Zelut’s Blog

I just downloaded and am now using Google Chrome: Developer Preview for Apple OS X.  These builds are also available for Linux, but I have not yet tried them. If you’d like to test them out, you can get the builds here: OS X, Linux 32bit, Linux 64bit. More information available here.

So far I have found only one bug, but I’m sure there are others lurking somewhere. Despite the early release and the issues I think this is a great development! Google Chrome is not limited to just Windows anymore! I really think Google is changing the way browsers are not only designed but also leveraged for rich internet applications.

Here are a few obligatory screenshots before I get back to continued testing:

Installation on Mac OS X.

Running Chrome on OS X

Acid3 Test Results

I’ve been spending some time building packages for Arch Linux (very easy, btw!). I’ve put together a package for Origami, the Folding@Home management tool, as I wrote about recently. I’m also now maintaining the Chromium Browser package for Arch Linux in AUR, which has been a lot of fun. Also, just last nite, I built a flashplugin-universal package, which installs both 64bit and 32bit flashplayer. I found that I needed this because I’m running x86_64 but I’m running both 32bit and 64bit browsers regularly. Having both flashplayer architectures installed allows me to have flash in any of the browsers, which is nice. Some of you Arch64 users might find it useful.

I’d love any feedback anyone can give me on the packages, particularly with PKGBUILD standards, efficiency and dependencies. Thank you.

As I’m sure you’ve all heard, today is April Fools and the day that the conficker worm is set to… well, do something.  I haven’t read any reports on just exactly what it has done, if anything today, but I was able to come up with a solution that will allow you to scan for it using Arch Linux and the latest-greatest build of nmap.  I just ran a scan on my home network and didn’t find anything (granted I only have Arch Linux, FreeBSD and Mac OS X machines here), but the same steps can be used to scan your office networks if you’re still wondering about being vulnerable.  I will outline below how to install the Arch Build System (ABS), update the PKGBUILD for nmap to install the latest nmap and finally how to scan a range of networks for the conficker worm.

Installation via ABS
To build the latest-greatest copy of nmap we’ll use the ABS and simply update the PKGBUILD information.  If you do not have ABS setup on your machine you’ll need to complete the following steps:

pacman -S abs
abs

These two commands will install the ABS on your system and then sync with the repository mirror.

Configuring nmap
Next you’ll want to copy the PKGBUILD from the ABS directory structure to your home directory for building.

mkdir ~/abs/
cp -r /var/abs/extra/nmap/ ~/abs/

Now head back to ~/abs/nmap/ and edit the PKGBUILD file with the following changes:

pkgver=4.85BETA6
md5sums=('33af2a98032b2e6617cea8de23808e64')

With those two changes saved you can now compile the latest nmap.  Use: makepkg -i

Detecting Conficker
Now that you have the latest nmap compiled and installed you can scan your network(s) for the Conficker worm.  Use the following command and look for any “INFECTED” or “VULNERABLE” lines in the output.

nmap -PN -d -p445 –script=smb-check-vulns –script-args=safe=1 [network_range]

(of course, replace network_range with your home/office network. ie; 192.168.0.0/24)

Conclusion
While I still don’t know what, if anything, the Conficker worm is going to do today (or ever), its best to make sure your machines are not vulnerable and that someone else does not have control of them.  If you administer a number of Windows machines, take a minute to scan them and verify that nothing is left vulnerable.  I hope these steps were helpful for anyone needing to verify security on their networks.

If you’ve been following my other blog (ubuntu-tutorials.com) you know I’ve developed a management tool for running Folding@Home clients on Linux distributions.  It started out a bit Red Hat specific, but has since been ported to Debian families and finally Arch Linux.  I just finished applying my latest patches and put together a PKGBUILD for it.  I’m happy to be able to say that origami is now available to the general public in the community repository.

If you’re interested in trying it out, there are two methods you can use to install it:

Method 1 (manual):

wget -c http://aur.archlinux.org/packages/origami/origami/PKGBUILD
makepkg -si


Method 2 (yaourt):

yaourt -S origami

I would probably suggest the yaourt method, as it is a little more automated and will provide the dependencies you might need.  One of the dependencies (lsb-release) is only available via the AUR so, again, yaourt will take care of that for you.

If you have previously tried running Folding@Home on Linux, or would like to start competing with others in contribution to Stanford Universities research project, please give this package a try and give me any feedback you can.

