Networking

Installing Ubuntu in the VirtualBox Hypervisor

To install a hypervisor in Windows 11 and install Ubuntu, you follow these steps:

1. Check your PC’s virtualization support: Before installing a hypervisor, make sure that your PC supports virtualization technology. To do this, you can check your PC’s BIOS or UEFI settings. Look for an option named “Virtualization Technology” or “Intel VT-x” and make sure that it’s enabled. My observation is that PCs made after 2015 generally support virtualization. Many older PCs do also.
2. Download VirtualBox.

a. Go to the VirtualBox website (https://www.virtualbox.org/wiki/Downloads) and download the latest version of VirtualBox for Windows hosts.

b. Double-click on the downloaded file and follow the installation wizard to install VirtualBox on your PC.

1. Download the Ubuntu ISO: Next, you need to download the Ubuntu ISO file from the official website (https://ubuntu.com/download). Make sure to select the correct version for your system architecture (32-bit or 64-bit).
2. Create a new virtual machine in VirtualBox: Once you have VirtualBox installed and the Ubuntu ISO downloaded, create a new virtual machine to install Ubuntu.

a. Open VirtualBox and click on the “New” button.

b. In the “Name and Operating System” window, give your virtual machine a name and select “Linux” as the type and “Ubuntu” as the version.

c. Choose the amount of RAM to allocate to the virtual machine. Ubuntu requires at least 2GB of RAM, but you can allocate more if your PC has enough. I prefer at least 8GB but try to allocate 16GB in general.

d. Create a new virtual hard disk or select an existing one. Make sure to allocate enough storage space for your Ubuntu installation.

1. Configure the virtual machine settings: Before installing Ubuntu, configure the virtual machine settings.

a. Select the newly created virtual machine and click on “Settings.”

b. In the “System” tab, make sure that “Enable EFI (special OSes only)” is checked.

c. In the “Storage” tab, click on the “Empty” CD/DVD drive and then click on the “Choose Virtual Optical Disk File” button.

d. Browse to the location where you saved the Ubuntu ISO file and select it.

1. Install Ubuntu: With the virtual machine configured, install Ubuntu.

a. Start the virtual machine and select “Install Ubuntu” from the boot menu.

b. Follow the Ubuntu installation wizard to install Ubuntu on the virtual machine. Choose to install Ubuntu alongside Windows or erase the disk and install Ubuntu only.

c. Once the installation is complete, restart the virtual machine and boot into Ubuntu.

7. Install updates to Ubuntu. Open up Terminal after logging in and execute the following commands:

a. sudo apt-get update

b. sudo apt-get upgrade

Anyone Can Launch a Balloon to Fly Over China

Anyone can launch a balloon to fly over China, including you and me. We do not need to ask for permission from the US government. In some cases, we do not even need to tell the authorities. For around $100,000 or less, a normal person can use a balloon to take high-quality pictures and listen to radio signals over the Chinese mainland. For just $1,000, a smaller balloon can fly over China and gather some information. You could even put your name on the side of the balloon!

In May 2022, I went with one of my sons to the Dayton Hamvention in Dayton, OH. This yearly convention is the largest amateur radio convention and show in the US. One of the people we wanted to meet there was Tom Medlin. His ham call sign is W5KUB. Google him. I have been interested in balloons for many years and Tom is probably the foremost expert on high altitude balloons carrying amateur radio and other payloads. Here are a few thoughts based on my research and Tom’s seminar:

Regular birthday balloons made of mylar, like the ones you can buy at Party City, can travel around the world. They are usually 18 to 24 inches in diameter and filled with helium. If you choose carefully, you can attach things like solar panels, a computer, GPS, and a low-powered shortwave radio to the balloon. They may even have a temperature sensor. You can find plans for this online.

The amount of helium in the balloon and the weight of the electronics are carefully chosen. The relationship between the two determines the cruising altitude of the balloon. There are fairly simple mathematical formulas for this. Typical balloons intended to float around the world fly at around 40000ft above the ground. This keeps them above most thunderstorms but still in the upper currents of the jet stream. The jet stream propels them naturally. No engines or fuel are required.

