Ressources documentaires pour Mandriva Linux et les Logiciels Libres

Select best Ubuntu mirror from CLI

Sometimes your Ubuntu mirrors may not be up-to-date or may be down. To check Ubuntu mirrors status, don’t hesitate to consult : https://launchpad.net/ubuntu/+archivemirrors.

Now here is a handy little script that allow to select a mirror with the lowest latency available : apt-select.

To install it :

  • If you are using Python 2 ( if not use python3-bs4 instead ) : sudo apt-get install python-bs4
  • Download code from github : wget --no-check-certificate https://github.com/jblakeman/apt-select/archive/master.tar.gz -O - | tar -zx
  • cd apt-select-master
  • Start script and select best mirror ( sources.list will be save in script dir ) : ./apt-select.py
  • Don’t hesitate to check sources.list content : view sources.list
  • Update system sources.list : ./update.sh
  • Update APT database : apt-get update

Enjoy !!! :)

Seen at Orange Portails, Mougins #car #lotus #forsale

Seen at Orange Portails, Mougins #car #lotus #forsale

PostgreSQL tips : quickly add a surrogate key column

Suppose that you want to add a surrogate key to a table in PostgreSQL to help you quickly identify each rows in a unique way. You can do this easily and quickly by just adding a SERIAL type column. When adding a SERIAL type column to an already filled table, PostgreSQL will automatically fill the column with some values.
To ensure your surrogate key uniqueness, don’t forget to add the UNIQUE constraint : on top of that this will create an index, thus speeding up your join queries on this column.

[sql light="true"]ALTER TABLE mytable ADD COLUMN id SERIAL UNIQUE;[/sql]

PLUS »

Sightseeing in Nice

Sightseeing in Nice

votez pour Babason !!! :)

votez pour Babason !!! :)

Quel est votre groupe préféré ?

so true :)

so true :)

Les chats – Partagez échangez et retrouvez chaques jours les meilleures images, images droles sur demotivateur.fr.

Et si on harmonisait calendrier politique européen ?

Attention, cet article ne concerne en rien Linux ou les Logiciels Libres !!!

Il est assez intéressant d’observer le ballet politique en cette période électorale en France, notamment concernant la politique européenne. Le nouveau traité de stabilité étant relativement contesté, les candidats de l’opposition redoublent de propositions et se proposent d’amender voire d’annuler ce que le gouvernement actuel va valider avec ses partenaires européens.
Bien sûr cette attitude est « logique » de la part de candidats à la recherche de voix, mais est elle réaliste ? Là est toute la question … Les candidats de gauche proposent de réformer l’Europe, mais le peuvent-ils si la majorité des gouvernements européens sont conservateurs ? J’en doute.

On parle beaucoup d’harmonisation des politiques fiscale, budgétaires, des politiques économiques voire même au niveau social. Mais qu’en est il de l’harmonisation des calendriers politiques ? En effet, bien que les élections européennes qui permettent l’élection des députés se déroule au même moment dans l’union européenne; le Parlement européen ne détient pas tous les pouvoirs : celui ci est partagé avec la Commission Européenne, mais aussi le Conseil Européen  qui réunit les chefs d’État et de gouvernement. On a vu notamment tout le poids et l’influence de ce dernier dans les différentes mesures prises durant la crise de la dette.
Or, l’attitude et les exigences d’un chef d’État ne sont pas les mêmes selon qu’il soit en période électorale ou pas. Les candidats feront des promesses concernant l’Europe chacun de leurs côtés dans leur pays sans forcément se concerter avec les candidats du même bord politique dans les autres pays car notamment leurs calendriers et donc leurs priorités ne seront pas les mêmes.

Et si on faisait se dérouler les élections des gouvernements ( ou des chefs d’État selon le type de régime ) en même temps partout en Europe ? Cela pourrait permettre aux candidats de faire de vrais propositions qui seraient concertées concernant l’Europe : tant qu’à harmoniser, autant aller jusqu’au bout !
Malheureusement ce sera très compliqué voire impossible à mettre en place car il y aura des changements de Constitution à faire de dans nombreux pays notamment pour avoir les mêmes durées de législature et de mandat, des chefs d’états devront accepter d’écourter leur mandat, et bien sûr cela renforce le côté fédéraliste … Un rêve pieu en somme. Que les candidats continuent à brasser du vent alors …

Using Dokan under Windows to mount your $HOME with SSH

Linux Windows cooperationAt work we are using Windows workstations, but we are working most of the time in our Virtual Machine, hosted in a Cloud, running under Linux. We have access to our Linux VM with NXClient or by using Putty. If you want to transfer some files from your Windows workstations to your Linux VM, several solutions exists. Most solutions are using the built-in SFTP server of OpenSSH : Filezilla, WinSCP. Their drawbacks ? They are just some FTP-like clients, and so you lack integration with Windows, notably the Windows Explorer.

