the source. To keep the copies exact, include the –delete flag:

rsync -ave ssh  --delete greendome:~one/reports .

Now when old reports are removed from ~one/reports/ on greendome, they’re also removed from ~six/public_html/reports/ on the synced version, every time this command is run. If you run a command like this in cron, leave off the v switch. This will keep the output quiet (unless rsync has a problem running, in which case you’ll receive an email with the error output). Using SSH as your transport for rsync traffic has the advantage of encrypting the data over the network and also takes advantage of any trust relationships you already have established using SSH client keys.

#52: Asset scanning

• Difficulty: Intermediate
• Application: nmap

Normally, when people think of using nmap, they assume it’s used to conduct some sort of nefarious network reconnaissance in preparation for an attack. But as with all powerful tools, nmap can be made to wear a white hat, as it’s useful for far more than breaking into networks. For example, simple TCP connect scans can be conducted without needing root privileges:

nmap rigel

nmap can also scan ranges of IP addresses by specifying the range or using CIDR notation:

nmap 192.168.0.1-254
nmap 192.168.0.0/24

nmap can provide much more information if it is run as root. When run as root, it can use special packets to determine the operating system of the remote machine by using the -O flag. Additionally, you can do half-open TCP scanning by using the -sS flag. When doing a half-open scan, nmap will send a SYN packet to the remote host and wait to receive the ACK from it; if it receives an ACK, it knows that the port is open.

This is different from a normal three-way TCP handshake, where the client will send a SYN packet and then send an ACK back to the server once it has received the initial server ACK. Attackers typically use this option to avoid having their scans logged on the remote machine.

nmap -sS -O rigel

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on rigel.nnc (192.168.0.61):
(The 1578 ports scanned but not shown below are in state: filtered)
Port       State       Service
7/tcp      open     echo
9/tcp      open     discard
13/tcp     open     daytime
19/tcp     open     chargen
21/tcp     open     ftp
22/tcp     open     ssh
23/tcp     open     telnet
25/tcp     open     smtp
37/tcp     open     time
79/tcp     open     finger
111/tcp    open     sunrpc
512/tcp    open     exec
513/tcp    open     login
514/tcp    open     shell
587/tcp    open     submission
7100/tcp   open     font-service
32771/tcp  open     sometimes-rpc5
32772/tcp  open     sometimes-rpc7
32773/tcp  open     sometimes-rpc9
32774/tcp  open     sometimes-rpc11
32777/tcp  open     sometimes-rpc17
Remote operating system guess: Solaris 9 Beta through Release on SPARC
Uptime 44.051 days (since Sat Nov  1 16:41:50 2003)
Nmap run completed -- 1 IP address (1 host up) scanned in 166 seconds

With OS detection enabled, nmap has confirmed that the OS is Solaris, but now you also know that it’s probably Version 9 running on a SPARC processor.

One powerful feature that can be used to help keep track of your network is nmap’s XML output capabilities. This is activated by using the -oX command-line switch, like this:

nmap -sS -O -oX scandata.xml rigel

This is especially useful when scanning a range of IP addresses or your whole network, because you can put all the information gathered from the scan into a single XML file that can be parsed and inserted into a database. Here’s what an XML entry for an open port looks like:

<port protocol="tcp" portid="22">

<state state="open" />
<service name="ssh" method="table" conf="3" />
</port>

nmap is a powerful tool. By using its XML output capabilities, a little bit of scripting, and a database, you can create an even more powerful tool that can monitor your network for unauthorized services and machines.

#53: Backup your bootsector

• Difficulty Expert
• Application Shell

Messing with bootloaders, dual-booting and various other scary processes can leave you with a messed up bootsector. Why not create a backup of it while you can:

dd if=/dev/hda of=bootsector.img bs=512 count=1

Obviously you should change the device to reflect your boot drive (it may be sda for SCSI). Also, be very careful not to get things the wrong way around – you can easily damage your drive! To restore use:

dd if=bootsector.img of=/dev/hda

#54: Protect log files

• Difficulty: Expert
• Application: Various

During an intrusion, an attacker will more than likely leave telltale signs of his actions in various system logs: a valuable audit trail that should be protected. Without reliable logs, it can be very difficult to figure out how the attacker got in, or where the attack came from. This info is crucial in analysing the incident and then responding to it by contacting the appropriate parties involved. But, if the break-in is successful, what’s to stop him from removing the traces of his misbehaviour?

