Saturday, December 05, 2015

Synergy, Screen Savers and Security

My employer requires me to use a password-locked screen saver on my Windows 7 laptop, so I was surprised and confused last week when I unlocked my system to see a 'security violation' notification; my confusion became acute when I check my Windows configuration and found that I had configured the screensaver properly.

After a few minutes of experimentation, I discovered that Synergy was to blame. (For those unfamiliar with Synergy, it's a software-based KVM (non-video) system to share keyboard/mouse/clipboard across multiple platforms. While it was originally open-source, it has become a paid-download product - one of the VERY few such packages I use.)  As it happens, Synergy's default behavior is to synchronize screen savers across all participating systems; since my Synergy server (running Linux) did NOT have a screensaver enabled, the Synergy client on my Windows 7 system silently disabled its screensaver as soon as it made the initial Synergy connection.

Well, now that I know this, how do I fix it?  Well, there's some tweaking to be done on both sides.

On the Synergy server, I added the following section to /etc/synergy.conf:
section: options
    screenSaverSync = false
end
This disabled the synchronization of screensavers across my Synergy systems; however, I immediately found that I couldn't send a control-alt-delete signal to Windows 7 via Synergy.  Well, it turns out that, by default, Windows 7 doesn't allow the Secure Attention Sequence (SAS - the fancy name for control-alt-delete) to be generated by anything other than the system keyboard...but there's a fix for that. Head over to the Start menu and run gpedit.msc (the Local Group Policy editor). Navigate through Computer Configuration,  Administrative Templates, Windows Components, and Windows Logon Options. At this point, double click on "Disable or enable software Secure Attention Sequence" and configure the policy like this:

Once this policy was enabled and applied, everything worked as expected; my Windows screensaver kicked in when it should AND was password-locked, and I could send Control-Alt-Delete via Synergy with Control-Alt-Pause/Break. A quick security scan confirmed that my employer's requirements were met, and all is now well.

I'm not running Windows 8 or Windows 10 in my environment; if you ran into similar problems with Synergy, let us know in the comments.

Android-x86 and VirtualBox - A Potent Combination

For a "network guy", mobile devices can be really frustrating for one simple reason - unless you jailbreak the device, it can be rather difficult (if not impossible) to dive under the hood and get an idea of how the devices behave at the network layer.  Unless you just happen to have a spare device or two laying around and are willing to jailbreak them, you might be wondering if there's any way to observe network behavior in a fairly straightforward fashion. When it comes to Android, however, there IS a solution.

Now, it's certainly true that you can install the Android SDK and use its included emulator to run various versions of the OS, but that's a LOT of overhead; I don't need to dive THAT deeply into Android internals, and--to be honest--the performance of the emulator isn't all that great. I recently discovered the Android-x86 project, which has been going strong since 2009 to bring Android to the x86 platform. I installed Android-x86 on an old netbook and started playing with it, and then I realized...why not run it in a VM?

Enter Oracle VirtualBox.

This free virtualization package is available for Windows, OS X, Linux and Solaris; I'm currently using it on my Windows 7 laptop and several of my Ubuntu Linux machines, so I tossed an Android-x86 ISO into a new VM and went to work. Ten minutes later, I had this:
Android-x86 5.1RC1 running under VirtualBox on Windows 7
Now, it isn't perfect; since my laptop isn't a touchscreen, I can't work with gestures or multitouch, and (obviously) telephony functions aren't available. However, one can certainly exercise basic functions of just about any Android app within Android-x86...and, thanks to VirtualBox's extensive network support, it's a trivial matter to capture the network traffic of your Android VM with Wireshark. In no time at all, I was profiling the network usage/performance of various Android apps.

If you need to work with several versions of Android, Android-x86 can help you there as well; you can download ISOs of Lollipop, KitKat, Jellybean and Ice Cream Sandwich and install them to their own VMs. You can also share/copy VirtualBox VMs across multiple platforms (for example, I moved an Android-x86 VM from one of my Linux systems to my Windows 7 system with no problems). While I haven't done it myself, I'm told that some enterprise admins have registered their Android-x86 VM with their mobile device management (MDM) products of choice for use in testing/prototyping...

(NOTE: You can install Android-x86 to a bootable USB stick, if you so desire; here are the details.)

(NOTE #2: If you have a touchscreen laptop sitting around, give it a shot! Here's a video of Android-x86 4.4.2 (KitKat) running on a Lenovo Y50.)

So, whether you're testing, developing, or just want to play around with Android without buying a device or jailbreaking your personal stuff, take a look at Android-x86 and VirtualBox; they make a good pair.

Friday, December 04, 2015

New Linux installs - What Are YOUR "Must Have" Apps?

I think that every Linux user has their own list of "favorite" apps which, for whatever reason, aren't included in the default distribution. Some of our choices may be driven by work responsibilities, while others make the list for usability...and it seems that most of us have at least one or two "just messing around" applications as well.

While I'm an 'occasional user' of several Linux distributions (Red Hat, SUSE, Linux Mint, and Fedora), I'm currently running Ubuntu 14.04 and 14.10; I make no guarantee that the applications I list are available for every distribution, or that the release offered in your distribution is the most recent; I've provided links to the home pages of the various projects, in case you want to run the latest-and-greatest stuff. Having said that, and in no particular order, here are a few of the apps I automatically install on any new Linux box:

Shutter: As a software support engineer and networking geek, I use screenshots on a near-daily basis - lots and lots of screenshots, particularly in chat sessions with my colleagues. Shutter is a comprehensive screenshot tool which includes the ability to save images in all major formats, export to sites like Imgur and Dropbox, annotate/edit images, and more.

Wireshark: The opening screen of Wireshark reads, "The World's Most Popular Network Protocol Analyzer"...and, well, they aren't talking trash. If you're doing anything interesting at the network layer, you NEED Wireshark. It not only does network captures, but also reads/writes the file formats of every major network analysis device out there. (If you're running Ubuntu 12.04, 14.04, 15.04 or 15.10, there's an official wireshark-dev PPA you can use to install the latest build (Wireshark 2.0-stable) instead of building from source code!)

Docky: OK, I'll admit it - I don't like the Unity Launcher provided by Ubuntu. Docky is a nice, clean application dock/launcher that includes a selection of useful docklets/helpers; it's almost trivial to customize Docky to your taste.

GIMP: (GNU Image Manipulation Program) This is my "just messing around" app; I like playing around with images, even though I'm not very good at it (just yet). GIMP has tons of features, including many into which I have not yet delved, but it certainly does everything I need to do as far as image maniuplation is concerned.

BOINC: I very much like the idea of digital philanthropy; if my box has idle time, why not donate it to a good cause? Well, the Berkeley Open Initiative for Network Computing (BOINC) client is a good way to go; there are dozens, if not hundreds, of scientific research projects to which you can donate your system's idle time via the BOINC client. My personal preference is World Community Grid, which has my systems currently working on genome sequencing and attacking the Ebola virus. Since I keep several of my systems running 24x7, there's lots of idle time while I'm sleeping - 'nuff said. (Personal request - if you decide to participate in WCG, use this link to register...and that widget on the right sidebar of this blog will pick up a "recruitment" badge. **grin**)

That isn't my complete list of "must have" apps, but it's a good start - feel free to add your favorites in the comments!