More from: OpenSource

Puttin’ On the (Oracle) VirtualBox

john-headsetOver time people change. Over time corporations and their philosophies change. Managers must anticipate what the impact will be on their own operation and take proactive steps to ensure business continuity and profitability.

Virtual Machines (VMs)

Teaching handouts often require fair use (‘Teaching” under the Copyright Act of 1976, as amended) screen shots of the actual computer screens. The VM allows one to run a sand boxed OS and collect such information as is needed to put screen shots in teaching handouts, especially screens that do not have any convenient means of saving a screenshot such as the GRUB boot loader. They are also used to test software, create a safe(r) place to try new apps which might contain malware or spyware, and to run a different OS than the one in general use on the computer.

For example, to access one Indiana medical reporting system, care providers are required to use only Microsoft Internet Explorer — no other browser will work right. If the care provider uses some distribution of Linux on all their computers for reasons of cost control, reliability, and security then they would be excluded from inputting their work into this system and as such would never get paid. They can create a VM and buy one Windows license to install in it so that they can use IE in this one situation.

Note 20181104:  Microsoft has their own entry into the virtual machine arena. In an email to me from Blake Miranda, the Outreach Manager for Cloudwards, she writes:

My colleague Steve recently put together a pretty comprehensive article on Hyper-V; what it is, and how users can improve their productivity through its applications.

The post is here: https://www.cloudwards.net/hyper-v/

This also keeps all their highly private client data isolated from all their other computer systems, thus making it far less likely that they will run afoul of patient privacy legislation such as HIPPA and its uglier, more vicious step sister 42 CFR Part 2. One disclosure of patient information not covered by a specific signed permission form can result in a cost of $240,000 to the care provider, per unauthorized disclosure. Imagine if a care provider’s client data were stolen and published on the Internet. Since the VM is totally isolated from all other systems, and is not even turned on except when it is needed to enter data in the State system, this provides much less opportunity for unauthorized disclosure from within or without the agency. Since a VM is physically just files, it can be on a removable disk or memory stick and locked in a drawer (or safe) when not in use. Web Service providers often use VMs for each web server so they can maximize efficiency of their physical hardware and also so that they can recover entire web servers from backup in a matter of minutes.

VMWare

We have used VMWare Workstation and later VMWare Player since 2003. However lately there seem to be changes at VMWare: The CEO (who helped found the corporation) was fired by the Directors and an ex-Microsoft executive hired to replace her. Wikipedia says:

VMware, Inc. is an American software company that provides cloud and virtualization software and services,[2][3][4], being the first who managed to virtualize the x86 architecture.[5] It was founded in 1998 and based in Palo Alto, California, USA. In 2004, it was acquired by EMC Corporation and now operates as a subsidiary.

VMware’s desktop software runs on Microsoft WindowsLinux, and Mac OS X, while its enterprise software hypervisors for servers, VMware ESX andVMware ESXi, are bare-metal embedded hypervisors that run directly on server hardware without requiring an additional underlying operating system.[6]

VMWare does have a lot of trial and free downloads available, but I don’t find the free VMWare Player any longer. There is a new VMWare Player Plus. There are concerns about the eventual impact should the license terms become unacceptable to me. VMWare has a much larger number of products now than they did in 2003 when I purchased my first VM supervisor from them, and honestly I do not grasp all the intricacies of each. I am really quite comfortable with VMWare Player and Workstation, but I have no idea where VMWare is going, and that concerns me.

Oracle

In 2010 our favorite hardware manufacturer and protagonist for the free OpenSource office suite OpenOffice and for the free OpenSource database MySQL (which is used on 90% of the web servers on the Internet), Sun Microsystems, was bought by the for-profit database giant Oracle. Oracle has long been recognized as the absolute best of the best so far as high performance secure corporate database systems is concerned: the name Oracle is synonymous with “high quality professional database”.  Says Wikipedia:

Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood City, California, United States. The company specializes in developing and marketing computer hardware systems and enterprise software products – particularly its own brands of database management systems. Oracle is the third-largest software maker by revenue, after Microsoft and IBM.[3]

OpenOffice seems to have then gone on hold after the transfer of ownership and some of the OpenOffice project personnel forked the project to start LibreOffice. However, Oracle Corporation does not seem to have totally rejected the concept of OpenSource software, libre (free) computing, and related social movements, rather they have many Communities and seem to have some interest in supporting new OpenSource, or at least free, software development. There are free downloads. VirtualBox is one of the Oracle projects that has come to the public mind in the last two years or so. It is a substitute product for the VMWare Player and possibly Workstation.

The Install

This slideshow requires JavaScript.

As such, it is time for me to be proactive and learn how to use the new Oracle VirtualBox. To install VirtualBox is straight forward — choose VirtualBox in the Ubuntu Software Manager.

Once installed, I changed the default folder for storing Virtual Machines to something I liked better than the default. The other preferences I left alone.

I clicked the NEW icon in the upper left corner of the box, then set up a Windows 7 Home machine. From there I simply followed the prompts and had a VM in about 10 clicks.

Next I installed the Windows 7. I converted the Windows 7 Home DVD into an .iso, as .iso files on the disk tend to work much faster than DVD drives. Then I connected the .iso as the cd drive. Click Settings in the top tool bar. Under the storage area I deleted the CD (- icon at bottom) and added a new CD using the .iso image file. If you have done this in VMWare it is similar — you’ll find your way around easily.

