Posts Tagged "linux"

Upgrade Kubuntu from 8.10 to 10.04

Starting from a few weeks ago or so, I don’t receive updates on my Kubuntu 8.10 as  usual, I believe 8.10 is being phased out, and I figure that upgrade is long overdue, maybe this is the time to try the latest version, 10.04, which is a Long Term Support version.

Now you can’t just upgrade from 8.10 to 10.04, in fact you have to upgrade from 8.10 to 9.04, then to 9.10, then 10.04, so if you choose to upgrade you will have to do it three times! OK, I said to myself, let’s do it!

From 8.10 to 9.04 went smoothly(though I need to clean up root partition to make room for downloading and unpacking), when the machine(Dell Latitude  E6500) rebooted, I got 9.04 up and running, and in not time I started the upgrade from 9.04 to 9.10, this time it wasn’t going as expected. Almost at the end of the upgrading, there was no room left on the root partition, the upgrade didn’t complain about this, that was the weird thing, and I expected there would be problems. And there it was! When the system rebooted, X server just bailed because no nvidia(my laptop has a nvidia graphics card) kernel module was loaded, it turned out the kernel wasn’t installed correctly due to disk space exhaustion, I was lucky that I only had to remove the broken kernel image package then reinstalled it, reboot, everything was fine. From 9.10 to 10.04 took about 1 hour and 40 minutes(about 40 minutes downloading and 1 hour upgrading), I had 10.04 on my laptop and it’s running great!

In the upgrading process I was doing what I usually do, almost no interruption(except 5 minutes to fix 9.04 to 9.10 problem), I have to say I am amazed but not surprised, Linux has come of age, not only on server, but also on desktop, mobile devices and much more, I have been a Linux user for more than 11 years, I still find something new almost every day. I can’t imagine what the computing will be if there is no Linux.

Technorati Tags: , ,

Why I don't support Windows anymore

This is a Windows horror story from almost 8 years ago.

My friend was running Windows 98 at the time, and she’s using outlook express to handle her emails. Then one night she called me out of panic, she couldn’t seem to see any of her emails, I tried to troubleshoot remotely to no avail, lately I figured that huge Inbox file was corrupted, and I tried all possible means known to me to salvage her emails, but none worked, she lost all her old emails.

Then I installed Thunderbird for her on Windows, it turned out it was another mistake, she lost her emails due to windows crash but this time I had her to backup her local mail storage, and I put linux on her machine, moved all emails from back to her new linux installation, she was happy ever since, no weird and mysteries problems any more, and when she needs some help I just have to ssh into her machine or run nomachines’ NX client with freenx server to get job done.

It’s a joy to work with Linux, but not too many people can appreciate this fact. FUD, misinformation, greedy, corruption all play their roles in this twisted world, we see good people get bad treatment, crooks get what they want, criminals get to control the justice system, it’s not too surprise to see a superior system gets second rate treatment.

Technorati Tags: , , , , ,

Microsoft wants us to pay them to (not) fix their own security problems

WOW! This is fantastic: Microsoft’s security chief suggests ‘Net tax to clean computers.

Notice that the security chief said “You could say it’s a public safety issue and do it with general taxation”, WOW! Amazing! MS created the whole malware/spyware/virus universe now they want you to pay for the privileges of being infected ! How nice of them!I almost burst into tears! They do care about our health, ha!

This is really unbelievable. MS wants everyone else to pay for their flawed OS, actually they already did it, now they want everyone else to pay for it’s security “features” again, with a more blatant “Internet usage tax”, even those who are not using their garbage system. I just wonder how did the security chief kept straight face when talking about “Internet usage tax” for their own security problems.

What next? Here is the news for all of us: MS spokesperson announces  “‘Net Tax” is not enough to fight the global malware/spyware/virus pandemic, we’re running huge deficit, the tax rate will be hiked to compensate all the work done by MS. Sounds familiar? Yes, wherever there is government, there are corruptions, anything MS touches, it corrupts, looks all too familiar.

How do we fight all these parasites? Education is the key. When the people know better, they will do better. All I can do now is to recommend GNU/Linux whenever I have a chance. A few days ago my boss came back from a business trip to China, he used his laptop in China for a few times, and he was running IE on Windows, lately his machine found to infected by spyware deployed by the Chinese government. Before this incident I tried a few times to get him put Linux on his laptop but failed, this time he’s asking for more information about the Linux thing, especially the security features. Though no decision yet, he’s considering get a Mac or just put Linux on his laptop.

Technorati Tags: , , , , , ,

Install ioncube loaders under SELinux

When you install free ioncube loaders under CentOS 5.x, which has SELinux enabled by default, you will see following error message:

“cannot restore segment prot after reloc: Permission denied”

You have a few choices here.

You can disable SELinux, edit /etc/selinux/config, look for” SELINUX=”, put “disabled” to the right of “=”, it reads like this “SELINUX=disabled”, when you restart the machine, SELinux will be totally disabled. But when you want to enable SELinux lately, the system will relabel all the files at the boot time, it will take very long time to finish the relabeling process, so disable SELinux is not recommended.

Then you can put “permissive” in place of “disabled”, or run “setenforce 0” on command line(“setenforce 1” re-enable it),  you will see warning messages but SELinux won’t do anything to stop unauthorized access. If you are serious about security, probably you won’t feel comfortable when SELinux is not enforcing it’s rules.

Now you’re ready for the real solution.

When you see the error messages when you restart your HTTP server, run following command:

audit2allow -l -a -r

You should see the required types and classes being displayed and the permissions you need to load into selinux module, you’re not going to see them all at once, you will have to try a few times to get all the required types, classes and permissions. Following I will show you how make it work, step by step:

You need to create an file “local.te”, which will hold all the required types, classes and permissions to be loaded in to SELinux module, in our case, you need to add following into local.te:

module local 1.0;

require {

class process {execstack execmem execheap};

class file { ioctl lock append create getattr setattr link relabelfrom unlink write read rename execmod };

type unconfined_t;

type httpd_t;

type httpd_sys_content_t;

};

allow unconfined_t httpd_sys_content_t:file execmod;

allow httpd_t self:process {execstack execmem execheap};

End of code.

When you have the local.te ready, run following command:

checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -i local.pp

Now you HTTP server will load ioncube loader just fine.

Technorati Tags: , , ,