Wednesday, December 30, 2009

Fedora 12 and Ubuntu Karmic in the lead!

After a few days online, the latest Linux distro contest is showing a strong leadership from Ubuntu Karmic Koala 9.10 and Fedora 12 Constantine. Mandriva 2010, OpenSUSE 11.2 and Linux Mint 8 follow, but far from the leading two.

Thanks to all who voted and please keep those votes coming!

Monday, December 28, 2009

The dangerous myth of Linux virus invulnerability


I read an article recently about an easy way to create a virus against Linux. To be more specific, the article shows a very simple method to create a virus which takes advantage from a GNOME/KDE vulnerability. Here's the article, highly recommended for all KDE/GNOME users.

I started using Linux just over a year ago, but security and its alledged virus invulnerability were some of the reasons why I chose switching from Windows. Therefore, having read so many times that one is immune to viruses as long as one is using Linux, I was very scheptycal about that article. However, as I read more about it, my concern started growing.

It is true that the afore mentioned "virus" is more of a Trojan horse attack, and that it can't really do any harm unless the user makes a mistake, but the mere possibility of it happening is already worrying. Even more concerning is the fact that it is so easy to create and implement.

As I said before, this vulnerability seems specific to KDE and GNOME ".desktop" launchers, but these are probably the most extended desktop environments in the Linux world. It is important to understand that while Linux itself remains invulnerable to such problems, most desktop users do use one of these two desktop environments, so they are still vulnerable to attacks of this kind in the end. For the very same reason, Linux servers are not (as they do not use a desktop environment).

As the author of the article rightly puts it, the attack is limited as long as the user does not save and execute the launcher, and it could be argued that Linux users are somewhat more technically inclined and aware, but still it feels to me like something that could impact tons of users, even more as Linux keeps growing.

I agree 100% with the author that we Linux users should be critical instead of self complacent. We should not rest in our laurels assuming that we are free from attacks or security breaches, because that's not the case.

I encourage you all to contact GNOME/KDE developers so they take care of this potential security problem.

As for potential solutions to this kind of problem, prevention, as usual, is always best. Here are some suggestions:

1.- As a rule of thumb, avoid running any email attachment which can be executed, even if it comes from someone you trust (they could be infected).
2.- Never save and execute anything unless you are 100% confident it is safe, much less a ".desktop" file.
3.- Monitor your .local/share/applications folder to ensure whatever custom launchers are in there are doing what they are supposed to do. Just run this simple command from a terminal:

less .local/share/applications/*.desktop | grep Exec

4.- Understand that your PC can only be as smart as you are. It will not prevent your misuse.

Good Luck!

Sunday, December 27, 2009

Songbird 1.4.3

I know, I know, Songbird is a very heavy, resource-eating music player, but I LOVE IT.

To be honest, even if there are many good players available for Linux, Songbird is the only one looking half ready to take on iTunes. I like Amarok, Banshee, Exaile and even Rythmbox, but they all look prehistoric, and looks matter to me.

I have to say, though, that Songbird is far more than just the looks. This latest release includes new components, and the fabulous Mashtape is now accompanied by LyricsMaster, a great looking lyrics retriever, which by the way, works great.

Just take a look at this screenshot...

Aaah... Ubuntu, Songbird and Dream Theater... What's not to love? ;-)

Talking resources, it is true that Songbird eats some 80-90MB of memory while playing, but that's not such a big tragedy, not for me at least.

Get Songbird and enjoy your music even more!

Fedora Google Chromium SELinux problem


Quick entry to discuss a problem I have experienced lately on my Fedora 12 laptop. As I came back from a short vacation, I updated my fedora installation and downloaded a bunch of stuff, including a Google Chromium update.

When I tried to run Chromium, SELinux displayed an error an locked the browser, which would not start. Basically, the error message goes like this:

"The chromium-browse application attempted to load
/usr/lib/chromium-browser/ which requires text relocation. This is a
potential security problem. Most libraries do not need this permission.
Libraries are sometimes coded incorrectly and request this permission."

I tried a few things with SELinux policies, as I read disabling it was not recommended unless completely necessary (it really is not and you should follow this recommendation, as you have many other internet browsing options, starting with Firefox).

In my case, I was unable to find a policy that would fix this problem, so after a bit of google searching, I found that this issue had been filed as a bug and acknowledged as such by developers. In fact, they proposed a working workaround. From a terminal, run the following command, which will likely require admin access:

chcon -t textrel_shlib_t '/usr/lib/chromium-browser/'

Once you complete that step, you should be able to open Chromium again. You may still see the SELinux error message, though.