Balloons like that, launched from the US, will almost always fly over the Atlantic, through Southern Europe or North Africa, through the Middle East and Central Asia. Before crossing the Pacific and reappearing over the United States, they fly over China. My United States shot down a balloon over Alaska with this flight pattern on February 10, 2023. Another was shot down over Canada the next day. Each shoot down costs well over $1M.

Remember that there are no permits required for such a balloon. And there is no requirement to notify the government. Design it and then let it go. That’s it! The total cost is $1,000 or less.

Larger balloons are also readily available for purchase online. The larger the balloon, the more helium it can hold. The more helium it can hold, the larger the payload can be. Huge balloons are available for $100-$200. A larger balloon could carry a high-resolution camera, purchased from Amazon, and even a radio receiver capable of recording a wide swatch of frequencies – from Chinese TV to cell phone and military communications. Decent receivers are also available on Amazon for less than $100. Most are Made in China and are marked that way. US made ones are available, though.

Several people have spoken with me about the possibility or need to jam the radio signals from spy balloons. If there is interest, I am happy to explain why jamming is certainly possible but with severe damage to our own communications infrastructure. Having said that, the wind patterns for balloons flying around 40000ft reduce the need to even have communications on the balloon. Since the winds blow the balloon back over the United States after they have circled the earth and flown over China, a balloon would simply have to detect its re-entry into US air space and then deflate itself. Simple. Once the contents are retrieved, high-definition pictures of China as well as recordings of Chinese communications could simply be read from an SD Card.

Before concluding, I must mention balloons that operate at higher altitudes. To operate at a higher altitude, a balloon either has to be bigger, or its payload weight has to be reduced. Based on information gathered during the on-going flight of the W5KUB-112 balloon at 50000ft, winds at this altitude are very light and the direction is variable. Balloons at this altitude drift all over the Northern Hemisphere at slow speeds. A medium size balloon could easily be steered with a propeller from a drone, powered by solar panels. The cost to do this would be low and the components are readily available at Hobby Lobby or online.

I personally have the technical knowledge to make something like this with limited help from others.

All of the parts are readily available in the US.

Parts are available in most countries in the world to do this.

Undoubtedly, many private, commercial, and government balloons are currently aloft. And convention has always been to allow them to stay afloat and do whatever they are doing. The bottom line is that any private citizen can send a balloon around the world – and across China, North Korea, Russia, or any other place of interest. What intelligence the balloon gathers all depends on how much the hobbyist is willing to spend. And the balloon owner can even decorate the balloon with letters or words in any language.

SSH Access to OpenWRT without a Password

OpenWRT is an open source router firmware that can be installed on most consumer WiFi routers for increased security, functionality, and performance.

One way to configure OpenWRT is through a web interface. The other, more powerful, way to configure it is through SSH. OpenWRT comes with dropbear for SSH. Dropbear is a optimized, reduced functionality, SSH server. So, the typical methodology of creating public/private key pairs for authentication does not always work. Here is what I have found to work:

Assume that the OpenWRT router has an assigned IP address of 192.168.1.1
In Cygwin, or in a Linux terminal, run the following commands:
- ssh-keygen
- ssh-copy-id -i [email protected]

The first command creates a 2048 RSA key, which is the strength recommended by NIST for RSA. To login without a password, just choose the defaults by pressing enter at each prompt. The second command copies the public key to the OpenWRT router. Now, log in to the OpenWRT router with SSH:

ssh [email protected]

You will be prompted for a password. Use the password that you set up for the OpenWRT web interface.

Once logged into the router, execute the following command:

cp /root/.ssh/authorized_keys /etc/dropbear/authorized_keys

This will copy the public key to the location expected by dropbear. This has to be done because ssh-keygen puts the key in the directory expected by openssh, not dropbear.

Now, exit from the router:

exit

Back that the Cygwin or Linux terminal, try logging into the OpenWRT router again with SSH:

ssh [email protected]

This time, you should be able to get in without a password.

Finally, use the OpenWRT GUI (under System->Administration) to turn off SSH password authentication and disallow the root user to login with a password. Test to verify password authentication is turned off by typing the following in Cygwin or a Linux terminal:

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no [email protected]

You should get an error that says [email protected]: Permission denied (publickey).

