Saturday, May 31, 2008

Migrating from Firefox 2.0 to 3.0

There are some problems when migrating from Firefox 2.0 to Firefox 3.0 (in this case Firefox 3.0b5), which is the case when migrating from Fedora 8 to Fedora 9. For me it was not clear what was happening so maybe if you are experience some "weird" Firefox behaviour it might be also the case.

To keep things short:

1. Backup your bookmarks.

2. Close Firefox or kill it:
#---
killall firefox && echo done
#---


3. Remove your $HOME/.mozilla directory (or a safer measure, move it):
#---
cd $HOME
mv .mozilla .mozilla-firefox2
#---


4. Restart Firefox and start the painfully work of customising it.

Just a little history. I had had a Firefox 2.0 for a long time and when I migrated to Fedora 9 (see my road map) it also implies a migration from Firefox 2.0 to 3.0b5. The first thing, which was expected, was that my add-ons did not worked any more (compatibility issues). This was ok, I removed the deprecated add-ons and kept using the ones the worked.

The problem that first caught my attention was GMail, which was working just in the basic html mode (which sucks if you are used to the normal version). I thought that it was a problem with add-ons (so I remove every single one of them), it did not work. Then I start suspecting of Java (tried 2 Sun versions and open-java version), but it wasn't it. At the end I was suspecting some incompatibilities between Firefox and AJAX (which is what Google uses).

The very last thing, after a week or so seeking for an answer, was clearing my configuration directory. Which solved the problem. Don't ask me why, I do not know (and didn't bother to look for the answer).

The bottom line is: if you are experience some weird behaviour with Firefox, try to start fresh.

Wednesday, May 21, 2008

[updated] Encrypting partition with LUKS

This topic is far away from new and you will find a lot of tutorials on the net. But as I already said before I lack a sort of baked recipes and central point for things. So if want the originals from this baked recipes go here and here and for the official LUKS page here

So first of all what I really need to encrypt are the following partitions:

/home
/var
/etc
swap


You can simplify by encrypting everything except /boot (ok, you may also encrypt that but I do not see the point and did not try it).

The main issue about disk encryption resides in disk performance specially by removing things (which includes moving from and to file systems). So if you really need some juicy speed upped partition I recommend to have a plain ext2/ext3 partition by the end of the disk (as closer to the out border of the disk as quick things get done, it does not apply for SCSI disks).

That said, the reasons you want to encrypt swap is to ensure that no one will eventually forces an swap attack on you (forcing the system to drop some sensitive data on the swap partition and then read them out). The /var is also important because there are the system logs and if you are a not that security freak you will eventually mix things up and type your password instead of username (which will be registered in the security log). The /etc is for the sake of it (you do not need it if you keep a safe check sum of all files there and check it before turning your network connection on, hehe). The last, but not the least, your precious /home and you know why you need it (as also RIAA).

The problem with Fedora 9 out-of-the-box procedure is that it does not randomizes the disk before encrypting it (which is important but takes a lot, but a LOT of time) and it is understandable for a installation procedure. But you want security so you want to do things right. Before you start doing things keep that in mind: you need time, a lot of time. For my SATA disk in a Pentium 4 3.2GHz the speed was about 3M/s, doing the math:

1GB ~ 6min.
10GB ~ 1h
50GB ~ 4h 45min.
100GB ~ 9h 30min.
150GB ~ 14h
200GB ~ 19h
250GB ~ 24h
300GB ~ 29h
512GB ~ 2days
1TB ~ 4days

If you know a speed upped procedure, please tell me. The speed problem is not on the disk but on the random generation, so it is unlikely to change for a notebook (if you getting nervous about that).

So the procedure is the following for a data partition and swap. But first of all (and that is VERY important) copy this text in text file and save it in your root partition (I really meant /) because you will need to shutdown your X11 AND network connections.

