Using a variant of Debian’s Iceweasel that keeps pace with Firefox
5th February 2013Left to its own devices, Debian will leave you with an ever ageing re-branded version of Firefox that was installed at the same time as the rest of the operating system. From what I have found, the main cause of this was that Mozilla’s wanting to retain control of its branding and trademarks in a manner not in keeping with Debian’s Free Software rules. This didn’t affect just Firefox but also Thunderbird, Sunbird and Seamonkey with Debian’s equivalents for these being IceDove, IceOwl and IceApe, respectively.
While you can download a tarball of Firefox from the web and use that, it’d be nice to get a variant that updated through Debian’s normal apt-get channels. In fact, IceWeasel does get updated whenever there is a new release of Firefox even if these updates never find their way into the usual repositories. While I have been know to take advantage of the more frozen state of Debian compared with other Linux distributions, I don’t mind getting IceWeasel updated so it isn’t a security worry.
The first step in so doing is to add the following lines to /etc/apt/sources.list using root access (using sudo, gksu or su to assume root privileges) since the file normally cannot be edited by normal users:
deb http://backports.debian.org/debian-backports squeeze-backports main
deb http://mozilla.debian.net/ squeeze-backports iceweasel-release
With the file updated and saved, the next step is to update the repositories on your machine using the following command:
sudo apt-get update
With the above complete, it is time to overwrite the existing IceWeasel installation with the latest one using an apt-get command that specifies the squeeze-backports repository as its source using the -t switch. While IceWeasel is installed from the iceweasel-release squeeze-backports repository, there dependencies that need to be satisfied and these come from the main squeeze-backports one. The actual command used is below:
sudo apt-get install -t squeeze-backports iceweasel
While that was all that I needed to do to get IceWeasel 18.0.1 in place, some may need the pkg-mozilla-archive-keyring package installed too. For those needing more information that what’s here, there’s always the Debian Mozilla team.
A waiting game
20th August 2011Having been away every weekend in July, I was looking forward to a quiet one at home to start August. However, there was a problem with one of my websites hosted by Fasthosts that was set to occupy me for the weekend and a few weekday evenings afterwards.
The issue appeared to be slow site response so I followed advice given to me by second line support when this website displayed the same type of behaviour: upgrade from Apache 1.3 to 2.2 using the control panel. Unfortunately for me, that didn’t work smoothly at all and there seemed to be serious file loss as a result. Raising a ticket with the support desk only got me the answer that I had to wait for completion and I now have come to the conclusion that the migration process may have got stuck somewhere along the way. Maybe another ticket is in order.
There were a number of causes of the waiting that gave rise to the title of this post. Firstly, support for low costing isn’t exactly timely and I do wonder if it’s any better for more prominent websites. Restoration of websites by FTP is another activity that takes up plenty of time as does rebuilding databases and populating them with data. Lastly, there’s changing the DNS details for a website. In hindsight, there may be ways of reducing the time demands of these. For instance, contacting a support team by telephone may be quicker unless there is a massive queue awaiting attention and there was a wait of several hours one night when a security changeover affected a multitude of Fasthosts users. Of course, it is not a panacea at the best of times as we have known since all those stories began to do the rounds in the middle of the 1990’s. Doing regular backups would help the second though the ones that I was using for the restoration weren’t too bad at all. Nevertheless, they weren’t complete so there was unfinished business that required resolution later. The last of these is helped along by more regular PC restarts so that unexpected discovery will remain a lesson for the future though I don’t plan on moving websites around for a while. After all, getting DNS details propagated more quickly really is a big help.
While awaiting a response from Fasthosts, I began to ponder the idea of using an alternative provider. Perusal of the latest digital edition of .Net (I now subscribe to the non-paper edition so as to cut down on the clutter caused by having paper copies about the place) ensued before I decided to investigate the option of using Webfusion. Having decided to stick with shared hosting, I gave their Unlimited Linux option a go. For someone accustomed to monthly billing, it was unusual to see annual biannual and triannual payment schemes too. The first of these appears to be the default option so a little care and attention is needed if you want something else. In order to encourage you to stay with Webfusion longer, the per month is on sliding scale: the longer the period you buy, the lower the cost of a month’s hosting.
Once the account was set up, I added a database and set to the long process of uploading files from my local development site using FileZilla. Having got a MySQL backup from the Fasthosts site, I used the provided PHPMyAdmin interface to upload the data in pieces not exceeding the 8 MB file size limitation. It isn’t possible to connect remotely to the MySQL server using the likes of MySQL Administrator so I bear with this not so smooth process. SSH is another connection option that isn’t available but I never use it much on Fasthosts sites anyway. There were some questions to the support people along and the first of these got a timely answer though later ones took longer before I got an answer. Still, getting advice on the address of the test website was a big help while I was sorting out the DNS changeover.
