Planet HantsLUG

Syndicate content
Planet HantsLUG - http://hantslug.org.uk/planet/
Updated: 38 min 32 sec ago

Debian Bits: Debian welcomes its 2016 summer interns

Sun, 24/04/2016 - 20:00

We're excited to announce that Debian has selected 29 interns to work with us this summer: 4 in Outreachy, and 25 in the Google Summer of Code.

Here is the list of projects and the interns who will work on them:

Android SDK tools in Debian:

APT - dpkg communications rework:

Continuous Integration for Debian-Med packages:

Extending the Debian Developer Horizon:

Improving and extending AppRecommender:

Improving the debsources frontend:

Improving voice, video and chat communication with Free Software:

MIPS and MIPSEL ports improvements:

Reproducible Builds for Debian and Free Software:

Support for KLEE in Debile:

The Google Summer of Code and Outreachy programs are possible in Debian thanks to the effort of Debian developers and contributors that dedicate part of their free time to mentor students and outreach tasks.

Join us and help extend Debian! You can follow the students weekly reports on the debian-outreach mailing-list, chat with us on our IRC channel or on each project's team mailing lists.

Congratulations to all of them!

Categories: LUG Community Blogs

Debian Bits: DPL elections 2016, congratulations Mehdi Dogguy!

Sun, 17/04/2016 - 17:40

The Debian Project Leader elections finished yesterday and the winner is Mehdi Dogguy! Of a total of 1023 developers, 282 developers voted using the Condorcet method.

More information about the result is available in the Debian Project Leader Elections 2016 page.

The new term for the project leader starts today April 17th and expire on April 17th 2017.

Categories: LUG Community Blogs

Steve Kemp: Recycling old ideas ..

Sat, 09/04/2016 - 14:47

My previous blog post was about fuzzing and finding segfaults in GNU Awk. At the time of this update they still remain unfixed.

Reading about a new release of mutt I've seen a lot of complaints about how it handles HTML mail, by shelling out to lynx or w3m. As I have a vested interest in console based mail-clients I wanted to have a quick check to see how dangerous that could be. After all it wasn't so long ago that I discovered that printing a fingerprint of an SSH key could be dangerous, so the idea of parsing untrusted HTML is something I could see.

In fact back in 2005 I reported that some specific HTML could crash Mozilla's firefox. Due to some ordering issues my Firefox bug was eventually reported as a duplicate, and although it seemed to qualify for the Mozilla bug-bounty and a CVE assignment I never received any actual cash. Shame. I'd have been more interested in testing the browser if I had a cheque to hang on my wall (and never cash).

Anyway full-circle. Fuzzing the w3m console-based browser resulted in a bunch of segfaults when running this:

w3m -dump $file.html

Anyway each of the two bugs I reported were fixed in a day or two, and both involved gnarly UTF-8/encoding transformations. Many thanks to Tatsuya Kinoshita for such prompt attention and excellent debugging skills.

And lynx? Still no segfaults. I'll leave the fuzzer running over the weekend and if there are no faults found by Monday I guess I'll move on to links.

Categories: LUG Community Blogs

Andy Smith: rsync and sudo conundrum

Wed, 06/04/2016 - 15:21

Scenario:

  • You’re logged in to hostA
  • You need to rsync some files from hostB to hostA
  • The files on hostB are only readable by root and they must be written by root locally (hostA)
  • You have sudo access to root on both
  • You have ssh public key access to both
  • root can’t ssh between the two

Normally you’d do this:

hostA$ rsync -av hostB:/foo/ /foo/

but you can’t because your user can’t read /foo on hostB.

