Ressources documentaires pour Mandriva Linux et les Logiciels Libres

Billets par Fabrice FACORAT

First days at Orange

French ISP Orange group logo

French ISP Orange group logo

Since Monday July 4th, I’m working as a Linux sysadmin at Orange Hebex. I moved from Rouen to Sophia-Antipolis which is located in the south-west of France in the famous French Riviera. My job as a Linux sysadmin will be to ensure that the Linux servers at Orange are working fine 😉 Orange is the largest ISP in France, and have worldwide coverage. At Orange Hebex ( Hosting & Exploitations ) we are dealing with all the Orange websites and portals. I will be working more specifically on a very specific piece of this infrastructure which allow to aggregate data from different sources/data warehouses. Most servers are running Ubuntu ( some older servers running Debian are being migrated to Ubuntu LTS ) and the specific platform on which I will be working will be running PostgreSQL as database. Deployments are handled by Debian FAI , and the configuration is handled by CFengine as we have more than 3000 servers spread across 3 sites.

Even so in my daily usage at work I will be using Ubuntu ( running in a VM to which I’m connected using NX Client under Windows), I’m still planning to use Mandriva as my only desktop platform for daily use notably on my laptop. I do hope that I will still be able to contribute to the Mandriva community. I guess this will be a good opportunity for me to see why some people do prefer to use Debian/Ubuntu as servers and thus bring the best from them to Mandriva Linux distribution.

Long live to Mandriva, and long live to my former colleagues at Fiventis which are still running Mandriva Linux on all the servers, but also on the workstations ! I do still plan to keep an eye on them 🙂

Ghost from the past : MSEC GUI mockup

I know that I tend to procrastinate a lot, but this time… I take nearly 1 year ! Last year I decide to draw a mockup of a new possible UI for msec. Why ?

Actual MSEC issues

Present MSEC GUI UI in Mandriva 2010

Present MSEC GUI UI in Mandriva 2010

Presently I do think that msec have several issues. IMHO most of theses issues are due to the fact that the target of these tools are not clearly defined. Here are, IMHO, the current list of issues :

  1. The UI is too much technical and require too much reading
  2. Whereas the UI is technically informative most users, even some of the skilled ones, won’t be able to tel if something is wrong or not
  3. The security parameter tab presents directly some low level settings, and even worse with a two-level tab layout. When you end up doing tabs of tab … it means that something is wrong in your UI
  4. MSEC will show the raw security check logs : this requires high technicals skills to understand, and with so many informations, you may not know if something is wrong or not. On top of that the list of world writable files is displayed, and this could be very big : users homes directories should be filtered out except $HOME/public_html if mod_userdir is installed.

 

New MSEC application UI proposal

So I decide to define the public which will use the application, and what do they expect to see. So let’s define the application goal and target:

  1. The application will be seen by the end user who may not be necessarily technically skilled
  2. As reference I will use the Microsoft Windows Security Center
  3. The application will be used to notify the user about the global security state of his computer, and only to perform some basics configuration settings
  4. More advanced/complete configuration settings should be handled by the CLI or another UI
  5. The UI should give clear visual hints to the user if something wrong or not

 

The mockup

MSEC UI mockup

MSEC UI mockup from july 2010

The mockup was done using OpenOffice.org Draw. The UI is in french but I will explain everything.

The status bar

We are going to begin … from the bottom with the status bar. The status will quickly give 2 informations: if MSEC is enabled and the current security level.

