A page for randomness

In the context of digital security, a key is a piece of data which is used to encrypt or decrypt other pieces of data. The public and private key scheme is interesting because data encrypted with a public key can only be decrypted with the associated private key. You may freely distribute a public key so that others can encrypt the messages they send you. One of the reasons that public/private key schemes have revolutionized digital security is because the sender and receiver don’t have to share a common password. Among other things, public/private key cryptography has made e-commerce and other secure transactions possible. In this article, we’ll create and use public and private keys to create a highly secure distributed backup solution.

Each machine involved in the backup process must be running the OpenSSH secure shell service (sshd) with port 22 accessible through any intermediate firewall. If you access remote servers, then there is a good chance you’re already using secure shell.

Our goal will be to provide machines with secure access without requiring the need to manually provide passwords. Some people think that the easiest way to do this is to set up password-less access: do not do this. It is not secure. Instead, the approach we’ll use in this article will take perhaps an hour of your time, set up a system which gives all the convenience of “passphraseless” accounts — but is recognized as being highly secure.

Read more: Automate backups on Linux

If you’re running linux on a macbook and you have fuzzy or static like sound especially out of the left channel, whether on speakers or headphones, then this tip from the Ubuntu forums will most likely help. The following was done on my Ubuntu machine, but mostly can be applied with little effort on another distribution like Fedora:

$ sudo emacs /etc/modprobe.d/options

Add the following line to the end of the file:

options snd-hda-intel model=[MODEL_BELOW] position_fix=2 probe_mask=1

Where [MODEL_BELOW] is one of the following:

intel-mac-v1   : Intel Mac Type 1
intel-mac-v2   : Intel Mac Type 2
intel-mac-v3   : Intel Mac Type 3
intel-mac-v4   : Intel Mac Type 4
intel-mac-v5   : Intel Mac Type 5
macmini        : Intel Mac Mini (equivalent with type 3)
macbook        : Intel Mac Book (eq. type 5)
macbook-pro-v1 : Intel Mac Book Pro 1st generation (eq. type 3)
macbook-pro    : Intel Mac Book Pro 2nd generation (eq. type 3)
imac-intel     : Intel iMac (eq. type 2)
imac-intel-20  : Intel iMac (newer version) (eq. type 3)

You’ll also need to update your initramfs:

$ sudo update-initramfs -u

Reboot and see if the sound works. Typically the sound will stop working altogether or work perfectly. If it doesn’t work, try changing the model. I have a 2nd or 3rd generation macbook (I can’t remember which), but I needed to use the model=intel-mac-v3 for it to work. Check out the help article for more information.

Google’s open source’s “Protocol Buffers”. Here’s some examples:

You write a .proto file like this:

message Person {
  required int32 id = 1;
  required string name = 2;
  optional string email = 3;
}

Then you compile it with protoc, the protocol buffer compiler, to produce code in C++, Java, or Python.

Then, if you are using C++, you use that code like this:

Person person;
person.set_id(123);
person.set_name(”Bob”);
person.set_email(”bob@example.com”);

fstream out(”person.pb”, ios::out | ios::binary | ios::trunc);
person.SerializeToOstream(&out);
out.close();

Or like this:

Person person;
fstream in(”person.pb”, ios::in | ios::binary);
if (!person.ParseFromIstream(&in)) {
  cerr << “Failed to parse person.pb.” << endl;
  exit(1);
}

cout << “ID: ” << person.id() << endl;
cout << “name: ” << person.name() << endl;
if (person.has_email()) {
  cout << “e-mail: ” << person.email() << endl;
}

Read more about them: Google Open Source Blog: Protocol Buffers: Google’s Data Interchange Format

“The makefile keeps recompiling itself…when it finishes, it just recompiles itself again.”