So then you might try making rsync run as root on hostB:

hostA$ rsync --rsync-path='sudo rsync' -av hostB:/foo/ /foo/

but that fails because ssh needs a pseudo-terminal to ask you for your sudo password on hostB:

sudo: no tty present and no askpass program specified rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.1]

So then you can try giving it an askpass program:

hostA$ rsync \ --rsync-path='SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync' \ -av hostB:/foo/ /foo/

and that nearly works! It pops up an askpass dialog (so you need X11 forwarding) which takes your password and does stuff as root on hostB. But ultimately fails because it’s running as your unprivileged user locally (hostA) and can’t write the files. So then you try running the lot under sudo:

hostA$ sudo rsync \ --rsync-path='SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync' \ -av hostB:/foo/ /foo/

This fails because X11 forwarding doesn’t work through the local sudo. So become root locally first, then tell rsync to ssh as you:

hostA$ sudo -i hostA# rsync \ -e 'sudo -u youruser ssh' \ --rsync-path 'SUDO_ASKPASS=/usr/bin/ssh-askpass sudo rsync'\ -av hostB:/foo /foo

Success!

Answer cobbled together with help from dutchie, dne and dg12158. Any improvements? Not needing X11 forwarding would be nice.

Alternate methods:

  • Use tar: $ ssh \ -t hostB 'sudo tar -C /foo -cf - .' \ | sudo tar -C /foo -xvf -
  • Add public key access for root
  • Use filesystem ACLs to allow unprivileged user to read files on hostB.
Categories: LUG Community Blogs

Debian Bits: Debian announces partnership to sub-contract publicity and press to an outside marketing agency

Fri, 01/04/2016 - 06:10

Last year we started to push more of Debian news and information away the single news source of the DPN into other media services. Debian has been more active than ever on our many IRC channels, free software based social networks, and unofficial Twitter and Facebook feeds. Today we have decided to announce the next stage in keeping Debian at the forefront of media by sub-contracting publicity and press to an outside marketing agency.

The marketing agency (name will be disclosed soon) has provided an AI system (running entirely with free software) which will be fed with all the content of Debian mailing lists and sources.debian.net to understand the character of the Debian community and then better customize future articles, interviews, and event news.

However, some bits of personal information are also needed. Please install the "publicity" package and you'll be presented a form to fill in your data: name, surname, phone, snail mail address, place of birth, names of family members, employers or employees. Each person providing their data to the agency will receive coupon for a 20% discount in the download (purchase) of next Debian release (valid only for downloads from the official site www.debian.org).

We kindly ask every Debian community member to sign up in, at least, one of theses services: Twitter, Whatsapp, Slack or Facebook (IRC, mailing lists, and free software based RTC are allegedly not so 'cool'). Users need not be concerned with losing the features that the IRC bots provide (so long KGB!) as they will be replaced by Tay-like AI systems. The most visible change will be that MeetBot will no longer log the meetings anymore, but we have bribed an NSA employee so they pass the relevant messages to us.

"If this 'centralization, outsourcing and pay-and-forget' approach goes well with publicity, I'm considering running for DPL in 2017 to extend this model to other areas of Debian" said Laura Arjona Reina, (now) former publicity delegate.

A new logo and mascot has been designed too, as a symbol of this new era embracing the standards of branding and corporate messaging. Please consider voting in favor of it, in the General Resolution that will be proposed soon:

Categories: LUG Community Blogs

Debian Bits: DebConf16 welcomes its first nine sponsors!

Wed, 30/03/2016 - 16:00

DebConf16 will take place in Cape Town, South Africa in July 2016. We strive to provide an intense working environment and enable good progress for Debian and for Free Software in general. We extend an invitation to everyone to join us and to support this event. As a volunteer-run non-profit conference, we depend on our sponsors.

Nine companies have already committed to sponsor DebConf16! Let's introduce them:

Our first Platinum sponsor is Hewlett Packard Enterprise (HPE). HPE is one of the largest computer companies in the world, providing a wide range of products and services, such as servers, storage, networking, consulting and support, software, and financial services.

HPE is also a development partner of Debian, and provides hardware for port development, Debian mirrors, and other Debian services (hardware donations are listed in the Debian machines page).

