Linux Mint 13

Posted by Nessa | Posted in | Posted on 06-02-2012

0

The New and Simpler Linux Mint 13

There has been an increasing move towards making desktop interfaces more and more complicated in recent years. However, the developers of the new Linux Mint product, Linux Mint 13, have gone the other way and created a simpler version instead. The new version of the open-source operating system will be equipped with a user interface that is known as “Cinnamon”, which will move away from the standard version of the Gnome environment that had been utilised by previous versions of Mint.

The new design is said to be a lot more conservative than previous streamlined ones have been, however this should not come as a surprise to Linux users. This is because the original idea for Linux Mint was to create a desktop OS that is dedicated to users who want something simple and requiring little maintenance. Not everyone wants to have to deal with an extremely modern, complicated interface. Some simply want something that will enable them to search the internet, chat to friends and play Party Poker without having to worry about anything else. Clement Lefebvre, creator and lead developer of Linux Mint has said he hopes that users will recognise the advantages of using Cinnamon, and will move to this interface from others including Gnome 2 and Gnome Shell.

The integral feature of Cinnamon is its simple operation and return to a more traditional design. Users will be able to choose between locations for the slim panel, rather than having one fixed at the top and one at the bottom of the screen. They can also customise their desktop in other ways, which used to be the case with the earlier versions of Gnome. Themes, applets, extensions and desktop effects are all changeable, which should make the user feel much more comfortable with their desktop.

PCLinux OS is Kind of Sexy

Posted by Nessa | Posted in , | Posted on 18-10-2007

1

I recently became pretty fond of Ubuntu when I installed it on my work computer after dealing with daily crashes of Windows XP Pro. I find it to be a lot easier to manage, though it sucks that some software is still not compatible with Unix and installing a wireless network card is about as hard as finding a 34D push-up bra at Victoria’s Secret. I mean, it’s a lingerie store…you’d think they’d have a bigger push-up bra. Maybe I want my boobs to peek out of my shirt every once in a while…or maybe I’ll decide to turn tricks someday and need a good “come get me” outfit. I also just realized that this is the third time today I went off on a tangent about boobs.

So anyways, out comes PCLinuxOS which is a new OS determined to be the bridge between Linux and Windows, targeted towards beginner Unix-ers who aren’t quite ready to kick Microsoft to the curb. It’s not quite the Gnome desktop, but rather a Windows Vista-inspired interface powered by a Linux core. I think it’s a good idea and will probably help the world see that Windows is officially the dead rat in the soup, by converting end users over to Linux. Best off, it’s completely free and can be downloaded here.
I don’t have any plans in the near future to use PCLinuxOS since I’ve become very content with Ubuntu, but If you’re a beginner to Unix you might want to give this one a look and let me know how it works.
Screenshots

Creating your Own “Access Groups” In Linux

Posted by Nessa | Posted in , , , , | Posted on 22-05-2007

0

We started cracking down a bit on system binaries being executeable by end users on our shared hosting servers, which consisted of chmod-ing things like ‘wget’ to 700 so only root users have access. If you’re on shared host, it’s likely that you’ve encountered this kind of restriction before, and if you’re a server admin you probably know why this is necessary.

A typical scenario I’ve seen in many cases is some user’s crappity software gets exploited and executes the ‘wget’ command to download hacks and warez onto the server. I’ve also seen typical Linux functions be abused by hack processes because the access was not being controlled — it’s only safe to say that certain system binaries should be restricted to only trusted users….programs that I find particularly pervious to hacks are those like wget, lynx, scp, sh, and exec.

The issue with this (and the point of this article) is that if you suddenly disable these functions you’ll probably find yourself with a dozen complaints from your users who were using them. I’m all about fairness, so I’m not about to tell someone to rewrite their scripts because of a server-side change. Instead, I created a group on the server and added those users to be able to have access to what they needed, and chgroup-ed the binaries to that group.

I’ll use the wget example first. Say you have ‘user1‘ and ‘user2‘ that both need to be able to use wget, which is currently set to root:root 700. You’ll need to first create a file called ‘addtogroup.sh’ and insert this script:

#!/bin/bash
if [ $# -ge 2 ]; then
if [ $UID == 0 ]; then
egrep ^$1 /etc/group > /dev/null
if [ $? == 0 ]; then
GROUPNAME=$1
shift
while [ $# -gt 0 ]; do
CURRENT=$1
echo $GROUPNAME `groups $CURRENT` |sed 's/.*: //g' | sed 's/ /,/g' | usermod -G `cat -`,$GROUPNAME $CUR$
shift
done
else
echo "the group $1 does not exist."
fi
else
echo "you must be ROOT to run this script."
fi
else
echo "usage: $0 grp usr1 [usr2 ... usrN]"
fi

