Don't get conned into clicking the "lastest" skype update link from "The people at skype" in the email shown below ...
Instead, let Skype™ know about it by email on 'spoof@skype.net' but be aware that if you forward the email with the links in it, it will probably be blocked in transit to them, so remove the hyperlinks first!
Do NOT click on the links (or reply to the email or download additional content)!
User feedback for Technology Tamed "Useful Links" page and expansion of Twitter tweets -- To leave a comment, click one of the the "comments" links above a post; Enter your text; -- If you're not a registered Blogger, select "Other" and leave your name; Preview then Publish your comment.
Wednesday, 5 October 2011
Sunday, 11 September 2011
The Power of 1 - how one persons dream is helping people, improve, succeed, meet and grow
Its not often the creator of Meetup.com writes to the whole Meetup® community, but here's an inspiring story of how meetup.com came into being and how one person's dream can touch the lives of millions of people.
He starts his communication thus ..
"I don't write to our whole community often, but this week is special because it's the 10th anniversary of 9/11 and many people don't know that Meetup is a 9/11 baby.
Let me tell you the Meetup story.
I was living a couple miles from the Twin Towers, and I was the kind of person who thought local community doesn't matter much if we've got the internet and tv. The only time I thought about my neighbors was when I hoped they wouldn't bother me.
I was living a couple miles from the Twin Towers, and I was the kind of person who thought local community doesn't matter much if we've got the internet and tv. The only time I thought about my neighbors was when I hoped they wouldn't bother me.
When the towers fell, I found myself talking to more neighbors in the days after 9/11 than ever before. People said hello to neighbors (next-door and across the city) who they'd normally ignore. People were looking after each other, helping each other, and meeting up with each other. You know, being neighborly.
A lot of people were thinking that maybe 9/11 could bring people together in a lasting way. So the idea for Meetup was born:
Could we use the internet to get off the internet -- and grow local communities?
Could we use the internet to get off the internet -- and grow local communities?
We didn't know if it would work. Most people thought it was a crazy idea -- especially because terrorism is designed to make people distrust one another.
A small team came together, and we launched Meetup 9 months after 9/11.
Today, almost 10 years and 10 million Meetuppers later, it's working. Every day, thousands of Meetups happen. Moms Meetups, Small Business Meetups, Fitness Meetups... a wild variety of 100,000 Meetup Groups with not much in common -- except one thing.
Every Meetup starts with people simply saying hello to neighbors.
And what often happens next is still amazing to me.
They grow businesses and bands together, they teach and motivate each other, they babysit each other's kids and find other ways to work together. They have fun and find solace together. They make friends and form powerful community. It's powerful stuff.
It's a wonderful revolution in local community, and it's thanks to everyone who shows up.
Meetups aren't about 9/11, but they may not be happening if it weren't for 9/11.
9/11 didn't make us too scared to go outside or talk to strangers.
9/11 didn't rip us apart.
No, we're building new community together!!!!
9/11 didn't rip us apart.
No, we're building new community together!!!!
The towers fell, but we rise up. And we're just getting started with these Meetups.
Scott Heiferman (on behalf of 80 people at Meetup HQ) Co-Founder & CEO, Meetup New York City September 2011
--
Add info@meetup.com to your address book to receive all Meetup emails
New York, New York 10163-4668
Saturday, 20 August 2011
ACCESS - blank parameter queries - SOLVED
I have had sooo much trouble getting a parameter query to work in the ACCESS query grid.
Something seemingly so simple ....
When running a query I wanted to be prompted for whether the records should show those with a Checkbox field Ticked, eg (T)rue, Unticked (F)alse or Both Ticked and Unticked (All)
To cut directly to the chase, here is the query criteria which I finally got to work.
Note: The checkbox field being queried is called TaxClaim
IIf([Tax Claim? (T)rue, (F)alse or 'Enter' = All] Is Null,[TaxClaim],IIf([Tax Claim? (T)rue, (F)alse or 'Enter' = All] Like "T*",-1,0))
If Then Else
If Nothing is entered in the prompt dialog e.g. if just 'Enter' or 'OK' is pressed Then display everything in the [TaxClaim] field ... both Ticked and Unticked.
If anything is entered in the parameter dialog (preferably T, or True, or F, or False) the Else statement is executed.
Within the Else section is another nested IIf which checks if the entry is Like anything starting with T (Like "T*") if it is Then it sets the TaxClaim query criteria to -1 which equates to ticked checkboxes. If its anything Else which doesn't start with "T" (i.e. F or False) the TaxClaim query criteria is set to 0 which equates to Unticked checkboxes.
Key points:
The first and subsequent references to the one prompt must be identical
The only thing which returned All records (both ticked and unticked) was the use of the Field Name (TaxClaim) in its referenced form (square brackets [TaxClaim])
Something seemingly so simple ....
When running a query I wanted to be prompted for whether the records should show those with a Checkbox field Ticked, eg (T)rue, Unticked (F)alse or Both Ticked and Unticked (All)
To cut directly to the chase, here is the query criteria which I finally got to work.
Note: The checkbox field being queried is called TaxClaim
IIf([Tax Claim? (T)rue, (F)alse or 'Enter' = All] Is Null,[TaxClaim],IIf([Tax Claim? (T)rue, (F)alse or 'Enter' = All] Like "T*",-1,0))
If Then Else
If Nothing is entered in the prompt dialog e.g. if just 'Enter' or 'OK' is pressed Then display everything in the [TaxClaim] field ... both Ticked and Unticked.
If anything is entered in the parameter dialog (preferably T, or True, or F, or False) the Else statement is executed.
