Home Home > 2011 > 03
Sign up | Login

Archive for March, 2011

Securing SSH (Secure Shell) from attacker

March 22nd, 2011 by

Secure Shell or SSH is a network protocol that allows exchange of data through secure channels between two network devices.

Particularly widely used on Linux and Unix-based system to access your shell, SSHwas designed as a substitute for Telnet and other insecure remote shells, which sentinformation, especially passwords, in the form of simple text that makes it easy to be intercepted. Encryption used by SSH provides confidentiality and integrity of dataover an insecure network like the Internet.

For the Security Server We From Attacks The attacker who usually Always Use SSHAs a door Early Entry Into System To us, of course, become an admin obligation todispel various Efforts That.

There are several ways which ordinary people do to secure SSH from a variety ofattacks which one of them is by editing the file / etc / ssh / sshd_config.

before doing the configuration in the file / etc / ssh / sshd_config make sure SSH isinstalled on your linux distribution, and for openSUSE that I use it already automatically installed.

#vim /etc/ssh/sshd_config

change options, as below :

LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 3

LoginGraceTime which option is used to give a time limit of user logins, so please change these options according to your wishes.

PermitRootLogin is no option to allow the root user can login to ssh or not to give yes or no value on the options tersebut.sebaiknya give no value, so that users can not loginas root into your ssh.

MaxAuthTries 3 to give the limit on the number of errors allowed when the user logs in,this is very useful to avoid attackers do brute force on the server anda.dimana usersonly allowed to make a mistake typing the password in accordance with that alreadyset on the options.

If you want only certain users who may log into your ssh add AllowUsers option at the end of the line followed by a distinguished user name in the allowed login.

otherwise, you can install software, denyhost, for your ssh security

NB:do not enable the root user, for ssh login

Similarly, a fairly simple tutorial .. hopefully this can be useful.

Best Regards
Saydul Akram
Email : idulk@opensuse.org

Policy proposal for Factory: Make source of tar balls trackable

March 21st, 2011 by

I like to suggest a general policy for openSUSE:Factory project to document from where a tar ball (or any other file from upstream) is comming from. Why that ? It makes it much easier to review version updates and it guarantees that no one can inject some mal code via a modifed tar ball.

So far I added the source services “download_url” and “tar_scm” to our OBS instance, which downloads the files and stores them as files via a commit. Some people use them already, some others don’t like them because they store the files with _service: prefix.

In last hackweek, I added another way to handle this, which I would like to request as setup and policy for openSUSE:Factory project. You can add a project wide source service, for example the new “download_files” service. That would mean that no needs to add a _service file to the sources anymore. It is enough to add an URL to the spec file Source: tags. The service will automatically download it from there.

But that does mean we still have have _service:download_files:osc-0.1.tar.bz2 file names ? Not when we also add the new “trylocal” parameter and use latest osc versions. This parameter will let act osc to execute the services, but name the files without prefix and commit them together with the other files.

Where is the advantage then ? The server is still validating that this is an identical file. It downloads it again and compares it. In case it is the same file, nothing will happen.

What will happen, when the file differes ? We basically have two options, either we can let the service mark the source as broken or we would store the file with _service: prefix again.

The later mode has the advantage that you can still do version upgrades via slow connections and let the server download the files.

Please find some more details about new possibilities with the source services here.

An example setup for this can be tested via

osc bco home:adrianSuSE:FactoryTest bc

and do for example a version downgrade to 1.05 version to see how it works. Please note that you need the osc from openSUSE:Tools:Unstable project for this.

We can also apply the still suse-internal spec formater and validator scripts via this way later one.

Another advantage of this setup would be the new “update_source” service, which could run in some openSUSE:Factory:AutoUpdate project and tries automatic version upgrades when upstream releases a new version. They could be reviewed and just picked (directly or with additional manual fixes).

