Ubuntu 16.04 Server LTS: Generation 2 Hyper-V VM Install

So you have downloaded Ubuntu 16.04 and noticed supports EFI, yet when you try to boot from the ISO message, you are greeted with a message stating that the machine does not detect it as an EFI capable disk, as shown below

 

Luckly this is an easy fix, as it is simply secure boot that Ubuntu/Hyper-V are having an argument over.

Turning off your VM, open up the settings page and navigate to the “Firmware” menu. As you can see in the first image below, “Secure Boot” is enabled (checked). To fix this, simply uncheck it as per the second image below, click “Apply” then “Ok”
Upon doing this and restarting your virtual machine, you will now be presented with the boot menu from the disk, allowing you to continue on your way

Have Fun

Justin

Access a Cisco Switch via USB Console

It may be that you want to use a USB cable, or it may be that just like me you forgot your USB to serial adapter, and now your faced with connecting to a Cisco switch with a USB cable rather than the serial cable on OSX.

Well how do we go about this, with Windows we could simply look up the port number in device manager, with OS X they do not use this reference, instead referring to the device as a TTY USB modem.

First we need to look up the device, which is contained with other devices in the folder /dev/, we also want to limit it to devices of the USB type so we are going to limit the command to that. Open terminal and type the following command;

ls -ltr /dev/*usb*

This will list all devices in the /dev/ directory (the devices directory) where it contains the key phrase usb within it, with all information, in a list with the most recently modified device (and therefore most likely the device we are looking for)

Your device will show up as something such as

tty.usbmodem.12a1

Now we have the path to the device, we need to open a console using it. In OS X the console utility screen is built in, so lets open it utilising this utility and a baud rate of 9600 which most devices will happily handle. To do this type;

screen /dev/tty.usbmodem.12a1 9600

What this command is stating is open screen on device /dev/tty/usbmodem.12a1 utilising a 9600 baud rate, no settings for stop bits etc are input, you can also utilise other baud rates if needed.

Your terminal will now connect to the console of the Cisco device, this should also however work for any other devices that utilises a USB chipset to communicate via serial emulation.

Justin

Secure that Synology

I have recently started moving long term storage & other bulk data off the high-powered servers I maintain at home for working on virtual machines and other projects, and on to two Synology NAS devices, specifically a DS-1815+ for my parents and a DS-2415+ for myself. Both of these have had the official 4GB RAM upgrade installed to give each 6GB of RAM and each has only half of its bays currently populated with 8TB Seagate Archive HDD’s (so 4 in the DS-1815+ giving a total of ~15TB formatted allowing for a two disk redundancy, and 6 in the DS-2415+ giving a formatted capacity of ~30TB, again with two disk redundancy).

What I needed to do with this however is secure it as best possible without effecting the way either myself of my parents use the devices. However I have also moved several “low resource” tasks directly to the NAS to remove them from the server, what this will allow me to do is turn the power-hog of a server off when I do not need it for work, saving money. I will take you through each of these items as I get the time, but basically the following have been moved

  • File Storage
  • PLEX Server
  • Time Machine
  • BitTorrent (BT) Sync
  • SickBeard
  • SabNZBd
  • CouchPotato
  • Crashplan

To reduce the likelihood of anything causing issues with the Synology devices, and to secure them as best as possible as outlined above there are a few things that can be done.

01. Keep your NAS up to date
Your NAS like any computer (as that is essentially what a NAS is, a specialised computer) will from time to to time, have security issues identified and patched, as well as new features published, and as such it should be kept up to date. The Synology system like most computer systems these days, there is an option to have it automatically taken care of for you by the operating system (in the case of the Synology it is called Disk Station Manager or DSM) and it is a simple process to so.

Open Control Panel

SYNO-GEN-Desktop-CP
Control Panel on Desktop

 

SYNO-GEN-StartMenu-CP
Control Panel in Start Menu

Click “Update & Restore” in the “System” Menu or alternatively if you already have the control panel open in the Left Hand Menu Scroll down to “Update & Restore” and single click.

SYNO-SEC-ControlPanel-Basic-UR
Basic Control Panel
(Click “Advanced Mode” to change)

 

SYNO-SEC-ControlPanel-Advanced-UR
Advanced Control Panel
(Click “Basic Mode” to change)

Select “Update Settings”

SYNO-SEC-UpdatesMain
Open Update Settings

Select either “Newest DSM and all updates” (my preference) or “Important Updates Only”, check the “Check for DSM updates automatically” checkbox and select settings that suit you. I personally use and recommend “Install newest DSM update automatically” although you may want to choose “Install Important DSM Updates Automatically”, however I would caution against using “Download DSM updates but let me choose whether to install them”. This setting may be appropriate in some situations such as hosting business data and wanting to let it sit there for a couple of days to give the community time to vet it first, but on the whole I have not had issues with the first option and as such continue to use it. However remember, even though its a NAS you should still have a backup

SYNO-SEC-UpdateSettings
Update Settings Details

Click OK to save and commit the changes

02. Update Packages Automatically
Updating your packages on the device is just as important as keeping the device itself up to date. Fortunately Synology have once again made this a simple process.

Open Package Centre

SYNO-GEN-Desktop-PC
Package Centre – Desktop

 

SYNO-GEN-StartMenu-PC
Package Centre – Start Menu

If you have not used “Package Centre” before you may need to agree to the terms and conditions

SYNO-GEN-PC-TNC
Terms and Conditions Screen
Click “OK”

Click on Settings

 

SYNO-SEC-PC-Settings
Package Centre – Settings Selection

Select “Auto Updates”


SYNO-SEC-PC-Settings-Main
Select Auto Updates (Highlighted)

 

Ensure that “Update packages automatically” is selected. I usually use the “All Packages” option, however in a few cases I have had to use individual selections due to the updating of some components breaking others.

SYNO-SEC-PC-Settings-AutoUpdates
Ensure that “Update packages automatically” is selected

 

Click OK to save and update the settings

03. Install Antivirus
A NAS like any network (and internet) connected device will from time to time have issues that could allow a virus or other malware on to the system such as SynoLocker that was going around a while back. To combat this I highly suggest you install an Antivirus solution such as the Antivirus Essentials package from Synology. I do not know how this compares to the McAfee solution (which is only a trial and requires payment) also available as I refuse to use the McAfee as a point of principle, nor do I know its strike rate versus what you would get on a “normal” PC installation of an antivirus. But it never hurts to have it there anyway. I would also recommend setting up the antivirus to run a scan on a regular basis such as the one on your desktop, laptop or tablet should. To do this it is reasonably simple

Open Package Centre

SYNO-GEN-Desktop-PC
Package Centre – Desktop

 

SYNO-GEN-StartMenu-PC
Package Centre – Start Menu

If you have not used “Package Centre” before you may need to agree to the terms and conditions

SYNO-GEN-PC-TNC
Terms and Conditions Screen
Click “OK”

 

On the menu on the left hand side of the package centre select security

SYNO-SEC-AV-PC-SC
Opening page of Package Center with Security Highlighted

 

On the Security packages page you will see the “Antivirus Essentials” package (by default they are displayed in alphabetical order). Under “Antivirus Essentials” click install, and wait for the install to proceed.