Within the Else section is another nested IIf which checks if the entry is Like anything starting with T (Like "T*") if it is Then it sets the TaxClaim query criteria to -1 which equates to ticked checkboxes. If its anything Else which doesn't start with "T" (i.e. F or False) the TaxClaim query criteria is set to 0 which equates to Unticked checkboxes.
Key points:
The first and subsequent references to the one prompt must be identical
[Tax Claim? (T)rue, (F)alse or 'Enter' = All]
or (a) subsequent prompt(s) appear(s) and the logic breaks
In the first ImmediateIf, the Is Null only seems to work the way shown.
I originally tried to use it like IsNull([Tax Claim? ....]) ... that doesn't work in the query grid
The only thing which returned All records (both ticked and unticked) was the use of the Field Name (TaxClaim) in its referenced form (square brackets [TaxClaim])
Friday, 19 August 2011
Watts , Lux, Lumens, LEDs, and inacndescent lights
For a more detailed explanation, see this web site, but as a rough comparison, think of these points:
Lumen s measure the total number of packets of light produced by a light source
To compare watts to light output and LED bulbs, we talk about ‘lumens per watt’ (lm/w).
Incandescent bulbs generate around 12 lm/w,
(so a 60watt bulb produces approximately 720 lumen)
LEDs and halogen lights are almost equivalent at 40 lm/w.
(so a 60watt halogen down-light produces approximately 2400 lumen)
Fluorescent tubes can produce 60 lm/w
(so a 60watt fluoro tube produces approximately 3600 lumen)
So for only 3 watts of consumed power, a single 3 watt CREE LED can produce 120 lumen (about the same as a 10watt incandescent bulb), while a 27 watt LED lamp (9x 3watt CREE LEDs) can produce 1080 lumen ... as much as a 90watt incandescent globe ... for only 27wats consumed !
Lumen s measure the total number of packets of light produced by a light source
To compare watts to light output and LED bulbs, we talk about ‘lumens per watt’ (lm/w).
Incandescent bulbs generate around 12 lm/w,
(so a 60watt bulb produces approximately 720 lumen)
LEDs and halogen lights are almost equivalent at 40 lm/w.
(so a 60watt halogen down-light produces approximately 2400 lumen)
Fluorescent tubes can produce 60 lm/w
(so a 60watt fluoro tube produces approximately 3600 lumen)
So for only 3 watts of consumed power, a single 3 watt CREE LED can produce 120 lumen (about the same as a 10watt incandescent bulb), while a 27 watt LED lamp (9x 3watt CREE LEDs) can produce 1080 lumen ... as much as a 90watt incandescent globe ... for only 27wats consumed !
Thursday, 18 August 2011
Using the ATO AUSkey with ECI
With my existing ATO OCAIII certificate for my Technology Tamed BAS submissions through the Electronic Commerce Interface (ECI) software, due to expire in a couple of months, I decided I should bite the bullet and install AUSkey well ahead of this month's BAS submission to see if I could get it all working ok.
It turned out to be a reasonably painless process made up of the following main steps to install it to an XP SP3 computer (as opposed to a USB key) running Firefox as the browser of choice
About AUSkey
* What is AUSkey
* Are you eligible
* Who can 'register' for an AUSkey at www.abr.gov.au/auskey
* Does each person in the business need an AUSkey or can we share
* Types of AUSkey
* Will your AUSkey expire
* When should you cancel your AUSkey
* What can you do if you disagree with a decision we make about your AUSkey
Getting and setting up your AUSkey
For the first time:
1 Register > 2 Install AUSkey software > 3 Install AUSkey > 4 Link AUSkey to government.
* How to register if you have an ATO digital certificate
* How to register if you do not have an ATO digital certificate
* What information to have on hand if we ask you to phone us
* Registering more than one person at a time
* Registering for a Device AUSkey
* How to install a Standard/Administrator AUSkey on your computer
* How to install a Standard/Administrator AUSkey on your USB stick
* About installing Device AUSkeys
* Installing AUSkey to networks
* Backup your AUSkey
* How to link your AUSkey to government agencies
After the first time:
1 Install AUSkey software to your desired location (computer or USB stick) > 2 Request additional copy of your AUSkey via the AUSkey website > 3 Install AUSkey > Link AUSkey to government.
* How to access the AUSkey software after installing your AUSkey
* How to request an additional copy of your AUSkey
How to
* Use an AUSkey that is installed on a USB stick
* Change your password
* Upgrade to an Administrator AUSkey/Downgrade to a Standard AUSkey
* Update your name on our system if you have changed it
* Move your AUSkey to a different location
* Cancel your AUSkey
* Delete an AUSkey from your computer or USB stick
* Change the custodian of a Device AUSkey
Technical information
* Operating systems and browsers
* Active X
* JavaScript
* Restrictions on download, installation or USB access
* Anti-virus software
Troubleshooting
* Lost activation code
* Lost ‘download and install’ email
* Did not receive an email after completing an AUSkey registration
* Cannot login to government online services using AUSkey
* Cannot remember your AUSkey password
* Lost or stolen computer or USB stick
* AUSkey corrupted
* Received an operating system not supported message
* Received an error message or experienced an issue while trying to register
or download an AUSkey
* Creating new user accounts
* Why have I been redirected to the AUSkey software installation page
It turned out to be a reasonably painless process made up of the following main steps to install it to an XP SP3 computer (as opposed to a USB key) running Firefox as the browser of choice
- Register for an AUSkey (as an Administrator) providing necessary details of your identity.
If you already have an ATO certificate, those details are used as verification - Record a code generated at time of registration
- Receive an email with an AUSkey download link in it
- Within 42 days* execute the link for the first time
* If left for more than 42 days, the registration expires and you have to reapply ... like I did ... DOH! - Your browser will be checked for the presence of the correct version of Java support
- If unsupported or no Java is found, you will be directed to install it before continuing.
