Category Archives: technology

Here’s how to patch Ubuntu 8.04 or anything where you have to build bash from source

UPDATED: I have updated the post to include the post from gb3 as well as additional patches and some tests

Just a quick post to help those who might be running older/unsupported distributions of linux, mainly Ubuntu 8.04 who need to patch their version of bash due to the recent exploit here:

http://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html

I found this post and can confirm it works:

https://news.ycombinator.com/item?id=8364385

Here are the steps(make a backup of /bin/bash just in case):

#assume that your sources are in /src
cd /src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 1 28); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 1 28);do patch -p0 < ../bash43-$i; done
#build and install
./configure --prefix=/ && make && make install
cd ../../
rm -r src

To test for exploits CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187 I have found the following information at this link

To check for the CVE-2014-6271 vulnerability

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

it should NOT echo back the word vulnerable.


To check for the CVE-2014-7169 vulnerability
(warning: if yours fails it will make or overwrite a file called /tmp/echo that you can delete after, and need to delete before testing again )

cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo

it should say the word date then complain with a message like cat: echo: No such file or directory. If instead it tells you what the current datetime is then your system is vulnerable.


To check for CVE-2014-7186

bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

it should NOT echo back the text CVE-2014-7186 vulnerable, redir_stack.


To check for CVE-2014-7187

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

it should NOT echo back the text CVE-2014-7187 vulnerable, word_lineno.

A little catch-up

 

It’s been almost a year since I’ve posted anything here. Sorry about that. I’m not very good at making time to publicize ongoing events. But to play a little ketchup, here’s some things that have happened throughout the year:

 

This was an amazing trip! We took a trip up to Niagara Falls with Tom and his family, caching the whole way. Visited a castle, then down to Warren, PA to meet up with my Sister, her friend, my Uncle and Aunt and my Cousin and his girlfriend at Geowoodstock IX. There’s simply too much that happened to detail. Maybe next time.

 

More fun with Tom and his family in North Conway, NH. We saw Cathedral Ledge, Echo Lake and ate at Red Fox and The Common Man.

 

 

  • 3 day power outage – car as generator

We were supposed to have our annual Halloween party. Instead, we lost power for 3 days. Luckily, I have access to a 800W power inverter which I plugged into my car to power our phones and laptops and my Fishtank. Didn’t lost a single fish or piece of coral. Since the outage we picked up a generator. Hopefully we won’t have to use it, but I’m pretty excited to try it out Speaking of the fishtank, this is from about a month ago.

 

 

 

 

 

 

What started out as a small favor of setting up a chat room, turned out to be many afternoons and nights visiting and helping out at Dewey Square, setting up laptops, setting up solar panels and pedal generators, livestreaming and now helping out with all the online bits. I was even front and center when the Boston Police Department stole the sink. I have met a lot of great people from this movement and learned all sorts of things most people don’t realize about our government and the mistakes it is making. Mind you, I’m not a political person. I hate politics. But some of the things going on are pretty crazy out there. I’m just happy the whole Occupy movement has accomplished what I believe was it’s first and most important goal which was to start the dialog about the issues the world is facing. The conversation has started and some small changes have already begun to take place. Either way, this has been a big part of my life for the past few months and will continue to be a small part going forward.

 

 I always wanted to see this show. The light show is amazing. Some of the music can get a bit boring, but in the end, they make up for it with a very entertaining music and light show.

 

 

 

Cirque Du Soleil was the show that Sara wanted to always see. This was part of her Christmas present from me. She didn’t know where we were going until the last minute. We always went out to dinner nearby at Viva Bene. Very nice Italian restaurant which I highly recommend. The acrobatics and strength of these performers at the show were amazing. Sara and I enjoyed it very much.

 

  • Thanks to a hefty bonus at work and a steady stream of side-business, we were able to replace our aging Samsung DLP TV with a shiny new Samsung LED. Boy is this thing gorgeous. We also finally rid ourselves with all of the Comcast cable box’s. I run the entire house from a PC running Windows 7 with media center and a Ceton quad tuner with a Comcast cable card. Each TV in the house has an XBOX 360 connected which acts as an extender to the media center. We also paid off all credit card debt, so I feel totally justified in our new TV purchase 🙂
  • Along with the TV I also picked up a 5 stage RODI system. This produced REALLY clean water. We use this to top off the saltwater aquarium, fill up a humidifier and for Sara’s CPAP machine. This saves us the weekly trip to Aqua Addicts in Salem, NH to pick up 20-30 gallons of water.

