Michal Čihař - Posts tagged by debian

Secure your phpMyAdmin

phpMyAdmin is quite popular software (to give some numbers let's mention 10000 downloads daily on SourceForge.net or 122685 reports in Debian's popcon) and as such is quite attractive target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is enough secured, so that these script kiddies don't get through.

In past month I've looked at what kind of attacks are these guys trying and in all cases these are pretty old vulnerabilities, some of them fixed years ago. So the first thing you should do is to update. It is always good to run latest stable version, but in case you can not for whatever reason, try at least taking the most important fixes and using them.

In ideal world your distribution would do this job for you, but in case it did not, you can for example take patches from Debian, which is pretty good at taking our patches (surprisingly it is not much related to my involvement there). To check which patches they have applied you can use excellent patch-tracker tool, which exposes patches from all released packages.

To give you overview of which issues are mostly being attempted to exploit by script kiddies right now, here is the list:

If you have fixed these, you should be pretty safe for now, but follow our security announcements for possible future issues (you can use RSS feed or subscribe to news mailing list, where all security issues are announced as well).

However there are more things you can do to keep you safer:

So these are the basic steps which will help you against possible compromise, I might return to some of these in more details in future posts.

ColorHug with non English locales

Since infamous erasing of factory calibration in my ColorHug device and restoring calibration matrix, I noticed it did screen calibration wrong. However I did not find time to properly investigate the issue. Yesterdays mail from Richard was actually trigger for me so I've opened up this topic.

In the end it turned out to be caused by Little CMS wrongly parsing CCMX in case you are using locales which use something else than . as decimal point.

After lot of googling, I've realized there is probably no good way of parsing floats independent on current locales, so I used one of hacks I found and I think it's less intrusive - get current decimal point by printing float string using printf and then convert the string to it. I know it looks ugly, but including own implementation of strtod is also not nice and playing with locales is definitely something not thread safe to do within widely used library.

Anyway I've asked upstream to merge my patches, so let's see what they think of it.

Back from FOSDEM

Yet another FOSDEM is behind us and I'd like to thank all people organizing it. It was a great event as usual.

This year there were some changes - the conference grew and there was an extra building. This is great, but on the other side, there were more tracks to follow and occasionally I wanted to be in four places at once, what is of course not manageable.

Combined with quite freezing weather (well it was still much warmer than it is now in Prague), moving from one side of campus to another was not that comfortable as in last years, but there is not much man can do with that.

And the biggest change for me - I did not manage beer event this year. We enjoyed great team dinner on Friday evening and while it ended, I was too lazy to move to crowded beer event and rather enjoyed bed in my hotel.

Enjoying FOSDEM

Again, as usual in last few years, I'm spending first weekend in February in Brussels, where FOSDEM is happening.

This year we've again decided to do make this team meeting for phpMyAdmin, so people from five countries and three continents came to one conference to discuss future development and other stuff.

But of course this is not only thing I'm going to do here. I came with openSUSE folks, where we've brought lot of beer, some DVDs and hardware to show. You're welcome to check it out.

And of course there is about 430 talks to visit during weekend :-).

ColorHug has arrived

Yesterday, I've unpacked new toy - ColorHug. It came in small packet with CD (which is unfortunately not that useful as it should be), mini USB cable and a letter from Richard Hughes.

First attempt to use was of course just connect and make it work :-).

The basic access works out of the box:

$ /usr/lib/colorhug-client/colorhug get-firmware-version
1.0.3
$ /usr/lib/colorhug-client/colorhug get-hardware-version
Hardware Version 1
$ /usr/lib/colorhug-client/colorhug get-serial-number
000019

Unfortunately calibration with colord does not yet work out of the box on Debian due to bug 655888. Hopefully it will be fixed soon and it will work nicer. For now you have to rebuild Argyll with Colorhug support (with extra pain caused by Debian package using different build system than upstream). I won't provided binary packages as I pretty much gave up after effort to build clean packages from same sources on i386 and amd64, which always failed on patched autoconf based build system.

Side note: I somehow hoped that I won't hit new (in meaning that I don't know them) open source projects which do not use some version control. Unfortunately Argyll CMS is one of such projects...