In my case I'm using Firefox (3.6.20) and Java Console 6.0.26 with Java Quick Starter 1.0 extensions along with the Java(TM) Platform SE 6 U26 (6.0.260.3) and Java Deployment Toolkit 6.0.260.3 Plugins - If all is in order you get to download a Microsoft Installer (.msi) file ... AUSkey_software.msi
- Once the download completes and the Internet Security Suite has approved it, execute the installer.
- Once installed, it requests a restart of your browser which appears to activate an ABR_AUSkey Mozilla Plugin (1.4.0.0)
- Execute the emailed download link a second time
- Provide the code that was generated when you registered for your AUSkey, along with the required captcha
- Provide a secure password
- BINGO! the AUSkey cert was downloaded and installed
(to C:\Documents and Settings\USERNAME\Application Data\AUSkey) - Now load the ECI client ... it must be version 6 or later
- Choose Select Certificate and in my case I could now see two valid certs.
One due to expire shortly, which if I selected it and chose Details, I was informed it had an Issuer: ATO OCAIII with a Location: CSI STORE
Another with a an expiry date of two years away (probably from last-use, as AUSkey never expires as long as it is used at-least once very year). Selecting and choosing Details on this shows the Issuer: Australian Business Register CA with it's Location: SBR STORE - To actually use the new (AUSkey) certificate is as simple as selecting the correct one when you attempt to transact with the ATO.
e.g. From Business -- Activity Statements -- In Tray, choosing Get New Documents will prompt with the Connect to ATO dialog, simply choose the appropriate certificate in the Organisation Name drop-down and supply the secure password you specified earlier.
About AUSkey
* What is AUSkey
* Are you eligible
* Who can 'register' for an AUSkey at www.abr.gov.au/auskey
* Does each person in the business need an AUSkey or can we share
* Types of AUSkey
* Will your AUSkey expire
* When should you cancel your AUSkey
* What can you do if you disagree with a decision we make about your AUSkey
Getting and setting up your AUSkey
For the first time:
1 Register > 2 Install AUSkey software > 3 Install AUSkey > 4 Link AUSkey to government.
* How to register if you have an ATO digital certificate
* How to register if you do not have an ATO digital certificate
* What information to have on hand if we ask you to phone us
* Registering more than one person at a time
* Registering for a Device AUSkey
* How to install a Standard/Administrator AUSkey on your computer
* How to install a Standard/Administrator AUSkey on your USB stick
* About installing Device AUSkeys
* Installing AUSkey to networks
* Backup your AUSkey
* How to link your AUSkey to government agencies
After the first time:
1 Install AUSkey software to your desired location (computer or USB stick) > 2 Request additional copy of your AUSkey via the AUSkey website > 3 Install AUSkey > Link AUSkey to government.
* How to access the AUSkey software after installing your AUSkey
* How to request an additional copy of your AUSkey
How to
* Use an AUSkey that is installed on a USB stick
* Change your password
* Upgrade to an Administrator AUSkey/Downgrade to a Standard AUSkey
* Update your name on our system if you have changed it
* Move your AUSkey to a different location
* Cancel your AUSkey
* Delete an AUSkey from your computer or USB stick
* Change the custodian of a Device AUSkey
Technical information
* Operating systems and browsers
* Active X
* JavaScript
* Restrictions on download, installation or USB access
* Anti-virus software
Troubleshooting
* Lost activation code
* Lost ‘download and install’ email
* Did not receive an email after completing an AUSkey registration
* Cannot login to government online services using AUSkey
* Cannot remember your AUSkey password
* Lost or stolen computer or USB stick
* AUSkey corrupted
* Received an operating system not supported message
* Received an error message or experienced an issue while trying to register
or download an AUSkey
* Creating new user accounts
* Why have I been redirected to the AUSkey software installation page
Sunday, 7 August 2011
Suggest you check this out - Unstoppable Affiliate
I like Todo Backup free home version so much ...
REQUEST
I like the free Todo Backup product so much that I will gladly make a contribution for each copy that I use.
Is there some way I could make a donation for each copy I choose to use on my home pc’s?
The old-fashioned idea of being able to fully trial for an unlimited period, then being able to buy single-version copies outright, without having to “subscribe” or “renew” or “regularly upgrade”, suits my needs perfectly.
Your product, however, is so good that I would gladly pay a token amount per copy to support the continued free-access home-use policy.
SUGGESTION
I have two small usability improvement suggestions to offer.
On the Backup tab In the Backup Management dialog where it shows all tasks/plans, it would be great to see the last-run and/or next scheduled time for each task/plan.
I would find this more useful than the Created Time field, currently shown.
Another little bit of feedback was when I started using the product, in that same summary dialog it has the Status column.
To me, “Started” means the backup task is actually performing a backup, though I quickly realised it meant the task was loaded and waiting for the next execution.
Maybe a status of “Scheduled” would be more descriptive?
(e.g. Status’ could be .... Started(or Running); Scheduled(or Pending);Paused)
Thanks for a great product.
Keep up the great work and please keep a “free” (or very cheap) version for other small users like myself – with the option to donate
Regards
Colin J Sanders Automation Analyst, Dip Elec., MCSE, ITIL, PRINCE
Technology Tamed ®
A.B.N. 13 442 206 580
Blogs: TechTamed Discussion digital-video-security
Colin J Sanders Automation Analyst, Dip Elec., MCSE, ITIL, PRINCE
Technology Tamed ®
A.B.N. 13 442 206 580
Blogs: TechTamed Discussion digital-video-security
Skype: automation_man
Monday, 13 June 2011
More on CCProxy and Home Web Access Management
Well I've had a 10-client license CCProxy(TM) installed and operational for twelve days now, and I simply cannot sing its praises loudly enough!