Temporary overwrite method for specific task

March 18th, 2011 by

Hi,
today I must solve issue with not well structured code. Problem is that one method return last correct version, but in one specific case it needs to return newest version (even incorrect). There is many calls between top level method which know what needs to call and target method which is called from generic code. Now I need to fix it and code is not well tested and quite sensitive to changes ( this fix is fix of another fix :). So what is the safest way to change it?
I decide that the best solution which doesn’t change almost nothing ( but is suitable just for maintenance update, for trunk I create better solution ) is temporary overwrite of target method to change its behavior. Now how to do it?
There is simple example:

class T
  def test
    puts "test"
  end

  def lest
    puts "lest"
  end

  def m
    test
  end
end


T.new.m
T.send(:define_method,:m_a) { lest }
T.send(:alias_method, :m_old, :m)
T.send(:alias_method, :m, :m_a)
T.new.m
T.send(:alias_method, :m, :m_old)
T.send(:undef_method, :m_a)
T.send(:undef_method, :m_old)
T.new.m

as you can see after modification class is exact same as before ( except if there is method a, but it is possible to handle it via introspection and dynamic choose of method). I don’t need to change whole stack of calls to add parameter or introduce new singleton class which can have flag.
I hope it help someone with his fix of not so well written piece of software.

openSUSE and Kraft on CLT

March 17th, 2011 by

First some news about my KDE project Kraft:

A review was posted on Technewsworld.com with title
Kraft: A No-Nonsense Office Assistant That Gets Straight to Work
. Nice title, and also the bottomline of the whole article. Good to read, however I am wondering why the author tested Kraft version 0.32 instead the current one 0.40 which is out already for ten month. Are there *still* 0.32 packages around in the Ubuntu-World? On the download page on Kraft’s website, there are good Ubuntu packages linked thanks to Rohan Garg.

The only remark in the review was that the list of document types should be editable. It is since 0.40 🙂 Anyway, thanks for considering Kraft for a review.

Chemnitzer Linux-Tage am 19./20.03.2011
On next weekend I will be in Chemnitz on the Chemnitzer Linux Tage. I will give a talk titled Linux im Büro von Kleinunternehmen (Linux in the small enterprise). Beside other interesting things I will present Kraft of course. It will be a talk for people who are new to Linux but try to get their work done with Linux. I am looking forward as I enjoy these solution focused topics. If you are interested, show up and we talk about Kraft. And, yes, a new release of Kraft is also on the way, it can’t take too long any more.

The openSUSE Project will have a booth as well and I probably will be around there for the rest of the time together with friends from the project. We will tell you about our cool project, explain how you can participate and show the brand new openSUSE 11.4 release. It is a nice one. and we think you will like it. I hope to see you there 🙂

First Survey on openSUSE Version naming is open now

March 16th, 2011 by

Following my last blog post on “how to name the distribution release“, I’ve opened up a public survey and look forward to your votes. There is also a good discussion going on on the opensuse-project mailing list.

This is the first iteration. Coolo and myself discussed to use a second survey with the group of winners on connect.opensuse.org.

openSUSE 11.4 :: Wine… A practical case…

March 15th, 2011 by

For some time I follow the openSUSE Forums which provide me a very interesting view about what our users do with openSUSE. I’ve noticed there are some relevant questions about Wine once in a while in the Games forums.

A few time ago one of my friends nagged me a lot to do a couple of levels in Lord of the Rings Online which has a ‘Free Play’ plan in Europe. People can create an account and play for free the game with some restrictions (contents, equipment, items, etc). Players also have the option of using the online game store to unlock several aspects of the game. I’ve used a free play account for this, as I don’t really dedicate much time to it.

I’ve downloaded and installed the game in a Windows 7 computer (abour 10.5GB’s),  updated it and it works as expected. My laptop has somehow better hardware and I’ve decided to see how it would run under openSUSE through wine! On WineHQ there’s some extensive know-how shared by the community about this game… for my little experiment I’ve used the following:

* Lord of the Rings Online installation files pulled from the installer (since I had previously downloaded the game on a Windows machine, I’ve used those files to avoid downloading 10.5GB’s again).
* Wine 32 bits (1.3.12, shipped with openSUSE, LotRO requires also wine-gecko);
* openSUSE 11.4 x86_64;
* ATI FireGL drivers, release 11.2;
* PyLotRO Launcher (written in Python, used to launch LOTRO since the normal Turbine .NET launcher has some serious issues);

Looking at everything written on WineHQ about LotRO it seems quite a hard task to get this running, luckily it’s actually the opposite… pretty much a quick step, though time consuming due to the size of the game. Here’s the procedures:

  • Installing wine on openSUSE 11.4

Installing wine on openSUSE is pretty easy (like any other software package). Make sure you are networked and open your favourite terminal emulator and type in the following command: zypper install wine wine-gecko. Zypp client will pull all the required dependencies and install the software. Please be aware that your system needs to have 3D capable drivers, often proprietary drivers.

