What does it take to start up a company ? What does it take to make that company cross platform compatible ? What hardware do you choose , what software do you choose ? What services do you go for ? What are the challenges, the easy bits and where does it all make you want to pull your hair out ? We answer those questions in this weeks podcast as we take a deep dive into the technology we selected and used to start up our own IT Consultancy company. Listen up ! You might learn something 🙂
- The difference between corporate and geek.
- Google Apps for Business
- Current laptop : Lenovo Twist.
- Thinkpad Yoga.
- Dell XPS 13
- Monitor Dell 29 inch Widescreen
- Multifunctional : C 2665Dnf
- That machine inside a Fiat 500.
When you think of it “having applications inside of a browser” might seem like a bizarre idea. However this IS the case when you take a look at Chrome and the Chrome OS. All chrome applications that are available in the store (and that turn your Chromebook from a porn-browsing paperweight into an actual “computer”) are also perfectly usable inside the chrome browser.
The great thing about these chrome extensions (or chrome apps) is that they are highly cross platform. Whether you are running chrome on your Chromebook, your windows or Linux machine or even on your mac : Chrome apps will look the same everywhere. The also have vastly the same possibilities (and limitations) everywhere. Most of them might not be usable if you are offline, but most of them do simulate a full fledged application (where it not that you KNOW they are running inside a browser). As we hop from OS to OS we write sweet love poems to the following list of chrome-apps for giving us a consistent and pleasurable experience .
Some chrome apps are just links to web services, and with the Feedly chrome-app there is not getting around it. Its basically a link to the web based interface of Feedly. The good thing is : Feedly looks good, its fast and it works. The Chrome app takes care of logging in for you and BOOM you are reading through your 2908383098 unread articles. Good luck with that.
“Oh – Ah” .. I want to read that later ! That’s something we scream about 4 times a day when we tread upon an interesting article that is just to long to read at that very moment. I hit the “save to pocket” icon in my top tool bar and the article gets saved (with pictures and everything) to Pocket. Whenever I feel that i’m browsing around aimlessly ( Facebook – newspaper- Reddit – 9gag – newspaper …) I punch up the Pocket extension and browse through the articles I saved earlier. Pocket also has a great mobile app that lets you read the articles offline on your mobile device AND have the articles read out to you with a text-to-speech function that sounds like Stephen Hawkings hot sister.
Here we can only say one thing : This is without a shadow of a doubt one of the very best Evernote clients for Linux. By the time that our popular note taking application to release a native Linux application, pigs will have colonised other planets. There have been some attempts by open source beard bearing goblins to make a client that interfaces with Evernotes API on Linux .. but the chrome app takes the cake. Sure it won’t work offline, but it IS the cleanest way to connect to your web based version of Evernote on ANY OS.
Why would one need Google drive when one has Dropbox or even the locally installed Google Drive client ? The answer is simple. This extension does not drop the Google files into your desktop ecosystem .. this IS the Google desktop ecosystem. Not only do you get easy access top all the files you have stored on Google Drive , you can also instantly access them in the very same window, regardless of your OS. Whether you would like to write a love poem to Miley Cirus, do a spreadsheet on how you will managed your finances one you marry her .. or draft up a slideshow on why a care-bear should be featured as your upcoming company logo .. its all right there in ONE window.
Without my calendar I am lost. Browsing over to my calendar in the cloud and logging in to enter an appointment ? I’m too lazy. The Google calendar extension gives you your calendar in a window at the click of a mouse. I love having the short cut to this Google app (Because that is what it is) on my desktop is just too darn handy.
In know I might be boring you to death with Chrome apps for “standard” Google services .. but they ARE the ones that do what they do just right. The cool thing is that these (native) Chrome apps do give you the luxury of a standard desktop applications like notifications and the ability to become the “default’ application for handling any email shortcuts.
Visio. Microsofts ‘Miauw Du Chat’ when it comes to drawing up complicated flowcharts or organisational charts that feature your name waaaay down the bottom. There aren’t a lot of replacements from this app in the cross platform world. Good thing that there is Gliffy, Gliffy is free and has all kinds of nice flowcharts and funky network diagrams for you to play with. Gliffy even lets you store them on line (all though the number of Flowcharts you can save is limited in the free version).