John Harry Nancy

Cross-platform media player VLC is often referred to as the “Swiss Army knife of media applications” for good reason: Not only does VLC play nearly any file you throw at it (you even voted it the best desktop media player), but it can do so much more. From ripping DVDs to converting files to iPod-friendly formats, let’s take a look at the four coolest things you can do with VLC and start you on your way to becoming a VLC ninja.

Read more: Vlc: Master Your Digital Media with VLC

According to the research firm, the data is collected from a base of “approximately 160 million visitors per month.” The survey lists Apple’s Mac OS X operating system market share in June with a record 7.94%, which is a 0.11 point increase over the previous month. This figure makes OS X the best-selling UNIX variant ever with the largest overall share of the market. Linux currently stands at 0.80% market share in this survey, a slight improvement over the 0.68% recorded last month. Windows machines still dominate the market and came in at 90.89%, down from 91.13 percent in the month ago. Although the lead of Windows remains unquestioned, its share has been dropping slowly but steadily over the past two years.

Source: TG Daily - Study claims Windows usage market share could fall below 90% soon

Tomorrow, Firefox 3.0 will be released, and everyone is encouraged to download it to help break a download record for one day. So tomorrow, don’t forget to download the new Firefox!

GetFirefox.com

echo -n “username: ”
read username
echo -n “Password: ”
stty -echo
read password
stty echo

source: Mind Download: prompt for password w/o echoing chars in bash

if [ -n "`echo \"$1\" | grep \"^[0-9]*$\”`” ] ; then

echo “It is a number”

else

echo “It is not a number”

fi

The following is a true story.

Last week I walked into a local “home style cookin’ restaurant/watering hole” to pick up a take out order. I spoke briefly to the waitress behind the counter, who told me my order would be done in a few minutes.

So, while I was busy gazing at the farm implements hanging on the walls, I was approached by two, uh, um… well, let’s call them “natives.” These guys might just be the original Texas rednecks–complete with ten-gallon hats, snakeskin boots and the pervasive odor of cheap beer and whiskey.

“Pardon us, ma’am. Mind of we ask you a question?”

Well, people keep telling me that Texans are real friendly, so I nodded.

“Are you a Satanist?”

Well, at least they didn’t ask me if I liked to party.

“Uh, no, I can’t say that I am.”

“Gee ma’am. Are you sure about that?” they asked.

I put on my biggest, brightest Dallas Cowboys cheerleader smile and said, “No, I’m positive. The closest I’ve ever come to Satanism is watching Geraldo.”

“Hmm. Interesting. See, we was just wondering why it is you have the lord of darkness on your chest there.”

I was this close to slapping one of them and causing a scene–then I stopped and noticed the T-shirt I happened to be wearing that day. Sure enough, it had a picture of a small, devilish looking creature that has for quite some time now been associated with a certain operating system. In this particular representation, the creature was wearing sneakers.

They continued: “See, ma’am, we don’t exactly appreciate it when people show off pictures of the devil. Especially when he’s lookin’ so friendly.”

These idiots sounded terrifyingly serious.

Me: “Oh, well, see, this isn’t really the devil, it’s just, well, it’s sort of a mascot.”

Native: “And what kind of football team has the devil as a mascot?”

Me: “Oh, it’s not a team. It’s an operating– uh, a kind of computer.”

I figured that an ATM machine was about as much technology as these guys could handle, and I knew that if I so much as uttered the word “unix” I would only make things worse.

Native: “Where does this satanical computer come from?”

Me: “California. And there’s nothing satanical about it really.”

Somewhere along the line here, the waitress has noticed my predicament–but these guys probably outweighed her by 600 pounds, so all she did was look at me sympathetically and run off into the kitchen.

Native: “Ma’am, I think you’re lying. And we’d appreciate it if you’d leave the premises now.”

Fortunately, the waitress returned that very instant with my order, and they agreed that it would be okay for me to actually pay for my food before I left. While I was at the cash register, they amused themselves by talking to each other.

Native #1: “Do you think the police know about these devil computers?”

Native #2: “If they come from California, then the FBI oughta know about ‘em.”

