News aggregator

Jono Bacon: Ubuntu In 2014

Planet WolvesLUG - Thu, 02/01/2014 - 22:56

Happy new year, friends!

2013 was a phenomenal year for Ubuntu. It is difficult to believe that it was just a year ago today that we announced Ubuntu for phones. Since then we have built and released the first version of Ubuntu for phones complete with core apps, delivered Mir in production on the phone, built a vastly simplified and more powerful new app delivery platform complete with full security sand-boxing, created a powerful smart scopes service to bring the power of native search and online content to devices, delivered a new SDK with support for QML, HTML5, and Scopes, built an entirely new developer.ubuntu.com, created extensive CI and testing infrastructure to ensure quality as we evolve our platform, shipped two desktop releases, extended the charm store, delivered Juju Gui, spun up multiple clouds with Juju, and much more.

In terms of Ubuntu for devices, I mentally picture 2013 as the year when we put much of the core foundational pieces in place. Everything I just mentioned were all huge but significant pieces of delivering a world-class Free Software convergence platform. Building this platform is not as simple as building a sexy GUI; there is lots of complex foundational work that needs doing, and I am incredibly proud of everyone who participated in getting us to where we are today…it is a true testament of collaborative development involving many communities and contributors from around the world.

So, 2013 was an intense year with lots of work, some tough decisions, and lots of late (and sometimes stressful) nights, but it laid down the core pillars of what our future holds. But what about 2014?

This time next year we will have a single platform code-base for phone, tablet, and desktop that adapts to harness the form-factor and power of each device it runs on. This is not just the aesthetics of convergence, it is real convergence at the code level. This will be complemented by an Ubuntu SDK in which you can write an app once and deliver it to any of these devices, and an eco-system in which you can freely publish or sell apps, content, and more with a powerful set of payment tools.

These pieces will appear one phase at a time throughout 2014. We are focusing on finishing the convergent pieces on phone first, then bringing them to tablet, and then finally bringing our desktop over to the new convergent platform. Every piece of new technology that we built in 2013 will be consumed across all of these form-factors in 2014; every line of code is an investment in our future.

Even more importantly though, 2014 will be the year when we see this new era of Ubuntu convergence shipping to consumers. This will open up Ubuntu to millions of additional users, provide an opportunity for app developers to get in on the ground floor in delivering powerful apps, and build more opportunity for our community than ever before.

I wish I could tell you that 2014 is going to be more relaxing than 2013. It isn’t. It is going to be a roller-coaster. There are going to be some late nights, some stressful times, some shit-storms, and some unnecessary politics, but my goal is to help keep us working together as a community, keep us focused on the bigger picture, keep our discourse constructive, and to keep the fun in Ubuntu.

Let’s do this.

Categories: LUG Community Blogs

FreeNX NX Startup Session Failed

Planet SurreyLUG - Thu, 02/01/2014 - 11:52

Occasionally users are unable to connect to our FreeNX server, they report an error “Startup Session Failed”. Clicking on “Detail” shows that it is unable to find the server session file.

Searching for solutions suggested a number of options, including removing the server /tmp/.X1***-lock files, or simply removing FreeNX and installing NoMachine’s NXServer instead.

In the end the solution proved remarkably simple:

On the server run:

# nxserver --list NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL) NX> 127 Sessions list: Display Username Remote IP Session ID ------- --------------- --------------- -------------------------------- 1001 chris 192.168.1.52 1BC6B4B9C3CF4C2B6BD7137AC7FDE5DA 1000 helen - 87443D16622EC0751551685A93DD023B 1002 michelle 192.168.1.102 DBAC430C8AA8B414A5E2228970E2BBDC NX> 999 Bye

The session with no remote IP is for a session that has not ended properly. Terminate this session and users should be able to log in once again:

# nxserver --terminate helen

Update: This problem was little more complex than I at first thought, all I had really done is allow one more user to login before the issue re-occurred. You also need to check is that there are no old lock files in /tmp/.X11-unix:

# cd /tmp/.X11-unix #ls -al /tmp/.X11-unix# ls -al total 316 drwxrwxrwt 2 root root 4096 2014-01-02 12:48 . drwxrwxrwt 375 root root 315392 2014-01-02 12:48 .. srwxrwxrwx 1 root root 0 2013-07-24 17:04 X0 srwxrwxrwx 1 helen helen 0 2014-01-02 10:32 X1000 srwxrwxrwx 1 chris chris 0 2014-01-02 11:42 X1001 srwxrwxrwx 1 michelle michelle 0 2014-01-02 08:52 X1002 srwxrwxrwx   1 terry  terry     0 2013-09-05 15:05 X1003

Notice that there is a .X11-unix file for terry X1003, but no corresponding user shown in nxserver –list above. Remove this spurious file and it should now work.

It would also make sense to ensure that the correct /tmp/.X1***-lock files are present:

# cd /tmp # ls -al | grep -i X.*-lock -rw------- 1 nx nx 0 2014-01-02 10:32 .nX1000-lock -rw------- 1 nx nx 0 2014-01-02 11:42 .nX1001-lock -rw------- 1 nx nx 0 2014-01-02 08:52 .nX1002-lock -r--r--r-- 1 helen helen 11 2014-01-02 10:32 .X1000-lock -r--r--r-- 1 chris chris 11 2014-01-02 11:42 .X1001-lock -r--r--r-- 1 michelle michelle 11 2014-01-02 08:52 .X1002-lock

You should expect to see  the correct number of lock files for your user sessions,  in my case these required no changes, but if there had been spurious files, removing them would seem sensible.

If this has been helpful to you, please do consider rating this post or adding a comment!


Categories: LUG Community Blogs

John Woodard: A year in Prog!

Planet ALUG - Wed, 01/01/2014 - 20:56

It's New Year's Day 2014 and I'm reflecting on the music of past year.Album wise there were several okay...ish releases in the world of Progressive Rock. Steven Wilson's The Raven That Refused To Sing not the absolute masterpiece some have eulogised a solid effort though but it did contain some filler. Motorpsyco entertained with Still Life With Eggplant not as good as their previous album but again a solid effort. Magenta as ever didn't disappoint with The 27 Club, wishing Tina Booth a swift recovery from her ill health.

The Three stand out albums in no particular order for me were Edison's Children's Final Breath Before November which almost made it as album of the year and Big Big Train with English Electric Full Power which combined last years Part One and this years Part Two with some extra goodies to make the whole greater than the sum of the parts. Also Adrian Jones of Nine Stones Close fame pulled one out of the bag with his side Project Jet Black Sea which was very different and a challenging listen, hard going at first but surprisingly very good. This man is one superb guitarist especially if you like emotion wrung out of the instrument like David Gilmore or Steve Rothery.

The moniker of Album of the Year this year goes to Fish for the incredible Feast of Consequences. A real return to form and his best work since Raingods With Zippos. The packaging of the deluxe edition with a splendid book featuring the wonderful artwork of Mark Wilkinson was superb. A real treat with a very thought provoking suite about the first world war really hammed home the saying "Lest we forget". A fine piece that needs to be heard every November 11th.


Gig wise again Fish at the Junction in Cambridge was great. His voice may not be what it was in 1985 but he is the consummate performer, very at home on the stage. As a raconteur between songs he is as every bit as entertaining as he is singing songs themselves.

The March Marillion Convention in Port Zealand, Holland where they performed their masterpiece Brave was very special as every performance of incredible album is. The Marillion Conventions are always special but Brave made this one even more special than it would normally be.
Gig of the year goes again to Marillion at Aylesbury Friars in November. I had waited thirty years and forty odd shows to see them perform Garden Party segued into Market Square Heroes that glorious night it came to pass, I'm am now one very happy Progger or should that be Proggie? Nevermind Viva Progressive Rock!
Categories: LUG Community Blogs

Andy Smith: Yearly (Linux) photo management quandary

Planet HantsLUG - Wed, 01/01/2014 - 14:19

Here we are again, another year, another dissatisfying look at what options I have for local photo management.