Under Linux we can use SSHFS to mount your SSH server as a filesystem. Nautilus and Dolphin, at least, allow also to mount your remote SSH server in your local filesystem. Under Windows there are 2 solutions : ExpanDrive which a proprietary solution, and Dokan which is an OpenSource and Free implementation of a FUSE-like filesystem.

 

Installing Dokan

In fact Dokan is not really a program but a library implementing a FUSE-like filesystem. So for SSHFS support, you need to install the Dokan library, and then after, you will install the module allowing to use SSHFS protocol.

  1. Download the latest version of the Dokan library : http://dokan-dev.net/en/download/#dokan
  2. Install the Dokan library by running the installer
  3. Download and install the Microsoft Visual C++ 2005 SP1 Redistributable Package.
  4. Download the latest and matching version of the Dokan SSHFS support : http://dokan-dev.net/en/download/#sshfs
  5. Extract the content of the archive ( if you are using the zip version ) in C:\Program Files\Dokan
  6. To start Dokan, just run the binary DokanSSHFS.exe which is located normally in C:\Program Files\Dokan\dokan-sshfs-0.6.0.
  7. You may want to create a shortcut on your Desktop ( right click on DokanSSHFS.exe -> Send To -> Desktop ( create a shortcut )

 

Using Dokan

To use Dokan you just need to run DokanSSHFS.exe, then a window will allow to enter the different settings.

  1. Enter you connection settings ( SSH server Host, username, password or identity file ).
  2. If you want to map directly your $HOME, put the full Linux path to your home directory in Server Root.
  3. Select the Windows letter drive which will map your SSHFS drive.
  4. You can save theses settings by giving a name to the profile and then clicking on [Save] at the top of the window.
  5. Press [Connect] and if everything is fine, you should have a new  drive letter in your Windows Explorer.

 

Links :

 

Dokan SSHFS Configuration windows

Dokan SSHFS Configuration windows

First days at Orange

French ISP Orange group logo

French ISP Orange group logo

Since Monday July 4th, I’m working as a Linux sysadmin at Orange Hebex. I moved from Rouen to Sophia-Antipolis which is located in the south-west of France in the famous French Riviera. My job as a Linux sysadmin will be to ensure that the Linux servers at Orange are working fine ;-) Orange is the largest ISP in France, and have worldwide coverage. At Orange Hebex ( Hosting & Exploitations ) we are dealing with all the Orange websites and portals. I will be working more specifically on a very specific piece of this infrastructure which allow to aggregate data from different sources/data warehouses. Most servers are running Ubuntu ( some older servers running Debian are being migrated to Ubuntu LTS ) and the specific platform on which I will be working will be running PostgreSQL as database. Deployments are handled by Debian FAI , and the configuration is handled by CFengine as we have more than 3000 servers spread across 3 sites.

Even so in my daily usage at work I will be using Ubuntu ( running in a VM to which I’m connected using NX Client under Windows), I’m still planning to use Mandriva as my only desktop platform for daily use notably on my laptop. I do hope that I will still be able to contribute to the Mandriva community. I guess this will be a good opportunity for me to see why some people do prefer to use Debian/Ubuntu as servers and thus bring the best from them to Mandriva Linux distribution.

Long live to Mandriva, and long live to my former colleagues at Fiventis which are still running Mandriva Linux on all the servers, but also on the workstations ! I do still plan to keep an eye on them :-)

Ghost from the past : MSEC GUI mockup

I know that I tend to procrastinate a lot, but this time… I take nearly 1 year ! Last year I decide to draw a mockup of a new possible UI for msec. Why ?

Actual MSEC issues

Present MSEC GUI UI in Mandriva 2010

Present MSEC GUI UI in Mandriva 2010

Presently I do think that msec have several issues. IMHO most of theses issues are due to the fact that the target of these tools are not clearly defined. Here are, IMHO, the current list of issues :

  1. The UI is too much technical and require too much reading
  2. Whereas the UI is technically informative most users, even some of the skilled ones, won’t be able to tel if something is wrong or not
  3. The security parameter tab presents directly some low level settings, and even worse with a two-level tab layout. When you end up doing tabs of tab … it means that something is wrong in your UI
  4. MSEC will show the raw security check logs : this requires high technicals skills to understand, and with so many informations, you may not know if something is wrong or not. On top of that the list of world writable files is displayed, and this could be very big : users homes directories should be filtered out except $HOME/public_html if mod_userdir is installed.

