Category Archives: Beginner

Check for new versions of Firefox, Thunderbird

#!/bin/bash 
 
function checkVersion() { 
        V1=$1 
        V2=$2 
 
        MAJ1=$(echo $V1 | cut -d. -f1) 
        MIN1=$(echo $V1 | cut -d. -f2) 
        REV1=$(echo $V1 | cut -d. -f3) 
 
        MAJ2=$(echo $V2 | cut -d. -f1) 
        MIN2=$(echo $V2 | cut -d. -f2) 
        REV2=$(echo $V2 | cut -d. -f3) 
 
        if [[ $MAJ1 -lt $MAJ2 ]] ; then 
                return 1; 
        fi 
 
        if [[ $MAJ1 -eq $MAJ2 ]] ; then 
                if [[ -n "$MIN2" ]] ; then 
                        if [[ -n "$MIN1" ]] ; then 
                                if [[ $MIN1 -lt $MIN2 ]] ; then 
                                        return 1; 
                                fi 
 
                                if [[ $MIN1 -eq $MIN2 ]] ; then 
                                        if [[ -n "$REV2" ]] ; then 
                                                if [[ -n "$REV1" ]] ; then 
                                                        if [[ $REV1 -lt $REV2 ]] ; then 
                                                                return 1; 
                                                        fi 
                                                else 
                                                        return 1; 
                                                fi 
                                        fi 
                                fi 
                        else 
                                return 1; 
                        fi 
                fi 
        fi 
 
        return 0; 
} 
 
# Check Thunderbird 
TB=$(curl -s https://ftp.mozilla.org/pub/thunderbird/releases/ | sed -n "s/^\s\+<td><a href=\".*\">\(.*\)\/<\/a><\/td>$/\1/gp" | sort -g | grep -v b | tail -n 1 ) 
TBL=$(thunderbird -v | sed -n "s/^\s*Thunderbird\s*\(.*\)$/\1/gp") 
 
checkVersion $TBL $TB 
if [[ $? -eq 1 ]] ; then 
        echo "Update Thunderbird ($TBL -> $TB)" 
fi 
 
# Check Firefox 
TB=$(curl -s https://ftp.mozilla.org/pub/firefox/releases/ | sed -n "s/^\s\+<td><a href=\".*\">\(.*\)\/<\/a><\/td>$/\1/gp" | sort -g | grep -v b | tail -n 1 ) 
TBL=$(firefox -v | sed -n "s/^.*Firefox\s*\(.*\)$/\1/gp") 
 
checkVersion $TBL $TB 
if [[ $? -eq 1 ]] ; then 
        echo "Update Firefox ($TBL -> $TB)" 
fi
Share

That was 2017

Ubuntu 16.04 LTS Security Notices

Overall USNs: 348

Highest CVE priority fixed by USN:

  • High: 61
  • Medium: 277
  • Low: 5

Bugfixes in Red Hat Enterprise Linux 7

https://www.redhat.com/security/data/metrics/

Critical: 45 vulnerabilities
** Average time for fixing: 2 days
** 15% were 0day
** 37% were within 1 day
** 100% were within 7 days
** 100% were within 14 days
** 100% were within 31 days
** 100% were within 90 days

Important: 137 vulnerabilities
**Average time for fixing: 39 days
** 22% were 0day
** 29% were within 1 day
** 63% were within 7 days
** 65% were within 14 days
** 69% were within 31 days
** 87% were within 90 days

Moderate: 308 vulnerabilities
**Average time for fixing: 165 days
** 3% were 0day
** 8% were within 1 day
** 20% were within 7 days
** 21% were within 14 days
** 25% were within 31 days
** 43% were within 90 days

Low: 103 vulnerabilities
**Average time for fixing: 264 days
** 0% were 0day
** 2% were within 1 day
** 7% were within 7 days
** 7% were within 14 days
** 7% were within 31 days
** 19% were within 90 days