The main panel

Now we are going to detailed each elements in the main panel. All elements are constructed on the same layout :

  1. Status icon: it allows to know if the component is enabled, but also if there are some issues detected. The status icon have 5 states :
    • Green: Component enabled and no errors/issues detected
    • Orange: Component enabled but some errors/issues where detected
    • Yellow: Component enabled but there are some warnings ( not critical issues or some advised features are disabled )
    • Red: Component is disabled but it is strongly recommended to activate the component
    • Grey: Component is disabled and not required
  2. Component icon: the icon allow to easily identify the component. Most of the time the icon will be the one used by the application allowing to configure the component. This way the user will quickly recognize it when looking for it in MCC or KDE system settings ( if the component is integrated and displayed there )
  3. Component name or description: allow to see the component name or description. Some additional informations may be eventually displayed
  4. Fold/Unfold icon: the icon allow to show more about the component and notably the basics actions that can be applied to the component. Most of the time these actions will allow to enable/disable the component, consult the log concerning the components. To show the logs for a component, we’d better use a standard icon to avoid putting unnecessary text.

Now let’s have a look at the details for each components.

Firewall settings

This component will allow to know if the firewall is enabled and if there are issues.

  • status icon : red and green are straightforwards. Orange will be used if scan ports or attacked have been detected and no actions have been taken by the user or a possible system policy ( block or allow/whitelist ). It means that mandi-ifw will have to communicate about its status. Yellow will be when the firewall is enabled but some features are not enable : all ports are opened, scan port detection feature not enabled, Interactive Firewall not enabled
  • component name/description: quick summary for the firewall, may show the number of firewall rules
  • component actions: enable/disable firewall, enable/disable Interactive firewall, enable/disable scan port detection, number of detected attacks, number of rules, show firewall logs

Security Updates

This component will deal with the security update.

  • status icon : green = automatic security updates enabled and system up to date, yellow = automatic security updates enabled but system not up to date, orange = no automatic security updates and last security updates date from more than 1 or 2 weeks old, red = no automatic security updates and no security updates since 1 month or  updates disabled ( no security updates media defined ). No grey state as for me security updates should always be enabled
  • component actions : enable/disable automatic security updates, enable/disable security updates ( updates medias are defined and enabled/disabled in urpmi.cfg ), number of pending security updates, last security update check/installation, show security updates log

System integrity

This component allow to check for the system integrity and its global safety by relying on the MSEC security checks.

  • status icons: green = security checks enabled and no issues detected, yellow = security checks enabled but some warning from some security checks ( CHECK_WRITABLE, CHECK_SUID_ROOT, CHECK_USER_FILES, CHECK_PERMS, CHECK_RPM_INTEGRITY ). Orange = security checks enabled but some critical issues have been detected ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ), red = security checks disabled and eventually some critical issues have been detected from last manual check ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ) , grey = security check disabled
  • component actions: enable/disable periodic checks, security checks frequencies, enable security checks when on battery, enable/disable email notifications, enable/disable user notifications

MSEC security policy

This component allow to configure some basics MSEC security policies. The mockup lack some of the actions that should be available in this part, they will be detailed below.

  • status icons : green = msec enabled, no issues. Yellow = msec enabled but not at boot, grey = msec is disabled.
  • component actions: enable/disable msec, enable/disable msec at startup/boot show msec logs, msec security level,

Contrary to what can be seen in the mockup, I decide to replace periodic checks with system integrity as for me this is more meaningful.

Conclusion

Here was my proposal for MSEC GUI. I guess that with the new trend in Mandriva, the tool should be written using Qt Quick/QML.

Last but not least, the user notification issue should be taken care too. Indeed presently the desktop notification will just notify that a security have been done, however the user don’t know if something is wrong or not. I guess that instead we should have notifications when one of the component is in red or orange state.

So finally after nearly 1 year I do decide to talk about this mockup : I do hope this will give some interesting ideas to some Mandriva dev or contributors 🙂

 

 

 

 

 

I’m a man, I’m Linux, I’m a Linux man : Happy 20th birthday !

Indeed, since April 7th, Linux Foundation start the celebrations of the 20th birthday of Linux ! As a happy Linux user and contributor since more than 13 years, I do wish a truly happy birthday to Linux i.e to all of the Linux developers/testers/ packagers/promoters/users : WE are Linux. Happy birthday to us !

