Ressources documentaires pour Mandriva Linux et les Logiciels Libres

Billets dans la catégorie Misc

Seen at Orange Portails, Mougins #car #lotus #forsale

Seen at Orange Portails, Mougins #car #lotus #forsale

PostgreSQL tips : quickly add a surrogate key column

Suppose that you want to add a surrogate key to a table in PostgreSQL to help you quickly identify each rows in a unique way. You can do this easily and quickly by just adding a SERIAL type column. When adding a SERIAL type column to an already filled table, PostgreSQL will automatically fill the column with some values.
To ensure your surrogate key uniqueness, don’t forget to add the UNIQUE constraint : on top of that this will create an index, thus speeding up your join queries on this column.

[sql light= »true »]ALTER TABLE mytable ADD COLUMN id SERIAL UNIQUE;[/sql]

PLUS »

Sightseeing in Nice

Sightseeing in Nice

votez pour Babason !!! :)

votez pour Babason !!! 🙂

Quel est votre groupe préféré ?

so true :)

so true 🙂

Les chats – Partagez échangez et retrouvez chaques jours les meilleures images, images droles sur demotivateur.fr.

Using Dokan under Windows to mount your $HOME with SSH

Linux Windows cooperationAt work we are using Windows workstations, but we are working most of the time in our Virtual Machine, hosted in a Cloud, running under Linux. We have access to our Linux VM with NXClient or by using Putty. If you want to transfer some files from your Windows workstations to your Linux VM, several solutions exists. Most solutions are using the built-in SFTP server of OpenSSH : Filezilla, WinSCP. Their drawbacks ? They are just some FTP-like clients, and so you lack integration with Windows, notably the Windows Explorer.

Under Linux we can use SSHFS to mount your SSH server as a filesystem. Nautilus and Dolphin, at least, allow also to mount your remote SSH server in your local filesystem. Under Windows there are 2 solutions : ExpanDrive which a proprietary solution, and Dokan which is an OpenSource and Free implementation of a FUSE-like filesystem.

 

Installing Dokan

In fact Dokan is not really a program but a library implementing a FUSE-like filesystem. So for SSHFS support, you need to install the Dokan library, and then after, you will install the module allowing to use SSHFS protocol.

  1. Download the latest version of the Dokan library : http://dokan-dev.net/en/download/#dokan
  2. Install the Dokan library by running the installer
  3. Download and install the Microsoft Visual C++ 2005 SP1 Redistributable Package.
  4. Download the latest and matching version of the Dokan SSHFS support : http://dokan-dev.net/en/download/#sshfs
  5. Extract the content of the archive ( if you are using the zip version ) in C:\Program Files\Dokan
  6. To start Dokan, just run the binary DokanSSHFS.exe which is located normally in C:\Program Files\Dokan\dokan-sshfs-0.6.0.
  7. You may want to create a shortcut on your Desktop ( right click on DokanSSHFS.exe -> Send To -> Desktop ( create a shortcut )

 

Using Dokan

To use Dokan you just need to run DokanSSHFS.exe, then a window will allow to enter the different settings.

  1. Enter you connection settings ( SSH server Host, username, password or identity file ).
  2. If you want to map directly your $HOME, put the full Linux path to your home directory in Server Root.
  3. Select the Windows letter drive which will map your SSHFS drive.
  4. You can save theses settings by giving a name to the profile and then clicking on [Save] at the top of the window.
  5. Press [Connect] and if everything is fine, you should have a new  drive letter in your Windows Explorer.

 

Links :

 

Dokan SSHFS Configuration windows

Dokan SSHFS Configuration windows

First days at Orange

French ISP Orange group logo

French ISP Orange group logo

Since Monday July 4th, I’m working as a Linux sysadmin at Orange Hebex. I moved from Rouen to Sophia-Antipolis which is located in the south-west of France in the famous French Riviera. My job as a Linux sysadmin will be to ensure that the Linux servers at Orange are working fine 😉 Orange is the largest ISP in France, and have worldwide coverage. At Orange Hebex ( Hosting & Exploitations ) we are dealing with all the Orange websites and portals. I will be working more specifically on a very specific piece of this infrastructure which allow to aggregate data from different sources/data warehouses. Most servers are running Ubuntu ( some older servers running Debian are being migrated to Ubuntu LTS ) and the specific platform on which I will be working will be running PostgreSQL as database. Deployments are handled by Debian FAI , and the configuration is handled by CFengine as we have more than 3000 servers spread across 3 sites.