Their email support has been exemplary (even in the face of a "dumb-user-error" on my part)
Everything I have wanted it to do, ... it has done.
Three times I have wanted special functions from the product and every time it was already there, built-in and available, with some additional explanation from the support team.
Specifically I wanted:
iPods only access web from 5am to 10:30PM M~F, cant access Facebook(TM), Tumblr(TM), Picnik(TM) during homework times
PC's access web any time, cant access Facebook(TM), Tumblr(TM), Picnik(TM) during homework times
M~F
etc
As per my first blog on this topic, they explained how that was done
i.e. When you enter an allow filter for an IP/MAC it shows a user count of 1
When you then enter a blocking filter for that same IP/MAC it shows a user count of 2
... even though its for the one user and one device
Once again, however, the authors had thought of this, because the user-count from a license perspective is the number of concurrent users accessing the system at one time.
To quote their response:
The drop-down filter allows filtering on any ONE of the defined User names e.g.
User1_PC-Allow OR User1_PC-Filter OR....
Whereas I wanted all entries starting with User1 e.g.
User1_PC-Allow; AND User1_PC-Filter; AND User1_iPod-Allow; AND User1_iPod-Filter
The solution was as simple as entering the string into the "Log Analysis" "Filter" textbox then clicking "Analysis" and waiting ... the waiting bit was what this "dumb-user" got wrong - DOH!
Two final tips for this blog:
Their email support has been exemplary (even in the face of a "dumb-user-error" on my part)
Everything I have wanted it to do, ... it has done.
Three times I have wanted special functions from the product and every time it was already there, built-in and available, with some additional explanation from the support team.
Specifically I wanted:
To be able to set up multiple time/web filters per user/device
e.g. iPods only access web from 5am to 10:30PM M~F, cant access Facebook(TM), Tumblr(TM), Picnik(TM) during homework times
PC's access web any time, cant access Facebook(TM), Tumblr(TM), Picnik(TM) during homework times
M~F
etc
As per my first blog on this topic, they explained how that was done
I did not want each separate filter definition to consume one of my 10 user licenses
In my first blog on this subject I had saidThe catch with this approach is that it appears to consume TWO client licenses so in our case we need a minimum of FOUR licenses per child (2 per iPod and two per desktop - per child) so there go eight licenses immediately. This means we are forced to buy the minimum paid license which happens to be 10-user for US$70 (as at Jun 2011). Still that is a one-off cost so for the flexibility its not bad.
i.e. When you enter an allow filter for an IP/MAC it shows a user count of 1
When you then enter a blocking filter for that same IP/MAC it shows a user count of 2
... even though its for the one user and one device
Once again, however, the authors had thought of this, because the user-count from a license perspective is the number of concurrent users accessing the system at one time.
To quote their response:
The number of accounts is based on online clients which means you can create 20 accounts, only 10 of them available at the same time.I wanted to be able to filter the logfile analysis by pattern-matching rather than individual definitions
The drop-down filter allows filtering on any ONE of the defined User names e.g.
User1_PC-Allow OR User1_PC-Filter OR....
Whereas I wanted all entries starting with User1 e.g.
User1_PC-Allow; AND User1_PC-Filter; AND User1_iPod-Allow; AND User1_iPod-Filter
The solution was as simple as entering the string into the "Log Analysis" "Filter" textbox then clicking "Analysis" and waiting ... the waiting bit was what this "dumb-user" got wrong - DOH!
Two final tips for this blog:
- Even though the default time blocks are hour-to-hour, minuted periods can be manually specified
e.g.
If you use the tick-boxes to select filter times you only have 00:00~01:00, 01:00~02:00 ...22:00~23:00, 23:00~00:00.
You can however, specify times such as 20:00-23:30 by typing it into the daily time schedules. - I found it helpful to visually record my filter definitions in an excel spreadsheet so I could visualise the times I wanted to apply filtering or blocking on
Wednesday, 1 June 2011
Manage Family Web Access using CCProxy
After messing around with Norton Internet Security(TM) trying to use their "Parental Controls" and finding nothing but frustration with the limited functionality, I finally put procrastination aside and decided to try implementing a PROXY server to provide the level of control I was seeking.
The big limitation most products have is that while they may allow (some) site and time restrictions, most of them don't seem to combine both features very well (if at all).
After looking at a whole raft applications (like Norton Internet Security, OpenDNS(TM), Net Nanny(TM) and the like) I decided I didn't want to spend the sort of money some of these products were asking and most of the "free" ones just didn't cut it in terms of functionality and flexibility.
I started to focus what proxy offerings were out there and after trying a bunch of both paid and free ones, I've finally settled on CCProxy(TM) (current version 7.2).
The key reasons I chose CCProxy over others I considered were:
Let me say up front that I purposely have chosen not to make this solution hack-proof and un-able to be bypassed.
I had a fairly secure, working, home network, which I wanted to put a configurable filter in for individual devices.
I did not want to alter the network config any more than absolutely necessary.
I am also relying on my kids not reconfiguring their browsers to use the unfiltered route to the internet as I want them to learn self restraint by being made aware that there are appropriate times to conduct various internet activities.
OK here's our setup and what I wanted to achieve:
We have a home Local Area Network (LAN) with an ADSL router providing Network Address Translation (NAT) fire-walling from the internet.
That then connects to a multi-switched network, one switch also providing b/g/n WiFi
There are six client PC's, one printer, four netbooks, three iPods, an eReader and a Wii connecting to the network
It is these two PC's and the kids two iPods which I have set out to manage, because despite reasonable self-control, both kids can "loose" an inordinate amount of time in their use of Facebook, Tumblr, Picnik etc.
