Having luckily only running an upgrade on 1 of my FC20 hosts I found that it has broken the firewall completely, so upgrade at your own peril of losing connectivity to your hosts.
A %x error, can't remember the full details as wanted to get back to a working firewall asap, so reinstalled firewall-config-0.3.8-1.fc20 and the firewalld of the same version.
This is to advise you NOT to update to the 0.3.9 version of the software and wait for the next release!
Wednesday, January 15, 2014
Thursday, November 28, 2013
Fedora 17 - Mobility Radeon HD5430 HDMI And Audio
Having recently upgraded to a nice new shiny HDMI TV/Monitor for my Fedora 17 server (soon to be 19) I needed to get the HDMI audio working since the TV I purchased claimed to have VGA (even though I wanted to eventually use HDMI) but did not. So had to get the HDMI audio working since there was no other way of getting the audio out of the TV, and I definitely didn't want extra speakers cluttering up the office space.
Realising that the system had already identified the necessary hardware through the System Settings --> Sound it was obvious that no other drivers were required to install the system. Many sites tell you to download the Nvidia drivers, but you don't need to if your monitor is working correctly and if your device is identified in the sound settings.
A simple configuration change is required to GRUB to make the HDMI audio respond.
The only real change required is to add the following to the linux line.
radeon.audio=1
Making your line look as follows;
linux /vmlinuz-3.9.10-100.fc17.x86_64 root=UUID=ff744af5-abdf-4696-a87
b-3e3a5e5e055e ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=uk rd.luks=0 LANG=en_US.UTF-
8 quiet nouveau.modeset=0 radeon.audio=1
Realising that the system had already identified the necessary hardware through the System Settings --> Sound it was obvious that no other drivers were required to install the system. Many sites tell you to download the Nvidia drivers, but you don't need to if your monitor is working correctly and if your device is identified in the sound settings.
A simple configuration change is required to GRUB to make the HDMI audio respond.
The only real change required is to add the following to the linux line.
radeon.audio=1
Making your line look as follows;
linux /vmlinuz-3.9.10-100.fc17.x86_64 root=UUID=ff744af5-abdf-4696-a87
b-3e3a5e5e055e ro rd.md=0 rd.lvm=0 rd.dm=0 KEYTABLE=uk rd.luks=0 LANG=en_US.UTF-
8 quiet nouveau.modeset=0 radeon.audio=1
Wednesday, November 13, 2013
Bio-metrics, why are we still chasing a dead end?
The following article on the BBC caught my eye today;
http://www.bbc.co.uk/news/business-24898367
It amazes me that there is still research into an area that has more security flaws than any other system already presented. Currently the trusted third party Kerberos and 2 Factor auth are in most cases still the strongest method we have to date, until a human leaks the most essential part of the system. Which at this point we should note that any weakness in any security system is the users and the people responsible for them. We only need look at certain government agencies around the world to know this, and they have their own tests that claim these people are "trustworthy". Again another topic for another day.
Although in most circumstances bio-metrics seem like a great idea, they are at the end of the day something that Hollywood has created to make films look good, but in reality unless they have a backup system (which is essential) you could be wiped off the face of the earth and unrecognised in the space of seconds.
The saying "make sure you've got clean underpants on as you might be hit by a bus" springs to mind here.
Bio-metrics assumes that everyone is a healthy human being, that they don't grow or change and that they will never develop an illness that will disfigure them in anyway or form. At this point I could stop as you now already understand why this as a security mechanism is not safe, but I won't I'll add some more weight behind this to let those in the Bio industry understand why they should only develop these systems with an immediate backup, which in reality should be what is the primary system as it would be better (as yet to be discovered).
So the flaws in Bio-metrics;
1. Fingerprints have been used on laptops, phones and many other devices. Although I joke earlier about Hollywood they have proven the point that it is easy to obtain someones finger print, and the police have been doing it for years. Ah, but ... I hear you say. No, no but. Even with a heat detector to make sure that the person is alive can be fooled with a warm heat source at the right temperature. Further buts. Well OK, lets check for a pulse, ok next point.