 

  • I have been spending a lot more time writing and editing bash scripts. I started years ago creating a very basic backup script which contained only a couple rsync lines. Since then the script has grown in complexity and ability. Even now I have a bunch of changes I want to make to it when I get some time. I also recently created a nice rotation script for work which uses a lot of the same bash features and even some mysql calls. First time doing anything with mysql in any scripts. The mysql db I created was also a first.
A few events we’re looking forward to:

I started writing this blog post yesterday and ended up attending this event today. It wasn’t what I expected but it was still worth the trip. Apparently, Edwin O. Smith Highschool in Willington, CT teaches marine biology and has labs and aquariums all setup and managed by the students. It was pretty amazing. Either way, this was basically saltwater aquarium hobbyists and vendors selling and showing off their corals. We picked up a few and got to check out some of the classrooms.

This will be next weekend. Not sure what to expect but I’m pretty excited to go. Hopefully I can get one or two people to go with us.

 

Earth Hour 2011

It’s that time again. So if anyone is wondering where I am(online) from 8PM EST till about 9, or maybe even later, I might be reading a book by candlelight or maybe even some geocaching depending on the weather.

From http://earthhour.org:

Earth Hour started in 2007 in Sydney, Australia when 2.2 million individuals and more than 2,000 businesses turned their lights off for one hour to take a stand against climate change. Only a year later and Earth Hour had become a global sustainability movement with more than 50 million people across 35 countries/territories participating. Global landmarks such as the Sydney Harbour Bridge, CN Tower in Toronto, Golden Gate Bridge in San Francisco, and Rome’s Colosseum, all stood in darkness, as symbols of hope for a cause that grows more urgent by the hour.

n March 2009, hundreds of millions of people took part in the third Earth Hour. Over 4000 cities in 88 countries/territories officially switched off to pledge their support for the planet, making Earth Hour 2009 the world’s largest global climate change initiative.

On Saturday 27 March, Earth Hour 2010 became the biggest Earth Hour ever. A record 128 countries and territories joined the global display of climate action. Iconic buildings and landmarks from Asia Pacific to Europe and Africa to the Americas switched off. People across the world from all walks of life turned off their lights and came together in celebration and contemplation of the one thing we all have in common – our planet.

Earth Hour 2011 will take place on Saturday 26 March at 8.30PM (local time). This Earth Hour we want you to go beyond the hour, so after the lights go back on think about what else you can do to make a difference. Together our actions add up.

Firefox 4.0 is out!

 

The much awaited release of Firefox 4.0 is finally out. From my brief tests it does seem a hell of a lot faster than it’s 3.x predecessor both in opening up and loading up all my previously opened tabs. This is even with a dozen or so addons installed. Firefox is back to being the exciting speed demon it once was. Along with the performance increase Mozilla has also redesigned the layout of their new browser.

Very similar to the way Google Chrome looks, the new Firefox displays it’s tabs at the very top of the window. Now, at first with Google Chrome I didn’t really like this, but over time I have gotten used to it and even prefer it now. Firefox 4.0 also lets you hide the menu bar at the top, giving you more room on your screen. They have also move the back and forward buttons onto the address bar and allow you to close the “addon bar” at the very bottom of the screen for even more vertical room saving.

Another new and improved feature is Firefox sync. This allows you to sync your Bookmarks, Passwords, Preferences, History and even your open tabs across all your Firefox browsers on multiple computers. This is also handy for backing up all that information for when you need to reinstall your computer’s operating system. Just a quick login to Firefox sync and you have your browser just where you left off the last time you used it.

At the time  of this writing, Firefox has been downloaded over 3 million times in the 13 hours it’s been released. There was another new browser released recently that boasted less than that in a full 24 hours. We’re on track to about double those numbers.

Now, for most users, getting Firefox is as easy as going to http://getfirefox.com and clicking the big green download button. Or by clicking on Help -> Check for Updates at the very top right of your Firefox window. Unfortunately, for Linux-based operating systems, Mozilla only provides a tarball package of their new release. This works perfectly fine once extracted somewhere on your computer and running the “firefox” binary. But it isn’t a very clean or trackable install. Fortunately, there is a Mozilla Team at Ubuntu for all of it’s users who have taken the time to package up Firefox 4.0 into a PPA you can add to your Software Center which will allow you to upgrade to the latest version just like any other normal update. I have found easy instructions from a recent post on the Ubuntu Planet here. Thank you Adnan Quaium.