For those using FreeBSD, there has been another security update to the 7.1 release family.  According to the UPDATING file:

20090323:       p4      FreeBSD-SA-09:06.ktimer, FreeBSD-EN-09:01.kenv
Correctly sanity-check timer IDs. [SA-09:06]
Limit the size of malloced buffer when dumping environment
variables. [EN-09:01]

If you’re interested in applying this update to your system, here is the method I use:

csup -g -L2 cvsup.freebsd.org /usr/share/examples/cvsup/standard-supfile
cd /usr/src
make buildkernel && make installkernel
make buildworld && make installworld
reboot

There are other methods for keeping your base system updated, but I prefer the compiling method. What other methods might you suggest?

The other day I blogged about how to extract the kernel and ramdisk from the DBAN downloadable image.  These two files would be useful in the situation where you might want to PXE (network) boot a machine and have it wiped.  (Something like this may be common prior to dispositioning a machine at work, or before you give an old machine away.)  Whatever your reasons might be, I thought I would outline the steps that I have taken to install and configure PXE on a CentOS 5 installation.

Installation

yum install tftp-server

DBAN Configuration

After following my previous instructions on how to extract the DBAN PXE images, copy the two files (kernel.bzi and initrd.gz) to the /tftpboot/ directory.

mkdir -p /tftpboot/dban
cp kernel.bzi /tftpboot/
cp initrd.gz /tftpboot/


PXE Configuration

You’ll also need to configure the PXE system to know what to launch/run when a specific command is given at boot.  In this case we’ll only have the DBAN option, which we could run by using the ‘dban’ command:

/tftpboot/pxelinux.cfg/default

display msgs/boot.msg
prompt 1
## dban
label dban
kernel dban/kernel.bzi
append load_ramdisk=1 initrd=dban/initrd.gz root=/dev/ram0 init=/rc quiet nuke=”dwipe” –autonuke –method dodshort”

The first line in that file, “display” tells it to display a file as a menu prompt at boot time.  The second step in this section is creating that menu prompt:

/tftpboot/msgs/boot.msg

**WARNING** TYPE ‘dban’ TO AUTO-WIPE THE PXE BOOTED MACHINE.  **WARNING**

Start The Service

Now that we have everything configured we’ll go ahead and start the service:

service xinetd restart

I’ve been auditing some of the applications that I use day-to-day and thought I might share some tips about them. I’ve found that most people tend to get comfortable with a certain set of applications and rarely break out of that set. The beauty of the Free Software world is that the number and quality of available applications is constantly expanding. Hopefully some of the applications I can share here will make your computer usage more efficient and more fun!

Today I wanted to talk about Dropbox. It is a really simple way to store and share files online. I have been using it for a while now, primarily to share files between multiple laptops but also to share quick files and screenshots with people.

I’ve got it installed on my work laptop (Dell D630), personal laptop (Macbook) and work Desktop.  Anytime I need to quickly share a file from one machine to another (or even all) I simply drop it into my Dropbox folder and its instantly synchronized to the other machines.  Anything you do on one machine is automatically synched to the others.

It also has a nice, simple way to share files with others.  There is a subfolder called “Public”.  Anything in that folder can be shared directly with the outside world.  You’ll find that you can right-click on any file in “Public” and get the public link you can share.  We’ve started using this at work to quickly share documents and graphics that we’re working on.

If you haven’t tried out Dropbox, go download it.  It’s free and blends right into the GNOME Desktop and Nautilus.

I’m a keyboard junky.  I’ll admit it.  Anytime I *have* to use the mouse I feel like I’ve just slowed down my work.  Considering most of the work (at least my work) is done directly into the keyboard, taking my hand off the keys to move something is time I’m not getting back.  To that extent I’ve collected a number of keyboard shortcuts to allow me to do as much as I can without ever leaving the keys.  The shortcuts I wanted to share today are regarding maximizing, minimizing, un-maximizing, moving and resizing the gnome-terminal.

Shortcuts

Maximize: alt-F10

Minimize: alt-F9

Un-Maximize: alt-F5

Move: alt-F7

Resize: alt-F8

With these few shortcuts you should new be able to resize your terminals, shrink or enlarge them and even move them without leaving your keyboard.  Thank goodness for shortcut keys.  Where would we be without them?  Ohh, yeah, I think its called Mac OS X

I’ve spent the last week casually hunting around for alternate feed readers.  I’ve been using Google Reader for some time now. but I’ve been growing tired of it.  Desktop clients just don’t quite cut it for me as, just at work, I’m regularly between three different machines.  I think I’ve found one that I like!  It’s small, simple to install and configure and Free Software.  Gregarius.

