Life with Ubuntu

First, Happy new year to you and your family 🙂

I have been using Linux on a daily basis for several months now and so far life is quite comfortable. For the first time I can simply forget what people have been telling me  since day one –  “you always need antivirus protection”. Heh, how the hell viruses is gonna infect my computer when even I myself can’t modify the system files! Yes, it’s true that if enough people use it there will be some folks spend time to carve into each input box in the whole operating system to find exploits but considering the rate of Firefox adoption over IE, I’d say it may took decades before Linux can take over. This world is resistant to changes, even if it’s good.

Though the default Ubuntu distribution works out of the box and satisfy the needs of most user, it’s oriented to the naive, who doesn’t have the need for more complex configurations, say – multilingual inputs. That’s when Google comes in handy but it may take a while and some searching skills to find what you need. There’s many question and answer in the Ubuntu forums but they are not always anwered satisfactorily.

Below is a collection of what I have to Google for the past months.

Japanese input

I posted about Japanese on Windows back from last year but I don’t really need Japanese for Linux until now – when my HDD is somewhere in the middle of snowstorms in America and I’m working on a little USB flash drive. It kinda feels like a netbook except it’s faster 😛

Windows doesn’t differentiate between input language and keyboard layout –  it combines both into the IME environment. The result is hideous registry settings to configure what should be readily available. It’s a different thing on Kubuntu: the keyboard layout you can configure in System Settings > Regional & Language > Keyboard Layout is for your physical keyboard only, which means if tells the operating system if there’s something special about your keyboard, like is it laid out in Dvorak, does it have extra function keys, does it have the Japanese switch button etc. To input languages you have to use the input method (IME) which is what translates what you type on the keyboard to something else according to configuration. For example, the Vietnamese input method translates Tie61ng Viet65 into “Tiếng Việt” and the Japanese input method translate katakana into “カタカナ”. All this happens within an input framework. To put it simple, an input framework is a tool that let you switch between languages (This is not technically correct but you’ll know better when you have become familiar with it). Being an operating system of choices, there’s three framework for you to choose on Linux: UIM, SCIM and iBus with iBus being the future.

To install iBus, first add the following line to /etc/apt/sources.list

deb http://ppa.launchpad.net/ibus-dev/ibus-1.2-karmic/ubuntu karmic main #IBus 1.2 for Karmic

Then run

sudo apt-get install ibus ibus-gtk

Once iBus has been installed, you can install input languages, say Vietnamese and Japanese:

sudo apt-get install ibus-unikey ibus-anthy

You can activate iBus with

im-switch -s ibus

It requires a restart and then you are good to go! 🙂 Note that instead of using the command line apt-get, you can type “ibus” into the software installer to find the packages and install them.

You can see the language you want to type is not bound to any specific keyboard layout here – at the start of this post you can have Qwerty, Dvorak or Colemak – that doesn’t matter, you can use it to input the language you have installed!

References: ibus @ ubuntu vn, ibus project

Multilingual input with Opera 10

Opera is a great browser, many of the functionality that defines the modern browser is from opera – say tabbed browsing, integrated search function, modular design and many others. Should Opera be free from the start it could have overthrown IE as the most popular browser. Well, what’s history is history already 🙂

I use Opera on linux for the sake of simplicity – it provides all the functions I need without the need to install any fancy plugin (I’m talking about you, Firefox). It’s a surprise that I can’t use iBus to type Vietnamese in Opera when I first installed it :(.

I found out why: the default version you can download from Opera’s homepage is compiled with the Qt3 library while iBus works with Qt4 only. Luckily Opera is also compiled with Qt4 but you’ll need to cruise around some FTP servers to get it.  Click here to get version 10.10 for ubuntu/x86, which is the latest at the time of writing.

When 128MB isn’t enough or how to expand your Ubuntu installation on a USB stick

Kubuntu 9.10 comes with a new feature: make a USB stick bootable and persists your changes between sessions. At first you may think the default storage space of 128 MB could be enough but after some themes, customizations and application s (namely Firefox); 128MB is used up in no time.