After this update (and restarting GNOME), when connecting ColorHug, the Gnome Color Manager pops up and man can calibrate the screen. The biggest problem is to make ColorHug hold on desired place on screen, if it is not close enough to screen, you will get really bad results.

The first result is of course far from being perfect, but colors are definitely better than without calibration or with ICC profile shipped with notebook.

Looking forward to FOSDEM

I just got confirmed my flight bookings for FOSDEM 2012, so I'm looking to meet all great people there again. This year we've again arranged there meeting of phpMyAdmin developers, now it also includes three new faces from last years GSoC.

As for my schedule I did not yet find time to check all the schedule, but what definitely sounds interesting for me is Open Mobile Linux Devroom and some talks in MySQL and Friends Devroom. Rest will be (as usual) scheduled on the fly as I meet people there. This year I decided to deliberately skip keysigning as last year I anyway did not manage to attend it and I expect this year to be equally busy.

In case you want to meet me there, just let me know, we can try to arrange something in free slots :-).

Configuring standalone XBMC

I have a laptop used for playing music (and occasionally also videos) which is currently running Windows XP with XBMC. Reinstalling this beast to Linux is on my todo list for ages and now I've finally found time to try that.

Starting Debian installer worked like charm and in few minutes I got Debian system running. I've chosen to run sid, well for reason I run it usually on place where I want latest software. Installing XBMC from Debian multimedia worked also fine and you can easily find some howtos for directly starting XBMC.

And that's where I ran into trouble - XBMC is damn slow. Notebook has oldish nVidia GeForce FX Go5200 card, which seems to be poorly supported by nouveau (and "Do not file bug reports about this driver." suggest that this is what authors do expect). Okay, I can survive having some binary crap so let's try nVidia proprietary drivers. I've quickly realized that the legacy drivers won't work with recent xserver and probably also not with the kernel.

Maybe I should try installing something older, what would run binary drivers, but for now I gave up and system is back on Windows (with all problems I have there...).

ColorHug client in unstable

It took me much more uploads than I expected, but ColorHug client is finally in unstable. I was fighting with various bugs, which I could not reproduce locally and of course with my own stupidity in configuring pbuilder.

Anyway the buildds overview now shows mostly green, so this is good. The remaining ones mostly wait for libgusb, which needs build on armhf and needs to be ported to non Linux (or rather libusb needs to exist there).

One of things I've learned on the way is that docbook-utils is not enough to convert docbook to man pages, you need docbook package as well. Still I don't understand why this did locally work for me...

The one outstanding issue is that client code assumes it runs on little endian host (or rather same endianity as the ColorHug device) and thus will break on PPC and other big endian machines. The upstream is aware of that an I even managed to produce patch which should fix it, though I have no means to test it (lack of big endian hardware and lack of the ColorHug device itself).

uTidyLib dead?

uTidyLib is definitely something you would call a dead project - no new release for seven years, dozens of open bugs and submitted patches and no active development. On the other side it is still used by several packages in Debian, thus worth maintaining. This is also reason, why there are few crucial patches in Debian repository to make it work (for example on 64-bit architectures).

While googling whether there is something new going on with uTidyLib, I've noticed two efforts. One is PyTidyLib, a complete reimplementation, which provides different API and thus does not seem to be used anywhere yet.

Another (well almost two years old, but I did not look earlier) effort is to fork in on Github and make it work with MacOS X. Okay, when somebody took the "effort", lets try to merge Debian patches there, hopefully there will be a release sometimes. So here is the pull request.

Update: I've just learned, there is another fork going on - https://github.com/lachlan-00/utidylib2

ColorHug for Debian and in Czech

Today, I've spent some time on ColorHug software (which I've preordered some time ago).

The first missing bit there were Debian packages. There are already some packages available for Ubuntu, but I've chosen clean start and did all the packaging on my own. The packages are now waiting in NEW queue (which is amazingly empty in last months) and will hopefully get accepted soon. In case you are too impatient, you can look to git repository on Alioth (you will need libgusb as well). Packaging effort lead to writing (quite minimalistic) man page for colorhug-ccmx, which I've also sent upstream.