Our first Gold sponsor is Valve, a company developing games, social entertainment platform, and game engine technologies.

Our second Gold sponsor is Google, the technology company specialized in Internet-related services as online advertising and search engine.

Rusbitech (developers of the Astra Linux Debian derivative), credativ (a service-oriented company focusing on open-source software and also a Debian development partner), Catalyst (a company offering IT solutions using open source software), the Bern University of Applied Sciences (with over 7,000 students enrolled, located in the Swiss capital), and Texas Instruments (the global semiconductor company) are our four Silver sponsors.

And last but not least, the open source company Univention has agreed to support us as Bronze-level.

Become a sponsor too!

Would you like to become a sponsor? Do you know of or work in a company or organization that may consider sponsorship?

Please have a look at our sponsorship brochure (or a summarized flyer), in which we outline all the details and describe the sponsor benefits.

For further details, feel free to contact us through sponsors@debconf.org, and visit the DebConf16 website at https://debconf16.debconf.org.

Categories: LUG Community Blogs

Debian Bits: Debian Project Leader elections 2016

Sun, 27/03/2016 - 19:55

It's that time of year again for the Debian Project: the elections of its Project Leader!

Neil McGovern who has held the office for the last year will not be seeking reelection. Debian Developers will have to choose between voting for the only candidate running Mehdi Dogguy or None Of The Above. If None Of The Above wins the election then the election procedure is repeated, many times if necessary.

Mehdi Dogguy was a candidate for the DPL position last year, finishing second with a close amount of votes to the winner Neil McGovern.

We are in the middle of the campaigning period that will last until April 2nd. The candidate and Debian contributors are expected to engage in debates and discussions on the debian-vote mailing list.

The voting period starts on April 3rd, and during the following two weeks, Debian Developers will vote to choose the person who will guide the project for one year. The results will be published on April 17th with the term for new the project leader starting immediately that same day.

Categories: LUG Community Blogs

Debian Bits: DebConf16: Call for Proposals

Thu, 24/03/2016 - 10:00

The DebConf Content team is pleased to announce the Call for Proposals for the DebConf16 conference, to be held in Cape Town, South Africa from 2 through 9 July 2016.

Submitting an Event

In order to submit an event, go to "Submit a talk" on your profile page in the DebConf16 website and describe your proposal. Please note, events are not limited to traditional presentations or informal sessions (BoFs). We welcome submissions of tutorials, performances, art installations, debates, or any other format of event that you think would be beneficial to the Debian community.

Please include a short title, suitable for a compact schedule, and an engaging description of the event. You should use the field "Notes" to provide us information such as additional speakers, scheduling restrictions, or any special requirements we should consider for your event.

Regular sessions may either be 20 or 45 minutes long (including time for questions), other kinds of sessions (like workshops) could have different durations. Please choose the most suitable duration for your event and explain any special requests.

Timeline

The first batch of accepted proposals will be announced in April. If you depend on having your proposal accepted in order to attend the conference, please submit it as soon as possible so that it can be considered during this first evaluation period.

All proposals must be submitted before Sunday 1 May 2016 to be evaluated for the official schedule.

Topics and Tracks

Though we invite proposals on any Debian or FLOSS related subject, we have some broad topics on which we encourage people to submit proposals, including:

  • Debian Packaging, Policy, and Infrastructure
  • Security, Safety, and Hacking
  • Debian System Administration, Automation and Orchestration
  • Containers and Cloud Computing with Debian
  • Debian Success Stories
  • Debian in the Social, Ethical, Legal, and Political Context
  • Blends, Subprojects, Derivatives, and Projects using Debian
  • Embedded Debian and Hardware-Level Systems
Video Coverage

Providing video of sessions amplifies DebConf achievements and is one of the conference goals. Unless speakers opt-out, official events will be streamed live over the Internet to promote remote participation. Recordings will be published later under the DebConf license, as well as presentation slides and papers whenever available.

