Ubuntu 8.04 “Hardy Heron” announced by Jono Bacon

Jono Bacon, community manager of Ubuntu has just announced the 8.04 release with LTS support.

Jono’s Growing Ubuntu speech @ LinuxTag 2007 

By now everyone schould be getting the connection between the release names and the date of release, so obviously.. it will be released in April 2008 ;)

from jonobacon.org

I am delighted to have the pleasure of announcing the Hardy Heron (Ubuntu 8.04), the next version of Ubuntu that will succeed Gutsy Gibbon (Ubuntu 7.10, due for release in October 2007). Not only will the Ubuntu community continue to do what it does best, produce an easy-to-use, reliable, free software platform, but this release will proudly wear the badge of Long Term Support (LTS) and be supported with security updates for five years on the server and three years on the desktop. We look forward to releasing the Hardy Heron in April 2008.

Back from FrOsCon

Just came back from FrOsCon, what a weekend…

The Conference was a lot smaller than Linuxtag but the social event was very cool.

Some food and drinks were sponsored by Google and O’Reilly and the overall prices were pretty cheap :)

The lectures were interesting and i returned with a new bag of tricks and tools which will come in handy at work.

Another event on my yearly event schedule.

I took a few photos that can be found here

Torrent criminal legally forced to use Windows

I allways thougth the 8th amendment of the US bill of rights protected anyone from cruel and inhumane punishment.

Well i guess legaly forcing an open source user into using Windows because the government is incapable of writing tracking software to monitor him perfectly fits the label Bullshit made in the USA.

Slashdot article
Whats next? The DOJ forcing american citizens into using Windows because CIPAV may have problems spying on secure operating systems?

Besides all this and the discussion whether a non-violent crime as copyright infringement should be punished by jail time and confinement and if this sentence about forcing such criminals into using proprietary software if they want to use a computer again there is actually only one point i want to make in this post:

Is the fact that the US government is not able (or not willing) to write tracking software and other forensic foo for Linux to spy on people good marketing for Linux and other open source operating systems?

Hell yeah!!! :)

If you want to keep your computer and your data private take some time and stop by here for a good start

…and the winner is…

The DesktopLinux.com survey results about the most favored Linux Desktop solution were published today.

The big winners of the Destkop environment are:

- Distribution: Ubuntu

- Destkop: Gnome

- Browser: Firefox

The Ubuntu/Kubuntu and Firefox thingie were pretty sure to win, i am sort of surprised that Gnome outbeats the Windows Like KDE. Standard Ubuntu ships with Gnome – so i guess this is the reason why Gnome takes the lead….

Btw. my prefs are Ubuntu / Gnome / Firefox / Evolution (so pretty close to the winner)

Here is the raw data

WP and permalink recovery

Just tried to play around with the permalink features of WordPress and immediately was kicked out with a 500… Since i have have never been in need of mod_rewrite i didnt realize that this feature was not available by my host provider (Strato)

So in case this should ever happen to you:

1. Remove the .htaccess file in your wp root

2. You will know regain access to your WP site, but all the links are still messed up

3. Login to the Administration panel and set the permalinks to default

4. Once you update the permalink setting, you will be kicked out again immediately

5. Leave the browser window with the error open and remove the newly generated .htacccess file again

6. Now reload the error page and you should be back to your default permalinks

3 more days to FrOSCon…

bluefrog1.png

FrOSCon is a two day conference that is all about free and open source software. There is quite a resemblance to the LinuxTag but FrOSCon is targeted more around free and open source Software independent of the operating system its running on.

As it was to be expected, several Linux and six BSD project groups will be present…

Check out http://froscon.de/?L=1 for further information…

If we get wireless access at the convention, the first pics will be up on Saturday :)

Windows + XAMPP + NOOB + WEB = *cough*

Note: The initial IP and Domain have been replaced by x.x.x.y in order to spare the shame and keeping anybody from doing something stupid ;)

Today i ran a routine check on my Apache logs….the same as usual…

[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/mysqladmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/db
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/dbadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/web
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin2
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin1
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/myadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.2.3
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.6
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.7-pl1

This goes on forever … big deal….

But the host was pretty aggressive so i decided to take a closer look:

traceroute x.x.x.y

….

7 somebody.something.net (bla.bla.bla.bla) 18.017 ms 17.852 ms 17.231 ms
8 somedomain.de (x.x.x.y) 16.701 ms 16.391 ms 16.322 ms

So i take a look at somedomain.de and find this:

lol1.jpg

Looks like someones Windows Server was compromised or so to say…. owned.

Conclusion: Dont use XAMMP on the web, it may be superb for testing your stuff before sending it to the real world but not meant to survive in hazardous environments, especially with Windows up your back…

The least thing you could do is make sure your webservices aren’t running on blank or default passwords!

Password Security

One thing is certain – letting users pick their own passwords is a major security risk.

As an administrator you can simply test your passwords by running john the ripper over your passwords.

If john spits out passwords in single mode immediately this is an indication that your passwords suck!

This is where password generating tools come into play.

APG is a simple tool for random password generation. I recommend at least 8 characters for efficient passwords.

So here is an example on setting up a random 8-character password:

apg -m8 -x8

This will deliver a 8 charcter password. The m/x parameters indicate the minimum/maximum characters

If you want to make a password pronounceable (thus easier to remember):

apg -a1 -m8 -x8

User shell access

While checking your users passwords you might also consider checking if any users have shell access they dont even need.

You can list all users that have somesort of shell access by greping your passwd file:

cat /etc/passwd | grep -v /bin/false

Note: Some Services use /usr/sbin/nologin which is the same as /bin/false