Your Linux home is stored within an image file in the root of the drive – casper-rw. You can allow Linux to use a bigger share of your stick by expanding the file then imposes ext3 formatting on it with the following steps:

# dd if=/dev/zero bs=1M count=1024 >> casper-rw
# e2fsck -f casper-rw
# resize2fs -f casper-rw
# e2fsck -f casper-rw

1024 means 1024MB, change this to whatever size you want. Note that this capacity is added to your existing quota, so if you have 128MB already then after this command you have 1153MB for storage.

File managing – Norton Commander style

While Kubuntu have dolphin as a pretty good file manager, iallowsng you to split windows and drag the navigation dock around, it’s still get nowhere close the original NC feel (say tabbing, F3, F4 and F5). Of course Midnight Commander have been around since Linux was still stuck in the server rooms but what? A text mode program on the all cute KDE Oxygen? Does not sound right to me.

Good thing that there’s Krusader. It’s a bit old but seems to work fine. The menu bar, button bar and command line stays true to the tradition – I feel like home 🙂

Facebook block workaround (and no, it doesn’t involve DNS)

image1

The reason [Source]

It has been a bit hard to reach facebook lately. For some ISP like Viettel and FPT, a DNS change is all it takes to resolve facebook’s IP and restore access to the site. For some other, like EVN and VNPT, here’s what you got

image2

Changing DNS won’t work, which means the rats must have bitten something else. You are forced to use slower methods to overcome this, which could heavily impact your ability to play happy farm 🙁

That’s until I read that facebook still work with SSL (e.g when you replaces http in the address with https you are able to login), but it reverts to http the next time you click a link and you’ll have to do it again. This is especially annoying with games, which uses a lot of redirects to show their ads and stuff (damn, they are greedy).

And so I made something to do the hard work for me, so that I won’t miss the daily login bonuses :p. It’s utterly simple and a bit hard to use  but it does the job.

The code

Make a form that looks like this

image3

Write these to the form’s code

public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        /// <summary>
        /// Executes when a request is made, it will fix the protocol or anything in
        /// the address if the first check box is checked
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void webBrowser1_Navigating(object sender, WebBrowserNavigatingEventArgs e)
        {
            string Address = e.Url.ToString();
            // Facebook uses some complicated redirection method so we'lll have to ignore this
            if (Address.Contains("redirectiframe.html"))
                return;
            // If it's not from facebook or facebook's cache, just ignore it
            if (!Address.Contains("facebook") && !Address.Contains("fbcdn"))
                e.Cancel = true;
            else
                if (checkBox1.Checked && Address.Contains(textBox1.Text))
                {
                    e.Cancel = true;
                    webBrowser1.Navigate(Address.Replace(textBox1.Text, textBox2.Text));
                }
        }

        /// <summary>
        /// Load facebook on start
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void Form1_Load(object sender, EventArgs e)
        {
            webBrowser1.Navigate("http://www.facebook.com");
        }

        /// <summary>
        /// Fixes link after the document is loaded, may break some pages
        /// and creates an endless loop on login so it's not enabled by default
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void webBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
        {
            if (checkBox2.Checked)
                webBrowser1.DocumentText = webBrowser1.DocumentText.Replace(textBox3.Text, textBox4.Text);
            toolStripTextBox1.Text = webBrowser1.Url.ToString();
        }

        /// <summary>
        /// The go button
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void toolStripButton1_Click(object sender, EventArgs e)
        {
            webBrowser1.Navigate(toolStripTextBox1.Text);
        }

        /// <summary>
        /// Show/hide options
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void toolStripButton2_Click(object sender, EventArgs e)
        {
            groupBox1.Visible = !groupBox1.Visible;
        }

        /// <summary>
        /// Update load progress
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void webBrowser1_ProgressChanged(object sender, WebBrowserProgressChangedEventArgs e)
        {
            toolStripProgressBar1.Maximum = (int)e.MaximumProgress;
            toolStripProgressBar1.Value = (int)e.CurrentProgress;
        }
    }

Usage

Open options, check the first check box and you’ll be able to login, open applications and view photos. Should something breaks, try uncheck the check box and press Go to reload the page.