Contact and Thanks to Sponsors

DebConf would not be possible without the generous support of all our sponsors, especially our platinum sponsor HPE. DebConf16 is still accepting sponsors; if you are interested, please get in touch!

You are welcome to contact the Content Team with any concerns about your event, or with any ideas or questions about DebConf events in general. You can reach us at content@debconf.org.

Registration Reminder

Registration for DebConf is open. Please log into the DebConf16 website and register from your profile page.

To request bursaries (sponsorship) for food, accommodation, or travel, you must be registered by Sunday, 10 April 2016.

After this date, registrations will still be accepted in any of the basic, professional, and corporate categories. However, accommodation on the campus will no longer be guaranteed, and requests for sponsorship will no longer be accepted.

Even if you are not certain you will be able to attend, we recommend registering now. You can always cancel your registration, before the deadline. We do suggest that attendees begin making travel arrangements as soon as possible, of course.

We hope to see you all in Cape Town!

Categories: LUG Community Blogs

Debian Bits: DebConf16: Call for Proposals

Sat, 19/03/2016 - 12:00

The DebConf Content team is pleased to announce the Call for Proposals for the DebConf16 conference, to be held in Cape Town, South Africa from 2 through 9 July 2016.

Submitting an Event

In order to submit an event, go to "Submit a talk" on your profile page in the DebConf16 website and describe your proposal. Please note, events are not limited to traditional presentations or informal sessions (BoFs). We welcome submissions of tutorials, performances, art installations, debates, or any other format of event that you think would be beneficial to the Debian community.

Please include a short title, suitable for a compact schedule, and an engaging description of the event. You should use the field "Notes" to provide us information such as additional speakers, scheduling restrictions, or any special requirements we should consider for your event.

Regular sessions may either be 20 or 45 minutes long (including time for questions), other kinds of sessions (like workshops) could have different durations. Please choose the most suitable duration for your event and explain any special requests.

Timeline

The first batch of accepted proposals will be announced in April. If you depend on having your proposal accepted in order to attend the conference, please submit it as soon as possible so that it can be considered during this first evaluation period.

All proposals must be submitted before Sunday 1 May 2016 to be evaluated for the official schedule.

Topics and Tracks

Though we invite proposals on any Debian or FLOSS related subject, we have some broad topics on which we encourage people to submit proposals, including:

  • Debian Packaging, Policy, and Infrastructure
  • Security, Safety, and Hacking
  • Debian System Administration, Automation and Orchestration
  • Containers and Cloud Computing with Debian
  • Debian Success Stories
  • Debian in the Social, Ethical, Legal, and Political Context
  • Blends, Subprojects, Derivatives, and Projects using Debian
  • Embedded Debian and Hardware-Level Systems
Video Coverage

Providing video of sessions amplifies DebConf achievements and is one of the conference goals. Unless speakers opt-out, official events will be streamed live over the Internet to promote remote participation. Recordings will be published later under the DebConf license, as well as presentation slides and papers whenever available.

Contact and Thanks to Sponsors

DebConf would not be possible without the generous support of all our sponsors, especially our platinum sponsor HPE. DebConf16 is still accepting sponsors; if you are interested, please get in touch!

You are welcome to contact the Content Team with any concerns about your event, or with any ideas or questions about DebConf events in general. You can reach us at content@debconf.org.

Registration Reminder

Registration for DebConf is open. Please log into the DebConf16 website and register from your profile page.

To request bursaries (sponsorship) for food, accommodation, or travel, you must be registered by Sunday, 10 April 2016.

After this date, registrations will still be accepted in any of the basic, professional, and corporate categories. However, accommodation on the campus will no longer be guaranteed, and requests for sponsorship will no longer be accepted.

Even if you are not certain you will be able to attend, we recommend registering now. You can always cancel your registration, before the deadline. We do suggest that attendees begin making travel arrangements as soon as possible, of course.

We hope to see you all in Cape Town!

