Crashing, teleporting and syncing Virtualbox

I’ve been playing around with Virtualbox over the last few days, trying to set it up just right for me. One of the hurdles was working around a bug in the 3.0.0 release that caused guests to crash when performing downloads in them. Changing the virtual network card from “PCnet-FAST III” to “Intel PRO/1000 MT Desktop” proved to be a good temporary solution, but the bug got squashed in version 3.0.2.
Next on my list was getting the “shared folder“, which I configured in Virtualbox (look ma, no samba), to automount in my Ubuntu-guest with read-write permissions for my non-root user. I ended up adding this line to /etc/fstab (the dmode and fmode-options did the trick eventually):

teleporter /home/frank/Desktop/teleporter vboxsf rw,dmode=777,fmode=777,uid=1000,gid=1000,auto 0 0

And to wrap things up I also installed the Mozilla Labs Weave-plugin, which syncs a.o. bookmarks and passwords in Firefox between my 3 environments. It caused me some headaches at first, synchronizing just seemed to take forever and no error was shown in the frontend. But I found some obscure messages (things like “Exception caught from onComplete handler of CryptoWrap__decrypt-57 generator”) in the verbose log and Google linked those to a post on the Weave Google Group which explained that the problem was with an incorrect “encryption passphrase”. And sure enough Weave was syncing happily after once I re-entered my -too complex- passphrase.

‘Cause I’m free, to do what I want, any old time

Freedom comes in many shapes and forms, but give me a computer which is not burdened by corporate software and enforced group policies and give me internet access that is not limited by proxies that prohibit you from using half of the web and I’m a happy little futtta. I cracked the proxy thingie problem at work some time ago already, but the computer/OS-part remained an issue up until now. I tried virtualization with VMWare and Qemu but wasn’t convinced and booting into my “disktop” (Ubuntu 8.04 intalled on an USB-connected external HD) while at work was far from efficient, so I kept jerking around in the uninviting environment which is the maimed Windows XP we have to put up with here.
But some time ago my laptop got a memory upgrade (from 1 to 2 Gb) and last week Paul Cobbaut wrote about Virtualbox on his blog. I installed this example of German craftsmanship (both a “free as in beer” and an open source version are available, version 3 was just released a few hours ago!) and my computer hasn’t been the same since. I’m now running a fullscreen (guest additions rock) Virtualbox virtual machine with Ubuntu 9.04, using an openssh-provided (with some help from corkscrew, off course) socks-proxy for unlimited internet access and I feel like a kid that has just been allowed in a playground.
a screenshot of virtualbox 3 on windows xp
Next to Ubuntu, I also installed Opensolaris (which seems to need a shitload of RAM) and a leaked version of the emulator of that much anticipated (well, by me at least) Palm WebOS. On my disktop I installed the Linux-version of Virtualbox and I’ve got OS-weirdness such as ReactOS, Haiku and Syllable running there. Hell, maybe I’ll even install (a clean version of) Windows XP in a virtual machine there, just to make it full circle. ‘Cause I’m free!

Soup Dragons - "I'm Free"

Joikuspot connection problem with Ubuntu Linux

This weekend I had to resort to Joikuspot (software that turns your 3G-cellphone into a wireless gateway to the internet) for my web-needs. Because I encountered a few problems setting up a connection from my Ubuntu laptop, here’s a quick recap for documentations sake.
The rather fundamental issue was that I couldn’t get my computer (a Dell D620 running Ubuntu 8.04 with the iwl3945 driver) to join the ad-hoc wifi-network which Joikuspot (on a Nokia e61i) created. As connecting from my wife’s Windows XP laptop did work, I googled around a bit and it turned out I had to specifically set the channel used by Joikuspot to 1 or 6 instead of “automatic” or 11. Although NetworkManager still seemed confused, this did allow me to connect from the command line (disabling wireless networking in NM first and then using iwconfig and dhclient). But why joining an ad-hoc wifi-network on channel 11 doesn’t work in Ubuntu, that I still don’t know.
Once connected to the wireless network, I found out that Joikuspot Light requires your browser to auto-detect a proxy. The proxy in Joikuspot seems to be used to limit the functionality of the free version and gently push you towards the non-free Premium product. As my normal web-connection came back soon after I figured this out, I didn’t bother to test if I could tunnel my way out of those limitations. But crippled or not, Joikuspot is great to have around when your broadband connection is down.