1. Do backup of your partition, you will lost everything.

2. Really, DO a backup, you will regret it later if you don't (you can use the FlyBack)

3. Save this text on text file in "/";

4. Logout and switch to a terminal (<CONTROL>+<ALT>+<F1> should do it) and log on as root;

5. Execute the following commandos:

5.1. Runlevel 1:
#---
telinit 1
#---


5.2. Note somewhere which is the real partition that you want to encrypt:
#---
mount | grep home
#---


It should return something like: /dev/sdaXX or /dev/hdaXX

If it returns something /dev/mapper/SEC_DEV it means that your partition was previously encrypted and you will need the real device.

5.2.1. Dealing with encrypted devices:
#---
cat /etc/crypttab | grep SEC_DEV
#---


Here you should get the real partition name.

5.3. /home:
#---
fuser -mvk /home
umount /home
#---


5.4. Verify if it was really unmounted:
#---
cat /proc/mounts | grep home
#---


5.4.1. If you have a previously encrypted partition you need this step (I'm confident that you do have a safe backup):
#---
cryptsetup remove SEC_DEV
#---


Note that I do NOT included the whole path (/dev/mapper/SEC_DEV)

5.5. Fill the partition with random data (this is the point where you must be sure you have a backup):
#---
dd if=/dev/urandom of=/dev/REAL_DEV
#---


The REAL_DEV is the same from step 5.2.
Note that the above command will end with and "out of space" error, do not worry about it.

5.6. Let LUKS know about your new partition.
#---
cryptsetup --verbose --verify-passphrase luksFormat /dev/REAL_DEV
#---


5.6.1. Open it:
#---
cryptsetup luksOpen /dev/REAL_DEV SEC_DEV
#---


SEC_DEV is a string you like. Fedora standard is luks-REAL_DEV (like luks-sda6 for /dev/sda6).

5.6.2. Verify it is everything there:
#---
ls -l /dev/mapper | grep SEC_DEV
#---


5.7. Create the file system:
#---
mkfs.ext3 /dev/mapper/SEC_DEV
#---


5.8. Mount it, to check it out:
#---
mount /dev/mapper/SEC_DEV /home
df -h | grep home
#---


5.9. Edit your /etc/crypttab and include the following line:

SEC_DEV /dev/REAL_DEV none

[update]
5.10. Collect your UUID for the /etc/fstab:

NOTE: The method with cryptsetup does NOT work in reencrypted partitions, so prefer the tune2fs method.

#---
cryptsetup luksUUID /dev/REAL_DEV
#---


#---
tune2fs -l /dev/mapper/SEC_DEV | grep UUID
#---

[update]

It must throw something like: c3119452-5a93-49bb-9c91-28d75a830a18

5.10.1. Alternatively you can already throw it in your /etc/fstab (but be careful to include the two ">":
[update]
#---
tune2fs -l /dev/mapper/SEC_DEV | grep UUID >> /etc/fstab
#---

[update]

5.11. Edit your /etc/fstab to include the following line (removing any other existing line that refers to /home):

UUID=<YOUR UUID> /home ext3 defaults 1 2

or

/dev/mapper/SEC_DEV /home ext3 defaults 1 2

5.12. Verify again:
#---
umount /home
mount /home
#---


5.13. Restore SELinux contexts:
#---
/sbin/restorecon -v -R /home
#---


6. Now the swap partition, which is a little bit different:

6.1. Identifying the partition:
#---
swapon -s
#---


6.1.1. If it turns out to be an encrypted partition, follow the step 5.2.1.

6.2. Turn off the swap (unmount the partition):
#---
swapoff -a
#---


6.3. Repeat the steps 5.4.1. (if you need) and 5.5.

6.4. Let LUKS knows about the new partition:
#---
cryptsetup create SEC_DEV /dev/REAL_DEV
#---


Here you will get the UUID for this device, note it somewhere. Or use the cryptsetup method from step 5.10 (because it is NOT a data file system it is the only way and it works, but just for swap partitions).