Categories: LUG Community Blogs

Debian Bits: New Debian Developers and Maintainers (January and February 2016)

Mon, 14/03/2016 - 21:30

The following contributors got their Debian Developer accounts in the last two months:

  • Otto Kekäläinen (otto)
  • Dariusz Dwornikowski (darek)
  • Daniel Stender (stender)
  • Afif Elghraoui (afif)
  • Victor Seva (vseva)
  • James Cowgill (jcowgill)

The following contributors were added as Debian Maintainers in the last two months:

  • Giovani Augusto Ferreira
  • Ondřej Nový
  • Jason Pleau
  • Michael Robin Crusoe
  • Ferenc Wágner
  • Enrico Rossi
  • Christian Seiler
  • Daniel Echeverry
  • Ilias Tsitsimpis
  • James Clarke
  • Luca Boccassi

Congratulations!

Categories: LUG Community Blogs

Debian Bits: Debian selected to participate in the Google Summer of Code

Sun, 13/03/2016 - 16:00

For the tenth time running, Debian has been selected as a mentoring organization for the Google Summer of Code (Debian-specific program page), an internship program open to university students aged 18 and up.

Our team of amazing mentors has cooked up an exciting list of projects this year, and we would be glad to have you on board with Debian for one of those summer internships. The student application period will open on March 14 (and close on March 25), but feel free to subscribe to our mailing list and get in touch with our mentors. You can also catch us on our IRC channel #debian-soc.

Categories: LUG Community Blogs

Debian Bits: Debian is looking for three interns in the Outreachy Program

Sat, 12/03/2016 - 20:10

As part of its diversity outreach initiatives, Debian will be participating in the upcoming 12th round (May - August 2016) of Outreachy, an internship program open worldwide to women (cis and trans), trans men and genderqueer people, as well as nationals and residents of the United States of any gender who are Black/African American, Hispanic/Latin@, American Indian, Alaska Native, Native Hawaiian, or Pacific Islander.

Thanks to the generosity of our donors, and specifically of our sponsor Intel who has given us funds specifically for one intern, Debian will be able to welcome three interns this round.

Applications for the program are open until March 22nd, so don't wait up! Debian has a lot of interesting internship opportunities this year. More info about the program is available on the Debian specific program page, as well as on the official website. Feel free to contact the outreach team and mentors on our mailing list or IRC channel #debian-soc in irc.oftc.net

If you want Debian to keep participating in such programs, and expand its outreach efforts, you can donate to one of the organizations supporting the Debian project, or volunteer some time by participating in discussions on our mailing list.

Categories: LUG Community Blogs

Debian Bits: Hewlett Packard Enterprise Platinum Sponsor of DebConf16

Tue, 08/03/2016 - 12:00

We are very pleased to announce that Hewlett Packard Enterprise (HPE) has committed support to DebConf16 as a Platinum sponsor.

"We're excited to support Debian's annual conference which brings together Debian contributors from all around the world. In addition to our sponsorship, we will actively participate in DebConf", said Steve Geary, Senior Director at Hewlett Packard Enterprise.

HPE is one of the largest computer companies in the world, providing a wide range of products and services, such as servers, storage, networking, consulting and support, software, and financial services.

HPE is also a development partner of Debian, and provides hardware for port development, Debian mirrors, and other Debian services (hardware donations are listed in the Debian machines page).

With this additional commitment as Platinum Sponsor, HPE contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software helping to strengthen the community that continues to collaborate on Debian projects throughout the rest of the year.

Thank you very much Hewlett Packard Enterprise, for your support of DebConf16!

Become a sponsor too!

DebConf16 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through sponsors@debconf.org, and visit the DebConf16 website at http://debconf16.debconf.org.

Categories: LUG Community Blogs

Steve Kemp: If line-noise is a program, all fuzzers are developers

Mon, 29/02/2016 - 12:59

Recently I had a conversation with a programmer who repeated the adage that programming in perl consists of writing line-noise. This isn't true but it reminded me of my love of fuzzers. Fuzzers are often used to generate random input files which are fed to tools, looking for security problems, segfaults, and similar hilarity.