Here’s what I do now:

  • Photos from our cameras and my phone are imported using F-Spot on my desktop computer in the office, to a directory tree that resides over NFS on a fileserver, where they will be backed up.
  • Tagging etc. happens on the desktop computer.
  • For quick viewing of a few images, if I know the date they were taken on, I can find them in the directory structure because it goes like Photos/2014/01/01/blah.jpg. The NFS mount is available on every computer in the house that can do NFS (e.g. laptops).
  • For more involved viewing that will require searching by tag or other metadata, i.e. that has to be done in F-Spot, I have to do it on the desktop computer in the office, because that is the only place that has the F-Spot database. So I either do it there, or I have to run F-Spot over X11 forwarding on another machine (slow and clunky!).

The question is how to improve that experience?

I can’t run F-Spot on multiple computers because it stores its SQLite database locally and even if the database file were synced between hosts or kept on the fileserver it would still need the exact same version of F-Spot on every machine, which is not feasible — my laptop and desktop already run different releases of Ubuntu and I want to continue being able to do that.

It would be nice to be able to import photos from any machine but I can cope with it having to be done from the desktop alone. What isn’t acceptable is only being able to view them from the desktop as well. And when I say view I mean be able to search by tags and metadata, not just navigate a directory tree.

It sounds like a web application is needed, to enforce the single point of truth for tags and metadata. Are there actually any good ones that you can install yourself though? I’ve used Gallery before and was never really satisfied with ease of use or presentation.

Your-Photos-As-A-Service providers like Flickr and even to some extent Google+ and Facebook have quite nice interfaces, but I worry about spending many hours adding tags and metadata, not bothering to back it all up, and then one day the service shuts down or changes in ways I don’t like.

I’m normally quite good about backing things up but the key to backups is to make them easy and automatic. From what I can see these service providers either don’t provide a backup facility or else it’s quite inconvenient, e.g. click a bunch of times, get a zip file of everything. Ain’t nobody got time for that, as a great philosopher once wrote.

So.. yeah.. What do you do about it?

