I decided to install the new and shiny Ubuntu 10.04 “Lucid Lynx”, but there is no way I want to affect my main partitions!! Why should I this is Linux after all, it can boot from a secondary partition I can even put the bootloader at the beginning of the partition to make it totally independent!! Having done that already with Backtrack 4, Ubuntu 9.10 (karmic) and CentOS 5.x it should be as easy as 1 – 2 – 3 (Or simple as… got Jackson 5 ringing in my ear right now).

So the solution I had in mind was just to add a new partition with parted, install there and add the following lines to the /etc/grub.conf in my Fedora partition:

title Ubuntu 9.10 (Karmic)
rootnoverify (hd0,6)
chainloader +1

The problem is that Ubuntu 10.04 ships with grub-2 (technically speaking 1.98) and it just doesn’t work the same way. After a couple of re-installs and hours later I came out with this blog with a really detailed review of the distribution and with the solution I needed:

title Ubuntu 10.04 (Lucid Lynx)
root (hd0,4)
kernel /boot/grub/core.img
savedefault
boot

Just to make sure your a attacking the right error, this is was I was getting: Error 13 invalid or unsupported executable format

Enjoy

After reading for a while I found out that de Mozilla Foundation built in this protection for “Cross-Protocol” scripting attack with a form of Port Banning.

To overide this protection use one of the following steps:

• In the user’s profile directory the all.js, add the following line at the end of the file user_pref("network.security.ports.banned.override", "1-65535");
• In the defaults/pref/ sub-directory of the installation directory (multi-user systems) add the following line at the end of the file user_pref("network.security.ports.banned.override","1-65535");
• Open a new window, in the address type: about:config and add a new entry of the type string with this name network.security.ports.banned.override and value 1-65535.

If you want to set free only one port change the range for that port o list of ports.

I just tested the latest version of VMware Workstation for Linux on my Fedora 11 box and there are a couple of things that just bothered me.  The big picture is that it’s not working smoothly:

The problems started on install time, in order to be able to install the rpm I had to uninstall gcc! (Thanks to Tusheto for the idea ).  Then I could work as usual with your virtual machines until I tried to turn them off:  it hung forever, I gave it 5 min. before having to kill window.  The files stayed locked thanks to the vmtray that is not shown in GNOME, so if happen to have you VM’s in a external drive there is no way to cleanly unplugg it without killing the residual process.

Afer so many years working with VMware on Linux I really expected more.  Rating F

Ran my tests on Fedora 11, kernel: 2.6.30.5-43.fc11.i686.PAE, and VMware-Workstation-6.5.3-185404.i386

Until recently one could pass the users password in clear text as a parameter. I assume that someone thought about all the passwords that word saved in history files and decided to change it. The problem is that the used the same parameter but now it expected the password to be encrypted, so it basically stopped working but didn’t generate errors.

After some debugging and some man reading the problem was nailed down, but now I had to generate and encrypt the password. I looked and tried many solutions but the best I could find was the crypt library and decided to access is through perl.  What I liked the most about the solution is that I could use all the same native algorithms that the system has installed.

So lets cut the chase, here are the 5 lines of code needed to get the job done:

salt=$(/usr/bin/mkpasswd -l 8 -s 0)
parameter=”print crypt(config,\”\\\$1\\\$$salt\”)”
encrypted=$(perl -e “$parameter”)
/usr/sbin/useradd -p $encrypted <user>

To create a good salt I used the mkpasswd utility that comes with the expect package (yum install expect).  In this case the $1 is not a variable, but the way of telling crypt to use MD5.

Other valid values for the Glibc crypt are:

For more information http://www.kernel.org/doc/man-pages/online/pages/man3/crypt.3.html or simply: man crypt

Have fun

I believe that the way Audio and Video rights are managed should be changed and a new model has to be built.  I’m not good with economy or an MBA,  but I am a user that really hates some of the limitations that are still built into a contents users life.

Let me put an example with the access to English spoken TV in Europe.  There is a great source for it in the UK, there you have access to SKY, BBC and other cable or pay TV services.  If I want to access those services from Germany, you can’t.  You can’t purchase the services, at least not legally (one can only purchase the services with a billing address in the UK).  With today’s interconnected world, these are the type of things that send people to look for alternative ways to access those contents.  So in a way the excessive controls are sending people to go to and find alternative ways to acces the contents that they can’t access or purchase through traditional channels.

I like the approach taken by Amazon in the US where you can by your favorite content and have instant access to whatch it through streaming, you can download it a specific number of times (4 if I remember correctly) in different formats: HD, MPEG or a smaller version for your IPOD.

I’m just glad that at least for now the 3 strike law in France was suspended.   And hope that  new cross European solutions see the light, because being able to whatch TV in your own language definitly helps people to feel at home away form home.

Photo credit: “And You’re Outta There!” originally uploaded by Chad Horwedel

This is just one of those features that make your life easier but handling all the ssh sessions for you, the best part is that is one of those setup once and forget feature.  Here is a brief introduction on how it works:

According to the ssh-agent man:

     ssh-agent is a program to hold private keys used for public key authenti-
     cation (RSA, DSA).  The idea is that ssh-agent is started in the begin-
     ning of an X-session or a login session, and all other windows or pro-
     grams are started as clients to the ssh-agent program.  Through use of
     environment variables the agent can be located and automatically used for
     authentication when logging in to other machines using ssh(1).

So what gnome did was include an ssh-agent in the gnome-keyring(-daemon), so it has one interface to manage passwords, ssh keys, etc.  Underneath the hood this is how it works:

1. When Gnome starts the gnome-keyring-daemon (if it is enabled in your conf)
2. The keyring manager starts the ssh-agent component and sets up the SSH_AUTH_SOCK variable, that will redirect ssh to make the queries to that socket
3. The SSH agent automatically loads files in ~/.ssh having names starting with id_rsa or id_dsa or any other keys included by using the ssh-add command
   

That does the job.  If you need to get it working on your Gnome installation follow the instructions here.

Incredible!

The best thing is that it works both in M$ Office and Open Office.

1. On linux just use pdfmerge:   sudo yum install pdfmerge or download the windows version
2. Do it by hand with ghostscript:

gs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=finished.pdf Scan001.pdf Scan002.pdf

Apr 19 04:14:47 hostname snmpd[3458]: Connection from UDP: [127.0.0.1]:42482
Apr 19 04:14:47 hostname snmpd[3458]: Received SNMP packet(s) from UDP: [127.0.0.1]:42482

After reading, googling around and testing for a while I rounded it the following solution, it should work in any Linux system with net-snmp after some tweaks but out of the box on CentOS, REL, Fedora or any of its relatives:

1. Remove the -a from the snmpd start options or write this in the /etc/sysconfig/snmpd.options file:

OPTIONS=”-Lsd -Lf /dev/null -p /var/run/snmpd.pid”

This should take care of the “Received SNMP” packets line (2nd one).

2. Add dontLogTCPWrappersConnects true at the end of your /etc/snmp/snmpd.conf file, that takes care of the other line:

Apr 19 04:13:47 dcf-is1p snmpd[3458]: Connection from UDP: [127.0.0.1]:48911

According to the man page: This setting disables the log messages for accepted connections. Denied connections will still be logged.”

The problem is that the default settings are to log every connection / request, so what we did was leave the log work only for failed and authenticated attempts

Enjoy readable logs!

I had to do it today and that thing doesn’t know the command: PASV !!

Well after surfing for while I found the workaround: just type:

LITERAL PASV

That bypasses the checks on the client and just sends the command to the server.