Two things to note:

Unfortunately, OpenWRT makes it difficult to create anything but a root user. There are ways to do so, however. Google it.
I tried generating RSA keys larger than 2048 bits. However, they did not seem to work with dropbear.

Remote Desktop for Raspberry Pi

To access your Raspberry Pi through remote desktop, type the following commands at the Raspberry Pi terminal prompt:

sudo apt-get install tightvncserver

When installation of tightvncserver is complete, execute this command:

sudo apt-get install xrdp

When this is complete, the Pi should be running a remote desktop server. To access the Pi on Windows, choose “Remote Desktop Connection” from the start menu. The remote desktop client will appear and ask you for the IP address of the Pi. My Pi is at 10.0.0.129.

Hit Connect.

A login screen will appear and ask for your username and password. The default username for the Pi is “pi” — and the default password is “raspberry”

Congratulations! The Raspberry Pi’s desktop should appear. Now, you can access the Pi from anywhere on your network and there is no need to lug around a monitor, keyboard, mouse, cables, etc.

Browser Add-ons — Read Terms and Conditions

I found this wonderful sounding add-on to Chrome this morning. It lets you select one or more Gmail emails to convert to PDF. Then, you can download the PDF or put it on Google Drive. I was quite excited and downloaded the add-on.

When I installed it, I learned that I have to create a CloudHQ account and give CloudHQ permissions to have read-only access to my emails.

No. Just no.

Always read Terms and Conditions when installing anything on your computer. The more companies that have access to your information, the more likely you will become a victim to a data breach and identity theft.

https://blog.cloudhq.net/save-as-pdf/

Defense Federal Acquisition Regulation Supplement (DFARS) Clause 252.204-7012

This is a good link to describe DFARS 252.204-7012, which is the set of security requirements that all DoD contracts must follow:

https://business.defense.gov/Small-Business/Cybersecurity/

Avoid Reusing Passwords

Do you use the same password on multiple websites?

If so, it is possible that hackers can download a list of email addresses and associated passwords with your information. Are you on a list like this?

This is the reason that everyone should use strong passwords along with a password management program like Keepass. Keepass helps you keep track of passwords so that it is easier to use unique ones for each website.

https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/

Google Knows…

If you have an Android phone, Google likely has a history of most of the places that you have been over the past 10 years. You can view that history by signing onto your Google account (via Gmail, etc.) and then going to:

https://myactivity.google.com/more-activity

Under location history, click “View Timeline.” A map will appear with dots showing where you have been. Based on my map, it appears that the history may only include locations within the United States and Canada. And there are missing places. But, the accuracy of the information displayed is quite refined. For example, I can zoom into a location I visited on a business trip a few years ago and can tell the hotel I stayed at. I can tell when I arrived at the hotel for the evening and when I left for the airport the next morning.

This location tracking is turned on by default on Android devices. It can be turned off in theory. But, it is entirely possible that Google collects and retains this information anyway.

General Links

Software Development

How to Configure Eclipse for Python

Information Security

How to Spoof DNS on a LAN to Redirect Traffic to Your Fake Website

WASC Threat Classification – A dictionary and description of various website attacks

Other

US Mobile Cell and Data Plans – Amazing prices if you know exactly what you need.

Fund and Grow – This company specializes in business finance through business credit cards. Interesting idea. I cannot recommend them one way or the other.

HourOfCode – Short programming oriented courses for kids – or kids at heart

3D Printed Gadgets for Woodworking

Tools

15 Tips On How to Use ‘Curl’ Command in Linux

Wi-Fi Networking Links

TL-WR802N Router

Here is the official link to the TL-WR802N router that I purchased in November 2018. Note that this router comes with a highly insecure default configuration. With some simple cracking tools in Kali Linux, I was able to obtain its login name and password in under one minute…

https://www.tp-link.com/us/products/details/cat-5506_TL-WR802N.html

Nevertheless, Open-WRT and DD-WRT can be installed on it to provide a more secure system.

https://openwrt.org/toh/tp-link/tl-wr802n

https://wr802n.blogspot.com/2018/04/dd-wrt-install-on-tp-link-tl-wr802n.html

Secure Your Router’s Access (OpenWRT)

How to Make an ISO Copy of Your Hard Drive on Ubuntu

Portable Apps