Fun with caching in PHP with APC (and others)

After installing APC, I looked through the documentation on php.net and noticed 3 interesting functions with regards to session-independent data caching in PHP;

When talking about caching, apc_delete might not be that important, as apc_store allows you to set the TTL (time to live) of the variable you’re storing. If you try to retrieve a stored variable which exceeded the TTL, APC will return FALSE, which tells you to update your cache.
All this means that adding 5 minutes worth of caching to your application could be as simple as doing;

if (($stringValue=apc_fetch($stringKey)) === FALSE) {
$stringValue = yourNormalDogSlowFunctionToGetValue($stringKey);
apc_store($stringKey,$stringValue,300);
}

From a security point-of-view however (esp. on a shared environment) the APC-functions should be considered extremely dangerous. There are no mechanisms to prevent a denial of service; everyone who “does PHP” on a server can fill the APC-cache entirely. Worse yet, using apc_cache_info you can get a list of all keys which you in turn can use to retrieve all associated values, meaning data theft can be an issue as well. But if you’re on a server of your own (and if you trust all php-scripts you install on there), the APC-functions can be sheer bliss!
And off course other opcode caching components such as XCache and eAccelerator offer similar functionality (although it’s disabled by default in eAccelerator because of the security concerns).

Trading eAccelerator for APC

Yesterday I somewhat reluctantly removed eAccelerator from my server (Debian Etch) and installed APC instead. Not because I wasn’t satisfied with performance of eAccelerator, but because the packaged version of it was not in the Debian repositories (Andrew McMillan provided the debs), and those debs weren’t upgraded at the same pace and thus broke my normal upgrade-routine. Moreover APC will apparently become a default part of PHP6 (making the Alternative PHP Cache the default opcode cache component). Installation was as easy as doing “pecl install apc” and adding apc to php.ini. Everything seems to be running as great as it did with eAccelerator (as most test seem to confirm).

Truecrypt verbergt nu ook hele olifanten

truecrypt logoKort maar krachtig; er is een nieuwe versie van Truecrypt uit, waarmee je (als je Windows gebruikt) nu ook een heel OS kunt verbergen. Maar persoonlijk ben ik vooral content met het feit dat je in de LInux- (en Mac OS X-) versie nu ook hidden volumes kunt aanmaken (een truecrypt volume in een truecrypt volume, waarvan het het bestaan niet te bewijzen is) en dat de Linux-versie nu sneller is omdat ze de cryptografische functies van de kernel gebruikt. Je kunt Truecrypt 6 hier downloaden, zelfs als je niet Bertrand Sassoye heet.

Linux distro’s en SSH-bugs in beeld

Vandaag 2 opvallende beeldekes gezien in verband met Linux, snel even op de blog gooien::
Naar aanleiding van de lichtjes genante openssl-bug in Debian-gebaseerde distro’s deze grappige cartoon van xkcd (de inhoud van de title-tag komt ook van daar!):
 

True story: I had to try several times to upload this comic because my ssh key was blacklisted.

Iets serieuzer (alhoewel, een openssl-bug is eigenlijk bijzonder serieus), een indrukwekkende Linux-distro timeline zoals gevonden in een interessant artikel over forking van FOSS-projecten (nav. de recente boedelscheiding in het Pidgin-kamp):

linux distro's stamboom (by NPA, hosted at kde-files.org)

Ubuntu Hardy upgrade a breeze!