To the untrained eye the output of most fuzzers is essentially line-noise, since you often start with a valid input file and start flipping bits, swapping bytes, and appending garbage.

Anyway this made me wonder what happens if you fed random garbage into a perl interpreter? I wasn't brave enough to try it, because knowing my luck the fuzzer would write a program like so:

system( "rm -rf /home/steve" );

But I figured it was still an interesting idea, and I could have a go at fuzzing something else. I picked gawk, the GNU implementation of awk because the codebase is pretty small, and I understand it reasonably well.

Almost immediately my fuzzer found some interesting segfaults and problems. Here's a nice simple example:

$ gawk 'for (i = ) in steve kemp rocks' .. gawk: cmd. line:1: fatal error: internal error: segfault Aborted

I look forward to seeing what happens when other people fuzz perl..

Categories: LUG Community Blogs

Debian Bits: I love Free Software Day 2016: Show your love for Free Software

Sun, 14/02/2016 - 01:10

Today February 14th, the Free Software Foundation Europe (FSFE) celebrates the "I Love Free Software" day. I Love Free Software day is a day for Free Software users to appreciate and thank the contributors of their favourite software applications, projects and organisations.

We take this opportunity to say "thank you" to all the Debian upstreams and downstreams, and all the Debian developers and contributors. Thanks for your work and dedication to free software!

There are many ways to participate in this ILoveFS day and we encourage everybody to join in and celebrate. Show your love to Debian developers, contributors and teams virtually on social networks using the #ilovefs hashtag and spreading the word in your own social media circles, or by visiting the ILoveFS campaign website to find and use some of the promotional materials available such as postcards and banners.

To learn more about the FSFE, you can read their announcement of this campaign or visit their general website.

Categories: LUG Community Blogs

Debian Bits: Tails installer is now in Debian

Thu, 11/02/2016 - 14:30

Tails (The amnesic incognito live system) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity by using the Internet anonymously and circumventing censorship. Installed on a USB device, it is configured to leave no trace on the computer you are using unless asked explicitly.

As of today, the people the most needy for digital security are not computer experts. Being able to get started easily with a new tool is critical to its adoption, and even more in high-risk and stressful environments. That's why we wanted to make it faster, simpler, and more secure to install Tails for new users.

One of the components of Tails, the Tails Installer is now in Debian thanks to the Debian Privacy Tools Maintainers Team.

Tails Installer is a graphical tool to install or upgrade Tails on a USB stick from an ISO image. It aims at making it easier and faster to get Tails up and running.

The previous process for getting started with Tails was very complex and was problematic for less tech-savvy users. It required starting Tails three times, and copying the full ISO image onto a USB stick twice before having a fully functional Tails USB stick with persistence enabled.

This can now be done simply by installing Tails Installer in your existing Debian system, using sid, stretch or jessie-backports, plugging a USB stick and choosing if one wants to update the USB stick or to install Tails using a previously downloaded ISO image.

Tails Installer also helps Tails users to create an encrypted persistent storage for personal files and settings in the rest of the available space.

Categories: LUG Community Blogs

Steve Kemp: Redesigning my clustered website

Sun, 07/02/2016 - 11:28

I'm slowly planning the redesign of the cluster which powers the Debian Administration website.

Currently the design is simple, and looks like this:

In brief there is a load-balancer that handles SSL-termination and then proxies to one of four Apache servers. These talk back and forth to a MySQL database. Nothing too shocking, or unusual.

(In truth there are two database servers, and rather than a single installation of HAProxy it runs upon each of the webservers - One is the master which is handled via ucarp. Logically though traffic routes through HAProxy to a number of Apache instances. I can lose half of the servers and things still keep running.)

When I setup the site it all ran on one host, it was simpler, it was less highly available. It also struggled to cope with the load.

