DanID udsteder Digital Signatur (DS) til personer i statens Centrale Person Register (CPR) og virksomheder i statens Centrale Virksomheds Register (CVR). DanID markedsfører disse som henholdsvis Privat Digital Signatur og Erhverv Digital Signatur.

Privat Digital Signatur er din personlige underskrift på internettet. Du kan blandt andet bruge signaturen til at ordne selvangivelsen, logge på e-boks, søge SU, skrive dit barn ind i en daginstitution, se dine sundhedsdata og meget mere. Du kan underskrive dokumenter og blanketter online.

Erhverv Digital Signatur giver virksomhederne mulighed for at lave indberetninger, udfylde og sende blanketter, fortrolige dokumenter, kontrakter og meget mere direkte over nettet. Det hele kan sendes krypteret, så ingen uvedkommende kan få adgang til informationerne.

I dette eksempel vil vi installere Erhverv Digital Signatur på en computer med Ubuntu 9.10 og Firefox 3.5.8.

Bestilling

Vi besøger hjemmesiden for DanID, vælger Erhverv Digital Signatur, vælger gratis medarbejdersignatur, udfylder felterne og udskriver aftalen om oprettelse af lokaladministrator (LRA) til udstedelse af medarbejdersignaturer og virksomhedssignaturer. Vi underskriver aftalen, sender aftalen per fax til DanID og afventer herefter den midlertidige kode, der skal bruges til installationen (installationskode).

Vi modtager samme dag en velkomst per elektronisk post fra DanID. I den findes en unik URL, der skal benyttes sammen med ovenstående installationskode. Vi modtagere endvidere en velkomst til Digital Signatur LRA, der er et system, der efter installation kan bruges til administration af vores brugere.

Vi modtager to dage efter ovenstående installationskode og en spærrekode fra DanID. Vi gemmer spærrekoden et sikkert sted.

Udstedelse af digitale signatur

Vi er nu klar til udstedelsen af vores nye digitale signatur. Vi starter åbner den URL, vi modtog fra DanID. Vi kommer ind på en side hos DanID med overskriften “Installation af Digital Signatur”. Vi læser og accepterer betingelserne. Vi accepterer endvidere, at der installeres software. Vi angiver den fremsendte installationskode. Vi opretter en adgangskode. Denne adgangskode vil blive knyttet til vores nye digitale signatur og skal således bruges fremover. Vi gemmer vores digitale signatur lokalt. Formatet er HTML, der er DanID’s eget beskyttede format. Hjemmesiden kvitterer for udstedelsen af vores digitale signatur og viser detaljerede oplysninger, herunder indehaveren, udstederen, udløbsdato og adresse. Vi noterer os udløbsdatoen. Vi kopierer endvidere den digitale signatur til et sikkert sted.

Eksport af digital signatur til standarden Public Key Cryptography Standards (PKCS) 12

Før vi kan få importeret den digitale signatur til browseren Firefox, skal vi have den gemt i et standard format. Vi åbner den digitale signatur fra før. Browseren viser overskriften “Digital Signatur sikkerhedskopi” og tilbyder indlæsning. Vi angiver stien til vores digitale signatur. Der fremkommer herefter en rød dialog, der siger, at vores browser-installation ikke blev genkendt. Det ser umiddelbart ikke lovende ud, men, dialogen tilbyder, at gemme vores digitale signatur igen – uden beskyttelse af DanID. Formatet er denne gang PKCS 12, hvilket er den standard og det format, vi er interesseret i. Vi kopierer endvidere den digitale signatur i dette format til et sikkert sted. Det er denne fil, vi skal bruge fremover.

Import af digital signatur til browseren Firefox

Vi kan nu importere vores digitale signatur i vores browser Firefox. Vi vælger Edit, Preferences, Advanced, Encryption, View Certificates, Your Certificates og “Import…”. Der kommer en dialog, der umiddelbart burde vise PKCS12-filer. Det gør den dog ikke. Vi skifter til visning af alle filer og åbner vores digitale signatur i PKCS12-format. Firefox kvitterer med dialogen “Successfully restored your security certificate(s) and private key(s)”. I listen over certifikater ses nu vores digitale signatur og vi kan genkende de detaljerede oplysninger fra udstedelsen.

Anvendelse

Vi åbner hjemmesiden for Skat. Dette er en af de hjemmesider, der understøtter sikker selvbetjening ved brug af digital signatur. Vi vælger, at logge ind med digital signatur. Vi skal nu vælge, hvilken digital signatur, vi vil logge på med. Vi vælger, at gennemse, hvorefter vi vælger vores digitale signatur i PKCS12-formatet fra før. Vi angiver vores adgangskode. Vi er herefter logget ind og kan betjene os selv på sikker vis.

