Offline Gmail – Are you still not using it?

“ Have you ever been tired of switching to html mode in Gmail, due to your slow internet connection? Have you ever been waited for opening some mail in feature rich ajax based standard version  of Gmail? Have you ever been wished that you would have some email client in same way as Gmail is in its web version? Here is the solution from Gmail side; Offline Feature.

“ Officially introduced in January 27, 2009 as an experimental Gmail Labs Offline Features, came up to change the capabilities of web-based mail, is now a regular part of Gmail from December 07, 2009. ”

P.S.: its for good of your personal PC only, not any public one like Office or cafe. 

Google_Labs_logo gmail-logo


Google is already making itself as a center of whole Internet World and making the world ready for Cloud Computing. Look like now in place of choosing to develop some email client of its own, and making many of users preferring web version of Gmail over any email client, now has came up with solution of enabling Gmail to work in offline mode. Its expected to work in the same way as their other service Google Reader is already working for Offline mode from long (since May 31, 2007).

gears

Web-based emails are great as one could access them from anywhere, but catch is; it’s limited by the internet connection itself. So, Gmail provided the solution to cache the mails to local PC through Gears. As long you are connected to Internet, the local cache keeps itself in sync with Gmail’s Servers and when you loose your connection, it automatically switches to Offline mode and uses the data stored on your computer’s hard rive instead of the information set across the network.


“ With Offline mode, you can still read messages, star and label them and do most of the things you’re used to doing while reading your webmail online and that too with blazing fast performance (I felt it even more faster than normal Outlook Express or Windows Live Mail, just touch a mail to go). Any messages you send while offline will be placed in your outbox and automatically sent the next time Gmail detects a connection. ”

Not only this but with now this matured feature, two more in-demand options has been added to Offline Gmail: an option to choose which messages get downloaded for offline use and the ability to send attachments while offline.

“ Now, it may even replace Outlook express (or any other mail client) for a few users so that they could keep on using Gmail Offline all day long and could connect to internet once or twice a day. ”


So, what are you waiting for? Start with Offline Gmail. First of all, you would be needed to keep Google Gears ON and obviously the browser you might be using must supports Gears (like Internet Explorer 7.0+, Firefox 2.0+, Safari 3.0+ and Google Chrome) and then follow the instructions as given below:

  1. Click the “Settings”  link in the top-right corner of Gmail.
  2. Click the “Offline” tab.
  3. Select “Enable Offline Mail for this computer”.
  4. Click “Save Changes” and follow the directions from here.

After the browser reloads, you’ll see a new “Offline” link in the upper right hand corner of your account, next to your username. Click this link to start the offline setup process and download Gears, if you don’t already use it.

I am also putting some screen shots to let you know it more closely.

Installing Offline Access

Google Gears will show a Security Warning

Creating a desktop shortcut for Access Gmail



With all the excitements out there, I would also like to remind the differences between normal Email Clients like Outlook express, Thunderbird, Windows Live Mail etc and web-based Offline Solution of Gmail.

First of all, I am not yet sure about procedures related backing up and exporting data of Google Gears for we like administrators that whether they even exists or not. With a few known issues, Offline Gmail still doesn’t support accessing Contact Manager (although auto-complete feature works), Complete Search Results (for obvious reasons), Access to conversations in Spam and Trash (as they were considered to be less required) and some Gmail Labs features.


Also those users, who might have using Gmail in https mode always, will feel many glitches with Offline Gmail (although I do think that its not a product for that much security conscious users and I recommend it for home users and personal laptops only)

But still for most of the Gmail Users Community, its a very welcome feature for already feature-rich Gmail. I am sure that many would like to use it.


Do you know, many other things could also be used for Offline through Google Gears and other services? Yeah you can use any of website  for reading it offline. Check webnol’s Article.


photo of Nitish KumarNitish Kumar

Advertisements

Change to Google Public DNS – it rocks

Dec 03, 2009 – As an effort to make web browsing more better, the internet Giant Google is coming with its brand new service Google Public DNS: An experimental Public DNS Resolver. Thanks a lot to Devil’s Workshop and the article of Aditya Kane to get me introduced to the news today on Dec 06, 2009. I really think that I should take some time out of my schedules and should increase my awareness a little more.

google-logo


DNS for sure plays a major part of you browsing experience as its kind of an Internet Phone Book or an Address Book, which makes you reach to the exact page you are looking for once you typed or clicked a URL. Obviously, as much faster you can find the exact number (IP Address here), you could dial or as much faster, you could find the address from address book, you can reach to the address. So, sure its a great move on basis of the level of services that Google has provided yet.

If an ISP’s DNS is down or facing issue, then it doesn’t get that much attention as much it will if Google’s go down. Its under high scrutiny once announced. So, sure we could rely on it on the basis of our past experiences.


Its not been the first attempt to bring any Public DNS Service (Non-ISP) into play. OpenDNS, Level3, Scrubit and many more players are already out there, which are providing faster DNS resolution than your ISP itself and you could test yourself for fastest DNS Servers around you using the following link. But when you get a name like Google in the race, then you get assured that you web experience is going to better and better due to the level of quality and competition it will bring in. 