SYNO-SEC-AV-PC-IN
Package Centre Security Packages with Install “Antivirus Essentials” highlighted
SYNO-SEC-AV-PC-IN-4
Installing “Antivirus Essentials”

Upon successfully completing the installation you will get notifications in the top right corner, the notification centre, and the button below the “Antivirus Essentials” logo will change from “Install” to “Open”. Click “Open” to open the Antivirus essentials package.

SYNO-SEC-AV-PC-OP
Install complete
Install button is now open button
Click this and open the package

Upon opening the package you will be presented with the default screen, on the left hand side select “Settings”

SYNO-SEC-AV-FP
“Antivirus Essentials” start screen with “Settings” highlighted

Under the “Update” section, ensure the “Update virus definition before scanning” checkbox is checked (enabled), we do not want to scan with old definitions now do we, that would be silly

SYNO-SEC-AV-DT
Select “Update virus definitions before scanning”

In the left hand column select “Scheduled Scan”, you will most likely be presented with a blank schedule as by default no scans are scheduled, to create a schedule click on “Create” which is a the top left of the right hand section of the page.

SYNO-SEC-AV-SS
By default there are no scheduled scans

The next settings are really up to you, but I normally select “Full Scan” unless there is a compelling reason not, fill in the “Date” and “Time” fields with your desired settings, click OK and the item is created in the schedule.

SYNO-SEC-AV-SS-WD
My Weekday Schedule
SYNO-SEC-AV-SS-WE
My Weekend Schedule
SYNO-SEC-AV-SS-F
My Complete Schedule

Close the App, All done

Please note you do not have to have just one scheduled scan, as above personally I use two, one at midday for each weekday as I am in theory not home using the NAS as I am at visiting clients, and on weekends it runs at 3 AM. I could do 3 AM daily, but I have other tasks that start at 2AM (specifically the DSM update check) and I want to reduce the likelihood of one conflicting with the other

04. Configure and use the Synology Device Firewall
Whilst your NAS may not be on the internet, more commonly you will be using some services, and whilst your router will provide a little protection, it is better to create explicit rules on the device to protect it from attacks.

Personally with this I use three rules to keep it simple; The first rule allows full access from the local network, although ultimately once I have things settled down at each site I tend to secure it allowing only the protocols and ports through that are required for that site. The second rule allows traffic from Australia and the UK (as my brother is currently residing in the UK) and the final rule blocks everything else.

To do this follow these instructions

Open Control Panel

SYNO-GEN-Desktop-CP
Control Panel on Desktop
SYNO-GEN-StartMenu-CP
Control Panel in Start Menu

The next thing you will have to do is dependent on your view of the control panel, if you are in “Basic Mode” you will need to click on “Advanced Mode” in the upper right hand corner of the “Control Panel”, if you are already in advanced mode continue to the next step.

Basic Control Panel - "Advanced Mode" Highlighted
Basic Control Panel – “Advanced Mode” highlighted

In “Advanced Mode” you simple click the “Security” item


Advanced Mode - "Security" Highlighted
Advanced Mode – “Security” Highlighted

Opening this Security section drops you into the “Security” subpage, as such you will need to select “Firewall” from the tabs at the top

Security Page - "Firewall" tab highlighted
Security Page – “Firewall” tab highlighted

In the firewall tab, by default there is no rules so you will need to create them, you do this by clicking create in the upper left corner of the right hand page section

Home page of the "Firewall" tab
Home page of the “Firewall” tab

Once you have clicked create you will be shown a basic menu for creating the rule structure

Basic Rule creation window
Basic Rule creation window

Now while clicking OK in the above window would create a rule, it would create a rule allowing all traffic from every device, everywhere to all services that you currently have, or may create in future on the NAS device (assuming the appropriate NAT forwards in in place anyway) so we need to not click OK and modify some settings to make it useful

Firstly we are going to create a network rule to allow all access from the local network, so we are going to change the “Source IP” section to the “Specific IP” section (yes even though we are allowing a whole network). Now this seems to be a non-issue as I have never had local access denied to the device, but as we will be putting a deny all in later its better to be safe than sorry as in the future this may change.

Create Firewall Rule based on IP (Range)
Create Firewall Rule based on IP (Range)

After changing Source IP to the “Specific IP” Radio button, click the now working “Select” button to the right of it, this will bring up the IP input menu. Once the below input box has popped up, change the radio button option to either “Subnet” if you want to allow the whole subnet or “IP Range” if you want just a range of IP’s. I have used the subnet option and put the network address in the “IP address” field in my case this is 172.16.1.0 and the subnet mask in the “Subnet mask/Prefix length” field in my case this is 255.255.255.128. If you want to use the “IP range” option put the first (lower) IP address of the range in the “From” field. and the last (higher/upper) IP address in the “To” field. Click OK to save your input data, and “OK” once again to save your rule

Dialogue Box for IP input
Dialogue Box for IP input

Clicking on “Create” again we will now create a regional allow for the regions/countries you want, the first part of this is changing the “Source IP” field so that the “Region” radio button is selected

Create firewall rule based on region
Create firewall rule based on region

Once it is selected, again click the “Select” button, this will bring up an input box requesting you to select regions, in my case I want to select Australia and Great Britain. Click “OK” once the regions are selected to save your selection, and “OK” once again to save your rule

Selecting Australia
Selecting Australia
Selecting Great Britain
Selecting Great Britain

Now creating a region based filter may be a bit over the top to some considering I travel often, but it’s not that hard to change so when I or another family member travels overseas and requires access to the NAS I simply add the areas that are being visited to the allow rule.

