TuxFeed

VeriTAR - Verify checksums of files within a TAR archive

View original post

In my opinion, the biggest problem of the tar format (’ustar‘) is that it does not store the checksums of the files it contains. So, in order to be able to verify the contents of the tar archive, you either need to keep the original data on the hard drive and compare the archive contents against that data using the -d tar switch or keep the MD5 sums of the files in a separate document and also use an external program in order to check them against the calculated MD5 sums of the archived files. In this short post I introduce you to a method of creating tar archives and keeping the md5sums of the files at the same time and a utility, veritar, which can compare those md5 sums with the checksums of the contents of the archive in-place, without the need to extract.
(more…)

Choosing a format for data backups - tar vs cpio

View original post

A few days ago, I had decided to revise my data backup methods, so to be able to easily recover as much data as possible after a partial corruption of the medium, a DVD that is, on which the data has been stored. I should clarify that by corruption I by no means include the possibility of mechanical damage of the medium. After some reasearch on the web, some questions on mailing lists and IRC channels, the quest ended with two formats to choose from, tar and cpio.
(more…)

Root Certificate Programs - The root of all trust

View original post

A digital certificate[1]’s purpose of existence is to sign or encrypt other material, either the latter is an online transaction, an email message or software code. Root Certificates, their respective private key actually[1], are used by Certificate Authorities to sign and add certain extensions to other certificates they issue, thus making the latter valid for certain uses. Web browsers, Linux distributions, Microsoft’s or Apple’s operating systems etc ship with a default set of Root Certificates. Taking into account that those Root Certificates are what we actually trust when we come across material that has been signed or encrypted by another certificate, which has been issued (signed) by a Certificate Authority’s Root Certificate, the method in which those Root Certs have made their way into the browser’s or operating system’s main distribution packages becomes very interesting.

Lately, I’ve been wondering about the above and I soon found out about the major web browser manufacturers’ Root Certificate Programs (RCP). In other words, documents that outline the required procedure a company has to follow in order their Root Cert to finally be included into the browser. Here are links for the Mozilla, Microsoft, Apple, Opera programs. The process is not simple and requires a lot of auditing by 3rd parties. That’s good!

But, what is even more interesting is the fact that not all browsers, Linux distributions, et cetera ship with the same default set of Root Certificates. This means that:

• either some Certificate Authorities have been rejected by some Root Certificate Programs
• or that some Certificate Authorities simply were not interested in enrolling into certain Root Certificate Programs

Anyhow, different default sets of Root Certificates mean you might get warned about material that has been signed by a digital certificate, which has been issued by a particular Certificate Authority, depending on how you access that same material. This does not make any sense and, generally, does not help much when you have to decide whether to trust the signed material or not.

Judging by the Root Certificate Programs mentioned above none of them asks for money in order to include a Root Certificate into the browser. So, there is no direct profit involved in this situation. Then, why isn’t there one common Root Certificate Program and some kind of independent authority that manages a set of Root Certificates which all browsers, operating systems, mobile phones etc should include by default? At least I would expect all Linux distributions to ship with the same default root certificates or to be able to update that set from the same source…

Notes:
[1] For the sake of simplicity, the term “certificate” refers to either the private key or the public certificate depending on the action.

Problems using libnotify for User to User Notifications

View original post

There are several methods that can be used for text message exchanging between different non-privileged users. Usually, when the sender of such a message is a service and the recipient, who is supposed to see the message, is a human, that message is called a “notification“. The method used by many services that run within the scope of a desktop session in order to send notifications to the desktop session owners involves the use of DBus and libnotify. But, would it be possible to use libnotify to send notification messages from a system service to one or more desktop users?
(more…)

Viceo Backend for SANE with libusb support

View original post

After many years of failure, countless hours of digging into the World Wide Web for information, numerous failed attempts due to lack of knowledge to modify the v0.6 E3 driver for USB scanners (Viceo backend) and add support for libusb, yesterday I was sent a patch, which contained the Viceo backend for SANE with libusb support. My old Primax Colorado 19200 USB scanner worked for the first time under Linux. If you own such an old scanner and care to make it work under a modern Linux distribution, read on for instructions and files.
(more…)

Documents Need Maintenance too

View original post

Things change rapidly in the Open-Source Software scene and, consequently, all support documentation, guides, tutorials etc need to be adapted to the new features of the software as well. I have started going through all the howto articles I’ve written about Linux during the last 3 years and perform regular document maintenance tasks, like checking whether the software involved is still the de facto solution for the particular purpose the article was written for or whether new methodology is required in order to achieve the task the article deals with. By convention, these changes will be documented in as much detail as required for understanding which parts of the methodology have changed and this summary will be appended to the end of each document in a new section called “Changes“. The first document that has been corrected is the one that describes How to create RPMs in Fedora.

Towards the resolution of the issues with libnotify

View original post

A while ago, I had written about some problems I had encountered while trying to send notification messages with libnotify to the logged-in users’ desktops from a cronjob. Although I haven’t made any progress with that issue, I just noticed a very useful comment under that post, submitted by Aleksei. According to the tip, sudo can be used in order to actually send the notification as the user that is currently using the desktop, for example: sudo -u $USER notify-send ... The $USER can be easily retrieved by the cronjob from the /proc/$PID/environ path. I am not able to test this at the moment, but will do (time permitting). Apart from this possible workaround with sudo, I assume that the current dbus security configuration does not permit the sending of messages using notify-send as I had described in that previous article. Anyhow, not only I do not have the necessary free time to study dbus‘ security mechanism, but, frankly, I do not wish to learn about it at the current time.

Security Guides for Operating Systems by the NSA

View original post

The National Security Agency (NSA) of the USA has published some security configuration guides for various popular Operating Systems. Linux is covered by the Red Hat Enterprise Linux 5 security guide, but most of the included information can be easily translated to other Linux distributions. As it is clearly stated in the guide’s disclaimer, all the included information only constitutes “recommended security changes” and not changes that should be made to all OS setups. Anyhow, even from the quick look I had inside, I can say that this is professional work. This document is an excellent read regardless of the Linux distribution you use. Guides for other operating systems, such as Microsoft Windows, Apple MacOS X, Sun Solaris 8/9, exist as well. I learned about these guides while browsing the mailing list archives of the Fedora Documentation Project (FDP) some days ago, so all credit goes to the person who posted it there in the first place.

Email Notifications from a Linux System

View original post

This post is not an article about how to receive email notifications from your system, but rather a tip about what should be your very first (No.1) action after a clean installation of a Linux system. It is well known that Linux - and obviously many other *nix systems, if not all - are pre-configured to send email notifications about various system events. That is errors by default, but if you have installed any log analysis and reporting software, like logwatch or epylog (and others), those notifications might include lengthy security reports or reports about resource usage analysis as well. By default, the recipient of all those messages is root@localhost, as it should be. But, since the root account is not for everyday use, it is one the best practices to redirect all root’s email messages to your everyday user’s mailbox.
(more…)

VeriTAR - Verify checksums of files within a TAR archive

View original post

In my opinion, the biggest problem of the tar format (’ustar‘) is that it does not store the checksums of the files it contains. So, in order to be able to verify the contents of the tar archive, you either need to keep the original data on the hard drive and compare the archive contents against that data using the -d tar switch or keep the MD5 sums of the files in a separate document and also use an external program in order to check them against the calculated MD5 sums of the archived files. In this short post I introduce you to a method of creating tar archives and keeping the md5sums of the files at the same time and a utility, veritar, which can compare those md5 sums with the checksums of the contents of the archive in-place, without the need to extract.
(more…)