Resizing a VirtualBox hard drive image under Windows

Every once in a while I run out of hard drive space on one of my virtual machines. I used to go through wild gyrations to add an additional hard drive to the machine. It's actually much simpler to just expand the hard drive.

In my case, I'm using a Windows 7 guest OS inside a Windows 7 host OS. I do the following:

1. Shutdown the guest machine
2. Start a command prompt and type the following:
1. "c:\Program Files\Oracle\VirtualBox"\vboxmanage modifyhd Win7CppDev.vdi --resize 30720
3. You should be able to confirm that the drive is larger in File > Media Manager.
4. Boot the guest VM
5. Start Computer Management > Storage > Disk Management
6. Use "Extend Volume..." on C: partition to use the newly unallocated partition space.
7. Restart guest OS for good measure, even though I don't think it is needed.

Congratulations, you now have more space.

Android apps for finding my son's often-lost phone

I'm constantly convinced that my child is going to lose his phone. In fact, it's very common for him to misplace it at school, at practice, or even within the house. I've seen "Where's my iPhone/iPod?" installed on his iPod that seems like a decent idea, so I went in search of "Where's my Droid?" and found some decent options.

My basic requirements:

• Able to locate a phone within the house by remotely triggering a loud noise
• Able to locate a powered-on phone by GPS, WiFi, or 3G triangulation
• (the rarer one) Able to locate the last-known location of a phone when the battery dies

The ones I've seen recommended. I've tried a couple of them.

• ** Plan B and Lookout - (I like this one.) This allows you to install it AFTER you've lost your phone, which is interesting. Once the app starts, it starts sending emails to the registered email on the phone with the GPS location. You can simply go to the Google Play market place and select "Install" to push it to your device. It automatically wakes up starts sending emails. Pretty simple. It even works if the GPS is currently off. It also has a matching app called "Lookout" with some additional features that can make it scream or otherwise ring so you can hear it locally. COOL: The "Lookout" utility has a "signal flare" capability that automatically sends out last known location if the battery is about to die. You can also visit the Lookout.com web site, login with your gmail credentials, and use the controls to locate your device or make it "screem." Both features seemed to work pretty well.
• NOTE: One thing I don't like is signing into their site with your gmail password. I'm not sure I trust that.
• ** Where's my Droid (heavily downloaded and highly rated) - once installed, you can send it text messages "WMD GPS" or "WMD Ring" to have it locate itself. You can also link it to "Commander" (the online web site manager) with it's setup wizard on the phone. (NOTE: I saw an add for "Lookout" at the bottom of the screen). Once Commander is set up, you go to http://wheresmydroid.com/commander.html and click on the Commander icon to start. You log into the Google home page, then it starts the app. You can "get status," which sends a command to the phone and waits for a response with basic information about the phone. You send different commands to get "Quick" or "Accurate" GPS locations. There are pro features to take pictures or lock or wipe the device. The GPS response seems to take quite a while.
• Find my Phone
• Cerebus
• iHound
• Lost Phone
• Locate my Droid
• iTag

I'll edit and add more notes as I find them. For now, I might just stick with Plan B and Lookout.

Working with Samba user accounts

Working with something as simple as getting a couple users with various file permissions on Samba isn't as easy as I would have expected.

In order to control user permissions on a Samba file share, you need to do the following.

1. Create the user in unix. Use adduser or useradd. The user can have /usr/sbin/nologin to prevent console logins, if you desire. You can probably avoid giving them a password since the next command will take care of that.
2. Create the user with 'sudo smbpasswd -a User' and set the password AGAIN. This will sync it against the unix database.

After that, you can use 'sudo pdbedit -L' to see a list of valid Samba users.

Next, configure your smb.conf (/etc/samba) to use the following:

[global]

       security = user

[MyShare]

        comment = My Shared Storage

        path = /nas/MyShare

        browseable = yes

        guest ok = no

        writeable = yes

        create mask = 755

        read list = Home

        write list = Bob Fred Joe

        admin users = Sam

This will allow Sam to administer the share with root permissions. Bob, Fred, and Joe will be able to write files to the share. "Home" user will be able to read it, but not write data.