 

  1. Go to Appli­ca­tions > Ubuntu Soft­ware Cen­ter from the top panel.
  2. Head to Edit > Soft­ware Sources and click the ‘Other Soft­ware’ tab.
  3. Press ‘Add’ but­ton and then paste the fol­low­ing line into the rel­e­vant field to add thePPA.
    ppa:mozillateam/firefox-stable
  4. After adding the PPA you will be prompted to update your sources.
  5. Once the update is done you can head to Sys­tem > Admin­is­tra­tion > Update Man­ager to per­form an upgrade.
  6. Thus FF4 will be installed in the system.

Happy Browsing!

YoFrankie! Unsupported!

First some specs on this brand spanking new laptop:

Intel® Core™ i7-840QM (1.86GHz, 8 threads, turbo boost up to 3.2GHz, 8M cache

6GB Shared Dual Channel DDR3 Memory

NVIDIA® GeForce® GT 445M 3GB

Ubuntu 10.04 LTS installed with all the latest updates installed and the latest Nvidia drivers from their site installed.

It can play games. More on this laptop possibly later since there’s a lot that’s gone on in my life since I last posted here.

So this morning I decided to put it to the test and try some nice games. Osmos is an awesome game and looks unbelievable on here. I have paid for Worldofgoo 3 different times and rightly so. It also plays amazingly and is fun as always. Tux racer is always fun. Then I thought I’d try out YoFrankie! from the blender project. While The game is playable, the experience is just not there. I have tried this game on other, less powerful computers and, while a bit choppy, I could see everything and play the game. On this computer there is no choppiness, but there’s a lot missing in terms of graphics. The opening sequence has a bird fly by and “drop” some words. This bird is completely invisible. Only the droppings and words show.

Playing the game is not as bad, but is still missing some details here and there as well as some animations just looking a bit last generation. Now, none of these issues I have seen in the past on other computers. With a good enough graphics card the game looks great but a bit choppy for movement since the past machines were’nt powerful enough.

So, to the community! Wait …. where’s the community? I tried their website. Nothing about a community, forums, wiki or any type of support. Ok, then to IRC! Being an Open Source project I joined #yofrankie on Freenode. Empty. Ok, this being written using blender, lets try those guys. #blender. AHA! I pose my question:

<leftyfb> where would I go for support with yofrankie?

The response:

DexterLB> it’s, sort of, kinda, actually, a bit unsupported, so you will, if I have to put it that way, support yourself 🙂

A little more dialog from #blender:

<leftyfb> support myself? So all the users are expected to be developers and support technicians?
<leftyfb> DexterLB: is that the official word from the Apricot Open game project?
<DexterLB> the official word is that only the community can help you
<DexterLB> and since there is no community as yofrankie is out of date…
<DexterLB> well technicly there is community but it’s very tiny
<leftyfb> out of date?
<leftyfb> so where is this very tiny community?
<JacobF> #yofrankie
<leftyfb> nope
<JacobF> >.>
<JacobF> it’s the official channel
<leftyfb> it’s completely empty
<JacobF> ya small community

We’ll get back to them in a minute. So I try to dig more on blenders website. I come across the blender institute site where I find #gameblender. Ok, this sounds more promising. Here comes some long IRC dialog. Turn back now if this makes your stomach turn:

<leftyfb> I have a core i7 with 6GB of system memory and an nvidia graphics card with 3GB of video memory. Ubuntu 10.04 with all updates and compiz turned off and latest nvidia drivers from nvidia installed. Yet yofrankie does not show the bird in the opening sequence and it seems like the graphics aren’t all there.

<leftyfb> per topic, I’m still using blender 2.49

<OOPz> not wishing to cast aspersions or anything, but with an nvidia card… almost certainly something youv done wrong

<OOPz> exactly what that may be tho, in nix… is anyones guess 😉

<leftyfb> what?

<leftyfb> something i’ve done wrong?

<OOPz> nvidia have always been rock solid with blender

<OOPz> almost never even hear of issues, and most that you do are solved by putting new drivers on

<leftyfb> this computer is 4 days old. It’s a fresh install of Ubuntu 10.04 with the latest nvidia drivers installed from their site. All other graphic intensive games and applications work just fine.

