Continue reading »]]> If you are among those brave (foolhardy?) enough to have already updated systems to Ubuntu’s Precise Pangolin, you may have encountered the following error while updating your system over the last 24 hours or so:

Errors were encountered while processing:
/var/cache/apt/archives/libreoffice-core_1%3a3.5.0~beta2-2ubuntu2_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Fortunately, there is a relatively easy fix. I am not sure exactly what is causing this, but it occurred on two of my systems yesterday, and still this morning on a third. Initially I thought it might have occurred on the one system because it has been upgraded through several releases, but when it started occurring on freshly installed systems that idea went out the window.

Regardless, the following commands should help get your system back on track.

Source code

sudo mv /usr/lib/libreoffice/basis3.4/program/ /usr/lib/libreoffice/basis3.4/program.old
sudo mkdir /usr/lib/libreoffice/basis3.4/program
sudo apt-get install -f
sudo mv /usr/lib/libreoffice/basis3.4/program.old/ /usr/lib/libreoffice/basis3.4/program

Good luck!

Continue reading »]]> Got my hands on a Verizon 4G LTE MiFi device to test today, so of course the first thing I did when I got home was a quick Speedtest.net check on it.

First, a test of my Time Warner RoadRunner:

Roadrunner Speed Test

Not bad on the download side, though one important thing to remember is that this speed is largely based on the burst technology Roadrunner is using, and that speed is only good for the first 16 seconds of a download or so, at which time it drops to roughly half that speed. Therefore, since this download fits within those 16 or so seconds, the speed is greatly inflated over what a larger download would have shown.

And not unexpectedly, the speed test shows the anemic upload speeds which has plagued Roadrunner connections from the very beginning. I was actually surprised to see even this number.

Now for the Verizon numbers:

Verizon 4G LTE Speed Test

As you can see, the download speeds are roughly equal, which in reality is an amazing feat given that this is wireless broadband versus a cable connection. The other thing to remember is that these speeds seem to hold steady across an entire large download and do not drop off like the Roadrunner speeds do.

On the upload side, the Verizon MiFi simply crushed the Roadrunner speeds. Given that we plan to use these to upload mobile video, this will be a critical number if it holds steady throughout the region.

I gotta say, I am really impressed by this thing, though we’ll see how true that is after I test it in a variety of locations.

Continue reading »]]>

The YubiKey, from Yubico is a small USB device which is about the size of a small flash drive, and which emits OTP strings when the button is depressed.   The device can also be reprogrammed to offer static passwords and the new 2.0 version has a very handy management application available.  The device is compatible with most recent *nix and Solaris installations, as well as MacOS and Windows.

Since receiving mine, I have tested it via several available PHP implementations, and other interfaces, e.g. the WordPress plugin and the LastPass integration.  Last night, I found a site which offers an Apache HTTP Server module for use with the usual Basic authentication.  Since I wanted to use it on a production server without build tools installed, I first compiled it on a test server, and then copied the necessary files to the production box.  The following are the steps I used to build and enable it.

Install the prerequisites (assuming build-essential is already installed)

Source code

$ sudo apt-get install apache2-threaded-dev libcurl3 libcurl4-openssl-dev

Download, unpack and build:

Source code

$ wget http://mod_authn_yubikey.coffeecrew.org/authn_yubikey.tar.bz2
$ tar jxf authn_yubikey.tar.bz2
$ cd authn_yubikey/
$ apxs2 \
-DYK_PACKAGE=\\\"mod_authn_yubikey\\\" \
-DYK_PACKAGE_VERSION=\\\"0.1\\\" \
-I. -Wc -c -lcurl mod_authn_yubikey.c libykclient.c libykclient.slo mod_authn_yubikey.slo

If all has gone according to plan, the module object now exists in the .lib (dot lib) directory.  If necessary, scp it to your server and continue.

Note: The following layouts are based on an Ubuntu installation, you may need to put the library where your system expects to find it.

Copy module to required directory:

Source code

sudo cp .lib/mod_authn_yubikey.so /usr/lib/apache2/modules/

Create the basic files to allow the module to be enabled/disabled using the normal Ubuntu functionality:

Module load file (/etc/apache2/mods-available/authn_yubikey.load)

Source code

# /etc/apache2/mods-available/authn_yubikey.load
LoadFile /usr/lib/libcurl.so.4
LoadModule authn_yubikey_module /usr/lib/apache2/modules/mod_authn_yubikey.so

Basic module config file:

Source code

# /etc/apache2/mods-available/modules/authn_yubikey.conf
<IfModule mod_authn_yubikey.c>
AuthYubiKeyRequireSecure Off
</IfModule>

Since this module works in a similar manner to the standard Apache Auth packages, create a htpasswd file, adding a user with key id ‘abcdeffedcba’ (first 12 characters emitted by the YubiKey), username ‘jsmith’ and password ‘mypass’. The ‘-s’ uses SHA instead of crypt():

Source code

$ cd /etc/apache2
$ mkdir conf
$ cd conf
$ htpasswd -csb conf/ykUserDb abcdeffedcba jsmith:mypass
$ touch conf/ykTmpDb && chown www-data conf/ykTmpDb

Now just pick a directory or location to protect, and add a basic config section to the appropriate Apache config file:

Source code

<Location /supersekret>
AuthType Basic
AuthBasicProvider yubikey
AuthName "Please log in using your YubiKey"
AuthYubiKeyTimeout 30
AuthYubiKeyTmpFile conf/ykTmpDb
AuthYubiKeyUserFile conf/ykUserDb
AuthYubiKeyRequireSecure On
AuthYubiKeyExternalErrorPage Off
Require valid-user
</Location>

Note: The ‘AuthYubiKeyRequireSecure On’ ensures the only SSL (https) connections are allowed. Turn that off to use standard http.