Categories: LUG Community Blogs

David Goodwin: Automated twitter compilation up to 01 January 2014

Planet WolvesLUG - Wed, 01/01/2014 - 07:00

Arbitrary tweets made by TheGingerDog (i.e. David Goodwin) up to 01 January 2014

(2013/12/31 src)
  • RT @TheGleeClub: B’HAM #COMEDY tonight feat. @suziruffell, @PatrickJMonahan, John Fothergill, @paul_f_taylor. Tickets at t.co/noppA6… (2013/12/28 src)
  • Presents! (I paid for Express Santa delivery – hence they’re here before midnight) t.co/PGcUZQ8Zn4
  • (2013/12/24, Bromsgrove, Worcestershire src)
  • RT @idiot: t.co/CSHjecbzX7
  • (2013/12/24 src)
  • To the Christmas train! (2013/12/22, Bromsgrove, Worcestershire src)
  • RT @MrAlanCooper: Wow–>RT @raju: Shanghai in 1987 and 2013 t.co/R2YEpUqPyE h/t @iron_emu
  • (2013/12/21 src)
  • RT @DoctorChristian: AMAZING! @russellsmithuk: Close 1 eye, tilt your phone, look at this from phone’s USB hole, then from volume buttons h…
  • (2013/12/21 src)
  • Have we been burgled?
    No – the [grand]children just came round. (picture) t.co/z9yK8OOG2M
  • (2013/12/19 src)
  • Nose bleeding season appears to have started. Stupid cold. (2013/12/18 src)
  • RT @alanmgormley: @PUSHHOCKEYMAG ladies Back To Hockey Special in Bromsgrove @BromsgroveHC @BromsSchool @EnglandHockey @EHMidlands t
  • (2013/12/11 src)
  • RT @climagic: saveurl() { cat > /dev/null; } # Save a url for reading later when you “have time”. (2013/12/18 src)
  • Disaster averted – Bowl of tea and mug of shreddies narrowly avoided. (2013/12/17 src)
  • RT @glynmoody: if you have a BT Huawei EchoLife HG612 or ECI B-FOCuS VDSL2 modem you should read this immediately: t.co/21gOl2t3kb #… (2013/12/16 src)
  • Given my Android banking app can block me from taking a screenshot, why can’t @Snapchat ? #fail (2013/12/16 src)
  • RT @tomphp: The start of proper #php refactoring tools in #vim https://t.co/zbjoo7xXix using @qafoo refactor tool /cc @EvanDotPro @mwop @gr… (2013/12/15 src)
  • RT @glynmoody: #BitTorrent Sync doubles users in a single month, growing ’2 times as fast as Dropbox’ – t.co/JuaOAqROWx impressive (2013/12/14 src)
  • RT @lauracowen: RT @MSmithsonPB: Great slide from @IpsosMORI on how very wrong the public is about the UK t.co/tkUjKGnJWE
  • (2013/12/14 src)
  • RT @Lib_Librarian: How does one even begin to explain the #stupid? t.co/wJgZTQYK31
  • (2013/12/12 src)
  • Royal mail postbox denial of service day. (2013/12/13 src)
  • Not sure what to think of this new look twitter :-/ Have some fireworks instead (thanks Rowan) t.co/28zGd77cka
  • (2013/12/12, Bromsgrove, Worcestershire src)
  • RT @Independent: French café starts charging extra to rude customers
    t.co/DfkkXoMU7S t.co/82oFxPmBHm
  • (2013/12/11 src)
  • RT @phpdeveloper: t.co/xhChJoDPDQ: What are the must see talks/tutorials about php?:
    On t.co/xhChJoDPDQ a conversat… http:… (2013/12/11 src)
  • RT @joshbroton: .@chriscoyier explains Grunt in the simplest of ways. If you’re not using Grunt, you’re working too hard. t.co/bfalL… (2013/12/11 src)
  • RT @kornys: “When you have a ManagerControllerProxyFactory that returns a ManagerControllerProxy – somewhere, a kitten dies.” @KevlinHenney… (2013/12/09 src)
  • RT @richardadalton: If carpenters were hired like programmers:
    “Must have at least 5 years experience with the Dewalt 18V 165mm Circular Sa… (2013/12/06 src)
  • RT @Postbox: Apple Mail acting up on you in Mavericks? Give @Postbox a try! – t.co/ypu8FPw0H0 (2013/10/28 src)
  • Another good run. My fitness is improving or I prefer the cold. I may have to default to the longer 9km loop from now on. #running (2013/12/05, Bromsgrove, Worcestershire src)
  • Storm hits Bromsgrove. Devastation and chaos seen. t.co/o7ET2OARLv
  • (2013/12/05, Bromsgrove, Worcestershire src)
  • Today I learnt about Diphthongs … A word that must make teenagers giggle. t.co/ozGX03rIM4 #TIL #education (2013/12/05, Bromsgrove, Worcestershire src)
  • Wondering if your passwords may have been stolen ? t.co/WaQpAvcW8w (2013/12/05, Bromsgrove, Worcestershire src)
  • RT @trinheadmaster: @HerdyShepherd1 in The IndependentTwitter takes to the hills t.co/N9fvX3pNYf
  • (2013/12/05 src)
  • RT @BromsgroveDC: What could you do with a grant of up to £750 to launch your business? Or up to £2,500 to help growth? t.co/ey1XILF… (2013/12/04 src)
  • I’ve just donated £10 to Wikipedia – #keepitfree #GoodDeeds #Wikipedia (2013/12/04 src)
  • RT @tdobson: Hotelclick seems to have an easily misinterpreted logo. t.co/M2w5I4adOm (2013/12/03 src)
  • <?php
    readfile(“../../images/” . $_GET['image']);#WhatCouldPossiblyGoWrong
    #DonotDoThisAtHomeKids
  • (2013/12/02 src)
  • Wow, I really must promote my twitter account …… must/get/more/followers. Or not. (2013/12/02 src)
  • Categories: LUG Community Blogs

    Chris Lamb: 2013: Selected highlights

    Planet ALUG - Tue, 31/12/2013 - 17:26

    January

    Entered monthly 10km races in Regent's Park, reducing my time from 55:07 in January 4th to 43:28 on December 1st.