They escorted me to the door. I tried one last time: “You’re really blowing this all out of proportion. A lot of people use this `kind of computers.’ Universities, researchers, businesses. They’re actually very useful.”

Big, big, BIG mistake. I should have guessed at what came next.

Native: “Does the government use these devil computers?”

Me: “Yes.”

Another BIG boo-boo.

Native: “And does the government pay for ‘em? With our tax dollars?”

I decided that it was time to jump ship.

Me: “No. Nope. Not at all. You’re tax dollars never entered the picture at all. I promise. No sir, not a penny. Our good Christian congressmen would never let something like that happen. Nope. Never. Bye.”

Texas. What a country.

Source: Godless devil-worshiping evil computers [rec.humor.funny]

Although Nautilus—the GNOME file manager—includes many useful features and offers an excellent implementation of the spatial paradigm, its browser mode is less impressive and is missing some must-have functionality. The Nautilus developers are about to deliver a big improvement, however, with the addition of full support for tabbed browsing.

A tabbed user interface is among the most frequently requested features for Nautilus. The original request in the GNOME bug tracker was opened in 2001 and has 10 duplicates. Despite significant demand, the developers long resisted implementing the feature because it required significant changes to the file manager’s underlying architecture. Some GNOME users have switched to the lightweight PCMan file manager just for the tab support.

Read more: GNOME file manager gets tabbed file browsing

In my last post, sendmail was one of the services on my box that was starting when I enter runlevel 2. Maybe I don’t want sendmail to start, or rather, if it is already started, when I enter runlevel 2, I want to kill it. In other words, I don’t want it running for runlevel 2. How can I make this change?

Well, first, I could just delete the soft link from the runlevel directory /etc/rc2.d/:

aaron@kratos:~ 1355 % sudo rm /etc/rc2.d/S21sendmail
Password:

That would definitely keep it from starting when I enter runlevel 2, but what if I wanted to kill it if it was already started from a previous runlevel? Just deleting the soft link won’t do it. I need to turn it into a K-script. Further, deleting and creating soft links in my /etc/rc[0-6].d/ directories by hand is a bit of a pain. This is where the update-rc.d command comes in:

aaron@kratos:~ 1356 % sudo update-rc.d -f sendmail remove
Password:
Removing any system startup links for /etc/init.d/sendmail …
/etc/rc0.d/K19sendmail
/etc/rc1.d/K19sendmail
/etc/rc2.d/S21sendmail
/etc/rc3.d/S21sendmail
/etc/rc4.d/S21sendmail
/etc/rc5.d/S21sendmail
/etc/rc6.d/K19sendmail
aaron@kratos:~ 1357 % sudo update-rc.d sendmail stop 20 0 1 2 3 4 5 6 .
Adding system startup for /etc/init.d/sendmail …
/etc/rc0.d/K20sendmail -> ../init.d/sendmail
/etc/rc1.d/K20sendmail -> ../init.d/sendmail
/etc/rc2.d/K20sendmail -> ../init.d/sendmail
/etc/rc3.d/K20sendmail -> ../init.d/sendmail
/etc/rc4.d/K20sendmail -> ../init.d/sendmail
/etc/rc5.d/K20sendmail -> ../init.d/sendmail
/etc/rc6.d/K20sendmail -> ../init.d/sendmail

We’ll get into the syntax a bit later, but these commands, as observed, removed any existing soft links that previously existed, and created new K-scripts for all of my runlevels.

First off, why two separate commands? Well, by Debian policy, no package upgrade will ever overwrite a previous configuration. This includes updating soft links in the runlevel directories. This also ensures persistent changes and allows the system administrator to prevent daemons from launching. So, if soft links already exist, they first need to be removed, then new links created.

Source: Aaron Toponce : Managing Services in Ubuntu, Part II: Managing Runlevels

Let me play devil’s advocate here. Mark Shuttleworth’s recent pledge to join a synchronised release plan for Enterprise Linux distributions is no more than a wish to benefit from a lot of work that Novell and Red Hat are already doing in the Enterprise space.

