Why would you prefer chromium-browser in sid over google-chrome

19 July 2010 — Giuseppe

I’ve seen a lot of Debian user asking:  ”What is the difference between chromium-browser in sid and google-chrome (stable)?”, “Does chromium-browser support html5, h264, vp8?”

“Why would I prefer chromium-browser in sid over google-chrome (stable)?”

  • chromium-browser is free software, google-chrome isn’t
  • chromium-browser uses (when it is possible) system libs.
  • chromium-browser supports, like google-chrome, the h264 codec (and chromium official builds don’t support it)
  • chromium-browser in sid follows the stable tree, but it contains some important (features and bugfix) backports, as for example VP8/WebM codecs (the stable google-chrome version doesn’t support it),  or the  support for “Ambiance/Radiance and Dust themes button”
  • chromium-browser uses a very recent and high-performance libv8 version, google-chrome (stable) uses an ancient version

BTW, the next step is to get chromium-browser into testing and upload a dev version (6.x) in experimental.

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: -1 (from 1 vote)

Popularity: 9% [?]

Posted in Debian . Tags: , , , . No Comments »

Seminario Sicurezza Linux & Open Source – Università di Catania

20 May 2010 — Giuseppe

Translate original post with Google Translate

Ho messo online le slide del seminario di Sicurezza tenutoso lo scorso lunedì. Potete scaricarle da qui.

VN:F [1.9.3_1094]
Rating: 9.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 1% [?]

Posted in Debian, Linux . Tags: , , , . No Comments »

Chromium ready for unstable

10 May 2010 — Giuseppe

I’m currently testing the new chromium version for unstable.

I tried to remove embedded code copies, and I’m pleased with the result.

Ubuntu i386 binary:

-rwxr-xr-x root/root 35804728 2010-05-05 12:01 ./usr/lib/chromium-browser/chromium-browser

Debian i386 binary:

-rwxr-xr-x root/root 20693336 2010-05-09 21:33 ./usr/lib/chromium-browser/chromium-browser

The latest blocker for an upload in unstable is a minor bug in libv8, but Antonio Radici should upload a fixed version this evening :)

VN:F [1.9.3_1094]
Rating: 8.3/10 (4 votes cast)
VN:F [1.9.3_1094]
Rating: +5 (from 5 votes)

Popularity: 9% [?]

Posted in Debian, Linux . Tags: , , . No Comments »

New member in the security team

14 November 2009 — Giuseppe

Even though I’m late, I would like to thank everybody  involved in my NM process and those who permitted me to join the Sec Team, and in particular:

Enrico Zini, a special thanks! Sponsor, advocate, but most of  all an exquisite person. It was he, that on holiday in 2008,  infront of a great pizza at Cortile Alessi, said to me, “So,  when will you NM?”

Steffen Joeris and Mortiz Muehlenhoff, my reference points  within the Security Team :)

Felipe Augusto Van de Wiel, my AM!

Christoph Berg, it was he who approved my NM!

Max Cetra, Trusted tester for security updates!

I hope that I haven’t forgotten too many people :)

VN:F [1.9.3_1094]
Rating: 9.7/10 (3 votes cast)
VN:F [1.9.3_1094]
Rating: +1 (from 1 vote)

Popularity: 2% [?]

Posted in Debian . 1 Comment »

I’m thinking to ask for removal of atmailopen in Debian

22 May 2009 — Giuseppe

From December 2008, I maintain the atmailopen Debian package. This is a nice webmail in PHP and Ajax , it aim to provide an elegant Ajax webmail client for existing IMAP mailservers, with less bloat and a focus on an intuitive, simple user interface.

I was very happy when it was accepted in Debian, but I was wrong:

On 19/04/2009 I noticed a Secunia advisory about @Mail (SA34704) ,and the same day I mailed upstream and asked if atmailopen is affected by the same security vulnerability. No answer as of today, 2009-05-22 …

While checking about SA34704, I discovered that atmailopen is using the vulnerable version of html2text, which could lead to code execution attacks, the same of CVE-2008-5619 in roundcube.