Finally we want to create an explicit deny rule. What this rule does, is deny any access to the NAS that does not meet the rules above it. Due to the way this works, this should always be the last (bottom) rule on the firewall, as everything will match it so any rules below it will not be processed. To create this rule it is even easier than the others. Once again click the “Create” button, bringing up the popup. We want to leave both the “Ports” and “Source IP” with settings of “All” but we want to change “Action” to “Deny” and “OK” to save your rule

Creating an Explicit Deny for Security
Creating an Explicit Deny for Security

Below is a screenshot of these three basic rules and how they appear in the firewall control panel to ensure they work correctly

Firewall Rules In Order
Firewall Rules In Order

05. Disable or remove unused applications and services
As with any device, the more programs, features and services you put on it the more potential places there are for people, or malware to gain access to the system, the simple solution to this is if you do not need it, remove it, if you only need it sporadically, only use enable it when you need it.

Don’t get me wrong, Synology and third parties have some great features available for the devices, Photo Station, Plex and Cloud Station just to name a few, but if you do not need them, do not install them, you can always add them later if you need them, if you have them installed and no longer use them, remove them, again you can re-add them later (make sure you have a backup of the data if you remove them).

To see what you have running it is a simple matter as outlined below

Open Package Centre

Package Centre - Desktop
Package Centre – Desktop
Package Centre - Start Menu
Package Centre – Start Menu

Depending on how it’s set up you may end up seeing the “Recommended” section or the “Installed” section, if you see “Recommended” simply select “Installed” in the left hand menu to see what is installed

Installed Packages
Installed Packages

To remove one of these if they are no longer needed simple click on the package and open it

Opened Package Menu
Opened Package Menu

Click on the “Action” menu and select “Uninstall”

Uninstall Package
Uninstall Package

You will get a series of two popups, the first checking that you’re sure you want to uninstall the package, the second to tell you it has been uninstalled

Confirm Uninstall of Package
Confirm Uninstall of Package

Package has now been successfully removed
Package has now been successfully removed

You will then be taken back to the “Installed” display, now missing the package you have removed

SYNO-SEC-PC-REMOVED

Packages however are not the only risk, the same and to a large extent a greater risk can be had from services such as SSH and Telnet (which should not be used PERIOD). SSH for example is a prime candidate for being left enabled when you do not need it, again do not get me wrong its a great tool and I use SSH all the time on several of my machines, but if I do not need it I turn it off, one less avenue open for attack.

To disable SSH, or Terminal which are the commonly left open ones do the following

Open Control Panel

Control Panel on Desktop
Control Panel on Desktop
Control Panel in Start Menu
Control Panel in Start Menu

The next thing you will have to do is dependent on your view of the control panel, if you are in “Basic Mode” you will need to click on “Advanced Mode” in the upper right hand corner of the “Control Panel”, if you are already in advanced mode continue to the next step.

Basic Control Panel - "Advanced Mode" Highlighted
Basic Control Panel
“Advanced Mode” Highlighted

In “Advanced Mode” you simple click the “Terminal & SNMP” item

Click "Terminal & SNMP"
Click “Terminal & SNMP”

The Terminal control window will open, and the settings will either be on (checked) or off (unchecked) simple uncheck them if you do not need them running

SSH Enabled
SSH Enabled
SSH Disabled
SSH Disabled

Click Apply and your done

When you remove a service and no longer need it, also remember to remove any port forwards from your router, no need to leave those ports open if you don’t need to

06. Disable or remove unused accounts
What has been said for applications and services, also goes for users, in fact users would be somewhat more important. If an account is not required, remove it. Do not get me wrong I am not saying use a single account for everyone, far from it, in fact I ensure everyone has their own account for access where required so that people are accountable for their actions, but if the account is no longer required, and will not be in the near future I will remove it, if it is going to be needed in the short term, I will disable it and enable it when I need it again.

I do take my security perhaps a little too far as I have separate accounts for administration, another for normal user access to the data, a setup that I highly recommend for security. I also however have third account for the AFP share which is presented for Time Machine on the Apple devices. I have done this to reduce the chance of anyone getting access to the full system backups, as there is more in the backups than there is in the data synced between the other folders. I do however ensure that the standard admin and guest accounts are disabled. As these accounts are standard it is safe to assume that hackers know about them and therefore are a security risk.

It is however important to note that it seems by default that DSM (Disk Station Manager – the Synology Operating System) does not allow you to remove the accounts, probably due to operational reasons in the case of the guest account. In the case of the admin account I suspect this is due to how the factory reset works, specifically due the fact that when reset via the reset button enables the account and resets the password to a factory default.

It is also important to note that the password for the built-in admin account is the one used by BOTH the admin and root SSH accounts to the device, and that disabling the account in the web interface does not seem to disable the acount on the system itself as the SSH access is still evident.

Now the smart people at Synology have disabled the guest account by default, meaning you have to enable it for it to be a security issue. However we may need to disable or remove annother account, and Synology have thankfully made it quite easy to achieve;

Open Control Panel

Control Panel on Desktop
Control Panel on Desktop
Control Panel in Start Menu
Control Panel in Start Menu

Click “Users” in the “System” Menu or alternatively if you already have the control panel open in the Left Hand Menu Scroll down to “Users” and single click.

Basic Control Panel (Click "Advanced Mode" to change)
Basic Control Panel
(Click “Advanced Mode” to change)
Advanced Control Panel (Click "Basic Mode" to change)
Advanced Control Panel
(Click “Basic Mode” to change)

Select “User” and click to open, this will change the window to display the “User” menu. Once this has happened select the user to disable, in this case “admin” and click the edit button

Admin User selected, Click the Edit Button
Admin User selected, Click the Edit Button

This will in turn pop up a menu to edit the user, down the bottom of which is the option to disable the user, and we want to disable the user immediately in this case (the scheduled disabling of the account for example would be used for a contractor or other person who you want to access the files on the devices only for a limited time). Once the options are set, hit OK and disable the user

Disabling the admin user immediately
Disabling the admin user immediately

This will drop you back to the user management screen, however the admin account will now be disabled

Disabled admin account
Disabled admin account

Now that’s all good, but how about if you want to remove an account, well that again is simple.

Select the user you want to remove and hit the “Delete” button

SYNO-SEC-USER-MENU-DELETE
User Selected and Delete highlighted
Select user and click delete

This will bring up a confirmation box confirming you want to do this, and telling you that the users home folder will be removed and is unrecoverable (hope you have a backup :D)

Confirm that you want to remove the user and its associated home folder (if applicable)
Confirm that you want to remove the user and its associated home folder (if applicable)

Now that’s done it will again drop you back to the user management scree, the account is however gone

Account Removed
Account Removed

That’s it, users are disabled and/or removed

07. Install and use a SSL Certificate
Whilst an SSL certificate strictly speaking does not add to the security of the device directly, it does help secure (through encryption) peoples interaction with the device, specifically those interactions over SSL supported mediums such as HTTP (web interface), the most important of these interactions being the transmission of credentials to the system to gain access it. Encryption does this by obuscating the data that would otherwise be sent in plain text. This however does not mean you can use a weak password (and that includes using the same password for multiple services).