* OOPz shrugs

<OOPz> its linux… the price you pay for having all that control is.. you need to do it all yourself 😉

<leftyfb> wow

<OOPz> ‘wow’ what?.. coz if you cant take a joke, you need to get your sweet pink arse off the internet quick sharp, coz nobody is going to take you seriously

<leftyfb> OOPz: I didn’t come here looking for jokes. I came looking for help. Instead of telling me that I’m unsupported because I run linux, you could just say you don’t know how to help

<OOPz> newsflash, youre not in control of what kind of mood the people you run into are going to be in

<OOPz> and i believe i made quite clear, all pertinant facts at my disposal

<OOPz> beyond that.. JFGI

<leftyfb> I have found nothing on google since apparently this project is unsupported by it’s original developers or it’s non-existent community

* OOPz points and laughs

<OOPz> i have never run into a community that provides better support than the blender guys

<OOPz> but seriously, that rod lodged in your small intetine really isnt going to help you, at all

<OOPz> and i cant pretend im supprised you didnt find anything, like i said, nvidia are rock solid

<leftyfb> <DexterLB> it’s, sort of, kinda, actually, a bit unsupported, so you will, if I have to put it that way, support yourself 🙂

<leftyfb> <JacobF> #yofrankie

<leftyfb> <leftyfb> nope

<leftyfb> <JacobF> >.>

<leftyfb> <JacobF> it’s the official channel

<leftyfb> <leftyfb> it’s completely empty

<leftyfb> <JacobF> ya small community

<leftyfb> that’s from #blender

<leftyfb> i’m not seeing the support

<OOPz> odd that nobody is supporting a project that basically died 2 years ago, yeah

<OOPz> it wont be yf, itll be blender, your OS or your hardware

<OOPz> its so massivly unlikely to be the game, it hadnt even crossed my mind

<OOPz> 2.49 is as far along the dev cycle as it gets, so.. highly unlikly to be that too…. if  you were running 2.5x, yeah.. thatd be a very real possiblity, but… id bet big against it being blender itself

Back in #blender, I receive what I’m considering my final answer on the subject from someone who has done actual development on the project:

<neXyon> leftyfb: that’s a bug that’s fixed in svn, just check out the repo

Since I have no interest in checking out code and compiling software just to play a game which is supposed to be my time away from such tasks, this game is now considered dead to me. It seems to me that it is unsupported and no longer developed by it’s original developers. At least I can find no information to the contrary.

Now if you’ll excuse me, I’m gonna go play my XBOX where I don’t need to compile anything or reboot for my games to play.

FOSScon 2010 followup

Sorry it’s taken so long to post about this. So last Friday I and a friend of mine, Joe, took off from North Eastern Massachusetts headed for Rochester NY for the inaugural 2010 FOSScon. Joe has just finished taking courses at Lincoln Tech and is about to take the tests for A+, Network plus and MCP certifications and is excited to get into the world of FOSS and technology. It was supposed to be a 6.5 hour drive which ended up being about 9 since I had forgot I set my GPS to avoid tolls. If we had been on time, would have just caught the tail end of a pre-event dinner meetup that was put on at the last minute. Oh well, lesson learned for next year. Non-the-less, it was a nice ride through upstate NY during the day. Couldn’t have asked for better weather.

The next day we got to the event just as the opening keynote about BaseKamp was starting. Basekamp is “a non-commercial organization of people researching and co-developing interdisciplinary, self-organized art projects and based in Philadelphia.” A very interesting and established project which does a lot of good for the community.

Next we were on to the Resume workshop by Jim Bondi from the IT Cooperative Education Program Advisors at RIT. Since Joe will be hitting the ground running to find a job after his classes and externship, this workshop was one he really wanted to hit up. Being in the field a while and being on both ends of an interview myself, I didn’t think I would get much out of this as I actually did. A lot of the information given should be common sense, but some people just don’t put it together when writing their resume. I was also able to chime in with some comments based on experience to questions from the other attendees. Joe thought the talk was very informative and prompted him to go back and update his resume based on some of the advice given.

Lunch was where I think we learned how to improve a bit for next year. It was prettymuch everyone for themselves. Not saying I was expecting a free meal, but we should have had something organized so would have spent less time figuring out what was around for food and who was going to go where with who and spend more time mingling and discussing the talks, workshops and just shoot the breeze (read: geek out). In talking with some of the people who organized the event, this was noticed and will be something to be worked on for next year. Joe and I ended up eating a local bar and grill less than a mile away. While others had to trek quiet some miles away and had to rush to get back in time.

The next workshop Joe and I decided to attend was “Life without GUI”. Again, with Joe just getting into IT and FOSS, this would have been a great thing for him to learn some neat tricks on the command line within Linux. Unfortunately, I don’t think this workshop went very well. For one, I think they started earlier than they should have. We walked in after they had already gone through some decent tips. And to be honest, I don’t think the speaker was very good at teaching basics to people who aren’t on the same level. There was some butting of heads during the talk with differences of opinion and a blatant refusal to go over any simple commands like ls, cp or pwd even though we had a few extra minutes to spare. I was pretty disappointed with this workshop which could have been very valuable for Joe and even myself but instead was just brushed away as a waste of time. Maybe we learned how not to give a workshop.