Choose no when IE asks you this, as images are loaded with http

image4

The second check box corrects the links and images on the page to https, only use this when images are not loading

Alternatively, you con use this to access facebook with its ip address. Try navigate to 69.63.184.143 and have it replace http://www.63.184.143 with https://69.63.184.143 (facebook removes the leftmost part before the first . and replaces it with www when you login)

Here’s the executable

Dvorak 日本語

While most of the stuff I type everyday can be expressed using Latin characters (e.g English and Vietnamese) so I can use Dvorak for them without the need for another keyboard layout. But sometimes I just need to type in a different kind of language, like, what’s the latest くるま model from トヨタ? 😛

The most convenient way to type that in windows is to use the Japanese IME, but the funny part turning on the IME after my Dvorak conversion is I HAVE TO USE QWERTY FOR JAPANESE. It’s easy to say, but it took me 5 friggin’ minutes to figure out why all I can type is あああ 😐

It’s just what happen when you use Windows: every basic function works just fine, but when you want to take it to the next level of customization, something bad happens.

Luckily, I don’t have to abandon my newly learned layout (which I’m getting a better accuracy rate than the old). There’s three ways to do that

Remap your system’s layout

This site show you how and have a nice chart. I found this site first on my search but this have a lot a side effects: First, you have to change your layout back to qwerty and then remap, which could create confusion when you are protecting your user account with passwords (there’s no way you can tell which keyboard layout is in use at the windows logon prompt – a fatal flaw in design I say). Second, this setting is effective system wide, which means non – Dvorak users will never have the chance to share that computer with you.

Remap the IME

Open the MS-IME’s Properties and press the advanced button, you’ll see a mapping table you can edit, just type the Dvorak combination in place of the qwerty ones already there and you can type Japanese, but what happen if you want one or two Romani character in between? This won’t work 😐

image

There’s nothing a hack won’t fix

There’s a setting in the registry that will let you change the keyboard mapping file for a specific IME and it’s buried in

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layouts

There you will find a bunch of hexadecimal keys, each correspond to a specific IME: Slovak, US, Dvorak, Japanese, Korean… you name it! The code for Japanese (MS-IME 2002) is E0010411, go there and change the value of “LayoutFile” from kbdjpn.dll (actually a qwerty map) to kbddv.dll (Dvorak map) and restart your computer (This is the only way to restart the IME).

If that didn’t work (Microsoft may as well hiding some other option which will override what you have just overridden somewhere else, oh well…), you may need to go to %systemroot%system32 and copy the kbddv.dll over kbdjpn.dll itself, then restart.

Yup, that’s what I did to get what I wanted – type 日本語 with ドヴォラック :P.

Notes on installing and configuring Windows Software Update Service under offline model for isolated network

Executive summary

Due to strict requirements of security for finance businesses, a finance company’s network should be isolated from outside environment. This has the effect of shielding making the entire software infrastructure less prone to software invulnerabilities and thus external attacks. However, this does not eliminate the need for software updates since the network’s operation can still be disrupted by internal sabotage or worm infection from careless users.

Since large financial institutions often have management workflows, updates are subject to prior approval by the management and not all updates maybe approved. The process of maintaining software updates manually, which includes downloading, tracking, approving and installing’s cost could escalate as vulnerabilities are discovered over time and software enhancements are made.

As a major software manufacturer, Microsoft is aware of this issue and have developed Windows Software Update Service (WSUS) as a solution for the update management problem. WSUS allows for approval, mass install, provides a central configuration point and thus reduces the maintenance cost.

This document tried to summarize the knowledge needed for installing and applying WSUS’s update model to an isolated network. This includes:

1. The requirements and how to install WSUS under the isolated model.

2. Configuring WSUS and the approval workflow with WSUS.

3. Synchronize update databases between computers.

4. Configure clients to receive intranet software updates.

Infrastructure requirements

image2

Figure 1 A typical corporate intranet

The picture above describes a typical “closed-circuit” corporate network, which connects computers within a branch and branches together. This network is isolated from outside environment (e.g. the internet or other non-corporate affiliated networks).