Share

Top 20 reasons for choosing weak passwords

  1. You just don't care because the account does not contain sensitive data and you are not using your real name anyway.
  2. Typing in strong passwords with a combination of special characters and regular characters takes ages on smart phones and tablets.
  3. Computers can't be trusted anyway, so why bother with a complicated password?
  4. Nobody is interested in you anyway.
  5. Password is for a shared account. Explaining to someone the password "%&__!(E2-<"+?=-:*d3//#@" over the phone is just too nerve wrecking.
  6. You want to have access to the account in case of an emergency, and you are afraid to forget the password if it is too complicated.
  7. "12345" can not be so bad if everyone else is using it as a password.
  8. After using strong passwords for years, your wifi was hacked by a 13 year old neighbor kid who got bored playing World of Warcraft on a Saturday evening.
  9. When creating an account you first choose a password easy to remember, only to change it later to a much more secure password. Never happens.
  10. The real password is your username.
  11. You are a math genius: If "12345" is so highly likely to be guessed, why do these numbers never get picked by the national lottery?
  12. Two words: Quantum computers
  13. Passwords are for pussies: Secret information is hidden in porn movies using steganography.
  14. You are a celebrity who wants to get into the headlines.
  15. You want to become a celebrity and therefore use every way to get into the headlines.
  16. Wife wants to set a trap for her husband to see if he is spying on her. Chooses a weak password and checks login times regularly.
  17. What was the question? Passwords? ... yeah ... do you know where my skateboard is?
  18. You know that "12345" is not secure, but at least it's more secure than "1234".
  19. The account is only a temporary account. You use it once and then forget about it.
  20. The account was automatically created by a script.
Share

Restart graphical user interface in Linux

To help you better understand how to restart the GUI in Linux, here are some background information about how the GUI works in Linux:

If you are familiar with Windows, you know that the graphical Windows interface is tightly integrated into Windows. If you start a Windows computer, you automatically start the graphical user interface (GUI). First the Windows logo is twirling around, and then you are presented with the login screen. Only recent server versions of Windows have the option to be installed without graphical user interface. It is called "Server Core", and even in this mode Windows displays a very basic graphical surface that has only a terminal window. This desktopless installation option was a big deal for Windows, as the GUI is so tightly integrated into the operating system. Also there was no adequate command line interface to control and configure all Windows functions. Therefore Microsoft put great effort into making the PowerShell just as "powerful" as the graphical Windows interface.

Linux follows a completely different approach. By default if you start Linux, only the basic command line interface is started. You are presented with a text login screen, and after you login you see the command prompt of your shell in text mode.

The GUI in Linux is built on top of this minimal system. It is made up of a couple of processes that are launched by the root user and the user that is currently logged in. The starting point for the GUI is a program called the "display manager". The display manager starts the display server and presents you with a graphical login screen. After successful login it starts your desktop environment and your programs like web browser or email client.

So here is the chain of events that start your Linux desktop:

 NameDescriptionExamples
1display managerStarts x-server and displays graphical login screen. After successful login, the desktop environment will be startedGDM, LightDM, KDM, SDDM, etc.
2desktop environmentStarts its window manager and runs user programs.Gnome, Unity, KDE, etc.
3window managerDetermines the look-and-feel of your GUI and is responsible for any 2D / 3D effects.Mutter, Compiz, KWin, etc.

The display server is the actual component that is responsible for drawing pixels on the screen and communicates with graphics card, mouse and keyboard under a graphical environment. Therefore it needs to be present both before and after graphical login. Notice that this is not the case for the desktop environment nor the window manager. They are only started after successful login. As of today the by far most popular display server is the x-server (also known as X11 or x.org server), although it will probably be replaced soon by other display servers like Wayland or Mir. When it comes to 2D- and 3D effects, this is performed by the window manager.

While there is a tight integration of desktop environment and window manager, you can use any display manager to start your favorite desktop environment. Usually there is an option on the login screen to tell the display manager which desktop environment to start after successful login. That might be useful if you accidentally installed and activated another login manager. Let's say you are running Gnome with the GDM display manager. After installing a KDE program, the dependencies of the program package pulled in the whole QT libraries along with the KDM display manager. The next time you login you are presented with the KDM display manager. This is actually no big deal. Just select the GNOME desktop environment from the options menu of KDM. After typing in username and password GNOME will be started.

Here is a list of desktop environments with their default display manager:

Desktop EnvironmentDefault Display Manager
UnityLightDM
GNOMEGDM
KDEKDM (obsolete) / SDDM

How does Linux know which display manager to start if there are more than one installed?
The file /etc/X11/default-display-manager contains the full path of the default display manager to start.

Back to the original question: How do you restart the graphical user interface of Linux without rebooting the whole computer? The answer is easy: Just restart the display manager.

