Information

FAQs about the HeartBleed vulnerability

Information Security

I received this on the CentOS list. You might find it helpful.


Since this is the first post about the openssl update, I want to answer
a couple questions here:

1. The first susceptible version of openssl in a CentOS release was
openssl-1.0.1e-15.el6, released on December 1, 2013.

2. The version of openssl that you should install to fix the issue is
openssl-1.0.1e-16.el6_5.7, released on April 8, 2014.

3. Versions of CentOS-6.5 openssl that were affected are:
openssl-1.0.1e-15.el6, openssl-1.0.1e-16.el6_5,
openssl-1.0.1e-16.el6_5.1, openssl-1.0.1e-16.el6_5.4.

4. Only CentOS-6.5 was affected. CentOS-6 at versions 6.4 or earlier
was not affected. No versions of CentOS-5 (or any other CentOS) were
affected.

Besides doing updates, things you should do include:

1. Besides doing the updates, you should replace any certificates using
SSL or TLS that are openssl based. This includes VPN, HTTPD, etc. See
http://heartbleed.com/ for more info on impacted keys.

2. See this page for figuring out which services you should restart
after applying updates .. or just reboot the machine which will restart
all services:

https://access.redhat.com/site/solutions/781793

Theory and Practice of Linux System Administration class, November 11 – 15

Information Linux Training

For the last time this year, Millennium Technology Consulting LLC, will be running the highly reviewed class, Theory and Practice of Linux System Administration, the week of November 11 – 15.

About this Course

This course is intended for  junior and mid-level Linux Systems Administrators who wish to advance their knowledge, and administrators of other Unix versions or Windows who wish to become Linux System Administrators. This class is heavily oriented towards hands-on activities. At least half of the class time is allotted to lab projects.  Experienced Linux System Administrators also find this class valuable.Taken from my own experiences accumulated during more than 15 years of using Linux, and developed using my knowledge and experience as a course developer and trainer for both IBM and Red Hat, this class covers the practical aspects of Linux System Administration. It builds upon the foundation of the “Philosophy of Linux” in a way that helps the student understand how and why things are done as they are.

Our courses are always highly rated and well reviewed. Here are some comments from previous students taken directly from the course evaluation forms.

Course Description

The student will learn about the history of Linux and the philosophy of Linux and how it applies to the everyday tasks that she will be expected to perform. The student will install a current Fedora Linux system on common Intel hardware, using various installation options to customize the final result. The students will learn to use the command line interface (CLI) and many basic Linux commands along with the vi editor. More advanced commands such as sed and awk will be covered and combining all of these commands into short command line programs will be discussed and the student will have opportunity to use them in lab projects.

This course covers the Linux boot sequence and the traditional SystemV init scripts as well as an introduction to the new systemd daemon for startup and daemon management. The student will learn to manage users and software packages. Networking, security, processes, filesystems and Logical Volume Management will be covered in detail.

For complete details of this course see the Theory and Practice of Linux System Administration page.

Giving up on nVidia

Information Open Source Software

I have given up completely on nVidia graphics adapters.

Although they may work fairly well once configured, they require extra work to install non-free (as in speech) drivers that allow more complete use of the hardware’s functionality. Then, every time there is a kernel update, it is necessary to wait until the video drivers are updated or the X Window System won’t start.

The free (as in speech) nVidia drivers available from the Open Source community work fine for basic business tasks but do not provide OpenGL 3D support or graphics acceleration. In fact the nVidia proprietary drivers are incredibly slow and produce choppy animations. This problem has been getting worse in the last several iterations.

I have been switching all of my systems to ATI hardware and the Free Open Source drivers available for ATI provides complete support for 2D and 3D hardware acceleration as well as OpenGL animations and desktop effects. They are also significantly faster than the nVidia drivers.

The nVidia drivers I have found to be sadly lacking in overall support and functionality. This is a direct result of the fact that the advanced drivers are closed source and the Open Source nouvaeu driver developers have no access to the hardware documentation.

ATI, on the other hand, has provided much more cooperation in the way of documentation to the Open Source community and the ATI/Radeon drivers are far more capable than the nVidia drivers.

After recently spending a few days fighting to get the proprietary nVidia drivers running on my primary high-end workstation with a high-end nVidia adapter so I could use the OpenGL desktop effects, I gave up and purchased a new, high-end ATI/Radeon video adapter. After installing the ATI/Radeon hardware, I was immediately able to configure and use those effects.

The built-in ATI hardware also works fine on my Thinkpad laptop.

I have some nVidia graphics hardware you can have.

New Look

Information

Once again I have changed the look of the DataBook.