We all have brilliant idea’s. We just don’t have the brilliant idea to stuff something (like a piece of paper or a pencil) in our pocket to write them down. That’s not such a bad thing because pen and paper is a pretty shitty way to manage an entire brain fart. You want to be able to draw branches and sub-branches. You want to organise your thoughts into categories and subcategories . You want to do this anywhere and preferably .. for free. Enter Mindmeister. A great online mindmapping tool that works on any device that comes with a browser (except the Nintendo Wii). Aside from having native clients on IOS and Android that sync with the cloud, Mindmeister now also has its own chrome app. You can only store one or two acts of brilliancy online in the free version .. but nobody ever said that you should have just ONE brain dump per document.
The one thing you have to DO with TO-DO lists is keep track of your to-do’s. If your to-do’s are stored on different devices, one of the things you need to do is keep them in sync. Any.do does sport a native IOS and Android client that syncs your Todo list with the cloud. The great thing about its chrome app is that it creates a nice pop-up window that you can set to the side and keep track of your to-do list that way. Any-do is as polished as a native app and looks identical on every os. Love it !
Dropbox changed its terms of service so they can give you data to the Feds if they just ask for it, Ubuntu shuts down the online fileservice “Ubuntu One” : Who can you trust these days ? The great thing with cloud solutions is that they are on a server far far away, most of them are free and you never have to maintain them. The downside is that they are on a server far far away, they are free and you cannot maintain them. We give up a certain level of control for the convenience of the cloud. It would be of course far nicer if you had a service that offered you all the luxury of the products mentioned above .. but gave you full control, absolute privacy and a completely controlled solution. (and free ! It has to be free).
Do not fear : Owncloud is here.
Owncloud is a self hosted cloud solution that gives you the luxury of the cloud in the privacy of your own home (or on your own hosted environment). Its a cross platform webservice that gives you the ability to store files in the “cloud” and access them from anywhere, Sync those files with your desktop (like Dropbox) You can share your files with friends and access them using mobile clients on Android and IOS devices or a simple browser window.
Don’t trust the cloud with your Calendar and contacts ? Owncloud takes care of that too. Manage your contacts and calendars straight from Owncloud or sync them up with your mobile devices using open standards like .vcard and caldav.
Tired of the tracks on Groovebox or spotify ? Would you like to stream your music (and movies) from your own hard drive at home ? Owncloud even has an answer for that. The built in media player lets you access your library from anywhere as long as you sport at least a browser (AND some underwear .. Owncloud is classy like that).
Want to tie all of your different cloud services together ? Owncloud supports connecting external storage to the service (like network and usb drives) but can also connect to Dropbox and Google Docs, offering ALL those files up in one simple interface.
So what does it take ?
Installing Owncloud is pretty simple. All you need is a linux server and you can choose to install Owncloud either from the repositories (if you are using Ubuntu or Debian) or you can go and download version 6 straight from their website.
Owncloud is based on a web based server so you can access everything from port 80 and add some security by choosing to go for https to do your authentication (highly recommended). You can run it on your server at home OR on a webspace you rented somewhere (or if you are really lucking on your own hosted server in some datacenter). You don’t need a lot of power, but Owncloud does need some ram and some cpu power if it is going to manage and index thousands of files for you.
So how do I do it.
- You can install owncloud directly from the repositories in Ubuntu.
- You can download a ready-to-go Virtual machine (or preinstalled ISO image) of Owncloud on Turnkey Linux.
- You can go to the Owncloud website to download and install the package yourself (and its THE place to get the Desktop client
Find out more.
In all , Owncloud is a very powerful solution when it comes to hosting stuff yourself. It has come a long way since version 6 and I have been a big fan of the convenience, the cross platform compatible-ness (is that a word ?) and the sheer power of integrating multiple storage locations (usb drives, network drives, cloud storage) to ONE single web interface. Try it .. you’ll be on cloud 9.
So we showed you how powerful a good Google search could be this week. Time to turn to the dark side and give you some examples of how hackers can use these skills to get to some pretty scary things. To create a dangerous situation where the wrong information can fall into the wrong hands, you need 2 ingredients. Somebody who is stupid enough to put it online, and somebody who is clever enough to find it. Below are some pretty creepy examples of how some Google dorks spill some information that was supposed to be private.
