The solution turned out to be remarkably simple:  go to the desktop and press Alt+F4.

You will then be presented with options to:

• Disconnect
• Sign Out
• Shutdown
• Restart

Hopefully that helps someone else!

Like most people, I bought it during the seemingly endless cycle of HP cashback deals.  If you’re in the market for a home server and the cashback deal has ended, then just waiting for a month or two, it’ll be back!   Be careful where you order from though!  Many of the cheap(er) re-sellers on Amazon are NOT official HP re-sellers and you will NOT get your cashback deal.

I bought my server from http://www.serversdirect.co.uk/ and opted for a Kingston 8GB memory kit from Amazon, a Remote Access Card Kit, and a 2TB hard disk that I had to hand.  if you’re planning on doing any DIY on your server, I’d encourage you to take a quick look at the HP MicroServer Self Repair Videos before hand.  The MicroServer is quite a dense little box of tricks and although I’m sure you’ll work it out by yourself, the videos do give you a bit of extra confidence.

Remote Access Card

The Remote Access Card is a slightly cut-down version of HP’s Integrated Lights Out (iLO), which provides over-the-network “lights out” remote access to your server.  If you haven’t used a KVM or Lights-out facility before, it basically lets you log into a web GUI where you can power up your MicroServer, mount an ISO as a virtual media device, and then control the server as if you were physically in front of it – including POST and BIOS.  It’s perfect if, like me, you’re server is located somewhere inconvenient place (like a cupboard above your stairs!).

There is a catch with the Remote Access Card though.  The supplied documentation is appalling, and there’s very little information online.  So, here’s a few pointers:

Installation

When you are installing the card, check your BIOS configuration to ensure the server will choose the primary display card automatically (the default), rather than hard-coded to use the onboard VGA controller.  This ensures that your Remote Access Card will have access to the video output of your server.  If you don’t have this set properly, you’ll see an “OUT OF RANGE” error when you use the KVM feature of the Remote Acces Card.

Initial Network Configuration

The easiest way to configure the card is to initially use a keyboard and monitor.  The back of the card has a standard RJ45 Ethernet connector and a VGA port where you need to plug your monitor in.  When prompted, press F10 to enter the ROM setup. From here, select the Advanced page and IPMI Configuration:

Select Set LAN Configuration:

Set the BMC LAN Configuration option to Static and then enter an IP address, subnet mask and default gateway appropriate for your network:

Exit the ROM setup and save settings. Reboot the server. If everything has been configured successfully, you can now disconnect the monitor and keyboard.

Once configured, open a browser to the IP you previously configured and you should get the login screen:

The default username for the HP MicroServer Remote Access Card is admin and the default password is password.

I originally had a few issues on return visits to the login page.  I’m guessing its a cookie problem or something.  My workaround was to bookmark “index.html”, rather than “login.html”.

Once logged in, you’ll be presented with a menu down the left hand side, with the main content on the right. Most of it is pretty self-explanatory:

Further Reading

If you’d like to do a bit more, then there’s a pile of useful information, hacks and mods here.

The solution is to use your calendar as it was meant to be used!  Most of the people I’ve spoken to seem to use their calendar to store meeting invites they’ve been sent and perhaps their holidays.  The problem is compounded because those meetings then usually take priority over everything else.  A (busy) colleague of mine once demonstrated the problem perfectly.  Whilst discussing the limited progress he felt he was making towards his to-do list, I asked if he would attend a meeting if I ask him to. He automatically said yes, without asking for any further detail.  I then asked him what he thought he would achieve if I then locked him in a meeting room for an hour and told him to get on with his task list.  This is a good example of someone thinking they don’t have the time where in reality, its perhaps more an issue of priorities.

In reality, nobody likes attending meetings when they’re busy, particularly if they’re not sure that they will either get or add any value. I appreciate that we don’t all have the luxury of politely declining such invitations, but we can help minimise the impact by being clear and transparent about what and when we’ll be doing each day.

Timeboxing

Timeboxing is the most effective time management technique that I know of.  Put simply, it involves dedicating a fixed period of time to work on a particular task.  Instead of working on an ad-hoc basis, or on a single task until it’s complete, you instead commit to work on a particular task for a specific amount of time instead.  You’ll find Timeboxing at the heart of many modern productivity systems and software development methodologies such as Scrum, Agile, SMART Objectives, Pomodoro, etc.