As we have seen earlier, the display manager is actually the starting point for the whole GUI. By shutting down the display manager, all graphical processes will be stopped too. Here is an example how to stop SDDM (run as root):

$ sudo killall sddm

SDDM will be restarted automatically. With other display managers you may have to start them manually as root.

There is also a way to bypass the display manager. If you are already logged in as a regular user in text mode, you can also start the desktop environment manually. E.g. for KDE you would type in:

$ /usr/bin/startkde

Always make sure to start the desktop environment as a non-privileged user, not as root. Otherwise all programs will be running with root privileges, which is something you should avoid at all costs. If you want to start individual programs with root privileges (e.g. WireShark), there are tools like "kdesudo" that launch a program under the root user.

Important things to note:

  • Unlike Windows there is a strict separation of the graphical user interface and the basic system in Linux.
  • The display manager is started by the root user. It is the entry point for the graphical user interface.
  • The desktop environment is run by a non-privileged user, typically the user that logs into the display manager.
  • In general you can use any display manager to start any desktop environment. You can use GDM to start KDE, or SDDM to start GNOME.
  • To restart the graphical user interface, you need to restart the display manager.
Share

How to download Twitter videos (animated GIFs)

There are 2 types of Twitter videos: animated GIFs and real videos. This post is about animated GIFs. They have the text "GIF" printed on them when they are not playing.

To download animated GIFs there doesn't seem to be an easy way in Google Chrome unless you use an extension.

In Firefox:

  • open the tweet
  • right click on the video
  • choose "This Frame" -> "Page Info"
  • Under "Media" choose the mp4-file and click "Save As..."

 

Share

Buying a used SATA disk

With the evolution of SSD drives, people are selling their old magnetic disks on Ebay or other platforms really cheap. Here are some steps to take after plugging in a bought SATA drive into your Linux system.

Keep in mind that all disk information probably can be manipulated, including model name, serial number, firmware, etc.

Check general drive information

# hdparm -I /dev/sdx
- Model Number
- Serial Number (to identify physical drive e.g. in case of replacement)
- Nominal Media Rotation Rate
- DMA: udma6
- Write cache
- SMART error logging
- SMART self-test
- SCT Error Recovery Control (if used in a RAID array)
- Security: Passwort not enabled/locked
(Enabled features are preceded by *)

Check SMART capabilities

# smartctl -i /dev/sdx
- SMART support is: Availabe
- SMART support is: Enabled (if not, enable it with "smartctl -s on /dev/sdx")

Check detailed SMART information

# smartctl -a /dev/sdx
- Model Family/Device Model
- User Capacity
- Rotation Rate
- SATA Version: current speed
- Vendor specific SMART attributes:
o Start_Stop_Count
    (Usually the same as Power_Cycle_Count)
o Reallocated_Sector_Ct
    (Bad sectors that have been marked by the disk?)
o Power_On_Hours
    (Disk has been used 24/7 as a NAS drive?)
o Power_Cycle_Count
    (Usually the same as Start_Stop_Count)
o G-Sense_Error_Rate
   (Disk has been dropped on the floor?)
o Load_Cycle_Count
   (Usually the same as Start_Stop_Count and Power_Cycle_Count)
o Temperature_Celsius
- SMART Error Log (Are there any entries?)
- SMART Self-test (Anything other than "Completed without error")

Temperature history and SCT

# smartctl -x /dev/sdx
- Temperature history
- SCT Error Recovery Control
    (Only important for use in RAID arrays, see one of my previous posts)

SMART tests

SMART tests do not degrade drive performance, they are more like collecting statistical data from the drive. Online and offline tests can be executed during normal operation.

# smartctl -t long /dev/sdx
Expected output:

root@linux:~# smartctl -t long /dev/sdx

=== START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION ===
Sending command: "Execute SMART Extended self-test routine immediately in off-line mode".
Drive command "Execute SMART Extended self-test routine immediately in off-line mode" successful.
Testing has begun.
Please wait 103 minutes for test to complete.
Test will complete after Fri May 20 09:48:56 2016

Use smartctl -X to abort test.