This is where file attributes come in to save the day (or at least make it a little better). Both Linux and the BSDs have the ability to assign extra attributes to files and directories. This is different from the standard Unix permissions scheme in that the attributes set on a file apply universally to all users of the system, and they affect file accesses at a much deeper level than file permissions or ACLs.

In Linux, you can see and modify the attributes that are set for a given file by using the lsattr and chattr commands, respectively. At the time of this writing, file attributes in Linux are available only when using the ext2 and ext3 filesystems. There are also kernel patches available for attribute support in XFS and ReiserFS. One useful attribute for protecting log files is append-only. When this attribute is set, the file cannot be deleted, and writes are only allowed to append to the end of the file.

To set the append-only flag under Linux, run this command:

chattr +a  filename

See how the +a attribute works: create a file and set its append-only attribute:

touch /var/log/logfile
echo "append-only not set" > /var/log/logfile
chattr +a /var/log/logfile
echo "append-only set" > /var/log/logfile
bash: /var/log/logfile: Operation not permitted

The second write attempt failed, since it would overwrite the file. However, appending to the end of the file is still permitted:

echo "appending to file" >> /var/log/logfile
cat /var/log/logfile
append-only not set
appending to file

Obviously, an intruder who has gained root privileges could realise that file attributes are being used and just remove the append-only flag from our logs by running chattr -a. To prevent this, we need to disable the ability to remove the append-only attribute. To accomplish this under Linux, use its capabilities mechanism.

The Linux capabilities model divides up the privileges given to the all-powerful root account and allows you to selectively disable them. In order to prevent a user from removing the append-only attribute from a file, we need to remove the CAP_LINUX_IMMUTABLE capability. When present in the running system, this capability allows the append-only attribute to be modified. To modify the set of capabilities available to the system, we will use a simple utility called lcap (http://packetstormsecurity.org/linux/admin/lcap-0.0.3.tar.bz2).

To unpack and compile the tool, run this command:

tar xvfj lcap-0.0.3.tar.bz2 && cd lcap-0.0.3 && make

Then, to disallow modification of the append-only flag, run:

./lcap CAP_LINUX_IMMUTABLE
./lcap CAP_SYS_RAWIO

The first command removes the ability to change the append-only flag, and the second removes the ability to do raw I/O. This is needed so that the protected files cannot be modified by accessing the block device they reside on. It also prevents access to /dev/mem and /dev/kmem, which would provide a loophole for an intruder to reinstate the CAP_LINUX_IMMUTABLE capability. To remove these capabilities at boot, add the previous two commands to your system startup scripts (eg /etc/rc.local). You should ensure that capabilities are removed late in the boot order, to prevent problems with other startup scripts. Once lcap has removed kernel capabilities, they can be reinstated only by rebooting the system.

Before doing this, you should be aware that adding append-only flags to your log files will most likely cause log rotation scripts to fail. However, doing this will greatly enhance the security of your audit trail, which will prove invaluable in the event of an incident.

#55: Automatically encrypted connections

• Difficulty: Expert
• Application: FreeS/WAN

One particularly cool feature supported by FreeS/WAN is opportunistic encryption with other hosts running FreeS/WAN. This allows FreeS/WAN to transparently encrypt traffic between all hosts that also support opportunistic encryption. To do this, each host must have a public key generated to use with FreeS/WAN. This key can then be stored in a DNS TXT record for that host. When a host that is set up for opportunistic encryption wishes to initiate an encrypted connection with another host, it will look up the host’s public key through DNS and use it to initiate the connection.