5 Easy Steps

Timeboxing is incredibly simple, but don’t let that fool you – there’s much more to this technique than meets the eye!

1.  Pick a task on your list that you want to achieve and decide when you must accomplish the task.

2.  Estimate how much effort is likely to be required to complete the task (don’t worry, you’ll get better at this over time!)

3.  Choose a number of small blocks of time that should complete the task in the time allowed.

4.  Add those blocks of time to your calendar, set a reminder, and treat that block as you would a meeting with your departmental head.Work on the task when you said you would, for the allotted time.

5.  Stop when you run out of time;  don’t worry, its all part of the plan!

Top 10 Benefits

1.  Make steady progress

Whether you have a big intimidating project or a pile of annoying little tasks, timeboxing can ensure that you make steady progress towards your goals.  Big jobs are broken down into smaller, more manageable chunks that you can make regular progress towards and tiny tasks that are often regarded as unimportant will no longer sit on your to-do list forever.  Like most people, if you have mix of both types, this technique also ensures that you are balancing your time accordingly, making sure no one task (or set of small tasks) dominate your time to the detriment of others.

10.  Reward yourself

First of all, scheduling your work into a number of timeboxes throughout the day should help plug some of the usual time sinks (reading the news, social networking, e-mail, etc).  Stop kicking yourself, none of those things are inherently bad;  all you need to do is put a timebox around them to make sure they don’t impact your work.

If you tie your rewards to the completion of tasks, you may find yourself doing only quick and easy tasks, and avoiding the important ones.   Why not get yourself a little reward after you complete a time box instead?

The science bit…

I had a grown up help me with the maths, so I’ll leave it as an exercise to the reader, but given:

Then, solving for ‘n’, you should find that:

So, given a sustained transfer rate of χ Mbit per second, you could theoretically transfer χ * 10.8 GB per day.  So, if my broadband connection is capable of a sustained transfer rate of 6Mbps, then I could theoretically download 64.8GB is a 24 hour period.

Or, if you wrangle the maths slightly differently, then you get:

In other words, given χ GB of data, you would need a sustained transfer rate of χ ⁄ 10.8Mbps to finish the transfer in a single day.  From there, its fairly trivial to estimate the impact of adjusting the transfer rate.

Real World

You’ll notice that I’ve said “theoretically” quite a bit in the section above and stated “sustained” transfer rates.  As most of us know, in the real world, we’re likely to lose a fair bit through network overheads.  In other words, a 10Mbps line does not provide a solid 10Mbps transfer rate in your FTP client!  This is due to various protocol overheads such as packet headers, TCP flow control, window scaling, etc.

However, in normal circumstances, TCP produces a reliable transfer rate of approximately 85% of the line speed.  Revisiting the math above, we can therefore estimate that our “magic number” is more like 9.

So, if someone asks you “how long will it take to transfer 70GB of data given a 4Mbps of dedicated bandwidth”, then you can quickly respond that you could expect approximately 4 * 9 = 36GB of data per day.  Therefore, 70GB will take a little under 2 days.

Likewise, if someone asks “how much bandwidth must we dedicate to transfer 50GB of data if we start on Friday 7PM and we must finish by 7AM on Monday morning?”.  Well, that’s 2.5 days, so we know we need a transfer a minimum of  20GB per day.  Using our magic number, we can then say that to achieve this, we would need roughly 3Mbps dedicated bandwidth (20 / 9 = 2.22).

Name:  Bryan Ross

Location:  Edinburgh, Scotland

Occupation:  Infrastructure Solutions Architect

Current Computers:  At the office, I have an HP mid-range laptop running Windows 7, connected to two HP 22″ displays.  At home, I’ve got an aged homebrew tower PC and a Lenovo IdeaPad U410 that are both running Windows 8.  I also have an HP <tbc> MicroServer that provides NAS, Remote Access, etc and a Dell PowerEdge 840 running ESXi for any lab work that I might be working on.  I’d love to replace it all with Apple hardware, but I can’t justify the cost right now!

Current Mobile Devices:  iPhone 4GS and an iPad 2.

I Work:  Balanced

What’s your best time-saving trick/life hack?

