Debian wheezy: java security update, gnome-open problem workaround

After the initial rush of packages, things have slowed down a bit on the wheezy/sid front. The only notable update in the meantime has been new sun-java6-jdk 6.24 which fixes no less than 21 security bugs! You'll definitely want to pull that one and patch the numerous security holes.

Xorg set of packages is getting cleanup up (dependencies and stuff). libmaypole-perl has been dropped (before I even got a chance to play with it). Audacious is uninstallable right now, unless you decide to keep libavutil49 package (which got pushed out of the archive). I'm the CLI type of guy, so mplayer will do in the meantime, until audacity is installable again. BTW, I also use and endorse debian-multimedia packages, so please don't be mad if I accidentally comment on some package that is not even in the official repository. I've been using debian-multimedia so long, I don't even know which packages I get from them and which from the official repository.

I've also noticed slight instability with nVidia binary drivers (Xid errors in kernel log), probably connected to the recent Xorg upgrade (or new flash plugin?). So, today I installed their brand new 270.26 beta driver, we'll see if it fixes the regression. Although I would prefer to run open source graphics card driver, it seems I don't really have a choice at this time with my GeForce 9500 GT, at least until Nouveau adds support for nVidia 9xxx generation of cards. BTW, I still keep libcairo2 downgraded (for performance reasons).

Living on the bleeding edge: Debian wheezy/sid

Hello world!

I've decided to start this blog and share my experience with Debian sid/unstable, the development version of Debian GNU/Linux. It's the leading edge, but sometimes also the bleeding edge of Debian development. The stuff that enters this fast developing repository spends anywhere from 6 months up to 2 years in it before average Linux user sees it in form of a polished stable release (Debian, Ubuntu or some other Debian Pure Blend).

So, with Debian 6.0 "Squeeze" released exactly 7 days ago, there has been an avalanche of new software in sid, all the stuff that has been patiently waiting for the stable release to happen before it's pushed to the new unstable branch that will become Debian wheezy in about 2 years. Ubuntu users will no doubt see the software slightly sooner, but for the adventurous of us, even that would be too late. ;)

Most notable additions in sid at the time of this writing are LibreOffice 3.3.1~rc1, Ghostscript 9.01, Xorg 7.6, but also many other applications and libraries got upgraded to newer versions. Right now, I have no outright broken/uninstallable packages (of about 5200 installed on this desktop system). But, of course, there are some bugs that lurk in this heavy developmental distribution, which is the exact reason that prompted me to start this blog. To share my experience with others, and sometimes even ask for help from fellow Debian unstable users.

Debian 6.0 "Squeeze" released

After 24 months of constant development, the Debian Project is proud to present its new stable version 6.0 (code name "Squeeze"). Debian 6.0 is a free operating system, coming for the first time in two flavours. Alongside Debian GNU/Linux, Debian GNU/kFreeBSD is introduced with this version as a "technology preview".

Debian 6.0 includes the KDE Plasma Desktop and Applications, the GNOME, Xfce, and LXDE desktop environments as well as all kinds of server applications. It also features compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

Debian runs on computers ranging from palmtops and handheld systems to supercomputers, and on nearly everything in between. A total of nine architectures are supported by Debian GNU/Linux: 32-bit PC / Intel IA-32 (i386), 64-bit PC / Intel EM64T / x86-64 (amd64), Motorola/IBM PowerPC (powerpc), Sun/Oracle SPARC (sparc), MIPS (mips (big-endian) and mipsel (little-endian)), Intel Itanium (ia64), IBM S/390 (s390), and ARM EABI (armel).

Debian 6.0 "Squeeze" introduces technical previews of two new ports to the kernel of the FreeBSD project using the known Debian/GNU userland: Debian GNU/kFreeBSD for the 32-bit PC (kfreebsd-i386) and the 64-bit PC (kfreebsd-amd64). These ports are the first ones ever to be included in a Debian release which are not based on the Linux kernel. The support of common server software is strong and combines the existing features of Linux-based Debian versions with the unique features known from the BSD world. However, for this release these new ports are limited; for example, some advanced desktop features are not yet supported.

10 straightforward but proven ways to harden your LAMP servers

Over the years I have had to harden a great number of LAMP boxes, I have found some methods work for better than others. I will now share with you all my favorite 10 along with methods to implement them on Debian/Ubuntu.

10. Lock SSH access right down. I do this by disabling root logins, disabling password authentication and using denyhosts.