Personally, I have not used DNS Servers other than my ISPs or other than OpenDNS, so I could compare this service with these two only, but my experiences always found OpenDNS better than any of the ISPs. Till now, whatever I got to test, I found Google DNS is outperforming OpenDNS and Level3 in all the way, check the technical reference


Results shows that we have a very very good reason to switch over Google Public DNS (8.8.8.8, 8.8.4.4), but what might be concerning many of the people is the motive behind it. Why Google brining it in? Will this not gonna to enable Google to keep more close check on everyday users internet habits and so improving its Ads system more by that? Will this bring power to Google to show Ads on even mistyped URL pages, which were in hands of ISPs only till now? Is not many privacy concerns out there?

Google has partially dispelled both of the concerns saying that its not gonna to store the data tied to particular user for long and will save the data only if agreed from the users itself and that too will be only anonymized ones.


opendns_logo_300 level3_logo

Personally, I am not much concerned about these privacy things as already Internet Explorer, Firefox, Chrome or Google Searches (when we logged in with Gmail) are gathering all of our internet habits, whether a normal user knows or don’t know about it. But what I am really looking for, is that “When Google is going to provide us the control over this Public DNS System like the way OpenDNS does?”. With OpenDNS free account, you can customize your redirection search page with your own logo etc, could watch over internet habits of your users yourself, have your own filtering system or typo correction. Once that will be done, Google Public DNS is sure gonna to outrun OpenDNS and others.

So, why waiting for, start using Google Public DNS for a better web browsing.

photo of Nitish KumarNitish Kumar

Making Squid Server from Scratch: The Dummies Manual

The article is intended to present the simplest yet much effective way to configure Squid Server to restrict internet access for system administrators. Layman Instructions with minimum set of commands makes the Squid deployment easier with help of this article and could provide a great resource for the people configuring Squid Server for the first time.

https://nitishkumar.wordpress.com

Most of us should have heard of Squid, mostly while discussing requirements of restricting Internet Usages among clients. Although a requirement for Squid may arise for any few of the following reasons or anything else:

1- To limit bandwidth usages: Squid optimizes data flow between client and server to improve performance and caches frequently-used content to save bandwidth (As data is being accessed locally not through ISP for further requests).

Moreover, Organizations might have limited bandwidth or expensive over some threshold value, so management cannot permit employees to download inappropriate material as it usages precious bandwidth (there are even options to limit the download size through Squid Server, which might be handy for such a scenario).

2- Due to Organizational Policy: Sometimes, organizations might have very strict internet policies regarding offensive materials. For this and for other reasons like controlling distractions, they don’t want their employees gaining access to inappropriate sites.

3- To limit usages as per defined hours: Sometimes, organizations might need to provide internet access to employees during certain working days/ hours only.

4- Monitoring site access patterns: Sometimes, in place of restricting or in addition of restricting internet access, the purpose might be monitoring the usages patterns for further steps to optimize or restrict.

Most special point about Squid is its being open source and vast availability of information and tweaks through forums and blogs. That’s why it’s most preferable solution for any such scenario.


Here I am providing the Step By Step Dummies Manual for implementing a Squid Proxy Server for layman like me, which should be sure helpful for many of us (including myself).

Step-by-Step with the implementation:

1- Base Machine: For my deployment, I chosen CentOS as the Linux installation due to availability and reliability of update sources for the OS itself (its replica OS to Redhat Enterprise versions with almost all features). The Configuration for the machine was 2.66 GHz Core 2 Duo Processor, 1 GB RAM and 160 GB HDD space.

Installation was customized to have 2 GB swap partition, 200 MB boot partition, Squid package checked, Web Server packages checked, SendMail related packages (Squid may be configured to send reports on mail), MySQL/ PHP packages checked (not required for Squid itself, but might be required for reporting software’s later on).

2- Setting Up the services: We need just one service specially Squid, but I will recommend to keep the same server up as an Apache Web Server as well, so that could customize Squid Error Messages with pics or logos.

Here is the basic way:

# chkconfig squid on
# chkconfig httpd on

The above commands will set up the services squid and httpd ON on startup. For later dealing with Squid Service, you can always use the following commands:

# /etc/init.d/squid start
# /etc/init.d/squid stop
# /etc/init.d/squid restart

Although I will come up with firewall and iptables stuff at the later part of this manual itself (as integrating squid and iptables is kind of necessary for any production environment), but for people, who wish to keep them minimal with squid, here is what minimum needed to do with firewall. First check whether port 3128 is opened or not

# netstat –tulpn | grep 3128

If not, then next part would be

# vi /etc/sysconfig/iptables

And append the following line to open up the port 3128 for squid:

-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED,RELATED - m tcp -p tcp --dport 3128 -j ACCEPT

And finally, restart of iptables service (Firewall service)

# /etc/init.d/iptables restart

3- Configuring Squid: Till here, you got Squid services are up and running and now the next and major part remaining is setting up configurations, defining ACLs and setting Access Groups for getting a basic squid configuration running. Except creating a few files for storing domain names to allow/ deny or to store keywords to deny, now most of the part has to be done by editing Squid configuration file squid.conf

# vi /etc/squid/squid.conf

The starting step of playing with squid.conf is setting a hostname for Squid, which is essential for its working. Need to find out visibal_hostname and setting it by putting a name.

visible_hostname squidproxy

Now, first we need to understand the basic requirements and then have to design a policy according to that. So, what your general requirements might be?

1- You may require groups of IP Addresses (different sets), which will have customized web access per requirements/ policy.

2- You may require that few groups might be restricted to only few mentioned sites, few groups might require access for most of the sites (even not documented ones) and few inappropriate ones blocked either domain-based or keywordbased.

