Posts

Showing posts from 2013

Chrome device fleet reporting using APIs

Image
Chrome Devices have been a huge success in places like schools where students and teachers want the mobility and price point of a tablet but usability of a laptop. Like everything else Google focuses on scale and part of the Chrome Device offering to enterprises and schools are the tools around the devices to manage the fleet. Chrome Device management can be centralized which allows admins not only manage apps on the device, they can also push complex network and system settings with a touch of a few key strokes. And that works the same way for a customer with 10 devices and one with 20000. Recently Google released a new batch of APIs called the Admin SDK which includes some new APIs to discover and manage devices in the fleet. Using these APIs, admins can not only get a list of the active devices they have, they can also find out if the devices are having update issues. As an example of how to use this API, I've published a sample script called " ChromeOSDeviceStats " w

Chrome device fleet reporting using APIs

Image
Chrome Devices have been a huge success in places like schools where students and teachers want the mobility and price point of a tablet but usability of a laptop. Like everything else Google focuses on scale and part of the Chrome Device offering to enterprises and schools are the tools around the devices to manage the fleet. Chrome Device management can be centralized which allows admins not only manage apps on the device, they can also push complex network and system settings with a touch of a few key strokes. And that works the same way for a customer with 10 devices and one with 20000. Recently Google released a new batch of APIs called the Admin SDK which includes some new APIs to discover and manage devices in the fleet. Using these APIs, admins can not only get a list of the active devices they have, they can also find out if the devices are having update issues. As an example of how to use this API, I've published a sample script called " ChromeOSDeviceStats " w

Openvpn in EC2 for Chromebooks : Part 2

Image
[ Update: take a look at this write up as well ] ChromeOS has a minimalistic design does a fairly good job at hiding the complex internals of the operating system. But deep inside it still runs linux and has a full blown openvpn client. In this post I'll show you how to use " ONC " (Open Network Configuration) format to configure OpenVPN client inside ChromeOS. This file is very similar to an .ovpn file. The core scripts which did the cert conversion and created the sample ONC file was contributed by Ralph by reading the ONC documentations by himself. If there is a bleeding-edge user of chromebook.. he is the best example I can think off. These scripts are now published on github  and here is a step by step guide of how to use it. Step 1: Launch a new amazon instance ( Based on Amazon Linux AMI ) Pick defaults for everything ( Use t1.micro for the cheapest instance ) If you don't already have a keypair, create one yourself and upload your public key to amazon Step 2

Openvpn in EC2 for Chromebooks : Part 2

Image
[ Update: take a look at this write up as well ] ChromeOS has a minimalistic design does a fairly good job at hiding the complex internals of the operating system. But deep inside it still runs linux and has a full blown openvpn client. In this post I'll show you how to use " ONC " (Open Network Configuration) format to configure OpenVPN client inside ChromeOS. This file is very similar to an .ovpn file. The core scripts which did the cert conversion and created the sample ONC file was contributed by Ralph by reading the ONC documentations by himself. If there is a bleeding-edge user of chromebook.. he is the best example I can think off. These scripts are now published on github  and here is a step by step guide of how to use it. Step 1: Launch a new amazon instance ( Based on Amazon Linux AMI ) Pick defaults for everything ( Use t1.micro for the cheapest instance ) If you don't already have a keypair, create one yourself and upload your public key to amazon Step 2

Patches: Pull or Push ?

Image
Most people prefer to disagree with the masses on whether they like sunny side  up or scrambled eggs. And the form of getting patches is no different. If you ask an IT administrator (which is the person applying patches in most corporate organizations) they will tell you horror stories of how patches can go wrong and would be happy to give you examples of why every patch needs to be individually tested before deploying.  But my dad, for example, doesn't care about patches, and while he won't go out of the way to install a patch, he may be ok with patches being pushed to him automatically.   This debate  reminds me of another interesting debate in the Web-Operations world about " continuous deployment ". In that case the debate was whether applications should be deployed in scheduled releases (for example every quarter) or whether it should be released as things gets developed and pushed. If you think about this a little more it would be very clear that the developers

Patches: Pull or Push ?