This time I have chosen a theme that is simple and clean. It has a good number of options that I can use to modify the details of the theme so you may notice further changes as you return from time to time.

I particularly like this theme as it can display the date and time a document was published.

Please comment if you like or dislike this theme, and please let me know why. I do not want the theme to get in the way of your access to the data contained in the DataBook®.

More about Fedora 18

Information Linux Reviews Technical Tips and Tricks

In my review of Fedora 18, I discussed my initial impressions of that newest release. Having now begun to install Fedora 18 on several more hosts in my constantly changing world I have found some interesting under the cover changes.

firewalld

A new firewall, firewalld, is now the default firewall for Fedora. Of course Fedora is the proving ground for many new things so, while this change was not particularly well documented, changes to Fedora in general should not be a surprise. The firewalld daemon is mentioned in three short paragraphs in the Fedora 18 release notes which only references the man pages for the new firewalld commands for further information, and once as being a new addition in the Technical Notes document. Both are available as PDF files from the Fedora Documentation Project.

The firewalld rules are quite complex compared to what I have been using with IPTables. This, and the fact that I am not yet familiar with the rule syntax or the overall structure of firewalld means that, for now at least, I need to revert to IPTables on my Fedora 18 hosts.

Reverting to IPTables

The good news is that the old IPTables firewall is still available until I can learn how to best create the firewall rules I need with firewalld. However it, too, has changed and some of the old IPTables rules, especially those using state related rule sets have been altered.

First, to convert back to IPTables, stop and disable the firewalld service and start and enable the iptables service.  Of course you must do this safely with your network disabled until you can get your new (old) firewall back in place. Then use the iptables-restore command to restore your old IPTables rules from the saved copy. You did save a backup copy of your IPTables firewall rules, right?

At this point, IPTables gives some errors indicating that one should use new connection tracking rules in lieu of the state-related rules. The best part is that IPTables is smart enough to give you the warning message and then translate the rules into connection tracking rules. At that point you can simply use the iptables-save command view the translated rules and redirect the output to /etc/sysconfig/iptables to save the translated rules.

So now I will take some time to learn this new firewall system while my IPTables firewall protects me.

Here is a link to the Fedora Project FirewallD documentation. http://fedoraproject.org/wiki/FirewallD

Linux Class Schedules for Q1, 2013

Information

Millennium Technology Consulting LLC has finalized its class schedules for the first quarter of 2013.

As you can see our newest class, Linux Servers and Advanced System Administration, has been added to the lineup after its successful test in December 2012.

Theory and Practice of Linux System Administration

This course is intended for trainee or  junior Linux Systems Administrators who wish to advance their knowledge, and administrators of other Unix versions or Windows who wish to become Linux System Administrators. This class is heavily oriented towards hands-on activities. At least half of the class time is allotted to lab projects. The class is based on Fedora because it is the upstream distribution for Red Hat Linux. Many of the more experienced Linux System Administrators who have taken this course also find it very valuable.

See the Theory and Practice of Linux System Administration page for a complete course description and prerequisites.

Class Schedule for Theory and Practice of Linux System Administration.

Dates Length Cost
January 14 – 18, 2013 5 Days $2495
February 4 – 8, 2013 5 Days $2495
March 11 – 15, 2013 5 Days $2495

 

Linux Servers and Advanced System Administration

This course is intended for experienced Linux System Administrators who wish to learn advanced troubleshooting techniques and server installation and configuration. By the end of the class each student will have a fully working Linux system with a firewall; a name server with forward and reverse zones; a DHCP server; an email server with integrated anti-spam; two working web sites with one a static HTML site and the other a complete WordPress site with a MySQL back end; A MailMan mailing list server; A VNC server; NFS and Samba shares. The student will also learn to build RPM packages.

See the Linux Servers and Advanced System Administration  page for a complete course description and prerequisites.

Dates Length Cost
January 21 – 25, 2013 5 Days $2995
February 18 – 22, 2013 5 Days $2995
March 25 – 29, 2013 5 Days $2995

 

Discounts

Discounts are available to members of the Triangle Linux Users Group (TriLUG) of $500 per class. You must have and show your TriLUG membership card to obtain this discount. This discount may be used in conjunction with other discount offers.

Custom Class Scheduling

Millennium Technology Consulting LLC can provide customized scheduling for classes. If you do not see a class scheduled within your desired time frame we can work with you to schedule one that meets your needs. We also offer on-site training at your location. Please contact us to schedule a class for you.

Install Issues with Fedora 16 and EXT4 Filesystem

Information Linux Technical

I just had an interesting experience while installing Fedora 16 on my primary workstation. It took me about 3 days and many attempted installations to figure this out. This is not a review, just a bit about my experience.