Gregarius has been in development for a number of years now, although has recently slowed down.  I’d like to see things pick up again but, as usual in the Free Software world, that usually requires a community of users.  It currently has a fairly thorough wiki, forum, devlog (blog) and a list of features and configuration options.  The main reasons I like it are:

• Lightweight and responsive
• Very configurable.  Includes plugins and themes.
• Simple feed management (categories, tags, etc)
• Very clean default theme
• Detailed search options
• more…

For those that might be interested in trying out a server-side feed reader I thought I might outline some of the steps toward installing it.

Gregarius Installation

These steps mirror the setup I’ve decided to use on my web server.  You may need to alter some of the details to your needs.

cd /var/www/html/
wget -c http://superb-west.dl.sourceforge.net/sourceforge/gregarius/gregarius-0.6.1.tar.gz
tar xf gregarius-*.tar.gz


Database Creation

Gregarius uses a MySQL database to store and search the feeds you’re subscribed to.  The next step in installing this server-side feed reader is to create your database.

mysql -u root -p
[PASSWORD]
create database rss;
quit;


Configuration

The last step is updating the configuration file to know how to connect to the database, and what database to use.  This configuration is found in the gregarius folder, inside the dbinit.php.sample.  You’ll want to rename this file to dbinit.php and update with your database changes.  The fields you’ll need to update are:

define ('DBTYPE','mysql');
define ('DBNAME','rss');
define ('DBUNAME','db_user');
define ('DBPASS', 'db_password');
define ('DBSERVER', 'localhost');


Once this is done you should be able to start using your Gregarius installation at: http://yoursite.com/rss/  Enjoy!

If you have any issues installing or using Gregarius please comment and let me know.  I’d really love to see more people using this, and if that means doing a bit of support and recruiting on my own, then so be it.

I recently migrated my VPS from Slicehost to Linode and I’ve been very happy with them.  One of the changes that I made during this move was to try out Debian 5.0 as my base OS instead of Ubuntu 8.04.  So far I have been pleased with the change–although I’ll admit there isn’t much that is different on the server installation.  One of the few differences that I have found is in regards to the repository configuration.  One feature in Debian that is not available in Ubuntu is the ability to configure your sources.list to the stable release.. whatever version that happens to be.  Let me explain.

Repository Configuration

Ubuntu, a variant of Debian, uses the /etc/apt/sources.list to configure which repositories to subscribe to for available packages and errata updates.  Generally these repositories are subscribed to by way of development codename.  For example:

http://us.archive.ubuntu.com/ubuntu intrepid main restricted universe multiverse

A line like this in your Ubuntu configuration would subscribe to the Ubuntu 8.10 “Intrepid” repository for the life of that release (18 months).  It would also be able to pull updates and packages from the main, restricted, universe and multiverse areas of the repository.

Debian can follow the same standard–a repository configuration example might be something like this:

deb http://mirrors.kernel.org/debian lenny main contrib non-free

As you can see, these are both very similar.  The only differences are the development codenames, “Intrepid” vs “Lenny” and the naming of the repository subdivisions.  non-free vs universe/multiverse, etc.

Subscribing to Stable

The one difference that I have learned with Debian however is that you have the ability to use release aliases instead of development codenames.  For example, I could change “lenny” to “stable” and my machine would subscribe to the “stable” repository as long as one exists.  The key difference here is that “stable” evolves as the distribution evolves.  Whereas in the Ubuntu configuration I would need to update my configuration each time I want to migrate to a new “stable” version, Debian allows me to simple subscribe to “stable” and my machine would follow, and upgrade, to each stable release as long as it is in service.

Here is the sources.list that I use on my current Debian 5.0 web server:

deb http://mirrors.kernel.org/debian/ stable main contrib non-free
deb http://security.debian.org/ stable/updates main contrib non-free
deb http://volatile.debian.org/debian-volatile stable/volatile main contrib non-free


You’ll notice that I’m using “stable” instead of “lenny” even though, at this point, they are technically the same thing.  When the next release is final however my machine will automagically subscibe to the newer repository, and I would never have needed to change my config.  Why doesn’t Ubuntu offer something like this?