 

New MSEC application UI proposal

So I decide to define the public which will use the application, and what do they expect to see. So let’s define the application goal and target:

  1. The application will be seen by the end user who may not be necessarily technically skilled
  2. As reference I will use the Microsoft Windows Security Center
  3. The application will be used to notify the user about the global security state of his computer, and only to perform some basics configuration settings
  4. More advanced/complete configuration settings should be handled by the CLI or another UI
  5. The UI should give clear visual hints to the user if something wrong or not

 

The mockup

MSEC UI mockup

MSEC UI mockup from july 2010

The mockup was done using OpenOffice.org Draw. The UI is in french but I will explain everything.

The status bar

We are going to begin … from the bottom with the status bar. The status will quickly give 2 informations: if MSEC is enabled and the current security level.

The main panel

Now we are going to detailed each elements in the main panel. All elements are constructed on the same layout :

  1. Status icon: it allows to know if the component is enabled, but also if there are some issues detected. The status icon have 5 states :
    • Green: Component enabled and no errors/issues detected
    • Orange: Component enabled but some errors/issues where detected
    • Yellow: Component enabled but there are some warnings ( not critical issues or some advised features are disabled )
    • Red: Component is disabled but it is strongly recommended to activate the component
    • Grey: Component is disabled and not required
  2. Component icon: the icon allow to easily identify the component. Most of the time the icon will be the one used by the application allowing to configure the component. This way the user will quickly recognize it when looking for it in MCC or KDE system settings ( if the component is integrated and displayed there )
  3. Component name or description: allow to see the component name or description. Some additional informations may be eventually displayed
  4. Fold/Unfold icon: the icon allow to show more about the component and notably the basics actions that can be applied to the component. Most of the time these actions will allow to enable/disable the component, consult the log concerning the components. To show the logs for a component, we’d better use a standard icon to avoid putting unnecessary text.

Now let’s have a look at the details for each components.

Firewall settings

This component will allow to know if the firewall is enabled and if there are issues.

  • status icon : red and green are straightforwards. Orange will be used if scan ports or attacked have been detected and no actions have been taken by the user or a possible system policy ( block or allow/whitelist ). It means that mandi-ifw will have to communicate about its status. Yellow will be when the firewall is enabled but some features are not enable : all ports are opened, scan port detection feature not enabled, Interactive Firewall not enabled
  • component name/description: quick summary for the firewall, may show the number of firewall rules
  • component actions: enable/disable firewall, enable/disable Interactive firewall, enable/disable scan port detection, number of detected attacks, number of rules, show firewall logs

Security Updates

This component will deal with the security update.

  • status icon : green = automatic security updates enabled and system up to date, yellow = automatic security updates enabled but system not up to date, orange = no automatic security updates and last security updates date from more than 1 or 2 weeks old, red = no automatic security updates and no security updates since 1 month or  updates disabled ( no security updates media defined ). No grey state as for me security updates should always be enabled
  • component actions : enable/disable automatic security updates, enable/disable security updates ( updates medias are defined and enabled/disabled in urpmi.cfg ), number of pending security updates, last security update check/installation, show security updates log

System integrity

This component allow to check for the system integrity and its global safety by relying on the MSEC security checks.

  • status icons: green = security checks enabled and no issues detected, yellow = security checks enabled but some warning from some security checks ( CHECK_WRITABLE, CHECK_SUID_ROOT, CHECK_USER_FILES, CHECK_PERMS, CHECK_RPM_INTEGRITY ). Orange = security checks enabled but some critical issues have been detected ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ), red = security checks disabled and eventually some critical issues have been detected from last manual check ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ) , grey = security check disabled
  • component actions: enable/disable periodic checks, security checks frequencies, enable security checks when on battery, enable/disable email notifications, enable/disable user notifications

MSEC security policy

This component allow to configure some basics MSEC security policies. The mockup lack some of the actions that should be available in this part, they will be detailed below.

  • status icons : green = msec enabled, no issues. Yellow = msec enabled but not at boot, grey = msec is disabled.
  • component actions: enable/disable msec, enable/disable msec at startup/boot show msec logs, msec security level,

Contrary to what can be seen in the mockup, I decide to replace periodic checks with system integrity as for me this is more meaningful.

Conclusion

Here was my proposal for MSEC GUI. I guess that with the new trend in Mandriva, the tool should be written using Qt Quick/QML.

Last but not least, the user notification issue should be taken care too. Indeed presently the desktop notification will just notify that a security have been done, however the user don’t know if something is wrong or not. I guess that instead we should have notifications when one of the component is in red or orange state.

So finally after nearly 1 year I do decide to talk about this mockup : I do hope this will give some interesting ideas to some Mandriva dev or contributors :-)

 

 

 

 

 

Catégories

My tweets