Two servers, disconnected model

Because the update server must be connected to the internet somehow (to receive updates from the root update server – Microsoft’s), the safest model for this application is to utilize two server – one to receive updates from outside and one to propagate updates inside the intranet. Data would be manually synchronized between the two machines by various means like tapes, external HDDs or an ad-hoc network. Tape and HDD synchronization theoretically is the most secure option, since no connection is required between two machines and thus, makes data leaks and network penetrations almost impossible (data can only go in and can’t go out). Also, update package’s integrity is always verified with digital signatures from Microsoft so they can’t be compromised.

image3

Figure 2 Two servers model

Package approvals can be made on the internal server. Subsequent package updates from the external server will not affect existing approvals.

Although being the most secure option, this model is costly to deploy:

  • It requires an additional server to receive updates from the internet.
  • It requires additional data containing medium (tapes, HDDs) to synchronize the servers securely.
  • It takes time to synchronize (updates are usually large – to the extent of terabytes and external storage media is usually slow)

This technical note is focused primarily on how to configure and make servers perform this role.

One server, switching connection model

image005

Figure 3 Switching connection model – update phase

image006

Figure 4 Switching connection model – distributing phase

To avoid the cost of an additional server and updating time, this one-server model can be used. The update server could switch between two connections: one to the internet (to download updates) and one to the internal network (to distribute updates). The switch could be made at anytime because WSUS itself could handle partial downloads.

With this model, penetrations and leaks may occur if a malicious party could install a drone in the update server to execute predetermined commands or probe for data from the internal network. Therefore t is advised that the update server be carefully firewalled and allow only the update service to access the network interface.

Also, the update server must be dedicated to the role can can’t perform other server roles since it could be disconnected from the internal network at any time.

One server, always on model

image007

Figure 5 One server, always on model

This model is similar to the one server, switching model except that both the connection to the internal network and the internet is always on to the update server. This way, the update server can continuously update its repository and distribute the update to internal computers. The update server acts similar to a router that allow the computers in the internal network to access the internet, except that the only kind of data that can get through is updates and this data also subjects to approval in WSUS.

This model requires an additional interface for the update server. However, the server can also perform other roles for the internal network, since it is always connected.

This model is the least secure of all three. It poses a serious security threat to the internal network in case the update server is compromised by a malicious party. Therefore, making sure the update server itself is up-to-date with the latest security patches and strict firewall configuration is a must.

Comparison between models

Two servers One server, switch One server, always on
Security ranking High Medium Low
Hardware cost Expensive Minimal Medium
Configuring cost Medium (Two servers and transfer media setup) Low (One server and firewall setup) Low
Management cost High (Update approval on internal server and decide when to sync.) Medium (Need to decide when to switch) Low (Update approval only)
Maintenance cost High (Manual sync.) Medium (Manual/Automatic switch required) Low (Usual security and maintenance checks only)

Configuring WSUS servers

WSUS setup process is straightforward. A configuration wizard is started after WSUS installation is completed to help users configure WSUS. This wizard can be accessed later through the option item in WSUS configuration snap-in (Control panel à Administrative tools à Microsoft Windows Server Update Services)

image008

Figure 6 Options item

WSUS can be configured to pull data from another WSUS server instead of the default Microsoft server (useful when deploying the two server model, connected with an ad-hoc network). Other configuration options are visible on Figure 6 and to the left of Figure 7. It should be noted that this wizard should not be followed on the internal server in the two server model since it requires a direct connection to the upstream update server to continue past step 4. Actually no configuration is needed in this case.

image8

Figure 7 Update source configuration screen

Managing approvals and installing updates

Computers in the internal network could be configured into groups to manage which update should or should not be installed on them. WSUS can only manage clients which have reported to it. Refer to section “Configuring clients” for details on how to configure clients.

image9

Figure 8 Client management screen, listing all active clients

image10

Figure 9 Update approval / rejection

image11

Figure 10 Detailed status report for a client, with report viewer installed

After being properly configured, clients will automatically pull updates from the WSUS server and install them if those update packages are approved and have not been installed already.

