Wednesday, August 1, 2007

Living with Linux on the Laptop: Reflecting on It Later

I simply couldn't devote any more time to the Linux on My Laptop experiment. It was an extremely interesting and, in spite of the frustrations, enjoyable experience. I'm very glad I did it and will attempt it again in the future...maybe over the Christmas holidays.

Some thoughts...

I ran into similar issues when I tried to put Vista on my laptop. The lesson is not whether Vista or Linux (or whatever O.S.) is any good or not. The issue is finding hardware that is compatible with your operating system and applications. If I were a rich guy, I'd go buy a laptop that's certified for Linux and I'll bet it would work great.

I was approaching the experiment originally from the perspective of seeing if Linux is ready for "Ma and Pa", but the way I did it is not a valid "Ma and Pa" kind of test. "Ma and Pa" should not be installing operating systems today, whether it's Vista, Linux, XP, or whatever. So, is Linux ready for "Ma and Pa"? I can't say. If "Ma and Pa" pick up a pre-configured Linux laptop at Wal-Mart and all they want to do is surf the Web, check email, and do some word processing, Linux is probably fine, especially if it's Ubuntu. Is it ready for the enterprise? Sure, if you have an IT department to support it, but isn't that the same for Windows?

I see three areas where Windows offers benefits over Linux: Availability of mainstream applications (this is improving, but it has a long way to go), familiarity, and ease of integration (for example, Outlook and Exchange). People, in general, are just more familiar and therefore more comfortable with Windows, in spite of its quirks and limitations. Frankly, it's the same reason there are still people running Windows 98. They're familiar with it and they don't see a need (or benefit) to change. The benefit that Linux and open-source software offer over Windows and commercial software is freedom: freedom to experiment, freedom to customize, and freedom from licensing issues. It's not even the cost of the the licensing that is the issue; it's the frustration (and fear) of ensuring licensing compliance that makes open-source so attractive.

What draws me to Windows? Habit and simplicity that comes from familiarity, plus the simplicity of integrated solutions. What draws me to Linux? Freedom.

Friday, July 27, 2007

Password Recovery on the Cisco ASA Security Appliance

In this blog post, I’ll explain how to perform a password “reset” on your Cisco ASA security appliance. The more commonly used term for this procedure is “password recovery” which is left over from the days when you could actually view passwords in configuration files in plain text. Today, such passwords are encrypted and not actually recoverable. Instead, you will gain access to the appliance via the console port and reset the password(s) to known values.

This procedure requires physical access to the device. You will power-cycle your appliance. You will then interrupt the boot process and change the configuration register value to prevent the appliance from reading its stored configuration at boot. Since the device ignores its saved configuration on boot, you are able to access its configuration modes without passwords. Once you’re in configuration mode, you will load the saved configuration from flash memory, change the passwords to a known value, change the configuration register value to tell the device to load its saved configuration on boot, and reload the device.

Caution: As with all configuration procedures, these procedures should be tested in a laboratory environment prior to usage in a production environment to ensure suitability for your situation.

The following steps were designed using a Cisco ASA 5505 Security Appliance. They are not appropriate for a Cisco PIX Firewall appliance.

Power-cycle your security appliance.

When prompted, press Esc to interrupt the boot process and enter ROM Monitor mode.You should immediately see a rommon prompt (rommon #0>).

At the rommon prompt, enter the confreg command to view the current configuration register setting:

rommon #0>confreg

The current configuration register should be the default of 0×01 (it will actually display as 0×00000001). The security appliance will ask if you want to make changes to the configuration register. Answer no when prompted.

You must change the configuration register to 0×41, which tells the appliance to ignore its saved (startup) configuration upon boot:

rommon #1>confreg 0×41

Reset the appliance with the boot command:

rommon #2>boot

Notice that the security appliance ignores its startup configuration during the boot process. When it finishes booting, you should see a generic User Mode prompt:

ciscoasa>

Enter the enable command to enter Privileged Mode. When the appliance prompts you for a password, simply press (at this point, the password is blank):

ciscoasa>enable
Password:
ciscoasa#

Copy the startup configuration file into the running configuration with the following command:

ciscoasa#copy startup-config running-config
Destination filename [running-config]?

The previously saved configuration is now the active configuration, but since the security appliance is already in Privileged Mode, privileged access is not disabled. Next, in configuration mode, enter the following command to change the Privileged Mode password to a known value (in this case, we’ll use the password system):

asa#conf t
asa(config)#enable password system

While still in Configuration Mode, reset the configuration register to the default of 0×01 to force the security appliance to read its startup configuration on boot:

asa(config)#config-register 0×01

Use the following commands to view the configuration register setting:

asa(config)#show version

At bottom of the output of the show version command, you should see the following statement:

Configuration register is 0×41 (will be 0×1 at next reload)

Save the current configuration with the copy run start command to make the above changes persistent:

asa#copy run start
Source filename [running-config]

Reload the security appliance:

asa# reload
System config has been modified. Save? [Y]es/[N]o:yes

Cryptochecksum: e87f1433 54896e6b 4e21d072 d71a9cbf2149 bytes copied in 1.480 secs (2149 bytes/sec)Proceed with reload? [confirm]

When your security appliance reloads, you should be able to use your newly reset password to enter privileged mode.

