XP/Outlook to Linux/Thunderbird


Migrating from Outlook on Windows XP to Thunderbird 3 on Linux wasn't exactly easy, but I found a solution and thought someone out there might benefit from it.

1. In XP, install Thunderbird for Windows (this will enable the 'import from Outlook' feature in Thunderbird)

2. When running Thunderbird for the first time it will ask you if you want to import settings from another mail client. Choose 'Outlook' (or 'Outlook Express' if you're using that mail client)

3. After Thunderbird finishes copying the emails from Outlook, install the ImportExportTools Thunderbird add-on (Tools > Add-ons > Install...)

4. After the add-on is installed and Thunderbird has been restarted, select Tools > ImportExportTools > Save all mail files

5. Export the emails to a USB flash drive or some other media

6. Click on the Address Book button

7. Select the address book that contains your contacts, then select Tools > Export to save the contacts to a USB flash drive or some other media

8. In Linux, install/run Thunderbird. Note: As of this writing, Linux Mint 8 uses Thunderbird 2. I prefer Thunderbird 3 so I replaced version 2 with version 3 by using root privileges to archive /usr/lib/thunderbird and then delete the contents of /usr/lib/thunderbird and extract the contents of thunderbird-3.0.tar.bz2 into /usr/lib/thunderbird (thanks, James Pakele!)

9. Once Thunderbird is running, install the ImportExportTools mentioned in step 3 above.

10. Right-click Local Folders in the left-hand column and select Import/Export > Import mbox file. Choose the last radio button -- Select a directory where searching the mbox files to import (also in subdirectories). Locate the directory on the USB or other media where you backed up your emails. Select 'Yes' to import each email folder you are prompted to import. After the emails have been imported rename the folders to remove the random number suffix (i.e. Inbox468 -> Inbox). Once the folders have been renamed, restart Thunderbird.

11. After Thunderbird restarts and indexes the emails, click the Address Book button. Choose Tools > Import..., select the Address Books radio button, and search for the LDIF contacts backup file you saved in step 7.

12. You can now disable the ImportExportTools add-on if you wish. I also recommend you install the Lightning Thunderbird add-on for calendar events. Note: As of this writing, Lightning does not have a production release for Thunderbird 3 so you'll need to install the Lightning Nightly Updater (unofficial) add-on instead and then click 'Help > Check for latest Lightning nightly builds...' and click the 'Install' button.

Kill the cow (removing the 'fortune cookie' feature in Linux Mint)


Okay, some people find the Linux Mint cow (and other assorted animals and their random words of pseudo-wisdom) to be amusing or enjoyable:

I am not one of those people.

The Linux Mint installation guide indicates you will be able to turn off that feature during the installation process but I was unable to find it when using the incredibly easy installer provided with Linux Mint 8. So, for all of you who dislike the cow, here's the simple fix:

1. Open up a terminal a type: gksu gedit /etc/bash.bashrc

2. If prompted, enter a root/admin password

3. Scroll down to the very bottom and type a "#" in front of /usr/bin/mint-fortune (this will comment out the line)

4. Save and close the document.

Congratulations, you have successfully exorcised the cow.

Audio / Video tools


I do a lot with audio and video editing and I wanted to share some of my favorite cross-platform tools with my readers:

Rip audio/video from a DVD: HandBrake. The latest version (0.9.4) is faster than previous versions and it can handle extraction of individual DVD chapters. Oh, did I mention it's free?

Convert video to DVD MPEG-2 format: Avidemux. This is an amazingly powerful tool. My only complaint is that the latest version removed the "Auto > DVD" wizard because it assumed the user community would create complicated scripts to perform the same functionality (or better). To date, I haven't found a suitable replacement script, so I've stayed on version 2.4.4. Also, since it's a Linux port, Windows users need to manually add the file extension when saving files ('.mpg' for DVD files). Yeah, it's free as well!

Convert problematic MKV files to MPEG: FFmpeg. A little background... Matroska (mkv) is one of the coolest audio/video containers around. It's extremely versatile and compact with excellent quality. However, it can be a little problematic (especially with audio sync issues). If you find a problematic mkv file (e.g. Knighty Knight Bugs) and Avidemux chokes on it, I recommend you convert the mkv file to mpeg using the free FFmpeg utility and then manipulate it with Avidemux. The FFmpeg command-line is below (thanks, jamos!):

ffmpeg.exe -i "C:\video.mkv" -vcodec mpeg2video -sameq -acodec copy -f vob -copyts -y "C:\video.mpg"

...more to come...