Now there are several ways to do this depending on how you want to go, there is using a self-signed certificate which will secure the device, but you will get warnings about the certificate not being from a recognised source unless you add it to the trusted sources on your systems (this can be done via GPO’s, System Profiles etc on large corporate systems, and can even be done through scripting on systems where you cannot manage them centrally, you could of course use the old chestnut of installing it manually on every system, but who wants to do that?).

If you do not want to go through the process of dealing with a self-signed certificate you can get a certificate signed by an external certificate signing authority which will mean there is no need to install the certificate authority manually, as the roots are included on most operating systems by default. The downfall of this is that there are multiple types of certificates available from certification authorities as well. You are able to get a single domain certificate, a multiple domain certificate (UCC), or a wildcard certificate that protects all the sub-domains of a certain root domain.

As you want to protect more and more (sub)domains, the cost of the certificate goes up, with wildcard certificates in particular becoming very expensive to purchase and maintain. I will let you decide which way you want to go and work out the particulars, but I myself and my clients all use externally signed wildcard domain certificates. The steps for installing and setting up a certificate are basically the same no matter which way you go.

What may be different however is if you need the certificate chain. As I use GoDaddy certificates and want to present all my certificates to the client browser as a certification chain to maintain the integrity of the process, so I do need to put the entire chain into the system (it is also a part of getting a higher ranking in the SSL security tests, but more on that later). You can also let the browser find chain certificates, but this does present another possible attack vector to the system, or you may no need one, depending on the external provider or in the case for most self signed certificates.

To do this follow these instructions

Open Control Panel

Control Panel on Desktop
Control Panel on Desktop
Control Panel in Start Menu
Control Panel in Start Menu

The next thing you will have to do is dependent on your view of the control panel, if you are in “Basic Mode” you will need to click on “Advanced Mode” in the upper right hand corner of the “Control Panel”, if you are already in advanced mode continue to the next step.

Basic Control Panel - "Advanced Mode" Highlighted
Basic Control Panel
“Advanced Mode” Highlighted

In “Advanced Mode” you simple click the “Security” item


Advanced Mode<br />"Security" Highlighted
Advanced Mode – “Security” Highlighted

Opening this Security section drops you into the “Security” sub-page, as such you will need to select “Certificate” from the tabs at the top

Security Page - "Certificate" tab highlighted
Security Page – “Certificate” tab highlighted

Now that you are in the certificate menu, you will notice there is already a certificate on the device. This is a self signed certificate, and if you want to allow that, you could simply export the certificate (using the “Export” button) and import it into your trusted certificates store on your machine(s) as discussed above and be done with it. However I am going to show you how to add a third party certificate. Up the top of the tab you will notice two buttons, one saying “Create certificate” the other saying “Import certificate”. If you need to create a certificate signing request (CSR) you can do it through the Create menu (you can also create a custom self signed, renew a self signed, or even sign a CSR from another source allowing you to use the Synology as the Certificate Authority). Again here I am going to skip over this and go straight on with the import of the certificate, therefore we want to hit the “Import certificate” button.

Security Page - "Import certificate" button highlighted
Security Page – “Import certificate” button highlighted

This opens an import page, which contains three fields, these being the certificate itself, the intermediate certificates (if any) and the private key. Both the certificate, and the private key are required, and how you get the private key is dependent on how you generated the certificate, if there are questions on how to get the private key, ask in the comments and I will try to help out. Personally I use a program called XCA for my key/certificate management and I find it works very well.

 

Blank Import Form
Blank Import Form

Once the fields are filled in by browsing and selecting the appropriate files, you need to simply select “OK” and the device will now import the certificates

Completed Import Form
Completed Import Form

The screen once this has been completed will now drop back to the normal certificate home screen, but your certificate is now installed.

Home Page with Third Party Certificates
Home Page with Third Party Certificates

Congratulations, you have installed your certificate, however installing an SSL certificate by itself however is only part of the puzzle, you actually need to configure the device and its services to make use of the certificate, and ideally to redirect all requests for plain old unencrypted and insecure HTTP to your new encrypted and (hopefully) secure HTTPS implementation, also enabling HSTS is a good idea so we will turn that on as well.

Thankfully, Synology have made that very easy, by putting all the check box options for this on the one page, from within the open “Certificates” tab on the left panel you want to select “Network”

Certificates Home with Network Highlighted
Certificates Home with Network Highlighted

Clicking on this will drop you to the “Network” home page, where we need to select the “DSM Settings” tab

DSM Settings Tab Highlighted
DSM Settings Tab Highlighted

Now we are in the DSM settings tab is open you will notice there is an option to enable HTTPS connections, and several sub-options that need to be checked.

DSM Settings homepage, notice that HTTPS and its options are disabled
DSM Settings homepage
Notice that HTTPS and its options are disabled

Check the “Enable HTTPS connection” option, and the two unchecked sub-options (Automatic Redirection and HSTS) and click “Apply”

With HTTPS and its options enabled, click "Apply"
With HTTPS and its options enabled, click “Apply”

You now have a device using SSL encryption, and HSTS to ensure be best possible chance of keeping that data safe, it is important to note however that with HSTS enabled, which is a method by which the server tells the browser only to communicate it over HTTPS, until a per-determined time is reached, we also need to ensure that we keep a valid certificate on the device an update it PRIOR to the old one expiring. If this is not done, you otherwise you risk loosing access to the device without resetting the browser or overriding the default behavior of the browser to drop out due to the expired certificate.

08. Enable Device Auto-Block Lockouts
DSM has a feature as part of the firewalling system to automatically block access to clients that attempt to log in a given number of times, over a given period, to be locked out for a given period.

To this end I have the following settings set for security
Attempts: 3
Time Period: 60 Minutes
Block Expires: 1 Day

To configure this you will have to be in the “Advanced” mode of the control panel, if you are in “Basic Mode” you will need to click on “Advanced Mode” in the upper right hand corner of the “Control Panel”, if you are already in advanced mode continue to the next step.

