If you’re running rails applications on Windows then you’ll be interested in or already use the mongrel_service gem. When I recently (today) tried to install it on a new computer I had trouble because it didn’t want to install the dependencies. Apparently it requires a version of the win32-service gem >= 0.5.2 but < 0.6.0

Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.  C:\Documents and Settings\Administrator>gem install win32-service -v 0.5.2 C:\Documents and Settings\Administrator>gem install mongrel_service

should do the trick

UPDATE: Apparently using w32-service causes problems whenever you have defined a class named service. Just be aware that its going to cause it to use w32-services service class rather than you’re own, regardless of whether you’re running mongrel as a service (it won’t happen if you don’t run mongrel).

There are supposedly 10 laws of security. Laws that are a firm basis for understanding computer security. They’re obviously not the be all and end all of computing security, but for beginners and those that aren’t going to focus on security they’re an important start.

The Ten Immutable Laws of Security

Microsoft’s Security Response Center Manager, Scott Culp, as a part of his job produced a list He calls “The Ten Immutable Laws of Security.”

They are:

1. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
4. If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
5. Weak passwords trump strong security.
6. A machine is only as secure as the administrator is trustworthy.
7. Encrypted data is only as secure as the decryption key.
8. An out-of-date virus scanner is only marginally better than no virus scanner at all.
9. Absolute anonymity isn’t practical, in real life or on the Web
10. Technology is not a panacea.

Even without further explanation (which is available from here) it is a fairly straight forward and common sense list of laws.

Law 0

The fact is that these laws don’t go far enough towards describing the problems that are faced by everyday users on the internet. Security people often forget that its not just big companies that are the target of attacks; they may indeed be the target of more personalized attacks

1. If you can’t read the source code for your operating system (and applications) then it’s not your computer anymore.

I hate being the open source advocate, but the fact remains that if you and the community can’t get into the source code for auditing and patching purposes then its not your computer its Microsoft’s. You are essentially relying on their good will and the competency of their programmers to protect you against any flaws in the operating system that may let attackers in.

Microsoft has in the recent past finally hopped on the security band wagon, they’re better than they used to be, but its still them against the world, and in practical terms this makes for an impossible situation. The odds are that one of the millions of hackers is going to find it before Microsoft does. Even with their ability to look at the source code they’re still vastly outnumbered.

Open Source

Open Source is not a complete solution to this problem, but its better. The millions of security researchers out there, the developer community and the general public all get the chance to look for flaws in the code. Immediately once it’s discovered a patch is written for it. Unlike a situation where you have to wait for a company to release a patch, you have the ability to patch the problem yourself, its not you against the world though. It’s you and every other technically competent person that uses that particular software against the world.
Yes, hackers have the same opportunity of finding the flaws. But the playing field is more level. Even if they do find a flaw, chances are that it’ll be patched much more quickly than if millions of eyes weren’t looking at the source code.

Open Source vs. the Other Ten

When you look at open source as a solution to the problem above; it puts them in a whole new light. Let’s start with No. 7, not because of the fact that it’s a good number, more the fact that it has long been the belief of the scientific community that closed encryption algorithms are useless.

1. Encrypted data is only as secure as the decryption key.

While this deals with the key that is used to encrypt the data I would go further and say, that encrypted data is only as secure as the Algorithm and Key that is used to encrypt the data. It doesn’t take genius to work out that even if I encrypt my information using my own proprietary method that doesn’t mean that it’s safe. Unless someone else can test my encryption method, and try and break it, I have no way of knowing whether my information is protected by the encryption; because, I have no way of knowing whether my encryption algorithm is sound, or whether there are fatal flaws in my design.
History is littered with examples of this, and if you look closely at companies like RSA you will notice that they post challenges, trying to get people to break their encryption.More importantly if you can’t look at the encryption algorithm and analyse it for yourself, how are you to know that the creator hasn’t put in a backdoor for themselves, or governments to use.

Watching the Watchers

An out-of-date virus scanner is only marginally better than no virus scanner at all.

Nearly everyone that I know, knows to use a virus scanner now, its slightly harder getting them to workout Spyware and AntiSpyware programs, but here’s the twist, if you can’t look at the internals of the anti virus, how do you know that its doing an adequate job of protecting you.
I’m not trying to say you should be using Linux because of the fact that it is less prone to viruses, the fact is that most viruses are written for windows, and if everyone switched to Linux, then those same people would target Linux. It remains to be seen how well Linux would respond to this kind of problem.
What I am saying is the applications that you pay good money for, you subscribe to a service by Symantec or McAfee, and you really have no idea how well you are being protected. The same goes for firewalls, and any other piece of security software that you use to protect your computer. If you can’t look at the internals then you have no idea what the application is really doing.
You can apply this same principal to at least some of the other laws, and in truth it serves to cement the 0^th law in place.

Regarding Patches

It is not often that I have the chance to talk about security, but one of the things that occurred to me in my day to day work is the fact that Microsoft’s move to allow only ‘Genuine’ users to download patches and applications, most notably SP2 and Microsoft AntiSpyware, was a foolish one.
Regardless, of the fact that most if not all of my clients have legal copies of Windows, it is rare that they keep them patched and up to date (I tend to fix this), but it leads me to believe that there is a large number of legal windows users out there that don’t patch their computers properly.
Now, it’s not overly smart of them, but the fact of the matter is that denying patches and other downloads to ‘non genuine’ users, ends up negatively affecting even those with legal copies in a round about way; look at it like this:
the greater the number of unpatched computers on a given network, the more chance that a bad guy/worm will get in.”
This is easy to apply, but what is more important is that it takes into account not just small local networks, but the internet as well. The more unpatched computers that remain on the internet, the more chance that the bad guy will get control of them; and the more computers that are either part of botnets, or infected by viruses the easier it is for it to spread, or the attacker to use the given host as a base for another attack.