Mere Christianity


"People often think of Christian morality as a kind of bargain on which God says, ‘If you keep a lot of rules I’ll reward you, and if you don’t I’ll do the other thing.’ I do not think that is the best way of looking at it. I would much rather say that every time you make a choice you are turning the central part of you, the part of you that chooses, into something a little different from what it was before. And taking your life as a whole, with all your innumerable choices, all your life long you are slowly turning this central thing either into a heavenly creature or into a hellish creature: either into a creature that is in harmony with God, and with other creatures, and with itself, or else into one that is in a state of war and hatred with God, and with its fellow-creatures, and with itself. To be the one kind of creature is heaven: that is, it is joy and peace and knowledge and power. To be the other means madness, horror, idiocy, rage, impotence, and eternal loneliness. Each of us at each moment is progressing to the one state or the other."

— C.S. Lewis, Mere Christianity

Liferay Portal v5, Glassfish v3, and Oracle


There are a lot of guides for how to install Liferay Portal (1 2 3 4), but sadly, none of them work as advertised for installing Liferay Portal 5.2.3 on an existing Glassfish v3 Prelude application server, using an Oracle database, and configured as a Windows service. After much trial and error, I've come up with the following guide that may help others along the way:

Liferay Portal on Windows

Warning: If the Oracle driver .jar files are not designed for your JDK version, use the latest Oracle drivers that are designed for your JDK version (i.e. if you're using Oracle 10g with JDK 1.6, the ojdbc14.jar 10g driver doesn't support JDK 1.6, therefore use the 11g ojdbc6.jar driver, etc.) I found this when the "Control Panel > Portal > Settings" link displayed random binary data in my web browser and I received a com.liferay.portal.kernel.dao.orm.ORMException error in the log file.

Update: The Oracle database connection kept dropping overnight so in the GlassFish JDBC settings screen for the "LiferayPool" connection pool, I located the "Connection Validation" section and placed a check in the "Connection Validation - Required" and "On Any Failure - Close All Connections" checkboxes.

Update: After reading Sun's GlassFish optimization white paper, I've made the following updates to my configuration:


In addition to user, password, and URL (mentioned in the PDF guide), you should also add the following to your JDBC additional properties:

Name=MaxStatements, Value=200
Name=ImplicitCachingEnabled, Value=true


domain.xml (in {gf domain}\config folder) updated with the following:

old: <jvm-options>-client</jvm-options>
new: <jvm-options>-server</jvm-options>

old: <http-listener id="http-listener-1" port="8080" address="" default-virtual-server="server" server-name="" />
new: <http-listener id="http-listener-1" port="8080" address="" default-virtual-server="server" server-name="" acceptor-threads="#" />   (where "#" refers to the number of cores on your machine or VM, e.g. "2" for a dual-core processor)

<jvm-options>-XX:LargePageSizeInBytes=#m</jvm-options>   (where "#" is 4 for Windows Server 2003+ 32-bit installations, 16 for Windows Server 2003+ 64-bit installations, and 256 for Solaris or Linux 64-bit installations) (note: if you get "object heap" log errors, you may need to reduce these values by half)


default-web.xml (in {gf domain}\config folder) updated with the following:




Firefox Secure


It seems everyone has their own opinion on which browser is better or more secure. I'm not going to engage in that debate, but if you prefer Firefox (like I do), here are my favorite security add-ons:

ProfileSwitcher: This allows you to easily switch between Firefox profiles. Although it's not hosted on Mozilla's official Add-Ons site, it's by far the best profile manager out there. Another quirk: the author requires you to "right-click and save target as..." (ironically, an IE term) to download the xpi file, which you then have to manually open in Firefox (File > Open File...), but other than that the installation is a breeze. Why do you need need a profile switcher? Well, I'll be describing some cool add-ons below, but together they practically reduce the browser to a empty text-based shell (which is good for secure browsing). For times when you need to access the internet without all the security measures (a rare scenario), you can use this add-on to switch to a default installation of Firefox. For my purposes, I created a new profile called "Firefox Secure". When you run the new Firefox profile, you'll need to load the ProfileSwitcher add-on to it as well.

NoScript: This will essentially block any script from running in your browser. Scripts (such as JavaScript, Flash, XPI, etc.) can be used to install malware, drive-by downloads, pop-ups, and other security risks. NoScript allows you to selectively enable scripts so you can watch your YouTube videos without running the advertising scripts.