Learn more about working with Cisco ASA Security Appliances in our two-day Cisco ASA Training Seminar. Click here for details

Monday, June 25, 2007

Living with Linux on the Laptop: Nvidia drivers and Ubuntu Feisty Fawn

I got Ubuntu installed and all appeared to be well until I decided to try enabling desktop effects. Ubuntu prompted me to install the included nVidia driver and X stopped working. I decided to start from scratch since I wasn’t very far along and download the nVidia Linux drivers from the nVidia website. Problem was that they required me to run in a CLI which Ubuntu doesn’t like. I finally tried running in recovery mode, but got an error saying it needed the libc development libaries. Ran “apt-get install build-essential” to install libc. Got libc installed with no problem, but the video is still not working.

Here’s what’s going through my head: What I’m trying to do (run in essentially a dual-monitor config) is a little out of the main stream, but not far. There are plenty of people who need to do this and, if I’m struggling with it, it would be absolutely maddening to a regular user. It’s entirely possible, perhaps likely, that this same experiment done on a different laptop would work perfectly well. Ubuntu is designed to be incredibly easy to use and all indications are that it is, but it didn’t work for me in this one particular area. Unfortunately, this area is a dealbreaker. If I can’t see video on both my laptop display and on the projection screen, I can’t do my job (at least not as well as I’d like). I can’t spend any more time on this issue right now. I will have some time next week to mess around with it some more. I’m thinking I’ll try a different distro…perhaps Gentoo.

Sunday, June 24, 2007

Living with Linux on the Laptop: Updating Ubuntu

Just did the updates. I decided to use the GUI and it’s very slick. Simply tell it to check for updates. It found 71 (apps, libraries, no real surprises) and applied them seamlessly. Requires a restart. After the reboot, I’m going to fool around with updates and installs via the CLI. I assume it uses apt. Guess I’ll find out soon enough.

Linux on My Laptop: The Next Attempt

I’ve spent a few days away from this experiment and am trying it from a different angle. Today, I just finished loading Ubuntu 7.0.4 Desktop version on my Toshiba. This was the first time I’d attempted a standard, physical machine install of Ubuntu and I’ve got to say I’m impressed. It was extremely easy. There was no need to visit the Nvidia website to update drivers. Wireless connected just as easily as Fedora 7 did. It’s interesting how the default configuration of Ubuntu desktop lets you sudo with your regular username’s password. I’m sure I’ll find lots of surprises just by virtue of the fact that I haven’t spent a lot of time with either Ubuntu or Debian. I’m actually pretty excited about getting a different perspective on Linux than my current view as a user of Slackware and RedHat (Fedora). I’m writing this from within Ubuntu and Firefox. Obviously, I’m going to do the usual checking for updates, then I’ll go about configuring it with software. The first thing I’ll try (if you’ve read the previous posts) will be running in a dual monitor config. More soon.

Thursday, June 21, 2007

Linux on the Laptop: What’s Next in My Experiement

I’ve had a couple of days to cool off after getting frustrated with Fedora 7. As I mentioned in my last blog entry, it may have been a mistake to attempt the experiment with a “bleeding edge” distro, so this weekend I’m going to attempt the same thing with Ubuntu. I’ll report back on my progress, but obviously the first thing I’ll check is compatibility with dual monitors!

Tuesday, June 19, 2007

Living with Linux on the Laptop: Dual Displays

It’s still not working, but Nvidia’s website has a couple of articles that look relevant, one in particular is here. My problem is that I have plenty of other things to do than keep chasing after this and I’m starting to get frustrated. I going to take a break from this for a while. Maybe I’ll work on it again tomorrow. Maybe it’s just Fedora 7 which is, after all, a “bleeding edge” distro. I’m beginning to think I should have been a little more conservative in my choice of distros. Somebody please tell me that it’s simpler on other distros!