Basic Control Panel - "Advanced Mode" Highlighted
Basic Control Panel – “Advanced Mode” Highlighted

In “Advanced Mode” you simple click the “Security” item


Advanced Mode - "Security" Highlighted
Advanced Mode – “Security” Highlighted

Opening this Security section drops you into the “Security” sub page, as such you will need to select “Auto Block” from the tabs at the top

Security Page - "AutoBlock" tab highlighted
Security Page – “AutoBlock” tab highlighted

In the Auto Block tab the details have already been filled in, although the “Enable auto block” and “Enable block expiration” check boxes are unchecked

Check the “Enable auto block” which will allow you to change the “Login attempts” and “Within (minutes)” fields, then if you want to enable block expiration which I highly recommend the check the “Enable block expiration” which will then enable the “Unblock after (days)’ field.

Auto Block Page (Default Settings)
Auto Block Page (Default Settings)
Auto Block set to my settings
Auto Block set to my settings

As stated above and as in the screenshot my settings are

Attempts: 3
Time Period: 60 Minutes
Block Expires: 1 Day

Once the settings are to your liking click “Apply” Auto Block is now enabled.

NOTE: Unless you want to get banned from your own device I strongly suggest you enable ban expiration, although you can get around this by changing IP’s, but it does cause issues when used in conjunction with with reverse proxies (which will be explained in a later article), as all EXTERNAL requests are comming from the one IP.

There you have it as “basic” secured Synology, I have included a couple of tips below but if there are any comments or questions, please leave them in the comments below

Justin

Useful Tip
Create and assign permissions to groups, not users. Coming from a Systems Administrations point of view, if you need to add permissions to something, create a group if an appropriate one does not already exist, and assign that group permissions to the item or object, even if the group only has one user. This will allow you to move people into and out of groups in the future to assign them permissions to things, without having to look up and assign permissions to each user. This is how I was taught to do it in large installations (admittedly using Directory Services for corporate authentication) and its saved me much time and effort in the past and I continue to do it how.

Useful Tip #2
Again this may be me taking it a little far, but I hide all the shares on the device unless they are truly public. Like many people, we occasionaly have guests on our WiFi, and I simply want to hide the data from them (what they cannot see, they will not try to access for the most part). This is simply done by clicking the “Hide this shared folder in My Network Places” checkbox. I also check the “Hide sub-folders and files from users without permissions” checkbox for good measure. this will stop files and folders showing up in the directory listing to users without permissions to that folder, if you use those features.

OSX 10.10 802.1x Profiles

DISCLAIMER: Playing with system configuration data and removing files is dangerous and presents a risk to your system, only attempt this fix at your own risk, any consequences are on your head

Recently I have had to start replacing a number of certificates used for wireless authentication on a RADIUS/802.1X authenticated wireless network at a number of clients, and for the most part it has gone smoothly (but this does not make for a good blog post now does it). There have however been issues with a number of OS X based devices, and more specifically devices that have gone through a number of in place upgrades since the system profile was installed.

These systems have all had a number of in place upgrades over the years from either OS X 10.6 given their age and as such there are now issues removing these 802.1X profiles.

To understand why this is happening, a little background on how the profiles were managed previously and are managed now is in order.

In 10.6 and prior an 802.1X profile was added (+) or removed (-) through the 802.1X tab in the Advanced settings on the interface (in this case WiFi/Airport)

OSX-10.6-802.1X-ShowButtons

In 10.7 and later these buttons have been removed

OSX-10.10-802.1X-NoButtons

With 10.7 to manage these profiles a new System Preferences option was added, it is called simply “Profiles”.

OSX-10.10-SystemPreferences-ProfileManager-Highlighted

Now whilst this is not an issue for most cases, unless a profile has been added since the upgrade, it does not appear in the Profiles pane, and therefore the Profiles pane does not show in the System Preferences menu.

This leaves us with a profile we cannot remove due to the lack of buttons in the 802.1X tab on the interface, and no Profiles pane accessible (due to no registered profiles) in the System Preferences tab

OSX-10.10-802.1X-NoButtons

OSX-10.10-SystemPreferences-NoProfilesManager

So how do we remove it? through the venerable and all powerful command line interface (Terminal).

First you need to know the location of the system configuration profiles which is the directory /Library/Preferences/SystemConfiguration.

Now this is where I can only guide you, I did this operation in the opposite order to what is outlined here due to the fact that I did the second part first and it did not remove the profile, therefore I do not know if its required or not to remove the profile, try running the first remove before removing the other two files.

The profile information seems to be stored in the file com.apple.network.eapolclient.configuration.plist within the system configuration directory, so to remove it we want to run the following command

 sudo rm /Library/Preferences/SystemConfiguration/com.apple.network.eapolclient.configuration.plist 

This will prompt you for a password if you have not authorized to sudo yet/recently (it has a timeout of 5 minutes), enter your password, hit enter and it will remove the file, now reboot OS X (yes this is required) and the profile SHOULD be removed.

OSX-10.10-802.1X-NoProfile

NOTE: Adrian Stevenson left a comment on the 13th of October 2015 stating that the above file is the only required to remove the profile, based upon this, the information below is not relevant to solving this issue, I have however left it so the article still contains all its original information

Further to this Kevin posted in the comments on the 27th of January 2016 that the command is confirmed on Mavericks only to require the first line

 

However if its not removed as I said above I had removed two other files prior to removing the com.apple.network.eapolclient.configuration.plist file. Specifically these are the following files;

 /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
 /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist 

These files were located via use of the grep command to locate references for the keyword “802” inside files (that are themselves inside the SystemConfiguration directory). The command locate these is as follows;

 grep "802" /Library/Preferences/SystemConfiguration/* 

NOTE: Notice the lack of a sudo, we are only reading information here, not writing so no need to sudo

It is however worth noting that due to the use of the keyword “802” this searches for all references to 802 (well der) and as wireless itself, as well as other communications protocols all have 802 numbers which they can be referenced by (i.e. 802.11 is wireless) it will find references to these protocols as well, so removing all files where this occurs may, and most likely will remove configurations for other 802 series protocols/standards where these are referenced by their 802 identifiers inside the configuration profiles. On the laptop I did this testing on, removing these files removed ALL wireless connection details, and although this may not be a great concern in some cases, it may cause issues in others.

Anyway if the removal of the first file and its subsequent reboot did not work, removing all three files should fix the issue (we want to remove the original file again to ensure there have been no references generated in the new file)

 

 sudo rm /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
sudo rm /Library/Preferences/SystemConfiguration/NetworkInterfaces.plist
sudo rm /Library/Preferences/SystemConfiguration/com.apple.network.eapolclient.configuration.plist 

Reboot and the Profile should have now removed itself.

