xuedi 的 blog

A BLUG Spammers BLOG

Since some time i use arch linux in combination with awesome wm on my netbook, due to the fact that the netbook has a SSD hard-disk i see the result of the rc system just for a quarter of a second, sometimes the wicd deamon gives me some trouble but i cant read fast enough. So, i figured out that there is a quite easy way to change behaviour of arch to NOT clear the screen for the login prompt:

Edit: /etc/inittab

Change

c1:2345:respawn:/sbin/agetty -8 -s 38400 tty1 linux


Into

c1:2345:respawn:/sbin/agetty --noclear -8 -s 38400 tty1 linux


And since an update, the issue file aswell clears the screen, you can edit the /etc/issue file gobally (with some funny stuff maybe) or you can tell the terminal to use a separate issue file:

c1:2345:respawn:/sbin/agetty --noclear -8 -s 38400 tty1 linux -f /etc/issue.tty1


Then you set a message for each terminal, you need to create this file of course as well ^^

Cheers
xuedi

Yay, finally there is some sense in the Linux desktop development. The coming Mint 12 does it right, it gives you the choice to have your gnome 3 behave more like the gnome 2 menue. Additionally to this there has been a lot of development in the gnome 3 tweak tool. This gives me hope to go back to gnome in the future …

Some images: http://tinyurl.com/cqm9e9k

Cheers
xuedi

Its quite simple

1) Prepare
– you should have svn installed (or just download if you like)
– you need pidgin-devel, libpurple-devel and the standard build toold (gcc, autotools, make)
– pidgin should be closed while install

2) Get the code
# go to you folder where you have your projects stored
svn checkout http://libpurple-microblog-sina.googlecode.com/svn/trunk/ libpurple-microblog-sina-svn
cd libpurple-microblog-sina-read-only
autoreconf -fi
./configure
make
sudo make install

3) Check settings
I n my case my default browser setting in ~/.purple/prefs.xml had some rubbish ‘sensible-browser’ set, i needed to replace that by ‘friefox’

4) Connect to sina
Weibo is using the Oauth (version 1) that works with a request token and online confirmation to connect the new client to the service (details infos: )

– First the usual: Pidgin -> accounts -> manage -> add -> microblog-tsina
– Now you add your weibo email -> add
(pidgin will open a url in your browser)
– you have to login into weibo and confirm the new client
– copy&past the given pin back into the pidgin window

5) Enjoy your news
Thanks to these folks http://code.google.com/p/libpurple-microblog-sina/people/list for the nice plugin

TODO
I should fix the arch AUR package for x86_64

Arch
One Arch/Linux thing i failed badly lately, i moved /tmp to shm to increase some compiling speed on stuff, but i wasnt compiling anything from the arch AUR since these days, i got lots of errors on many packets until i figured out that the new version of yaourt is not only storing temprary data in /tmp/xxxx but also creating the sandbox there and compiling stuff, no wonder i got a lot of permission error. mz tabfs had the noexec option set for the /tmp partition..

Robust routing box
At work i had to work with the endian firewall/router box and i did not see much difference to a openWRT system. I was curious what distros/systems there are to connect your home net to the internet, with some extended features (firewall, IDS, IPS, vpn with routing, status/stats tools). I found some very interesting list: http://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions from these Zentyal i think is very promising, not exactly the rextended router, but easy to use with lots of options.

I am currently working on an lighweight and hardend (SELinux, gre, PaX .. etc) gentoo virtualBox system. My plan is to give my nic exclusivity to the VM and route all my traffic through the box (over vboxVPN). My goal here is to try to understand more about the traffic, collect some stats via prelude(by snort). I learned that the guy building these gateway boxes/distros must have a huge knowledge and workload ^^

Desktop interfaces
Playing again with all these so called new desktop experiences (gnome-shell, unity) and even after forcing myself 2 week working in each of them i felt that i have to do so much more action to get things done, and i have the feeling to wait ages for windows and menus. I will stay with xfce (desktop) and awesome (netbook) for sure.

Awesome new tool
For quite some time i was searching for a good tool to learn Chinese vocabulary’s and did not find anything that suits me, but then i found anki an amazing tool, not really fast but with variable experience based system that shows you really just the voc’s you need to learn, my tool of 2011 !!

Hi Friends of the Beijing GNU/Linux User Groups,

since the main BLUG webpage made a dive and traffic gets redirected here, we give you a quick overview on the important dates for the coming week:

====== Saturday 9th of April ======

Coding 4 Fun April 2011,
Already Coding for Gnome 5 and Web 4.0? Bring your project and join the BLUG’s monthly Hackathon. (There will be no hackerlab at yuanfenflow, that will be all the other Saturdays). Spend a nice and beautiful day in an relaxed environment to mingle and exchange with like minded people!