Living with Linux on the Laptop: More on the Dealbreaker

I finally broke down and configured the laptop’s BIOS settings to send output to both the built-in LCD panel and the RGB video output on boot. That’s not at all what I want. I want the Fn+F5 key combo to work, but this might be an acceptable short-term compromise. I got excited because, prior to X starting, I was seeing the boot messages perfectly on both the built-in LCD panel and on the projection screen. When I started X, however, the display was garbled and unusable. I went into the Nvidia server configuration applet and mucked around a bit. I finally got the two displays to look okay…just okay, but it could have worked except that I couldn’t see my mouse pointer on the built-in LCD. I could only see it on the projection screen. Aiiiiiieeeeee! This is waaaaay too much effort. I wonder if SuSE or Ubuntu is any easier. I had actually considered doing this experiment with Slackware, which although lacking a lot of the automated tools of other distros, almost always seems to work. I’m going to do some research at the Nvidia site and elsewhere, but it looks like it’s going to be Windows again tomorrow.

Living with Linux on the Laptop: Terminal Emulation

Obviously, if I’m teaching a Cisco class, I need console access to the devices (in this case ASA 5505 firewalls). If you’re not familiar with how to manage Cisco devices, it’s traditionally done by connecting a console cable to an RJ45 connector on the Cisco box and the other end to a DB9 serial connector on one of your PC’s com ports. Problem is that most laptops today don’t have serial ports on them, so you have to use a USB-to-Serial adapter. The cheapest one I could find was an Airlink 101 adapter. I wondered about drivers and compatibility (of course, the Airlink site had nothing in the way of support for doing this under Linux). I plugged it in and ran the command less /etc/sysconfig/hwconf to see if Linux would recognize it and it did! (Linux actually recognized it as a Prolific Technology Inc. USB-Serial Controller.) So, now the challenge is figuring our exactly how Linux sees it within the file system. I did an ls /dev/tty* command and sure enough, there was /dev/ttyUSB0. I configured minicom to use that as its serial device and it worked. This is the kind of stuff that makes IT fun. (If you agree, then you get it. If you’re rolling your eyes, IT ain’t for you!)

Living with Linux on the Laptop: Graphics

Now, I’m working with graphics. I use Fireworks for graphics manipulation. I’m no graphic artist, but I do need to do simple stuff like removing a picture from its background and then making a transparent background for it. That allows images to appear to float against a black background in PowerPoint (now OpenOffice Presentation). So…I opened up the GIMP to do the treatment to an image of a firewall appliance. Well, this is not very intuitive! I’ll work through some of the tutorial tonight and see what happens.

Living with Linux on the Laptop: More on Evolution

I’ve been using Evolution as my email/calendar/contacts/tasks application for a day and find myself missing Outlook. Evolution’s Exchange connector is clunky…it connects through Outlook Web Access and it’s slow, plus it’s offline mode is awkward to use. It requests authentication several times, then times out. After it times out, you can finally select to work offline. Then, when you come back online, it takes a long time to re-sync the folders. Clunky. Maybe it’s better with GroupWise or other collaboration software, but I find it frustrating with Exchange. Of course, maybe it's something in the config that I need to change.

Living with Linux on the Laptop: The Dealbreaker

So, I was very excited this morning to start teaching my class using Linux, Open Office, Xine, minicom, etc., but then the dealbreaker happened. As a trainer, I need to have my laptop display active at the same time as my projector and, when I powered up my laptop while it was connected to the projector, the projector worked fine, but the laptop screen was blank and the Toshiba function key (Fn+F5) used to toggle between displays had no effect. (Of course it doesn't work; the Toshiba utilities are for Windows machines.) This sucks! I’ve been Googling and Yahoo’ing like crazy trying to find a solution and, so far, no luck. This means I have to go back to Windows, at least for the time being, but I’ll keep working on it and let you know what I find.

Living with Linux on the Laptop: VMWare

Installed VMWare Workstation 6.0 for Linux. (I know, VMWare Server is free, as is Xen, but I use many of the aspects of VMWare workstation while I’m teaching, so I need to see how it works in Linux.) Looking forward to trying it.

Just tried to load an existing Win XP VM and got a file error. Something about failing to lock the file. I doubt that this is a Linux or VMWare issue. I suspect it may have something to do with a VM in a suspended state that was moved to my Linux machine. More stuff to work on.

Living with Linux on the Laptop: Adding Fonts

I want to be able to use our company’s standard font Optima in various documents and am struggling to figure out how to install a font. This has to be extremely easy and just something I’ve overlooked, but I’m starting to feel like a moron.

FINALLY…http://www.linux.org.mt/node/51#N10047 has details on adding fonts. The problem is that, although the fonts appear in Linux, they’re not (so far) recognized by OpenOffice. OpenOffice has some documentation on it, so we’ll see how that goes. I’ll work with it later.

Hmmm…as with Windows, reboots work wonders. According to the OpenOffice documentation, if Xwindows can see the fonts, OpenOffice should as well. That didn’t happen instantly, but following an unrelated reboot, OpenOffice is now seeing the fonts I installed per www.linux.org.