Speaking of the latter, it took a little doing and not little poking around Webfusion’s FAQ’s before I made it happen. First, I tried using name servers that I found listed in one of the articles but this didn’t seem to achieve the end that I needed. Mind you, I would have seen the effects of this change a little earlier if I had rebooted my PC earlier than I did than I did but it didn’t occur to me at the time. In the end, I switched to using my domain provider’s name servers and added the required information to them to get things going. It was then that my website was back online in some fashion so I could any outstanding loose ends.
With the site essentially operating again, it was time to iron out the rough edges. The biggest of these was that MOD_REWRITE doesn’t seem to work the same on the Webfusion server like it does on the Fasthosts ones. This meant that I needed to use the SCRIPT_URI CGI variable instead of PATH_INFO in order to keep using clean URL’s for a PHP-powered photo gallery that I have. It took me a while to figure that out and I felt much better when I managed to get the results that I needed. However, I also took the chance to tidy up site addresses with redirections in my .htaccess file in an attempt to ensure that I lost no regular readers, something that I seem to have achieved with some success because one such visitor later commented on a new entry in the outdoors blog.
Once any remaining missing images were instated or references to them removed, it was then time to do a full backup for sake of safety. The first of these activities was yet another consumer while the second didn’t take so long and I need to do this more often in case anything happens. Hopefully though, the relocated site’s performance continues to be as solid as it is now.
The question as to what to do with the Fasthosts webspace remains outstanding. Currently, they are offering free upgrades to existing hosting packages so long as you commit for a year. After my recent experience, I cannot say that I’m so sure about doing that kind of thing. In fact, the observation leaves me wondering if instating that very extension was the cause of breaking my site. In fact, it appears that the migration from Apache 1.3 to 2.2 seems to have got stuck for whatever reason. Maybe another ticket should be raised but I am not decided on that yet. All in all, what happened to that Fasthosts website wasn’t the greatest of experiences but the service offered by Webfusion is rock solid thus far. While wondering if the service from Fasthosts wasn’t as good as it once was, I’ll keep an open mind and wait to see if my impressions change over time.
Tinkering with Textpattern
26th April 2011Textpattern 5 may be on the way but that isn’t to say that work on the 4.x branch is completely stopped though it is less of a priority at the moment. After all, version 4.40 was slipped out not so long ago as a security release, a discovery that I made while giving a section of my outdoors website a spring refresh. During that activity, the TinyMCE plugin started to grate with its issuing of error messages in the form of dialogue boxes needing user input to get rid of them every time an article was opened or saved. Because of that nuisance, the guilty hak_tinymce plugin was ejected with joh_admin_ckeditor replacing it and bringing CKEditor into use for editing my Textpattern articles. It is working well though the narrow editing area is causing the editor toolbars to take up too much vertical space but you can resize the editor to solve this though it would be better if it could be made to remember those size settings.
Another find was atb_editarea, a plugin that colour codes (X)HTML, PHP and CSS by augmenting the standard text editing for pages and stylesheets in the Presentation part of the administration interface. If I had this at the start of my redesign, it would have made doing the needful that bit more user-friendly than the basic editing facilities that Textpattern offers by default. Of course, the tinkering never stops so there’s no such thing as finding something too late in the day for it to be useful.
Textpattern may not be getting the attention that some of its competitors are getting but it isn’t being neglected either; its users and developer community see to that. Saying that, it needs to get better at announcing new versions of the CMS so they don’t slip by the likes of me who isn’t looking all the time. With a major change of version number involved, curiosity is aroused as what is coming next. So far, Textpattern appears to be taking an evolutionary course and there’s a lot to be said for such an approach.
Deauthorising Adobe Digital Editions software
12th March 2011My being partial to the occasional eBook has meant my encountering Adobe’s Digital Editions. While I wonder why the functionality cannot be be included in the already quite bulky Adobe Reader, it does exist and some publishers used it to ensure that their books are not as easily pirated. In my case, it is a certain publisher of walking guidebooks that uses it and I must admit to being a sometime fan of their wares. At first, I was left wondering how they thought that Digital Editions was the delivery means that would ensure that they do not lose out from sharing of copies of eBooks but a recent episode has me seeing what they see.
