Monday, April 25, 2011

INCEPTION : Microsoft must KILL Windows

   In the INCEPTION movie, an idea is transmitted via dreaming ;
In my case I consider INCEPTION , a kind of idea ( for Microsoft , Google, Apple and Oracle )
transmitted via blogging ;

   Considering  the fact  that tablets will be the future, business included, Ballmer & Co must
decide if they will release a version of MS Office for Android and iOS ; If  not , it could be other
contender - could be LO - that will bring full DOCx, XLSx and PPTx compatibility on ANDROID Tablets .
In this case , LO ( or OO ) can win the hearts of the businessmen and will be a strong alternative to MS Office .
   Next step ?
   Many casual enterprise laptops will be replaced with Android Tablets ...
   In the end, Android ( like HP WebOS) being able to RUN on laptops and desktops, Microsoft will loose
both Office and Windows cash cows ( in the meaning of market dominance)  ...

If Microsoft will make Office for Android and iOS , they will loose only the Windows cash-cow;
Anyway,  with only one move , Apple can destroy Windows :
making OS X available on non Apple Hardware (when they will have their own processors) .
If Apple will be sure that a MAC with a proprietary processor will be more powerful than competition,
they will eventually license Mac OS or iOS to others ...

Thursday, April 21, 2011

GRUB2 DEFAULT

Ubuntu grub.cfg

Editing /etc/default/grub

You can open /etc/default/grub file with the following command,


gksudo gedit /etc/default/grub
or
gksudo kate /etc/default/grub

This is what it should look like,
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.



GRUB_DEFAULT=0
The number at the end of this line can be changed to make the highlight bar or selection bar in the GRUB Menu appear automatically on any GRUB Menu entry we like.
0 (zero) tells GRUB we want the first or top GRUB entry automatically selected unless we over ride that selection with our up or down arrow key during boot-up.
Any number greater than 0 (zero) will mean boot entries further down the GRUB Menu will be selected instead.

Alternatively, replace the number here with the word 'saved' to enable the grub-set-default command to work.

Saturday, April 16, 2011

Sendmail SMTP AUTH to bypass DNSBL

Q:
<<
I use DNSBL to filter incoming mail. I also offer SMTP AUTH. The problem I'm having is that, while authenticated users are allowed to relay, they're still subject to DNSBL . Any way to prevent that, so that authenticated users can _always_ relay? 
>>


Apr 15 23:45:37 ftp sendmail[27729]: ruleset=check_relay, arg1=[21.23.10.25], arg2=127.0.0.10, relay=[21.23.10.25], reject=554 5.7.1 Rejected 21.23.10.25 Found in dnsbl.sorbs.net


A:

You may use FEATURE(`delay_checks').
skips DNSBL checks for authenticated users.
URL(s):
http://www.sendmail.org/m4/anti_spam.html#delay_check

<<

Delay all checks

By using FEATURE(`delay_checks') the rulesets check_mail and check_relay will not be called when a client connects or issues a MAIL command, respectively. Instead, those rulesets will be called by the check_rcpt ruleset; they will be skipped if a sender has been authenticated using a "trusted" mechanism, i.e., one that is defined via TRUST_AUTH_MECH(). If check_mail returns an error then the RCPT TO command will be rejected with that error. If it returns some other result starting with $# then check_relay will be skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay will be skipped.
This has an interesting side effect: if your domain is my.domain and you have


 >>

Apr 16 00:22:08 ftp sendmail[28461]: STARTTLS=server, relay=[21.23.10.25], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Apr 16 00:22:11 ftp dovecot: imap-login: Login: user=, method=PLAIN, rip=21.23.10.25, lip=88.88.18.18, mpid=28463, TLS
Apr 16 00:22:17 ftp sendmail[28461]: AUTH=server, relay=[
21.23.10.25], authid=depit, mech=LOGIN, bits=0
Apr 16 00:22:23 ftp sendmail[28461]: p3FLM5Od028461: from=, size=580, class=0, nrcpts=1, msgid=<201104152122.p3FLM5Od028461@tp.angram.com>, proto=ESMTP, daemon=MTA, relay=[
21.23.10.25]
Apr 16 00:22:30 ftp dovecot: imap(depit): Disconnected: Logged out bytes=9/331
Apr 16 00:22:32 ftp dovecot: imap(depit): Disconnected: Logged out bytes=880/2104
Apr 16 00:23:15 ftp sendmail[28466]: p3FLM5Od028461: to=, ctladdr= (500/500), delay=00:00:55, xdelay=00:00:52, mailer=esmtp, pri=120580, relay=ate.ontebanato.com. [21.10.19.17], dsn=2.0.0, stat=Sent (p3FL32t3031751 Message accepted for delivery)



Sendmail-SMTP-AUTH-TLS-Howto

Sendmail SMTP AUTH Quick Start

 

Using SMTP AUTH and STARTTLS with sendmail


1. We need the following software: openssl, cyrus-sasl2, and sendmail.

2. Create Certificates for TLS
mkdir -p /etc/mail/certs
cd /etc/mail/certs
openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 365

<- Enter your password for smtpd.key.
<- Enter your Country Name (e.g., "DE").
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. "IT Department").
<- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
<- Enter your Email Address.

openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 365
<- Again, enter your password for smtpd.key.
<- Enter your Country Name (e.g., "DE").
<- Enter your State or Province Name.
<- Enter your City.
<- Enter your Organization Name (e.g., the name of your company).
<- Enter your Organizational Unit Name (e.g. "IT Department").
<- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
<- Enter your Email Address.

openssl x509 -noout -text -in sendmail.pem
chmod 600 ./sendmail.pem

Create the file sendmail.mc with the following contents:

dnl ### do SMTPAUTH
define(`confAUTH_MECHANISMS', `LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl

dnl ### do STARTTLS
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl


Then start saslauthd and sendmail:
/etc/init.d/saslauthd start
/etc/init.d/sendmail start


 Test your Configuration
To verify that your sendmail was compiled with the right options type
/usr/sbin/sendmail -d0.1 -bv root
You should see that sendmail was compiled with SASLv2 and STARTTLS:


To see if SMTP-AUTH and TLS work properly now run the following command:
telnet localhost 25
After you have established the connection to your sendmail mail server type
ehlo localhost
If you see the lines
250-STARTTLS
and
250-AUTH
everything is fine.