Let me explain.

Red Hat’s Enterprise Linux offering is a very important proposition to businesses, not only because Red Hat guarantees and has proven to support each RHEL version for 7 years after general availability, but mostly because each version is updated with new hardware support every 6 months.

Why is that important ?

When a version comes out all components that comprise a distribution have been frozen half a year before and have been tested very hard. But hardware does not freeze and companies buy new hardware constantly. Red Hat needs to provide support for newer selected hardware from vendors to make its solution acceptable to customers. This work is not taken lightly. Red Hat has to backport fixes and backport kernel infrastructure, update drivers, perform regression tests and provide QA together with hardware vendors.

Every 6 months a new update release is being made to ensure that newer hardware is ready to be deployed with a recent RHEL version. Red Hat guarantees that new boot media is available with newer hardware support for another 3 years. That means 2 RHEL releases at every point in time are being maintained to support new hardware.

Read more: Ubuntu’s need to catch a wave | Field Commander Wieers

Fedora Project

What’s new in Fedora 9? Read the release notes. >>

Fedora is a Linux-based operating system that showcases the latest in free and open source software. Fedora is always free for anyone to use, modify, and distribute. It is built by people across the globe who work together as a community: the Fedora Project. The Fedora Project is open and anyone is welcome to join.

The Fedora Project is out front for you, leading the advancement of free, open software and content.

Learn more. >>

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems. (CVE-2008-0166)

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

== Who is affected ==

Systems which are running any of the following releases:

* Ubuntu 7.04 (Feisty)

* Ubuntu 7.10 (Gutsy)

* Ubuntu 8.04 LTS (Hardy)

* Ubuntu “Intrepid Ibex” (development): libssl <= 0.9.8g-8

* Debian 4.0 (etch) (see corresponding Debian security advisory) and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate.

All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied. This includes the automatically generated host keys used by OpenSSH, which are the basis for its server spoofing and man-in-the-middle protection.

Source: [USN-612-1] OpenSSL vulnerability

Wine 1.0-rc1 was released today, with the following main changes:

Bug fixes only, we are in code freeze.

Binary packages are in the process of being built and it may take a few days for them to appear, but the source is available now. You can find out more about this release in the announcement. Check out our download page for packages for your distribution.

Get it: Wine HQ

Ext4 is the latest in a long line of Linux® file systems, and it’s likely to be as important and popular as its predecessors. As a Linux system administrator, you should be aware of the advantages, disadvantages, and basic steps for migrating to ext4. This article explains when to adopt ext4, how to adapt traditional file system maintenance tool usage to ext4, and how to get the most out of the file system.

Ext4 features

Linux supports several different file systems. Some are specialized network file systems or file systems developed for other operating systems, but a surprising number may be used as Linux native file systems—you can place your Linux root (/) and system directories on such file systems. Currently, file systems in this category include ext2, ext3, ReiserFS, XFS, and Journaled File System (JFS). However, file system design and development are ongoing, and new file systems are on the horizon.

Perhaps the most important file system currently under development for Linux is ext4—the fourth incarnation of the original extended file system (ext or extfs) developed exclusively for Linux. Given its heritage, it seems likely that ext4 will become an important standard file system (perhaps the standard file system) for Linux in the not-too-distant future.

Read more: Preparing for the newest Linux file system

Trolltech has announced the official release of Qt 4.4, a much-anticipated update to their popular, cross-platform software development framework. Qt is distributed under a dual-licensing model that enables open-source as well as proprietary commercial development, and it is widely used on the Linux platform, where it provides the underlying widget toolkit used by the KDE desktop environment. It is also used in a variety of commercial applications such as Skype, Google Earth, and Adobe Photoshop Elements.