I know, I know, you’re probably asking why I dont use useradd +G or something like that. I tried, but in this case those commands are not appropriate. Anyways, go ahead and create your group:

root@vps [~]# groupadd wgetters

Now, simply run the script and add your users to that group:

root@vps[~]# sh addtogroup.sh wgetters user1 user2

Run id user1 to make sure that user was added to the group — you should see something like this:

uid=32010(user1) gid=32012(user1) groups=32012(user1),32014(wgetters)

Now if you chown the wget binary to root:wgetters / 750 , then only the users in that group can use wget, and their actual group identity would be unaffected.

It wouldn’t hurt mentioning that wget is often unnecessary, as many scripts can be run other ways:

php -q scriptname.php

perl scriptname.cgi

python scriptname.py

lynx http://website.com/somefile.php (assuming that you have lynx enabled)

cPanel Security Advisor: Don’t Take it to Heart

Posted by Nessa | Posted in , | Posted on 19-02-2014

3

cPanel 11.40 introduces a new feature in WHM called “Security Advisor“. I don’t mess with WHM a lot so while I was vaguely aware that such a feature existed in cPanel, only today did I actually mozy over and give it a run.

Well, it’s pretty obvious that this tool was whipped up in response to people repeatedly asking the blanket question: “How do I secure my server?” (Easy: you hire someone that knows how to secure servers). As the leading provider of its type, cPanel is under a lot of pressure to keep up with the demands of their clientèle, including the ones that expect a point and click solution to everything.  And while cPanel’s efforts here are meritorious, Security Advisor appears to do nothing more than make a series of “educated” guesses about what your server is, or should be, doing.  This leaves me wondering how many people are making unnecessary and thoughtless changes to their servers because some script told them to.

Here are a few examples of what it found on one of my test boxes:

Apache vhosts are not segmented or chroot()ed.

Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”

 

No brute force protection detected

Enable cPHulk Brute Force Protection in the “cPHulk Brute Force Protection” area.

 

ClamAV is not installed.

Install ClamAV within “Manage Plugins”.

 

A newer kernel is installed, however the system has not been rebooted. running: 2.6.32-279.22.1.el6, installed: 2.6.32-431.5.1.el6

Reboot the system in the “Graceful Server Reboot” area.

So, for one: my contempt for CloudLinux is only matched by equal hatred for mod_ruid2 (required for “Jail Apache”).  SA missed the CloakFS setup on this server, which achieves the necessary jailing.

CpHulkd and ClamAV are also not the only software of their kind, so if you use CSF, BFD, and/or your own AV, be prepared to hear Security Advisor roar.

Ksplice has been a thing for a while now.  My reboot-less kernel upgrade is no match for you, Security Advisor.

Now, there were some legitimate things SA found, but nothing that I necessarily care about.  Here’s why:

My intention here, quite to what seems to be the contrary, is not to blast Security Advisor for its efforts in guiding sysadmins through the daunting and never-ending path of system security.  My point is, you need to understand your system and what security ‘violations’ it reports are actually problematic and what is the best way to address these problems in your environment.  The solutions SA is suggesting may actually be invalidated by  other measures in place on your system, or better addressed using a different method.  For example, I don’t condone switching to ruid2 on a shared server just to provide the jailing capabilities that CloakFS and CageFS can just as securely provide.  Or pointlessly rebooting your server because SA doesn’t like the output of uname.  Before you make changes to your server, understand what you’re doing, why you’re doing it, and whether it really needs to be done.

BTW, cPanel, I still love you guys.  I just don’t fancy Security Advisor.

Review of ReclaiMe Data Recovery Software

Posted by Nessa | Posted in | Posted on 05-08-2010

2

We all know how much it sucks to have a hard drive fail – months or even years worth of data down the drain. And I bet you don’t do regular backups, do you?

I came across ReclaiME from a review site. It’s software (that unfortunately only works on Windows) that you can install on your computer to reliably recover data from hard drives or memory cards.  More specifically, it lets you:

  • Recover images from a memory card
  • Recover data from flash/USB drives
  • Recover data from laptop, external, and SCSI/IDE drives
  • Unformat non-system drives and partitions

I actually ReclaiME on one of my sister’s old camera memory cards, and it definitely doesn’t fall short of its claims.   It recovered over 40 images from the almost-empty card, most of which were intact, though a few were corrupted from the camera overwriting them.