That’s it, now just enable the module and restart Apache:

Source code

$ sudo a2enmod authn_yubikey
$ sudo /etc/init.d/apache2 restart

For additional information regarding the use and configuration of the module, please check the the mod_authn_yubikey website – http://mod_authn_yubikey.coffeecrew.org/.

Many thanks to Jens Frey, the author of the plugin for his quick response to my request for clarification on a few points.

Continue reading »]]> Version 3.0 of the Apple iPhone OS now allows push notifications.  However, for security reasons (presumably), Apple requires that push notifications must flow through their server, and are only allowed to be delivered to native applications. 

Prowl is a new application which allows notifications to be pushed to the iPhone from applications like Growl for Windows or Macs.  Fortunately, the developer has also implemented an API so that one can easily submit push notifications from virtually any programming language which is able to talk to it via the web.

So what?  Well, as I am a big fan of Twitter, I follow enough people that I am often unable to keep up with the flow of tweets.  I had resorted to following the most important posters via RSS, but now I am able to follow their accounts and have any posts they submit pushed to my iPhone as a notification.

Requirements

1. The Prowl application for the iPhone
2. The ttytter Twitter client, which runs anywhere Perl does (requires LWP::UserAgent)
3. A Twitter account – I use a secondary account which follows only those people from whom I want to receive push notifications
4. The perl script linked below, or one of your creation

Setup

As this uses Prowl, you must purchase that application and download it to your iPhone.  After installation, you can go to the Prowl website, log into your account, and grab a copy of your API key which will allow the script to post notifications to your phone.  As written, the script expects to find that API key in a file called .prowlkey in your home directory.  If you keep it somewhere else, edit the path on Line 27 of the script:

[cce]
if (open(APIKEYFILE, $ENV{‘HOME’} . “/.prowlkey”)) {
[/cce]

Next, you must download and configure the ttytter Twitter client.  Usually, this is just a matter of creating a .ttytterrc file in your home directory.  Note, that if you configure it to use your primary Twitter account, it will forward every tweet you see to your iPhone.  For this reason, I created a secondary Twitter account and followed only a select few people.  Make sure you test this before continuing.

If ttytter is running as expected, Perl is properly installed, so the last prerequisite is to ensure that the Perl module LWP::UserAgent is installed.  From the command line, type or paste the following line.

[cce]perl -e ‘use LWP::UserAgent’[/cce]

If it simply returns a command prompt, your are set.  If you receive an error, then either use your distributions package manager or CPAN to install the libwww-perl module.

The last step is to copy the script to your computer.  You can view and copy the source code here or download it directly from here.  Put the script somewhere accessible to the ttytter application.  I placed both in $HOME/bin and simply named it ttytter-prowl.pl.

Running

Now, to get everything working, simply start ttytter with the -lib=path/to/twitter-prowl.pl (and possibly the -daemon) arguments.  Using -lib will tell ttytter to process that script for each received tweet.  The -daemon argument tells ttytter to fork into the background and run as a daemon.  I tend to run mine in screen so I can check on it, but I intend to move it to daemon mode.

[cc lang="bash"]$ ttytter -lib=ttytter-prowl.pl[/cc]
If everything has gone according to plan, you should soon start receiving tweets on your iPhone as pushes.

Sample Prowl Notification

Continue reading »]]> Until my VMware server machine crashed, I had a pair of IPv6 tunnels running for many months out of a pair of virtual machines.  One was Ubuntu Hardy with a tunnel to Sixxs.net, the other an OpenBSD machine with a tunnel to Hurricane Electric‘s Tunnelbroker service.

Wanting to get back into the IPv6 address space, I installed the aiccu client on another server and configured it for my Sixxs tunnel.  This worked out of the box, but within about 36 hours it stopped working.  Most frustrating was the lack of any errors in any logs and restarting the service had no effect.  The tunnel interface was created with the correct IP, route showed all the correct routes, and I could ping the IPv4 address of my assigned PoP (uschi02).  Then, strangely, about two hours later things started working again.  Until this morning…

I awoke to find that the tunnel had again dropped overnight, and as before, nothing I do seems to be able to get the tunnel working again.  The Sixxs website indicates that the PoP is up and talking to other PoPs.