At first I wiped out my hard drive entirely since it has been several years since I did a really clean installation. That is, a complete wipe out of my hard drives—after first making certain that I had multiple good backups. Over time much cruft can accumulate from old application configuration and data and I wanted to get rid of everything except data I really wanted to keep.

Symptoms

The initial installation of Fedora 16 appeared to go well using the default choice of EXT4 for the filesystem type. After starting to make configuration changes and restoring a few directories in my non-root user home directory, KDE started crashing on a regular basis. It would indicate problems with Segment Faults. This is not good and can mean many bad things.

After installing several times with similar results, I decided to go back to Fedora 15. During the installation, I used EXT3. I had previously experienced an occasional problem with Fedora 15 while using EXT4, but nothing particularly repeatable. Many of the problems were during installation using EXT4 and I would get errors indicating that a specific package was not able to be installed. Looking at the log terminal (Ctrl-Alt-F3) most errors appeared to be on the DVD, but the DVD always tested as having no defects at the beginning of the installation.

Solution

My decision to use EXT3 was kind of on a whim, but the next install went without problems and I had no problems doing basic configuration. So I decided to reinstall Fedora 16 using EXT3 instead of EXT4 and have had no problems since. This is using the same physical hardware and the exact same partitions and logical volumes.

I think this indicates, at least to me, that there are still some bugs in EXT4. I have not however, seen this problem on some of my other systems. Perhaps it is the larger 1.5TB drives I am using on this system.

I hope this helps by preventing you from spending 3 days to discover and resolve this problem.

DataBook® for OS/2 Returns – in part

Announcements Information OS/2

Thanks to WD “Bill” Loughman of Berkeley, California for sending me his downloads of some of the pages of the original DataBook for OS/2. Using that data, I have recreated the pages that he has saved. This is a great boon for anyone still using OS/2.

Unfortunately, much more data is still missing. If you, by any chance, have downloaded and saved any pages from the DataBook for OS/2, I would be very appreciative if you would zip them up and send them to me.

Not many people use OS/2 any more, but a bank I worked for recently just retired their last OS/2 ATM a few months ago. So it is still around.

SOPA Protest

Information News Opinion

This website will participate tomorrow, January 18, 2012, in protest of the SOPA law. That law would restrict the Internet freedoms of everyone for the somewhat questionable  financial benefit of a few media companies. In order to restrict alleged piracy, they would restrict the entire Internet. Web sites could be closed without any warning or even proof that they were in violation of any law—except the laws of greed.

Read about SOPA and the protest.

This bill will break the Internet as we know it.

Working on Fedora Frog 2.0-14

Information Software

If you are waiting for the next version of Fedora Frog I am testing the latest code right now. It should be ready in a few days.

This version of Fedora frog will support Fedora 10 through 14.

This interactive, text mode, menu-driven Bash program provides the Linux administrator an easy way to install applications not installed by default during a standard Fedora installation procedure, and applications that are not part of the standard distribution.

Frog installs media players such as RealPlayer, Mplayer, VLC, Kaffiene and Xine. It also installs Thunderbird, Firefox, GNUCash, Adobe Reader and Yumex, and some things specifically for System Admins such as chkrootkit, iotop, powertop and others.

As always, this latest version of Fedora Frog will be available on SourceForge.

Page Sequence Problems

Information

There are currently some problems with the way in which WordPress displays pages in the order I specify. As a result many pages do not appear in the order in which I would like them to appear.

This is not about the posts, of which this is one, but about the pages that appear in the Table Of Contents section in the right-hand column.

Please be patient as I try to get this problem resolved.

Fedora 13 is Now Available

Information News

Fedora 13 has been available for a few weeks now. I have started installing it on some of my systems and it seems to work very well.

The Internet upgrade procedure works well but it does take a bit of time. You won’t want to use this method unless you have a fast Internet connection. A standard installation from DVD works well also. There are some differences in the installation procedure, but they are welcome ones including the restoration of the old “minimal” install option, which will be good for creating routers and other appliances.

The latest version of KDE is also very nice and provides a couple interesting new features as well as some new and improved widgets.

I will try to write a more complete critique as time permits.

CDs and DVDs that Won’t Mount

Information Tips and Tricks

Have you ever had a CD/DVD, whether data, video or audio that would not mount or play? Me too.

Fedora Linux (and others) is supposed to recognize that a CD or DVD has been inserted into the drive, and the Device Notifier will pop up a small window that displays “Devices recently plugged in.” This allows you to open the device with Dolphin or some other application.

