Share this:

Welcome to another an-update-broke-me-box post. Iotop now requires root access:

:~$ iotop -o
Traceback (most recent call last):
File "/usr/bin/iotop", line 16, in <module>
main()
File "/usr/lib/pymodules/python2.6/iotop/netlink.py", line 229, in recv
raise err
OSError: Netlink error: Operation not permitted (1)

To fix it, run iotop as root:

sudo iotop -o

There’s a lively debate here between the iotop author, Guillaume Chazarain, and Linus Torvalds  on the pros and cons of requiring root access for throughput statistics. It’s another linux developer classic with Linus using words like abortion, castration, disaster, utter crap… makes for a few laughs if you can spare a couple of minutes.

Share this:

It seems Adobe is on a mission to make downloading Flash videos as difficult as possible for those of us used to grabbing them from /tmp. A few weeks ago, I noticed Flash videos were no longer being saved in the /tmp directory. Instead, they were being placed in the browser’s cache folder… minor inconvenience, life goes on. After a recent update however, the files  are no longer being saved in the cache folder. A quick

lsof | grep -i flash

gave me:

plugin-co 26044          o   17u      REG        8,1  2020248     393786 /tmp/FlashXXxaK1Jq (deleted)

You guessed it… there is no file called FlashXXxaK1Jq in the /tmp directory. I see what you did there Adobe, nice one. I’ll spare you most of the technical details but the output indicates that the file is somewhere in the /proc directory. Using the process id 26044 (the second field in the output of the lsof command), we can hunt down the file FlashXXxaK1Jq in the /proc directory. So:

cd /proc/26044/fd ; ls -l | grep FlashXXxaK1Jq

will give you something like:

lrwx------ 1 o o 64 2011-10-18 10:30 17 -> /tmp/FlashXXxaK1Jq (deleted)

So the flash video is named 17 and being symlinked in a sneaky manner to /tmp/FlashXXxaK1Jq (deleted). Now do something like:

cp 17 ~/Videos/funny-youtube-video.flv

and you’re done. Go back to your Videos folder and watch that cat playing the piano to your heart’s content.

And now, I must cover my tuchis so here goes… downloading copyrighted material may be illegal where you live.

Share this:

I make heavy use of the ping utility on a daily basis and it absolutely galls me that Ubuntu cannot ping hostnames by default. I need to use the nmblookup utility to find the ip address of the machine I want to ping and then ping that ip address… primitive, silly, unnecessarily complex… I feel a rant about idiotic default settings and legal gymnastics surrounding the universe repository coming up so I’ll just get on with the post. 😀

1) Back up and edit the /etc/nsswitch.conf file by copying and pasting the following commands:

sudo cp /etc/nsswitch.conf /etc/nsswitch.conf.original

gksu gedit /etc/nsswitch.conf

2) Add wins to the hosts directive:

hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4

3) Install WINBIND:

sudo apt-get install winbind

4) Ping away. 🙂

Share this:

Since version 9.10, Ubuntu uses the GRUB2 boot loader and manager on clean installs. This means my earlier post on how to restore GRUB will not work properly. To restore the boot loader on these versions of Ubuntu (and possibly any debian-based linux distribution that uses GRUB2), you need an Ubuntu 11.04 live disk. The 10.10 live disks will work too… any ubuntu live disk that uses GRUB2 will work. Fire up a terminal once the live disk finishes loading and enter the following commands:

I) Let’s find where Ubuntu is installed on your hard disk:

sudo fdisk -l

Device Boot Start End Blocks Id System
/dev/sda1 * 1 2611 20972826 83 Linux
/dev/sda2 2612 60279 463218210 83 Linux
/dev/sda3 60280 60801 4192965 82 Linux swap / Solaris


My ubuntu partition is /dev/sda1 (it has the asterisk under Boot).

II) Armed with this information, mount the Ubuntu partition:

sudo mount /dev/sda1 /mnt

III) Install the GRUB2 boot loader:

sudo grub-install --root-directory=/mnt /dev/sda

That’s /dev/sda — the hard disk itself, not the ubuntu partition – /dev/sda1.

IV) Unmount the Ubuntu partition and restart the computer like so:

sudo umount /dev/sda1 ; sudo reboot

V) If you have more than one OS installed, re-detect OSes like so:

sudo update-grub

That’s it.

Share this:

It’s lightweight, cross-platform and allows me to share one keyboard and mouse among several networked computers…

and it’s called Synergy. Visit the download page and grab the appropriate installers. Click here for instructions on how to configure your dekstops. Ubuntu users can avoid a text configuration file by installing a GUI configuration app like so:

sudo apt-get install quicksynergy

Have fun. 🙂

Share this:

I occasionally have to reset Windows passwords for my colleagues and friends… it’s a chore but it has to be done The easiest way to reset a Windows password is to use the Ultimate Boot CD. However, when you can’t get your hands on an UBCD, you can fire up an Ubuntu LiveUSB, install chntpw, mount the windows %systemroot% partition (the one with the Windows folder) and reset the password.

According to its manual page,

“chntpw is a utility to view some information and change user passwords in a Windows NT/2000 SAM userdatabase file, usually located at \WINDOWS\system32\config\SAM on the Windows file system. In addition it also contains a simple registry editor (same size data writes) and an hex-editor which enables you to fiddle around with bits and bytes in the file as you wish.”

Before we proceed, let’s make a few assumptions:
1. You are using Windows 7/Vista
2. Your windows partition is located at /dev/sda1
3. We’ll mount it at /media/mnt/
4. We’ll reset the Administrator account.