While the software is excellent and works just like it promises, the only downside is that the price is a bit steep for the average user.  I’d imagine that software like this would be more tangible for service providers, businesses, or people that consider their data valuable enough to justify spending a pretty penny on data recovery software.  The price isn’t outrageous or anything, it’s just more than I’d pay for Windows-based recovery software (I prefer to use Linux), when there are other free/open-source alternatives out there:

http://lifehacker.com/5237503/five-best-free-data-recovery-tools

Using PHP to Extract Image Exif Data

Posted by Nessa | Posted in , | Posted on 02-08-2010

27

Those of us fluent in digital photography have come across the term “Exif data” numerous times when it comes to software we use to digitally manipulate photographs. Exif (Exchangeable image file format) data is generally used to identify the properties of the camera that snapped a picture, and usually the software that altered it afterwards. It can tell you when a picture was taken, what kind of camera took it, as well as the camera’s model, shutter speed, focal length, and even provide a thumbnail of the image on the camera’s LCD screen.

Why would you need to extract this information?  If you’re ever uploaded images to stock photography sites and wonder how they know so much about your pictures, it’s because they extract the Exif data from your pictures to provide more information on how they were taken. This quick tutorial will demonstrate how to extract Exif data from an image using PHP.

Enabling the Exif Extension

The Exif functions for PHP may not be native to your installation, so you can check by viewing your phpinfo file or running “php -m” via command line to see a list of modules compiled in. If you don’t see Exif listed, there are three ways you can enable it depending on how you installed PHP:

  • If you compiled PHP manually, you can re-compile while adding –enable-exif to the configure line
  • If PHP is installed via package (rpm/deb), it should already have Exif enabled. If not, you can install an RPM for the extension manually
  • If you use cPanel, run EasyApache and select the Exif extension from the PHP module list, and recompile

Determining the Image Type

The exif_imagetype function identifies the format of an image, but returns the result as a code.  The PHP function reference provides a full list of these return codes, but 1-8 are the most common out of the 16:

1: GIF
2: JPEG
3: PNG
4: SWF
5: PSD
6: BMP
7/8: TIFF

Here’s a code example that lists all the desired valid image types in an array and detects the type of image from the specified file, returning the result in “human readable” format:

<?php
$image = "/path/to/myimage";

$types = array(
1 => "GIF",
2 => "JPEG",
3 => "PNG",
4 => "SWF",
5 => "PSD",
6 => "BMP",
7 => "TIFF",
8 => "TIFF"
);

$imagetype = exif_imagetype($image);

if (array_key_exists($imagetype, $types)) {
echo "Image type is: " . $types[$imagetype];
} else {
echo "Not a valid image type";
}
?>

Reading Exif Header Data

The exif_read_data function can be used to extract header data from JPEG and TIFF files:

<?php
$image = "/path/to/myimage";
$exif = exif_read_data($image, 0, true);
foreach ($exif as $key => $section) {
foreach ($section as $name => $val) {
echo "$key.$name: $val\n";
}
}
?>

This will return the elements of the array from exif_read_data, which can be very long depending on what information is available for the image. There are seven sections (arrays) of data types:

  • FILE:  Contains the file’s name, size, timestamp, and what other sections were found (as listed below)
  • COMPUTED: Contains the actual attributes of the image
  • ANY_TAG:  Any information that is tagged
  • IFD0:  Mostly contains information about the camera itself, the software used to edit the image, when it was last modified, etc
  • THUMBNAIL: Information about the embedded thumbnail for the image
  • COMMENT: Comment headers for JPEG images
  • EXIF: Contains more information supplementary to what is in IFD0, mostly related to the camera (includes focal length, zoom ratio, etc)

Depending on the information available for the image, you’ll actually see a lot of data in the output. Say, for instance, you want to only output the IFD0 data to see the information of the camera that took the image:

<?php
$image = "image.jpg";
$exif = exif_read_data($image, 0, true);

foreach ($exif as $key => $section) {
foreach ($section as $name => $val) {
if($key == "IFD0"){
echo "$key.$name: $val\n";
}
}
}
?>

This will output:

IFD0.ImageWidth: 2592
IFD0.ImageLength: 3872
IFD0.BitsPerSample: Array
IFD0.Compression: 1
IFD0.PhotometricInterpretation: 2
IFD0.Make: NIKON CORPORATION
IFD0.Model: NIKON D80
IFD0.Orientation: 1
IFD0.UndefinedTag:0x0000:
IFD0.XResolution: 72/10000
IFD0.YResolution: 72/1
IFD0.PlanarConfiguration: 1
IFD0.ResolutionUnit: 2
IFD0.Software: Adobe Photoshop CS4 Windows
IFD0.DateTime: 2010:02:06 22:24:09
IFD0.Exif_IFD_Pointer: 304