Links

Installing the HTC IME keyboard under a non-HTC Androïd phone

clavier_htc_nexus_one_miniPresently I’m using an Acer Liquid Metal as my phone. This Androïd phone is running under Androïd 2.2 ( Froyo ), and they keyboard is pretty the stock Androïd keyboard. However my first smartphone was the HTC Legend, and this phone was using the awesome HTC IME keyboard : IMHO the best Androïd keyboard. So I decide to install the HTC IME in my Acer Liquid Metal. I will be using the Androïd SDK and the adb command to install the keyboard, so please read before my previous tutorial explaining how to install applications in an Androïd from a computer runnning Linux : Installing applications to your Androïd phone from your computer using Mandriva.

Download the HTC IME

First you need to download the HTC IME packages on the XDA developpers forum : http://forum.xda-developers.com/showthread.php?t=624416.

You will have to choose the right version :

Once you download the right archive, extract its content in the /tmp/HTC_ime directory. For someone using the High resolution version (Froyo/2.2), this will be : unzip htc_ime_jonasl_hires22_27.zip -d /tmp/HTC_ime.

Install the keyboard

Now if you have a file manager installed in your Androïd phone like Astro File Manager, you can just copy the .apk file to your phone SDcard, and then use Astro  to install them. Here I will explain how to do it using the Androïd SDK.

  • if you are not using the Sense UI ( so not using an HTC phone ), you are advised to install the Clicker UI apk file :  adb install -r /tmp/HTC_ime/Clicker_hi.apk
  • to install the HTC IME keyboard, just install the HTC_IME apk file : adb install -r /tmp/HTC_ime/HTC_IME_hi22.apk

Enable the keyboard

  • Enable the keyboard : Settings -> Language & keyboard and select HTC_IME mod
  • Click on HTC_IME mod/HTC_IME mod settings to configure the keyboard. Here you will be able to select the keyboard layout, the keyboard language for the dictionary ( French, English, … ), the keyboard text input, etc ….
    • Text Input : you may want to activate the spell checking and the prediction feature. Theses settings can be activated individually for each keyboard ( QWERTY, Hardware QWERTY for physical keyboards, phone & QWERTY compact ). Don’t hesitate to calibrate the keyboard for you, especially if you have big fingers and tend to select the wrong keypads 😉
    • Mods by jonasl@xda -> Language selection : just enable the languages that you are going to really use : this will help speeding up the keyboard and lower its memory footprint
  • If you did notice that some of your settings are not applied, you can reboot your phone, or make the keyboard commit suicide : Settings -> Language & keyboard -> HTC_IME mod -> Tools -> Kill keyboard
  • To switch to the HTC IME keyboard, just go to a text entry field ( for example try writing a SMS ), and then do a long press in the field -> Input mode -> [x] HTC_IME mod

Happy HTC keyboard usage 🙂

References :

Installing applications to your Androïd phone from your computer using Mandriva

Sometimes it can be useful to be able to install Androïd packages ( apk ) from your computer. This could be useful if you don’t have 3G/wifi access on your phone, or no Google accounts configured. For this, you will have to install the Androïd SDK and use the adb tool. Here is the procedure.

Phone configuration

  1. Allow to install applications from unknown sources ( i.e not from Androïd market ) : Settings -> Applications -> [x] Unknown Source
  2. Turn on USB debugging : Settings -> Applications -> Development -> [x] USB debugging