Some of the most significant features added in Qt 4.4 include a multimedia abstraction layer, an HTML rendering widget based on WebKit, a new concurrency framework, and support for rendering widgets on the toolkit’s drawing canvas. This is also the first Qt release to include support for Windows CE and Windows Mobile.

Read more: http://arstechnica.com/reviews/other/troll-treasure-qt44-in-depth.ars

The Gentoo Linux operating system is a Linux distribution based on the Portage package management system. The development project and its products are named after the Gentoo penguin. Gentoo package management is designed to be modular, portable, easy to maintain, flexible, and optimized for the user’s machine. Packages are normally built from source code, continuing the tradition of the ports collection, although for convenience, some large software packages are also available as precompiled binaries for various architectures.

Read more: Gentoo Linux - Wikipedia, the free encyclopedia

Most guides and tutorials for Ubuntu newcomers can help you get commercial DVDs playing on your system, but only through a series of terminal commands that install new repositories or through the use of Automatix or other automated tools that can sometimes mess up your system’s dependencies. How-to site Tech-Recipes.com has been on a bit of a Linux streak lately and ferrets out a two-command, no-repository solution for installing DVD playback. Enter these in your terminal:

sudo apt-get install totem-xine libxine1-ffmpeg libdvdread3
sudo /usr/share/doc/libdvdread3/install-css.sh

That, from a quick test, should be it. It must be mentioned here that the DVD decrypting tool you’re installing is not licensed and definitely not supported by Ubuntu, so it’s up to you whether it’s kosher to install or not.

Source: Linux 101: Enable DVD Playback in Ubuntu in Two Commands

Yesterday, the Open Source community took an emotional hit when veteran Linux programmer Hans Reiser was convicted of first degree murder in the suspicious disappearing of his wife, Nina. While I won’t go into the details of the case, as this has been covered extensively in the press, I would like to talk a little bit about how this verdict will impact the technology in play for file system dominance in our favorite Open Source operating system, Linux.

Read more: http://blogs.zdnet.com/BTL/?p=8647

After a recent upgrade to the newest freedesktop.org specification, you might be wondering where your ~/.Trash folder went. Well you can check out http://www.ramendik.ru/docs/trashspec.html or know that it is now located in

~/.local/share/Trash

between the folders ‘files’ and ‘info’.

The following options need to be added to your xorg.conf file under the synaptics input device:

Option “TapButton1″ “1″

Option “TapButton2″ “3″

Option “TapButton3″ “2″

See: MacBook - Community Ubuntu Documentation

Dash as /bin/sh

In Ubuntu 6.10, the default system shell, /bin/sh, was changed to dash (the Debian Almquist Shell); previously it had been bash (the GNU Bourne-Again Shell). The same change will affect users of Ubuntu 6.06 LTS upgrading directly to Ubuntu 8.04 LTS. This document explains this change and what you should do if you encounter problems.

Why was this change made?

The major reason to switch the default shell was efficiency. bash is an excellent full-featured shell appropriate for interactive use; indeed, it is still the default login shell. However, it is rather large and slow to start up and operate by comparison with dash. A large number of shell instances are started as part of the Ubuntu boot process. Rather than change each of them individually to run explicitly under /bin/dash, a change which would require significant ongoing maintenance and which would be liable to regress if not paid close attention, the Ubuntu core development team felt that it was best simply to change the default shell. The boot speed improvements in Ubuntu 6.10 were often incorrectly attributed to [WWW] Upstart, which is a fine platform for future development of the init system but in Ubuntu 6.10 was primarily running in System V compatibility mode with only small behavioural changes. These improvements were in fact largely due to the changed /bin/sh.

The Debian policy manual has long mandated that “shell scripts specifying ‘/bin/sh’ as interpreter must only use POSIX features”; in fact, this requirement has been in place since well before the inception of the Ubuntu project. Furthermore, any shell scripts that expected to be portable to other Unix systems, such as the BSDs or Solaris, already honoured this requirement. Thus, we felt that the compatibility impact of this change would be minimal.