Then we were off to “Learning how to fish: A self-help guide to finding Linux help on the internet” by Jorge Castro from Canonical. This talk was a complete opposite from the previously mentioned. Jorge is insanely good at giving a presentation. He first went on about how people perceive getting help in open source projects and hit the nail on the head doing so. Then he went on to how things should be done. Everything from how to properly use google, search forums and contacting the right people to get the most bang for your buck. Add to that, Jorge was very good at keeping everyone included in the discussion by asking questions from the audience and even adding in some topics that were brought up. Very well done.

After the talk we had some time to kill before the last keynote. I got to meet up with Jorge a couple others while we checked out the vendor section where Linode and the Free Software Foundation still had tables setup. Had some discussions with the Linode vendor, got some free tshirts and talked about some FOSSy type things. Then we found out there would be lightning talks before the final keynote. People scrambled to throw together some presentations. It was pretty impressive to see ideas just come up and people putting together lightning talks so quickly. The 5 minute talks went really well. Everything from Jorges talk about Unity in future versions of Ubuntu to a wiki project dedicated to the city of Rochester, NY and the people that live there.

Finally, we had the keynote from Jonathan Simpson from Freenode. This was an overview of the whole event, it’s goals, what it took to get here and the future of FOSScon. He also talked about the Geeknic and FOSSevents projects. Both of which I am very interested in and will hopefully be taking advantage of in the near future. There were some raffles being held in which Joe won a free digital copy of any O’reilly book he wanted.

At the end of the day, it was a very successful event. We got to take part in some great discussions and meet up with a bunch of new people. Some of which I have talked with online previously, some having discussions with for the first time. I am definitely looking for next year’s which should be bigger and better.

Thanks to Andrew Keyes for the photography and allowing me to use the pictures in this post. You can find the whole set of pictures on Flickr.

off to FOSSCON

I just registered and booked a hotel to attend FOSSCON this Saturday. The official description of the event is as follows:

The people behind FOSSCON are free software enthusiasts, user group members, coders and users — just like you! Free software is all about community and this is a very grassroots event, organized by the community and for the community. Our common goal is to provide a space for us to all come together in the northeast.

I’m hoping to meet up with lots of people from the open source world and attend some interesting and informative talks and workshops. If there’s anyone that would like to meet up during or after the event, feel free to post a comment here or contact me at leftyfb at ubuntu dotcom. Hope to see you all there!

“…But our princess is in another castle!”


For the past few years the Ubuntu Massachusetts Local Community team has been asked to present Ubuntu at the LPANE / Intel Nor’Easter Lanfest and this year was no exception. In the previous years we brought laptops and some low end desktops with wine barely running some low end games and showing off some of the open source games available at the time. We just didn’t have the proper equipment to demo. We did get some interest from people wanting to run Ubuntu dual boot for when they’re not gaming. But most people were really itching to bring their gaming experience to the Ubuntu desktop and until recently that wasn’t really an option (without a lot of work).

This year I was able to acquire a decent desktop and a 32″ LCD TV which I brought from home. This coupled with the latest innovation from the wine project enabled us to demo games from the Steam platform like Half-Life:2 and Team Fortress 2. We also had Starcraft playing perfectly. A lot of people were surprised on how well the games ran and excited about the progress Ubuntu and the wine project has made. We ended up doing 2 installs during the event and gave out a bunch of CD’s and what little swag we had.

The plan for next year is to have another decent gaming rig, possibly 2 or 3 so we can demo the recently announced Steam linux client, possibly even compete in some tournaments with an Ubuntu sponsored team.

All in all, it was a very fun event. Thanks to Martin for coming with me at the last minute and manning the table while I took off for a couple hours to geocache with Tom, the event organizer. Thanks to Justin who helped man the table the entire weekend and demo games. Thanks to Tom for having us at the event again and thanks to my fiance Sara who baked 4 batches cookies for everyone and packed me enough food and caffeine to last the 2 days and for supporting me in these projects.

P.S. we tried to get our table right next to the Microsoft Windows 7 tent which had one guy and a couple laptops and had a minesweeper tournament but another vendor got there before us. Take that any way you like and feel free to leave comments.

Here are some blurry pictures taken with my iPhone and old camera