One of the nice things that it allows is the sharing of eBooks between different computers using your Adobe account. Due to my own disorganisation, I admit to having more than one though I am not entirely sure why I ended up doing that. The result was that I ended entering the wrong credentials intro the Digital Editions instance on my Toshiba laptop and I needed to get rid of them in order to enter the correct ones. It is when you try doing things like this that you come to realise how basic and slimmed down this software is. After a Google search, I encountered the very keyboard shortcut about which even the help didn’t seem to want to tell me: Control+Shift+D. That did the required deauthorisation for me to be able to read eBooks bought and downloaded onto another computer. Maybe Digital Editions does its job to lessen the chances after all. Of course, I cannot see the system being perfect or unbreakable but a lot of our security is there to deter the opportunists rather than the more determined.
Taking SUDO beyond Ubuntu
27th October 2010Though some may call it introducing a security risk, being able to execute administrator commands in Ubuntu using SUDO and GKSU by default is handy. It’s not the only Linux distribution with the facility though because the /etc/sudoers file is found in Debian and I plan to have a look into Fedora. The thing that is needs to be done is to add the following line to the aforementioned file (you will need to do this as root):
[your user name] ALL=(ALL) ALL
One that is done, you are all set. Just make sure that you’re using a secure password though and removing the SUDO/GKSU permissions is as simple as reversing the change.
Update on 2011-12-03: The exact same can be done for both Arch Linux and Fedora, The same file locations apply too.
Relocating the Apache web server document root directory in Fedora 12
9th April 2010So as not to deface anything that is available online on the web, I have a tendency to set up an offline Apache server on a home PC to do any tinkering away from the eyes of the unsuspecting public. Though Ubuntu is my mainstay for home computing, I do have a PC with Fedora installed and I have been trying to get an Apache instance starting automatically on there without success for a few months. While I can start it by running the following command as root, I’d rather not have more manual steps than is necessary.
httpd -k start
The command used by the system when it starts is different and, even when manually run as root, it failed with messages saying that it couldn’t find the directory while the web server files are stored. Here it is:
service httpd start
The default document root location on any Linux distribution that I have seen is /var/www and all is very well with this but it isn’t a safe place to leave things if ever a re-installation is needed. Having needed to wipe /var after having it on a separate disk or partition for the sake of one installation, it doesn’t look so persistent to me. In contrast, you can safeguard /home by having it on another disk or in a dedicated partition and it can be retained even when you change the distro that you’re using. Thus, I have got into the habit of having the root of the web server document root folder in my home area and that is where I have been seeing the problem.
Because of the access message, I tried using chmod and chgrp but to no avail. The remedy has to do with reassigning the security contexts used by SELinux. In Fedora, Apache will not work with the context user_home_t that is usually associated with home directories but needs httpd_sys_content_t instead. To find out what contexts are associated with particular folders, issue the following command:
ls -Z
The final solution was to create a user account whose home directory hosts the root of the web server file system, called www in my case. Then, I executed the following command as root to get things going:
chcon -R -h -t httpd_sys_content_t /home/www
It seems that even the root of the home directory has to have an appropriate security context (/home has home_root_t so that might do the needful too). Without that, nothing will work even if all is well at the next level down. The switches for chcon command translate as follows:
-R : recursive; applies changes to all files and folders within a directory.
-h : changes apply only to symbolic links and not to where they refer in the file system.
-t : alters context type.
It took a while for all of this stuff about SELinux security contexts to percolate through to the point where I was able to solve the problem. A spot of further inspiration was needed too and even guided my search for the information that I needed. It’s well worth trying Linux Home Networking if you need more information. There are references to an earlier release of Fedora but the content still applies to later versions of Fedora right up to the current release if my experience is typical.
Using the Windows Command Line for Security Administration
24th July 2009While there are point and click tools for the job, being able to set up new user groups, attaching them to folders and assign uses to them using the command line has major advantages when there are a number to be set up and logs of execution can be retained too. In light of this, it seems a shame that terse documentation along with its being hard to rack down answers to any questions using Google, or whatever happens to be your search engine of choice, makes it less easy to discern what commands need to be run. This is where a book would help but the whole experience is in direct contrast to the community of information providers that is the Linux user community, with Ubuntu being a particular shining example. Saying that, the Windows help system is not so bad once you can track down what you need. For instance, knowing that you need commands like CACLS and NET LOCALGROUP, the ones that have been doing the back work for me, it offers useful information quickly enough. To illustrate the usefulness of the aforementioned commands, here are a few scenarios.