Total Windows 7 Home install time was about 3 minutes, including the obligatory reboot. As I learn more about VirtualBox I will update or post more.

vbox31

Notes: 20130807 2338

1. You can resize the VM window to fit the unused space on your desktop and have Windows respond by changing its resolution to use the full area.

2. Use of system resources is light.

3. Remember to install “Guest Editions” to get full functionality, such as shared folders. At the top menu bar click Devices, then at the bottom of that menu select Install Guest Editions.


Content Filters

(Note: this was written in 2013 – years ago, so links may or may not work.)

Reviewing web content filters: the box that scans incoming web pages, reads them, and allows acceptable content or blocks/drops unacceptable content based upon rules you set. Notes:

  1. Must read the pages, not merely scan URLs
  2. Must break open encrypted packets and scan, otherwise it is all wasted time
  3. Must not rely upon the device being used to view web pages — must be installed in the line connecting the LAN to the Internet, so it cannot be bypassed by any end user. It cannot be a mere proxy (cloud) that trusts the person being limited does not circumvent it: it must be hard wired into the building LAN so that it is impossible to evade.
  4. Preferably OpenSource so it is subject to peer review.
  5. Preferably no per seat licensing attempts to exploit
  6. Linux / BSD / Unix OS

DSCN2693

Web search possible results

Five Content Filters, Tech Republic http://www.techrepublic.com/blog/five-apps/five-content-filters-suitable-for-both-home-and-business/

Potential candidates which supposedly read the actual web page and block unacceptable content.

  1. Net Nanny http://www.netnanny.com/ — relies on intintegrity of the end user’s PC, Windows, not in LAN, costs $39.99 per seat for licenses
  2. K9 http://www1.k9webprotection.com/ — only works on Windows or some mobile devices, apparently to be installed onto the actual device and not inline in the LAN, and they want $12.50 PER MONTH PER SEAT to use it. graphic
  3. Safe Squid http://www.safesquid.com/content-filtering/linux-installation — downloads at http://www.safesquid.com/content-filtering/documentation. Seems to be free. Good Linux command line install instructions. Not sure if it scans each web page or not: looks like just a firewall with a URL blacklist (menus have nothing about content filter, key words, weights, etc). Think it might be intended to be installed inline however it comes in Linux and Windows versions. Look more at this later.
  4. DansGuardian http://dansguardian.org/?page=documentation — It was a good project, but not maintained. People in volved started a pay-per-seat for-profit project called SmoothWall that has superceeded it. It does read the pages, but it did not break open encrypted packets when I used it last.
  5. OpenDNS http://www.opendns.com Looks promising. It is a web based service BUT it works by changing the DNS lines in your firewall to point to OpenDNS. Unless the end user can break inot my firewall/router it will help. They provide a white paper on their approach here. Free with VIP subs available for $20/year. Graphic here. I’ll look more but this is potentially a high efficiency solution, so I subscribed. Summary from the web site at http://www.opendns.com/technology/ reads

    “We’ve established that DNS is used in almost all online activities, helping you get to where you want to go. But traditional DNS doesn’t discriminate the good from the bad. Regular DNS doesn’t know the difference between http://www.paypal.com and a forged clone site, aiming to trick you into providing your sensitive personal information. OpenDNS not only knows the difference, but also gives you the tools to decide what to let in, and what to block.  Think of it like a firewall for DNS. Using DNS as a filtering mechanism has powerful implications: phishing websites can be blocked from tricking users into giving up sensitive data and malware websites can be prevented from infecting computers.  Moreover, it’s not just about preventing security threats from loading.  Infected computers usually use DNS to try and “phone home” to a master computer for instructions, often leaking out confidential information, passwords, and files from computers.  OpenDNS prevents that from happening, too.”

    The bottom line is change your DNS settings to use the OpenDNS server addresses as your DNS server settings and save/apply:208.67.222.222, and 208.67.220.220. Piece of cake.
    Apparently there is more to this than meets the eye. I had my wife browse to sex dot com and she said she got pictures, lots of pictures. Ah. An email came to the address I provided when registering. First I must confirm my identity. Then enroll my IP address. Then select my level of filtering. Then wait 3 minutes for it to take effect. Works. It is clearly a URL filter, but that is better than nothing until I find a content scanning filter.
    One benefit is that URLs are submitted and rated by members through an averaging process (voting).

  6. Smoothwall Express http://www.smoothwall.net/ — looks like IPCop to me, a firewall. No apparent content filtering. Maybe content filtering is in their per seat license product. I requested pricing information on their contact web page, but have not heard back yet. I’ll update when I have more complete information. This could be a nice content scanner in addition to the OpenDNS URL scanner, but the pricing may be too high for a public charity serving the poor to afford. Their sales asked when I could chat and I suggested Monday 10/7. NOTE: I talked with the Smoothwall rep Tuesday 10/8 and there filter definitely does break open encrypted packets and examine the content.
  7. IPCop http://www.ipcop.org/ — it is only a firewall. We use it now and it works nicely. Free, no artificial limitations to coerce you into buying something unlimited. But no content filtering.