2. The heart beat was one of the interesting ones recently announced, to state that the heart has a unique signature. True it does, but have we really done exhaustive tests? Pacemakers have a similar signature, so already we've failed our security test. Have we checked a persons heart after a heart attack or stroke to see if the rhythm remains the same? Still this is not secure enough, and we only need a recording device to generate the relevant beat.
3. As for the voice and the BBC link saying that there is no recording equipment that does uncompressed recording, well I'm sorry I don't need to record you over the phone I can do it face to face and get full uncompressed audio direct from you, so no voice is not a safe mechanism and can easily be recorded and used to fool these systems.
4. Retinal scans. Eyes can change too, even the unique pattern at the back. Blood clots, cataracts, and more, not to mention losing them.
So I beg you stop trying to link humans up to machines, or trying to find parts of the body to use as a security mechanisms as the body is a fragile thing and fragile things can be broken and broken things won't allow users back into a system.
At the end of the day and as was done in the old days, if someone wants something bad they will get it and they will always find a way. The safest way to deal with things in today's hi-tech world is to do it face to face. I believe that too many places have tried to make things too convenient, and it appears with convenience comes higher risk.
http://www.bbc.co.uk/news/business-24898367
It amazes me that there is still research into an area that has more security flaws than any other system already presented. Currently the trusted third party Kerberos and 2 Factor auth are in most cases still the strongest method we have to date, until a human leaks the most essential part of the system. Which at this point we should note that any weakness in any security system is the users and the people responsible for them. We only need look at certain government agencies around the world to know this, and they have their own tests that claim these people are "trustworthy". Again another topic for another day.
Although in most circumstances bio-metrics seem like a great idea, they are at the end of the day something that Hollywood has created to make films look good, but in reality unless they have a backup system (which is essential) you could be wiped off the face of the earth and unrecognised in the space of seconds.
The saying "make sure you've got clean underpants on as you might be hit by a bus" springs to mind here.
Bio-metrics assumes that everyone is a healthy human being, that they don't grow or change and that they will never develop an illness that will disfigure them in anyway or form. At this point I could stop as you now already understand why this as a security mechanism is not safe, but I won't I'll add some more weight behind this to let those in the Bio industry understand why they should only develop these systems with an immediate backup, which in reality should be what is the primary system as it would be better (as yet to be discovered).
So the flaws in Bio-metrics;
1. Fingerprints have been used on laptops, phones and many other devices. Although I joke earlier about Hollywood they have proven the point that it is easy to obtain someones finger print, and the police have been doing it for years. Ah, but ... I hear you say. No, no but. Even with a heat detector to make sure that the person is alive can be fooled with a warm heat source at the right temperature. Further buts. Well OK, lets check for a pulse, ok next point.
2. The heart beat was one of the interesting ones recently announced, to state that the heart has a unique signature. True it does, but have we really done exhaustive tests? Pacemakers have a similar signature, so already we've failed our security test. Have we checked a persons heart after a heart attack or stroke to see if the rhythm remains the same? Still this is not secure enough, and we only need a recording device to generate the relevant beat.
3. As for the voice and the BBC link saying that there is no recording equipment that does uncompressed recording, well I'm sorry I don't need to record you over the phone I can do it face to face and get full uncompressed audio direct from you, so no voice is not a safe mechanism and can easily be recorded and used to fool these systems.
4. Retinal scans. Eyes can change too, even the unique pattern at the back. Blood clots, cataracts, and more, not to mention losing them.
So I beg you stop trying to link humans up to machines, or trying to find parts of the body to use as a security mechanisms as the body is a fragile thing and fragile things can be broken and broken things won't allow users back into a system.
At the end of the day and as was done in the old days, if someone wants something bad they will get it and they will always find a way. The safest way to deal with things in today's hi-tech world is to do it face to face. I believe that too many places have tried to make things too convenient, and it appears with convenience comes higher risk.
Tuesday, November 12, 2013
Fedora 19 Custom Bootable DVD
I'm a stickler for the scripted installs. They're quick to produce provided you have a package list, and just as quick at installation as a LiveDVD.