A Note on Piracy

I’m not in anyway condoning & supporting piracy, but there comes a point when you need to accept that a problem isn’t going to be solved and make smart moves. Becoming tight and vindictive about piracy only makes the given company *cough*Sony*cough* look bad.
Locking your legitimate users out is bad methodology, and putting so many ‘copy protection’ methods into a given technology that it negatively affects it is not healthy either. Security is important, but it needs to protect the interests of the user not the interests of the greedy Mega Corporation.

Round 1

Everybody seems to be going nuts over the ‘Open Source Movement’ at the moment; it’s become very hip to cheat programmers out of a living. Linux is maturing nicely and with it comes a wave of wannabe revolutionaries. Yet for all Linux and the open source movement’s glory, I’m still primarily using a Windows PC. Sure I’ll be the first to admit that I chuck in a Linux HD every so often and tinker around, but for the most part at the end of the day I find myself using Microsoft Windows XP.

Where Linux doesn’t measure up

Serious tools, for serious users. The open source movement has scored a couple of really useful and widespread tools, Apache being a perfect example, it has some excellent documentation, but on loading it up on my laptop I still have to deal with a number of issues that I wouldn’t have to deal with under Windows. Lets see,

To get a decent video resolution I have to install the NVIDIA driver, which I also have to do under windows, but under linux it doesn’t just compile, no I have to download the kernel source for the kernel that I’m currently running. Eventually the driver will compile, once done I go looking for the config file, so that I can change ‘nv’ to ‘nvidia’ why it can’t do it itself is anyone’s guess, my windows driver installs with a minimum of fuss why can’t my Linux one do likewise.

Enter my wireless adaptor. Linux does support it, and I did eventually get it to work, but only after I recompiled my kernel a couple of times, doing the Chumpeka mating dance, and praying for divine help; although not necessarily in that order. Functionally this is unacceptable, I’m an advanced user (if I do say so myself), while they have certainly made compiling kernels easier in recent times, there is no way a beginner is going to be technically adept enough to configure the (Intel 2915ABG) wireless card under linux.

Enough with the hardware

The level of configuration tools varies widely between the different distros, regardless of which one you use, the end-user tools you are provided with come nowhere near measuring up to the control panel and administrative tools that are provided (and for the most part taken for granted) by Windows Users. All the important configuration options can be found in one place, and while not perfect they are a damn sight better than the level of configuration that is provided by any of the various Linux desktop environments.

I’m not talking command line tools, nobody but nobody is going to argue which operating system has a superior command line, but the majority of plebs out there run into trouble remembering passwords, let alone a myriad of arcane commands and arguments.

Slack Programmers

There is a fundamental problem with developing end-user applications & tools on your own time, and for little or no money. Where a traditional company has to maintain a level of professionalism, and develop programs that are well rounded, and well supported. The open source community has no such responsibility. While some of the bigger projects DO offer a level of professionalism, time and a again I find tools that are not quite polished enough to be considered ‘good’, the author has lost interest, and because of the fact that they didn’t write the program well enough in the first place no one, will (or is stupid enough too) step into the breach.

Update: There are now much better ways of installing an X Server on windows (for details start with the XMing project)

The primary focus of this document is setting up Cygwin on a given client computer so that it can see graphics as sent from the server. Most of the configuration is done at a client level, however there are minor modifications that also need to be made at a server level.

Installing Cygwin

For the uninitiated Cygwin is a free application, it can be installed on windows to simulate the Linux OS. Since our server runs on Linux this is a very good thing. You can start by getting the installer from http://www.cygwin.org.

Rather than duplicating an existing document, follow the install procedures found at this site:

http://x.cygwin.com/docs/ug/setup-cygwin-x-installing.html

Configuring Cygwin

The installation will take a while to download the packages depending on your connection speed and the server that you selected to download from. Once installed it is simply a matter of configuring Cygwin to take connections from remote hosts (it defaults to not allowing remote connections). This is file that you want to:

C:\Cygwin\usr\X11R6\bin\startxwin.bat

Right down the bottom of the file you will find the following lines:

run XWin -multiwindow -clipboard -silent-dup-error

REM Startup an xterm, using bash as the shell.

run xterm -e /usr/bin/bash -l

Change it so that it looks like this:

run XWin -multiwindow -clipboard -silent-dup-error

run xhost +

REM Startup an xterm, using bash as the shell.

REM run xterm -e /usr/bin/bash -l

Adding the ‘run xhost +’ line tells it to allow any host to send graphics to your computer. Alternately you can specify an exact IP address after the plus to only allow that computer to send the graphics. Additionally you’ll want to put a ‘REM’ in front of the ‘run xterm’ line otherwise it will pop up a window every time you start it. Save the file and put a copy into your startup directory. If you double click it now you should see a little ‘X’ icon appear in the system tray at the bottom right of the screen. Your computer is now ready to receive images.

Setting up the Server

It is possible that your server is already setup correctly, but we’ll need to check to make sure that it’s got the correct address when its trying to send the images out. You can check this from within Pinnacle, you should see in the top right hand corner an IP address, four numbers separated by dots(e.g. 192.168.0.25) if its there is a number there you can skip right on to testing the images from within pinnacle. If not I’ll need to edit some file. Give me a call

That’s it. Hopefully you have been rewarded with some images. If not give us a call and we’ll work something out.