I’ve always had a (possibly unhealthy) interest in productivity systems.  I’m not sure its a trick, but I’ve got to say that David Allen’s Getting Things Done has had a lasting impact in how I manage my life.  Over the years, I’ve gently flexed around the key principles to keep my own system as light-weight as possible whilst keeping my life in balance.  Whilst I’m here, I should also tip the hat to Franklin Covey’s Compass, which taught me the importance of identifying the importance of balancing my roles as a worker, innovator, husband and father (and not necessarily in that order!).

What’s your favourite to-do list manager?

I have a Toodledo Pro subscription that I use primarily from my iPhone using 2Do.  I’ve tried various task manager services and apps in the past, but they’ve lacked features, or suffered from confusing interfaces, or both!  Toodledo isn’t pretty, but it has all the underlying features I want and has let me easily migrate to other apps in the past and gives me a backup option if I’m ever stuck without my iPhone.  2Do is an excellent app and regularly scores highly in any reviews.  The folks at Guided Ways have managed to strike just the balance between functionality and ease of use, all wrapped up in some eye candy that isn’t too in your face.

What apps/software/tools can’t you live without?

I use the usual office type software on a daily basis, as you might expect; spending most of my time in Word, Excel and Visio.  Work email and calendar is all in my corporate Exchange setup, with Outlook being the client of choice.  My contacts, personal email/calendar is courtesy of Google Apps.

I regularly use the SnippingTool included with Windows 7 to provide screenshots of things in emails to reduce the amount I need to type in explanation (and my recipients need to read).  In my role, I’ve found a good knowledge of SSH and a general purpose scripting language to be invaluable.  Bash is currently my language of choice, but I’ve been dabbling with Ruby more recently.

I also use Spotify for music;  Notepad++ for quick notes;  and Console2 as a replacement Command Prompt for cmd.exe, PowerShell, and my default, Bash (via Cygwin naturally).

Above all, I can’t recommend CrashPlan enough.  Like most people, I wasn’t great at keeping good backups because of the effort it took to manage and monitor it all.  Since installing CrashPlan, all my work, photos and documents are quietly backed up and I get regular emails letting me know of any problems.  If you don’t have a solid backup regime in place, go install CrashPlan and feel much better about life!

Besides your phone and computer, what gadget can’t you live without?

I know you said besides my phone, but really, my iPhone is the only gadget I couldn’t live without!  It wakes me in the morning;  it tells me what I’m today today;  it guides me to where I need to go;  it keeps me in touch with my family, friends and colleagues;  it keeps up to date with what’s going on in the world;  it remembers stuff;  it reminds me to watch what I eat;  and it records precious on-the-fly photos of my life.

What’s your workspace like?

My job requires quite a lot of interaction with people, so I do most of my work in the office, where my I keep my desk tidy, much to the amusement of my work colleagues.  It’s an open plan space, so if I’m busy, I’ll usually have my headphones in, or I’ll head home where I have a very comfy study.  I really like working at home and in many respects, its much more conducive to getting work done!  My desk (and other storage) is from EatSleepLive and is handmade to size from reclaimed wood.  I picked up my Aeron Chair for an absolute steal from eBay and is remarkably better for my back than my chair at work.  Other than that, things are kept pretty minimal.  If I have documents to read, I’ll usually kick back on the sofa or my other leather chair and do my reading on either the iPad or Kindle.

What do you listen to while you work?

As my Spotify Top tracks can attest to, my musical tastes are pretty varied – although, I’d like to point out that this post was written just after Christmas, where my laptop played Christmas tunes in the house for 4 days solid!  When I’m working, its usually Hip-hop, Dubstep or a random selection from my Starred playlist.

What’s your sleep routine like?

I tend to go to bed around 11pm and get up around 7.30am.  If I’m fired up about something or there’s just a lot going on, I sometimes take a long time to get to sleep.  It’s not uncommon for me to only get 3 or 4 hours sleep, which isn’t ideal.

What everyday thing are you better at than anyone else?

I’d like to think I keep a fairly good balance between working hard and still having time and energy to spend with my family.

What’s the best advice you’ve ever received?

I think everyone needs something to believe in when times are hard.  I don’t consider myself religious or even spiritual and instead just try to remember two things:

“What’s meant for you won’t pass you by.”

“Everything happens for a good reason, but sometimes it just takes a long time to play out.”

Any other interesting tidbits you’d like to share with readers?