So, since I also have a tunnel from Hurricane, I gave another machine a static IP and added the necessary information to /etc/network/interfaces:

#  Hurrican Electric IPv6 Tunnel
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint <your_assigned_IPv4_server_endpoint>
address <local_IPv6_tunnel_endpoint>
netmask 64
mtu 1480
up ip -6 route add 2000::/3 dev he-ipv6

From this point, I restarted the network service:

sudo /etc/init.d/networking restart

et voila! The tunnel was up and pingable. So I guess I will stick with the HE service for now, though if anyone has any ideas as to what the issue with Sixxs might be (when using Ubuntu Intrepid and aiccu / AYIYA), please let me know.

Continue reading »]]> Since updating my laptop to Hardy Heron I had not yet installed an update git, so I thought it would be a good time for that:

Install the usual prerequisites:

sudo apt-get install curl libcurl4-openssl-dev libexpat1-dev

Fetch, unpack, and build:

wget http://kernel.org/pub/software/scm/git/git-1.5.5.3.tar.bz2

tar jxf git-1.5.5.3.tar.bz2

cd git-1.5.5.3

make prefix=/usr all

Unfortunately, at this point I got an error I had not seen on prior installs:

* tclsh failed; using unoptimized loading
MSGFMT    po/de.msg make[1]: *** [po/de.msg] Error 127
make: *** [all] Error 2

A little snooping brought me to this site.  While I’m sure that his method works, it seems a bit extreme to hand-build all of the listed packages.  Fortunately the answer to my problem was there:

sudo apt-get install gettext

After installing gettext, re-running ‘make prefix=/usr’ completed as expected.  After it is built, it is a simple matter to install all of the new goodness:

sudo make prefix=/usr install

Running ‘git version’ should return the newly installed version.  If you want to track the development version, you can now use this installed version of git to check out the devel repository and build it using the same steps.

Continue reading »]]> I’m not a huge fan of some of the things Adobe has released over the last couple years, e.g. the uber-bloated Acrobat Reader, but I do like their Air product. Sadly, until a couple weeks ago it was unavailable for linux… but that has now changed!

Adobe Labs have released an alpha of Adobe Air for linux, and tonight I finally remembered about it and downloaded it. It is closed source, but I find it useful, so I installed it. Installation is as easy as 1) download the bin file, 2) give it execute perms, and 3) run it as root so it can install systemwide.

I then proceeded to the Twhirl website, and while that site’s easy download button did not yet realize that Air was available for linux, there is a direct download link, which Firefox opened properly with Air and installed (it asked for my password again to install as root).

From there, simply click on the icon, enter your Twitter username and password, and away you go!

Continue reading »]]> SANS are reporting today that Core Security have uncovered a critical security issue with some VMware products when the base OS is Windows.  When running the VMware product versions listed below with a host-shared folders enabled (and at least one configured), it is possible for malware in the virtual machines to access the full filesystem of the host OS.  This leaves open the possibility of infection or data destruction on the host machine.   And while most production VMware servers are running other versions, e.g. VMware Server, ESX, etc., many of us do run Player or Workstation on test machines.

The affected versions:

•  VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier
• VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier
•  VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier

Source:  http://isc.sans.org/diary.html?storyid=4018

Continue reading »]]> While there may be packages available for this, I’ve been using the following to install VMware Server and the Management Interface on my Ubuntu Gutsy boxes. The following steps take place immediately after a clean Gutsy Server install.

Step 1: Download the software

Go to http://www.vmware.com and follow the links to download the free VMware Server software. You will need to register for a free license key and then you can download the software packages.
Step 2: Install a few prerequisites

$ sudo aptitude install linux-headers-`uname -r` build-essential xinetd

$ sudo aptitude install libxtst6 libxt6 libxrender1 libxi-dev

If you are not going to install the Management Interface (a web based management console), I believe you need only install the prerequisites on the first line above.

Step 3: Install VMware Server

I keep all my virtual machines in /opt/vmware, so I create that directory before running the following. There is a default directory and if you would prefer to keep yours there, then simply allow the script to create it during the install process.

$ sudo mkdir /opt/vmware

$ sudo chown sws. /opt/vmware

$ tar zxf VMware-server-1.0.4-56528.tar.gz

$ cd vmware-server-distrib

$ sudo ./vmware-install.pl

With the exception of the path mentioned above, I use the defaults for all other options.

Step 4: Install the VMware Management Interface (vmware-mui)

$ cd ..

$ tar zxf VMware-mui-1.0.4-56528.tar.gz

$ cd vmware-mui-distrib

$ sudo ./vmware-install.pl

Step 5: Fix the MUI startup script

At the end of step 4, the vmware-mui install script tries to start the new apache server (httpd.vmware), but that usually fails as #!/bin/sh is not an alias for bash. To fix that, simply edit /etc/init.d/httpd.vmware and change the first line from #!/bin/sh to #!/bin/bash.

After saving the file, you should be able to start it:

$ sudo /etc/init.d/httpd.vmware start

If everything worked, you should be able to now browse to either http://yourvmwareserver:8222 or https://yourvmwareserver:8333 from another machine on your network. Log in with a user account on the VMware server machine.