Half the reason for writing/hosting the site in the first place was to document learning experiences though, so when it came to time to make it scale I figured why not learn something and do it neatly? Having it run on cheap and reliable virtual hosts was a good excuse to bump the server-count and the design has been stable for the past few years.

Recently though I've begun planning how it will be deployed in the future and I have a new design:

Rather than having the Apache instances talk to the database I'll indirect through an API-server. The API server will handle requests like these:

  • POST /users/login
    • POST a username/password and return 200 if valid. If bogus details return 403. If the user doesn't exist return 404.
  • GET /users/Steve
    • Return a JSON hash of user-information.
    • Return 404 on invalid user.

I expect to have four API handler endpoints: /articles, /comments, /users & /weblogs. Again we'll use a floating IP and a HAProxy instance to route to multiple API-servers. Each of which will use local caching to cache articles, etc.

This should turn the middle layer, running on Apache, into simpler things, and increase throughput. I suspect, but haven't confirmed, that making a single HTTP-request to fetch a (formatted) article body will be cheaper than making N-database queries.

Anyway that's what I'm slowly pondering and working on at the moment. I wrote a proof of concept API-server based CMS two years ago, and my recollection of that time is that it was fast to develop, and easy to scale.

Categories: LUG Community Blogs

Andy Smith: Your Debian netboot suddenly can’t do Ext4?

Fri, 05/02/2016 - 10:50

If, like me, you’ve just done a Debian netboot install over PXE and discovered that the partitioner suddenly seems to have no option for Ext4 filesystem (leaving only btrfs and XFS), despite the fact that it worked fine a couple of weeks ago, do not be alarmed. You aren’t losing your mind. It seems to be a bug.

As the comment says, downloading netboot.tar.gz version 20150422+deb8u3 fixes it. You can find your version in the debian-installer/amd64/boot-screens/f1.txt file. I was previously using 20150422+deb8u1 and the commenter was using 20150422+deb8u2.

Looking at the dates on the files I’m guessing this broke on 23rd January 2016. There was a Debian point release around then, so possibly you are supposed to download a new netboot.tar.gz with each one – not sure. Although if this is the case it would still be nice to know you’re doing something wrong as opposed to having the installer appear to proceed normally except for denying the existence of any filesystems except XFS and btrfs.

Oh and don’t forget to restart your TFTP daemon. tftpd-hpa at least seems to cache things (or maybe hold the tftp directory open, as I had just moved the old directory out of the way), so I was left even more confused when it still seemed to be serving 20150422+deb8u1.

Categories: LUG Community Blogs

Steve Kemp: Best practice - Don't serve writeable PHP files

Tue, 02/02/2016 - 20:10

I deal with compromises often enough of PHP-based websites that I wish to improve hardening.

One obvious way to improve things is to not serve PHP files which are writeable by the webserver-user. This would ensure that things like wp-content/uploads didn't get served as PHP if a compromise wrote valid PHP there.

In the past using php5-suhosin would have allowd this via the suhosin.executor.include.allow_writable_files flag.

Since suhosin is no longer supported under Debian Jessie I wonder if there is a simple way to achieve this?

I've written a toy-module which allows me to call stat on every request, and return a 403 on access to writeable files/directories. But it seems like I shouldn't need to write my own code for this functionality.

Any pointers welcome; happy to post my code if that is useful but suspect not - it just shouldn't exist.

Categories: LUG Community Blogs

Steve Kemp: So life in Finland goes on

Wed, 20/01/2016 - 16:50

So after living here in Finland for 6 months I've now bought a flat.

We have a few days to sort out mortgage paperwork, and assuming there are no problems we'll be moving into the new place on/around the 1st of March.

Finally I'll be living in Finland, with a sauna of my very own.

Interesting times.

In more developer-friendly news I made a new release of Lumail with the integrated support for IMAP. Let us hope people like it.

Categories: LUG Community Blogs