To begin, you’ll need to generate a key for each host that you want to use this feature with. You can do that by running the following command:

ipsec newhostkey --output /tmp/`hostname`.key

Now you’ll need to add the contents of the file that was created by that command to /etc/ipsec.secrets:

cat /tmp/`hostname`.key >> /etc/ipsec.secrets

Next, you’ll need to generate a TXT record to put into your DNS zone. You can do this by running a command similar to this one:

ipsec showhostkey --txt @colossus.nnc

Now add this record to your zone and reload it. You can verify that DNS is working correctly by running this command:

ipsec verify

Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path  [OK]
Checking for KLIPS support in kernel   [OK]
Checking for RSA private key (/etc/ipsec.secrets)   [OK]
Checking that pluto is running   [OK]
DNS checks.
Looking for TXT in forward map: colossus   [OK]
Does the machine have at least one non-private address   [OK]

Now just restart FreeS/WAN – you should now be able to connect to any other host that supports opportunistic encryption. But what if other hosts want to connect to you? To allow this, you’ll need to create a TXT record for your machine in your reverse DNS zone.

You can generate the record by running a command similar to this:

ipsec showhostkey --txt 192.168.0.64

Add this record to the reverse zone for your subnet, and other machines will be able to initiate opportunistic encryption with your machine. With opportunistic encryption in use, all traffic between the hosts will be automatically encrypted, protecting all services simultaneously.

#56: Eliminate suid binaries

• Difficulty: Intermediate
• Application: find

If your server has more shell users than yourself, you should regularly audit the setuid and setgid binaries on your system. Chances are you’ll be surprised at just how many you’ll find. Here’s one command for finding all of the files with a setuid or setgid bit set:

find / -perm +6000 -type f -exec ls -ld {} \; > setuid.txt &

This will create a file called setuid.txt that contains the details of all of the matching files present on your system. To remove the s bits of any tools that you don’t use, type:

chmod a-s program

#57: Mac filtering Host AP

• Difficulty: Expert
• Application: iwpriv

While you can certainly perform MAC filtering at the link layer using iptables or ebtables, it is far safer to let Host AP do it for you. This not only blocks traffic that is destined for your network, but also prevents miscreants from even associating with your station. This helps to preclude the possibility that someone could still cause trouble for your other associated wireless clients, even if they don’t have further network access.

When using MAC filtering, most people make a list of wireless devices that they wish to allow, and then deny all others. This is done using the iwpriv command.

iwpriv wlan0 addmac 00:30:65:23:17:05
iwpriv wlan0 addmac 00:40:96:aa:99:fd
  ...
iwpriv wlan0 maccmd 1
iwpriv wlan0 maccmd 4

The addmac directive adds a MAC address to the internal table. You can add as many MAC addresses as you like to the table by issuing more addmac commands. You then need to tell Host AP what to do with the table you’ve built. The maccmd 1 command tells Host AP to use the table as an “allowed” list, and to deny all other MAC addresses from associating. Finally, the maccmd 4 command boots off all associated clients, forcing them to reassociate. This happens automatically for clients listed in the table, but everyone else attempting to associate will be denied.

Sometimes, you only need to ban a troublemaker or two, rather than set an explicit policy of permitted devices. If you need to ban a couple of specific MAC address but allow all others, try this:

iwpriv wlan0 addmac 00:30:65:fa:ca:de
iwpriv wlan0 maccmd 2
iwpriv wlan0 kickmac 00:30:65:fa:ca:de

As before, you can use addmac as many times as you like. The maccmd 2 command sets the policy to “deny,” and kickmac boots the specified MAC immediately, if it happens to be associated. This is probably nicer than booting everybody and making them reassociate just to ban one troublemaker. Incidentally, if you’d like to remove MAC filtering altogether, try maccmd 0.

If you make a mistake typing in a MAC address, you can use the delmac command just as you would addmac, and it (predictably) deletes the given MAC address from the table. Should you ever need to flush the current MAC table entirely but keep the current policy, use this command:

iwpriv wlan0 maccmd 3

Finally, you can view the running MAC table by using /proc:

cat /proc/net/hostap/wlan0/ap_control

The iwpriv program manipulates the running Host AP driver, but doesn’t preserve settings across reboots. Once you are happy with the contents of your MAC filtering table, be sure to put the relevant commands in an rc script to run at boot time.