    February

    Entered the Hell of Ashdown cyclosportive in sub-zero conditions for over 100 miles & 7,500 ft of elevation (actual photo).

    March

    Had my lute returned after it was damaged.

    April

    Had a time-trial bike built and raced my first triathlon, duathlon and aquathlon.

    May

    More biking, including a long ride with my brother. Also performed on the viola da gamba in Bach's St John Passion with Belsize Baroque.

    June

    Two big concerts: Monn's Cello concerto in G minor with the Zadok Baroque Orchestra followed by the Blackfriars Quartet performing Shostakovich's String Quartet No. 8.

    July

    Amongst more triathlon preperation, I performed in a Linden Baroque concert of Handel's Israel in Egypt.

    August

    Raced my biggest event of the year—a "Half-Ironman" triathlon—hitting my time goal.

    September

    Whilst procrastinating about writing some letters, I created a small service to send letters without a printer.

    October

    Started cooking a little more adventurously.

    November

    Performed Geminiani's arrangement of Corelli's La Folia in the Fitzwilliam Museum with Le Petit Orchestre.

    December

    Ramped up my running volume so I could go over 1000km for the year. (Strava profile)

    Categories: LUG Community Blogs

    Peter Cannon: Tips for using a Samson CO1U USB Mic on Linux: Audacity

    Planet WolvesLUG - Tue, 31/12/2013 - 14:43
    Keith Milner originally shared: This is primarily focussed on the popular Samson C01U range, and is partly for Peter Cannon who I know has had some issues with this mic, but this might be useful for others as well. Firstly, there’s a need to unravel some of the mess in the various Linux audio systems and the associated apps. The hardware-level drivers for audio on Linux is ALSA, and every app that uses audio will use these either directly or indirectly. Unfortunately the support for ALSA isn’t always as complete as it should be. If we consider the popular cross-platform app Audacity. This does work directly with ALSA, but the (badly named) “input volume” control doesn’t seem to work properly. Ideally this should control the input gain (correct term) of the audio input via the ALSA driver. It’s not the only app that has trouble with this it has to be said. The popular Pulseaudio sound server which is used as an audio abstraction layer on many modern desktop Linux distros, also doesn’t.The trick here is to use an app which controls the gain by talking directly to the ALSA driver.

    My favourite here is QasMixer (seen below). With this you can select the specific mixer device (in my case I have selected “hw” which indicates to use the ALSA driver directly) and the specific card.You can also use the command-line tool alsamixer, but that’s a little unfriendly for many people. The nice thing about QasMixer is you can have it in a window alongside audacity. One small problem here is that if you click on the QasMixer window to drag the control, it moves the focus away from Audacity which then hides the meters. However, by hovering over the QasMixer control with the mouse cursor and using the mouse scroll wheel, you can can change the gain without actually clicking on the window to highlight it.

    Categories: LUG Community Blogs

    Mick Morgan: http compression in lighttpd

    Planet ALUG - Mon, 30/12/2013 - 22:39

    Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery.

    I have the default compression options set in my lighty configuration file as below:

    compress.cache-dir = “/var/cache/lighttpd/compress/”
    compress.filetype = ( “application/javascript”, “text/css”, “text/html”, “text/plain” )

    and the mod_compress server module is loaded, so I expected all the text, html and scripts loaded by my wordpress configuration to be compressed.

    It turns out that in order for compression to work correctly in WordPress (or any other php based web delivery mechanism) with lighty you need to enable compression in php. In all the time I have been running trivia on my own server I hadn’t done this. The option that needs to be changed to correct this is to set:

    zlib.output_compression = On

    in “/etc/php5/cgi/php.ini“.