6.5.1. Open it: (step 5.6.1)

6.5. Make it swap:
#---
mkswap /dev/mapper/SEC_DEV
#---


6.7. Edit your /etc/crypttab (step 5.9.).

6.6. Edit your /etc/fstab to include the following line:

UUID=<YOUR UUID> swap swap defaults 0 0

or

/dev/mapper/SEC_DEV swap swap defaults 0 0


6.7. Check it:
#---
swapon -a
swapon -s
#---


7. Reboot your system:
#---
shutdown -r now
#---


Your passphrase will be asked at boot time and after everything is running restore your backup.

Have fun!

Tuesday, May 20, 2008

[updated] Time Machine on Linux

If wonder about the Time Machine from MacOS X and wanted it, you can make your own using rsync but if you want something more fancier (like I do) with a GUI you should try FlyBack (if it does not work try this) which is a nicely made Python program (or should I say script) that includes all your needs for a decent backup (using, of course, rsync). Try it, it worth.

By the way I already tried other solutions like:

Unison (painfully slow)
Grsync (hard to configure, exclude list is not possible)
fwbackups (very slow)
KBackup (very slow)

And my own TAR based backup script, which I was using until I tried flyback. It is really a great backup solution for the average desktop backup needs.

By the way, the first backup is a little time consuming (for my 16GB it took about an hour or so), but the following backups are very efficient (it takes no longer then 5 minutes).

P.S.: I'm using LUKS in my partitions.

[update]
I just used a full recovery from my system (I migrated my /home to LUKS and it worked just perfect, like nothing happened).

Monday, May 19, 2008

[updated] Aplause for Fedora 9

I'm really impressed by Fedora 9 and here come one of my source of frustration on the previous versions: Java Support and Eclipse.

Until Fedora 8 I needed to install a "thrid party" (the original) Eclipse and Sun's Java to have a decent Java support. I needed to use the original Eclipse because somehow it doesn't wanted to use the Sun's Java, just Gnu Java (which wasn't compatible with Java 1.6). Now Fedora have really flexible Eclipse (3.3.2) with some useful plugins and I can use the Java version that I want. Here comes the hack: I do not need it any more because Gnu Java (ok, openjdk actually) is already Java 1.6 compatible. An amazing step forward to interoperability (at least for me). I still keep the Eclipse "third party" step in my road map, as also Sun's Java, but just because I haven't tried it long enough to discard it (but I'm using the Fedora packages now).

For those of you that want to give a shot:

[update]
Java source included:
java-1.6.0-openjdk-src
java-1.5.0-gcj-src
[update]

Java support:
#---
yum -y install \
gcc-java \
java-1.6.0-openjdk \
java-1.6.0-openjdk-plugin \
java-1.6.0-openjdk-javadoc \
java-1.6.0-openjdk-src \
java-1.5.0-gcj \
java-1.5.0-gcj-devel \
java-1.5.0-gcj-javadoc \
java-1.5.0-gcj-src
#---


Eclipse for Java:
#---
yum -y install \
eclipse-platform \
eclipse-ecj \
eclipse-jdt \
eclipse-cvs-client \
eclipse-subclipse \
eclipse-subclipse-book
#---


For C++ development:
#---
yum -y install \
eclipse-cdt
#---


Mylyn plugin:
#---
yum -y install \
eclipse-mylyn \
eclipse-mylyn-ide \
eclipse-mylyn-java \
eclipse-mylyn-bugzilla \
eclipse-mylyn-trac
#---


A note on the docs, you will find them in:

/usr/share/javadoc/java-1.5.0-gcj/
/usr/share/javadoc/java-1.6.0-openjdk/

Friday, May 16, 2008

A word about flash and Firefox 3.0

If you are using Firefox 3.0 and want to have flash support there is a broken dependency problem in the flash RPM, it does not include the libflashsupport, which is mandatory to have sound in flash.

So to install flash and have it working properly you need to:

1. Add flash repository: Adobe (flash plugin)

2. Install it, with libflashsupport:
#---
yum -y install \
flash-plugin \
libflashsupport
#---


The problem was reported here.