Now fire up a LiveUSB/CD/DVD and install chntpw via the terminal like so:

sudo apt-get install chntpw

You can also download the deb here

Mount the windows partition like so:

sudo ntfs-3g /dev/sda1 /media/mnt ; cd /media/mnt/Windows/System32/config

Adjust the device names and folder paths to suit your setup. If you don’t know your username, chntpw can list all users like so:

chntpw -l SAM

Reset the Administrator password like so:

chntpw -u Administrator SAM

You should get a prompt similar to this:

- - - - User Edit Menu:
1 - Clear (blank) user password
2 - Edit (set new) user password (careful with this on XP or Vista)
3 - Promote user (make user an administrator)
4 - Unlock and enable user account [probably locked now]
q - Quit editing user, back to user select
Select: [q] >

Type 1 to clear the password. This option has the best chance of success and comes with the least complications. You should get another prompt similar to this if you choose option 1:

Hives that have changed:
# Name
0
Write hive files? (y/n) [n] :

Type y and you should get this:

0 - OK

Reboot the into Microsoft Windows like so:

sudo reboot

and create a new password for the Administrator account.

Share this:

I tried to use a symlink in a samba share this afternoon and got the following error:

I googled a little and found out the samba developers updated samba early last year to not follow symlinks by default. This was in response to an exploit posted on youtube that allowed /etc/passwd to be downloaded from a remote server if these two parameters are set globally:

follow symlinks = yes
wide links = yes

Apparently, if a symlink to /etc/passwd is created in a share with these two options set, linux clients will resolve it to the local machine but windows clients will resolve it to the remote host… bad. So an attacker can use a linux client to create a soft link to /etc/paswd (or some other sensitive system file) in a remote share and use a windows client to download a copy of the remote host’s passwd file… very bad.

The full details can be found here. The samba developers’ response was to simply turn these options off by default. This is very inconvenient because symlinks are very useful and simply turning them off is a sloppy way of dealing with a security hole this serious.

To re-enable the symlink functionality and still provide some defence against possible exploits, do not set these two options globally (i.e. in the [global] section of your /etc/samba/smb.conf file). Instead, only set them for individual shares AND ONLY IN CONJUNCTION WITH the parameter read only = yes Finally, disable symlinks for all your shares with write access like so:

follow symlinks = no
wide links = no

This way, an attacker cannot create soft links in shares that follow symlinks (because of the read-only parameter) and a soft link to /etc/passwd created in a share with write permissions will not resolve to the remote host’s /etc/passwd file (because the share will not follow symlinks):

So far we have only fixed a security hole. To get symlinks to actually work, set this parameter in the [global] section of your /etc/samba/smb.conf file:

unix extensions = no

Here’s an example of how relevant parts of your /etc/samba/smb.conf file should look:

#======================= Global Settings =======================
[global]
unix extensions = no

#======================= Share Definitions =======================
#Allowing symlinks
[LINK]
path = /media/data/link/
read only = yes
follow symlinks = yes
wide links = yes

#Disallowing symlinks
[NOLINK]
path = /media/data/nolink/
read only = yes
follow symlinks = no
wide links = no
#==================================================================

Don’t forget to restart samba like so: sudo service smbd restart

Share this:

I was bored last night and upgraded to Ubuntu 10.10. It went too smoothly in my opinion… things just worked. After installing some updates today however, compiz stopped working with the following error message:

Starting gtk-window-decorator
compiz: symbol lookup error: /usr/lib/compiz/libdecoration.so: undefined symbol: decor_property_to_quads

I did a quick check with readshelf

:~$ readelf /usr/lib/compiz/libdecoration.so -s | grep decor_property_to_quads

and the symbol decor_property_to_quads was present:

24: 00000000 0 FUNC GLOBAL DEFAULT UND decor_property_to_quads

So that wasn’t the problem… a little digging in Synaptic and I found out that while I’d held back compiz at 0.8.6, libdecoration0 had been upgraded to 0.9.0. The fix was to downgrade libdecoration0 from 0.9.0 to 0.8.6. I had to re-enable a few extra plug-ins but that was all the excitement I got. 😦 Now I hear KDE SC 4.6 RC1 is out and kmail2 is very unstable… muhahaha 😀

Share this:

There’s a relatively large Ubuntu install base where I work – something like 80 computers – and Wine is reponsible for about 90% of the Ubuntu support requests I get. Usually, I have to modify a couple of libraries to get Microsoft Office Access or some other program to run properly. The default Wine configuration tool, while capable, is clunky and not native.

Default Wine Configuration Tool

Vineyard, is a native replacement for the default Wine configuration tool that makes it easier to tweak wine. The feature list is impressive: close/kill programs, simulate reboot, shutdown, use ISO images as drives and flat style menus.

Vineyard Tools

Vineyard also comes with a right-click menu launcher for windows applications that allows you to tweak the OS environment (Windows version, screen resoultion, what applications and fonts are installed, etc) on a per-application basis.

Vineyard Right-click Launcher

 

It’s quite cool. Even cooler, Vineyard comes with appindicator support.

AppIndicator Support

Install Vineyard from its ppa like so:

sudo add-apt-repository ppa:cybolic/vineyard-testing
sudo apt-get update
sudo apt-get install python-wine vineyard


If you like to keep your sources in /etc/apt/sources.list, add the following line:

deb http://ppa.launchpad.net/cybolic/vineyard-testing/ubuntu maverick main

The ppa has versions for karmic, lucid and maverick so modify the line above to reflect your ubuntu version.

Share this:

I usually don’t get very excited about eye candy but this one is a jaw dropper.

This animated thing of pure beauty was created by ~internauta2000.

Having seen it in action, I have two questions for Canonical, “why is this not the default Ubuntu boot splash?” and “why does Ubuntu boot so quickly?” 😀

Click here to download it. Installation instructions are included in the zip file (in both English and Spanish).