Synchronizing update repositories

Deploying the two servers model with tapes and external HDDs require manual export and import of update data. “Update data” includes:

  • Package executables themselves, which are saved as files in WSUS’ update repository (the default folder is C:WSUSWsusContent and can be changed during WSUS’ setup). This is synchronized simply by copying the content of the entire folder.
  • Information about the packages such as checksum and verification data, termed “metadata”. See “Exporting metadata” and “Importing metadata” for details.

WSUS requires both kind of data to be synchronized to work.

Usually, the list of available updates and their metadata is downloaded before the update packages themselves. WSUS will not distribute such incomplete packages.

image12

Figure 11 Warning when package’s files have not been downloaded

Exporting metadata

Syntax: wsusutil export <datafile> <logfile>. This will produce a metadata container file (.cab) and a log file (.log). Both are needed for metadata import. The exporting process could take a while.

image13

Figure 12 Exporting metadata

Importing metadata

Syntax: wsusutil import <datafile> <logfile>.

image14

Figure 13 Metadata import

Configuring clients

To make client update through the new WSUS server instead of the default (Microsoft’s server), the policy for the domain should be modified as in Figure 14 to point to the new WSUS server: http://<servername>.

image15

Figure 14 Client configuration (illustrated with local policy editor)

To edit corporate policy, you con either use the Group Policy Management Console, right click the OU you want to apply WSUS policy and select create policy, you should now see he Group policy object editor similap to tho above screenshot.

Alternatively, you can open Active Directory users and computers, open the properties windows for the OU you want, select the policy tab and click Add (or edit an existing policy).

After policy modification, it may be necessary to:

  • Forces refresh the active policy with gpupdate /force (which will be automatically refreshed in 15 minutes anyways).
  • Clear Internet Explorer’s cache on the client to force reload of update configuration files downloaded from the previous update server.
  • Reauthorize Automatic updates on the client so it is registered on the update server with wuauclt.exe /resetauthorization /detectnow.
  • Make sure that Automatic Update for the client is enabled.

image16

Figure 15 Windows XP Automatic updates configuration screen (My computer à Properties)

Upon successful configuration, the client will appear on WSUS configuration snap-in as in Figure 8.

Downloads

1. WSUS 3.0 SP2: Main WSUS Component.

2. Update fix for WSUS 3.0 SP1: WSUS 3.0 SP1 is known to have a bug that make some client unable to download updates.

3. Microsoft report viewer 2005: Required to view detailed reports.

4. Windows Installer 3.1: WSUS perquisite.

5. .net Framework 2.0 SP1: WSUS perquisite.

6. Background intelligent transfer service 2.0 update: WSUS perquisite.

7. Windows Server 2003 SP2: WSUS perquisite.

References

1. Microsoft Windows Server Update Services 3.0 SP2 Deployment Guide

2. Microsoft Windows Server Update Services 3.0 SP2 Operations Guide

Disclaimer

Registered trademarks are property of respective owners. This document contains no sensitive or specific information about any corporate entity.

Basic for Excel

* For the real action, jump straight to the “with VBA” section

It’s there a decade ago, it started off the wrong foot, generated some (bad) publicity and people started to wonder why it’s there in the first place. It’s quite surprising how people are ignoring it by now. It’s just sitting there in the corner of the file system, doing various sort of slavery work for people. Visual Basic for applications (VBA), imagine how we missed ya!

When I was a kid, I once thought that by choosing the path of a developer, I would sooner or later encounter it and do various sort of wondrous stuff with it, like some kind of smart worksheet that won’t let you type character data into numeric cells.

Sadly, that never happened. There are other ways to do that without VBA, or even without Excel since now I know, there’s Open Office and all. VBA’s role is even somewhat superseded by Visual Studio tools for Office/Applications.

Despite all that, VBA is still there, in the latest (official) version of Office for you… There’s no reason for it to wait any longer, right? This is intended to be a short (and simple) tutorial covering a fraction of what VBA can do for an average user, so you don’t have to be a total nerd to follow this.