First Criteria - be a Windows based proxy
...for the reasons stated above.
It also needed to be able to run on XP workstation (not server - as I don't currently have server running on anything but my testbed machine)
It should not be too resource intensive because the CCTV software chews a vast amount of resource when running a large number of cameras
Second Criteria - MAC filtering
While the network is pretty tightly locked down with static IP addresses on all the cabled devices and individual internet security suites on each of the clients, it just wasn't going to be practical to assign static IP addresses to all the radio devices because we wanted to use them in other DHCP ( Dynamic Host Configuration Protocol) enabled environments such as MacDonalds, the school network, coffee shops, etc.
DHCP allocates an IP address to a device from a range of possible addresses, so for the the iPods and Netbooks we wanted to control, the first selection criteria was that Media Access Control (MAC) address filtering had to be possible, because that is a fixed address no matter what the IP address the device has.
Third Criteria - scheduled internet (web) access
We wanted to be able to completely deny all web access after certain times at night (e.g. 9~11pm) and not re-enable before certain times in the morning (e.g. 5~7am)
Fourth criteria - different per-person schedules (i.e. per-device)
Because of age and work commitment differences we wanted to be able to allow more "social" web access time for one than the other, yet more "overall" web access time for the older one who now uses the web for a lot of legitimate research and resource acquisition.
Fifth criteria - constrained site access within allowed web access window
Not too many products seemed to provide this!
So the objective here was to allow general web access from morning till night but at certain times, preclude access to certain time-consuming sites such as Facebook(R), Tumblr(R), Picnik(R) Twitter(R) and the like.
To add complexity, we wanted the applications and the duration of those limited access times to also be tailored to the individual.
On the P4 2.4GHz 2GB RAM XP Professional CCTV/Backup system, I set a System Restore Point then following the ccproxy_quick_start.pdf, executed the CCProxy trial installer.
A couple of minutes latter it was installed! That was all there was to it!
The installation relies on the installation machine having the correct default gateway defined for access to the internet.
From there I followed the clearly explained quick start guide, to set up my first user, a simple web filter and a schedule, before moving on to the slightly more complex task of defining a scheduled-web-filter then multiple scheduled-web-filters set within each other ... as I'll describe below.
I started by using my own workstation as the test target to make sure I could;
All I had to do on my workstation was go into my web browser (Firefox(TM) in this instance) and under
Tools-Options-Advanced-Network-Settings, select Manual Proxy Configuration: and enter the IP address of my system where I had installed CCProxy.
I also ticked the Use this proxy server for all protocols checkbox
One thing to remember when you are testing if its all working, is that if you have allowed access to and accessed a web site, then closed the browser (or tab), reconfigured the proxy to prohibit that site then retried accessing the site, it may appear that the proxy is not prohibiting access!
Not-so!
Clear the browser cache on your client and again try accessing the site and you will get the proxy warning regarding time or site access restrictions.
With the simple stuff all working, I moved on to the more complex task of seeing if I could schedule not only overall web access times, but also when certain sites were blocked (or allowed).
That turned out to be as simple as going into the Edit option of a particular client (my workstation) and selecting not EITHER a Web Filter OR a Time Schedule but rather selecting BOTH, at which point the chosen Web Filter is applied according to the chosen Time Schedule (simple eh!)
Using a Permit Category: Permit Only and an Auth Type: MAC address I created an account which I called WebAllowed using the MAC address of my client.
I checked all the protocol boxes (www, Mail, Telnet etc) along with Time Schedule: where I selected my already defined Time0500-1700_2000-2300 schedule
This meant my workstation (based on it's MAC address and regardless of it's IP address) would be granted internet access for all selected protocols from 5am to 5pm then again from 8pm till 11pm every weekday; from 5am to 10am, midday to 2pm and 5pm to 11pm Saturday
from 5am to 11pm Sunday
Next I created a complementary Time Schedule to "fill-in-the gaps" of the first schedule
No effect Sunday
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 10am-12 and 2pm-5pm
I also created a HomeworkDeny Web Filter thus:
As you can see , I chose to forbid web sites using the Site Filter checkbox then set "Forbidden Sites" filters for both un-secure (http) and secure (https) traffic (which uses port 443) for both Facebook and Tumblr
You can't quite see it in the graphic but to define the port you want to filter you specify colon{port-number}after the site address.
e.g. *.tumblr:443
Now the nifty bit.
You create a second account for the same device (using the same MAC address)
So again ...
Using a Permit Category: Permit Only and an Auth Type: MAC address I created an account which I called WebRestricted again using the MAC address of my client.
I again checked all the protocol boxes (www, Mail, Telnet etc) along with Time Schedule: where this time I select my already defined second (complimentary) Time1700-2000 schedule
This now means my workstation (based on it's MAC address and regardless of it's IP address) will still be granted internet access for all selected protocols from 5pm to 8pm every weekday;
from 10am to midday and 2pm to 5pm Saturday
with no access-control (by this schedule) on Sunday
So when the two schedules are combined, the effect is that this one device (based on its MAC address) has web access all the way from 5am to 11pm every day
But now ...
In this second account definition we also apply a Web Filter using the HomeworkDeny filter we defined previously, so the times specified in the schedule for this second account (for the one machine) prohibits the sites specified in the HomeworkDeny filter during the times specified in the Schedule for this second account definition, yet still allowing all other internet traffic to all other sites during these times
The catch with this approach is that it appears to consume TWO client licenses so in our case we need a minimum of FOUR licenses per child (2 per iPod and two per desktop - per child) so there go eight licenses immediately. This means we are forced to buy the minimum paid license which happens to be 10-user for US$70 (as at Jun 2011). Still that is a one-off cost so for the flexibility its not bad.