    What I think I might need to work on now is the number of scripts my theme and plugins load. Counterize in particular is beginning to feel a bit sluggish. Certainly the generation of traffic reports is now quite slow and mysql is chewing up a lot of CPU. I suspect that I may need to purge the database and start afresh in the new year – or find another nice traffic analysis tool.

    Categories: LUG Community Blogs

    Tony Whitmore: Another year over, a new one just begun

    Planet HantsLUG - Mon, 30/12/2013 - 20:30

    That’s right, it’s my end of year round up! I am running the risk that nothing significant or amazing will happen to me in the next 24 hours, I know. I’ve trawled through tweets and blogs and reminded myself of the fantastic, crazy things that have happened this year. Here are just some of them, in no particular order.

    • An amazing year of wedding photography. Lots of lovely clients, so many different styles of wedding. Thank you to each and every one of you for asking me to be your wedding photographer.
    • Started my Malawi Mission to help improve healthcare in the UK and Africa. Thank you so much to everyone who has supported me so far. You can still donate to it here: http://uk.virginmoneygiving.com/tonywhitmore
    • A year of celebratory screenings of Doctor Who stories at the BFI in London. As well as the screenings and the panels, it was great to hang out with fellow fans who have now become friends.
    • Helped make an awesome OggCamp happen. This year’s was the biggest and I think the best. So many cool people doing cool things, it was a pleasure to be part of it.
    • The Project Motormouth convention. I had my photo taken with four Doctors!
    • Another glorious season of the Ubuntu Podcast. The live shows continue to be good fun to do and the weekly episodes seem to have gone down well. I can’t believe Alan and I have been doing it for six years.
    • The Sam Shaw Appeal. So many people helped raise an enormous amount of money to get Sam treatment in the US that gives him an increased chance of beating his neuroblastoma. Thank you so much to every one who has contributed.
    • Interviewing lots of lovely people for The Doctor Who Podcast at Big Finish Day 3, and being a guest presenter on two episodes.
    • Being inducted into the legendary Photography Farm, and meeting a great group of fellow photographers. And I got to second shoot for Shell de Mar and Neil Thomas Douglas as a result.
    • Seeing lots of live theatre performances including the Reduced Shakespeare Company, Richard Herring, Mark Thomas, the 39 Steps, I’m Sorry I Haven’t a Clue, and Toby Hadoke.
    • Having some of my photographs included on an official BBC DVD documentary about David Burton, the Doctor Who Never Was. And having more photographs published in Doctor Who Magazine.
    • Visiting the the magical island of Spetses for Stuart and Zoe’s wedding.
    • Celebrating my birthday. I know it happens every year, but this year I actually celebrated it. With other people. It was fun.
    • Having an entire month full of Doctor Who anniversary celebrations: “An Adventure in Space and Time“, “The Day of the Doctor” in 3D with the people who made it, and the official Celebration. (And saw 9 new episodes of Doctor Who from the 1960s!)

    There are some things I’ve done this year that have been really, really special. But I just can’t tell you about them. Sorry! They really were among the highlights of my year though.

    I’ve got a feeling that 2014 will be very special too. Have a great new year….

    Pin It
    Categories: LUG Community Blogs

    Laura Cowen: MOHOP sandals: A Kickstarter project I’ve backed

    Planet HantsLUG - Mon, 30/12/2013 - 19:40

    Every Summer, I wish for a pair of sandals that are comfortable but have some style so that they can feel a bit smart as well as casual. And I’m rubbish at finding them – I don’t really like shoe-shopping at all, which doesn’t help. Enter MOHOP sandals.

    I was browsing Kickstarter projects over Christmas and came across the MOHOP sandals project. Basically, you get a pair of sandal bases, some ribbon, and some design cards. You then thread the ribbons on the bases according to the design cards (or your imagination). The bases are flexible with wooden heels and are suitable for vegans and people with a range of other ethical shopping goals (inc, if you’re from the US, made in the US).

    (Although the bases shown have high heels, they’re also available as flats or different heights of heel.)