OSX-10.10-802.1X-NoProfile

Let me know if it works for you in the comments

Justin

Creating a USB to DC socket power cable (for an Iridium 9555)

**NOTE IF YOU FOLLOW THE METHODS/INSTRUCTIONS HERE YOU DO SO AT YOUR OWN RISK. I TAKE NO RESPONSIBILITY FOR DAMAGE TO PEOPLE OR PROPERTY THAT EVENTUATES FROM THIS ARTICLE**

As part of my travel kit I generally take a Satellite phone for emergency communication either out, or more commonly in from work colleagues. With my old one having died, I replaced it with an Iridium Model 9555, and whilst the phone is new, and is a current model it works along the same lines of phones from the early to mid-2000’s. Along the same lines of these phones, the phone uses a wall transformer wired into a standard DC power plug (3mm barrel diameter in this case). This leads to a plethora of adapters to keep the thing charged around the world, and adds to the things that I need to carry with me, and as you may have seen with my other posts I am trying to travel with less, not more.

2015-01-12 - DC Cable - 01 - Phone The Phone in Question

2015-01-12 - DC Cable - Chargers Standard Chargers & Adapters for Iridum 9555

Having a look at the chargers in an effort to see if I can eliminate them and use a charger that I already carry to charge the phone. Through looking at the details on the chargers a little measurement and testing of the chargers output 6V DC at 850mA output in a tip positive/barrel negative configuration. I found this rather interesting that it is using 6VDC, as it is very close the the USB voltage of 5V.

USB chargers these days are rather ubiquitous around the place, and with most chargers putting out 5VDC at around 1 amp and going up to 2.1 amps for tablet devices. Given this a USB charger should be able to power and charge the phone, however depending on the tolerances in the chargers output, and the phones required input it may accept a straight input from the USB charger, or it may need to be boosted through a boost converter to achieve this. Either way it means I can do away with all the adapters and simply use the USB chargers I already have to carry.

Looking at the boost converters such as the LM2577  and XL6009  based converters from eBay are capable of this, but first I want to see if I can charge the phone without the converters. Either way I need to make the same cable, with the converter if I need to add it later I can simply cut the cable and insert it in the middle.

Now to start, to complete this project only basic tools are needed; wire strippers, cutting tools, soldering iron (with solder). I used several different cutting tools but you can use whatever you want.

2015-01-12 - DC Cable - 03 - Tools Tools (Soldering Iron, Solder, Wire Strippers, Scissors & Scalple)

I also use a liquid to help the soldering process, this is called Bakers Soldering Fluid, I cannot recommend this stuff highly enough it is simply fantastic, and you do not need much of it, as such a bottle lasts for ages.

2015-01-12 - DC Cable - 04 - Bakers Bakers Soldering Fluid

As for the parts I used these are shown below, these include; USB Cable with a width of 3.3mm on the cable insulation which is less than the inner diameter of the hole for the DC power plug shroud which is 4mm. It is important to note that the “donor” cable is a USB to Micro cable, as all the full size cables (i.e. not mini or micro connectors on one end) were too wide to go into the plugs shroud. The DC power socket itself has a 3mm barrel on it, beyond that any plug should work. Also two pieces of heatshrink are used, one 4mm and the other 4.5mm. With this you can then create a USB to DC adapter.

2015-01-12 - DC Cable - 05 - Parts USB Cable, Heat Shrink & DC Power Plug

The first step is to remove the desired head of the USB cable, in my case this is the Micro-USB head

2015-01-12 - DC Cable - 06 - Head Removal Cutting the head off the Cable 2015-01-12 - DC Cable - 07 - Head Removed Cable without Micro-USB Connector

After cutting the connector off the cable, the next thing to do is stripping the out insulation off the cable, thereby exposing the contents inside

2015-01-12 - DC Cable - 08 - Stripping the Cable Stripping the Cable

This exposes the two types of shielding that protect the inner conductors protecting the lines from EMI that can induce data errors. This shielding causes problems I will go into a below, it is however messy and causes some extra work, it is also not necessary for our purposes.

2015-01-12 - DC Cable - 09 - Cable Shielding The shielding on the USB cable

This shielding as per the USB specification is meant to be grounded to the chassis ground, which is no the same as the signal ground that is on the conductor inside the shielding. Whilst this shielding serves no purpose as DC jacks only have the two connections and no shield ground as there is in other connectors. In the creation of the cable can create an issue with causing a grounding loop if it is put directly against the bare metal of the barrel connection to which the inner ground (negative) conductor is to be connected to as these cables are commonly supported by the extension of this barrel connector, as such it needs to be removed as much as possible to do this we first strip it back and expose the insulated inner conductors

2015-01-12 - DC Cable - 10 - Stripped Sheilding Outer wire shield pulled back, exposing the inner foil shield (Note how many wires are on the paper under the shield, this can be messy)

2015-01-12 - DC Cable - 11 - Both Sheilds Both Shields pulled back exposing the inner conductors

To make this easier I take the shields and twist them together, much like twisting the bare conductors together before tinning them to make it a cleaner job.

2015-01-12 - DC Cable - 12 - Wrapping Sheilds Twisted up foil & wire shielding

Once it is twisted up, cut it off. For this I use some sharp scissors, although this could be achieved with most cutting devices, I like these scissors

2015-01-12 - DC Cable - 13 - Cutting Shields Removing the shielding

Once this is done, I slip the shroud from the DC plug over the cable, and although this could have been done earlier or later in the process I find this is the best time to do it as the mess from the shielding has gone, and the heatshrink has not yet gone on, thereby expanding the cable diameter and making it harder to get the shroud on.

2015-01-12 - DC Cable - 14 - Place Shroud Shroud placed on the cable

Sliding the shroud down the cable and out of the way for now I cut heat shrink just big enough to cover the end of the cable and ensure the last of the shielding that is hard to remove will not short against the barrel plug.

2015-01-12 - DC Cable - 15 - Heatshrink Size Cut heat shrink showing the size and the exposed remnants of the shielding

Once the cable is done, thread it over the cable so it covers the remnants of the shielding and shrink it into place

2015-01-12 - DC Cable - 16 - Heatshrink Placement Heatshrink in place over the cabling protecting the remnants of the shielding

2015-01-12 - DC Cable - 17 - Shrinking Heatshrink Shrinking the heat shrink in place over the shielding remnants

Now that we have dealt with the shielding remnants, we need to get rid of the two data cables. USB cables for those prior to USB 3, use four conductors, two for power (the red and black), and two for data (green and white). Now whilst I could simply remove the cables by cutting them off I am too paranoid about shorting out the conductors and damaging the cable itself or worse one of the devices connected to the cable ends. To deal with this I trimmed the cables back short (about 4mm in length) and then folded them back over the heatshrink.