Custom functions

Preface

Excel comes with a huge load of functions (hundreds or so) serving various purposes, but sometimes even that is not enough! Let’s say you want a function that returns the last working day before a certain date. Doing this week Excel’s function could be tedious because you need to handle three separate cases which will require two IFs:

– If the given date is Sunday, the last working date is last Friday (Two days backwards).

– If the given date is Monday, the last working date is also the last Friday (Three days backwards).

– For every other day of the week, it’s just the previous day

And also, WEEKDAY() returns a number from 1 to 7 so you have to remember which number corresponds to which day to make the IFs. The finished function should look like this:

=IF(WEEKDAY(C14)=2,C14-3,IF(WEEKDAY(C14)=1,C14-2,C14-1))

(C14 is the cell containing the original date)

Give that function to someone who haven’t read the two paragraphs above, it will take them at least 5 minutes to figure out what are you trying to do in that cell, and then you’ll waste yet another comment to explain that to them!

With VBA

You can program a new function to do the above.

1. From Excel press Alt+F11 or open the following menu/ribbon:

image1

image2

2. Select new module from the toolbar

image3

3. Type in the following code in the new window

Public Function BusinessDayPrior(dt As Date) As Date
 
    Select Case Weekday(dt, vbMonday)
        Case 1
            BusinessDayPrior = dt - 3 'Monday becomes Friday
        Case 7
            BusinessDayPrior = dt - 2 'Sunday becomes Friday
        Case Else
            BusinessDayPrior = dt - 1 'All other days become previous day
    End Select
End Function

It will look like this

image4

4. Click save, return to the main excel window, type a date you want and in C14 and =BusinessDayPrior(C14) (replace C14 with any cell of your choice), the result will look like this

image5

Much clearer, and for an exercise, try to handle the case to suit your own specific need: tweak that function so it will handle holidays too:

– What if the given date is right after a one-day long holiday?

– What if the given date is right after a several days long holiday?

– What if you have compensated holidays (e.g. if the holiday is on weekends, you get another day off)

Automating tasks

Imagine this scenario: You are browsing through a list of stock quotes and you want to take note of profitable stocks on another sheet. If you are doing this manually you’ll have to copy the stock name, switch to the other sheet and paste it. With VBA you can have a button on the sheet that when you click, will do all three steps for you.

1. Open the visual basic editor with Alt + F11 and create a new module (see above on how to do it)

2. Add the following code to the window

Sub Macro1()
'
' Macro1 Macro
' Macro recorded 14/10/2009 by SilentWind
'

    Dim Temp As Double
    Temp = ActiveCell.Value               'Get selected cell value
    Sheets("Sheet3").Select 
    For i = 1 To 65535                    'Scan the destination sheet…
        Range("A" + Trim(Str(i))).Select
        If (ActiveCell.Value = "") Then   '…for the first empty cell
            ActiveCell.FormulaR1C1 = Temp 'Copy it to the destination sheet
            Exit For
        End If
    Next i
End Sub

3. Draw a button on the sheet:

– In Excel 2007, go here

image6

– In Excel 2003, right-click the toolbar, select customize, and drag the button onto the sheet

image7

– In place of the button, you can even you an auto shape! Contrary to popular belief, it does not always require a button to do some useful task!

4. Right click the newly added button/shape and select Assign Macro…

image8

5. Select Macro1 (the one you created at step 2)

image9

Now, every time you select a stock name and click on the button/shape, it gets automatically added to the last empty cell in column A on sheet3.

image10 image11

In Excel 2003, you can drag the button onto the toolbar instead; the steps are still the same. In Excel 2007, you can only add that button to the Quick Access toolbar (well, unless you know how to use VSTO…):

– Right click the Quick Access toolbar and select Customize Quick Access Toolbar…

image12

– Add your macro by selecting “Macros” from “Choose commands from”, select your macro and click add.

image13

Conclusion

I think the two examples above are enough for casual user to understand and adapt for their daily use. Application is endless! Should there be any other questions, feel free to ask; I will add them to future posts if they are interesting enough.

You can download the demo workbook here.

Reference

Wikipedia’s article on this