Note that even unassociated clients can still listen to network traffic, so MAC filtering actually does very little to prevent eavesdropping. To combat passive listening techniques, you will need to encrypt your data.

Apple introduced today the new Mac Pro using Intel “Nehalem” Xeon processors and a next-generation system architecture. The new Mac Pro starts at $2,499 and features “the latest graphics technology and an updated interior that makes expansion even easier than before.”

“The new Mac Pro is a significant upgrade and starts at $300 less than before,” said Philip Schiller, Apple’s senior vice president of Worldwide Product Marketing. “The Mac Pro features an advanced system architecture, new faster processors and our best-ever graphics options to deliver a faster, more powerful system that our professional customers are going to love.”

The new Mac Pro includes Intel Xeon processors running at speeds up to 2.93 GHz and an integrated memory controller with three channels of 1066 MHz DDR3 ECC memory. Apple claims that this delivers up to 2.4 times the memory bandwidth while cutting memory latency up to 40 percent. Every Mac Pro also comes standard with the NVIDIA GeForce GT 120 with 512MB of GDDR3 memory. An optional ATI Radeon HD 4870 is available for more performance. The new Mac Pro also comes with both a Mini DisplayPort and a DVI port to support the 24-inch Apple LED Cinema Display, the 30-inch Apple Cinema HD Display, or other DVI based displays.

Mac Pro

- $2499. One 2.66GHz Quad-Core Intel Xeon 3500 Processor. 3GB of RAM. NVIDIA GeForce GT 120. 640GB HD.
– $3299. Two 2.26GHz Quad-Core Intel Xeon 5500 Processor. 6GB of RAM. NVIDIA GeForce GT 120. 640GB HD.

Apple today announced updates to its iMac and Mac mini desktop lines, including a 24-inch iMac and a Mac mini with new NVIDIA integrated graphics. For the same $1,499 price as the previous generation 20-inch iMac, the new 24-inch iMac delivers a 30 percent larger display, twice the memory and twice the storage. Apple also claims up to five times better graphics performance in the new Mac mini with the NVIDIA GeForce 9400M integrated graphics..

“Our flagship 24-inch iMac with twice the memory and twice the storage is now available for just $1,499,” said Tim Cook, Apple’s COO. “The Mac mini is not only our most affordable Mac, it’s also the world’s most energy efficient desktop computer.”

iMac

- $1199. 20-inch 2.66 GHz iMac. 2GB RAM. NVIDIA GeForce 9400M Integrated graphics. 320GB HD. Mini Display Port
– $1499. 24-inch 2.66 GHz iMac. 4GB RAM. NVIDIA GeForce 9400M Integrated graphics. 640GB HD. Mini Display Port
– $1799. 24-inch 2.93 GHz iMac. 4GB RAM. NVIDIA GeForce GT 120. 640GB HD. Mini Display Port
– $2199. 24-inch 3.06 GHz iMac. 4GB RAM. NVIDIA GeForce GT 130. 1TB HD. Mini Display Port

Mac Mini

- $599. 2.0GHz Mac mini. 1GB 1066 MHz DDR SDRAM, GeForce 9400M integrated graphics, 120GB HD, 8x SuperDrive, Mini DisplayPort and mini-DVI, 5 USB Ports, One FireWire 800 Port
– $799. 2.0GHz Mac mini. 2GB 1066 MHz DDR SDRAM, GeForce 9400M integrated graphics, 320GB HD, 8x SuperDrive, Mini DisplayPort and mini-DVI, 5 USB Ports, One FireWire 800 Port

Apple also updated the AirPort Extreme Base Station and Time Capsule, which are now offering simultaneous 2.4 GHz and 5 GHz dual-band networking “for optimal performance, range and compatibility.” The new models also offer the ability to set up a secondary Internet-only Wi-Fi network to allow family and friends to access the Internet without giving them the password to the primary network or allowing them access to networked drives and other peripherals. Finally, Time Capsule offers MobileMe members the ability to access files on their device’s hard drive over the Internet from anywhere.

Source