We have added the result of a test call to our article about recording telephone calls.

Skype is a little piece of software, that is used to make free calls to other users of Skype, anywhere in the world. Skype can also be used to call phones and mobile phones at cheap rates. Skype is free to download.

In this example, we will install Skype on a Ubuntu 9.10 operating system.

We visit the homepage of Skype and choose our preferred language. We go to the download page and locate Ubuntu. We choose the 32 bit version. We are now offered to download a software package. When downloaded, we double click the software package and Package Installer offers to install the software package. When installed, we close Package Installer. Skype can now be started by clicking Applications, Internet and Skype.

We start Skype and are presented with the Skype End User License Agreement. After having agreed to that, Skype asks for our Skype username and password.

In this example, we do not have an account yet. We click the “Don’t have a Skype Name yet?” and fill out the formular. Skype confirm the creation of our account.

We are now logged in.

We choose an avatar, which is the image, that are used to represent us. We type in a status message. We edit our public profile.

We open the options dialogue and go through the pages one by one. We set the values of “Show me as away” and “Show me as not available” to zero minutes, which will make us appear online at all times. We unset “Allow my contacts to see the number of contacts I have”. We unset “Show emoticons”. We unset “Check for updates on startup”. We note the port number, that will be used for incoming connections. We apply the settings and close the options dialogue.

We configure our local firewall and network address translation.

We configure our audio settings by right clicking the speaker and clicking Sound Preferences. Under the Input page, we choose our device for sound input, unmute and adjust input volume as necessary.

We are now ready to test Skype. We will be using Skype Test Call feature for this. An automatic voice answer our call, offer to record a voice message from us and then play back our recorded voice message.

We are now ready to use Skype. We recommend, that users of Skype search for other users of Skype by their email address.

We have found, that quality of audio and video conversations is high.

An updated version of our business conditions has been published and made available in HTML and PDF.

The updated version replaces earlier versions.

The default sound recorder in Ubuntu 9.10 is Sound Recorder, which is a part of the Gnome desktop environment. However, this implementation of Sound Recorder seems to have a problem, which means, that the configuration settings are lost from time to time. If you use Sound Recorder to record critical conversations, then this is a critical problem. What could cause this? Reboot? Power down?

Let us test this. A machine with Ubuntu 9.10 is booted. Sound Recorder is started. The Volume Control dialogue is opened from the menu. The input volume is set to amplification. The sound input is set to internal. The input connector is set to line-in. The Volume Control dialogue is closed. At this point, the user should be able to assume, that the configuration settings will be remembered until changed by the user at a later time. The computer is then powered down and powered up again. Sound Recorder is started, the Volume Control dialogue is opened and we are ready to check our configuration settings. The configuration settings are found to be as expected.

Reboot and power down is not causing the problem. What else could cause the loss of Sound Recorder configuration settings?

Sound Recorder uses Sound Preferences, which is a part of the Gnome desktop environment. That makes the sound settings centralized for sound applications. Centralized sound settings are unreliable for critical usage of Sound Recorder.

A solution could be to use another sound recorder, such as the built in rec, which is a part of SoX, the Swiss Army knife of sound processing programs.

Adding (embedding) YouTube video clips to the content of your website or blog post can be a little tricky. Here is the way to do it.

Visit YouTube and find the video clip, that you wish to add (embed). Find the URL field. Click the Customize button. It looks like a star. Choose your preferred settings, that will work with the design of your website. Copy the HTML code, next to Embed, in the field.

Visit your website or blog post. Switch to HTML. Click the anchor point, which is the place, where the video clip will be inserted and anchored to. Paste the HTML code. Apply your preferred settings, such as alignment, vertical space and horizontal space. A CMS has a button for this because the CMS will change the HTML code.

In this article, we have ambedded the System Administrator’s Day song by Wes Borg.

However, we generally recommend, that you use a link to the video clip. This way, the video clip can be viewed in other resolutions – and the viewer can read comments, bookmark it and more.

Content management system (CMS) websites, themes and blog posts are designed for screens. They look nice on your screen. If you try to print, you will find, that it does not look well. They are not designed for print.

A quick way to make a website or a blog post printer friendly is to use an online utility, that will read the URL, that you wish to print, convert it for print and offer you to print or save in PDF. The website or blog post can offer a print friendly link to the online utility – or the visitor of the website can use the online utility manually.

We can recommend PrintFriendly.

Monitoring is an important component of providing a reliable and professional service. One primary and common type of monitoring is historic monitoring. It is used for recording long-term uptime, usage and performance statistics.