Setting start up position for Windows RDP Windows

I have an annoying situation where I create RDP windows and they seem to always start the same (but wrong) size. For example, one of my sessions starts "maximized" but only 1280x1024 sized so it ends up having scrollbars inside my 1920x1200 monitor. I then have to de-maximize it, move the window somewhere, and drag the corners to get it to the right size. Another one always starts up in a partial-sized window with scroll bars. When I drag to expand it, it snaps to the edge of the screen and Windows 7 tries to maximize it.

I figured out how to get them the way I like them. Start by editing the saved RDP file with a text editor that won't mess up the character encoding. (probably not Notepad or Wordpad.) Edit the 'winposstr' string. It looks like this:

winposstr:s:0,1,10,10,1708,1105

The values are

winposstr:s:0,windowState,xLeft,yTop,xRight,yBottom

I found that for a 1680x1050 window, I need to add 18 pixels to the width and 45 pixels to the height in Windows 7 to account for the borders. Then, you do the math for (x,y)+(width,height) to figure out the start position of the window and the right,bottom corner.

windowsState can be changed to control the initial maximized state of the window:

• 1 - normal
• 2 - unknown
• 3 - maximized

Save the RDP file, then

That's it.

Using Dell Smart Card Reader in VirtualBox guest via RDP

I've had a bunch of issues getting my VirtualBox guest machine to use the built-in Dell Latitude E6520 smart card reader. It seems to be a known issue with VBox, but basically the internal guest OS just doesn't see the device, or if it does, it can't use it. I've been working around the problem by purchasing an external USB smart card reader (SCM Microsystems SCR3310) to read my CAC.

My setup is as follows:

• Host: Dell Latitude 6520 laptop running Windows 7 64-bit, 8GB RAM, dual-core/dual-thread Core i5 to provide 4 virtual processors. Using latest copy of VirtualBox.
• Guest: Windows 2008 R2 Server, 4GB RAM, 3 processors.

I found a new trick that works. Instead of using the graphical console that VirtualBox gives me, I boot the VM into headless most (using command line), then use Remote Desktop Protocol to connect directly to the virtual machine. Note that I'm using the RDP service provided by Windows Server, NOT the RDP service provided by VirtualBox. That is, I RDP into the virtual machine and NOT to the RDP service offered on the host laptop that VBox intercepts. My exact steps were as follows.

• Configure the VM with a Bridged network adapter so it gets a similar address on your local network as your laptop. This could also probably be done by adding a "local only" network adapter. I don't think it will work properly with a NAT network. (I run both a NAT and a Bridged at the same time sometimes)
• Boot the Windows Server VM. Do NOT enable "Remote Display" in the display settings. You can either use the command line "VBoxHeadless -startvm my_vm" command, or just start it from the GUI and ignore the console.
• Make sure RDP is enabled in your Windows Server. Use the Server Manager and/or initial configuration wizard to do it, or just go through the control panel.
• Use CMD.exe with 'ipconfig' to make note of your IP address on the bridged network. (Example: 192.168.40.2)
• From the host laptop, start an RDP session
• Use host: 192.168.40.2 (or whatever the bridged address was)
• On the Local Resources tab, use "More..." and turn on "Smart Cards" check box

When it connects, you should now have access to your Smart Card. Additionally, it will detect the insert/remove events if you re-insert it (another thing that it doesn't do, even when I have my external smart card reader attached).

NOTE: In my case, I also had ActivClient installed on my Windows Server VM so that I could manipulate the smart card. I'm not sure if you need that or not.

Setting Netgear router to use OpenDNS as family web site filter

I've used OpenDNS a number of times in the past to restrict the sites that my kids can easily (or accidentally) visit from their computers. OpenDNS is a free Domain Name Service that you can use for your computers. It has filtering capabilities which prevent name resolution for sites that you want to have blocked. For example, if you don't want your computer to be able to surf to adult content sites, there's a check box. Then, when your browser requests 'naughtyvideos.com' web address, OpenDNS will return a harmless web site IP number that shows a page with "this site is blocked" message on it.