Time: 9th of April, 11:00 to 18:00
Location: exoweb Office, check the link below if you come for the first time.
Link with map:  http://www.exoweb.com/en/contact/

====== Saturday 9th of April ======

北京GNOME用户组 BEIJING GNOME USER GROUP celebrates Gnome 3 Release Party

Gnome 3.0 has been released on the 6th of  April 20011. It is the most significant upgrade of Gnome in 9 years. It incorporated the most innovative gnome components like Gnome Shell and Activity Journal.

The author of Ubuntu-tweak says: True hackers uses Gnome 3.

To celebrate the event, Beijing Gnome User Group co-organize the gnome 3.0 launch party with Opensource  Association of China Academic of Science. In the event features of gnome 3.0 are to be presented, as well as how to write extensions for Gnome Shell. There will be a video meeting with Taiwan Gnome user group and Hong Kong gnome user group too.

The event is further assisted by Beijing Linux User group to host booths and by TuringBook.com of their books as gifts.

Time: 9th of April, 14:00 to 18:00 (real time, so get there earlier is appreciated)
Location: China Academy of Science the Zhongguancun campus, classroom
building S206 (保福寺桥南中科院中关村校区教学楼S206)
Link with map:  http://www.bjgug.org/node/612

======Tuesday 12th of April 2011 ======

Monthly BLUG Meeting April 2011 and Gnome 3 Relesase Party

The Beijing Gnu/Linux User Groups will be celebrating a GNOME 3 Release Party Come here for brief introductions on GNOME 3 and Hands on Experience on some ready installed Gnome 3 System to try. We hope for nice input fromeveryone who comes and can’t wait for some discussions about and over Gnome 3.
We’ll be providing Gnome 3 Live-CD images for you to try Gnome3 on your own kit and some advice on how to do it.
Don’t hesitate to bring the Desktop Environment you like to compare with!

Time: 12th of April, 19:00 till (usually very) late
Location: Traktir Pushkin on GuiJie close to Dongzhimen Station. Dongzimen Neijie.
Link to a map:  http://www.xuedi.de/QC/map.png

======

Hope you find something interesting to join.
Have good week!

Hello,

i did since my last post about my starraid project more work in doxygen and documentation in general. Now i finally uploaded the stuff online:

http://www.beijingcode.org/doxygen/starraid/

The project is still in closed development, but feel free to ask about anything anytime or fork as you like, its open source

Cheers
xuedi

Kylin, the magic new chinese secure operating system that got some media buzz few months ago is actually just an improved BSD system, but the idea is the same: Take a more secure system than ‘windows server’ and  add more security features to it.

I choose  Gentoo for my secure box as i am anyways a gentoo user and the Gentoo Hardened team is developing quite steady. Afaik its also the only Linux distro that has a quite good documentation for NON-SELinux security features (coperate distros usually only support SELinux/AppArmor)

What is Gentoo Hardened?

It is a Gentoo profile that, if you choose it, it will add a few features to your compiler by default: CFLAGS=”-fPIE -fstack-protector-all” LDFLAGS=”-Wl,-z,now -Wl,-z,relro” you can add the useflags USE=”{$USE} hardened pic” to your /etc/make.conf as well, but that should be not necessary on a modern Gentoo system, but also will do no harm. As you can guess, this are only compiler flags, so we need to recompile the whole box, this will of course take ‘some’ time, here the way i did it:

I had already a system set up as non hardened, so i converted it by selecting the hardened profile and:

emerge --sync
emerge --oneshot binutils gcc virtual/libce
merge -e world # take 3 days holiday ^^
revdep-rebuild


Your system should be not only more secure now, but also more stable because the compiler flags catch a few bad programming habits, in my recompile i got only one smaller problem in a minor package that i posted to the Gentoo bug tracker.

Now the interesting part, lets add more features:

PaX
is the most important here, it is a way to protect the memory, it locks everything and then gives explicit access to the memory parts, it bring a tiny overhead but can protect the code from programming error and avoid most buffer overflow hacks.
After recompiling the system all your binary should be ‘PaX-ready’ (nice, need a sticker for my laptop ‘vista PaX-ready’). You now just need to add a few features in the kernel, this worked for me without any problems, its well documented here

GRsecurity
Manages gives you an improved chroot and it has also roles for all your services that are naked to the public and sets strict limits to them, has its own ACL that make SELinux pretty useless. The GRsecurity also starts with a few options to your kernel config, see here for more info. But as usually the trouble with rule based service profiles, you need the rules, this can be a quite time consuming work….