The other thing, where I can help right now (not owning the device itself) is translation. As you can see on Transifex, my task is done here and Czech translation is complete :-).

New Pootle on l10n.cihar.com

Translation server for phpMyAdmin and Gammu/Wammu has been updated to run latest Pootle. I had to do this upgrade to be able to run on latest Django, which is used by other websites as well (this blog is one of them).

Unfortunately it was not as easy as running apt-get upgrade as Pootle package has been dropped from Debian recently. So I had to make quick and dirty packages myself (no removal of embedded software and so on).

Installing newer version lead to major breakage as the database upgrade silently failed and I had to recover manually. In the end I've dropped all pootle_* tables and recreated them again. Unfortunately this lead to loss of some data from user profiles, but I could not see other way around.

Anyway the service should be now back running in normal shape, so go ahead and translate :-).

N950 experiences

As I hav ethis toy for more than week, I can share a little more information about it. Please note that some experiences are based on fact that this is my first "big" phone with touchscreen.

The big screen is great for reading. Much better than my old Nokia E52. It is also much better readable on direct sun light. The dark side of this is of course power consumption, but I think this might still get improved for production pieces.

Having Linux on the phone is nice, ssh to phone and you can do anything comfortably with real keyboard (N950's QWERTY keyboard is great, but still quite small). Having Debian based system there is even better, though I felt a bit strange when I first ran apt-get upgrade on my phone :-). Well there are some changes from standard Debian system like extented fields in debian/control for icons, but generally it feels pretty much as Debian.

There are lot of things to try on N950, you can find some hints on N950 landing page, I still need to try most of that :-).

Linux hardware support

Remembering not so far away history, I'm always a bit afraid when I'm about to use new hardware with Linux. It used to be troublesome to make some devices work.

After getting Linux based phone last week, I've also received new notebook, where I want to run Debian as well. I expected various troubles, but surprisingly everything works like a charm without single line of configuration. Wireless networking, docking station, card reader, webcam, fingerprint reader and so on.

All I had to do is to pull SSD out of old X60 notebook and put it into new X220. The only (though unnecessary) change was installation of 64-bit kernel (I currently see no big benefit in migrating to 64-bit userspace) and everything is working. Can your operating system do this?

Thanks to all people who have helped in this.

Not going to DebConf

Year ago, when DebConf 11 in Banja Luka has been announced, I was really happy for the location and was sure I'm going to visit it. I applied early, requested sponsorship, but then things got slightly more complicated and in the end I had to say no quite shortly before reconfirmation deadline.

So I will not meet all the great people behind Debian this year and will wait for another chance (probably in two years, as Nicaragua sounds attractive, but when I would be so far away I'd like to spend at least month in the area and time and money is always problem in such case :-)).

Lack of time

You can see it from my blog activity as well, I simply lack time for lot of things.

My Gammu mail folders are horribly full of unread mail, it took me there three months to release a new testing version and there are still some patches pending for review.

On phpMyAdmin side I spend most time with my GSoC students, who progress really well, but that's pretty much all I can do there. The good news is that phpmyadmin.cz website has new maintainer and is again getting new content. Hopefully it will stay alive for longer time to bring back lost visitors.

My Debian contributions are in still pretty good shape and I manage to fix important bugs, though my MPD related packages are still for sale. Still considering whether to go or not to go to Debconf, my decision will be probably based on fact whether I will get travel sponsorship or not (and when it would happen).

Besides these free software activities I began to be more active in Společné aktivity (in Czech) project for organizing various activities to spend free time.

Occasionally I also contribute to OpenStretMap, but it's more or less random time when I notice something is wrong or when I manage to visit some place which is not that good mapped. The good thing is that Prague is pretty good shape there, so it does not motivate me to spend too much time on this :-).

And of course there is my work at SUSE, working on usual L3 front and improving our Django based incident tracking tool.

Maybe I should step down from some of these, but it would be pretty hard for me to choose which one...

Other Tags
Follow me
Planets
Support me
Donate or Flattr me to support my activities on free software.