This example will use RRDtool and Simple Network Management Protocol (SNMP) on a FreeBSD operating system to monitor the network traffic on a network interface. RRDtool is an open source industry monitoring standard, that can be used to log and graph data series over time.

Log in as root and install RRDtool and SNMP.

cd /usr/ports/databases/rrdtool && make install
cd /usr/ports/net-mgmt/net-snmp && make install


Configure the SNMP daemon.

snmpconf -i
cp /usr/local/share/snmp/snmpd.conf /usr/local/etc/

Choose snmpd.conf. Choose “System Information Setup”. Go through all settings. Choose “a SNMPv1/SNMPv2c read-only access community name”. Choose “The IP address and port number that the agent will listen on”. 127.0.0.1.

nano -w /etc/rc.conf
snmpd_enable="YES"

Start the SNMP daemon.

/usr/local/etc/rc.d/snmpd start

The SNMP daemon is now ready to return values for monitoring. In order to get values from a specific sensor (object), such as an interface, you need to find the specific object identifier (OID) from the Management Information Base (MIB). Every OID is structured in a tree of numbers (nodes), that is separated by dots. Network interfaces are found under 1.3.6.1.2.1.

Find the specific OID for the network interface by taking a walk in the MIB and looking for the name of the interface.

snmpwalk -v 1 -c community host | grep ifDescr

Test a read of the counter for inbound traffic and a read of the counter for outbound traffic.

snmpget -v 1 -c community -Oqv host IF-MIB::ifInOctets.interface IF-MIB::ifOutOctets.interface

The following commands will create a database, that will expect samples and archive samples.

In this example, the database will start now, expect 1 sample every 5 min (300 s) from the in counter, expect 1 sample every 5 min (300 s) from the out counter, archive 576 samples (2 days) of data, archive 672 samples as an average of every 6 samples (2 weeks of 30 min averages), archive 732 samples as an average of every 24 samples (12 weeks of 2 hour averages) and archive 1.460 samples as an average of every 144 samples (2 years of 12 hour averages). In order to have a fine graph, you need to have at least the number of samples, that equals the number of pixels, within the time frame, that you want to show. You can ensure, that you are using correct settings, using the following mathematical relations.

RRA:AVERAGE:0.5:a:n

t = ran [min] = rn/60 [hours] = ran/1440 [days] = ran/10080 [weeks]

t: Length of archive in time. r: Rate of samples per min. a: Number of samples used for an average. n: Length of archive in number of samples.

mkdir -p /var/db/rrd

rrdtool create /var/db/rrd/bandwidth.rrd --start N --step 300 DS:in:COUNTER:600:U:U DS:out:COUNTER:600:U:U RRA:AVERAGE:0.5:1:576 RRA:AVERAGE:0.5:6:672 RRA:AVERAGE:0.5:24:732 RRA:AVERAGE:0.5:144:1460

The following commands and configuration will ensure, that samples are taken every 5th minute at the correct time, and, that the graphs is drawn.

nano -w /etc/crontab

0-55/5  *  *  *  *  root  /usr/local/bin/rrdupdate /var/db/rrd/bandwidth.rrd N:`/usr/local/bin/snmpget -v 1 -c community -Oqv host IF-MIB::ifInOctets.interface`:`/usr/local/bin/snmpget -v 1 -c community -Oqv host IF-MIB::ifOutOctets.interface`

0-45/15  *  *  *  *  root /usr/local/bin/rrdtool graph 'graph' --start '-2days' --width '485' --title 'title' -v 'kb/s' 'DEF:in=/var/db/rrd/bandwidth.rrd:in:AVERAGE' 'DEF:out=/var/db/rrd/bandwidth.rrd:out:AVERAGE' 'CDEF:kbin=in,1000,/' 'CDEF:outi=0,out,-' 'CDEF:kbout=outi,1000,/' 'AREA:kbin#66FF66:In' 'AREA:kbout#6666FF:Out' >> /dev/null

killall -HUP cron

The graphs can be exported to a central host via local network or via internet in a secure form using trusted (passwordless) secure copy (scp).

0-45/15  *  *  *  *  root /usr/local/bin/rrdtool graph 'graph' --start '-2days' --width '485' --title 'title' -v 'kb/s' 'DEF:in=/var/db/rrd/bandwidth.rrd:in:AVERAGE' 'DEF:out=/var/db/rrd/bandwidth.rrd:out:AVERAGE' 'CDEF:kbin=in,1000,/' 'CDEF:outi=0,out,-' 'CDEF:kbout=outi,1000,/' 'AREA:kbin#66FF66:In' 'AREA:kbout#6666FF:Out' >> /dev/null && scp user@host:path


Data has become a critical part of any environment. In order to be able to restore data in the event of loss or changes, system administrators need to backup data.