  • Installing Lord of the Rings Online

As I’ve stated previously, I’ve had available the installation cache files from a previous Windows installation which made my life easier (around 10.5GB). If this is not your case, you can look into WineHQ and check how it goes with the installer. An interesting thread can be found here.

When one installs LOTRO on a Windows Machine it will create a folder on the Desktop called LOTRO_* which will contain a local cache of the files necessary to install the game. Inside of this folder there’s a ‘lotrosetup.exe’ runs the installer. To start the installation is quite easy… open a terminal (with normal user), navigate to the directory where we have the cache files from the installer and run: wine lotrosetup.exe. The installer window pops up preceded by a small splash screen. Follow the instructions on the screen and wait until it deploys the game (took around 30/40 minutes).

  • PyLotRO Launcher for Linux

There’s ways to run the game and the Turbine launcher (.NET) isn’t really friendly of wine. I’ve decided to go for PyLotRO which is a small launcher written in Python. I’ve made a small test package which is available on my test repository in OBS (openSUSE Build Service) and called it python-lotro. You can find it here. For openSUSE 11.4 it can download this RPM, python-lotro-0.1.14-4.1.noarch.rpm and install it with: sudo zypper install python-lotro-0.1.14-4.1.noarch.rpm. This will also create a link on your Games menu entry (works in GNOME, never tested on KDE).

You have the Linux launcher installer and are a tiny step away from being able to play LoTRO…

  • Updating the Game…

PyLotRO provides a small interface with the very basic functionality available from the Turbine Launcher. Allows to configure wine debugging output and patch the game amongst other features. Here’s a small screenshot how it’s looks:

To update the game, it’s only required to hit the ‘Tools‘ menu and select ‘Patch‘. This will access the game contents, download, decrypt and update the game to the latest version. Due to the size of the game it really takes a bit of time, so be patient.

WARNING: Before launching the game make sure that you have 3D effects disabled on the Desktop (ex: disable compiz or composite in Kwin). If this step isn’t done, the game might suffer of great performance issues and weird behavior. If something looks fishy, then that’s because you forgot this step. This also made me think in one thing… What impact will Unity and gnome-shell have in cases like this… when the accelerated 3D Desktop will generate performance issues in applications like in this case… something to look for in the nearby future…

After the update it’s possible to login into the game, configure the options and give it a go… You will need a game account first than can be created for free (Europe only as far as I am aware, the game seems to be under subscription in the US), make sure you download the European client as well.

  • Gameplay

The game tries to detect the best configuration for your system (Low in my case)… I’ve forced it to Very High, selected my native resolution and gave it a go. The game is fluid enough, though lags a bit in big cities (ex: Bree), this is somehow something to expect, the same happens in Windows. While I haven’t seen much problems with performance, I’ve disabled dynamic lighting and it’s somehow a bit better. The runs nice and everything seems to work.

I know many tutorials talk about winetricks and d3dx9… I’ve not did such things and the game runs very nice with the native wine dll’s without having the need of installing Microsoft’s DirectX files.

This was a very pleasant experience, and it really surprised me on the positive. OpenSUSE has a very nice version of wine capable of running at least LotRO and World of Warcraft without any issues! It’s something that is worth trying with openSUSE!

openSUSE 11.4 :: How it goes in Portugal ?!

March 13th, 2011 by

I’ve been following the biggest general technology forum in Portugal with a close eye for openSUSE 11.4 comments and reviews… 10 years ago SuSE Linux was one of the predominant Linux distributions fighting for first place with Red Hat and followed closely by Debian. The fourth place belonged to Slackware.

10 years after… Slackware mainly disappeared, the Red Hat/Fedora community somehow vanished (judging by LUG member strength), and fate hasn’t been nicer for openSUSE. From most of what I read, Ubuntu became the major power, followed by Arch Linux and Debian… there’s a few pockets of resistance by Mandriva… It’s also interesting to see that new users are mainly confused between choosing Fedora and openSUSE… this relation is also getting strong with drop outs from Ubuntu. The timing is good for intervention…

From what I could see in the reports of openSUSE reviews I’ve seen:

* Installer – Users expected something new, but they didn’t disclaimed what they expected. They say that openSUSE installer is pretty much offering the same features as other distributions. I really don’t know what can be innovated here….