I’ve been a coastal/offshore sailor for 10 years and have completed a variety of trips to Orkney, Shetland, St Kilda, Iceland, Ireland, Wales, and the Channel Isles. I keep a log of my bigger trips here.

Find a message to or from a particular person

You can also use the “to:”, “cc:”, “bcc:” and “from:” keywords using either a full or partial name or email address.

from:"John Smith"

from:john@thesmiths.co.uk

Find a message based on its content

Find a message that has a certain phrase in its subject, body or attachments:

about:"status report"

Find a message based on when it was sent or received

You can find messages that were received in a particular period:

received:today

received:yesterday

received:thisweek

received:lastmonth

You can find messages received on, before or after a particular date:

received:=4/1/2013   (note the equals sign)

received:<25/12/2012    (received before the given date)

sent:=>1/7/2012   (sent on or after the given date)

You can find messages received between two dates:

received:>=1/12/2012 AND received:<=lastweek

Find a message with a particular attachment

Find the message with an attachment whose filename or content contains a particular word:

attachments:report.docx

attachments:"monthly report"

If you don’t know the attachments name or content, then you can find messages that simply have at least one attachment:

HasAttachment:yes

Putting it all together…

You can use “AND”, “OR”, “NOT” and parentheses to join filters together to refine your results.  Note that logical operators must be in uppercase.

Find a message from John Smith about the Clover project received at some point last week:

from:"John Smith" about:Osprey received:"last week"

Find messages  received between 1/1/2013 and today:

received:>=01/01/2013 AND received:<=today  (note that "AND" is in uppercase)

Find messages received last month from Paul or Bob that had an attachment:

received:lastmonth AND (from:Paul OR from:Bob) AND hasAttachment:true  (note the use of brackets)

Find a message received last month from someone called John, but not John Smith:

from:John AND NOT from:Smith

For the uninitiated, CrashPlan comprises of two components:

• CrashPlan Engine: This is always running from the moment you install CrashPlan and continues to run even if you log out. It is responsible for the actual backup functions
• CrashPlan Desktop: This runs the nice GUI desktop application that helps you configure and manage the CrashPlan Engine.

Here at Liquidstate, we have a central file server that runs Linux.  Naturally, it doesn’t have X Windows installed and is operated as a headless server – much like the type you would deploy to a data centre in a corporate environment.  I have a PC running Windows 8 that I use for any serious work and an iPad for casual web browsing etc.  In this post, I’ll show you how you can use the CrashPlan Desktop running on Windows 8 to manage the CrashPlan Engine running on a headless server.

Installation

Before we begin, I’ll assume that you’ve followed my other post that covers installing CrashPlan on a headless Linux Server.  I’ll also assume that you’ve downloaded and installed the CrashPlan software on your Windows 7 PC.  If you haven’t, then why not go do that now.

Configure CrashPlan Server

After you download, install, and start the CrashPlan software on your Linux server, you will find that CrashPlan daemon listens on two ports.  The first is port 4242, where the CrashPlan engine is listening for backup requests.  The second is port 4243, where the CrashPlan graphical interface is expecting to connect to, so that you can configure the engine part of the software.

The problem is that, by default, the daemon only listens for GUI connections from the local machine.  However, we can change this behavior, making CrashPlan listen on all network interfaces and thus accepting GUI connections from any computer on your home network.

On your Linux server, open the following XML configuration file in your favourite text editor.

nano -w /usr/local/crashplan/conf/my.service.xml

Search for the “serviceHost” parameter and change it from:

<serviceHost>127.0.0.1</serviceHost>

to this instead:

<serviceHost>0.0.0.0</serviceHost>

Save the file and then restart the CrashPlan daemon:

/etc/init.d/crashplan restart

Configure CrashPlan GUI

We’re now going to reconfigure the CrashPlan Desktop installation on our Windows PC to talk to the  CrashPlan Engine instance running on our Linux Server.