2015-01-12 - DC Cable - 18 - Conductor Colours Showing the four USB conductors

2015-01-12 - DC Cable - 19 - Snipping Data Cables Trimming Data Cables

2015-01-12 - DC Cable - 20 - Folding Data Cables Folding the data conductors back over the heatshrink

Now I have the issue of holding them there, given my desire to do my utmost to prevent possible shorting and possible damage to devices I am going to heat shrink them down in place

2015-01-12 - DC Cable - 21 - Heatshrink Size Heat Shrink cut to cover the Data Connectors 2015-01-12 - DC Cable - 22 - Heatshrink Placement Heat shrink Over Conductors

Once this is in place and heat shrinked down the next step is to bare the other two conductors, and it is at this point I twist the strands of the conductor together and tin the conductors. Given how small the conductors are on my cable, I simply used my fingernails to strip the wires

2015-01-12 - DC Cable - 23 - Tinned Wires Stripped and tinned connectors

It is then simply a matter of putting the conductors through the holes on the inner section of the DC plug, with the positive going to the tip and the negative going to the barrel, once they are soldered in place securely, trim the conductors as close as possible to the soldered joints, this is to minimise the interference when sliding and screwing the shroud into position.

2015-01-12 - DC Cable - 24 - Installed and Soldered Conductors Positive and Negative conductors soldered in place

2015-01-12 - DC Cable - 25 - Trimmed Conductors Trimmed Conductors

Once this is done, slide the shroud over the cable and you are done

2015-01-12 - DC Cable - 26 - Complete Completed cable

I have tested this cable on my Iridium 9555 and an Apple USB charger and it works fine, the charger gets warm as one would expect but no more warm than when charging any other phone. I have also tried in on other USB chargers and so far they have all worked fine.

Enjoy and as always do this at your own risk

**NOTE IF YOU FOLLOW THE METHODS/INSTRUCTIONS HERE YOU DO SO AT YOUR OWN RISK. I TAKE NO RESPONSIBILITY FOR DAMAGE TO PEOPLE OR PROPERTY THAT EVENTUATES FROM THIS ARTICLE**

Using Internet Information Services (IIS) to Redirect HTTP to HTTPS on a Web Application Proxy (WAP)Server

For those of you who do not know, Microsoft’s Web Application Proxy (WAP) is a reverse HTTPS proxy used for redirecting  HTTPS requests from multiple incoming domains (or subdomains) to internal servers. it does however not handle HTTP at any point, which is a failure in itself, I mean it would not be hard to add a part of the system where if enabled it redirects HTTP to HTTPS itself, rather than having to use a workaround, come on Microsoft stay on the ball here, but I digress.

As I stated the main issue here is it does not within the WAP itself redirect a HTTP request to the equivalent HTTPS address. I have played with multiple possible solutions for this including a Linux server running Apache 2 using PHP to read the requested URL and redirect it to the HTTPS equivalent. None of these however have the simple elegance of this solution which includes the HTTP to HTTPS redirect on the same box as the WAP system itself.

First of all you need to log into the WAP server and install the Internet Information Services role. Once done open the management console and you should get a window similar to below.

01-OpenIISManager

Now navigate to the required server by clicking on it, and on the right hand side click “ Get New Web Platform Components ”.

02-GetNewWebPlatformComponents

This will open a new web browser window as shown below, when it does simply select “ Free Download ”.if you have issues with not being able to download the file due to a security warning, you should see the earlier blog here to see how to enable the downloads. Download and install the software via your chosen method.

03-FreeDownload

Once it is installed a new page will appear, this is the main splash page of the Web Platform Installer

04-WebPlatformInstaller5.0HomeScreen

Using the search box (which at the time of writing, using Web Platform Installer 5.0, is in the top right hand corner) search for the word “ Rewrite ”. This will then display a “ URL Rewrite ” result with the version number appended to the end (which at time of writing this article is 2.0) and click the “Add” button to the right of the highlighted “ URL Rewrite ” line,

05-URLRewriteAdd

This will change the text on the button to “ Remove ” and activate the “ Install ” button the the lower right of the screen, click the install button.

06-URLRewriteInstall

Clicking this install button will bring up a licensing page, click the “ I Accept ” button (assuming of course you do accept the T’s & C’s)

07-LicenceAcceptance

You will then get an install progress page

08-RewriteInstallProcess

Which will change to a completed page after it is done, so click the “ Finish ” button in the lower right hand corner

09-RewriteInstallFinish

This will drop you back to the same original splash screen of the Web Platform Installer, click “ Exit

10-WPI-Finish

You will now need to close and re-open the IIS Manager and reselect the server you were working on. You should now see two new options, the first being “ Web Platform Installer ” which we do not need to concern ourselves with any further, the second is “ URL Rewrite ”,

11-IISManager-NewModule

Double click on “ URL Rewrite ” and open up the URL Rewrite management console, on the right hand side of this console in the “ Actions ” pane, click “ Add Rule ”.

12-AddRewriteRule

This opens up a box of possible rewrite rules, what we want to create is an “ Inbound Rule ” as our requests are coming into the server from an external source. Select “ Blank Rule ” and click the “ OK ” button

13-NewRule-BlankRule(Inbound)

In the new page that opens, in the “ Name ” field type the name that you want to give the rule, I use and suggest HTTP to HTTPS Redirect, as this tells you exactly what it does at a glance

14-NewRule-NameRule

In the next section, “ Match URL ” set “ Requested URL ” to “ Matches the Pattern ” (default), “ Using ” to “ Regular Expressions ” (default) and most importantly “ Pattern ” to “(.*)” (without the quotes). I suggest you take this opportunity to test the pattern matching.

15-NewRule-Regex Match

In the “ Conditions ” section, ensure that the “ Logical grouping ” is set to “ Match All ” (default) and click the “ Add ” button.

16.01-NewRule-AddCondition

In the new box that appears enter the following, in the “ Condition input ” field type “ {HTTPS} ” (again without the quotes, and yes those are curly braces, not brackets). Change the “ Check if input string ” dropdown to “ Matches the Pattern ” and in the “ Pattern ” box below type “ ^OFF$ ” (again, no quotes), and “ Ignore case ” should be checked. With this one I do not suggest testing the pattern, as even though this system works fine for me, this test ALWAYS fails. Click the “ OK ” button (mine is not highlighted here as I had already clicked it away and had to re-open the box)

16.02-NewRule-ConditionSettings

This will take you back to the new rule screen, check the conditions match as shown and then we can move on.