To disable root logins do this: vi /etc/ssh/sshd_config and look for the following line: PermitRootLogin yes and change it thus: PermitRootLogin no

To disable password authentication (you will have to use public/private keys) do this: vi /etc/ssh/sshd_config and look for the following line: #PasswordAuthentication yes (note its commented out) and change it thus: PasswordAuthentication no

To install denyhosts do this: apt-get install denyhosts once installed it shouldn't need any configuration, but you can tweak the settings if you wish in /etc/denyhosts.conf

9. Always use Sudo for root access, This is one of the things Ubuntu does really well and its about time other distros did the same.

Running Nvidia display drivers with X.Org 7.3

This morning, hardworking Debian developers pushed the remaining pieces of the brand new X.Org 7.3 to Debian sid (unstable) distribution. And it must be said, a well done job!

ii  x11-apps            7.3+1      X applications
ii  x11-common          1:7.3+2    X Window System (X.Org)
ii  x11-session-utils   7.3+1      X session utilities
ii  x11-utils           7.3+1      X11 utilities
ii  x11-xfs-utils       7.3+1      X font server utilities
ii  x11-xkb-utils       7.3+1      X11 XKB utilities
ii  x11-xserver-utils   7.3+1      X server utilities
ii  xbase-clients       1:7.3+2    miscellaneous X clients - metapackage
ii  xorg                1:7.3+2    X.Org X Window System
ii  xorg-dev            1:7.3+2    the X.Org X Window System development
ii  xserver-xorg        1:7.3+2    the X.Org X server
ii  xutils              1:7.3+2    X Window System utility programs

Building Debian FreeRadius package with EAP/TLS/TTLS/PEAP support

Debian's FreeRadius package is built without support for EAP/TLS/TTLS/PEAP because of the licensing problems of the OpenSSL library. But, if you want to implement 802.1x network authentication with strong security, you'll need it. This is a short tutorial that explains how to build Debian (sid aka unstable) package linked to libssl and with EAP/TLS/TTLS/PEAP support compiled in.

First, download the newest source package (orig.tar.gz), Debian diffs (diff.gz) and description file (dsc) from the freeradius package page. The version I tested the procedure with is 1.1.7-1.

A First Look at Oracle 11g database on Debian GNU/Linux

Three and half years have passed since my first attempts to install Oracle 10g on an unsupported Debian GNU/Linux distribution. Seeing that Oracle 11g is out, and exclusively for Linux at this time, I decided to download it among the first and see and share with you what it's installation looks like.

The distribution can be downloaded from the Oracle Database Software Downloads page, but let me warn you upfront that the archive is 1.7GB in size, so you'll need quite a big pipe to successfully download it. What makes it even harder is that Oracle insists that you download it from browser window (Wget and similar utilities won't work out of the box, although there are some tricks that can be deployed), so be prepared to have that browser window open for a long time and prey that download doesn't break along the way.

Ubuntu vs Debian: this is amazing!

The other day I was playing with fun Google Trends tool and got an idea to check Ubuntu versus Debian popularity. You can see the result on the picture below and I don't know about you, but it simply amazes me how popular Ubuntu is these days. And not only that, but its popularity is growing day by day, while it can be easily seen that Debian is either stagnating or slowly fading out.

sshfs - secure and transparent access to remote filesystems

sshfs is a very slick way to access your remote filesystems, securely and transparently. It is based on the great FUSE (Filesystem in Userspace) framework, which has been integrated in the linux kernel since version 2.6.14. While sshfs may not be as fast and featureful as other full-blown network filesystems such as NFS or Samba, it still has some great features:

  • very easy to use, on the server side there's nothing to do, on the client side mounting the filesystem is as easy as logging into the server with ssh
  • provides secure (encrypted) access to remote files
  • has decent performance (multithreaded, caching directory contents and allowing large reads)
  • should work well even over slow and/or unstable links (think dialup), knows how to reconnect to the server when the connection is broken

The flash plugin and X.Org 7.0 (X11R7) font problems

If you are lucky to have fresh X11R7 on your desktop with all its new features and nice filesystem layout you might have noticed that some things have compatibility problems with it. Namely, if you have flash plugin installed you might not see text in flash content displayed properly, depending on how your Linux distribution handled the upgrade.

Having already had trouble with that (for other reasons I'll explain later) this time fix for the problem was a no brainer. The reason for problems is that the official flash plugin does some font handling of it's own, not using system font file server or X server itself. But it still depends on some filesystem paths and configuration to be in place so it can find font files it needs. By doing strings and carefully skipping over lots of uninteresting text, you can find that flash plugin looks for /usr/X11R6/lib/X11/fs/config file which is the configuration file of the font server. Next it parses "catalogue = " line in it to find all available fonts on the system. The trouble is that new release of X.Org server got rid of /usr/X11R6 system path in favour of putting binaries and other files in the more appropriate places in the filesystem, just like the other linux applications do.

Syndicate content