Flashblock: This blocks annoying Flash videos/ads from displaying in your browser and allows you to selectively enable them. This is helpful for sites with multiple Flash objects on the page but you only want to view one (NoScript is an all or nothing block so you first unblock the site with NoScript and then unblock the desired Flash file with Flashblock).

Adblock Plus: Removes ads and banners - a simple set and forget add-on that is incredibly powerful.

CookieSafe: A simple add-on to Manage and block cookies.

ImgLikeOpera: The internet can be a visually scarry place. Even "safe" sites occasionally have bad or annoying images. Although Adblock blocks many ads and banners, this add-on blocks all images by default and allows you to selectively enable them. It's also great for dial-up users who don't want to waste precious bandwidth.

Clear Private Data: A simple add-on to clear your browsing history, cache, etc. You can right-click anywhere on the page and select "Clear Private data..." or add the optional toolbar (View > Toolbars > Customize...)

Although there are more extreme add-ons (RefControl, User Agent Switcher, Torbutton, etc.), these are the ones I use the most often and would recommend for anyone serious about browsing securely.

P.S. For OS-level cleaning, I recommend CCleaner for Windows or BleachBit for Linux.

How to buy Windows 7 Professional for $30


Although I'm not a big fan of Windows, many of my friends are, so I often get asked what version they should install and where the best deal is.

As to the first question, most experts agree that Windows 7 is the best of the modern Windows operating systems so I'll defer to their expert judgement on the matter.

As to the second question, you can legally purchase Windows 7 for $30 if you have a valid .edu email address.

Question: You say "Windows 7 Professional" but your provided link is for "Windows 7 Home Premium"

Answer: See FAQ #2. After you provide a valid .edu email address and receive your confirmation link, you will be taken to the purchase page. On that page, you will find a section that says "Need to join your school’s network domain? You can also get Windows 7 Professional for $29.99 Click here" When you click on that link, a popup will appear to purchase Windows 7 Professional for the same price (sweet!):

Question: What if I'm not currently a student but I have graduated from a college or university in the past?

Answer: Most colleges and universities offer "alumni" email address aliases. These are email adresses with your school's .edu domain but they redirect email to your regular email account (gmail, msn, etc). For example, see Harvard's program. Just Google for your school and add "alumni email address" or "alumni email alias" in your search. Sign up for an alumni email alias and use that to register for your copy of Windows.

Question: What if I'm not a student, never was a student, don't know a student, am homeless with a laptop and I recently received a revelation that if I don't load Windows 7 on my laptop the world will end in 7 days?

Answer: Sounds like you have issues and I pity you. However, this situation intrigues me and from a purely academic, hypothetical, I-don't-recommend-this-approach point of view, here's an option:

Morehouse College is essentially giving away alumni email addresses. From their public alumni page:

...Use your temporary username (first name [dot] last name and class year @alumni.morehouse.edu -- for example: john.doe97@alumni.morehouse.edu) and password (p@ssw0rd -- the "0" is a zero) to login...

A 3-second Google search brought up this page with the following excerpt:
...In the fall of 2003, Oluwabusayo "Tope" Folarin, class of 2004, was named the College’s third Rhodes Scholar...

So I have a first name, last name, and class year. Hmmm... What would happen if I browsed to http://exchangelabs.com/, put in username Oluwabusayo.Folarin04@alumni.morehouse.edu and password p@ssw0rd?

What do you know... I'm prompted to create an email account! If I put in bogus data (note: zip code needs to be valid for bogus State you provide) and a bogus birth year (i.e. 1970), I'm redirected to an inbox.

Using the Windows 7 purchase link mentioned above, I use Oluwabusayo.Folarin04@alumni.morehouse.edu to have an email sent to the inbox with a purchase link. Thanks, Tope!

Question: Why don't you recommend this approach?

Answer: Because assuming someone else's identity is a bad thing.

Question: Then why did you put this on your blog?

Answer: Because I want to highlight this security issue to school officials, such as Morehouse and many others, that only require a name and class year for email accounts or aliases.