3- You may require set of user names/ passwords to access the web along with rules including the above two. (I am not taking this specific one as my case for simplicity reasons).

Although there are numerous Use-Case-Scenario for Squid, but I guess the above ones cover most of the corporate scenarios for basic security administration. So, I am starting with this.


For documentation and readability purpose, you need to name/ remember the various requirement groups first like.IT, Management, Team1, Team2 etc. and then we will proceed further to configure policy for each of the group.

Rest all is about Access Control List definitions. One can limit user’s ability to browse the internet through ACLs. Each ACL defines a particular type of activity, such as an access time or source network, then all ACL statements are linked to http_access statement that tells squid that whether or not to deny or allow the traffic that matches particular ACL.

Squid matches each web access request it receives by checking the http_access list from top to bottom. If it finds a match, it enforces allow or deny statement and stop reading further (that’s why you need to be careful not to put a deny statement above similar allow statement).

Note: The last http_access statement denies all access that’s why we need to keep all of our customization above the same line.

Making Internet Access Policy: First set of rules (template): First you need to start from Access Controls section. At first you need to name a group of IP Addresses and then have to define ACLs for domain-based/ keyword-based site access blocking. I am taking the case of IT Support Web Access, where we need to block a selected list of sites and have to keep rest of the web opened. Although format is given in squid.conf itself, but I am putting the format here as well. There might be two ways to define the address range as given below:

# acl aclname src ip-address/netmask or # acl aclname src addr1-addr2/netmask

In next step, it’s better to keep everything allowed/ denied network, denied sites, denied keywords, so that later updating could be done without touching the squid.conf itself, moreover, backing up configuration would involve backing up those files and squid.conf itself that would be much cleaner and readable than usually squid.conf ended up to be.

Here I am taking first case of management network (just an example for use case).

Requirement is, we have to allow some specific IPs to access internet, some specific sites like orkut, facebook etc might be needed to be blocked, some specific keywords like port, xxx might be needed to be blocked and even you might have some machines in the same IP range that should not be given any internet access at all.

The following snip-set of configuration shows how to do it (acl names itself enough to explain).

# ACLs to define Management Network 
#——————————————————- 
acl management_network src "/usr/local/etc/squid/management/management_network" 
acl management_deny_network src "/usr/local/etc/squid/management/management_deny_network" 
acl management_deny_sites dstdomain "/usr/local/etc/squid/management/management_deny_sites" 
acl management_deny_keywords url_regex -i "/usr/local/etc/squid/management/management_deny_keywords"
#——————————————————-

Now, the next and final set of configuration entries would be selected domains and keywords denying first and then allowing rest of the web (squid scans top to bottom).

# Allow/deny web access to Management Network 
#——————————————————- 
http_access deny management_deny_network 
http_access deny management_deny_sites 
http_access deny management_deny_keywords 
http_access allow management_network 
#——————————————————-

Now, most importantly, you need to create these files at respective locations and putting required entries in them.

The profit for this approach is, any newbie could maintain the squid as usual maintenance works asks for adding/ removing IPs and adding/ removing sites and keywords for denying. It will save squid.conf from being messed up again and again by simple requirements, moreover, will keep it clean and readable.

In this way, all the files would be kept outside squid directory for keeping other IT staff not messing with actual squid.conf itself in case of any short term requirement. Now, there is a folder /usr/local/etc/squid and I’ll make folders inside this folder with the names of access groups as required (like in above case, I made a folder named management).

management_network will keep IP addresses to allow. Syntax might be one IP in each line or range like 172.16.1.25-172.16.1.50 or 172.16.11.0/24

management_deny_network will keep IP addresses that should not get any internet access.

management_deny_sites will keep domains to be denied (one domain in each line)

management_deny_keywords will keep keywords, which if are contained in any url then the whole URL should be blocked (like xxx).

More Restrictive Policy for another group of IPs: Second set of rules: Now, consider a requirement, where you have to allow only provided set of domains/ websites and have to restrict rest of the web access i.e. just company mail site/ website.

Again, you will be needed to pick another range of IP addresses and then defining the rules in following way (on the above pattern). Say the network would be MIS network:

# Permission set defined for MIS Network – Nitish Kumar
# —————————————————————
acl mis_network src "/usr/local/etc/squid/mis/mis_network" 
acl mis_deny_network src "/usr/local/etc/squid/mis/mis_deny_network" 
acl misGoodSites dstdomain "/usr/local/etc/squid/mis/misGoodSites"
# —————————————————————

Now, the next and final set of configuration entries would be selected domains and keywords denying first and then allowing rest of the web (squid scans top to bottom).

# Defining web access for MIS Network – Nitish Kumar

# ———————————————————-
http_access deny mis_deny_network
http_access allow mis_network misGoodSites

http_access deny mis_network

# ———————————————————-

Explanation for file names are similar as was in last case. Here misGoodSites file contain the names of those domains, which will be allowed and rest all will be restricted.

In this way, the second kind of requirement is done to restrict the web access in aggressive way, where only intimated sites would be allowed.

Note: In this scenario, you would be receiving request about site not opening in proper manners and of skipping frames/ pics etc. The reason of such issues would be third party domain embedded in the domains we allowed. So, obviously, the frames and pics are being blocked as they are from not mentioned domain. In such a case, you need to find out these third party domains and allowing them in Good site list.

So, here is the simplistic configuration for squid. There might be many use cases and many on-the-fly custom issues as per scenario, which could be worked out easily on the basis of extensive support provided through blogs and forums all over the web.