Or, you can further narrow down the output by specifying specific values in the $exif multi-dimensional array:

<?php
$image = "image.jpg";
$exif = exif_read_data($image, 0, true);
echo "Software: " . $exif['IFD0']['Software'] . "\n";
?>

This will return:

Software: Adobe Photoshop CS4 Windows

Using Exif to generate a thumbnail

As touched on previously, many cameras and image manipulation software will include an embedded thumbnail for an image. You can extract this thumbnail using the exif_thumbnail function:

<?php
$image = "image.jpg";
$thumbnail = exif_thumbnail($image, $width, $height, $type);
echo "<img  width='$width' height='$height' src='data:image;base64,".base64_encode($thumbnail)."'>";
?>

Keep in mind that the thumbnail generated here is from the Exif data – there are other ways to create a thumbnails using many of the PHP image functions.

Command Line PHP: Part 2

Posted by Nessa | Posted in , , , | Posted on 21-05-2010

3

This post is continuing on my three-part series on command line PHP programming. Missed part one? It’s right behind you. This part will go over command execution and processes.

Read the rest of this entry »

10 Excellent Open Source Alternatives

Posted by Nessa | Posted in , , | Posted on 06-03-2010

1

Those of you who are regular readers of my blog know that I’m a huge fan of open source software. I don’t think it’s smart for people to drop upwards to thousands of dollars on software unless they have that kind of money to waste, or have a need that isn’t being met by the open source community.  And then there are the less legal alternatives, which I’m not against, but then again I can’t promote them here, either =)

So here’s a nice list of open source alternatives for people who want to save money by using open source software.

1) Use Linux instead of Windows

The transition from Windows to Linux is not as hard as you may think it is. When people think Linux, they think of an ugly black and white command prompt. This may be true if you’re thinking of running Linux as a server, but as a desktop you have a GUI similar to Windows and Mac, in the form of KDE or Gnome.  If you have applications that require Windows, you can usually run them by installing a program called Wine.  It can take a little getting used to, but for those buying a new PC or refurbishing an old one, Linux is the route to go if you want to save money and get better performance, security, and stability than you’ll ever get with Windows.  For newbies, I’d recommend Ubuntu or Fedora.

2) Use Gimp instead of Adobe Photoshop

Adobe Photoshop will run you between $700 and $1000, maybe less if you purchase from an independent software distributor. If that’s a little steep for you, consider using Gimp instead. It has a lot of the same functionality of Photoshop, and can read files created in Photoshop (.PSD) as well.  My sister is a photographer and just when she thought she was used to Photoshop, I introduced her to Gimp so she can do her photo editing outside of school, and she said it does as good of a job as Photoshop does. Similarly, I hear that Inkscape makes an excellent alternative to Adobe Illustrator.

3) Use OpenOffice instead of Microsoft Office

My Dad, who has headed the IT department of his company for years, didn’t believe me when I told him that the thousands his company was spending on Microsoft Office licenses every couple years could be a waste of money, since OpenOffice has the same kind of functionality. The base package of OpenOffice contains alternatives to Word, Excel, PowerPoint, and Access, all of which have the same familiar interfaces and support for files created in their proprietary alternatives, but without the expensive licensing costs and resource requirements. The  software in OpenOffice also has a number of features that the other does not.

4) Use Thunderbird or Evolution instead of Outlook

Outlook sucks. I can’t tell you how many calls I got about it when I was in technical support, where email would suddenly stop working and the customer wouldn’t want to believe that their beloved Outlook was the problem. It usually comes bundled as part of the Microsoft Office suite, but you can buy it standalone. Why would you want to? Thunderbird is free, and a lot more efficient, feature-rich, stable, and secure than Outlook. Love the Outlook feel? Evolution is the Linux alternative to Outlook, only it doesn’t suck as much.

5) Use ClamAV or AVG Instead of Norton, TrendMicro, or McAfee

I’ve heard from many people that even though ClamAV is free, it’s better than its leading enterprise alternatives. It also works on Windows (Via ClamWIN) and Linux. Need a firewall too, but don’t want the steep cost of Norton Personal Firewall? Consider APF or Smoothwall.

6) Use Turbocash instead of Quickbooks or Microsoft Money

I personally haven’t used Quickbooks before, but I heard it’s comparable to Turbocash, which is perfect for smaller organizations or individuals needing software for finance management.