    They’ve apparently been going for some time (at mohop.com and on Etsy) but were struggling to meet demand. They’re taking the Kickstarter route to fund expanding their production capabilities (inc creating local jobs).

    I think the sandals are a great idea. They’re fun to look at, comfy to wear (according to the reviews), and infinitely re-designable, which appeals to my crafty side. You can thread decorations on to the ribbon or replace the ribbons completely with strips of sari, shoelaces, or anything else that occurs to you.

    At the moment, the cheapest pair is $45 for a pair of flats (though there are lower-cost ‘perks’ available if you just want to contribute without buying any shoes). I’ve gone for the $100 ones that have low heels. They’re looking for $50,000 of funding by the 25th January so that they can open their new production place. They’ve got some way to go yet so if you like the look of them, consider supporting this cool idea!

    Here’s their video about manufacturing their shoes:

    The post MOHOP sandals: A Kickstarter project I’ve backed appeared first on LauraCowen.co.uk.

    Categories: LUG Community Blogs

    Steve Kemp: A good week?

    Planet HantsLUG - Sun, 29/12/2013 - 15:59

    This week my small collection of sysadmin tools received a lot of attention; I've no idea what triggered it, but it ended up on the front-page of github as a "trending repository".

    Otherwise I've recently spent some time "playing about" with some security stuff. My first recent report wasn't deemed worthy of a security update, but it was still a fun one. From the package description rush is described as:

    GNU Rush is a restricted shell designed for sites providing only limited access to resources for remote users. The main binary executable is configurable as a user login shell, intended for users that only are allowed remote login to the system at hand.

    As the description says this is primarily intended for use by remote users, but if it is installed locally you can read "any file" on the local system.

    How? Well the program is setuid(root) and allows you to specify an arbitrary configuration file as input. The very very first thing I tried to do with this program was feed it an invalid and unreadable-to-me configuration file.

    Helpfully there is a debugging option you can add --lint to help you setup the software. Using it is as simple as:

    shelob ~ $ rush --lint /etc/shadow rush: Info: /etc/shadow:1: unknown statement: root:$6$zwJQWKVo$ofoV2xwfsff...Mxo/:15884:0:99999:7::: rush: Info: /etc/shadow:2: unknown statement: daemon:*:15884:0:99999:7::: rush: Info: /etc/shadow:3: unknown statement: bin:*:15884:0:99999:7::: rush: Info: /etc/shadow:4: unknown statement: sys:*:15884:0:99999:7::: ..

    How nice?

    The only mitigating factor here is that only the first token on the line is reported - In this case we've exposed /etc/shadow which doesn't contain whitespace for the interesting users, so it's enough to start cracking those password hashes.

    If you maintain a setuid binary you must be trying things like this.

    If you maintain a setuid binary you must be confident in the codebase.

    People will be happy to stress-test, audit, examine, and help you - just ask.

    Simple security issues like this are frankly embarassing.

    Anyway that's enough: #733505 / CVE-2013-6889.

    Categories: LUG Community Blogs

    November HLUG Meeting 27/11/2013

    Herefordshire LUG News - Sun, 24/11/2013 - 21:39

    Hi Everyone

    Just a quick note to say our November meeting will be on Wednesday night at 7.30pm, usual place the Courtyard in Hereford on the mezzanine floor.

    If you attended our Software Freedom Day event, please feel to come along on Wednesday

    The meeting will start at 7:30pm as usual.

    Items to discuss :-

    read more

    Categories: LUG News

    October Meeting - Weds 23th - at the Courtyard - everyone welcome

    Herefordshire LUG News - Mon, 21/10/2013 - 12:38

    Hi Everyone
    Just a quick note to say our October meeting will be on Wednesday night at 7.30pm, usual place the Courtyard in Hereford on the mezzanine floor.

    If you attended our Software Freedom Day event in September, please feel to come along on Wednesday.

    The meeting will start at 7:30pm as usual. I've been out of the loop a bit recently, with family issues to deal with, so haven't had any opportunity to get any agenda planned.

    read more

    Categories: LUG News
    Syndicate content