Rest part of the Squid Management belongs to Internet Connection and Log Management. If Internet Connection is working over Squid server, then it should work over client after configuring proxy configuration IP/PORT in internet options.

As about directories and logs, then cache directory location is /var/spool/squid and log directory location is /var/log/squid and the important log files, while will be needed to be managed later on are store.log, access.log, users.log and cache.log Note that squid can handle maximum size of a log file as 2GB only and after the same squid service will be terminated, so have to take care of that. Although fortunately, logrotate program automatically takes care of purging the data.

Now, with the above part anybody could easily configure a working Proxy Server and happily live with it later on more easier than other squid configuration manuals suggest.

For people asking for more, here are a few more tips and recommendations

Blocking MSN/ Yahoo/ Gtalk Messengers

Sure, most of you will come across such a requirement and trouble with that is leading messenger know that they would face proxy at some places so they already come with ways to bypass the proxy itself, which makes the job a bit difficult. Here is how to accomplish the same task.

First define the list of IP addresses that some smart messengers like MSN or Yahoo could use (like 64.4.13.0/24 , 207.46.104.0/24). The below section will go to network definition section.

acl bannedips dst "/usr/local/etc/squid/bannedip"

Now, how to use the rules to block messenger traffic

# No Messenger
# ———————————————————-
acl stopmsn req_mime_type ^application/x-msn-messenger$
acl msngw url_regex -i gateway.dll
http_access deny stopmsn
http_access deny msngw
http_access deny bannedips
# ———————————————————-

No Cache for selected sites in Squid

Caching is good for sites with mostly static content, but it could create lots of session related troubles around sites with more dynamic contents and it might be a better option to choose not caching any data for a particular set of sites. Here is how to implement it:

# Defining list to preventing caching for sites
# ——————————————————————-
acl prevent_cache dstdomain "/usr/local/etc/squid/No_Cache_Sites"
acl prevent_cache_file url_regex -i "/usr/local/etc/squid/No_Cache_Ext"
# ——————————————————————-

The above part needs to put, where network ranges are defined (above other custom rules) and the below part has to be placed where rest of http_access statements are placed (above other custom rules):

# Preventing caching for particular sites
# ———————————————————-
no_cache deny prevent_cache
no_cache deny prevent_cache_file
# ———————————————————-

And now we need to put the domains, which needs not to be cached in No_Cache_Sites file and File extensions not to be cached in No_Cache_Ext file and Squid server will stop caching for mentioned domain/ file extensions  after restarting the Squid.

Need pics/ logo in squid error messages?

What if you wish to customize the error message screen you get from Squid? Sure, you have to reach the error file named ERA_ACCESS_DENIED somewhere in /usr/share/…. and then have to edit with normal HTML. Lots of things could be done with this, but what many people wish to do first, is trying to put some gif or logo in the same error message.

Although I don’t favour putting images in error message as it make it a little heavier than originally it is, but here is the work-around.

Putting the image in same directory as ERA_ACCESS_DENIED file doesn’t work and what you require is making Squid itself a Web Server (that’s why I suggested to keep an installation of Apache over same server) and then referencing the image required through some web-path of the same Squid Server. Also notice that you also needs to allow Squid Server Access to all those PCs, where this error message is expected to appear otherwise, you will get error page without any gif or pics over it.

All Network range could be allowed to access Squid server in the following way

# Permission set defined for Complete Network
# ————————————————————-
acl all_network src 172.16.0.0/16
acl GoodSites url_regex -i "/usr/local/etc/squid/GoodSites"
# ————————————————————-

And as per convention, I followed throughout, the above lines will go around section for ACLs defining Network range and the lines given below will go along with rest of http_access statements.

# Defining web access for All Network
# ———————————————————-
http_access allow all_network GoodSites
# ———————————————————-

Outlook and Squid Solved: Requirement of iptables (Firewall)

Why my Outlook not working behind Squid?
How can we use Outlook express or any other mail client behind Squid?
Squid running fine and filtering traffic for http access, but how to use SMTP/POP3 with Squid?

It’s very easy to find people coming up with such queries. I wish to make a clear statement here “Squid has nothing to do with Outlook or SMTP/ POP3 access”. Squid is nothing but a HTTP proxy, which could intercept requests coming over http ports only, not these POP3/SMTP ports.

Disappointed? Don’t be.

Even if it’s not the case of Squid, you could make use of iptables (In built Linux Firewall), which will not only solve the above issue, but will add up more security for your squid.

What is needed to be done with iptables is as given below:

1. First of all, the Linux Box should act as a router to forward all requests coming on port 25 and 100 to outside means IP forwarding required.

2. In next part, as IP forwarding is enabled and any request coming to Box, is going outside, so all ports needs to be secure and controlled.

3. Need to redirect all requests coming to port 80 to port 3128, where squid rules will govern internet access.

4. Need to allow only required ports open on Squid (like 22, 3128, 25, 110, 995, 467).

5. Could be defined that which workstations could be able to make use SMTP/ POP3 through same server.

6. Could be defined that only a few workstations could be able to do ssh to Squid server.

For allowing SMTP/ POP3 connections, your Linux Box (Squid Installation) needs to act as a gateway, which will be entered in Default Gateway entry of client PC. For doing so, one needs to enable IP Forwarding on the same.

It’s disabled by default. For checking the same, you may type the following:

cat /proc/sys/net/ipv4/ip_forward

If output is 1, then nothing to do and if output is 0, then it needs to be ON.