The majority of web sites these days talk about create a Live distribution, which is close to performing a ghost of your system as you have to build it first and then use tools to create the DVD image for burning.
Even before PXE I was an avid fan of network installations (Solaris Jumpstart and IBM NIM on AIX). When PXE arrived and Linux was able to perform the same thing I was over the moon. The fact that you could take an equivalent (some mods) PXE style install and apply it to a DVD image with modifications to the isolinux.cfg file this made making automated DVD builds really easy, especially for one company that asked me to partly help modify their ability to build custom DVD images to build Fedora boxes. This was easy on FC14 and matched closely the values in a pxelinux.cfg file.
Fedora 19 on the other hand needed some extra work since GRUB2 and a complete change to the attributes requires in the isolinux.cfg file. However, having set down and hacked about with the isolinux.cfg file I can safely say that you can still build a scripted install of Fedora without having to use all those excess tools and without having to install an OS first.
The kickstart files remain unchanged in their answers (or so I've found so far).
To make the isolinux.cfg file recognise your script file you need to do the following;
1. Copy the DVD contents to a folder
2. Create your kickstart at the top level of the DVD rom directory structure
3. In the isolinux directory edit the isolinux.cfg file
The file I created had the following content;
default install
label install
kernel vmlinuz
append load_ramdisk=1 ramdisk_size=9216 initrd=initrd.img network ks=cdrom::/myInstall.ks inst.repo=cdrom inst.text
This will perform a text based installation rather than a GUI one. The key change really to all this is that the ks argument requrires the device containing the kickstart file and between the : : either blank as above (no spaces) for the system to find the cdrom device, or the full path of the device, e.g. /dev/sr0. The next change is the inst.repo which in this case is telling the boot loader that the install packages are on the cdrom and that it should be mounted. Finally instead of just typing text we now have to type inst.text to perform a non-GUI installation.
Once isolinux is changed you can create an iso image of the directory structure and then burn to disk.
All the relevant arguments to the append line can be found at http://wwoods.fedorapeople.org/doc/boot-options.html#_inst_stage2
The majority of web sites these days talk about create a Live distribution, which is close to performing a ghost of your system as you have to build it first and then use tools to create the DVD image for burning.
Even before PXE I was an avid fan of network installations (Solaris Jumpstart and IBM NIM on AIX). When PXE arrived and Linux was able to perform the same thing I was over the moon. The fact that you could take an equivalent (some mods) PXE style install and apply it to a DVD image with modifications to the isolinux.cfg file this made making automated DVD builds really easy, especially for one company that asked me to partly help modify their ability to build custom DVD images to build Fedora boxes. This was easy on FC14 and matched closely the values in a pxelinux.cfg file.
Fedora 19 on the other hand needed some extra work since GRUB2 and a complete change to the attributes requires in the isolinux.cfg file. However, having set down and hacked about with the isolinux.cfg file I can safely say that you can still build a scripted install of Fedora without having to use all those excess tools and without having to install an OS first.
The kickstart files remain unchanged in their answers (or so I've found so far).
To make the isolinux.cfg file recognise your script file you need to do the following;
1. Copy the DVD contents to a folder
2. Create your kickstart at the top level of the DVD rom directory structure
3. In the isolinux directory edit the isolinux.cfg file
The file I created had the following content;
default install
label install
kernel vmlinuz
append load_ramdisk=1 ramdisk_size=9216 initrd=initrd.img network ks=cdrom::/myInstall.ks inst.repo=cdrom inst.text
This will perform a text based installation rather than a GUI one. The key change really to all this is that the ks argument requrires the device containing the kickstart file and between the : : either blank as above (no spaces) for the system to find the cdrom device, or the full path of the device, e.g. /dev/sr0. The next change is the inst.repo which in this case is telling the boot loader that the install packages are on the cdrom and that it should be mounted. Finally instead of just typing text we now have to type inst.text to perform a non-GUI installation.
Once isolinux is changed you can create an iso image of the directory structure and then burn to disk.