On 26/04/2009 I mailed upstream to inform about this issue, but as usual, nothing… no answer as of today, 2009-05-22 …

Is clearly evident, upstream doesn’t take care about security in his atmail open source version, and doesn’t provide security support.

This is not acceptable for a software in Debian, I will request a removal.

P.S. If you aren’t using the debian package, I really suggest you to patch your atmailopen version, or better, switch to another webmail.

UPDATE: atmailopen was removed from Debian

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 3% [?]

Posted in Debian, Linux . Tags: , . 1 Comment »

Add Debian maintainer Giuseppe Iuculano

17 November 2008 — Giuseppe

Translate original post with Google Translate

debian-maintainers (1.48) unstable; urgency=medium

   * keycheck: grep the first '^gpg: key' from jetring-apply's output.
     Closes: #505775
   * Update Jon Dowland's public key. Closes: #476804
   * Update Daniel Leidert's public key. Closes: #498805
   * Add Debian maintainer Giuseppe Iuculano. Closes: #502088
   * Add Debian maintainer Thorsten Glaser. Closes: #503726
   * Add Debian maintainer Franck Joncourt. Closes: #505232

– Anibal Monsalve Salazar <anibal@debian.org>  Sat, 15 Nov 2008 18:44:42 +1100

:D

Tante grazie ad Enrico per l’ “avvocatura” ;)

VN:F [1.9.3_1094]
Rating: 6.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 2% [?]

Posted in Debian . Tags: , . No Comments »

Smbind – Tool in php per la gestione di un DNS

15 June 2008 — Giuseppe

Translate original post with Google Translate

Smbind è un tool in PHP che permette di amministrare un DNS (bind).

Tramite l’interfaccia web è possibile creare, modificare, gestire le zone. Ecco alcuni screenshots:

Zona

Opzioni

Creare zona

In attesa di uno Sponsor per chi usa debian o ubuntu ecco come installarlo:

(debian) Aggiungete al vostro sources.list:

deb     http://debian.iuculano.it/apt  etch main contrib non-free
deb-src http://debian.iuculano.it/apt  etch main contrib non-free

Mentre per Ubuntu:

deb http://ppa.launchpad.net/giuseppe-iuculano/ubuntu hardy main
deb-src http://ppa.launchpad.net/giuseppe-iuculano/ubuntu hardy main

Poi da terminale:

apt-get update && apt-get install smbind

Una volta terminata l’installazione:

usermod -G bind www-data

/etc/init.d/apache2 restart

echo ‘include “/etc/smbind/smbind.conf”;’ >> /etc/bind/named.conf.local

/etc/init.d/bind9 restart

Adesso potete aprire il browser ed andare su http://localhost/smbind/ .

Login e password di defualt sono entrambe ‘admin’, ma naturalmente dovete cambiare la password immediatamente :-)

VN:F [1.9.3_1094]
Rating: 6.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 3% [?]

Posted in Debian, Linux, Ubuntu . Tags: , , , , , . 1 Comment »

A professional mail server with qmail and vpopmail

8 July 2006 — Giuseppe

Translate original post with Google Translate

Qmail is a good solution for an email server, but I think the current official qmail-src package is outdated and not good for using on a modern mail server. That is why I created an unofficial qmail-src package with some suitable patches:

SMTP-AUTH for Debian Sarge 3.1 (Fixed)
qmail-dnsbl patch (added logging)
qmail-queue-custom-error.patch (for simscan)
qmail-smtp-log-patch
chkuser 2.0


qmail-dnsbl patch lets the client authenticate (using any method implemented), and then decides to perform the DNSBL check looking at the authentication status before the DATA SMTP command is performed.
If the check fails, the server closes the SMTP conversation before receiving the mail, avoiding any resource wasting.

chkuser 2.0 The original qmail-smtpd accepts by default all messages, checking later for the existence of the recipients. So, if the message is delivered to a non-existing recipient, a lot of additional system work and network traffic is generated, with several expensive bouncing if the sender is a fake.

chkuser has been developed with the goal to improve the acceptance SMTP phase of qmail-smtpd.
qmail-smtpd patched with chkuser may check the existence of e-mail recipients immediately in the SMTP acceptance phase of a message and rejects instantly all the messages sent to unexisting users, thus avoiding additional traffic, workload and messages bounced more times.

These goals are achieved by enquiring the existing vpopmail archives (each format is supported: cdb, MySQL, LDAP, etc.) by using standard vpopmail calls, or using customized chkuser routines.

chkuser 2.0 has detailed logging of accepted and refused recipients and senders, thus allowing a deeper analysis of “who’s sending to whom”. This can facilitate any further enhancements of anti-SPAM features.

N.B. Current qmail version works only with my vpopmail-mysql package!

You can get more details here: http://debian.iuculano.it


So, let’s go, in less than ten minutes we can have a full performant mail server!

Just open your terminal and add my deb repository in your sources.list:

debian:~# vi /etc/apt/sources.list

Add these lines:

deb     http://debian.iuculano.it/apt  sarge main contrib non-free
deb-src http://debian.iuculano.it/apt  sarge main contrib non-free

and:

debian:~# apt-get update

My vpopmail package uses mysql backend, so we need mysql-server:

apt-get install mysql-server

It is strongly recommended to set a password for the mysql root user
(which is NOT the same as the “normal” root user) with the command:

mysqladmin -u root password 'enter-your-good-new-password-here'

debian:~# mysqladmin -u root -p create vpopmail
debian:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10 to server version: 4.0.24_Debian-10sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> GRANT ALL PRIVILEGES ON `vpopmail` . * TO 'vpopmail'@'localhost' \
IDENTIFIED BY 'some_pass' WITH GRANT OPTION ;
Query OK, 0 rows affected (0.01 sec)

mysql> quit
Bye
debian:~#

Good, now we can install qmail, vpopmail, spamassasin

debian:~# apt-get install qmail-src spamassassin vpopmail-mysql spamc razor
pyzor ucspi-tcp-src libmailtools-perl libmail-spf-query-perl libsys-hostname-long-perl

Now we build ucspi-tcp

debian:~# build-ucspi-tcp

And finally, we build qmail!

debian:~# build-qmail

Don’t worry if you get an error message when installing the .deb package; we need to remove exim4!

debian:~# dpkg --force-depends --purge exim4 exim4-base exim4-config exim4-daemon-light

Now:

debian:~# dpkg -i /tmp/qmail/qmai*.deb

Very well, now if you want SMTP AUTH and chkuser, you should edit /etc/init.d/qmail

If you want chkuser you should change CHKUSER_START to DOMAIN or ALWAYS

If you want chkuser you should replace:

-u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \

with:

-u vpopmail -g vckpw -x /etc/tcp.smtp.cdb 0 smtp \

Setting your mail name:

vi /etc/qmail/me

And add your mail name, for example mail.domain.org

Setting mysql username and password for vpopmail

debian:~# vi /etc/vpopmail/vpopmail.mysql

and restart qmail and popmail POP3

debian:~# /etc/init.d/qmail restart && /etc/init.d/vpopmail-mysql restart
Stopping mail-transfer agent: qmail.
Starting mail-transfer agent: qmail.
Restarting vpopmail pop3 server: vpopmail.
debian:~#

Very well, we ‘re almost done!!

Some check-ups:

debian:~# apt-get install recode
[...]
debian:~# vadddomain test.bogus
Please enter password for postmaster:
enter password again:
debian:~# ls -la /var/lib/vpopmail/domains/
totale 3
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 .
drwxr-xr-x  6 root     root   1024 2006-07-07 16:09 ..
drwx------  3 vpopmail vchkpw 1024 2006-07-07 16:34 test.bogus
debian:~# echo -en "postmaster@test.bogus" | recode data..base64
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
debian:~# echo -en "test" | recode data..base64
dGVzdA==
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~# less /var/log/syslog
debian:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mail.domain.com ESMTP
HELO TEST
250 mail.domain.com
EHLO
250-mail.domain.com
250-AUTH LOGIN CRAM-MD5 PLAIN
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
cG9zdG1hc3RlckB0ZXN0LmJvZ3Vz
334 UGFzc3dvcmQ6
dGVzdA==
235 ok, postmaster@test.bogus, go ahead (#2.0.0)
mail from: test@nonexact.from
511 sorry, can't find a valid MX for sender domain (#5.1.1 - chkuser)
mail from: test@test.com
250 ok
RCPT TO: notexist@test.bogus
511 sorry, no mailbox here by that name (#5.1.1 - chkuser)
RCPT TO: postmaster@test.bogus
250 ok
quit
221 mail.domain.com
Connection closed by foreign host.
debian:~#

Good! Everything seems to work finely!

Now, the last thing you have to do is:

debian:~# apt-get install qmailadmin autorespond ezmlm-src clamav clamav-daemon clamav-freshclam

Install simscan (http://www.inter7.com/simscan/simscan-1.2.tar.gz) and edit init.d/qmail !

Simscan ./configure example:

./configure --enable-user=clamav --enable-clamav=y --enable-custom-smtp-reject=y --enable-attach=y
 --enable-spam=y --enable-spam-hits=14 --enable-spamc-user=y --enable-received=y
--enable-clamavdb-path=/var/lib/clamav --enable-spam-auth-user=n
--enable-quarantinedir=/var/qmail/quarantine --enable-dropmsg=y
VN:F [1.9.3_1094]
Rating: 7.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 3% [?]

Posted in Debian, Linux . Tags: , , , , , , , , , . 3 Comments »

Ddrescue fa i miracoli

24 May 2006 — Giuseppe

Translate original post with Google Translate

Due giorni fa ho notato una estrema lentezza del mio sito/mail. Mi loggo nella macchina e trovo dei simpaticissimi messaggi:

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

APIC error on CPU0: 40(40)
hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: status timeout: status=0xd0 { Busy }

hda: drive not ready for command
ide0: reset: success
hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

hda: irq timeout: status=0xd0 { Busy }

C’erano circa 32° ma io iniziavo a sentire freddo!.. Che fare?

Vediamo se Google mi aiuta.. Uhm niente, inizio a pensare…. Se provassi a mettere un altro disco e dare un cp -a / /nuovodisco ? Soluzione troppo spartana, anche se potrebbe funzionare.

Si può fare di più.

E se usassi “dd” per effettuare una copia grezza? Vediamo cosa dice google.
Dopo una serie di click trovo Ddrescue, vediamo se è pacchettizzata su Debian Sarge. Sorpresa: NO! O per lo meno, c’è solo la versione per sid.
Ricerco su google e trovo il port per sarge.

Bene, in meno di un’ora mi sono ritrovato con il mio disco clonato, ecco cosa fare:

  1. Stoppare TUTTI i servizi (apache, bind, ecc) che potenzialmente possono scrivere sul vostro disco danneggiato (ad esclusione di ssh se state lavorando da remoto)
  2. Creare una partizione poco più grande della vostra partizione danneggiata.
  3. Eseguire un # ddrescue -r3 /dev/hdaX /dev/hdbX logfile

Spiego l’ultimo comando.

da man ddrescue:


ddrescue [options] infile outfile [logfile]

-r, --max-retries=
exit after given retries (-1=infinity) [0]

Ddrescue farà una copia esatta del device hdaX in hdbX e se troverà settori/blocchi danneggiati tenterà nuovamente per 3 volte. Inoltre scriverà un file di log chiamato ./filelog.

L’operazione dura da pochi minuti a parecchie ore a seconda la dimensione della vostra partizione, ma alla fine avrete un clone funzionante (o quasi :) ).

Detto ciò date un ext2fs -f /dev/hdbX e dopo un resize2fs /dev/hdbX.

Continuate con le altre partizioni, e alla fine avrete il vostro nuovo disco clonato!

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)

Popularity: 3% [?]

Posted in Debian, Linux . 1 Comment »
«
»