* Updates – This is one of the points that is most commented in the reviews. Though there’s no real claims on what could be improved or what is missing, everyone points to a simple conclusion: people seem to like updates and the faster they are done, the better. Update timings seem important.

* Tumbleweed – There are a lot of expectations towards rolling releases and Tumbleweed. This feature seems to captivate a lot of veterans changing from other distributions and also new comers. This is without doubt one of the points to invest in the future for the local community…

* Time of Installation – Some harsh critics on the installation time. People believe that 30 minutes is too much of installation time. I kinda disagree as it seems pretty much normal for a DVD install. Installing openSUSE LiveCD’s on real hardware (no virtualization) through USB2 and USB3 sticks, is pretty much bellow 10 minutes. Should we focus on USB sticks installations and work the methodology? Sounds good as a differentiation point.

* USB Sticks – Some harsh critics with people using imagewritter and unetbootin. For what I was able to determine, this problems seem to be related with the partitions not being flagged as ‘active’. Something we can improve here?

* KDE – All the reports seem to place openSUSE as the best KDE offer. Nothing was expected besides this.

* OpenSUSE and other distros – Not much has been written, except some comments considering that Mandriva Spring was the only distribution that is more attractive than openSUSE 11.4. Only 2 comments place emphasis on this… Something we can improve on this field ?

* Support – Support on those forums is rudimentary… Something we can improve and that’s being worked on. Soon Portuguese will become available on the official openSUSE Forums and a Portuguese Team as been assembled for this. Additionally Jim Henderson is contacting Carlos Ribeiro to explore the possibility of having also Brazilian contributors and community to help on this Forums. They will become Portuguese (language wise) following the work by the Wiki and IRC.

The feedback is very positive, and there’s an abnormal dropouts from Ubuntu and many confused people…. The timing is perfect for taking action… and that will happen soon!

How to name the distribution releases?

March 11th, 2011 by

We had this week a discussion on IRC on how to name the next release and I took the action item to do a poll on connect.opensuse.org now to help us solve the naming of openSUSE distribution releases. I’ve started earlier today a discussion on the opensuse-project list and already incorporated some comments I received in this text.

openSUSE does not have a major and minor numbering, even if it seems so. There is right now no difference in any way between what we would do for openSUSE 11.4 or 12.0 – and no sense to speak about openSUSE 11 or openSUSE 11 family. We also have no process on how to name the next release (when to increase which parts of the number).

Here are some options, if I miss some, please tell me and I will then soon setup a poll. I’m listening the next version we would use as well as how the following would be called as an example. Remember we have releases every 8 months, so the next releases will be in:
November 2011, July 2012, March 2013, November 2013, July 2014, March 2015.

Here are the options I collected so far:

(more…)

Virtual Party it’s now ! Eat my geeko’s cake

March 10th, 2011 by

Virtual Party Geeko's cake

Just a reminder the first virtual party just start now for the next two hours !

Did you have the appétit for coming eating a piece of our huge cake ?
We just start with pleasant music, DJ Ariella (one of our Australian DJ) wakes up early to animate the show !

 

(more…)

gnome-shell :: test drive

March 10th, 2011 by

As many people are aware I’ve used Fedora for quite a long time… and with the release of the first ALPHA of Fedora 15 I got this tiny itch to check out GNOME3, namely, the gnome-shell.

I’ve have to say that the first impressions I had from GNOME Shell from Fedora 13 raised in me a high level of skepticism towards the new interface of GNOME Shell. The contents of this text are mainly influenced by my own view of the things… I don’t mean to be disruptive… but some things need to be said…

#1 – For starters… gnome-shell UI doesn’t seem to lag that much anymore… this is a very positive step, as lagging interfaces really kill my joy!