Computer configuration

  1. Now  add an udev rule to allow Linux to recognize your phone. For this you need the USB vendor Id which can be found in android developer page : http://d.android.com/guide/developing/device.html#VendorIds
  2. Now that you have your USB Vendor Id, create as root the udev rule named 51-android.rules in /etc/udev/rules.d. Replace XXXX by your USB Vendor Id : echo ‘SUBSYSTEM== »usb », SYSFS{idVendor}== »XXXX », MODE= »0666″‘ > /etc/udev/rules.d/51-android.rules
  3. If you plan to do Androïd development, install the java SDK : urpmi java-1.6.0-sun-devel
  4. Download the Androïd SDK from developer.android.com SDK page
  5. Once done, as root extract the archive to the /opt directory : tar -zxvf android-sdk_*-linux_x86.tgz -C /opt
  6. Now start the Android SDK and AVD Manager to install the missing SDK components and notably the adb tool by starting the android executable located in the tools directory : /opt/android-sdk-linux_x86/tools/android
  7. Once started, go to Available packages -> Android Repository, and select [x] Android SDK Platform-tool, then click on [Install selected] and accept the license agreement.
  8. Now you can close the Android SDK and AVD Manager.
  9. Add a symlink to the adb executable in /usr/local/bin to allow adb to be in your PATh : ln -s /opt/android-sdk-linux_x86/platform-tools/adb /usr/local/bin/
  10. check that your device is detected with the following command : adb devices

Application installation

  1. Download your apk file.
  2. Install your apk file with the following command : adb install -r myapkpackage.apk
  3. You can download apk packages from sites like :

References

Upgrading from Mandriva 2010.1 to Mandriva 2011 TP/Cooker

With the migration of Mandriva from rpm 4.6 to rpm 5.x, upgrading from a previous Mandriva release is not straightforward. So here are some tips to have a smooth upgrade :

  1. Install the perl-URPM 3.37 package available in main/testing repository ( 32 bits link, 64 bits link )
  2. remove all your current media : urpmi.removemedia -a
  3. add cooker media : urpmi.addmedia --distrib --mirrorlist 'http://api.mandriva.com/mirrors/basic.cooker.$ARCH.list'
  4. upgrade your Mandriva installation : urpmi --auto-update

If you have issues and error message like Unable to open /usr/lib/rpm/rpmrc for reading then it means that perl-URPM have not been updated and the rpm database conversion is not complete. Indeed part of the conversion of the rpm database is handled by perl-URPM, so if the new version is not installed, then your database end up not being completly converted. So to do this, you will have to download the latest perl-URPM version in cooker repository, extract its content with rpm2cpio, and then initiate the conversion :

  1. download the perl-URPM 4 and urpmi packages in cooker main/release repository in /tmp/rpm5
  2. as root, go the previous directory : cd /tmp/rpm5
  3. extract perl-URPM content with rpm2cpio in the current /tmp/rpm5 directory : rpm2cpio perl-URPM-4*.rpm | cpio -idmv
  4. extract urpmi package content with rpm2cpio in the current /rpm/rpm5 directory : rpm2cpio urpmi*.rpm | cpio -idmv
  5. in the /tmp/rpm5 initiate the rpm database conversion : perl -I. -Murpm -e 'URPM::DB::convert("/", "btree", 1, 1)'
  6. now install the urpmi and perl-URPM package : rpm -Uvh *.rpm
  7. You can finish to upgrade your system : urpmi --auto-update

Normally you system should be updated to the latest cooker release. Happy testing !!! 🙂

Pensée du jour : monogamy vs polygamy

I’ve just read a very interesting article concerning monogamy. I did always think that human by nature are not monogamous but religion, society, culture and will power can make a human be monogamous. I do also think that men and women are not feeling the same during a relationship, and that notably men may practice infidelity more easily. In another interesting article, les origines animales de nos pratiques sexuelles ( in french ), they said that in animals societies where males are taller than females, they tend to be polygamous : this theory is developped in sexual dimorphism related studies.

Why a monogamous relationship may fail :

    When the non-monogamous relationship falls apart, everyone blames non-monogamy. When a monogamous relationship falls apart, nobody blames monogamy. I have observed so many relationships that were otherwise decent that could have survived for the long haul if people had just been allowed to be off leash every once in a while – which does not mean anything goes.