Even so in my daily usage at work I will be using Ubuntu ( running in a VM to which I’m connected using NX Client under Windows), I’m still planning to use Mandriva as my only desktop platform for daily use notably on my laptop. I do hope that I will still be able to contribute to the Mandriva community. I guess this will be a good opportunity for me to see why some people do prefer to use Debian/Ubuntu as servers and thus bring the best from them to Mandriva Linux distribution.

Long live to Mandriva, and long live to my former colleagues at Fiventis which are still running Mandriva Linux on all the servers, but also on the workstations ! I do still plan to keep an eye on them 🙂

Ghost from the past : MSEC GUI mockup

I know that I tend to procrastinate a lot, but this time… I take nearly 1 year ! Last year I decide to draw a mockup of a new possible UI for msec. Why ?

Actual MSEC issues

Present MSEC GUI UI in Mandriva 2010

Present MSEC GUI UI in Mandriva 2010

Presently I do think that msec have several issues. IMHO most of theses issues are due to the fact that the target of these tools are not clearly defined. Here are, IMHO, the current list of issues :

  1. The UI is too much technical and require too much reading
  2. Whereas the UI is technically informative most users, even some of the skilled ones, won’t be able to tel if something is wrong or not
  3. The security parameter tab presents directly some low level settings, and even worse with a two-level tab layout. When you end up doing tabs of tab … it means that something is wrong in your UI
  4. MSEC will show the raw security check logs : this requires high technicals skills to understand, and with so many informations, you may not know if something is wrong or not. On top of that the list of world writable files is displayed, and this could be very big : users homes directories should be filtered out except $HOME/public_html if mod_userdir is installed.

 

New MSEC application UI proposal

So I decide to define the public which will use the application, and what do they expect to see. So let’s define the application goal and target:

  1. The application will be seen by the end user who may not be necessarily technically skilled
  2. As reference I will use the Microsoft Windows Security Center
  3. The application will be used to notify the user about the global security state of his computer, and only to perform some basics configuration settings
  4. More advanced/complete configuration settings should be handled by the CLI or another UI
  5. The UI should give clear visual hints to the user if something wrong or not

 

The mockup

MSEC UI mockup

MSEC UI mockup from july 2010

The mockup was done using OpenOffice.org Draw. The UI is in french but I will explain everything.

The status bar

We are going to begin … from the bottom with the status bar. The status will quickly give 2 informations: if MSEC is enabled and the current security level.

The main panel

Now we are going to detailed each elements in the main panel. All elements are constructed on the same layout :

  1. Status icon: it allows to know if the component is enabled, but also if there are some issues detected. The status icon have 5 states :
    • Green: Component enabled and no errors/issues detected
    • Orange: Component enabled but some errors/issues where detected
    • Yellow: Component enabled but there are some warnings ( not critical issues or some advised features are disabled )
    • Red: Component is disabled but it is strongly recommended to activate the component
    • Grey: Component is disabled and not required
  2. Component icon: the icon allow to easily identify the component. Most of the time the icon will be the one used by the application allowing to configure the component. This way the user will quickly recognize it when looking for it in MCC or KDE system settings ( if the component is integrated and displayed there )
  3. Component name or description: allow to see the component name or description. Some additional informations may be eventually displayed
  4. Fold/Unfold icon: the icon allow to show more about the component and notably the basics actions that can be applied to the component. Most of the time these actions will allow to enable/disable the component, consult the log concerning the components. To show the logs for a component, we’d better use a standard icon to avoid putting unnecessary text.

Now let’s have a look at the details for each components.

Firewall settings

This component will allow to know if the firewall is enabled and if there are issues.