SELinux
Security-Enhanced Linux does not offer much more then GRsecurity (with its ACL) but if you run a cooperate environment that has to fulfill certain standards its can be useful because it apply the guidelines of the U.S. Department of Defense and under run a detailed check by the NSA, so not much more than fancy names here   … I did not used it, even though there are a lot of rules already …

RSBAC
This one is a kind of similar concept to SELinux with some more features, the main ‘features’ is that it is government independent and it sees itself more universal.

One more info about PaX, one feature i really like is: ASLR (Address space layout randomization): If a hacker wants to take over your box, he need to inject his code in order get access, so he need a security hole AND a place to put his injected code … ASLR can not help preventing the security hole, but it mixes up the memory randomly, so the hacker has a big problem to find the typical injection hooks like the address of the libc
Disadvantages: if you do some really dangrous dynamic memory juggeling in your code, it might run into some problems.

Links:

http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml

[EDIT]
Some update, if you proud owner of GCC 4.4.x powered by the new faster graphite subsystem, you might run into a few problems with Gentoo Hardened, better switch it off, and let GCC compile the loops in the old manner

What a week, first of all the beloved opencamp turned into to a sterile, boring, sponsored university lecture event without any charm, then ubuntu fucked up 10.10 netbook remix very badly.

Ok lets start two years ago, my first open/barcamp event, it was in a nice study bar, very affordable prices, they had food and drinks, a nice screen, two lecture room and many cool and nice people. You could easily meet new people, had a chat, change tables and discuss with others. Now 2010 and the last opencamp event, first of all, it is impossible to run a open office presentation, you have to have a Microsoft Powerpoint presentation to hold your open source talk, and no other way possible (some days before at SFD openoffice in the same room was working fine), then boring corporate lectures (some), no food, no power, no wifi but boring atmosphere.

Very sad, it was a truly great event before …

Then ubuntu 10.10 … oh oh oh canonical what have you done …  Since 6.4 every version kept getting faster and better, 10.4 with its netbook remix made me even move from my ‘awesome wm on gentoo’ back to ubuntu.

Now you have the not removable or changeable ‘unity’ dock and ‘mutter wm’. It takes 2 seconds longer to load than the normal gnome desktop?!? Did i missed something here? Neetbook remix used to stand for: fast and light weight small screen optimized interface… It works well on a heavy desktop system with 1G nvidia grafic card, but if your netbook don’t have 3D hardware the new unity dock is slow as hell and even hangs time by time.

If you start the netbook 2D thing you get the ‘old’ working system, but with icons that are 2 as bis as a menue entry and it is much more slow than the 10.4 interface.

I can understand that canonical waned to push some gnome 3 technologies into this release like ‘mutter’ but this is absolutely pre-alpha software!!

now it is ubuntu 10.10 with awesome-wm and if there is a ubuntu system (non-interface) bug it will be back again plain clean gentoo, if there is something broken at least i know what and why, because i did it … or maybe back to 10.4 maybe …

Hoping for more pleasant things to happen …
xuedi

P.S.
Later on at the opencamp after party it was nicer, free food and some beers, unluckily not every speaker had the pleasure … Sorry for the harsh words …

—–TWIT—–
i found this interesting Blog post link (in German, sorry) that is talking about the usage of the tool ‘stress’, than man-page says it better than i could describe, so check it out.
—–

Quite often i am sitting with someone in some cafe working and ‘just’ want to copy a file over … even though we can today send bits and bytes all over the world, the communication of two people next to each other failing on stupid simple reasons quite often (no net-cat installed, samba not configured, nfs modules missing, someone remember the hassle of serial dialog cables ^^) well, the point i try to make here is that for me the most simple and fast is still ssh.

But, with the situation to freelance in changing cafe places and just shortly here and there send some files to different people my .ssh/known_host file grow to about 120 entrys. I can not recall (trust) any of them, so the point of the warning at a man-in-the-middle attack is useless …

I was searching for quite some time (read here and there a few lines of the manual) for a simple –no-host-check option for ssh. Now i found it:


alias mscp='scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'


It is very convenient to have a guest user (no bash / login, with password) account on the system, so you just do sshd->start … then: mscp (mobile-scp) and there is your file … sshd->stop

Cheers
xuedi