Open the folder where you installed CrashPlan on your Windows PC. By default, this is in C:\Program Files\CrashPlan. Inside, you’ll find a folder called “conf” and inside there, a file called “ui.properties”. Open this file using a decent text editor like Notepad++ and look for the following line:

#serviceHost=127.0.0.1

Change the line to remove the comment character ‘#’ and include the IP address of your CrashPlan server.  For example:

serviceHost=192.168.1.100

For reference, here is the content of my “ui.properties” file:

#Fri Dec 09 09:50:22 CST 2005 serviceHost=192.168.1.100 #servicePort=4243 #pollerPeriod=1000 # 1 second #connectRetryDelay=10000 # 10 seconds #connectRetryAttempts=3 #showWelcome=true

#font.small=
#font.default=
#font.title=
#font.message.header=
#font.message.body=
#font.tab=

Connect to the remote CrashPlan Engine

You should now be able to launch the CrashPlan Desktop application on your Windows PC and it will connect through to the CrashPlan Engine instance running on your Linux server.

What are you hoping to achieve?

There are many benefits to becoming more organised.  Perhaps you’re fed up of spending all your time fire-fighting at work?  Maybe there’s some problems with your life/work balance?  Is your boss or team mates always seem to be chasing you for things?  Bored of feeling guilty when someone reminds you of something you promised to do but forgot about?  Have you inadvertently built a reputation for generally being a bit flaky?

Any of these are great reasons to get yourself organised.  At the heart of good productivity is self discipline, and just like a diet or trying to quit a habit, you need to always remember why you wanted to make a change the first case.  Without getting too deep and meaningful, try to imagine what it would be like if you felt on top of things, had time to do some of those other things you’ve been thinking about and everyone regarded you as being ‘switched on’ and a hard worker.

“I haven’t got time.”

Stop saying that.  No, seriously, just stop.  We all get the exact same 168 hours every week;  the difference is how we choose to spend them.  How we choose to prioritise our time.  Wall Street Journal writer Laura Vanderkam explains:

Instead of saying “I don’t have time” try saying “it’s not a priority,” and see how that feels. Often, that’s a perfectly adequate explanation. I have time to iron my sheets, I just don’t want to. But other things are harder. Try it: “I’m not going to edit your résumé, sweetie, because it’s not a priority.” “I don’t go to the doctor because my health is not a priority.” If these phrases don’t sit well, that’s the point. Changing our language reminds us that time is a choice. If we don’t like how we’re spending an hour, we can choose differently.

From my perspective, there’s two really important lessons in there.  The first is that we use language to excuse ourselves from not getting something done and to help us believe that nothing is going to change.  The second is the importance of balance;  It’s much harder to tell your kids that playing with them isn’t a priority!

So, what are my priorities?

Some people keep their personal lives and their working life completely separate.  I’m the opposite.  My Outlook calendar has always contained the usual mix of tele-conferences, meetings and deadlines right next to reminders to go shopping or attend a kids’ birthday party at the weekend.  For me, I view my life as single thing that I must manage.  I want to be good husband, a great father and successful at my job.  If I want to achieve those, then I need to make sure they’re all dealt with fairly.  You’ve no doubt heard the story about the jar full of rocks, pebbles and sand.  If not, the take home lesson is that before you go worrying about your todo list, have a good think about what kind of person you want to be.  No, seriously, do it now – it’ll take 30 seconds and will ultimately help guide you on determining your priorities.  Merlin Mann over 43Folders has a touching story of the importance of deciding what’s important to you.

You need a system, not a tool!

If you work in IT or like technology then your first thought might be to run off and find a tool to make you more productive.  Don’t!  Trust me, you’ll spend more time researching tools and tinkering with their configuration than actually getting anything done.  Fundamentally, all you need to achieve is a better way of capturing and prioritising your commitments.  Sure, tools might help – but some of the best approaches to productivity can work just fine with a notepad and a pen!

The first problem for many people is just the sheer volume of requests they get in.  You’ve got a constant stream of emails coming in, some of them relevant, most of them not.  You’ve got tele-conferences to attend and no doubt more meetings than you would care for – often to discuss either something that we’re going to do, or my personal favourite, to discuss the lack of progress on a project.  And, when you finally get back to your desk, there’s someone waiting for you who “just needs a minute”.  The key thing here is that we have commitments coming in from a variety of sources and we often don’t feel like we can control those streams.

So, first things first – lets try and manage those input streams a little.  Why not change your email client to only check for new emails every 30 minutes?  Do you really need to go to that meeting?  Why not explain that you have other priorities and instead you’ll happily review the minutes via email and carry out any agreed actions.  Perhaps they could give you a call if they need a question answered urgently?  Likewise, if someone tries to grab “just a minute” then just explain you’re right in the middle of something and perhaps they could drop you an email or arrange 15 minutes in your calendar?