Check test result in drive logs:

# smartctl -l selftest /dev/sdx
Expected output:

=== START OF READ SMART DATA SECTION ===
SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Extended offline Completed without error 00% 37143 -

# smartctl -l error /dev/sdx
Expected output:

=== START OF READ SMART DATA SECTION ===
SMART Error Log Version: 1
No Errors Logged

Conclusion

So what are you doing if some of the values are not looking right? Don't worry. The drive might still be working without problems for one or two years. But you should have an eye on it:

  • Run regular SMART tests to see if error rate / reallocated sector count increases.
  • Don't use the drive as a sole disk medium for critical high performance data. Maybe make it part of a RAID 1 or RAID 6 array or use it as a hotspare / cold standby drive. Even then you should run regular SMART tests on the drive.
  • Make sure that the temperature is not too high (should be somewhere around 40 degrees celcius and is dependent on the drive).
  • Minimize power cycles. Using a worn out disk on a PC or laptop that gets rebooted a couple of times every day is not a good idea.
  • If you can afford it, use more file system and RAID caching to minimize disk reads and writes. RAID controllers usually support writethrough and writeback. While writeback minimizes disk writes, it should only be used on battery backed or flash backed RAID controllers. Don't use software RAID or fake RAID controllers.
  • On Linux there is a tool called iotop to identify processes with heavy read/write operations. Reconfigure your system to use different disks.
  • Run the disk for a couple of days without any important data on it. Check SMART values and see if you are comfortable with it.
  • Make frequent backups of your data to prepare for disk failure. Don't use the drive as a backup medium.
  • Don't use the drive in high availability environments (with or without RAID). If you use the drive in your laptop or a PC without RAID, make sure to have a spare drive at hand and make daily backups.

Why should I go through all this and not buy a new drive? At least its more reliable and the higher price will pay off.

Even new drives might fail within a couple of days or weeks without any prior signs. There is no guarantee that a drive - new or old - will not stop working from one second to the next. Of course older drives are more likely to fail than new drives (see MTBF / load/unload cycles / power-on hours / warranty duration of your drive specification data-sheet).

But if you prepare carefully for disk failures and minimize the risk, you can save some money and spend it for that brand new SSD drive that will be out on the market in one year. SSD technology is progressing rapidly and it might be worth waiting for the prices to drop.

Share

Farmville 2 on Ubuntu Linux (Flash)

If you have trouble running Farmville 2 on you Linux installation in your browser, you should consider upgrading to the latest Ubuntu 16.04 version. I was experiencing some strange problems with an older Ubuntu 14.04 installation and from one day to the next could not run Farmville 2 any longer:

  • Farmville 2 was showing the initial loading screen with the progress bar right in the center, but the progress bar was not moving at all. There was no sound, no error message. Other flash applications were working fine.
  • I tried different browsers with no success: Chromium, Google Chrome, Firefox
  • I tried different Flash versions with no success: adobe flash, pepperflash

Upgrading to Ubuntu 16.04 (see one of my previous posts) solved the problem. I am using the following versions:

  • Chromium (chromium-browser 50.0.2661.102)
  • Flash (pepperflashplugin-nonfree 1.8.2, flash version 21.0.0.242)

Make sure your browser is using the right flash plugin by typing "about:plugins" in the address bar of your Chromium browser (UPDATE: this page is not working anymore, s. https://bugs.chromium.org/p/chromium/issues/detail?id=615738). It might be that you have several flash versions installed on your computer and Chromium is using an old one. Check your flash version on the official Adobe website: http://www.adobe.com/software/flash/about

Chromium is storing flash plugin information in the folder /etc/chromium-browser/customizations. For every installed flash plugin, there is a flash configuration file:

  • 10-flash (adobe-flashplugin / flashplugin-installer)
  • pepperflashplugin-nonfree (pepperflashplugin-nonfree)

Move the file of the flash package you are not using to a backup location and restart Chromium. The flash configuration file also sets the file location of the flash plugin that gets loaded into your browser. Make sure the plugin file path is pointing to the official flash plugin shared object (/usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so).

With that configuration I am now able to run Farmville 2 on Facebook and use all of its features (which were not all working before either):

  • Full screen mode
  • Sound on/off toggle
  • Screenshot

WARNING:

  • Flash is known to have frequent security issues. If you do not absolutely need Flash, you should remove it from your computer.
  • If you choose to install it, at least make sure to only run Flash applications after you have confirmed them manually. Both Firefox and Chrome/Chromium allow you to configure this option.
  • You might also want to install a second browser without Flash for regular internet surfing, and only use your Flash enabled browser for Farmville 2.
  • Make sure to regularly update your Flash package as soon as there is a new version available.
Share