Two other noteworthy points:
The big limitation most products have is that while they may allow (some) site and time restrictions, most of them don't seem to combine both features very well (if at all).
After looking at a whole raft applications (like Norton Internet Security, OpenDNS(TM), Net Nanny(TM) and the like) I decided I didn't want to spend the sort of money some of these products were asking and most of the "free" ones just didn't cut it in terms of functionality and flexibility.
I started to focus what proxy offerings were out there and after trying a bunch of both paid and free ones, I've finally settled on CCProxy(TM) (current version 7.2).
The key reasons I chose CCProxy over others I considered were:
- It is a windows based product
(I could have gone the linux route using squid, and I'm sure it would have done all I wanted, however, I'm not really a linux guy but know my windows and networking pretty well) - It will run on plain old XP - e.g. it doesn't need Windows server or any "special build" to make it work
- It will work on a single-homed machine - i.e. just a single network card
- To achieve what I wanted, all I had to do was reconfigure the browsers on the clients I wanted to control.
- It had a free and un-crippled trial offering so I could check it out properly before committing to buy it
- The purchase price for 10-user home use was "very reasonable"
- MOST IMPORTANTLY - I could configure it the way I wanted!
Let me say up front that I purposely have chosen not to make this solution hack-proof and un-able to be bypassed.
I had a fairly secure, working, home network, which I wanted to put a configurable filter in for individual devices.
I did not want to alter the network config any more than absolutely necessary.
I am also relying on my kids not reconfiguring their browsers to use the unfiltered route to the internet as I want them to learn self restraint by being made aware that there are appropriate times to conduct various internet activities.
OK here's our setup and what I wanted to achieve:
We have a home Local Area Network (LAN) with an ADSL router providing Network Address Translation (NAT) fire-walling from the internet.
That then connects to a multi-switched network, one switch also providing b/g/n WiFi
There are six client PC's, one printer, four netbooks, three iPods, an eReader and a Wii connecting to the network
- The Wii, iPods and eReader all use the WiFi.
- The Netbooks can be cabled or WiFi
- The rest are all cabled.
It is these two PC's and the kids two iPods which I have set out to manage, because despite reasonable self-control, both kids can "loose" an inordinate amount of time in their use of Facebook, Tumblr, Picnik etc.
First Criteria - be a Windows based proxy
...for the reasons stated above.
It also needed to be able to run on XP workstation (not server - as I don't currently have server running on anything but my testbed machine)
It should not be too resource intensive because the CCTV software chews a vast amount of resource when running a large number of cameras
Second Criteria - MAC filtering
While the network is pretty tightly locked down with static IP addresses on all the cabled devices and individual internet security suites on each of the clients, it just wasn't going to be practical to assign static IP addresses to all the radio devices because we wanted to use them in other DHCP ( Dynamic Host Configuration Protocol) enabled environments such as MacDonalds, the school network, coffee shops, etc.
DHCP allocates an IP address to a device from a range of possible addresses, so for the the iPods and Netbooks we wanted to control, the first selection criteria was that Media Access Control (MAC) address filtering had to be possible, because that is a fixed address no matter what the IP address the device has.
Third Criteria - scheduled internet (web) access
We wanted to be able to completely deny all web access after certain times at night (e.g. 9~11pm) and not re-enable before certain times in the morning (e.g. 5~7am)
Fourth criteria - different per-person schedules (i.e. per-device)
Because of age and work commitment differences we wanted to be able to allow more "social" web access time for one than the other, yet more "overall" web access time for the older one who now uses the web for a lot of legitimate research and resource acquisition.
Fifth criteria - constrained site access within allowed web access window
Not too many products seemed to provide this!
So the objective here was to allow general web access from morning till night but at certain times, preclude access to certain time-consuming sites such as Facebook(R), Tumblr(R), Picnik(R) Twitter(R) and the like.
To add complexity, we wanted the applications and the duration of those limited access times to also be tailored to the individual.
How CCProxy met ALL those criteria
I downloaded the trial (3-user limited) installer from the Youngzsoft(R) download site. (1.4MB)On the P4 2.4GHz 2GB RAM XP Professional CCTV/Backup system, I set a System Restore Point then following the ccproxy_quick_start.pdf, executed the CCProxy trial installer.
A couple of minutes latter it was installed! That was all there was to it!
The installation relies on the installation machine having the correct default gateway defined for access to the internet.
From there I followed the clearly explained quick start guide, to set up my first user, a simple web filter and a schedule, before moving on to the slightly more complex task of defining a scheduled-web-filter then multiple scheduled-web-filters set within each other ... as I'll describe below.
I started by using my own workstation as the test target to make sure I could;
- redirect my browser via the proxy
- filter a particular web site, then multiple web sites
- set a schedule when my web access was allowed/prohibited
All I had to do on my workstation was go into my web browser (Firefox(TM) in this instance) and under
Tools-Options-Advanced-Network-Settings, select Manual Proxy Configuration: and enter the IP address of my system where I had installed CCProxy.
I also ticked the Use this proxy server for all protocols checkbox
[Note: an Internet Explorer(TM) example is provided in the quick start guide]
One thing to remember when you are testing if its all working, is that if you have allowed access to and accessed a web site, then closed the browser (or tab), reconfigured the proxy to prohibit that site then retried accessing the site, it may appear that the proxy is not prohibiting access!
Not-so!
Clear the browser cache on your client and again try accessing the site and you will get the proxy warning regarding time or site access restrictions.
With the simple stuff all working, I moved on to the more complex task of seeing if I could schedule not only overall web access times, but also when certain sites were blocked (or allowed).