Wednesday, May 14, 2008

My Fedora 9 road map

- Basic system setup
-- Adjust [/etc/resolv.conf]
-- Adjust [/etc/fstab]
-- Adjust [/etc/sysconfig/network-scripts/ifcfg-eth0]

- Add repositories:
-- Freshrpms
-- Adobe (flash plugin)
-- Livna

-- Correct conflict between livna and freshrpms (in favor of freshrpms):
Edit your [/etc/yum.repos.d/livna.repo] file to look like this:

...
#mirrorlist=http://rpm.livna.org/mirrorlist-7
exclude=vlc*,mplayer,libdvbpsi*,ffmpeg*,mencoder*,x264*,lame*
enabled=1
...


-- Update your system:
#---
yum -y upgrade
#---


- Install additional software:
-- Multimedia:
#---
yum -y install \
mplayer \
mencoder \
gecko-mediaplayer \
gnome-mplayer \
vlc \
grip \
ogle \
flash-plugin \
libflashsupport \
AdobeReader_enu \
k3b \
k3b-extras-nonfree
#---


-- Torrent with transmission
#---
yum -y install \
transmission
#---


-- Email with sylpheed-claws
#---
yum -y install \
bogofilter \
claws-mail \
claws-mail-plugins
#---



-- XMMS with its most precious plug-ins
#---
yum -y install \
xmms \
xmms-libs \
xmms-skins.noarch \
xmms-mp3 \
xmms-faad2 \
xmms-flac \
xmms-wma \
xmms-cdread \
xmms-arts \
xmms-esd \
xmms-musepack \
xmms-acme
#---


-- Pidgin, a very good IM client
#---
yum -y install \
pidgin \
pidgin-encryption \
pidgin-guifications \
pidgin-libnotify \
pidgin-otr \
purple-plugin_pack-pidgin \
purple-plugin_pack-pidgin-xmms
#---


-- For kernel modules
#---
yum -y install \
kernel-devel \
kernel-headers
#---


-- Nautilus plug-ins
#---
yum -y install \
nautilus-open-terminal \
nautilus-search-tool \
nautilus-flac-converter \
nautilus-extensions
#---


-- Misc
--- Diagrams and images, usually old stuff that I'm used to
#---
yum -y install \
graphviz \
dia \
gv \
xfig \
xpdf \
eog \
gnuplot \
grace
#---


--- Editors and related
#---
yum -y install \
gvim \
kile \
dictd \
diction
#---


--- My beloved spreadsheet program
#---
yum -y install \
gnumeric
#---


--- Unrar and related programs
#---
yum -y install \
unrar \
p7zip
#---


--- My beloved debugging program
#---
yum -y install \
ddd
#---


-- Remove things I do NOT like:
--- Multimedia players that do not play divx/mp3 and stays as default for video and audio files:
#---
yum -y erase \
xine* \
totem*
#---


--- This is REALLY annoying, it prevents mplayerplug-in from working properly:
#---
yum -y erase \
mozplugger
#---


-- Update your system:
#---
yum -y upgrade
#---


- Install and setup third-part programs
-- VirtualBox/VMware
-- Skype
-- Real Player (check for the RPM version)
-- Sun Java
-- Eclipse

P.S.: For Real Player you will need to install the following package (broken dependency on Real Player RPM):

#---
yum -y install \
compat-libstdc++-33
#---


- Setup printers
- Backup [/etc] and [/boot/grub]
#---
tar -czf bkp-system.`/bin/date +"%Y%m%d-%H%M"`.tgz /etc /boot/grub
#---


- Some issues:
Acrobat Reader install its Firefox/Mozilla plug-in, which has a memory leak. I recommend to remove it. To do so:

#---
rm -f /usr/lib/mozilla/plugins/nppdf.so
#---


Related posts:

- Pidgin with multiple languages (obsolete by package purple-plugin_pack-pidgin, but not working properly)
- C Cedilla with Gnome
- Eclipse and Java from RPMs