Type
quit
to return to the system's shell.

 <<
SMTP AUTH allows users to supply a login and password to a server in order to relay mail to other locations. Until recently, relaying was largely controlled by restricting access to trusted IP addresses or networks. This has turned into an administrative nightmare, however, due to the wide adoption of dynamically allocated IP addresses and the demands of roaming users. It makes more sense to control relaying at the user level, regardless of the host or its location on the Internet, but care must be taken to protect passwords from being sent in the clear. >>


chkconfig saslauthd on
service saslauthd restart


You now have SMTP AUTH with encrypted logins!
Verbose mode In order to provide encrypted logins, you must use a version of sendmail that was compiled to use SASL and STARTTLS. 


The confAUTH_OPTIONS macro allows you to instruct sendmail not to offer plain text authentication until after a secure mechanism such as TLS is active (the p option). We are also prohibiting anonymous logins (the y option). The A option is a workaround for broken MTAs:
define(`confAUTH_OPTIONS’, `A p y’)dnl
Now we define which authentication mechanisms we will trust and use:
TRUST_AUTH_MECH(`LOGIN PLAIN’)dnl
define(`confAUTH_MECHANISMS’, `LOGIN PLAIN’)dnl
Next, we tell sendmail where to find the certificates:
define(`confCACERT_PATH’,`/usr/share/ssl/certs’)
define(`confCACERT’,`/usr/share/ssl/certs/ca-bundle.crt’)
define(`confSERVER_CERT’,`/usr/share/ssl/certs/sendmail.pem’)
define(`confSERVER_KEY’,`/usr/share/ssl/certs/sendmail.pem’)
And finally, it may be useful to increase the log level for debugging purposes (delete or comment out this line after everything is working properly):
define(`confLOG_LEVEL’, `14′)dnl

Monday, April 11, 2011

The Future of Android Tablets

Android will run on 39% of tablets in 2015

http://www.gartner.com/it/page.jsp?id=1626414

Gartner says that Android will follow on the tablets
the same growing path as in smartphones ...
One thing is sure :
Windows on tablets will be at the OTHERS category !

Ideal Android tablet : Acer Iconia A500

The bar for 10.1″, 16GB devices that are not carrier locked has now been lowered to $450 .
Anything similar in the tablet market that is not Apple needs to cost this much or less . 

SPICE Up Your Desktop

Red Hat's Future Linux Desktop

Remember Spice Girls ? 

" When you're feelin' sad and low
We will take you where you gotta go
Smiling dancing everything is free
All you need is positivity 

Colors of the world
Spice up your life
Every boy and every girl
Spice up your life
People of the world
Spice up your life "


We all heard about the Internet CLOUD ;
What about the DESKTOP Cloud ?
SPICE Up Your DESKTOP !

SPICE Client - Windows 7
http://www.redhat.com/v/swf/rhev/spice.html

With SPICE will be a lot easier to switch to Desktop Linux. 
I.T. Departments who must forget about old (FoxPro!) desktop applications  , can switch to SPICE .
The user will not comment because his computer will continue to run Windows.
In the second step - when all enterprise apps runs on the - Virtual "CLOUD" Desktop  - the user's computer will BOOT the Fedora (or Ubuntu?) Desktop and the user cannot complain because he is already familiar with the new business software.

One might say that users can and will complain!  Its what they do best. They will complain about anything that is different than what they did yesterday.

IF - the management approves and enforces the new ERP via SPICE , in a Small Business, a complaining user has only one alternative : to resign
In this way, Internet Explorer and Microsoft Office can disapper in a few years ...

Another subtile way of introducing SPICE is with a WEBMAIL server. If an user wants Mozilla Seamonkey or Thunderbird, they cannot have it on their desktop, but instead on the SPICE client ...

In the long term , Linux can BOOT many desktop clients on the business networks.
I think it's a very good plan and I wish that Red Hat will double the income and the market capitalization.

What will be nice to have on a Desktop-Style Cloud-Client ?
If I log off from the SPICE Server and leave a lot of Apps open, and shutdown the windows-client computer at Work , when at home-linux computer , logging at work on the SPICE Server, to be able to access the desktop with the opened Apps and continue work from home ...

   ... something similar with the principle of SCREEN text-mode linux command , but in graphics-mode

Why not an Android device as the Desktop-Based--Cloud-Terminal
to the Spice-Service on a RHEL Server ?
 

SPICE guest drivers released for Windows

HP Delivers Proliant-Based Desktop Virtualization

 

Wednesday, April 6, 2011

THE ONE PAGE FEDORA SERVER MANUAL

Config files , tips and tricks
 - WORK in PROGRESS -

tail -f /var/log/messages : Display the last 10 lines of the system log.
/etc/rc.d/rc.local            : Bash script that is executed at the end of login process.
                                         Similar to autoexec.bat in DOS.
/etc/hosts                      : A list of all know host names and IP addresses on the machine.
/etc/resolv.conf             : Defines IP addresses of DNS servers.

Config files for sendmail | squirrelmail | webmail :
/etc/procmailrc        
/etc/mail/local-host-names

hostname : /etc/hostname

on older systems :
 /etc/sysconfig/network