When choosing a backup and restore method, it is a good idea to think of reasons and requirements for restores. Typical reasons for restores are written changes to files, accidental deletion of files, failed (crashed) harddisks (storage media), damaged hardware (servers, computers, workstations, laptops), theft of hardware and impound of hardware during search and seizures by authorities (police, tax, court, judge).

Tarsnap is a secure online backup service for BSD, Linux, OS X, Solaris, Cygwin, and can probably be compiled on many other UNIX-like operating systems. The Tarsnap client code provides a flexible and powerful command-line interface which can be used directly or via shell scripts.

Tarsnap was written by Dr. Colin Percival. In January 2004, Colin became a FreeBSD committer and a member of the FreeBSD Security Team; he became the Security Officer for FreeBSD in August 2005, a position which he has held since. Aside from his work as FreeBSD Security Officer, he is probably best known in the FreeBSD community for his work on FreeBSD Update and Portsnap.

This example will install Tarsnap on a FreeBSD operating system.

It is assumed, that the server in question can create a TCP connection to port 9279.

Log in as root on the server in question and perform the following commands, that will install the Tarsnap client.

cd /usr/ports/sysutils/tarsnap && make install clean

Visit the website, create an account and add funds to your account. Perform the following command, that will generate a cryptographic key for encryption of your data.

tarsnap-keygen --keyfile ~/tarsnap.key --user foobar@foobar.com --machine starnix

Store a copy of the key in a safe place. Perform the following commands, that will configure Tarsnap.

cd /usr/local/etc
cp tarsnap.conf.sample tarsnap.conf
nano -w tarsnap.conf

That’s it. Tarsnap is now installed and ready to be tested.

The following commands will test the Tarsnap client and service, create remote archives, list archives on the remote site, restore from an archive on the remote site and delete an archive on the remote site.

tarsnap -c -f 2010-03-08 /usr/home/ann /usr/home/bob
tarsnap -c -f 2010-03-09 /usr/home/ann /usr/home/bob /usr/home/charles
tarsnap --list-archives
tarsnap -x -f 2010-03-08 usr/home/bob
tarsnap -x -f 2010-03-09 usr/home/bob
tarsnap -d -f 2010-03-08

The first archive 2010-03-08 is created and the homes of Ann and Bob is uploaded in compressed and encrypted blocks. The next archive 2010-03-09 is created and only the changes in the homes of Ann and Bob since last archive and the home of Charles is uploaded in compressed encrypted blocks. The list of archives will show the two archives 2010-03-08 and 2010-03-09. The restore of the home of Bob from the first archive 2010-03-08 will restore the home of Bob as it was at that time. The following restore from the archive 2010-03-09 of the home of Bob will restore the home as it was at that time. The restored directory structure is written to the current directory.

The Tarsnap client only upload the absolutely necessary blocks, that is not present on the remote site. The remote site only stores the absolutely necessary blocks, that is needed to restore the archives. No block is stored twice on the remote site even though archives appear to contain the same (doublettes) files.

Estimate the amount of needed time for upload of the initial backup. We recommend using an online transfer calculator, such as the free T1 Shopper Transfer Time/Speed Calculator.

Configure FreeBSD for automatic regular backup. In the following example, FreeBSD will make sure, that the Tarsnap client will be executed every day at 22:37 and create a new archive, that is named after the current date.

nano -w /etc/crontab

37 22 * * * root /usr/local/bin/tarsnap -c --humanize-numbers -f `date +\%Y\%m\%d` /usr/home/ann /usr/home/bob /usr/home/charles

killall -HUP cron

Confirm, that the backup was completed.

tarsnap --list-archives

If you want to see a summery of the amount of data, stored remotely, use the following command.

tarsnap --humanize-numbers --print-stats

If, for some reason, an error about reading of cache directory occurs, then perform the following command to solve the problem.

tarsnap --fsck

If we need to restore one or more files, the Tarsnap client is installed and the key is restored before we can do the actual restore.

cd /usr/ports/sysutils/tarsnap
make install
cd ~
scp starnix.com:tarsnap.key .
tarsnap --keyfile ~/tarsnap.key --list-archives

The default margins for printing in the Evolution Mail client for the Ubuntu operating system is close to the edges of the paper per default. This is the procedure for setting the margins.

Open Evolution Mail. Click File. Click “Page Setup…”. Set the value of “Format for” to the printer in question. Set the value of “Paper size” to “Manage Custom Sizes…”. Set the name to your name. In this example, values for a papir size of A4 is used. Set the value of Width to 210 mm. Set the value of Height to 297 mm. Set the value of Top, Bottom, Left and Right to 20 mm. Click Close. Set the value of “Paper size” to your name. Click Apply.