The Device Notifier window pops up when a new storage device is plugged in or inserted into a drive.

The Device Notifier window pops up when a new storage device is plugged in or inserted into a drive.

Sometimes you can insert a CD or DVD and nothing happens; it is as if the disk does not exist. This can happen if there is a problem with the disk itself or the drive. The most common reason for this problem is dirt or dust, although scratches can cause problems like this, too.

If the DVD drive is one that exposes the read/write head when it is open, such as the very thin ones used in laptops, you can clean the DVD drive read optics with a very soft camel hair brush, or use a can of compressed air to blow the dirt off the lens. Drive cleaning CDs can be used on other types of DVD drives. The other thing you can do is clean the bottom surface (the surface without the printing on it) of the CD or DVD with a soft, dry cotton cloth. Rubbing it on a clean cotton tee-shirt works well.

Warning about Lexmark Printers and Linux

Articles Information

If you are considering using Linux at any time in the near future, you should definitely not purchase a Lexmark printer of any kind. The company does not support Linux in any way and there are no working drivers of any kind available for most Lexmark printers.

I use Brother and HP for my printing needs and they work quite well. Even the HP All-in-one printers work very well. Xerox printers are also well supported and I have a large network attached Xerox copier/fax/printer working at one of my customers.

That is not to say you won’t have to do some fussing to get even some supported printers to print, but most Lexmark printers will never print under Linux.

Fedora Frog 1.0-11.0.0 released

Information Notifications Software

This Bash program provides the Linux administrator an easy way to install applications not installed by default during a Fedora Core installation procedure, and applications that are not part of the standard distribution. It also tweaks some configuration items. Additional repositories are required beyond the normal Core, Updates, and Extras, and they can be added using Fedora Frog as well. Frog installs media players such as RealPlayer, Mplayer, VLC, Kaffiene and Xine. It also installs Thunderbird, Firefox, GNUCash, Adobe Reader and Yumex, and some things specifically for System Admins such as chkrootkit. Fedora Frog is currently supported on Fedora 10 and 11. Support for all previous versions of Fedora has been removed.

The latest version of Fedora Frog can be downloaded at https://sourceforge.net/projects/fedorafrog/

Fedora Frog Update

Information News

For those of you who are users of my Fedora Frog program, I am currently working on an update that will add support for Fedora 10 and 11 and remove support for all previous versions of Fedora. I am revising the list of packages that it installs because some of the older packages are no longer needed or in some cases have not been updated in a long time so are no longer relevant. In other cases I am adding packages that are now available through the new RPMFusion repositories. I hope to finish this major update within two weeks.

If you are not familiar with Fedora Frog, it provides the Linux administrator an easy way to install applications not installed by default during a Fedora installation procedure, and applications that are not part of the standard distribution. Additional repositories are required beyond the normal Fedora, and Updates. These additional repositories are automatically added using Fedora Frog as well.

When these updates are complete, Fedora Frog will be available for download from Sourceforge at https://sourceforge.net/projects/fedorafrog/. Previous versions of Fedora Frog are and will continue to be available there. Unfortunately some functions may not work because many of the repositories are no longer valid or the packages have been removed from the repositories. Use those old versions at your own risk.

Fedora 10 Installation Problems

Information

I have now installed or upgraded to Fedora 10 on all but one of my computers. Some go very easily and others not so much. Today I upgraded the server that runs my email and all of my web sites including this one. It was not so easy. I was able to resolve the problems but it was not straightforward.

The symptoms were that I could ping the box but SSH would not work in either direction, I could not login to the GUI but I could login to the virtual consoles. For details on how I fixed this see the article “SSH and YUM Don’t Work After Fedora 10 Installation”. The root cause of this problem was that one critical RPM package was not installed during the upgrade.

The point is that I have had several problems during upgrades to Fedora 10 from Fedora 8, and a couple when just doing a basic install. Almost all installations failed to work correctly until all updates were installed. So be sure to install all updates to a Fedora 10 installation or upgrade before attempting to do productive work.

Welcome to the new DataBook Web Site

Information

A few weeks ago the original DataBook® website computer crashed beyond the possibility of repair, which is actually pretty cool since it had been up and running since 1995. Old backups were not able to be restored and so I needed to start over. This web site is the new DataBook web site.

From now on this web site will be primarily targeted to Linux.

Although the entire book DataBook for OS/2 has been lost, I will try to recreate it as time permits. I expect this to be a long and tedious process, so don’t look for much progress any time soon. If you have a specific request for some OS/2 data, please leave a comment and I will add that particular piece as quickly as I can research it and type it in.

DataBook is a registered trademark of David Both.