All the relevant arguments to the append line can be found at http://wwoods.fedorapeople.org/doc/boot-options.html#_inst_stage2
Wednesday, October 30, 2013
Linux Automatic Login At Command Line
Since I'm about to build a tiny little media player with the Raspberry PI, I thought I'd write myself some notes to remind me of some set up features that I might require. Creating an automated log on for the GUI is fairly straight forward as the generally relies on messing around with the GDM files.
It turns out it is also easy for the command line too.
/etc/init/tty.conf is used to control what happens with console log on.
The line;
exec /sbin/mingetty $TTY
Is the default line that tells the getty process to perform the log on prompt. You can change this to suit your needs, so if you wanted root to log on you could do;
exec /sbin/mingetty --autologin root $TTY
This will log the system in as root at a command prompt.
Other options to mingetty;
--loginprog=/sbin/someprogram
--chdir=/somedirectory
--chroot=/jaildirectory
man mingetty will tell you the rest
For systemd based versions you need to do the following;
Change to the /etc/systemd/system folder.
If you need more terminals then do the following;
cp /lib/systemd/system/getty@.service /etc/systemd/system/autologin@.service
ln -sf /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
In the file getty.target.wants/getty@tty1.service change the following;
ExecStart=-/sbin/agetty --autologin root %I
Obviously substitute root for your specific user.
It turns out it is also easy for the command line too.
/etc/init/tty.conf is used to control what happens with console log on.
The line;
exec /sbin/mingetty $TTY
Is the default line that tells the getty process to perform the log on prompt. You can change this to suit your needs, so if you wanted root to log on you could do;
exec /sbin/mingetty --autologin root $TTY
This will log the system in as root at a command prompt.
Other options to mingetty;
--loginprog=/sbin/someprogram
--chdir=/somedirectory
--chroot=/jaildirectory
man mingetty will tell you the rest
For systemd based versions you need to do the following;
Change to the /etc/systemd/system folder.
If you need more terminals then do the following;
cp /lib/systemd/system/getty@.service /etc/systemd/system/autologin@.service
ln -sf /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service
In the file getty.target.wants/getty@tty1.service change the following;
ExecStart=-/sbin/agetty --autologin root %I
Obviously substitute root for your specific user.
Monday, April 8, 2013
Unlocking Blackberry For Free
Unlock Your Blackberry For Free
Whilst playing with an old Blackberry, I finally discovered some free software that calculates the unlock code for some devices.
Now I cannot guarantee, in the same way that others do, that this might not work for your device.
You can download the tool from;
http://www.filecrop.com/bb-calculator-free.html
Or alternatively search for "BB Calculator Free".
For this tool you'll need only your IMEI number (normally printed inside your phone under the battery) and the MEP number which you can obtain on most Blackberry devices by holding down alt + shift + H.
The IMEI number can also be obtained from the same screen as the MEP number, so saves you taking out the battery.
Once you have the IMEI number and the MEP just enter them into the BB Calculator tool in the "Code Calculator" tab. Note that the IMEI is entered as one long number, so ignore any dots, etc. Hit the "Calculate Codes" button and an MEP2 line will appear with a number. This is the number that you will need to enter into your Blackberry.
http://crackberry.com/unlocking-blackberry should be able to help you find out how to enter your new MEP2 code. For most Curve models you can do the following (but check the URL first);
1. Have the original SIM card in the phone (even if it is no longer valid on the network)
2. Go to Settings - Advanced Options - SIM Card
3. On that screen type in the following mepd nothing will appear on the screen whilst typing
4. Then immediately type mep2 again nothing will show whilst typing, but a pop up screen will appear to type in your code if you have typed the 2 words in correct
5. Type in the MEP2 code that you obtained from the BB Caculator Free tool and press either enter or the trackball
6. If the code worked you will see Code Accepted
Whilst playing with an old Blackberry, I finally discovered some free software that calculates the unlock code for some devices.
Now I cannot guarantee, in the same way that others do, that this might not work for your device.
You can download the tool from;
http://www.filecrop.com/bb-calculator-free.html
Or alternatively search for "BB Calculator Free".