The key thing is to try to reduce the number of places you might record an action.  Personally, I try to guide all incoming requests through email.  So, if someone asks me to do something, I’ll ask them to email me or I’ll take notes and then send an email to myself with the actions.  It’s vital that you get all your commitments into one place otherwise you’ll inevitably miss something.  One top tip is to always book an extra 5-10 minutes after every meeting in your calendar to capture the actions (and ideally complete any easy ones right there and then).

What’s the action here?

The biggest thing I learned from Getting Things Done by the mighty David Allen was that my to-do list was terrible!  It was full of high level objectives that I was trying to complete, rather than discretely defining the concrete next step that I must take.  For example, I’d write “Get Car Serviced”, rather than “Phone garage to arrange date for car servicing”.  That might seem like a small change, but when you’ve got a hundred of tasks just like that one, it can make a huge difference.  Firstly, I’ve removed all the cognitive effort – so if I’ve got a spare minute and a phone nearby, then I’m much more likely to make the call.

So, the next time you get a request coming in, try to identify the real action – the next step you’re going to take to make something happen.  Is it a phone call? An email?  A meeting to arrange?  Something you need to read?  Something you need to research online?

Later we’ll talk about some of the clever things you can start to do when your to-do list consists of simple discrete actions.

Commit!

How often do you collect an action, but you’re not sure when it must be delivered by?  Whenever you get asked to do something, one of your first questions should be “when does this need completed by?”.  How can you possibly manage priorities without knowing the order in which things must be completed?  The problem is that often the person requesting your help hasn’t actually thought about the date or might be a little “conservative” because they’re worried that you’ll deliver late.  If the person struggles to give you a date or, as often happens, tries to turn the question around and ask when you can complete it by, then take a deep breath and try to help them work out what their realistic “drop dead date” is.  If you absolutely must, just give them a date that you’ll commit to.  The important thing here is that you’re making a commitment.  Whether it must be done by then or not, you’ve now got a deadline that you’re going to deliver to.  Don’t worry if that feels odd to begin with – its important to give yourself clear goals.  And, the more you set yourself target dates for everything, the quicker you’ll feel in control of your to-do list.  For example, if another request comes in but you’ve committed to delivering something else, you know to schedule the new request appropriately.  Whereas, I’m willing to guess that without making that initial commitment, then the new request would have probably got done first and that other action would just hang around your to-do list like a bad smell until the requester started jumping up and down because all of a sudden they do have a drop dead date – and its today!

What Next?

This post has all been about some the softer side of productivity, aimed at getting you thinking about why you’re so busy, what actually needs done and the important of prioritisation.  In subsequent posts, I’ll talk more specifically about the challenges of managing your emails; keeping track of what’s what; techniques for getting stuff done and cover some useful tips on avoiding some of the common problems like procrastination or “do-ers” block!

Once enabled, your Linux system will require a six-digit security code in addition to your password whenever you SSH in.  That might sound annoying, but its not actually that bad and might save you a similar fate to Mat Honan who was recently hacked good and proper.

So, before we really get started, lets just get the Google Authenticator smartphone app installed.  In this example, we’ll be using it on an iPhone 4S,  which is freely available in the App Store as you would expect.

In this example, we’ll be using the Google Authenticator PAM module with an Ubuntu 12.04 LTS system.  The good news is that the “libpam-google-authenticator” module has been included in the Ubuntu software repository since 11.10.  So, first things first, lets get the module installed:

bryan@liquidstate.net:~$ sudo apt-get install libpam-google-authenticator

After installing, run the “google-authenticator” program as the user you will access remotely. This will create a private key and display a QR code which you can scan using the Google Authenticator smartphone app.  In this example, we’ll be using the iPhone app.  You will also get some emergency codes for when you don’t have your phone.

bryan@liquidstate.net:~$ google-authenticator

Before answering any of the configuration option, lets use that QR Code to configure the Google Authenticator app.  Fire up the Google Authenticator app on your smartphone and hit the “+” button and you’ll be presented with a rather basic screen:

Arrange your terminal window so that the QR Code is completely displayed on the screen.  Hit the Scan Barcode button on your iPhone and then hold  it up to the screen.  The app will automatically recognise the barcode and present you with a basic and rather cryptic screen with your SSH login and a 6-digit code.  This the 6-digit code that will change regularly and you will use to complete SSH authentication in the future.  The little pie-chart in the top left corner counts down how long the current code will last before you are presented with the next one.