That turned out to be as simple as going into the Edit option of a particular client (my workstation) and selecting not EITHER a Web Filter OR a Time Schedule but rather selecting BOTH, at which point the chosen Web Filter is applied according to the chosen Time Schedule (simple eh!)
OK so I created a Time Schedule called Time0500-1700_2000-2300 and set each day as shown here:
Using a Permit Category: Permit Only and an Auth Type: MAC address I created an account which I called WebAllowed using the MAC address of my client.
I checked all the protocol boxes (www, Mail, Telnet etc) along with Time Schedule: where I selected my already defined Time0500-1700_2000-2300 schedule
This meant my workstation (based on it's MAC address and regardless of it's IP address) would be granted internet access for all selected protocols from 5am to 5pm then again from 8pm till 11pm every weekday; from 5am to 10am, midday to 2pm and 5pm to 11pm Saturday
from 5am to 11pm Sunday
Next I created a complementary Time Schedule to "fill-in-the gaps" of the first schedule
No effect Sunday
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 5pm to 8pm
Applies 10am-12 and 2pm-5pm
I also created a HomeworkDeny Web Filter thus:
As you can see , I chose to forbid web sites using the Site Filter checkbox then set "Forbidden Sites" filters for both un-secure (http) and secure (https) traffic (which uses port 443) for both Facebook and Tumblr
You can't quite see it in the graphic but to define the port you want to filter you specify colon{port-number}after the site address.
e.g. *.tumblr:443
Now the nifty bit.
You create a second account for the same device (using the same MAC address)
So again ...
Using a Permit Category: Permit Only and an Auth Type: MAC address I created an account which I called WebRestricted again using the MAC address of my client.
I again checked all the protocol boxes (www, Mail, Telnet etc) along with Time Schedule: where this time I select my already defined second (complimentary) Time1700-2000 schedule
This now means my workstation (based on it's MAC address and regardless of it's IP address) will still be granted internet access for all selected protocols from 5pm to 8pm every weekday;
from 10am to midday and 2pm to 5pm Saturday
with no access-control (by this schedule) on Sunday
So when the two schedules are combined, the effect is that this one device (based on its MAC address) has web access all the way from 5am to 11pm every day
But now ...
In this second account definition we also apply a Web Filter using the HomeworkDeny filter we defined previously, so the times specified in the schedule for this second account (for the one machine) prohibits the sites specified in the HomeworkDeny filter during the times specified in the Schedule for this second account definition, yet still allowing all other internet traffic to all other sites during these times
i.e.
Web access only between A(5am) & D(11pm) and within that,
restrict certain sites during period B(4pm) thru C(8pm)
A(5am)------ all web ---------B(4pm)---web without some sites---C(8pm)--------- all web ---------D(11pm)------- No Web ------->A
The catch with this approach is that it appears to consume TWO client licenses so in our case we need a minimum of FOUR licenses per child (2 per iPod and two per desktop - per child) so there go eight licenses immediately. This means we are forced to buy the minimum paid license which happens to be 10-user for US$70 (as at Jun 2011). Still that is a one-off cost so for the flexibility its not bad.
Two other noteworthy points:
- To configure the iPod Safari browser to use the proxy. Go into Settings Turn WiFi ON Scroll down to Proxy Select Manual Supply the IP address of the CCProxy installation Supply the port (which if using default settings will be 808)
- Because this is a fully-fledged proxy offering, web-caching can be enabled on the proxy installation, however it does consume additional disk, memory and CPU resources, so that must be considered when deciding if there is value in avoiding repeated downloads of sites and potentially faster page delivery
Wednesday, 2 March 2011
ASUS 3G EeePC - 1000HG - PING but browser fails
Well I haven't blogged for a while, but for the sake of any other EeePC fanatics who are suffering the same frustration I have with my little netbook, here's a tip.
We have two of the ASUS EeePC 1000HG netbooks in the family (as well as a couple of the other models too) and we really love them.
At 9~10inches and very light, they are a GREAT for the kids to lug to college and my wife and I to use on the train to/from work each day.
We run all manner of software on them from games to Office apps, including Visio; Powerpoint; Access; etc. Sibelius music composition software, iTunes, etc etc etc.
With prior models, there was no inbuilt 3G capability so you had to continually carry and attach/detach the annoying external USB modem (an Huawei E220). They are a great little modem and worked well, it was just annoying having the thing hanging off the side of the netbook all the time and having to put it away every time you wanted to stow the netbook..
With the EeePC 1000HG came the on-board 3G modem, which in our case was the Huawei E770.
When I first set it up using a data-only SIM from the 3-Network here in Australia, it worked fantastically well, apart from the lousy coverage and below-average service which the carrier offered! (Thats what you get for $15/mth)
While I was away on a business trip I took works E220 USB modem which uses the OPTUS network carrier, so I didn't have to consume my bandwidth while I was connected to work. That was when my woes began.
I plugged the OPTUS USB modem into the netbook and as expected it came up and ask if I wanted to install the drivers for it. Naturally, I did ... the install which I had used several times without error on other laptops ... failed!
To cut the story short, it turned out the Huawei E220 install somehow conflicted with the internally installed Huawei E770 and then neither worked! Being away from home, I did not have the original driver disk which came with the Eee to reinstall the internal modem (nor did I have a portable DVD drive even if I had,had the disk) and I could NOT get the external one to play AT ALL! I wound up downloading over a rather slow conference WiFi connection, what I thought was the correct driver from ASUS, after searching on this ASUSTEK support page for my model (1000HG) , supplying my OS (WinXP) and downloading the offered 3G Wireless Driver. (as CMO_3G_Driver.zip)
Hindsight is a wonderful thing! I should have paid more attention, as it wasn't the driver for the Huawei modem! Again, a long story short ... that failed dismally! After some extended searches of forums I came up with the fact that the driver for the EeePC 1005PE was compatible with the 1000HG Huawei and comes in the form of 3G-HEM770-V2_0_3_824.zip, one source of which is http://dlcdnet.asus.com/pub/ASUS/EeePC/Driver/
Its about an 86MB zip so quite large over a slow WiFi link!
