Archive for December, 2014

Going paperless with iPad – Screen Protection and Covers.

Sunday, December 28th, 2014

I had been meaning to write this follow-up for awhile but as with many things “Real life” can get in the way of fun things. Many issues delayed this and I do apologize.

During my initial research about writing with an iPad; I found a constant theme about protecting the iPad. In particular, the screen and a cover or case.

With writing; a screen protector was highly advised especially if your writing tool has a metal tip. If you tend to be a “heavy handed” writer then you have to have one.

Screen protection comes in two forms; a case which has one included or a sheet that you apply to the screen. I was not interested in a heavy duty case so I looked at the sheet version.

For screen protection; I had these requirements.

Sensitivity. A screen protector should not lesson the sensitivity of the screen. If you a writing, you could end up having to press harder and end up breaking your pen.

Glare. I did not see this mentioned in my research but it’s something to consider as you don’t want to have to use the iPad at wierd angles to avoid reflection.

Clarity. You don’t want to protect the screen and end up making it harder to read.

I have to admit I did not try all screen protectors out there. I was in research mode and one day on an impulse; I picked up Invisible Shield by ZAG. The box had all the requirements. It mentioned High Definition, it was for the iPad Air, it had a lifetime guarantee and it was military grade( why does military grade sound like it’s good? ). I was also intrigued by the claim of it being self healing.

Installation was pretty simple. Clean the screen, spray it with a solution that came with the kit, apply the shield, squeegee, and wipe off the excess.

One thing that will be a problem is if you have a dusty house with animals. Particle contamination is almost a guaranteed problem and will exacerbate people who can’t live with hair or particles under the screen protector. In my case, I found a hair and three dust particles under the screen. More on this later.

My first concern was the shield felt a little thick and it might affect the responsiveness of the touch screen. I tried a series of applications to gauge the sensitivity and found no noticeable degradation.

Glare was not an issue as light didn’t reflect nor did other things which might cause distraction. It was only with direct sun light that I noticed the hair and dust under the screen. However, the contamination was not as obvious in normal light.

Clarity was good though I did think it was a little darker but adjusting the screen lighting fixed it.

Zagg claims the Invisible Shield will self heal. I tried a couple minor things like indents and bends (pulling up part of the screen and resetting. I did find the screen did adjust and “self heal.”

There are many ways to protect your iPad. Covers, cases, carrying cases, covers which set-up into a “work position.”

Covers tended to be canvas or leather (probably pho-leather). I dismissed the canvas models outright. My daughter had one for her iPad and it wore out and fell apart. I did take an interest in the leather type but I didn’t see the one I wanted (probably pulled due to issues). I ended up dismissing the leather types as I thought they would be too bulky for work.

A case seemed to be the better idea as it would be more work friendly. I did not want the heavy duty type. They tended to have their own screen covers and are a little more bulky. I decided to use the simple plastic version which you “snapped” on the back. Simple protection for the iPad and I could use the Invisible Shield.

I searched Amazon and I found one with Captain America’s shield on the back (I loved the Captain America and Avengers movies).

The case snapped on and the experiment began. I was able to use this configuration for a couple weeks before problems with the Invisible Shield started. Edges started to ride up from the case as it wasn’t a clean fit. I would shove it under but it would ride up again. Dust and finger prints started to get under the exposed parts so I decided to remove the shield and clean it.

It sounded like a simple idea at the time; but I would later regret it. Using the spray, I was able to clear the particles that bugged me and I was able to clear the dust effected areas. All looked well. However, after I applied the shield and carefully attached the case; I found even more hair and particles under the screen. I tried working with it for a period of time but again edges came loose from usage. I decided to try and clean it one more time. This time I used the shower and steam to try and get the particles from flying around. It looked like it worked but direct sun light showed many dust particles and hairs.

If you have pets, it’s best to try and apply a screen somewhere else or even pay to have it done.

At this point I was tired of the effort to clean the screen. Even though I liked the Invisible Shield and my case; I decided to look into the heavy duty cases.

After reading many reviews, I decided to go with the SUPCASE Heavy Duty Beetle Defense by BrilloTech Inc. It was reasonably priced, it has two pieces with a built-in cover. Do watch the video for how to install it as the process can frustrate people.

I ran into the same contamination issue I had with the Invisible Shield but it was easily cleaned. Probably the hardest part was taking the set-up apart which time wise was not that long.

There is a noticeable increase in weight (I would guess about 9 or so ounces) but this is not a factor for me and I kind of liked the added protection. If I had to pick a bad aspect on the case, it would be the screen. It does reflect which can be an issue with bright direct light. Smudge is also an issue but the screen is easy to clean.

General use and writing have not been an issue.

Overall, the experience has been good and writing still works. You will have to press a little more but I don’t have complaints.

Next installment will be about writing tools and software.

PHPINFO on the home page

Wednesday, December 17th, 2014

A recent audit found the homepage of an Apache server with phpinfo() information displaying. Phpinfo() is a valuable debugging tool as it contains all EGPCS (Environment, GET, POST, Cookie, Server) data. Really useful for debugging and information gathering if you want to attack a system.