For permanently putting IP Forwarding as ON, you need to change the value of net.ipv4.ip_forward to 1 from 0 in the file

/etc/sysctl.conf. The changes could take affect by either a reboot or by the command

sysctl –p /etc/sysctl.conf

Once you have enabled it, the immediate step is to redirect all traffic of port 80 to port 3128, securing other ports, allowing required ports, allowing ICMP ping, allowing ssh etc. Edit /etc/sysconfig/iptables file and put the following in that.

*nat
: PREROUTING ACCEPT [631:109032]
: POSTROUTING ACCEPT [276:26246]
:OUTPUT ACCEPT [276:26246]
-A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 3128
COMMIT
*filter
:INPUT DROP [490:62558]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10914:7678585]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 3128 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 25 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 110 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp –dport 25 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp –dport 110 -j ACCEPT
-A INPUT -d 172.16.8.10 -p tcp -m tcp –sport 1024:65535 –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 10051 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp –dport 10050 -j ACCEPT
-A INPUT -d 172.16.8.10 -p icmp -m icmp –icmp-type 8 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.8.10 -p tcp -m tcp –sport 80 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.16.8.10 -p icmp -m icmp –icmp-type 0 -m state –state RELATED,ESTABLISHED -j ACCEPT

COMMIT

In the above, I have enabled ports 22, 25, 110, 10051, 10050 (zabbix), also have allowed ICMP ping and web server (as I will use SARG for reporting of Squid Access) for all.

Now, after this, if you use Squid Server’s IP Address as Default Gateway, then you will be governed by all Squid rules (without putting Squid’s IP Address in proxy setting) and also would be able to sent-receive emails in Outlook (Note that currently, everyone is allowed over port 110, port 22 for all sites).

Task: Enable or allow ICMP ping incoming client request

For people looking for enabling ICMP ping only, use following three command in order.

Rule to enable ICMP ping incoming client request (Assuming that default iptables policy is to drop all INPUT and OUTPUT packets)

SERVER_IP="IP_Address"
iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -d $SERVER_IP -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type 0 -s $SERVER_IP -d 0/0 -m state –state ESTABLISHED,RELATED

Task: Allow SSH from given IP Addresses only

Rule to allow SSH from one given IP Address only (Assuming that default iptables policy is to drop all INPUT and OUTPUT packets on SSH port)

Although there are many other ways to do it, but I am putting the iptables way here

iptables -A INPUT -p tcp -m state –state NEW,ESTABLISHED -s
172.16.12.0/24 –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m state –state NEW,ESTABLISHED -d
172.16.12.0/24 –sport 22 -j ACCEPT

It will allow only IP Address of 172.16.12.0/24 series to SSH the box. Similarly individual IP Address and range could be allowed.

I hope I have provided a complete info for anyone wishing to start with Squid. Requesting you all to put your queries, so that I could make this manual better and covering more and more aspects. Although work perfectly, but iptables part is little messy in my manual. I would welcome, if someone suggest some more flexible ways (preferably file based rules) with easy conventions.

I also recommend using SARG for daily/ weekly/ monthly online reporting as its effective and very easy to use. Here is how to implement it.

So, Enjoy a Happy Safe Browsing by SQUID.

Google Chrome Browser: What’s this and why special?

Chrome takes advantage of new technology from ground up, which runs most of these advance features without using as much memory as old browsers do now. It means that Chrome Browser opens up quickly when you clicked it and so for the tabs. You will fee the performance, when you open up Internet Apps designed for Web 2.0, like Google’s sites and services.

So, here we know, why its attractive to pick up. Let’s see more deeper. It got best all, Tabs, Speed Dials with screenshots, Security Features, themes and yet the simplest interface to compete from any other rivals.

Few days back at 19th November 2009, we got the final news about Google Chrome OS that this project is being open-sourced and the OS will actually come to market by end of 2010. The related video are given below:

The same news ignited me to collect some info around Chrome and special things about it. Before the OS itself, in this article I thought to limit myself to Google Chrome Browser only this time.

You have many browser choices out there, if you have Windows then you see the world from the eyes of Internet Explorer, if its MacOS, then your world get flashlights in face of Safari , if its any flavour of Linux, then you are most likely to get the wing from Firefox and if its mobile then you must have seen Opera.

Due to constant updating features and blazing fast performance than other browsers, we already see Firefox racing in front of the giant Internet Explorer in the market share. I really wonder if there is any place left for a new browser and yet the innovator Giant Google announces a new browser, then there must be some means and strong backing behind the same. The core of this concept is around Web 2.0, Chrome was build up from the ground up for Web 2.0 and the focus always remained on speed, security and reliability throughout the visionary design process.

Basically, Internet apps now days takes more than what we known from long as simple HTML. All the other browser started from simple keeping that HTML in mind and then adding on capabilities and so over the time, browsers were sure bulky and slow as first apps has to load then the browser. You must have noticed that how much time Internet Explorer, Firefox or Safari takes in opening just the first blank page.


“ This all has gone under a big change with, what we calling the Google Chrome Browser. Chrome takes advantage of new technology from ground up, which runs most of these advance features without using as much memory as old browsers do now. It means that Chrome Browser opens up quickly when you clicked it and so for the tabs. You will fee the performance, when you open up Internet Apps designed for Web 2.0, like Google’s sites and services. ”

So, here we know, why its attractive to pick up. Let’s see more deeper. It got best all, Tabs, Speed Dials with screenshots, Security Features, themes and yet the simplest interface to compete from any other rivals.


