Monday, November 7, 2016

Please Vote for Gigastrand OS on Distrowatch

Nearly 2 years and 3 versions ago, Gigastrand OS was submitted to Distrowatch. We are listed on the site but, like some other distros, we are sort of stuck in limbo on the Distrowatch site. There is a list where you can recommend / vote for a distro to move it along in the process.


For those who do not know what Distrowatch is, it is a website that lists and tracks all of the different Linux distributions. It has been around for a long time and is the go to place for Linux enthusiasts.


We would like to see how many votes we can get from our users on the site. The first thing you have to do is go to the Distrowatch website (link below).


https://distrowatch.com/dwres.php?resource=submit


Next find Gigastrand OS. An easy way to do this is to do a CtrL + f to open the find dialog. This will allow you to search the page and works in Chrome and most browsers.


Then, click the Recommend button next to Gigastrand OS. This will submit your vote for Gigastrand OS.


In the meantime, we are giving away the download version of Gigastrand OS for FREE until the end of the year as a thank you for supporting us through version 3.4. I personally feel that v3.4 is the best version of Gigastrand OS we have ever come out with.


Let’s see how many votes Gigastrand OS can get on Distrowatch!



Please Vote for Gigastrand OS on Distrowatch

Wednesday, November 2, 2016

Gigastrand re-releases OS 3.4 for a very good reason.

Gigastrand re-released Gigastrand OS 3.4 today for one very good reason: security.


The original image for Gigastrand 3.4 released about a week ago with a few minor enhancements and some security updates. Today’s release switches from OpenOffice to LibreOffice and adds a password reset tool that deletes itself from the desktop once it is used.


We decided it was time to switch to LibreOffice because it is better supported and more secure than OpenOffice. About the only thing OpenOffice had going for it was brand recognition.


The security tool is something we developed so users have a quick and easy way to set the root and user passwords after install. Once it is used once, the shortcut is removed from the desktop so it is not accidentally used again. The tool itself resides in the /etc/ folder.


A similar tool will be added to Gigastrand’s NVR software in the 1.5 release. Currently, you can reset the NVR password by going to Func and clicking on F12.


The aim in developing these tools is to prompt and assist end-users to secure their systems properly. Running default passwords on any device connected to the internet is never a good idea.


Included with this release is the Gigastrand NVR software – updated to 1.4. Some slight performance improvements have been included as well as a few new minor features.


 



Gigastrand re-releases OS 3.4 for a very good reason.

Gigastrand re-releases OS 3.4 for a very good reason.

Gigastrand re-released Gigastrand OS 3.4 today for one very good reason: security.


The original image for Gigastrand 3.4 released about a week ago with a few minor enhancements and some security updates. Today’s release switches from OpenOffice to LibreOffice and adds a password reset tool that deletes itself from the desktop once it is used.


We decided it was time to switch to LibreOffice because it is better supported and more secure than OpenOffice. About the only thing OpenOffice had going for it was brand recognition.


The security tool is something we developed so users have a quick and easy way to set the root and user passwords after install. Once it is used once, the shortcut is removed from the desktop so it is not accidentally used again. The tool itself resides in the /etc/ folder.


A similar tool will be added to Gigastrand’s NVR software in the 1.5 release. Currently, you can reset the NVR password by going to Func and clicking on F12.


The aim in developing these tools is to prompt and assist end-users to secure their systems properly. Running default passwords on any device connected to the internet is never a good idea.


Included with this release is the Gigastrand NVR software – updated to 1.4. Some slight performance improvements have been included as well as a few new minor features.


 



Gigastrand re-releases OS 3.4 for a very good reason.

Monday, October 31, 2016

Anatomy of an unsuccessful NVR attack

One of our NVRs was attacked recently using a known attack that would have compromised or destroyed an off the shelf DVR. The operating system was corrupted by the attack, but it effectively stopped the attack in its tracks. The damage was repaired in less than 45 minutes and only the software was affected.


We have learned quite a bit from the analysis of this NVR system. The attack was designed for Busybox – a version of Linux that runs many different types of embedded devices including security cameras and cheap DVR systems. The point was apparently to gain access to the system in order to use it in a distributed denial of service attack (DDoS).