At-least I was operational again!
....BUT! .... All was NOT well!
Gradually as time went by the 3-network coverage became more and more unreliable as they merged with Vodaphone and demand on their resources increased. Somewhere in amongst trying to get their service to work reliably, one of the many useless support suggestions tipped my EeePC 3G Connection Manager over the edge. I could connect fine, I could use POP3 email (Outlook) and I could PING everything from the command prompt, but try and use any browser for HTTP and it gradually went from sporadic to unusable.
I tried everything I could think of. Emptying every cache known to man. Resetting route tables, hard-mapping DNS servers, re-installing the Windows modem connection. I even changed carriers, switching to the more reliable and better coverage of TELSTRA ... there wasn't much I didn't try. In the end when I could no longer use a browser at all, I bit the bullet and went back into control panel and completely removed all traces of the internal modem (E770), the external modem (E220) and the EeePC 3G Connection Manager.
I re-installed the the EeePC 3G Connection Manager by running the AsusSetup.exe found inside the extracted 3G-HEM770-V2_0_3_824.zip. This contains and reloads the drivers for the Huawei E770 modem.
Instantly upon restart and reload, all browsers were back to full functionality
One other thing to note which caused me some consternation at first, is the way the 3G Connection manager configures the dial-up connection. It sets the Advanced TCP/IP settings to "Use default gateway on remote network" so if you do an ipconfig /all it will show the Default Gateway as the same IP address as the IP address of the computer, allocated by the carrier's DHCP
Any questions on this, feel free to comment on this thread.
We have two of the ASUS EeePC 1000HG netbooks in the family (as well as a couple of the other models too) and we really love them.
At 9~10inches and very light, they are a GREAT for the kids to lug to college and my wife and I to use on the train to/from work each day.
We run all manner of software on them from games to Office apps, including Visio; Powerpoint; Access; etc. Sibelius music composition software, iTunes, etc etc etc.
With prior models, there was no inbuilt 3G capability so you had to continually carry and attach/detach the annoying external USB modem (an Huawei E220). They are a great little modem and worked well, it was just annoying having the thing hanging off the side of the netbook all the time and having to put it away every time you wanted to stow the netbook..
With the EeePC 1000HG came the on-board 3G modem, which in our case was the Huawei E770.
When I first set it up using a data-only SIM from the 3-Network here in Australia, it worked fantastically well, apart from the lousy coverage and below-average service which the carrier offered! (Thats what you get for $15/mth)
While I was away on a business trip I took works E220 USB modem which uses the OPTUS network carrier, so I didn't have to consume my bandwidth while I was connected to work. That was when my woes began.
I plugged the OPTUS USB modem into the netbook and as expected it came up and ask if I wanted to install the drivers for it. Naturally, I did ... the install which I had used several times without error on other laptops ... failed!
To cut the story short, it turned out the Huawei E220 install somehow conflicted with the internally installed Huawei E770 and then neither worked! Being away from home, I did not have the original driver disk which came with the Eee to reinstall the internal modem (nor did I have a portable DVD drive even if I had,had the disk) and I could NOT get the external one to play AT ALL! I wound up downloading over a rather slow conference WiFi connection, what I thought was the correct driver from ASUS, after searching on this ASUSTEK support page for my model (1000HG) , supplying my OS (WinXP) and downloading the offered 3G Wireless Driver. (as CMO_3G_Driver.zip)
Hindsight is a wonderful thing! I should have paid more attention, as it wasn't the driver for the Huawei modem! Again, a long story short ... that failed dismally! After some extended searches of forums I came up with the fact that the driver for the EeePC 1005PE was compatible with the 1000HG Huawei and comes in the form of 3G-HEM770-V2_0_3_824.zip, one source of which is http://dlcdnet.asus.com/pub/ASUS/EeePC/Driver/
Its about an 86MB zip so quite large over a slow WiFi link!
At-least I was operational again!
....BUT! .... All was NOT well!
Gradually as time went by the 3-network coverage became more and more unreliable as they merged with Vodaphone and demand on their resources increased. Somewhere in amongst trying to get their service to work reliably, one of the many useless support suggestions tipped my EeePC 3G Connection Manager over the edge. I could connect fine, I could use POP3 email (Outlook) and I could PING everything from the command prompt, but try and use any browser for HTTP and it gradually went from sporadic to unusable.
I tried everything I could think of. Emptying every cache known to man. Resetting route tables, hard-mapping DNS servers, re-installing the Windows modem connection. I even changed carriers, switching to the more reliable and better coverage of TELSTRA ... there wasn't much I didn't try. In the end when I could no longer use a browser at all, I bit the bullet and went back into control panel and completely removed all traces of the internal modem (E770), the external modem (E220) and the EeePC 3G Connection Manager.
I re-installed the the EeePC 3G Connection Manager by running the AsusSetup.exe found inside the extracted 3G-HEM770-V2_0_3_824.zip. This contains and reloads the drivers for the Huawei E770 modem.
Instantly upon restart and reload, all browsers were back to full functionality
One other thing to note which caused me some consternation at first, is the way the 3G Connection manager configures the dial-up connection. It sets the Advanced TCP/IP settings to "Use default gateway on remote network" so if you do an ipconfig /all it will show the Default Gateway as the same IP address as the IP address of the computer, allocated by the carrier's DHCP
Any questions on this, feel free to comment on this thread.
Subscribe to:
Posts (Atom)