Now, back to your terminal and those configuration questions.  In this example, we’ve chosen to enable multiple logins and enable rate-limiting:

Do you want me to update your "~/.google_authenticator" file (y/n) y

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) n

By default, tokens are good for 30 seconds and in order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n) n

If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n) y

Now that’s all configured, we need to globally enable Two Factor Authentication.  This is done in PAM, which is the central place for all thing authentication based.

Open the file /etc/pam.d/sshd and in the Standard Un*x authentication section and add a new line to enable google-authenticator-pam PAM module.

# Standard Un*x authorization.

@include common-account
auth required pam_google_authenticator.so

# Standard Un*x session setup and teardown.
@include common-session

Next, open /etc/ssh/sshd_config, and change or add the ChallengeResponseAuthentication line so it reads:
ChallengeResponseAuthentication yes

Restart SSH to make the configuration change take effect:
sudo service ssh restart

If you’re setting this up on a remote server, keep your current SSH session open so you can revert the changes if needed. Try to SSH to the system, and you should be prompted for the password and a verification code from the Google Authenticator App before you are admitted.

Congratulations, your Linux box is now much more secure than it was 10 minutes ago!

This post will show you how to enable Two Factor Authentication with Dropbox.

If you’ve been following the tech news at all in the last few weeks, you have undoubtedly already heard that an iCloud account belonging to former Gizmodo and current Wired tech journalist, Mat Honan, was accessed by hackers.  He tells the full story at his blog, but the headlines pretty much say it all:

“Social engineering and weak tech support make strong passwords useless” – Examiner.com

“Cloud hack wipes out user, and Apple support was responsible” – Digital Journal

“How Apple let a hacker remotely wipe an iPhone, iPad, MacBook” – ZDNet

Irrespective of how great a password Mat set, he fell victim to a social engineering attack that resulting in a hacker being able to gain access to his Amazon and iCloud account – allowing the attacker to remotely wipe his iPhone, iPad and MacBook.

Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account.  Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.  That might sound annoying, but its not actually that bad and might save you a similar fate to Mat.

Two-step verification is currently an opt-in service, so first you need to visit the following link:

http://www.dropbox.com/try_twofactor

You’ll be prompted for your Dropbox username and password and then presented with the Security Settings screen.  At the top of the page, you should see a banner that informs you that you’ve successfully opted in for two-step verification.

Under the Account sign in section, next to Two-step verification, toggle (change)

For security reasons, you’ll be asked to re-enter your password to confirm your decision to enable two-step verification. Once you do, you’ll be presented with a simple wizard:

You’ll be given the choice to receive your security code by text message or through a a mobile app.  Several mobile apps are available that will generate a unique time-sensitive security code you can use to finish signing in to your Dropbox account.  Any app that supports the Time-based One-Time Password (TOTP) protocol should work, including the following Google Authenticator (Android/iPhone/BlackBerry), Amazon AWS MFA (Android), and Authenticator (Windows Phone 7).  In this example, we’ll use the Google Authenticator app.

You can choose to either configure authentication by scanning a barcode (if your app supports it) or click enter your secret key manually to be given a secret key you can type into the app.

But, before we do that, we’ll need to install a mobile app!  In this example, we’ll use Google Authenticator with an iPhone 4S.  The Google Authenticator is freely available in the App Store as you would expect.

Install the app and fire it up and you’ll be presented with a rather basic screen

Hit the Scan Barcode button and then hold  your iPhone up to the screen.  The app will automatically recognise the barcode and present you with a basic and rather cryptic screen with your Dropbox login and a 6-digit code.  This the 6-digit code that will change regularly and you will use to complete authentication with Dropbox.  The little pie-chart in the top left corner counts down how long the current code will last before you are presented with the next one.

Now head back to your browser window and progress to the next screen.  You’ll be asked to enter the 6-digit security code from your mobile device.

That completes your enrolment to two-step verification.  Dropbox will now provide you with a an emergency backup code to disable two-step verification and access your account.  This will be required if you ever lose your mobile device, so keep this emergency code somewhere safe!  You have been warned!

Job done!  Back on the Dropbox  Security Settings screen, you should now see under the Account sign in section that Two-step verification is Enabled.