Living with Linux on the Laptop: Adding Flash and Java

This was incredibly easy. Added the Adobe repository for yum updates (http://macromedia.mplug.org/macromedia-i386.repo) to /etc/yum.repos.d, then added support for Flash with this command:

#yum -y install flash-plugin

I installed the Java plugin by downloading it and using the instructions at http://www.java.com/

Living with Linux on the Laptop: Configuring the Software

Obviously, one of the keys to using any computer today is support for email. Janet and I use Exchange extensively for collaboration, contacts, calendaring, tasks, and email, so this is one of the “deal-breaker” components.

I chose Evolution for it’s ability to somewhat closely emulate Outlook. In order to use it with Exchange, I added support for MS Exchange in Evolution client. I didn’t know for sure that Exchange was still supported, although previous versions of Evolution included native Exchange support, so I did a yum search for "exchange" (”yum search exchange”) and found evolution-connector.i386. I installed it (yum install evolution-connector.i386) with no problems, but then the fun began.

We use 1and1 as our Exchange provider and they don’t support anything out of the ordinary (and don’t even THINK of calling them for tech support!). So, I struggled with connecting to 1and1’s Exchange server. After many different configs, I finally got it working with my 1and1 username (e1600XXXX) by itself and the OWA URL http://exchange.1and1.com/exchange.

I found a great resource for configuring Linux on the desktop at www.gagme.com. I added the Xine DVD player, per suggestion at http://www.gagme.com/greg/linux/f7-tips.php:

yum -y install xine xine-lib xine-skins xine-lib-extras-nonfree libdvdcss

I then configured Xine to be the default player of DVDs with the following commands:

gconftool-2 –set /desktop/gnome/volume_manager/autoplay_dvd_command \’xine –auto-play –auto-scan dvd’ 'type=’string’

Added support for MP3s in XMMS and Rhythmbox:

yum -y install xmms xmms-mp3 xmms-faad2 gstreamer-plugins-ugly libmad libid3tag

The guy at gagme.com recommended banshee, so I installed it. Thoughts about it later…maybe. (By the way, I’m actually writing about this as I’m doing it, but some of this is on a plane or in other places where I don’t have Internet access, so some of the posting dates/times may seem oddly close together even though I didn’t write this stuff all at once.)

Monday, June 18, 2007

Living with Linux on the Laptop: The Install and Initial Setup

I installed Fedora 7. There’s tons of great documentation on that (check out http://www.howtoforge.com/), so I won’t do the details of that.

The screen looked terrible, so I researched that and discovered that I needed to add drivers for the video card (that’s not as obvious as you might think…the Linux kernel supports tons of different devices out of the box). Anyway, I added support for the Nvidia gforce card. It was easy to find the drivers (the most recent one I could find at the time was 100.14.09 and earlier ones didn’t work) at the Nvidia website and installation procedures were well-documented. The command to install was (all on a single line):

sh /root/Desktop/NVIDIA-Linux-x86-100.14.09-pkg1.run

Fought with wireless configuration for about an hour until I realized that I just wasn’t detecting the access point. Duh. I was in a room some distance from the AP, but it had usually worked in the past. When I got closer to the access point, Fedora found two wireless networks and notified me right away. When I chose mine, which is protected with WPA-PSK, it asked me for the key and immediately connected me. Very slick.

Living with Linux on the Laptop: A Week with the Penguin

I’ve been using Linux in my server racks for a long time. I’ve been teaching Linux for a long time. I’ve just never really used it on the laptop or the desktop, so I decided to make an honest man out of myself. I’ve got a week of teaching PIX/ASA firewall classes which doesn’t require much other than a good terminal program, so this is a great week to put Linux to the test on the desktop.

I have no loyalty to any operating system. They are, after all, just operating systems; mere tools for solving workplace problems. (I don’t understand people who get passionate about operating systems…art, sure…music, of course...sports, naturally, but operating systems…oh, please.)

In the interest of full disclosure, I am a small Microsoft shareholder, but that has nothing to do with technology and everything to do with the fact that I think it’s a good investment.

Anyway, I decided to see what a week with Linux on my laptop would be like. I’ve got a four-year-old Toshiba Satellite M35-S359. I chose Fedora 7 because I know Red Hat products better than any of the other Linux distros. Lots of people like Ubuntu or SuSE. Again, I have no loyalty to Red Hat, but I do know it better than other distros and I like some of the tools supported by Fedora (such as yum and the “service” scripts). So, for the next week (at least), I’m committed to living with Linux on my laptop and seeing what I think and I’ll share it with you.

A couple of comments from the start: There are some applications I use regularly that simply aren’t available for Linux including Quickbooks and Visio. I’m prepared to run them either in a VM or on a desktop computer at my office which I’ll access through Remote Desktop. In essence, what you’ve got here is an IT guy in the role of a regular user (okay, a power user, but still a user nonetheless) with Linux on his laptop. So, here goes…