16.03NewRule-ConditionComplete

This is the part where we now tell it what we want to do when it matches the previous conditions, in the Action pane change the “ Action type ” to “ Redirect ”, Set the “ Redirect URL ” to “ https://{HTTP_HOST}/{R:1} ” (again, they are curly braces and of course no quotes), you can select whether “ Append query string ” is checked or not, but I highly recommend leaving it checked, as if someone has emailed out a URL with a query on it, but not put in the protocol headers (http:// and https:// being the ones we are concerned about) we want the query string to be appended to the end of the redirected URL so they end up where they intended to be. Finally make the “ Redirect type ” dropdown read “ Permanent (301) ” (default).

17-NewRule-ActionConfiguration

Restart the server service for good measure and there you have it you now have HTTP being redirected to HTTPS which in theory at least is on the same server. Ensure that you have ports 80 (HTTP) and 443 (HTTPS) redirected from your router to the server and the firewalls (and any other intermediaries) on both the router and server set to allow the traffic as required

Enjoy and as always have fun

Justin

Internet Explorer Cannot Download a File on Server 2012 R2

So you have just set up a new Server 2012 (R2) server, and gone to download that fine you need for the next step, only to be shown a nasty message stating that you cannot do that, as file downloads have been disabled.

NoFileDownload

Well the good thing to know is that its an easy fix, simply open up “ Internet Options ” go to the “ Security ” tab, select the “ Internet ” zone and Select the “ Custom level… ” button

InternetOptions-SecurityTab-CustomLevel

This opens up a “ Security Settings – Internet Zone ” window. In the main section of the windows scroll down to where it says “ Downloads ”, and the the subsection of “ File download ” (as of this writing the setting is just above half way down the options list) and simply change it from “ Disable to “ Enable ”. Click ok and drop back to the main screen and retry that download again

EnableDownloads

If you get a warning, as shown below, simply OK it and continue on

Warning

Have fun

Justin

Travel Tips

I have been traveling much more in the past 24 months or so, both for business and leisure, so I thought I would share a few items and tips I have discovered along the way.

Firstly, travel with a power board from your own country, and then use a travel adapter to power the power board. Now with this it is important to remember several things, and make several decisions, firstly is whether make it a simple power board with no internal electronics (this means no USB chargers or alike) or a power board that does include these things and is rated for 110V-240V and 50Hz/60Hz input, most I have seen are not.

You also still need to remember that travel adapter DOES NOT change the voltage/frequency of the power supply, and neither does a power board, so you still need to check that your device is rated to accept the correct input voltage/frequency, which most common electrical transformers for portable devices (laptops, phones, cameras, etc) are these days.

To further reduce the amount I am carrying I am purchased a battery charger that can not only charge multiple batteries, but also multiple types of battery through the use of adapter plates, and do this simultaneously even if they are different voltages, and it has a USB charging port built in as an added bonus. This means I can reduce the four camera chargers (each charging one battery),  I have been carrying in the past down to one and whilst I may “loose” two battery spots, I find I rarely need to charge more than two or three batteries at any one time, and I can charge a battery, go for dinner, come back and charge the next batch, so no great loss apart from a little effort. If you need however, this device also has a 12VDC power input to charge from a standard power socket or cigarette lighter in a car. So what is this wonderful device? It is a Watson Duo LCD Charger ( Available Here ).

That solves at least some of the problem, so what about the rest? Well firstly it depends on what you have, in addition to the cameras I am normally carrying two phones (one local to overseas area for local calls and my work phone from home (which has my personal phone redirected to it), a tablet (USB charging), one or two battery packs (depending on time I am expecting to be away from a power source) and a laptop, and depending on the  reason for travel, again there could be another phone which is used to run some specialist software, and another one or two tablets. So how do I deal with this with only three remaining power points on your average power board, simple.

Most laptops are capable of charging one or two devices simultaneously, so I simply charge them overnight using my laptop. If I then need extra ports I can either add a PlugBug World ( Twelve South PlugBug World ) which adds yet another USB port, and can use many number of power input connectors. So two down, two to go. Enter the Skiva SmartQuad ( Kickstarter Campaign ) which gives me one left unused, bonus…

 

Justin

Are Subscription Services the Future?

With life getting busier each passing year it hard to imagine fitting more things in, but I always seem to manage to find time. So what if I could reduce what I have to do? something simple like, oh socks and underwear. We’ll it turns out you can get these necessities by subscription from a company called BlackSocks . To this end I have signed up for some underwear and some cashmere socks on subscription. This will undoubtedly make life easier, and got me thinking about other items that are available via subscription, and by extension are these kind of services the future of shopping for basic items for those who are time poor?

Field Firing Solutions (FFS) Delta V for Tablets?

As you may have guessed from my other posts I shoot, my interest primarily is long range shooting. In this field the best software in my opinion is Field Firing Solutions (FFS) Delta V, this is what I was trained on it’s use by Glen at Precision Shooting . I do however have one issue with it, this is the requirement for dedicated hardware, specifically a Windows PDA. Now whilst I understand all to well that this makes it easier for development in some regards, I personally would prefer an “App” for either iOS or Windows 8.

There as I see it a number of benefits to this model. firstly most smartphones and PDA’s now offer bluetooth, wireless and in some cases 3G/4G Data connectivity allowing easy connectivity between services, but also internet data, which has never been as readily accessed before, and can provide a whole new level of data input to the device, as well as allowing communications of solutions between teams and commanders in a military or police application.

This brings me to another point, digital distribution. With one of these dedicated hardware devices, they are not only often pricey, they are also more difficult to obtain. If for instance the device breaks just before that yearly hunt or competition (as they always do) then it is not easy to obtain another one quickly, or if in fact you can, cheaply. I mean sure, I could keep a spare one on hand but most people do not a budget that allows them to keep multiple devices on hand.

However, if they for instance used an iOS based device (or Android, or Windows 8 etc.), one could simply go to the nearest stockist (of which there are many, as after all they are consumer devices not specialist devices after all) and purchase a replacement, install the app from the digital distributor and there is your replacement, pair this with a cloud service such as iCloud, Skydrive, Dropbox or one of any of the other numerous options and you can simply get your data back from the cloud, no loss (that is assuming backups are run reguarly, which people do right… ok on second thoughts background syncing would be better) .

There you have it, my thoughts on why Field Firing Solutions should make a iOS/Android/Windows 8 App version of their otherwise wonderful software

%d bloggers like this: