Category Archives

176 Articles
Ubuntu and Security

Ubuntu and Security

How to be save from Vampires? 

If you’re in Transylvania, if you walk into the street just wear a cross necklace or put white garlic on your fragrance. Count Dracula and his minions can’t go into a house if they were not invited into one’s house. So, as long as you keep away from inviting them, they can’t go in.

How to be save from worms?

If you’re using Ubuntu, just stay away from unofficial repositories.  Don’t worry about worm, trojans, etc! Every packages in Debian and its derivative (including Ubuntu) must get signed. The signer must be eligible to do so. Official repositories get maintain by such people.

Wait, what? There is such vampires worms?

No, there isn’t any worms in Ubuntu, not like the one works in other OS ™. With the UNIX-like architecture, GNU/Linux operating system is protected by default with kernel provisioning. With the years of recommendation of using user-space level programming than kernel level, which the other OS ™ version 7 now also use, applications can’t go into kernel mode and override things without provision.

One practice that we are practicing for years is avoiding using “root” account. There are projects like

sudo

to do even fantastic job: erasing root’s password. Every application runs as regular user. That’s why there such a special user available with special interest like the “www-data” user for web applications (Apache Webserver, lighttpd, nginx). There is also groups that are able to do the specific job. Special nodes (those in “/dev”) have group access limit so that only few users that belong to that group can access it.

BUT, there is a possibility of an application patched with malicious code from malicious contributor for error doing (like making your computer as a Botnet). The example is the now-deceased free screensaver from gnome-look.org. Luckily, it is a community driven, so the ill-work has been detected and eradicated.

Err… in the human language meaning? 

Just do things normally.

QtCurve

QtCurve

Atas permintaan evran, saya mengunggah berkas konfigurasi saya. Perlu diketahui bahwa saya menggunakan Qtcurve sebagai tema penyatu antara KDE4 dan Gnome. Untuk memasangnya buka terminal dan ketik:

$ sudo apt-get install qtcurve

Atau gunakan cara yang lebih beradab, pakai Synaptic dan pasang paket Qtcurve dari sana. 😀

Setelah selesai, pergi ke Sistem -> Preferensi -> Penampilan klik kanan di desktop dan pilih “Ubah Latar Belakang Desktop”. Pilihlah tab “Tema”.

Penampilan

Pada tab “Tema” tekan tombol “Atur”, nanti akan muncul kotak dialog. Pilih tab “Komponen” dan pilih “Qtcurve”. Terakhir, tekan tombol “Tutup”.

Atur sendiri

Maka tema Anda sekarang sudah Qtcurve. Sekarang, unduh berkas ini. Jangan lupa mengganti ekstensi dari berkas ini dari INILAH.tar.gz.pdf menjadi INILAH.tar.gz. Lalu ekstrak berkas. Gunakan manajer berkas Nautilus untuk melakukannya.

Setelah selesai, timpa berkas-berkas pada direktori rumah Anda dengan berkas-berkas yang ada. Misalnya,  “

.kde/share/config/kdeglobals

” ditimpa dengan berkas dari “

INILAH/.kde/share/config/kdeglobals

“. Atau, gunakan Nautilus untuk pindahkan semua berkas di INILAH ke direktori rumah Anda. Jangan lupa mem-backup terlebih dahulu.

Silahkan berkomentar.

Simpler Than This? (A Reply to A Commenter)

Simpler Than This? (A Reply to A Commenter)

OS: Ubuntu 9.10

Specs: Lenovo Y41 (Centrino Duo, Intel Integrated GPU)

Enable Display Settings in Tray

Go to Sistem -> Preferensi -> Tampilan

(System -> Preferences -> Display, cmmiw)

Then mark the check list for “Perlihatkan tampilan di panel” and press “Terapkan” (“Apply”).

Check list

After you do that, there would be an icon in the tray:

Tray icon

You can close the Tampilan (Display Preference) now because

Everytime You Plug A Monitor/Projector Into Your Laptop

Just click on the tray icon, choose'”Configure Display Settings…”  and it will automatically detect your monitor and adjusting your display.

So,

Can you have simpler way than this?

Dual Screen Configuration

Dual Screen Configuration

Due to my lazyness of backup and the way I formatted my computer, I posted my Xorg configuration. This is not necessary using Ubuntu because the XRandr extension (and its workaround) have been fully supported. Unfortunately, I’m using KDE4 in my desktop, so I must configure the Xorg to get my dual screen.

My configuration is using ATi X550, one monitor plugged into VGA and another one via DVI converter. Each has 1280×1024 and the VGA is in the left side of my DVI monitor. So, without further censorship, here’s my

/etc/X11/xorg.conf

:

### JP  Configured this to help dual screen.

Section "Device"
Identifier "Pake Dual Screen" Option "Monitor-VGA-0" "vga0" Option "Monitor-DVI-0" "dvi0"
EndSection Section "Monitor"
Identifier "vga0" Option "DPMS"
EndSection Section "Monitor"
Identifier "dvi0" Option "DPMS" Option "Right Of" "dvi0"
EndSection Section "Screen"
Identifier "Default Screen" Device "Pake Dual Screen" DefaultDepth 24 SubSection "Display"
Depth 24 Virtual 2560 1024
EndSubSection
EndSection Section "ServerLayout"
Identifier "Default Layout" Screen "Default Screen"
EndSection
Syncing My Home (Laptop and Desktop)

Syncing My Home (Laptop and Desktop)

Ever since becoming graduate student, I am in constant despair of syncing my work and study. Luckily, my sister now employed in one of the public accounting and she was promised to have her own (working) laptop. Because of that, I can use my laptop freely and working mobile. It helps a lot and I can work while study and study while working. Thanks to RMS, now I’m in my spirit again to hack into a new system, which I won’t tell yet. [Takut sesumbar :-P]

To have work continuity, I need to sync my home in my laptop and desktop computer. I have three candidates:

  1. A script from Pak Ibam,
    sedot
    built especially for syncing home.
  2. Ripping
    sedot-ng
    script from Kambing.
  3. Using
    unison
    .

The #1 script is powerful, but it was designed to syncing into a USB disk and it need some tweak because I have gigs of data in my home. Obviously, #2 is overkill. I don’t need my syncing in plurk and automate. Solution  #3 needed to be learned because we are used to use

rsync

than that. To make it short, I go with solution #3 because it has a Debian package and have a GUI.

Unison have a powerful option to cope with my need, syncing both place. I can work in my desktop or laptop and get both of them sync each other. Okay, before you get bored, like I do. Let’s try to install it.

#0 Connect your desktop and laptop

A pre condition, your laptop and your desktop is connected and having SSH server installed. In my example, because I’m syncing from laptop, you just need to install the SSH server into your desktop. Every GNU/Linux system by default is installed with SSH client.

In desktop (and optionally on laptop), install SSH:

$ apt-get install ssh

#1 Install unison

In laptop:

$ sudo apt-get install unison-gtk

In desktop:

$ sudo apt-get install unison

Why I install GUI-based in laptop? Well, I synced the data from my laptop and treated my desktop as a server. Another reason is because my desktop using KDE and my laptop using Gnome. Unison is located in

Aplikasi -> Aksesoris -> Unison

#2 Setup A Profile

Profile is a jargon used by unison to a configuration file. You can have many configuration files, each doing specific job.

When first greeted, enter the base (unison use “root” term) directory of which you would like to sync against. I entered my home directory (e.g. “/home/user”).

base directory

Press OK and then choose your remote computer, in my case, the desktop’s home directory. If you are funky like me, using non-standard SSH port, select Socket first and then put your non-standard SSH. [NOTE: This step is unecessary for most people]

Socket

And don’t forget to select SSH again. Fill the remote Directory and the remote’s Host IP number, before press OK. Here’s the screenshot:

SSH

After OK, you are asked of your remote host password. Then you are ready to go.

Password asked

Honestly, I’m cheated a bit about unison. Usually, people creates a special directory like “/home/user/SYNCED” and put all the synced contents into that directory. I put my home directory, which contain gigs of files which making the unison a little bit lame at initial. So, I close the unison and starts to edit configuration manually to have only few directories that needed to directory.

$ gedit .unison/default.prf

Here’s my (EDITED) default configuration:

# Unison preferences file
root = /home/user
root = ssh://user@192.168.1.2//home/user
# Path to synchronize
path = Project
path = Library
path = Dokumen
path = .subversion
path = .purple
path = Musik
path = Gambar
path = Backup
path = Video
path = .netbeans
ignore = Name .directory

As you can see, I only put some of the directory in home. I’m using Bahasa Indonesia as my default installation. KDE4 uses “.directory” directory to keep its meta data. So, I need to exclude that directory. And, uhm… psst… I logged all of my conversations. 😀

#3 Syncing…

Just press GO and you’re done.

unison GTK

 #4 MAKAN2x ™

MAKAN2x ™ [This is a trashing section :D]

#5 Just In Case…

you are overwhelmed and don’t want to go all of those step, just do #0 and #1 then copy my configuration to your own “

.unison/default.prf

” and edit as you like. That’s faster. 😀

Some Compile Glitches

Some Compile Glitches

If you are using 9.10 like mine, there are few things that applications need to adapt.

1 G++ 4.4 will not include stdio automatically anymore

If you have these kind of error:

error: 'stdout' was not declared in this scope
error: 'fprintf' was not declared in this scope
error: 'fclose' was not declared in this scope
... and so on.

The fix is to include cstdio, meaning:

#include <cstdio> 

2 Unharmful warning message from CMake

CMake now wants the application set the minimum CMake version. Add this:

cmake_minimum_required(VERSION 2.6)
Driver for U.r.U 4500 in Kernel 2.6.31

Driver for U.r.U 4500 in Kernel 2.6.31

I was having trouble with using kernel 2.6.21 that get supported by default UrU kernel, the X server refused to run. So, in my despair, I view some LKML threads, patch here and there: Voila! I got a working  Kernel driver for U.r.U fingerprint for Linux kernel 2.6.31. [NOTE: Remove the .pdf extension.]This patched driver has been working in Debian’s 2.6.31-trunk and Ubuntu Karmic, my fave distro at the momen. The installation is simple and described here.For the sake of KISS, I will try to cover it for you.

$ mv dpfp-2.6.31.tar.gz.pdf dpfp-2.6.31.tar.gz
$ tar xvfz dpfp-2.6.31.tar.gz
$ cd source
$ make

And then install it to your kernel:


$ sudo mkdir /lib/modules/`uname -r`/kernel/drivers/biometric
$ sudo cp mod_usbdpfp.ko /lib/modules/`uname -r`/kernel/drivers/biometric/
$ sudo depmod -aq

Then you can abuse it the way you feel. This kernel has been tested worked on UrU 4500 and UrU4000B.

Getting Juicy Sound From Your Ubuntu

Getting Juicy Sound From Your Ubuntu

Personally, I want to post a rant about current Indonesian Cabinet, but then I realize that this blog is not that personal (although the disclaimer said so…). Besides, I’m taking space from Universitas Indonesia, it would be not nice for them. So, to take away my anger, I will put a constructive post.

1 Selecting a good sound driver

If you are like mine (Intel ICH compatible onboard sound), which likely so, the following driver really for you. I don’t know about other sound cards, but I think by the way people congratulate the driver, I guess it really enhanced them. Gosh, I forgot to mention what is the name of the sound driver, it’s OSS4 developed by 4Front.

A warning, mind you, this driver is currently unsupported, it’s not in mainline anymore. Since the OSS 3.8 in 10+ years ago, the OSS4 development goes behind walls and just recently release their driver again as GPL code. This driver will be supported by KDE 4 in 4.4 release, which is next year. Fortunately for Ubuntu user, they have a GStreamer plugin. But, for me, and the rest of Kubuntu users, we will stick on the native

ossxmix

mixer application (which fortunately written on Qt4).

How to install it? Well, duplication is unnecessary, just go into here and go to the detail. It is maintained by community.

As for me, the way I’m installing it is this way:

$ sudo apt-get install kernel-package

I’m using an exotic way of installing it from 4Front’s mercurial (yet another DVCS just like GIT). But, you can get the snapshot here. Sane people, just download the deb package from here.

Now, how do I do it? (with modified version where we just download the snapshot, not using mercurial)

$ tar xvfj oss-v4.2-build2000-src-gpl.tar.bz2
$ mkdir build && cd build$ ../oss/configure --config-midi=YES --config-vmix=FLOAT --enable-timings --enable-libsalsa=NO
$ make && sudo make deb
$ sudo dpkg -i oss-linux-4.2-2000_i386.deb
Of course, the sane way is, you download the package and just install the package. Now, configure your Ubuntu sound to use only OSS:
$ sudo dpkg-reconfigure linux-sound-base

And choose OSS. Here’s a bonus screenshot:

OSS4 on linux sound base

Now, up until this point, we are finish. Just restart your computer, like I would after posting this post (hey, running live example does justified your post  😛 ).

For information on configuring applications, just look at here. It’s just a detail info about changing all sound I/O to use oss, which most program support.

2 Choosing A Good Music Player

Unfortunately, XMMS is already deprecated and its dependency, GTK+1, might be removed soon from Ubuntu repository. But, go here if you dare, it’s a little repository specially dedicated for XMMS. Why is this 10+ years old software still in mention? Well, you can call me old school, but I do grew up with it. Not because of sentimental reason, but for one good reason:

Modern music player is crap!

They don’t have equalizer (XMMS has 32 channel equalizer plugins) and they don’t have sound effects. Winamp has Dee3, but it’s also being deprecated. They only hogging resources with good looks (which unfortunately I don’t need). Do I stare at the player all the time? Heck, no! I’m using it in the background and even put it on the systray.

Luckily, we have Audacious2. It saves some good plugins for us. Just install it:

$ sudo apt-get install audacious audacious-dev

The

-dev

is to install a must have plugin. Go to here and download Freeverb3 plugins. I choose the 2.4.0-rc2, anything will do. Oh, don’t forget to install fftw3, Fast Fourier Tra…, nevermind you won’t bother what is that… 😛 Just:

$ sudo apt-get install libgtk2.0-dev libfftw3-dev

Now, let’s kill time:

$ tar xvfz freeverb3-2.4.0rc2.tar.gz$ cd freeverb3-2.4.0
$ ./configure --enable-ldouble --enable-audacious --enable-sse2  --enable-srcnewcoeffs --enable-plugdouble --prefix=/usr
$ make && sudo make install

You can substitute

make install

with

checkinstall

, but that’s beyond the scope of this rant-replacement post. If nothing goes wrong, you can see like this:

Audacious2 + Freeverb3

I’m selecting the Freeverb3 stereo enhancer and the crystalizer plugin. Btw, you can see my Audacious equalizer, it was for my PX100 headphone, but I’ve tested it on HD280 Pro. The bass may need some tweaking with PX200. Anything else, vary.

For An Ending

If you just don’t have that sensitive for sound like I do, just install audacious and you are fine. I’m ripping all of my CDs to FLAC and OGG. That’s why I need the sound quality as what I am paying to have and I want to have it in a reasonable cost (gratis!). Hopefully, modern player could learn to provide basic functionalities first than feature.

Hello Ubuntu

Hello Ubuntu

 Scary!

Yeah, scary! It’s been 5 years since Warty and I’ve been there! I’ve been there since Ubuntu was still a derivative work of GNU/Linux Debian. I’ve been there when we can have Ubuntu repository compatible with Debian, even mixed them around. It’s been that long but feels like yesterday. The way Mark shunned us with the possible way of enhancing community as a strength. The revolutionary thinking at that time to introduce Free Software and Open Source Software as a brand of open community-driven.

Open, because it was targeted to non-techie people also. Open, because it has code of conduct. Open, because it would not scare people by RTFM-ing them. Open, because it’s an enterprise product that will stay free forever.

Feels like it was yesterday that the fat Dapper haunted my labs. Now, we have a professional GNU/Linux distro and getting better every release. This making me looking forward for Karmic Koala.

PS: Kambing now have stable repository, happy upgrading!

PPS: I’m running the current Kubuntu Karmic Koala and it’s fascinatingly fast and stable. Good work, Ubuntu!

CREDIT:

XKCD “Scary” image is from http://xkcd.com/647/

Ubuntu di Tangan Pengguna

Ubuntu di Tangan Pengguna


Beberapa orang sudah berpindah dari beberapa versi distro sebelumnya ke K/Ubuntu karmic. Saya bisa bilang, saya juga termasuk di dalamnya. Selain tergoda dengan inovasi XSplashnya, saya juga ingin mengetahui apa yang menjadi perbedaan distro ini dengan yang lainnya. Lagipula, hitung-hitung menunggu Debian Experimental kembali stabil. Ah, cukuplah basa-basi!

Ada 2 komputer saya yang saya ubah:

  • Laptop di rumah dengan menggunakan Ubuntu Karmic

  • Komputer kantor dengan menggunakan Kubuntu Karmic

1 Penambahan modem manager

Ini menjelaskan mengapa saya tidak bisa terhubung ke Internet dengan menggunakan /etc/network/interfaces saya, baik di Debian mau pun Ubuntu. Setidaknya sudah sebulan saya mengonfigurasi Debian saya dengan menggunakan ifconfig dan route.(Wew, perjalanan ke masa dahulu kala!)

Setidaknya Karmic benar-benar menempatkan dirinya untuk pengguna GUI. Totally for n00b!  😀

Konfigurasi IM2 dengan menggunakan laptop di rumah berlangsung dengan mudah. Kini saya sudah tidak perlu menggunakan program wvdial untuk terhubung ke Internet. Tapi, koneksi di kantor cukup merepotkan, saya harus login dulu agar Network Manager bisa mengaktifkan IP saya. Ya, ber…

2 Boot-related

Ya, berhubung saya juga tidak mau dibilang makhluk dari jaman pre-historik (yang demen maenan konsol sampe bunyi). Saya mengikuti saja perkembangan zaman evolusi antarmuka.

XSplash benar-benar membuat tampilan Ubuntu tambah cantik, walau pun masih kalah dengan rhgb dan plymouth milik distro-distro lain. Karena masih dalam proses pencarian jati diri, saya maklum saja. Apalagi, XSplash ini didaulat akan stabil pada Lucid Lynx.

Kalahnya dalam hal apa?

Proses Ubuntu di laptop saya menjadi lebih lama. Proses masuk dari GDM ke desktop lebih lama. Tentu saja, beda lamanya hanya hitungan detik. Tapi, saya yang telah termanjakan dengan waktu booting yang cepat di 8.10, sudah tidak terbiasa menunggu beberapa detik lagi….  😎

Tampilan antara dari proses pemilihan sistem operasi di GRUB ke XSplash masih menyempatkan tampilan teks-teks prehistorik yang (katanya) dapat menakutkan n00b, ahem, pengguna baru dan (katanya lagi, lho) terlihat kurang profesional. Yah, namanya masih baru.

Kubuntu saya lebih parah, XSplash tidak ada, yang ada hanya usplash dengan tampilan kuno ala < 7.04 yang segera saya buang. Menurut [KKX], Kubuntu mau menggunakan Ksplashx, komponen asli dari KDE untuk splash screen (ini bahasa Indonesianya apa, yah?), yang dimulai sebelum masuk ke dalam KDM. Tapi sebelum itu terjadi, kita harus menikmati tampilan teks prehistorik dan proses booting yang di bawah 10 detik (setidaknya di komputer saya).

3 Distro-specific support

Walau pun Debian adalah ompung dari Ubuntu, saya kecewa melihat dukungan terhadap Debian masih kalah dibandingkan dengan Ubuntu. Sungguh, adanya repositori PPA adalah ide brilian yang lebih dibandingkan cabang experimental pada Debian. Setiap pengembang Ubuntu dapat menyertakan paket-paket individual lebih cepat. Saya dapat tersuguhi dengan Chromium versi SVN. Bisa menatarnya setiap hari ke versi terbaru tanpa mengompailnya lebih dahulu. Sayangnya Project Neon hanya menyediakan versi Ubuntu stabil.

Saya belum menemukan E17 di Ubuntu karena masih puas dengan kinerja Kubuntu yang stabil. Netbeans ada di repositori Ubuntu dan lumayan tertatar.

Tapi, ompung Debian masih menang di manajemen proses. Ketika saya hendak menyalaulangkan KDM, skrip upstart gagal melakukannya sehingga saya harus menggunakan cara prehistorik (“

sudo kill -9 Xorg

“). Aplikasi Apport (application report) juga menyebalkan, saya masuk ke Kubuntu dan diberikan beberapa peringatan tentang rusaknya aplikasi. Untuk mematikan Apport, silahkan ubah berkas

/etc/default/apport

dan ubah

enabled=1

menjadi

enabled=0

Maaf, saya tidak tahu cara selain cara prehistorik…

4 Kubuntu-specific

Anggapan Kubuntu anak haram adalah tidak benar, setidaknya ia adalah anak yang kurang diperhatikan. Mungkin memang dukungan upstream sendiri yang kurang terhadap fitur penting seperti Proxy dan tampilan Multihead. Teman saya yang menggunakan Ubuntu dapat langsung saja mengaktifkan kedua monitornya yang terhubung ke ATi X550 (satu ke VGA, satu ke DVI) dan mendapatkan Multihead. Sedangkan saya harus menggunakan zaman prehistorik dengan membuat xorg.conf dan memodifikasinya untuk Multihead.

Tapi, saya senang dengan Project Ayatana yang menyediakan sebuah applet kecil mengikuti tema KDE sehingga notifikasi lebih terintegrasi dibandingkan Ubuntu.

Hmm… sudah jam 8 kurang. Saatnya kembali ke pekerjaan. Maaf tidak ada skrinsut, laptop di rumah dan komputer kantor saya dua monitor. Percuma diskrinsut kalau tidak memakai kamera. Selain bot dan spam, silahkan berkomentar.

Referensi:

[KKX]  https://wiki.kubuntu.org/KubuntuKarmicXsplash

Screwed Repository

Screwed Repository

If you have been using our Ubuntu repository (Kambing), you would have package failure. This was because in the few days, all of Ubuntu repository was having an invalid packages.gz file. The matter has been resolved upstream and now we are synchronizing with main Ubuntu repository. Please wait a moment until we have our site updated. Btw, I’m using Kubuntu Karmic and one simple line to describe it:

IT ROCKS!

One glitch, though, if you have an ATi card like mind, don’t upgrade you MESA into libgl1-mesa-dev_7.6.0-1ubuntu2. It appears a regression has made this card unusable. Other than that, watch out that drool! 😀

Installing Ubuntu Karmic Via Debootstrap

Installing Ubuntu Karmic Via Debootstrap

This is just an intermezzo post, just a fun stuff to do. I woke early this morning and couldn’t went to sleep again. So, I fired up my PC and checked things up. Well, I’m using GNU/Linux Debian Unstable/Experimental. It appears the Experimental is waiting for KDE 4.3.2 and Xorg 7.5. Debian also had MESA 7.6 landed on Experimental recently.

Hmm.. another major Xorg change and another ABI to break (hey, I guess that’s why they called that Experimental branch). FYI, current MESA implementation (7.6) had a feature to tell the application about the unsupported OpenGL 1.3 extension that makes my (un)happy KDE 4.3.1 crashed. So, in these few days I decided to move out to another distro.

I got an interesting story from Karmic development. It appears that this upcoming Ubuntu release will be pushing its X11 server in front just for the sake of bootsplash. Oh, it’s called XSplash and according to the original goal, it would be stable at Karmic+1. But, heck, those FOSS guys always calling something that runs well as experimental (e.g. Beryl/Compiz). So, why wait?

So, to do this I do:

$ sudo mkdir /tmp/test$ sudo mount /dev/sda1 /tmp/test

$ cd /tmp/test/

$ sudo debootstrap karmic . http://kambing.ui.ac.id/ubuntu/

View some profiles at Facebook and Komunitas @ UI, and write this entry. After this finish, for the following commands, I cheat a bit. I just found out that Kambing was in process of syncing its file, so I add dl2.foss-id.web.id to my source package (copy the entry and change the server from kambing to dl2 in the copied entry) and add

50Proxy

script to my

/etc/apt/apt.conf.d

for using proxy. I think by the time you read this, Kambing (maybe) already done syncing its files.

The best thing using experimental thingie, I don’t need to mount any of kernel filesystem. Usually, to install Grub, you would mount some stuff and creating special device in

/dev

in order for it to get system information. In my Debian system, I’m using GRUB2 and it actually have a nifty tool called

grub-probe

that probes any OS and kernels. So, this is what I do next:

$ sudo chroot /mnt/test# dpkg-reconfigure locales

locale-gen id_ID.UTF8

Hey, I’m always using Indonesian translation. That’s the strength of FOSS, they respect other language than English.

Anyway, then I installed the Ubuntu desktop

# apt-get install ubuntu-desktop

It would have:

0 upgraded, 1045 newly installed, 0 to remove and 0 not upgraded. Need to get 466MB/471MB of archives. After this operation, 2169MB of additional disk space will be used.

So, mind your space before installing it. Some package failed to be configured because of the

upstart

service not running. That’s normal, I think…   😛

Wew, I think I screw up a bit. I forgot to install the kernel. So, in the chrooted environment before go out and run the update-grub2 script, do this:

# apt-get install linux-image reiserfsprogs

Well, I am a faithful ReiserFS user (no troll intended), but for those who aren’t the

reiserfsprogs

need not to be installed. Oh, and I add a user and have it in a sudoer grup.

# addgroup contoh_aja
# echo "%contoh_aja ALL=(ALL) ALL" >> /etc/sudoers
# adduser  contoh 
# addgroup contoh contoh_aja 

Now, let’s get out from chroot and update GRUB2. Just type:

$ sudo update-grub2
Generating grub.cfg ...
Found Debian background: moreblue-orbit-grub.png
Found linux image: /boot/vmlinuz-2.6.30.160709
Found initrd image: /boot/initrd.img-2.6.30.160709
Found linux image: /boot/vmlinuz-2.6.30-2-686
Found initrd image: /boot/initrd.img-2.6.30-2-686
Found linux image: /boot/vmlinuz-2.6.30-1-686
Found initrd image: /boot/initrd.img-2.6.30-1-686
Found linux image: /boot/vmlinuz-2.6.29-2-686
Found initrd image: /boot/initrd.img-2.6.29-2-686
Found Debian GNU/Linux (lenny/sid) on /dev/hdb2
grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

grub-probe: error: Cannot find a GRUB drive for /dev/hdb2.  Check your device.map.

Found Ubuntu karmic (development branch) (9.10) on /dev/sda1
Found openSUSE 11.1 (i586) on /dev/sda3

And add some piece to this entry post. Now I want to boot my computer and try to boot into the new beast. You’ll get update from my tamed beast. Ciao…

== UPDATED :: Posting from new pet. ==

Now, let’s boot to the Karmic and do this in a terminal:

$ sudo apt-get -f install

This will fix the error during installation in chrooted environment. LASTLY, don’t forget to install all the Indonesian translation stuff. You do love Indonesia, don’t you? 😆

PS: Do that in Synaptic, don’t trouble yourself by using the terminal unless you are a rock star. 😀

Okay, adjusting stuff… bye.

Kambing Spidol

Kambing Spidol

After the collapsing, Kambing have resurrected again. It needs few hours thanks to the almighty Universitas Indonesia‘s bandwith to recover all of the contents (± 2 TB). Unfortunately, after we struggle to put down sotfware RAID 5, the server having trouble at performance. The popular (most accessed contents) were on the same hard drive making it an I/O bottleneck.

Well, Adin said we will resurrect the good ol’ software RAID 5. Meanwhile, enjoy the slow throughput like the rest of us. 🙁

UPDATE: Adin have done it. Now, the popular contents in RAID 5

Creating DKIM on Debian 5.0

Creating DKIM on Debian 5.0

DKIM is a technique based on Yahoo!’s DomainKey. Some may say that it look alike SPF (Sender Policy Framework), but the two is different. DKIM is authenticating the email sent by checking the signature againts the domain’s public key. On the contrary, SPF check the MTA (mail server) that sends the email againsts the domain’s list of MTA. For the simplicity, let’s say that the sending domain is UI and the receiving domain is GMail, so DKIM works like this:

  1. User foo send an email
  2. The UI mailserver signed the email and send it to GMail mailserver
  3. GMail then querying the DNS and search for the public key for the sending domain.
  4. After that, GMail checks signature and the data.
  5. If it is alright, then GMail deliver the message to the recipient’s mailbox.

DKIM uses two encyption algorithms: RSA-1 (or just RSA) or RSA256. Those are public and private key pair authentication. The magic is what get encrypted by the private key can only be decrypted by public key and vice versa. But, you can’t decrypt using the same key that used to encrypt the data.

This mechanism is differ from SPF. For mailserver that implements SPF, it would just ask the DNS about a list of legal mailserver that have the right to send email originating from that particular domain.

Let’s us set Postfix to use DKIM. I assume that the mailserver is already functional and running.

There are two applications in Debian repository that serve the same purpose. The first is DKIM-Proxy which is a stand alone service that get injected and then inject back. It would run two processes which one would handle incoming traffic (verifying the email) and the later would do the signing. Both have their own socket to communicate with the mailserver.

The second is DKIM-Milter (or dkim-filter as Debian named it). It uses Sendmail‘s Milter protocol. So, it would run just like a plugin in Postfix. From my experimentation, I choose this because of the convinience for me. But, who knows you would choose the other.

Now, let’s install DKIM-Milter:

# apt-get install dkim-filter

The installation includes dkim-genkey tool to generate configurations including the DNS setting. Use the tool to generate DNS entry and private key:

# dkim-genkey -d ui.ac.id -s mail

The parameter:

  • -d ui.ac.id means we would like to sign mails from ui.ac.id
  • -s mail sets the selector’s name is “mail“. Selector is an entry in DNS that holds public key that will be used by other mail servers to verify the signature signed by origin mail server. Well, I decide not to define this further to simplify things. You could google it.

The command will generate two files: mail.txt which contains DNS entry and mail.private which is the private key that would be used to sign the letter. Here’s the example of mail.txt:

mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCS...AB" ; ----- DKIM mail for ui.ac.id

The public key entry is being cut to save space pertaining aesthetic aspect in this blog post. I would put the private key into /etc/dkim directory. The directory is non-existence, so we have to create it first.


 

# mkdir /etc/dkim
# mv mail.private /etc/dkim

Now, the DNS part. I would refined the entry to add “t=y” and remove the comments. I’m also appending our domain after _domainkey (watch for the dot after “id”). So, it would be just like this:

mail._domainkey.ui.ac.id. IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=MIGfMA0GCS...AB"

And put that in your DNS database and reload it.

Default installation do not run the DKIM-Milter. We need to set the DKIM-Milter in order to run. First, edit /etc/dkim-filter.conf file. Here’s the relevant things that I’ve change to suite my need: (just find the line)

Domain      ui.ac.id 
KeyFile     /etc/dkim/mail.private
Selector    mail
Mode        sv
Amazing thing about Debian is it has a great documentation style, so you can read the comments on the configuration file for further information. To have a functional DKIM-Milter, edit /etc/default/dkim-filter file to set where it should listen/respond to. To simplify things, I choose to have network socket than the UNIX socket. Unix socket slightly better in performance, but it must be set so that the chrooted Postfix and the DKIM-Milter service can both read and write it. I uncomment this:
SOCKET="inet:12345@localhost" # listen on loopback on port 12345
Last piece that should be configured is the Postfix configuration to use the DKIM-Milter. Edit /etc/postfix/main.cf file and add these lines:

 

smtpd_milters = inet:localhost:12345
non_smtpd_milters = inet:localhost:12345
Lastly, restart Postfix and DKIM-Milter service:
# invoke-rc.d dkim-filter restart
# invoke-rc.d postfix restart

We are using the friendly GMail for testing. Here’s what we do in one of our testing subdomain before we set the DKIM: Before DKIM

After we set the DKIM:
After DKIM

Now GMail knows our test subdomain. To check if our verification also works, we send the a mail from GMail to our test domain and would have these on the header:

Authentication-Results: groups.ui.ac.id; dkim=pass (1024-bit key)
header.i=@gmail.com; dkim-asp=none

There are things that I’m not covering, like the multiple selector and using 3rd party like Verisign to accomplish that, handling subdomains, using both DKIM and DomainKey, setup UNIX socket, etc. Don’t worry, for a single domain, the tutorial may run well.

Reference: Coker, Russel. 2008. Installing DKIM and Postfix in Debian. http://etbe.coker.com.au/2008/09/18/installing-dkim-postfix-debian/ Postfix. 2009. Postfix before-queue Milter support. http://www.postfix.org/MILTER_README.html Sendmail Consortium, The. 2009. http://www.sendmail.org/dkim