If you are not used to handling Apache, the obvious question is what to do?

The server in question for whatever reason; didn’t have a regular home page.  Probably a test environment or a “quick fix” for a problem.

The obvious solution is to get this information out of the home page.  A quick examination of the index.php file showed:

<?php
phpinfo();
?>

It would be simple to disable phpinfo() or remove the entry but the resulting page would be blank and to some in the PHP world; this is the “White Page of Death” which could cause confusion and waste time.

Since there wasn’t a home page; a simple print command was used to display a message.  For this example “hello:”

<?php
print("Hello");
?>

This eliminates the problem but we can go further by disabling phpinfo(). This is accomplished by a change in the php.ini file.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions
disable_functions = phpinfo

This requires restarting httpd.

phpinfo() can be restarted by simply placing a “;” in the disable_functions line and restarting httpd.

Audit answered; now back to our regularly scheduled entertainment.

The Windows Modules Installer Service keeps starting and stopping.

Friday, December 12th, 2014

While checking a performance issue on a Windows 2008 server; I noticed the system log had these messages logged every three minutes or so.

The Windows Modules Installer service entered the running state.
The Windows Error Reporting Service service entered the running state.
The start type of the Windows Modules Installer service was changed from /
   demand start to auto start.
The start type of the Windows Modules Installer service was changed from /
   auto start to demand start.
The Windows Modules Installer service entered the stopped state.
The Windows Error Reporting Service service entered the stopped state.

The application log showed these messages roughly the same period of time (I didn’t seriously compare):

Windows(R) Lightweight Directory Access Protocol (LDAP) failed a request to connect to /
   Active Directory Domain Services(R) for Windows user <domain\user>.
Without the corresponding UNIX identity of the Windows user, the user cannot access /
   Network File System (NFS) shared resources.
Verify that the Windows user is in Active Directory Domain Services and has access permissions.

I spoke to the users and they reported a previous experiment with NFS and they no longer needed the NFS service or client anymore. I removed the role and disabled the two services (server needed a reboot but it was in use).

The messages stopped.

Not sure why the modules installer was getting invoked and it wasn’t worth researching at this point.

I may look into it later.

Disabling phpinfo

Friday, December 12th, 2014

Penetration testing is something every IT group should perform as it can point out things which are often overlooked.

Such was the case of a small Apache server which uses PHP to provide an internal service. A recent PEN test showed the phpinfo function was enabled and it was the default page.

Phpinfo is a useful debugging tool as it will contain the EGPCS (Environment, GET, POST, Cookie, Server) data. This data is very useful for somebody who would want to attack the server. It is something that should be disabled.

If you never work with or rarely work with PHP, the obvious question is “How?”

Phpinfo is controlled through the php.ini file on the server. If the default parameters were used, it will exist in the /etc directory. If you are not sure, you can review the phpinfo information.  In my case, http://<server name or ip>  (I did mention this was a small server right?  Defaults).

There are other ways to disable the function but the best way is at the main php.ini file.

edit the php.ini file and look for disable_functions.

If you have a tightly controlled server, there will be other entries on that line.  Simply add :  ,phpinfo

In my case, the line looked like: disable_functions = phpinfo

After that, save your work and restart http by entering: service httpd restart

Phpinfo no longer displayed information.

Disable UAC on Windows 2012

Wednesday, December 3rd, 2014

I had a need to disable User Account Control on a server 2012 installation.

I had set UAC to “Never notify” but still ran into issues. I learned that UAC is not really disabled with server 2012.

I should note this goes against Microsoft’s best practices but sometimes you need to do that to get things done when a customer won’t give you time to research a better way.

You need to use Regedit and follow this steps.

  1. From a CMD or poweredit; type Regedit then hit enter
  2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  3. Double click on EnableLUA
  4. Change the Value data to a 0
  5. Click OK, then reboot the server

After that the error went away.

Normally, I would list the error but I had lost the message(this blog entry was on my todo).

Comparing processes between two computers

Tuesday, December 2nd, 2014

I am reading Don Jones’ book Learning Windows Powershell in a month of lunches and found one nice little sequence of commands which can do a diff between two lists of processes.

Every so often you can get the complaint of “why do these two computers have different run times when they are the same?”

A valid complaint which can take awhile to sort out. Obvious first steps would be to compare apps installed and what is running as sometimes the “smarter then you” engineers can install things without telling anybody.

One quick way would be to use a couple cmdlets and diff.  This was taken from page 41.

Use the computer which is running as expected as the reference computer.  Get a list of processes by entering:

Get-Process | Export-CliXML reference.xml

The CliXML can hold more information then the traditional CSV file.

After you have the file, you can run:

Diff -reference (Import-CliXML reference.xml) -difference (Get-Process -computername newserver) -property Name

The output centers on the name of each process and you will get <= and => to point out where it’s different.

This is a nice little trick to compare setups.  You can keep the reference file as a baseline for future issues on the same computer.

This will work with any of the get cmdlets.