Serious rootkit concerns


What really happens when you turn on your computer? How does it go from a power switch to your desktop? Although many detailed explanations exist, the basics are:

  1. Power switch
  2. Chipset (Northbridge/MCH/IMC, Southbridge/ICH/PCH, ...)
  3. CPU
  4. System BIOS
  5. CMOS (BIOS settings)
  6. Power-On Self Test (POST)
  7. Video card BIOS
  8. Other device BIOS (RAID, SCSI, NIC, IDE/ATA, PCI, ...)
  9. RAM (system memory)
  10. Firmware & Plug and Play (USB, Firewire, ...)
  11. If signaled, System Management Mode (SMM)
  12. If present, Type-1 Hypervisor (virtualization)
  13. Master Boot Record (MBR) of bootable drive, including bootloaders (GRUB, LILO, NTLDR, Boot Camp, ...)
  14. Operating System kernel
  15. Device drivers
  16. Applications (executable programs)
Computers protect data and functionality using a concept of "rings", like concentric walls of a fortress. If a medieval enemy penetrates the outer wall (i.e. ring), they can only harm whatever is located in the space between the outer wall and the next inner wall. If they penetrate the next inner wall they can only harm that space, and so on.

Rings range from -N...0...+N (with -N having the most privileges and +N having the least privileges). Using the boot sequence list above, the rings roughly translate to:

Ring -3Chipset, System BIOS, CMOS, Device BIOS, RAM (system memory), Firmware, and Plug and Play
Ring -2System Management Mode (SMM)
Ring -1Type-1 Hypervisor (virtualization)
Ring 0Operating System kernel
Ring 1 & 2Device drivers
Ring 3Applications

As you can imagine, the bad guys want to "own" or control the computer as deeply and early as possible in the boot sequence. Although there are a host of malicious malware out there (viruses, worms, trojans, spyware, keyloggers, etc), the tool of choice for most hackers is a rootkit/bootkit. Rootkits are designed to be very stealthy, difficult to remove, and very powerful. The following table provides a brief overview of the evolution of rootkits and the concerning trend towards bare-metal control and infection that persists after wiping the hard drive:

Ring -3Tribble, CoPilot, and Firewire-subversion (2003-2006), ACPI BIOS rootkit (2006), PCI rootkit (2006), memory-subversion (2007), European card swipe malware (2008), Core BIOS rootkit (2009), AMT rootkit (2009)
Ring -2SMBR (2008)
Ring -1SubVirt (2006), Blue Pill (2006)
Ring 0Cuckoo's Egg (late 1980's - first Unix rootkit), lrk3 (1996 - first Linux rootkit), NT Rootkit (1999 - first Windows rootkit), Sony XCP rootkit (2005), Mebroot bootkit (2007), Stoned bootkit (2009)
Ring 3Hacker Defender (2003)

As you can see, the emphasis is starting to shift away from traditional Ring 3 malware towards Ring 0 bootkits and Ring -3 hardware rootkits. With the increase in hardware standards, protocols, and ROM space, a hacker's job is made that much easier (especially considering many hardware manufacturers still aren't taking the threat seriously).

Personally, I think it's only a matter of time until we see a 64-bit, worm-propagated, cross-platform, bootloader-aware, encryption-savvy bootkit that resides in persistent, antivirus-unreachable Ring -3 space....oh wait, that's pretty much the Stoned bootkit's ToDo list.

Okay, enough of the FUD, how do we protect ourselves? To be absolutely safe, do the following:

1. Care about security.
"Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
      - Thomas Hesse (President, Sony BMG Global Digital Business)
2. Bury your computer.
"The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location ...and I'm not even too sure about that one."
      - Dennis Hughes (FBI official)

Okay, assuming burying your computer isn't an option:

1. Be paranoid about security.
"Only the paranoid survive."
      - Andrew Grove (Time Magazine's Man of the Year, 1997)
2. Install, and regularly update, antivirus and antispyware protection.

3. Use a NAT hardware firewall and software firewall.

4. Use a non-IE web browser (less targeted). If Firefox is your browser of choice, there are a lot of security add-ons available - play around to find the best matches for you.

5. Use a non-Windows operating system (less targeted).

6. Disable floppy and CD-ROM booting and password-protect your BIOS.

7. If multi-booting on the same machine, avoid bootloaders and instead install each operating system on its own drive (with its own MBR) and switch between them using the BIOS boot device selector.

8. Buy a motherboard with BIOS protection (e.g. Intel Trusted Execution Technology or Phoenix TrustedCore).

9. Only browse known, safe sites (not exactly secure due to XSS, DNS cache poisoning, SSL vulnerabilities, PKI vulnerabilities, and hacked routers / web servers...but it's a start)

Have any other ideas? Let me know!

Update (Feb 2010): The new rootkit nasty on the block is Tdss rootkit...scary stuff!