A long term solution is in the works and will probably come in the next SELinux update.

Hope this helps!

Thursday, December 17, 2009

GRUB2, TestDisk, LiveUSB Creator and learning your way through issue resolution

Hi again,

Other than through active reading and studying, I would say that most of my (limited) Linux skills were attained through issue resolution, and the research involved in that process.

This has been the case lately, as I faced some issues with GRUB2 and LiveUSB Creator. I had issues with both, not because they were not working as expected, but because of my ignorance and misuse of them.

Basically, GRUB2 is quite different from GRUB. The old easy way in which GRUB could be configured is no longer there. The old /boot/grub/menu.lst file that we could easily tweak is gone, now apparently substituted by /etc/grub/grub.cfg. However, as I quickly realised, GRUB2 is a whole different game.

Essentially, my desktop PC is a triple boot setup. I use two internal hard drives with 250 and 500GB respectively. The 500GB disk contains Ubuntu Studio 9.04 and Ubuntu 9.04 Jaunty Jackalope. The 250 GB, which was installed last, holds Ubuntu 9.10 Karmic. Because of that order, it is GRUB2 who´s in charge of the boot menu.

Initially, my setup was fine, but as I started to get Kernel upgrades into Ubuntu 9.04, I wasn´t seeing them updated on my boot menu. As a result, I was bound to boot into old versions of the Kernel. Not that this was a dissaster by any means, but I wanted to keep my system up to date. In addition, since my boot menu shows three OS entries, I didn´t want it to show obsolete entries, as it is complex enough already. Here´s how I got my way around these problems:

/boot/grub/grub.cfg is a read only file. It is not meant to be manually edited. As a result, just run sudo update-grub to get it up to date and include all OS entries available. This action got my grub menu up to speed, and so I could now boot into the latest Kernel entries for all three OS. However, as you can imagine, there were many entries for all obsolete kernel upgrades, so I needed to clean up my menu. In order to do so, I temporarily granted write priviledges to grub.cfg and commented out those entries I didn´t want to see. Note that that type of entries will get back in there next time you run update-grub. In addition, please remember to set grub.cfg file to read only again after you tweak it.

Then I had another problem just a couple days ago. I got myself an 8GB USB pen drive and wanted to set it up with a Live installation. I used the great Live USB creator application which can be found under Ubuntu System > Administration menu. The problem was that I had two USB drives hooked to my desktop at the time. My mini USB drive, and a 1TB drive I use for my own storage.

The application selected my 1TB drive, and I didn´t realise until it was too late. It prompted me to accept a drive format before it started the process, and I accepted. Dumb ass, I know. Anyways, the drive was quick formatted (luckily it was nothing too serious), but I was faced with losing 180GB of data. Movies, music, my own recordings, documents, etc. I was devastated. Initially it was shocking, I thought there was no way to recover my data.

Luckily, after some minutes, hope sunk in again and I started searching for data recovery tools under Ubuntu. I found people highly regarded TestDisk. I downloaded it and started playing around with it. It took me a few minutes to get to understanding it, and as I wasn´t sure what kind of damage my 1TB drive had, I wasn´t sure what exactly I had to do. Eventually, I cleared my partition table and added a FAT one, which allowed me to browse the drive again using TestDisk. I then copied all of the drive info to my internal drive (Lucky that I had enough space!). Once the copy was successful, I formated my 1TB drive and then copied all info back to it.

Phew! That was close! After I recovered the whole thing, the smile on my face was biiiiiiiig...

So yeah, it was scary for a while, but I ended up learning a lot in both cases. Hope you can use the solutions I found yourself!

About KDE and its bright looking future


Lately I have been working more and more on my Mandriva 2010 and Fedora 12 KDE desktops. Both of them are KDE4.3.3 and both of them rock hard in my opinion.

Back in the day when I started using KDE, it was KDE4 that got my attention. I never used KDE 3.5, though I have read that it was great. Anyways, when I started using KDE4, it felt bloated, resource eating, and buggy. Plasma was still not mature enough, many of the widgets didn´t work as expected, the menu tray was simply terrible, and it was frequent to see applications crash or behave unexpectedly. Needless to say, I stuck to Ubuntu and its awesome GNOME implementation. Under GNOME, everything felt right and doing what it was supposed to do, and with the right settings, it looked even better than KDE4 in my oppinion.