Some juicy searches.
Some people write down their domain registration information in a .doc file .. and then put it on the internet. Whoever can put two and two together .. can steal their domain.
filetype:docx Domain Registrar $user $pass
How about finding product licence files for the Avast antivirus program ? Some of them are just up for grabs.
How about we go searching for a randomly published list of phonenumbers.
- allinurl:phonenumbers filetype:xls
Search for random resume’s that candidates (or their employees) put online.
- inurl:Curriculum Vitae filetype:pdf
How about some “Confidential Salary” documents that people put online. (we stood in awe at the first hit )
- ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential
Or take a peek at people’s random downloaded hotmail emails.
- inurl:getmsg.html intitle:hotmail
Its a little bit of history .. but how about a random netscape browser history file. (we giggled at THIS one)
And when combining this generic search query for root directories of certain FTP servers with a certain domain .. you can find out a lot. If you use it as listed below .. its just an interesting way to browse random file directories.
- intitle:”FTP root at”
Msn messenger does not exist anymore, but there are plenty of contact lists well stocked with juicy email addresses up for grabs.
- filetype:ctt “msn”
And the list goes on and on and on. Now, standing by themselves the Google searches above are quite harmless. They are too generic to do any harm and are only good for a chuckle. The dangerous part begins when these queries are targeted at a certain person, site our domain. Armed with ONLY their browser and an internet connection, the wrong people can find out all the right things they need to know to make you / your company / your website have a really bad day. Knowledge is power and it is also ambivalent. It can be used for good and for evil… So are you SURE that there is not digital flotsam with your username/passwords floating around on the internet ? Because once Google indexes it .. anybody with the right skills can find it.
Today on our Google Hacking week, we continue to use the Google search engine as a source for interesting information. In our previous posts we talked about finding and downloading certain kinds of files but today we are on the lookout for “juicy devices”.
The theory is quite simple : Most appliances like webcams, routers, copiers and more have web interfaces. A lot of different applications and services can also be controlled by a web interface. It’s easy and convenient when you can use the browser on your computer to configure and watch your webcam or change settings on your router while on your local lan. But what if those devices are hooked up directly to the internet ?
Any device that gets connected directly to the internet is at some point scanned and indexed by Google and if you enter the right search term you will be able to find it. The way we are looking for those devices and services today is by using the INURL option. Some web interfaces (to your router or webcam) have a very specific way their URL looks. By searching for those specific url types with the INURL option.. you can find some very cool stuff. If people have done their homework most of these services will be blocked by a unique login or password. But some people just use the default password … or even none at all.
Let us take you an a walk through the net with some very specific INURL Google Dorks.
- This one will get you some interesting webcams (some you can even control with your mouse). Look around and see if you can find the Giraffe Cam.
- More network camera’s here. This one is in some dorm/college. You can control the zoom and the direction of the camera.
- inurl:”:10000″ intext:”webmin”
- Remember we talked about WEBMIN ? This will give you a list of all webmin servers connected directly to the internet. most of them are protected by a password (we hope) .. but common usernames like ROOT and some generic passwords might get you in.
- This will get you a list of PLEX media servers where people can store music and movies to watch on any device (even across the internet). Most of them are locked down with a login/password. Some of them … are not. Happy streaming.
So you see : there are quite a few webservices out there that are inadvertently open to the indexing power of Google. Some clever searching and you can find them.
We close off by going by to our camera in the student dorm. Where is this ? A simple ping of the url gives us the following IP : 22.214.171.124 and by going to Whereisthisip.net we find out that its Sydney Australia. Its THAT simple.
Puzzling information together.
This might all look like fun and games, but badly secured devices are dangerous. Whether you have weirdo’s peeking through your accidentally-publicly-connected Ip camera, or random people printing out documents on your www-connected printer.. its never good. Using the Domain name, the IP and the registration information of the domain people can quickly find out where and even WHO you are. If you skip good security and don’t use passwords (or default passwords) .. it does not bode well for you. Hackers even use the INURL search to find specific webservers/services with vulnerabilities. All they then need to do is run some code to take advantage of the exploit .. and they are in. Hackers don’t NEED to search for your open Webmin server with the buggy (and vulnerable) version of the http code .. Google did it for them.