7) Use VirtualBox  instead of Microsoft Virtual PC, VMWare, or Parallels Desktop

I generally used Virtual PC in the past to play with other operating systems, but you may find a use for it if you’re a software developer or you have applications that work on one OS but not another. Virtual PC usually ends up being free quite some time after its initial release, but it only runs on Windows. VirtualBox is open source and runs on Linux, Mac, and Windows, and supports a large variety of guest operating systems.

8) Use OpenVZ instead of Virtuozzo

Virtualization with something like Virtuozzo isn’t the same as using something like VirtualBox in terms of mass-management of virtualized servers. If you’re offering VPS hosting or need to run multiple servers on one, you’ll want to use something like Virtuozzo.  Virtuozzo may be the best, but OpenVZ doesn’t fall far behind at all…and it doesn’t carry the multi-thousand dollar licensing costs.

9) Use OpenWorkBench instead of Microsoft Project

I’ve always found web-based software like dotProject to be more effective for project management, but if you need a more local solution for your PC, try Workbench instead of spending dough on Microsoft Project.

10) Use Partimage instead of Norton Ghost

Norton Ghost will generally cost around $70, but Partimate is free and essentially does the same thing. I’ll mention though that Norton Ghost only works on Windows, and Partimage only works on Linux. So Partimage is something you’d consider using if you’re switching from Windows to Linux and can’t use Norton Ghost anymore.

Fedora Chokes on Firefox

Posted by Nessa | Posted in , | Posted on 17-06-2008

2

.!.

We use Fedora in my Linux classes at school, so I was equally pissed off of when I found out that the stock firefox installation doesn’t support ssl…in other words you can’t get to secure pages. Since the entire schooli ntranet is on a secure connection it pretty much sucks when you can’t access your email and assignments. I was the only person in the class who was able to fix this and be able to finish my shit during class instead of doing it for homework.

The error you get when accessing secure pages in Firefox on Fedora is:

Unexpected response from server
Firefox doesn’t know how to communicate with the server.

You can fix this in three commands:

yum update nss (or yum install nss, if it’s not installed)
yum remove firefox
yum install firefox

Dual Monitor Setup in Ubuntu 7.10, ATI Radeon

Posted by Nessa | Posted in , , | Posted on 12-06-2008

4

The company just bought our department brand hooked up PC’s that include ATI Radeon dual output graphics cards with massive monitors.  This is probably the only time I’d willingly admit that Windows came out ahead, as I spent a good 2 days trying to get my dual monitors to work with Ubuntu.  I finally got it figured out and I’m embarrassed to say that the answer was in front of my the whole time — a fucking GUI!  Anywho, those of you who are having trouble with this as well, here’s what I did to make it work:

My setup:

  • Dell Vostro 200, Dual Core Intel CPUs, 2 Gb RAM
  • ATI Radeon HD 2400 dual output graphics card (both monitors plugged into card)
  • Two Dell 17” monitors

So first, shimmy over to http://ati.amd.com/support/driver.html and select your distro and card model, and download the file to your desktop.

In Terminal, chmod +x ati-driver-installer-<version>.run

Select Linux x86 installation, automatic

After the installation is complete, run:

sudo aticonfig –initial

Reboot.

After reboot, run fglrxinfo and you should get something like this describing your card:

OpenGL vendor string: ATI Technologies Inc.
OpenGL renderer string: ATI Radeon HD 2400 PRO
OpenGL version string: 2.1.7537 Release

At this point you probably see that both monitors are enabled, but are mirroring each other.  If you don’t, you might need to manually active the second:

sudo aticonfig –query-monitor

Use the output of that command and run:

sudo ati-config –enable-monitor=<result1>,<result2>

Replace result1 and result2 with the output of the first command.  Possible results are: none, crt1, crt2, lvds, tv, fmds1, tmds2

If the enable works, make it permanent:

sudo aticonfig –force-monitor=<result1>,<result2>

When both your monitors are up (whether they look how you want or not), in your GNOME gui, go to Applications > ATI Catalyst Control Center. This is where you configure how you want your dual monitors to act.

In Display Manager, set the dropdown to two monitors and change the Display Mode to “Big Desktop” — this will enable both monitors as one long desktop that you can drag your mouse and windows between.  You can also go ahead and set your resolution.

And there you go — easy dual monitor setup for Ubuntu 7.10!

UPDATE: Major issues with graphics after I upgraded to 8.10 – I found these instructions which worked:

http://wiki.cchtml.com/index.php/Ubuntu_Intrepid_Installation_Guide#Installing_the_restricted_drivers_manually