Creating a new group:
net localgroup [name of new group] /comment:”[more verbose description of new group]” /add
Add a group to a folder:
cacls [folder address] /t /e /p [name of group]
The /t switch gets cacls to apply changes to the ACL for the specified folder and all its subfolders, recursive action in other words, while the /e specifies ACL editing rather than its replacement and /p induces replacement of permissions for a given user or group. Using :n, :f, :c or :r directly after the name of a specified user or group assigns no, full, change (write) or read access, respectively. Replacing /p with /r revokes access and leaving off the :n/:f/:c/:r will remove the group or user from the folder.
Add a user to a group:
net localgroup [name of group] [user name (with domain name if on a network)] /add
In addition to NET LOCALGROUP, there is also NET GROUP for wider network operations, something that I don’t have cause to do. Casting the thinking net even wider, I suspect that VB scripting and its ability to tweak the Windows Management Interface might offer more functionality than what is above (PowerShell also comes to mind while we are on the subject) but I am sharing what has been helping me and it can be hard to find if you don’t know where to look.
Some things that I’d miss on moving from Linux to Windows
17th January 2009The latest buzz surrounding Windows 7 has caused one observer to suggest that it’s about to blast Linux from the desktop. My experiences might be positive but there are still things that I like about Linux that make me reluctant to consider switching back. Here are a few in no particular order:
Virtual Desktops (or Workspaces)
I find these very handy for keeping things organised when I have a few applications open at the same time. While I think that someone has come with a way of adding the same functionality to Windows but I’d need to go looking for that. Having everything cluttering up a single taskbar would feel a bit limiting.
Symbolic Links
If you have come across these before, they are a little hard to explain but it’s great to have to have the ability to make the contents of a folder appear in more than one place at a time without filling up your hard drive. It’s true to say that Windows 7 gets Libraries but I have a soft spot for the way that Linux does it so simply.
Lack of (intrusive) fidgeting
One of Windows’ biggest problems is that it’s such a massive target for attacks by the less desirable elements of the web community. The result is a multitude of security software vendors wanting to get their wares onto your PC and it’s when they get there that all of the fidgeting starts. The cause is the constant need for system monitoring and it eats up resources that could be used for other things. I know some packages are less intrusive than others but I do like the idea of feeling as if I am in full control of my PC rather someone else taking decisions for me (unavoidable in the world of work, I know). An example of this is Norton’s not allowing me to shut it down when it goes rogue, even when acting as Administrator. I can see the reason for this in that it’s trying to hamper the attentions of nefarious malware but it ends up making me feel less than empowered and I also like to feel trusted too. Another thing that I like is the idea of something awaiting my input rather going away and trying to guess what I need and getting it wrong, an experience that seems typical of Microsoft software.
Command Line
This is less of a miss than it used to be but there is now a learning curve with PowerShell’s inclusion with Windows 7 and it’s not something that I want to foist on myself without my having the time learning its ins and outs. It’s not a bad skill to have listed on the proverbial CV but I now know my way around bash and its ilk while knowing where to look when I want to take things further.
After these, there are other personal reasons for my sticking with Linux like memories of bad experiences with Windows XP and the way that Linux just seems to get on with the job. Its being free of charge is another bonus and the freedom to have things as you want makes you feel that you have a safer haven in this ever changing digital world. I am not sure if I’d go acquiring the final version of Windows 7 but I am certain that it will not be replacing Linux as my main home computing platform, something that come as no surprise given what I have said above.
Running Windows 7 within VirtualBox
12th January 2009With all the fanfare that surrounded the public beta release of Windows 7, I suppose that the opportunity to give it a whirl was too good to miss. Admittedly, Microsoft bodged the roll-out by underestimating the level of interest and corralling everyone into a 24 hour time slot with one exacerbating the other. In the event, they did eventually get their act together and even removed the 2.5 million licence limit. I suppose that they really need to get 7 right after the unloved offering that was Vista so they probably worked out that the more testers that they get, the better. After, it might be observed that the cynical view that the era making people pay to “test” your products might be behind us and that users just want things to work well if not entirely faultlessly these days.
After several abortive raids, I eventually managed to snag myself a licence and started downloading the behemoth using the supplied download manager. I foresaw it taking a long time and so stuck with the 32-bit variant so as not to leave open the possibility of that part of the process using up any more of my time. As it happened, the download did take quite a few hours to complete but this part of the process was without any incident or fuss.