    Another part concerning the serial monogamists :

So many of these letters end with, “And I know what I’m talking about because every one of my relationships has been monogamous.” What they’re saying then is they have started and ended and started and ended. They are serial monogamists, that when they get bored and need a little variety, they end a relationship and then move on.

Monogamy vs commitment :

you, every one of your relationships has been monogamous, you’re doing it right? Because we value monogamy over commitment.

References :

Music tagging made easy with MusicBrainz

I must admit that I have a big collection of music files. Tagging correctly theses files take a long time, and the queue of files waiting to be tagged is becoming quite big. Whereas this was optional before, I do appreciate now to have the album covert art as it can be displayed when listening to my music on my Androïd based phone ( Acer Liquid Metal ). So I decide to look for a solution allowing to automatically tag my musics files, and if possible automatically recognize the song, and also fetch the album covert art. I found the solution while reading the latest Amarok 2.4 release note. Amarok is a very good music player developed for the KDE desktop under Linux, but which can be used in others D.E and Operating System : please feel free to visit the Amarok download page 🙂

In the Amarok 2.4 release, they added music tagging using MusicBrainz. Whereas i had already heard about MusicBrainz, I had never really check what MusicBrainz was offering as features. So I decide to take a look at the MusicBrainz Wikipedia page … What can I say ? MusicBrainz is just awesome especially thanks to the acoustic fingerprinting feature ( PUID ) which allow to recognized a song from its acoustic fingerprint : no need to worry about tags or  filename, just feed it with the music file, and it will detect the song and filled the tags. MusicBrainz allows also to retrieve the album covert art. Last but not least, MusicBrainz service is free and people can contribute their data to increase and improve the database !

Ensure about the fact that Amarok was using the acoustic fingerprint feature, I decide to consult the MusicBrainz enabled applications page. There were many Linux applications listed like Amarok, Audacious, Banshee. However the most interesting one was MusicBrainz Picard : a python based application, supported by MusicBrainz, cross-platform ( Windows, Mac, Linux ), supporting acoustic fingerprint recognition and of course … free.

MusicBrainz Picard application screenshot

Installing MusicBrainz Picard under Linux Mandriva is very easy using urpmi : urpmi picard. To start the application, you just need to launch the picard binary, or use the entry menu in Sound & Video -> More -> MusicBrainz Picard. Here are some advices to a smooth experience :

  • Enable covert art retrieval support, by activating  the corresponding plugin in Options -> Options -> Plugins.
  • Enable automatic scan in Options -> Options -> Generals ->[ ] Automatically analyze new files.
  • Display by default the album covert art in the right lower part of the main window in View -> Covert art.

Now you just need to add a file or a directory, and Picard will scan. On the right pane, you will have the estimated album names ( Picard view is album oriented ). When clicking on the album name, you will see the list of songs for the albums, and your files will appeared with a green or orange rectangle at the front. Double-click on the song ( or right click -> Details ) to display its properties, the album covert art ( if found ). You have the possibility if you want to edit the metadata. To save the change, select the song or the album, and then do right click -> Save or CTRL+S.

Happy tagging !

PLUS »

Some Mandriva 2010 Spring Reviews

Here are some Mandriva 2010 Spring reviews I found on the web thanks to http://www.tuxmachines.org/ :

Support du blog en plusieurs langues

J’ai installé le plugin WPML qui permet de supporter plusieurs langues différentes pour mon blog. On peut passer d’une langue à l’autre via le widget qui se trouve en haut à droite du site, ou via les liens qui se trouvent tout en bas des pages.

  • Par défaut les billets techniques ou relatifs à Linux ou mandriva seront principalement dans la partie anglaise du site.
  • La partie française, accessible via l’URL http://www.linux-wizard.net/fr/, regroupera principalement mes billets persos, et éventuellement quelques billets techniques.
  • Les documentations techniques qui seront disponible sur ce site seront principalement en français.

Bonne lecture !

Catégories

My Tweets