  • status icon : red and green are straightforwards. Orange will be used if scan ports or attacked have been detected and no actions have been taken by the user or a possible system policy ( block or allow/whitelist ). It means that mandi-ifw will have to communicate about its status. Yellow will be when the firewall is enabled but some features are not enable : all ports are opened, scan port detection feature not enabled, Interactive Firewall not enabled
  • component name/description: quick summary for the firewall, may show the number of firewall rules
  • component actions: enable/disable firewall, enable/disable Interactive firewall, enable/disable scan port detection, number of detected attacks, number of rules, show firewall logs

Security Updates

This component will deal with the security update.

  • status icon : green = automatic security updates enabled and system up to date, yellow = automatic security updates enabled but system not up to date, orange = no automatic security updates and last security updates date from more than 1 or 2 weeks old, red = no automatic security updates and no security updates since 1 month or  updates disabled ( no security updates media defined ). No grey state as for me security updates should always be enabled
  • component actions : enable/disable automatic security updates, enable/disable security updates ( updates medias are defined and enabled/disabled in urpmi.cfg ), number of pending security updates, last security update check/installation, show security updates log

System integrity

This component allow to check for the system integrity and its global safety by relying on the MSEC security checks.

  • status icons: green = security checks enabled and no issues detected, yellow = security checks enabled but some warning from some security checks ( CHECK_WRITABLE, CHECK_SUID_ROOT, CHECK_USER_FILES, CHECK_PERMS, CHECK_RPM_INTEGRITY ). Orange = security checks enabled but some critical issues have been detected ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ), red = security checks disabled and eventually some critical issues have been detected from last manual check ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ) , grey = security check disabled
  • component actions: enable/disable periodic checks, security checks frequencies, enable security checks when on battery, enable/disable email notifications, enable/disable user notifications

MSEC security policy

This component allow to configure some basics MSEC security policies. The mockup lack some of the actions that should be available in this part, they will be detailed below.

  • status icons : green = msec enabled, no issues. Yellow = msec enabled but not at boot, grey = msec is disabled.
  • component actions: enable/disable msec, enable/disable msec at startup/boot show msec logs, msec security level,

Contrary to what can be seen in the mockup, I decide to replace periodic checks with system integrity as for me this is more meaningful.

Conclusion

Here was my proposal for MSEC GUI. I guess that with the new trend in Mandriva, the tool should be written using Qt Quick/QML.

Last but not least, the user notification issue should be taken care too. Indeed presently the desktop notification will just notify that a security have been done, however the user don’t know if something is wrong or not. I guess that instead we should have notifications when one of the component is in red or orange state.

So finally after nearly 1 year I do decide to talk about this mockup : I do hope this will give some interesting ideas to some Mandriva dev or contributors 🙂

 

 

 

 

 

I’m a man, I’m Linux, I’m a Linux man : Happy 20th birthday !

Indeed, since April 7th, Linux Foundation start the celebrations of the 20th birthday of Linux ! As a happy Linux user and contributor since more than 13 years, I do wish a truly happy birthday to Linux i.e to all of the Linux developers/testers/ packagers/promoters/users : WE are Linux. Happy birthday to us !

Links

Pensée du jour : monogamy vs polygamy

I’ve just read a very interesting article concerning monogamy. I did always think that human by nature are not monogamous but religion, society, culture and will power can make a human be monogamous. I do also think that men and women are not feeling the same during a relationship, and that notably men may practice infidelity more easily. In another interesting article, les origines animales de nos pratiques sexuelles ( in french ), they said that in animals societies where males are taller than females, they tend to be polygamous : this theory is developped in sexual dimorphism related studies.

Why a monogamous relationship may fail :

    When the non-monogamous relationship falls apart, everyone blames non-monogamy. When a monogamous relationship falls apart, nobody blames monogamy. I have observed so many relationships that were otherwise decent that could have survived for the long haul if people had just been allowed to be off leash every once in a while – which does not mean anything goes.

    Another part concerning the serial monogamists :

So many of these letters end with, “And I know what I’m talking about because every one of my relationships has been monogamous.” What they’re saying then is they have started and ended and started and ended. They are serial monogamists, that when they get bored and need a little variety, they end a relationship and then move on.

Monogamy vs commitment :

you, every one of your relationships has been monogamous, you’re doing it right? Because we value monogamy over commitment.

References :

Catégories

My Tweets