The Omnibox (New address bar): Its unique feature (although Firefox also have it in a way) is its Omnibox, which we know as Address Bar. In Omnibox, Google Chrome has combined the address bar, the search bar, the search from other sites and a little more. Let’s put the points over some of the features:

1- Link Navigation: The most basic thing of browser to type in address in address bar, has got more wing with added help and suggestions from web, from your history and making to type much lesser keys then ever with its real time suggestions.

2- Web Search: You could type anything to search for in the Omnibox and you get will to the search results of any search provider (Google is default one).

search

3- Web-History Search: It makes it much easier to search within pages, you already visited. Just type a keywords from middle and it will pick up whole link you visited. Isn’t this cool for most of us?

history

4- Bookmarks: Google now have provided Bookmark sync through Google Account itself, which enables user to have their bookmarks everywhere they logged in, but even if you are not using that it combines local and google’s bookmarks of yours and provide real time suggestions, while you type in the Omnibox, aiding you at its best to reach out your site.

history

5- Search out of search engines: This is a feature, right now lesser people know about. You want to search something in YouTube, type in YouTube.com in Omnibox and it will display message like “Press TAB to search YouTube.com”, press tab and you will get “Search Youtube.com: ” written in Omnibox and then type in any word after the colon and here you go.

tab searchtab search2

For the people caring about their privacy concerns from these above mention features, there are option to control most of the features, even could have separate profiles with little tweaking. And above all, you have option of incognito windows, opened by Ctrl+Shift+N, in which whatever you do, don’t get recorded in history. Unlike Firefox’s Private browsing, it doesn’t shut off the other opened windows means you could work in normal windows and incognito windows at the same time :).

I am dammn sure that this Omnibox has started changing the way we see browsing for the people, who has started using it. Just give it a few mins and it starts learning your preferences on its own. You open Chrome again and it shows your frequently visited pages with their snapshots within 60 seconds to choose upon like speed dial.


Playing with the TABs: TABs became an integral part of browsing experience with all browsers, even then Chrome found new ways to improve them. With easy drag and drop, you can change the order of TABs and even pull them out for become a new chrome window. Moreover, technically each TAB runs in a separate process, so even if one page crashes, other TABs are safe and in most of the cases, your whole browser doesn’t crashes.


The simplest toolbar: Forget the days, having a tool/menu bar having menus like File, Edit, View, Favourites, Tools etc. You got just easiest thing, the browser. There is an Start Button for easy Bookmarks, Refresh Button, Navigation for Back-n-Forward and a triangular Go button with Page Menu and Settings Men next to it, that’s it.


Page / Settings/ Options Menu: There is just two menu, having it including option to Text Zoom. You have options to make applications shortcut like for Google Docs, Google Sites, Gmail, Google Maps etc (Thanks to built in Google Gears).


Bookmark Bar: Chrome claims to having most happening bookmark system in browsing world right now. Just click on star button and you get easiest options for this one click bookmark. In rest of the things, it got all that arranging in folder and whenever you want to see bookmark bar, then just press Ctrl+B. When your bookmarks grow in hundreds then search is always inbuilt.


Security, sandboxing and safe browsing: Malware and phishing are two main problems that affect users conviction and assurance on the Internet. In the present time, malware is a very important aspect as it is related to stealing passwords and other documents. With SANDBOXING – a new feature prevents malware from installing itself on your computer. Your passwords and documents are at a safer hand – so, why worry.


Google chrome’s task manager: Just like your own CPU, you can now monitor sites that are using most of the memory, downloading the most bytes and interrupting in browsing sites you are working on – so, just eliminate them and work efficiently without any mess. In addition, you can also see plugins that are associated with the tab.


Although there are much to discuss about in world of advanced features with plugins, hidden features etc but that will lengthen this article much more. So, ending just here with the request that if you haven’t tried Google Chrome, then just give it a try and that’s it.


Saving time with keyboard shortcuts

Use these keyboard shortcuts to take some stress off your mouse. Here are a few mostly used shortcut keys for a quick reference (Full list is here).

Ctrl+T Open a new tab.
Ctrl+W Close the current tab.
Ctrl+Tab Cycle through current tabs.
Ctrl+N Open a new window.
Ctrl+Shift+N Open a new incognito window.
Ctrl+Shift+T Open the last tab you closed.
Alt+Home Open your Home page.
Ctrl+L Jump to the Omnibox.
Ctrl+K Search for a word in the
Omnibox.
Ctrl+F Find text in an open page.
Ctrl++ Increase the font size.
Ctrl+- Decrease the font size.
Ctrl+0 Restore the normal font size.
Ctrl+B Always show the Bookmarks bar.
Ctrl+H Open your browsing history.
Ctrl+J Load your Downloads page.
Ctrl+X Cut.
Ctrl+C Copy.
Ctrl+V Paste.
Ctrl+P Print the current tab.
Shift+Esc Open the Tab Task Manager.

And at the end for knowing Google’s vision over Chrome, the famous comics is always here. For more interested people, I will recommend reading the book Google Sites and Chrome for Dummies.

 

 

 

Technorati Tags: ,,,,,,,,,,,
Windows Live Tags: ,,,,,,,,,,,

More about Google wave

Facts about Google wave continues ….

Do you know your Google Wave ID (like mine is contactfornitish@googlewave.com) is nothing sort of Email ID means no one could send an email over the same address and only waves could be sent over the same.