Image
Most people prefer to disagree with the masses on whether they like sunny side  up or scrambled eggs. And the form of getting patches is no different. If you ask an IT administrator (which is the person applying patches in most corporate organizations) they will tell you horror stories of how patches can go wrong and would be happy to give you examples of why every patch needs to be individually tested before deploying.  But my dad, for example, doesn't care about patches, and while he won't go out of the way to install a patch, he may be ok with patches being pushed to him automatically.   This debate  reminds me of another interesting debate in the Web-Operations world about " continuous deployment ". In that case the debate was whether applications should be deployed in scheduled releases (for example every quarter) or whether it should be released as things gets developed and pushed. If you think about this a little more it would be very clear that the developers

Capturing wifi traffic of one station from another

This is more of an embarrassing tale than a real how-to document. But I found this interesting enough that I don't mind sharing it. A couple of weeks ago I was tasked to capture wifi traffic from a device which didn't have any capture software built in and I wondered how one would do it. I have used sniffing tools on my Mac to passively sniff activity on access points around me. Because I've always tested such tools in places with dozens of access points with multiple saturated channels, I always assumed that all wifi stations ( laptops ) frequently switch channels. I also assumed that AP (Access points) which are setup to select channels automatically are designed to automatically switch channels anytime if they find a better (less noisy) frequency to provide services at. And because of those incorrect assumption, I concluded that sniffing another wifi station would be a difficult task because it would be impossible to dynamically change the channel of a second wifi statio

Capturing wifi traffic of one station from another

This is more of an embarrassing tale than a real how-to document. But I found this interesting enough that I don't mind sharing it. A couple of weeks ago I was tasked to capture wifi traffic from a device which didn't have any capture software built in and I wondered how one would do it. I have used sniffing tools on my Mac to passively sniff activity on access points around me. Because I've always tested such tools in places with dozens of access points with multiple saturated channels, I always assumed that all wifi stations ( laptops ) frequently switch channels. I also assumed that AP (Access points) which are setup to select channels automatically are designed to automatically switch channels anytime if they find a better (less noisy) frequency to provide services at. And because of those incorrect assumption, I concluded that sniffing another wifi station would be a difficult task because it would be impossible to dynamically change the channel of a second wifi statio

Chrome Frame - How to add command line parameters

Image
Chrome frame intentionally does stuff without getting in the way of the user. This sometimes makes things harder to debug. For example how can one debug an issue if chrome frame doesn't even launch ? Apparently there is a flag for that. But you have to know how to enable it. Here are the steps. Make sure chrome frame is installed. We can enable startup flags for dumping debug logs using a policy called AdditionalLaunchParameters If this is just for one desktop, I recommend doing a registry edit (it can be pushed via GPO as well) Add a REG_SZ property " AdditionalLaunchParameters " to " SoftwarePoliciesGoogleChromeAdditionalLaunchParameters " with the value "--enable-logging --v=1" (also documented here  and mentioned here )  [ Attachment 1 ] Next kill the IE browser and make sure chrome is also dead by checking taskmgr Restart IE and go to " gcf:about:version " and confirm that the parameters you added show up next to "Command Line:"

Chromebooks with Openvpn on EC2

Image
Chromebooks are perfect companions for travel. They are light, secure and one generally doesn't have to worry about data theft in case they loose the device.  But s urfing from hotels and coffee shops is another story. While most sites are in SSL, there are enough websites which are not... and even the ones which support SSL sometimes forget to use SSL connectivity for sensitive data. Which is why extensions like " HTTPS everywhere " is highly recommended. If I could, I'd pay a few cents for extra level of privacy when using these public wifi networks. In this post I'll document how you could quickly setup an openvpn server on EC2 instance to do exactly this for your chromebook. Prerequisites  A working EC2 account A working key-pair (required to ssh into the EC2 instance) Chromebook with R23 or later  Step 1 - Launch Amazon Linux AMI ( I used 32 bit for my setup.. its the cheapest). Pick all the defaults options and pay attention to which "Security Group&qu

Chromebooks with Openvpn on EC2

Image
Chromebooks are perfect companions for travel. They are light, secure and one generally doesn't have to worry about data theft in case they loose the device.  But s urfing from hotels and coffee shops is another story. While most sites are in SSL, there are enough websites which are not... and even the ones which support SSL sometimes forget to use SSL connectivity for sensitive data. Which is why extensions like " HTTPS everywhere " is highly recommended. If I could, I'd pay a few cents for extra level of privacy when using these public wifi networks. In this post I'll document how you could quickly setup an openvpn server on EC2 instance to do exactly this for your chromebook. Prerequisites  A working EC2 account A working key-pair (required to ssh into the EC2 instance) Chromebook with R23 or later  Step 1 - Launch Amazon Linux AMI ( I used 32 bit for my setup.. its the cheapest). Pick all the defaults options and pay attention to which "Security Group&qu