Data backup solution for home


We all know data backup is important. If you don't feel that way, this post isn't for you (and good luck when BSOD or Gpcode.ak come knocking).

Well in advance of Christmas, I've been doing some online window shopping for an external hard drive and data backup solution. My requirements are:

  1. Network accessible (NAS) - ethernet and eSATA connection
  2. RAID 1 (full mirror data redundancy)
  3. USB printer server
  4. Windows & Linux filesystem-compatible for backup and network file sharing
  5. (hot-swappable drives and encryption would be a nice bonus)
  6. $200 or less (without drives)

My current front-runner is Synology DS209j. It's slower than its stronger siblings, DS209 and DS209+II but it gets good reviews and is feature-packed for future needs.

That said, it's a little overkill (e.g. BitTorrent, iTunes, surveillance, mail server, etc) for my current needs. If you have any suggestions for a better (and cheaper) fit, feel free to leave a comment before Christmas rolls around.

Also, the Western Digital WD10EADS hard drives get good reviews for data backup...your thoughts?

Update: The Patriot CORZA looks promising (review)

Linux security


As I've researched Linux over the last few weeks, I've been amazed at how many people recommend running Linux with no anti-virus protection whatsoever. Often, new Linux converts are seen as having ex-Windows baggage of paranoia. I find this concerning for two reasons:

  1. Rootkits, one of the most dangerous forms of malware in existence, were originally written for Unix (and by extension, Linux) and are still going strong today

  2. Although your average geeky Linux user today is tech and security savvy, the same cannot be said regarding the rising generation of non-technical Linux adopters. Their bad habits of double-clicking anything interesting and confirming every administrator prompt they see will undoubtedly carry over ("what, sudo virus.sh? sure, why not.")
Fortunately, the virgin-Linux attitude is starting to change.

Conclusion -- geeks: status quo is okay; regular people: don't listen to their too-good-to-be-true advice and install protection.

The big decision


Well, it's been a long time coming, but I've finally made the official decision to switch from Windows to Linux. I've dabbled here and there with Linux in the past, but I've always found a reason to hold back - whether it be printer drivers, Windows-only software, fear of the unknown, etc.

The issue, though, came to a head this week when my semi-annual yearning to reformat my hard drive started up again and I decided to switch operating systems from my tired XP Professional 32-bit to a 64-bit OS. I originally bought one of the first AMD 64-bit dual-core processors even though it was ahead of its time (e.g. lack of 3rd party hardware drivers and 64-bit optimized applications) knowing that one day the planets would align and the time would be right to make the plunge. Also, it was about this time that, after many embarrassing schedule delays and Apple's amusing anti-Windows advertising campaign, Vista was getting ready for launch. Microsoft spared no expense to try to rebuild enthusiasm and momentum and for a brief few days gave out a large number of Vista and Office 2007 keys for free and I managed to snatch a copy of my own (thanks, slickdeals). After digging around for it, I was disappointed to realize the version they sent me was 32-bit. I had a 64-bit Windows XP disc, but I wasn't particularly excited to stay behind the times with technology. Windows 7 seemed to be getting good reviews and I thought about leapfrogging Vista ...until I did the math on upgrade pricing.

One of the biggest advantages to upgrading was security. I had heard that Vista and Windows 7 implemented a number of security improvements and I was getting tired of the wild wild west of malware, with my anti-virus and firewall working overtime to keep my identity and bank account safe. A quick Google search, however, informed me that Windows Vista and 7 are still just as susceptible to rootkits and lesser nasties. As you can imagine, I wasn't especially thrilled with the thought of shelling out hard-earned cash to upgrade to an operating system whose security guarantee was "when" not "if". So what's a relatively tech-savvy guy to do? Enter: Linux

Geeks are loyal to Linux distros (e.g. versions or flavors) like some people are to cars. This post isn't going to get into a Ford vs Chevy fighting match - I leave it to interested readers to choose the one that's best for them. For me, it was Linux Mint. Linux Mint is a derivative of Ubuntu, a popular version of Linux. It uses a desktop and menu environment that's familiar to Windows users and therefore should help with the transition to Linux. It works with Ubuntu software repositories so a wealth of Linux-ready software is at your fingertips. Since Linux Mint releases follow about a month after Ubuntu releases, I'll be upgrading my box to Linux Mint 8 when it's released in late November. Update: for those who can't wait, Linux Mint 8 RC (release candidate) was just released.

Original post


Nothing really exciting here. Stay tuned.