Do you know Wave uses your regular Google Account’s contact list means if any of your contacts are also using Wave, those people automatically show up in your Wave Contact List.

Do you know the best visible difference between a Wave conversation and Email conversation is that you can add contacts anytime later on and they could follow the conversation fro right there and could read the earlier lines etc. Means not needed to be CC from start if it was case of email.

Do you know even if you don’t have any contacts online in Google Wave, you can go for participating public waves anytime with typing the special query with:public and it will return a firehouse of constantly updating waves like the case of twitters. A better luck would be targeting your query over particular topic like with: public firefox, which will return wave related to firefox only.

Do you know A Wave can show more than one cursor working within a given wave as well, which means active waves with lots of participants could be a treat to watch with multi-colored names typing text before your eyes… live. I guess watching multiple people typing within the same document would be the most new and electrifying experience for most of the people. 🙂

Do you know although not available right now, but Wave will offer a feature that you could stop showing your typing (i.e. blips) means you could complete your typing and then press the button and your sentence; the blip will appear at once. This will be called as Draft Mode and is one of many features, which are not available in preview mode

Do you know Wave is not something completely browser independent. Wave uses recently developed web standards, such as HTML5, to perform a lot of its behind the scenes magic. So, for the richer experience from Wave, you need a browser having full support to HTML5 like Google Chrome, Firefox 3.5+ or Safari 4.

Do you know there are three ways to edit a wave

1. Reply below a Blip.
2. Reply inline within a Blip
3. Edit the existing content of a Blip.

Do you know as of now, Internet Explorer can’t run Google Wave properly as it doesn’t have support to HTML5. Although Google has released an open source browser plugin for bridging the gap. Wave prompts Internet Explorer users to install the same plugin in following way.

GoogleWave for Dummies

Do you know As of in early stages of it, Google Wave is struggling about Mobile devices as most the mobile browsers are not fully supporting to it and one could get it only after avoiding the warning of browser not supported.

Do you know your Wave Contact List is a subset of your Google Account’s exisiting Contacts list and you can add people to your Wave Contacts List only if they already have a Wave Account.

Do you know as of now, there is no way to remove a contact from a wave once added with the exception of bots.

Do you know as in theory Google Profiles are the same as Wave profiles and so you could edit yours to have links, hobbies, photos for the same.

Do you know every time a wave updates, it moves to the top of your inbox and its subject line turns bold. Wave’s instant, real-time notifications are a double edged sword; wonderful when you’re waiting on important updates, terrible when new information you don’t care about distracts you. the achieve and mute buttons can help you clean out your inbox and silence chatty waves one by one.

In the similar ways like emails, waves could be marked read or unread and also could be arranged within folders and subfolders.

Do you know although was available as a privilege to blog posts only, now tags are part of waves as well and playing the same role as was in case of blog posts. Tags provide a more free-form way to file your waves. Unlike folders, you can add as many tags to waves and also unlike folders, anyone participating could see those tags.

Do you know as of now, Wave doesn’t recognize special search characters like square brackets, parentheses, currency symbols, the ampersand, the pound sign and the asterisks. It also doesn’t recognize partial or similar matches, so a search for “travel”  doesn’t find “travels”, “traveler” or “Travle”.

Do you know If your browser has the Google Gears plug-in installed, you can drag and drop files from your computer directly into your wave. (Gears comes with Google Chrome for Windows and its freely available to install on Firefox, Internet Explorer and Safari for Mac).

Do you know If your wave contains multiple images, then an Images button appears next to the Files button on the bottom of that wave. Click the Images button and Choose View as Slide Show to easily flip through the photos at their full size.

Do you know how can we can make a wave public? Here is the trick. Add the public@a.gwave.com wave ID to your contacts list the way you would any other contact (although you will get the warning that user doesn’t has any Google Wave Account but you need to continue anyway). Add the same ID as participant to any of your wave and your wave would be a public wave right then.

Now finally, do you know the keyboard shortcuts with Google wave. Here are some

Navigation Shortcuts
Up/Down Arrows Moves you up and down the blips in a wave.
Home Takes you to the first blip in a wave.
End Takes you to the last blip in a wave.
Space Takes you to the next unread blip in a wave.
Page Up/Page Down Scrolls a panel up and down a page at a time.
Ctrl+Space Marks all blips "read" when focus is on the Wave panel.

Wave Editing Shortcuts
Enter
Replies to a blip at the same level of indentation.
Shift+Enter (in view mode) Replies to a blip at the end of a wave. The new blip appears at the same
indentation level, at the very end of the wave.
Ctrl+E Edits a blip.
Shift+Enter (in edit mode) Ends your blip editing session (same as the Done button).
Ctrl+B Bolds/unbolds selected text.
Ctrl+I Italicizes/unitalicizes selected text.
Ctrl+U Underlines/removes underline from selected text.
Ctrl+G Adds color to text via "poor man’s rich text" pop-up, in which you can type a color name (like "blue" or "red") or enter the hexadecimal HTML color code.
Ctrl+K Adds a link.
Ctrl+[n] Makes the current line a heading, where [n] = 1 through 4 for different sized headings.
Ctrl+5 Adds bullets.
Ctrl+6 Removes formatting from text.
Ctrl+7 Left-aligns text.
Ctrl+8 Right-aligns text.

Navigate Image Slide Shows
Space+Right Moves to the next slide.
Shift+Space Moves to the previous slide.
Down / Page Down Moves to the next set of thumbnails.