We have been implementing new security rules on our NVR systems – with this system next on the list. We developed new security procedures after we posted this story from Ars Technica on our Gigastrand Facebook page. Changing default passwords is an easy and effective way to protect your system.


Many cameras also come with a proxy or Dynamic DNS service that allows easy access directly to the camera through a firewall. Gigastrand has been disabling these services on the cameras it sells. We recommend this for everyone using similar equipment.


We will soon be implementing changes that will make it easier for the end users to change default passwords on both the OS and NVR.



Anatomy of an unsuccessful NVR attack

Thursday, October 27, 2016

We tried a web traffic service - guess what we found.

About a month ago, we tried one of the many web traffic services from fiverr and analyzed the traffic. This is what we found:


  1. The traffic being driven to the site looked like a denial of service attack (DDoS). It was all bots, all Windows desktop PCs, and all highly suspect. While it was not a denial of service attack in the sense that it crashed the website, the traffic looked very much like a DDoS attack if it were done once every few seconds or so.

  2. The visitors were from different IPs. So it looked like unique visitors and sessions, but it was all bots.

  3. The product did not significantly impact bounce rate. It remained pretty much the same. Some bots would hang around and browse a couple of links at random to keep the bounce rate low. It was pretty easy to see what were bots and what were actual people as the browsing habits were different. Time per page was different.

  4. The product was advertised as “qualified” traffic. Not in the least. Bots from compromised Windows PCs do not count.

  5. The product was advertised as “unlimited” for 30 days. We got 700 to 800 sessions per day.

  6. The product was advertised as “1000+” visitors per day. We got 700 to 800 “visitors” per day.

The product as advertised is more or less a scam. It didn’t deliver what was promised and what it did deliver was on the backs of people with compromised machines (spyware/malware/virus) and that just isn’t right. If you have a low bounce rate, it will most likely drive the bounce rate up despite some of the countermeasures.


The most annoying thing it did was make it very difficult to properly analyze the qualified visitors. When we write an article and post it, the stats spike when people look at our post. It was very difficult to tell how big of a spike we had when we posted.


So, we are only out $6 in total but well worth the lesson. We won’t ask for our money back because we feel we got what we really were after out of it.


We are unable to review it on fiverr for some unknown reason.



We tried a web traffic service - guess what we found.

Tuesday, October 25, 2016

Gigastrand's 12 year old computer

In 2004, about the time Gigastrand was called LinspireNetwork, we built a computer. It was a secondary computer designed to run Linspire – a Linux OS we sold at the time. When Gigastrand was formed, it became the primary PC for Gigastrand in 2006.


pcdv0005


Since then, it has performed a number of tasks. In 2012, it was a development machine for Gigastrand OS and one of the first machines to be loaded with the new OS. It later became the Gigastrand internal server. I have written about it several times on the Mr. Gigabytes Blog and on LinspireNetwork (the predecessor of Gigastrand – long since defunct).


While this is the best documented PC, it is possibly not the oldest. From 2001 – 2004, Gigabytes Computer Store used a very specific type of computer case to build their PCs. We currently have one of those computers on our shelf.


cp1


When we found it, it was pretty much as you see it in the picture. Now it has been spray painted black and once served as a media center for my home. It has been recently restored as a media center in my home.


img00018


The story of longevity does not end there. From 1997 to 2006, I owned a Gateway 2000 PC that I kept running and functional. It served as the Gigabytes Computer Store’s point of sale and was eventually painted green and sold.


greenpos 1124_002greenpos


My home DVR has run since 2009 on all original hardware (sans main hard drive) and my original Gigastrand laptop ran for nearly 9 years before giving up the ghost in 2013.


2012-10-18-23-15-42


So, when it comes to choosing your next PC, are you going to choose one mass produced that might last a year or so? Or, will you choose one from a builder that knows how to make one that lasts?




Gigastrand's 12 year old computer

Friday, October 21, 2016

Gigastrand NVR Basic Functions





This video takes you through the basic functions of the Gigastrand NVR software including live view, playback, downloading, and adding cameras.