Once the DVD image was downloaded, it was onto the familiar process of building myself a VirtualBox VM as a sandbox to explore the forthcoming incarnation of Windows. After setting up the ISO file as a virtual DVD, installation itself was an uneventful process but subsequent activities weren’t without their blemishes. The biggest hurdle to be overcome was to get the virtual network adapter set up and recognised by Windows 7. The trick is to update the driver using the VirtualBox virtual CD as the source because Windows 7 will not recognise it using its own driver repository. Installing the other VirtualBox tools is a matter of going to Compatibility page in the Properties for the relevant executable, the one with x86 in the file name in my case, and setting XP as the Windows version (Vista works just as well apparently but I played safe and depended on my own experience). While I was at it, I allowed the file to run under the administrator account too. Right-clicking on executable files will bring you to the compatibility troubleshooter that achieves much the same ends but by a different route. With the Tools installed, all was workable rather than completely satisfactory. Shared folders have not worked for but that might need a new version of the VirtualBox software or getting to know any changes to networking that come with Windows 7. I plan to stick with using USB drives for file transfer for the moment. Stretching the screen to fit the VirtualBox window was another thing that would not happen but that’s a much more minor irritation.
With those matters out of the way, I added security software from the list offered by Windows with AVG, Norton and Kaspersky being the options on offer. I initially chose the last of these but changed my mind after seeing the screen becoming so corrupted as to make it unusable. That set me to rebuilding the VM and choosing Norton 360 after the second Windows installation had finished. That is working much better and I plan to continue my tinkering beyond this. I have noticed the inclusion of PowerShell and an IDE for the same so that could be something that beckons. All in all, there is a certain solidity about Windows 7 but I am not so convinced of the claim of speedy startups at this stage. Time will tell and, being a beta release, it’s bound to be full of debugging code that will not make it into the final version that is unleashed on the wider public.
Technical considerations regarding the discussion aspect of blogging
18th July 2008
When making a start in the world of blogging, there are so many things to consider that you almost need a trial run first to learn the lingo. In fact, getting up to speed by using a service like that offered by Blogger or WordPress.com seems a very sensible starting point. Even so, the business is like building a house in that you only really know what you are doing after you have done the deed and made all the mistakes. That is particularly true when you go down the self-administered blog route. For starters, it’s so easy to pick the wrong domain name or hosting provider. Selecting your blogging software is the next step, but that may not be so tricky; WordPress does a reasonable job and there’s always Movable Type, Expression Engine, Drupal (yes, really) or Habari.
That mention of blogging software brings me to something that I encountered recently: commenting functionality. I am coming around to the idea that this is probably something that needs to be considered up front because of the nature of blogging. After all, anyone who reads The Blog Herald regularly should be familiar with the idea of blogging conversations and that means that the technology to make it happen should be easy for visitors to use and easy for bloggers to administer. However, the two can collide. For one thing, there are a myriad of choices available to the blogger and the blight of comment spam is ever pervasive and growing.
When it comes to comment spam, it is best to realise that there are two sources of responses to a blog post: visitor comments or trackbacks (pingbacks?) from other blogs. I reckon that the latter is probably the channel where most of the detritus travels and various anti-spam solutions are on offer to curb its spread. Names from the WordPress world like Akismet, Spam Karma, Simple Trackback Validation and Bad Behaviour come to mind. The former can also be used, particularly when the unscrupulous make use of low-cost labour in low-cost countries, and that’s when the thorny questions of user registration and CAPTCHA‘s arise. There is something to be said for not going to extremes with these and just sticking with less onerous rules and filtering on the server side.
I must admit to having staggering into forcing visitors to register prior to adding a comment and then making them log in thereafter. I think that it’s for security reasons, but WordPress creates a password and then sends it to the person who is registering rather than displaying on a web page. That can create another problem: what happens if the email fails to arrive? In the last week, this has happened with a visitor to my hillwalking blog and there could be a number of reasons for the non-arrival of the relevant email. One is ironic: being an automated email, it gets stuck in the spam filters of the recipient’s mailbox and so never gets to them. It could also be a bug with WordPress itself (I have raised a ticket and I am awaiting what Automattic might have to say to it) or a consequence of some setting made by a hosting provider. All of that makes it hard to track down the cause of the issue but it kicks off other thoughts as to its resolution. One is to remove the needed for registration and logging in the first place, but there are third-party services that may help too. The former has turned out to be the case for this blog and it seems to be performing well enough so it is an acceptable option.
When it comes to using third-party comment handling systems, what needs to be considered is how well they work with your blog. For instance, I gave Disqus a quick whirl and soon realised that I needed to update the themes for my WordPress blogs if I were to use it on an ongoing basis. Otherwise, it worked fine but I was left wondering if it would have been better to have brought it in when I started a blog rather than part way through and with comments made using the existing WordPress functionality. There’s also Intense Debate and I am almost certain that there are more like it but I’ll be sticking with what WordPress offers for now. The theme for my hillwalking blog has been modified to allow prospective commenters to get in touch with me if they are having problems. That is only an interim approach while I consider what the way forward will be.