Of course, there have been a certain number of shell scripts written specifically for Linux systems, some of which incorrectly stated that they could run with /bin/sh when in fact they required /bin/bash, and these scripts will have broken due to this change. We regret this breakage, but feel that the proper way to address it is to make the small changes required to those scripts, discussed later in this document. In the longer term, this will promote a cleaner and more efficient system.

(This applies the same philosophy as in C and C . Programs should be written to the standard, and if they use extensions they should declare them; that way it is clear what extensions are in use and they will at least fail with a much better error message if those extensions are not available.)

Read more: DashAsBinSh - Ubuntu Wiki

A note regarding our findings: Further experiments have led us to believe that our initial conclusions that indicated Comcasts responsibility for dropping TCP SYN packets and forging TCP SYN, ACK and RST reset packets was incorrect. Our experiments were conducted from behind a network address translator NAT. The anomalous packets were generated when the outbound TCP SYN packets exceeded the NATs resources available in its state table. In this case, TCP SYN, ACK and RST packets were sent. We would like to thank Don Bowman, Robb Topolski, Neal Krawetz, and Comcast engineers for bringing this to our attention. We sincerely apologize for any inconvenience that this posting may have caused.

Source: Broadband Network Management - CUSystems

element_G: I was having a similar problem. Amarok lost mp3 playback for me. It was because of the xine backend. I first actually noticed it when I was trying to watch an .avi in xine, which didn’t work, then neither did .mp3s. Running xine as root allowed me to play stuff, and I could play .mp3s and .avis with other non-xine backed players like mplayer and xmms. Here’s how I fixed mine:

Quote:
$mkdir ~/.xine/plugins/
$cp -r /usr/lib/xine/plugins/1.1.4/ ~/.xine/plugins/
Just copy all of the xine codec things into the plugins directory (which you may have to make) in the .xine directory in your home directory and everything should work out. It did for me.

Read more: amarok mp3 support - Page 3 - Ubuntu Forums

A simpler way to do this would be to just type:

$ln -s /usb/lib/xine/plugins ~/.xine/plugins

It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast to crack or hack.Install aircrack-ng - on Debian Etch by:

• sudo apt-get install aircrack-ng

Then start aircrack-ng to look for wireless networks:

• sudo airodump-ng eth1

Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

• sudo airodump-ng -c 4 -w dump eth1

Then wait and let it collect about 500K IVS and the try the do the actual crack:

• sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.

Source: Hack Wireless WEP Network

See also: Tom’s Guide to cracking WEP

The IV count is the important number to watch for since you will need to capture around 50,000 to 200,000 IVs in order to crack a 64 bit WEP key and for a 128 bit key, you will need around 200,000 to 700,000 IVs!

Lately, Linux has been receiving quite a bit of notice. Between the ASUS EeePC, the One Laptop Per Child project, Dell’s new Ubuntu line, Intel’s Classmate PC, and Everex’s Green PC, Linux has been getting a lot of attention from computer manufacturers. It seems every new computer in the last year has had Linux, but to most people that doesn’t mean anything. It probably leaves you wondering, “what’s this Linux thing everyone’s talking about?”
So, what is this Linux thing?

Read more: What’s This “Linux” Thing and Why Should I Try It? | MakeUseOf.com

Linus Torvalds, creator of the Linux kernel, has, along with others like Richard Stallman, literally changed the world of software forever.

Linux-based distributions seem to pop up every day, while more and more devices now run Linux at their core, from mobile phones to inflight entertainment systems, to the world’s mission critical server infrastructures.

The development of the kernel has changed, and Linux is just getting better and better. However, with a community as large and fractured as the Linux community, it can sometimes be hard to get a big picture overview of where Linux is going: what’s happening with kernel version 2.6? Will there be a version 3.0? What has Linus been up to lately? What does he get up to in his spare time?

Read more: Linus Torvalds talks future of Linux | APC Magazine