While OpenDNS is not completely fool proof from a security perspective, it definitely makes it more difficult to purpose-fully or accidentally visit sites that you don't think people should be visiting.

Setting up OpenDNS involves creating an account on their system (http://www.opendns.com) then setting your computer to use their DNS server instead of whichever one was provided by your internet service provider. I went a step further and actually programmed my wireless router to use OpenDNS so that it automatically handed out that server when it issued DHCP addresses.

First, you need an OpenDNS account. It's fairly simple to set up. During the process, you need to visit the "Dashboard" area and use the "Settings" tab to choose which kinds of sites you want to block for a particular network. I chose "Moderate" filtering which blocks most pornography/adult sites as well illegal activity, adware sites, etc.

Next, you need to configure at least one computer in your network to run the "OpenDNS Updater" agent. This installs on your PC and sends periodic updates to OpenDNS to know what your public (real) IP address is. OpenDNS uses your IP address to determine what filtering settings match your account. Since most home systems us dynamic IP address from their ISP, the updater makes sure OpenDNS knows who you are even if your address changes.

Finally, I set my router to use OpenDNS so that all the random wireless devices on my network would be properly filtered. In my case, I have a Netgear wireless router that I use inside my house.

1. Log into router as 'admin'
2. Go to "Basic Settings"
3. Set "Get Dynamically from ISP" for Internet IP Address unless you have a specific reason NOT to do so.
4. For Domain Name Servers (DNS) address, set to "Use these servers" and enter the numbers that OpenDNS publishes on their site
1. Primary: 208.67.222.222
2. Secondary: 208.67.220.220
5. Hit apply and allow your router to reboot.

Now, any device that connects to the wireless (or wired) network will automatically use OpenDNS for name resolution.

In my case, I have two routers on my network: and "outer" one that connects directly to my ISP and an "inner" network which I placed in a central location in the house so wireless works better. I configured the inner router to use OpenDNS and my outer one uses standard DNS. This allows me uncensored access to all sites from some of my computers. It also means that I needed to go around to some of my PC's in the house that were hard-wired to the outer network and specifically set them to use OpenDNS in the TCP/IP settings. OpenDNS provides some good instructions on their site for doing that.

That's it. A slightly-more-secure network that might do a slightly better job protecting my children from nefarious content out there.

Running eSATA drive with single cable from laptop

My Dell Latitude E6520 has a combo eSATA/USB port. They make SATA drives with external enclosures that should be able to hook up to this kind of things. USB, by spec, carries power. It seems reasonable that I should be able to get a cable and an enclosure that grab that power and push it to the drive while carrying data at the same time. Easier said than done.

Tried this combo:

• Dell Latitude E6520
• Star Tech "infoSafe" silver power eSATA to SATA external hard drive enclosure (S2510PESAT) - $25
• Aleratec Power over eASATA cable (X0003ZRM9F) - $12

Initial connection shows now power when using just the eSATA cable and enclosure. However, if I connect the funky USB pig tail, then the power comes on and it works. After investigating with StarTech and Alertec, I came to the conclusion that the cable wasn't correct. Alertec sent me a replacement cable and magically everything started working. The new (correct) cable had cable ends that were molded with the words "SATA + USB" on them, indicating that it knew it was using USB power. The original (incorrect) cable did not.

Original investigation certainly confirmed that all my concerns with the cable were true. This post (http://forum.notebookreview.com/dell-latitude-vostro-precision/390744-power-over-esata-latitude-e.html) talks about Dell E6500 not directly supporting it, although it supposedly has the "modes" for it. It leads to various places that don't really tell me if things are supposed to work. It also has a link to another thread with some more analysis: http://forum.notebookreview.com/hardware-components-aftermarket-upgrades/349325-esata-external-hard-drive-enclosure-supports-power-combo-usb-port.html 

When I talked to StarTech, they indicated that it should always work if the right cable is in place. The laptop does NOT do anything crazy like disabling the USB power when the eSATA is connected.  Their claims is that their ESATAUSB3 cable should work properly ($25 cable). Thankfully my $12 cable for Alertec worked AFTER they sent me the correct one. Demerits to them for sending me the wrong one the first time.