Now, come October and Mandriva and Fedora go live with their 2010 and Constantine releases, both of which sporting KDE 4.3.2, which I quickly upgraded into 4.3.3. I must say that I was blown away. The KDE desktop has improved a lot in a short time. It feels very responsive and light now. Most widgets work great and look awesome, and applications are as solid as their GNOME counterparts. Compiz effects even perform better and feel smoother under KDE 4.3.3 than they do under GNOME 2.26 (comparison run under the same hardware). On top of that, monitoring resource management does not really give any significant edge to GNOME, as used to be the case. Both desktops are now optimised and, while obviously heavier than XFCE and other lighter desktop implementations, they perfectly balance performance with functionality.

I still think that GNOME may have a slight edge when starting certain applications. Especially the latest Ubuntu implementation, Ubuntu 9.10, is lightning fast when opening Open Office. However, I can see a significant drag on both Mandriva and Fedora when opening the same application. That could be down to the GTK libraries, which are native to GNOME, though.

In any case, I wanted to share that I am a lot happier with KDE these days, and that it no longer feels to me like an inferior product when compared to GNOME. Back when I started using KDE, I was faced with issues that got me frustrated, and I always ended up going back to my Ubuntu or Mint desktops. However, I saw lots of potential in KDE and kept trying their new releases.

I am now glad that I did, because I finally feel at home and happy with KDE4.3.3. I no longer feel the need to use any GTK applications (with exception of gnome-system-monitor) and I love my KDE desktops more every day. I am looking forward to enjoying KDE4.3.4 soon, and can´t wait to see what they pull off with KDE4.4.

In addition, judging by the GNOME3 mockups I have seen, It feels like KDE will be a keeper. On the other hand, I hope the GNOME team listen to the community and don´t continue down the suicidal route they have taken. I would definitely like to keep using both KDE and GNOME, but not if GNOME 3 becomes a netbook tipe of desktop!

On the negative side, or maybe on the side I personally don´t like, I must say that KDE still has a lot of work to do when it comes to Kwin themes, color schemes, and control themes.

Kwin themes are all looking terrible, in my opinion. I always end up using Emerald, because there is not a single Kwin theme that looks half decent to me. GNOME window themes are much more abundant, and the average quality is much higher, I think.

Color schemes are also limited under KDE, and their editing tool is not nearly as intuitive as that of GNOME. Finally, there are just a handful control themes, and all look terrible to me. I end up using clearlooks all the time, which is the only one that looks sharp, I think. I don´t understand why there are so few control themes, and why there is no tool enabled to include more, as is the case for many other look and fell features.

All in all, with the exception of these little annoying (and completely subjective) look & feel issues, it is clear to me KDE4 has become an awesome desktop experience, and I very much recommend it!

Tuesday, December 8, 2009

Use the pen, it´s your friend

Pen drive, that is.

I wanted to share my experience on booting Linux from a pen drive. I find it extremely useful and convenient. It is a very good solution for those who may not be confident enough to run a native installation of Linux, but also for those who want to carry their computer with them any time, any where.

First off, for those who don´t know, how do you get this to work? Well, there a number of ways to make it happen. I used the USB drive creator available from Ubuntu, but that requires a full Ubuntu installation, of course. For those wanting to complete this process from a Windows PC, you can find all kinds of info and step by step tutorials in this great site:

As for the Ubuntu way, simply go into System menu > administration > USB live creator. That brings up a very convenient and simple application that will ask you two things: The location of the ISO you want to create your USB drive from, and the location of the USB drive itself. After a few minutes you will have your bootable pen drive.

The cool thing about this setup is that you are essentially using your pen drive as you would use any hard drive. Unlike a LiveCD, you can actually store info on your pen drive as you would in a standard drive, so all your settings stay were you left them. In other words, wireless settings, installed applications, themes, icons, wallpapers... Everything you customise to your liking will be there next time you boot!

What´s even cooler is that you add a layer of abstraction that way, as your Ubuntu session is now independent from the machine you use. As long as you use machines with kernel supported devices, you will be able to freely jump from one machine to the next, always using your very same Ubuntu session!

I personally find that very convenient. I run Linux at home, but the company I work for uses Windows. Because of security policies, I am not supposed to install linux on any corporate machine, but this solution allows me to use my company PC with Linux with absolutely no impact to the corporate build. I can use my Ubuntu anytime I want by simply booting my PC from my pendrive, and it is the same session I used elsewhere. No need to use UbuntuOne or Dropbox, or need for an internet connection to keep things in synch, everything is right there where I left it!

Anyways, I have found this little feature to be just perfect for my needs and wanted to share it. Hopefully you will get a kick out of it too!