#2 – The sound applet – Looks interesting, very well copied from Ubuntu’s Sound Menu, at least in concept. Now this must be a slap in the face for some people I knew that threw a couple of harsh critics on Canonical. Well done to whoever made it that way… you have empowered Canonical’s design and now I will probably watch a full legion of Ubuntu fanboys bragging about how GNOME copied their Sound Menu. /* taking cover */

#3 – The configuration screen – Interesting stuff… But also Deja Vu… I think all the nice people migrating from KDE will find themselves at home with this new ‘control center’. The resemblances are quite awesome!

#4 – The user applet, which I don’t what to call it… Yet shows a lot of resemblances with Canonical’s Me Menu. At least some functions are there, but what I really find strange is the absence of ‘Restart’ button. I guess it’s now really an issue to tap ALT+F2 and issue a ‘shutdown now -frn’ or ‘init 6’ command, I just hope the system allows it.

#5 – The language applet – Interesting thing, but once again I have this Canonical Deja Vu feeling… Not again…

#6 – Moving the cursor to upper left triggers pretty much an effect which brings me a Deja Vu style from Compiz Wall Expo plugins. Awesome stuff!

#7 – The fonts are awesome, my heart is now broken… I don’t really need to install Ubuntu Fonts.

#8 – Icons seem to be monochrome! Awesome, but yet I have this deja vu feeling!

#9 – Artwork – My heart is broken (probably my cóccix as well, I’ve felt from the chair).

#10 – ALT+F2 – Awesome, this is really something I’m used too, I feel at home! I don’t really need menus at all once I know all the commands I need from the top of my head.

#11 – The number of clicks I need to perform to reach for example, Google Chrome. Yeah, ALT+F2 is way faster.

#12 – The default theme… to be replaced by Sonar (has anyone done the GTK3 port?, please someone do it fast, before I loose my motivation).

#13 – System Load up – awesome, nothing to state….

#14 – Calendar ‘applet’ – cool stuff, but evolution is crashing on me (keep in mind this is Alpha, so no real deal here, I’m sure it will be fixed);

Ok the list could be very long to make this shorter… Despite of all, I’m really waiting to see the final version of gnome-shell… I don’t find it much of innovation, as much of the features seem to be taken from other popular software. Everything worked out fine (except evolution) out of the box… I’m actually happy to see that some Fedora fundamentalists after throwing such a heavy load into Canonical, they ended up by handing over something that in much resembles to some software available from Canonical. I’m sure their hearts will be broken… many of this features were considered ‘kinky’ by them and oriented to Fan Boys… I wonder why they choosed to follow the same path, clearly aiming for those that they choosed to combat? Hmmz… I sense some hipocrisy here.

But I’ve gotta be honest, much of this ‘innovations’ actually gave me a rush to see the final product and to run it for a longer period. While many people from the Fedora circle violently attack gnome-shell, I can smell here potential to be a success, I only fear for the quality of the artwork here, which neither presents a nice visual desktop metaphor, neither even looks attractive to me… but once more, I believe it will be fully customizable. Another I missed was the normal system-* applets to configure several parts of the system… I’m happy that openSUSE will not forget YaST for GNOME3, thus I won’t feel defrauded when I run GNOME3 on openSUSE due to missing configuration applications.

My final veredict… this 9 months waiting for GNOME3 on openSUSE are going to be painful, because now that I’ve tasted the forbiden God’s honey, I want MORE! And for real… for everyone out there speaking bad about gnome-shell, please guys, be mindful of one thing… though this will require a bit of love for people to get used to, some of the features presented are actually nice. For those who love GNOME, but don’t really like the shell… Are you aware that you can manage your sessions on gnome-session? I’m not sure, but I think most of that functionality was actually developed in-house by Novell 😉 and I’m sure it will be explored by a few, while I expect the vast majority of the Hordes will end up by loving this shell…

You shouldn’t really take me serious, but thanks for reading until the end… Now that I know that most people are already wanting to crucify me, I hope that you can take 1 week of your time to test the shell and prove I’m wrong. Maybe then, you will become converts, and I’m will for sure rest my head knowing it was worth to write this text.

NM

DISCLAIMER: For everyone who readed this and as pointed bellow by Adam, it seems that in fact was Ubuntu who copied some aspects of the shell. I don’t really have time to dig up the stuff. I’ve funded my stuff based on what I saw, and Ubuntu released first, apparently based on gnome-shell design. I apologize for being misleading.