As another possible solution, there are reports that this $13 drive enclosure from geeks.com works for both AND includes a cable: http://www.geeks.com/details.asp?invtid=HE-2521B&AID=10439518&CJPID=3640576&cm_mmc=CJ-_-2617611-_-3640576-_-Geeks.com_Gifts. The pictures don't necessarily indicate that it has a single eSATA/power cable, so it's tough to tell. 

After hooking things up I determined that  the eSATA connection is about 2x as fast as the USB connection with nothing difference except the cable hookup. I can copy a 3GB file from laptop to external drive in about 60 seconds. The same file over USB takes 120 seconds. Read caching during the USB copying process actually causes it to peak at 100 MBs, then slowly ramp down to about 40 MBs during the first 60 sec of the transfer, but then it freezes at 100% status for another 60 seconds while it finishes writing things. With the eSATA copy, it was a more constant 40-50 MB/s and gave an accurate representation of 100% completion, then finished immediately.

Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn't seem to be set up to do it without some adjustment. These are the steps I used to enable smart cards (CAC) in Firefox.

First, you need some kind of client library that provides what Firefox needs. Two options for this are Active Client (standard use by DoD and other government agencies) and OpenSC. I chose OpenSC just because it seems to be fairly light weight and easy to install.

First, download and install OpenSC from it's web site. (http://www.opensc-project.org/opensc/wiki) Installation was fairly brain dead and easy. Unfortunately, it did NOT actually enable Firefox with the smart cards, so I had to use some older, more drastic methods.

I used and older set of instructions as a reference that popped up in Google: http://www.opensc-project.org/opensc/wiki/MozillaSteps. To do this, basically do the following:

1. Firefox: Tools > Options: Advanced tab
2. Manage Security Devices
3. "Load" a new security device
1. Name as "OpenSC PKCS#11 Module"
2. Browse to C:\Windows\System32\, choose opensc-pkcs11.dll
4. Click Ok, Ok, ..., Ok to finish everything

Now, when you access a CAC-required web site, it should pop up a box and ask you to select a smart card certificate. The interface isn't as pretty as either IE or Chrome, but it seems to work.

Update: I've noticed that accessing other SSL sites seems to be slightly broken now, so I'm not sure if this is a problem with OpenSC, or whether something else is going on.

Excellent plugin to view Firefox browsing trail as a hierarchical tree

I found a great plugin (add-on) for Firefox called "Tree Style Tab" that does an awesome job of organizing your open browser tabs in a hierarchical fashion that keeps track of nesting and the order in which you followed a trail while you chase down pages and information. It allows me to see the history of how I chased links and opened more tabs to go deeper down a search tree while researching some particular item. It gives an indication of the browser path or trail that you followed to get to a particular page in a tree hierarchy. It's similar to what I would call a "browser history tree" but is really about your current windows and tabs more than history.

Firefox Tree Style Tab Add-In

My problem: I use browser tabs. A lot. Meaning: it is not uncommon for me to have 50-100 of them open in 10-12 different windows at any given time. I usually know it's time to restart Firefox when it starts bumping up against the 2GB memory limit of a 32 bit process and I get 0.5 second delays when I type key strokes as it trundles through 2 GB of RAM trying to figure out what to do. Call it ADD, or whatever, but I use lots of browser tabs.

A typical use case for me is to chase down a technical solution to some problem I'm working on. It usually involves scouring Google and following trails of links looking for relevant information. One of the big drivers for having sooo many tabs is that I lose the ones I actually want to bookmark or otherwise make note of get lost among the other ones. I often want to go back up the tree a few pages to chase down the next set of potentially relevant links. Soon, I end up with so many horizontal tabs and windows that I can't keep track of ones that are actually useful as I assemble various pieces of the technical solution. The Tree Style Tab plugin allows me to get back up to the Google (or other) search that spawned my most recent train of thought. A similar case happens if I'm shopping for some technical item (e.g. a new PC) and need to do research around prices, specifications, etc. etc.

Awesome tool. I highly recommend it. I think it should be a standard feature of all browsers. Now, I just wish they had a version for Chrome, as well.