Rest will come up as I learn more and more about Google Wave.

The Google Wave Book

Google Wave: Finally I am introduced with it

Google wave; the all big buzz and I was failing to reach it as I was lazy enough in the start, when it was first declared long back. Yes as per wiki, Google wave was first declared really long back in the Google I/O conference on May 28, 2009.

wave

I went after it, only when my brother Dewashish asked me for an invite to Google Wave. I tried to know the definition and my search ended over the wiki

It’s a communications protocol designed to merge e-mail, instant messaging, wikis, and social networking. It has a strong collaborative and real-time focus supported by extensions that can provide, for example, spelling/grammar checking, automated translation among 40 languages, and numerous other extensions. Initially released only to developers, a "preview release" of Google Wave was extended to nearly 1 million users beginning September 30, 2009, with the initial 100,000 users each allowed to invite from twenty to thirty additional users.

I tried to digg little bit more deeper and got one more line Google Wave is designed as a new Internet communications platform. It is written in Java using OpenJDK and its web interface uses the Google Web Toolkit. (Same GWT behind new interface of Orkut).

Ok! I am leaving all these lines from external sources and coming up from my own. For me, its something like Google’s implementation of Wiki. As Google says, its a hosted XML Document: the wave, which could be edited by any of the person involved in the conversation.

I would like to present my first Google Wave conversation with the person, from whom I got the invite. May be you all get some idea of my learning about this in raw….

 

Sachin: Hey, Nitish, So You got the invitation!

Let me know your experience.

Me: Yes I got it and trying to know exactly what this is?

The experience is nice till now and as much I got to know then its not an email tool, but could be said as Google’s implementation of Wiki. If you understand that what wiki is then you could understand that what Google wave is and what Google is trying to achieve with it.

Sachin: This is new email tool, cannot understand yet, once we get more and more people involved may be we will get to know the utilization. There are lots of things, We can use lots of social networking things. but definitely start ….

Me: hold it for a second, I want to object. Although Google’s definition says that it has something to do with Social Networking, I will strongly object. Its not another Orkut or facebook or MySpace. Its more like Wiki. Your conversations are an Open XML shared Document, which anyone involved could edit and the editing would be completely logged and visibly real time.

Wiki was a Document which anyone could edit, it was a concept which was earlier much opposed that such an information would not be reliable as anyone could edit in wrong ways, but later on over years, as Wiki got success it was proved that if one could edit it for wrong then more people could edit it for right ways as well and so Wiki worked and worked in such a tremendous ways that now they are kind of most reliable source of information for everyone.

I guess Google wave is something like that. A fully rich document (pictures, links, ppts, videos and all type of rich media you know), in which Google is making full use of Google Docs and its strength of real time communication. Now people join in .. have their documents online and these documents will be shared over the users participating the conversation and such document will move online to become some dynamic source of information

People knowing Team Softwares and Wiki will get a true idea about what Google wave.

Sachin: I am looking for more like corporate communication through google wave. What do you think?

Me: Yeah … you are heading in exactly right direction… first use will be sure Corporate communication, and specially software developers or project handlers as corporate is already using some of such things, and could relate this faster than others.

Main target is to create collaborative documents, which will hold dynamically changing information from more than one sources, which will be edited to suit with the facts more and more and will come up with an ultimate information source.

I would recommend all of you to go through the tech crunch article for the details. Wonderfully detailed article about Google wave.

I also came to know about a few books over the same topic Google Wave and the leading one, which is online for free is http://completewaveguide.com/

I gone through a few of the pages and found them short enough to keep the interest and info. Take a look.

The other books, which I am aggressively looking for, are books from O’reilly publication with the title Google Wave: Up and Running and Getting Started with Google Wave. Although till now, no luck in finding a free copy of the same.

I managed to find somehow a PDF calling itself as Google Wave for Dummies. I guess, its the same arranged PDF version of the Completewaveguide. Could take a look over the PDF Book for the best info available for my side.

updates: 6th December 2009 

After many days of receiving invite, now from 2:38 PM of today, I also got the power to invite 8 more and I have started using the same. 🙂

Google wave invite

del.icio.us Tags:

 

Other related links:

http://mashable.com/2009/11/14/google-wave-use-cases/

http://en.wikipedia.org/wiki/Google_Wave

Tech Crunch Article

 

WordPress and Wiki

I also worked a little over Wiki Hosting. Managed to put a local installation through manual DB creation, user creation, local settings etc, but still struggling with making it easy to work with like WordPress. I had read that it could be configured to create pages through Microsoft Word or Windows Live for a Wiki, but not able to do the same till now. Anyway, it was a late night try. Will give one more eve over it. Also have managed the Dummies Book over it, expecting it to be helpful.

Due to illness, I was out of office, but worked a little over few things related to WordPress at home. One worry resolved now that how to sync two blog one at remote location and one at local hosting. It came out easy in the way that you have to take the backup of updated one and then to import the same to the other one. I was worried about duplicated entries, but the import process itself, skips the duplicate entries, comments, pages etc and in this way make the sync go smooth.

I also worked a little over Wiki Hosting. Managed to put a local installation through manual DB creation, user creation, local settings etc, but still struggling with making it easy to work with like WordPress. I had read that it could be configured to create pages through Microsoft Word or Windows Live for a Wiki, but not able to do the same till now. Anyway, it was a late night try. Will give one more eve over it. Also have managed the Dummies Book over it, expecting it to be helpful.