For this tool you'll need only your IMEI number (normally printed inside your phone under the battery) and the MEP number which you can obtain on most Blackberry devices by holding down alt + shift + H.
The IMEI number can also be obtained from the same screen as the MEP number, so saves you taking out the battery.
Once you have the IMEI number and the MEP just enter them into the BB Calculator tool in the "Code Calculator" tab. Note that the IMEI is entered as one long number, so ignore any dots, etc. Hit the "Calculate Codes" button and an MEP2 line will appear with a number. This is the number that you will need to enter into your Blackberry.
http://crackberry.com/unlocking-blackberry should be able to help you find out how to enter your new MEP2 code. For most Curve models you can do the following (but check the URL first);
1. Have the original SIM card in the phone (even if it is no longer valid on the network)
2. Go to Settings - Advanced Options - SIM Card
3. On that screen type in the following mepd nothing will appear on the screen whilst typing
4. Then immediately type mep2 again nothing will show whilst typing, but a pop up screen will appear to type in your code if you have typed the 2 words in correct
5. Type in the MEP2 code that you obtained from the BB Caculator Free tool and press either enter or the trackball
6. If the code worked you will see Code Accepted
Thursday, March 28, 2013
Thunderbird and copying between IMAP accounts
The Issue
If you have multiple IMAP accounts and wish to copy messages with attachments between the 2 accounts you may find that when you come to open the attachment on the other account that Thunderbird generates the following error message:
This attachment appears to be empty.
Please check with the person who sent this.
Often company firewalls or antivirus programs will destroy attachments.
This blogget will tell you how to overcome this issue and not to panic when it occurs as the attachment did copy across without any issues.
Copying The Message
In Thunderbird messages can be copied between accounts using the following steps.
If you have multiple IMAP accounts and wish to copy messages with attachments between the 2 accounts you may find that when you come to open the attachment on the other account that Thunderbird generates the following error message:
This attachment appears to be empty.
Please check with the person who sent this.
Often company firewalls or antivirus programs will destroy attachments.
This blogget will tell you how to overcome this issue and not to panic when it occurs as the attachment did copy across without any issues.
Copying The Message
In Thunderbird messages can be copied between accounts using the following steps.
- Select [multiple|the] message(s) that you wish to copy to the same folder in another account
- Right click one of the sselected message(s)
- Select the Copy To option
- Then select the Email account you want to copy to
- Then select further to drill down to the folder you wish to copy the messages to
- Once at the lowest level of selection the messages will start to copy
- Your original messages will still remain on the original server
Moving The Message
In Thunderbird messages can be moved between accounts using the following steps.
- Select [multiple|the] message(s) that you wish to move to the same folder in another account
- Right click one of the sselected message(s)
- Select the Move To option
- Then select the Email account you want to move to
- Then select further to drill down to the folder you wish to move the messages to
- Once at the lowest level of selection the messages will start to move
- Your original messages will be removed from the original server
Shorter Method
- Select [multiple|the] message(s) that you wish to move to the same folder in another account
- Click and hold one of the selected messages
- Drag to the folder on the other account
- Messages will start to be moved between the accounts
- Your original messages will be removed from the original server
Looking At The Messages In The New Account
Now select the folder of the account you have just copied the Email messages to, and find one of the Emails that contains an attachment. When you attempt to view the attachment you will receive the message described at the beginning of this document:
This attachment appears to be empty.
Please check with the person who sent this.
Often company firewalls or antivirus programs will destroy attachments.
Rectifying The Error
Use the following steps to resolve the issue:
Please check with the person who sent this.
Often company firewalls or antivirus programs will destroy attachments.
Rectifying The Error
Use the following steps to resolve the issue:
- Right click on the folder
- Select Properties
- Click the Repair Folder button
- Now select a different message and then the one with the attachment
- Select the attachment and it will now open
Do this for any folder where you receive this error with attacments and you will be able to view them again. Most of the issues revolve around the MIME boundary being set incorrectly and the repair folder sorts these out so that the attachment can be found again.
Subscribe to:
Posts (Atom)