I’ve had this article flagged on Lifehacker for over 4 months, waiting for the right time to use it. When a friend brought over his computer for repair, I took one look at the running system and realized it needs to be rebuilt from scratch. His hardware’s good, but the OS is infected beyond trusting. I’m hoping I can save a few pictures for him, but that’s about it. In the mean time, I decided his computer would make a good guinea pig for playing with a few LiveCD’s and the Fedora 9 Live USB Creator.
I have a 2 gig USB thumb drive I picked up at RSA this year courtesy of Secunia, which is more then enough room for a Linux installation. It took about 20 minutes to create the intial Fedora 9 Desktop installation on the thumb drive, but most of that time was the downloading of the ISO file. The boot up on the target system went well, but Fedora 9 doesn’t recognize the Linksys wireless card in the system and I don’t have the inclination to fight with an installation that much. I tried older versions of Knoppix and a Damn Small Linux I had lying around, but they didn’t like a lot of what they saw on the system, mainly the video and the wireless.
As an experiment I hit the “Use existing Live CD” button and pointed the Live USB at an ISO of Ubuntu 188.8.131.52 LTS (Hardy Heron), and it worked flawlessly. USB Creator had verified the Fedora 9 ISO, but it simply trusted the Ubuntu ISO and 4 minutes later I had an Ubuntu Live USB. Ubuntu at least recognizes the wireless card is there and even suggests some drivers, but I’ll have to hook it up in my office wired LAN to get the system on the Internet. Not an insurmountable problem, just one I’m too lazy to do yet.
I’ll probably wimp out and put Windows 2000 back on the system along with some additional safeguards. This is because I doubt my friend can adjust to Linux, even if all he does is surf the Web. In the mean time, I’ve got a decent little test system. Next up for a quick test run is Helix. Anyone have suggestions for a *nix live distro that I can test out fairly quickly to place on an non-computer savvy friends system?
PS. I hate being desktop support.
If the possibility of ending up on the Wall of Sheep at Defcon and Black Hat wasn’t enough for you, Mike Perry is about to release a tool that automatically steals the Gmail ID’s of any non-encrypted sessions it finds. If you’re surfing on the free, public wi-fi at your local coffee shop, anyone with a modicum of computer skills will be able to sniff your traffic with this tool and take over your account. Of course, this has been possible for quite some time, but this tool brings the difficulty down to something the average script kiddy can do rather than having to be Robert Graham.
Gmail has been capable of running on SSL for quite some time, but it’s not something that’s enabled by default. I always typed the https in by hand, but I don’t completely trust that method. I’ve used Better Gmail2 in the past, but that doesn’t like FireFox 3 for some reason. There are also a number of scripts for GreaseMonkey that force Gmail to use SSL, but now Gmail has made it an option on the settings page. It’s on the bottom of the page and easy to miss if you’re not looking closely.
There’s no reason not to use HTTPS if you’re anywhere other than your home network. And quite frankly, there’s no real reason not to use it at home too. Google’s excuse that it might slow down your connection is pretty lame and if that’s the only reason you’re not using HTTPS, you need to rethink whether you should be accessing Gmail at all when remote.