I upgraded my Ubuntu “disktop” from 7.10 to the new Ubuntu 8.04 (aka Hardy Heron) today. The entire process took around 1h30 (download of packages was rather slow) and was incredibly straightforward (as shown in upgrade docs). Everything seems to work flawlessly as far as I can tell.
Hardy is running Firefox 3 beta 5, but Ubuntu/ Canonical will provide upgrades as FF3 goes through it’s final release-stages. Strange as including a Beta might seem, this actually is a wise thing. FF3b4 and b5 have proven to be quite stable (i’ve switched from FF2 approx. 2 months ago, haven’t looked back since). Moreover, Hardy is a “Long term support”-release, with the Desktop-version receiving support until 2011 and the Server-version until 2013 and using FF3 ensures Ubuntu of continued support (read: security updates) of the Mozilla-team in the years to come.
Check out the release notes for more details about Ubuntu 8.04 LTS.

hardy_disktop

Truecrypt 5; meer encryptie, meer platformen

screenshot of truecrypt 5 GUI on ubuntu 7.10Sinds een paar dagen is er een nieuwe versie uitgekomen van één mijner favoriete tools: Truecrypt. De belangrijkste nieuwe features:

  • system disk encryption voor Windows: Truecrypt kan je HD on-the-fly versleutelen en installeert dan een eigen boot loader die, na het invullen van de correcte credentials, de boel decrypteert en Windows opstart. En omdat performantie dan dubbel zo belangrijk is, zou de read/write snelheid dankzij pipelined operations tot 100% hoger zijn dan in versie 4.3.
  • de Linux-versie (er zijn binaries voor Ubuntu en OpenSuse, de rest van de wereld mag zelf compileren) heeft nu ook een propere GUI (zie screenshot hiernaast) en gebruikt daarvoor wxwidgets. Truecrypt nestelt zich mooi in de Gnome notification area en als je dubbelklikt op een gemount volume opent de inhoud daarvan zich proper in Nautilus. Truecrypt voor Linux is ook onder de motorkap grondig herwerkt; het gebruikt nu fuse om te mounten en is daarmee dus minder rechtstreeks afhankelijk van de kernel.
  • En er is nu ook versie voor Mac OS X (10.3 en 10.4, klik voor screenshot), die gebruikt blijkbaar ook wxwidgets en (mac)fuse, overigens.
  • De ‘mode of operation’ is nu XTS ipv LRW (geen idee wat dat betekent, maar u misschien wel, dus there you go!).

Voor de rest biedt Truecrypt als vanouds file- en device-based encrypted volumes, is het nog steeds mogelijk om in het ene Truecrypt-volume een ander volledig onzichtbaar te verbergen en werkt dat vooral allemaal heel intuïtief en transparant. Truecrypt 5 is daarmee een sterke cross-platform (freebsd ontbreekt officieel, maar staat wel vermeld in de makefile Philip 😉 ), gebruiksvriendelijke open source oplossing om data betrekkelijk veilig op te slaan. Een aanrader, zeg ik U!

my sftp beats your ftp’s ass big time!

Het klinkt onwaarschijnlijk, maar soms wordt me nog gevraagd om de FTP-toegang naar een unix/linux-server waar ik vaagweg iets mee te maken heb, open te laten zetten. Ik zeg dan steevast “Neen”, want ik ben -dat weet ge- een moeilijk mens. Daarnaast kan ik mijn botte weigering ook met een paar stevige argumenten staven, zoals daar zijn:

  • FTP is by design absoluut geen veilig protocol
  • op een server mag nooit meer geïnstalleerd staan dan het allernoodzakelijkste; dit beperkt onnodig gebruik van system resources en maakt de attack vector voor hackers (crackers) kleiner
  • en vooral: er is een fantastisch alternatief, SFTP

Mijn antwoord is in de realiteit dus eerder: “Neen, maar ge kunt wel SFTP-toegang krijgen” en ik vervolg met “Dat kan ongeveer hetzelfde, maar het is een uitbreiding op Secure SHell en staat standaard al op de server geïnstalleerd”.
“Maar dat kennen we niet, SFTP”, verzetten de laatsten der FTP’ers zich soms nog. Ik verwijs hun dan naar het sublieme WinSCP voor Windows of naar de FileZilla voor Windows, Mac OS X of Linux en vermeld tenslotte dat ook bv. Dreamweaver SFTP ook perfect ondersteund. Met die (en vele andere) software kan iedereen in een fancy grafische omgeving genieten van het veilige gevoel van SFTP. Zeg nu zelf, waarom zoudt ge dan nog FTP-toegang moeten hebben?
(Voetnoot: wat ik meestal niet vertel 😉