Ubuntu security updates break unattended-upgrade

What I mean by the title of this post is that sometimes ubuntu folks push security updates to $release-updates repository. I’m told this is so that they propagate faster across all the mirrors. So, when that happens, to APT they look as coming from $release-updates repository ONLY.

Which means unattended-upgrade is fooled into thinking there are no security updates available and so it never installs them automatically despite all the configuration instructing it to do so.

Good thing my little software updates report script can show these security updates regardless, that’s how I know about this.

The trick to dealing with this quirk is as simple as to have a separate APT sources list file for security repositories. You then need to pass this file as an argument to apt commands with the help of the -o flag.

sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list'

apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.repos.only.list

Advertisements

Mac OS X writes too much data to disk, or does it?

This is just an observation I made a couple of days ago. I had my new Macbook Air 11″ on for some 13hrs during which all I did was light use of Google Chrome to look up things once in a while, chat with people in Skype and Adium, listen to radio streams in iTunes, work in a terminal, of course, had Mail.app running which is configured not to save anything to disk, and by the end of the day Activity Monitor reported some 5GB worth of disk writes. 5 gigs, really?

Why would I be concerned? Well, I’m generally speaking curious, but also there’s a legitimate concern because SSD drives, which are of MLC type in Macbook Air’s, on average are guaranteed to last 5 years with average 40GB disk writes per day. So, you can see that 5GBs per day in that context isn’t really a small number.

So, I set out to figure out to see distribution of those disk writes but I haven’t found a solution yet. dtrace looks like the tool that could pull out this data but it falls short of showing accumulated values over time. What I’m talking about is Linux equivalent of iotop -o -a, which is just amazing, simple and user-friendly compared to dtrace.

Which reminds me to say that Mac OS X is a funny OS. It makes it really easy to use a computer in GUI department, but Apple seems to have applied their philosophy of radically simplifying things to command line applications as well. Less of output (otherwise useful and detailed) seems to be characteristic of Apple’s version of such tools as iotop and sar, to name a few.

This I find a little frustrating and limiting. By and large, though, I really like Mac OS X and the whole experience of running Macbook Air.

I’d highly recommend it.

Gets Mac OS X

Gets Mac OS X and spends most of the time working in Terminal anyway

I work on a mid 2012 Macbook Air 11″ these days.

The specs:
2.0GHz Intel Dual­Core Core i7, Turbo Boost up to 3.2GHz
8GB 1600MHz DDR3L SDRAM
128GB Flash Storage

Love the Mac OS X. However, ironically coming from the Linux world I’m irresistibly drawn to Terminal application and find myself poking around a lot. After all that’s exactly how I see Mac OS X, a stable, beautiful, thought-out DE. Underneath all the beauty, bells and whistles, fancy features, there’s UNIX. Do I really have to say more? My friends are worried that I’m lost to Linux community but that’s not really true. Not a bit. I still have my Arch Linux laptop running and doing those tasks that it does better than Mac OS X. I’m just sticking with UNIX philosophy of using the tools that do one thing the best. To me Mac OS X is currently doing the best job of offering a desktop environment.

How secure is Google Chrome Sign In?

I’ve been avoiding Sign In feature for quite some time now, up until today, because security with major service providers, that are also legitimate businesses and often are not open-source, seems always to be tricky. I realized I couldn’t hold back any longer, though, because the temptation to use synced data — and Chrome/Chromium syncs basically everything and lets you recreate your browser environment on just any computer/mobile device with the Internet connection and default browser configuration — was becoming very intense.

So, I’ve ran an extensive search on Google, but there were very few detailed results that would give you the dirt. Mostly generalized statements about how secure or insecure it is. Luckily, though, some peoplewrote up excellent articles that answered my questions and made me feel confident that I can safely upload my personal data to the cloud.

Because bottom line is Chrome/Chromium Sign In feature provides a very reasonable security model.

In short, the solution is to encrypt everything and use encryption passphrase, not Google Account as a passphrase (this gets sent to Google periodically and kinda defeats the purpose, because theoretically unscrupulous/overly enthusiastic employees literally have the key to your encrypted stash of private data and could read it if they really wanted to. Not cool.)

To learn more details I highly recommend to follow these URLs and read these wonderful articles:

  1. Comparing the Security and Privacy of Browser Syncing by Gregory Szorc with Firefox who happens to work on FirefoxSync (this is exactly what I hoped to read, a fresh publication too!)
  2. How to Optimize Google Chrome for Maximum Privacy by Chris Hoffman of How-To Geek.
  3. Google Chrome Leaking Credit Card Data? by Adam Caudill, a demonstration of why you need to encrypt everything, not just passwords.

Lightning add-on with Google Calendar-like color palette

I’ve started using Lightning add-on for Thunderbird lately. Oh and Thunderbird, too. Again.

I just figured Evolution is unreasonably resources demanding, works a bit slowly on my notebook (Intel(R) Core(TM) Duo CPU T2250 @ 1.73GHz, 4GB RAM, ATI Xpress 1250 with 256MB), has a terrible connection error dialog that looks stylish in red and overlays message window list but pops up way too often — with many accounts and a bit flaky Internet connection and/or frequent sleep and resume cycles that gets just irritating because as a user I have to dismiss them manually or else they remain in their place forever limiting view of the list of new and old messages. Evolution also offers a pretty inconvenient way to turn HTML formatting on or off on a per single message basis. You’d have to go all the way to preferences and locate it in some section and tick the box off or on to get a single e-mail sent out in HTML if you prefer plain-text most of the time. That’s just too time-consuming and frustrating and IS a lot of work. Finally, I figured it crashes quite often under certain circumstances. Overall it works stable 98% of the time and is a very good mature e-mail client and I’d personally recommend it to a lot of people.

I didn’t feel like hunting down its bugs, though, because at the end of the day performance wise I’d still not be happy with Evolution, so I decided to give Thunderbird another try. I used to run it, it was OK. It met most of my expectations back then but at some point in time I defined my own user policy where I’d strive to use default DE applications as much as I could. I felt it would give me a more consistent look and feel, which kinda matters to me when I become a regular desktop user and not a Linux administrator who works mostly with black terminal and a web-browser.

So, I used to use KMail and Evolution and they were both OK. Since the last time I’ve used Thunerbird it got a cool add-ons manager and plenty of useful extensions (like Lightning, Gnome Integration, Copy As Plain Text, Personal Level Indicators, etc.) as well as nifty personas, sort of skins that can deliver a really nice touch of personality to your Thunderbird  if chosen wisely. Some of the extensions that I found useful and a very cool persona/skin can be seen in this screenshot:

Extensions that I found useful and persona/skin demonstration

Continue reading

RTFM or die!

I get really intrigued when people start RTFM‘ing me on IRC in response to concrete short questions. It’s like you ask “Do I have to use yum to install packages in CentOS?” Instead of answering “Yes” there’s
always someone who doesn’t really know for sure what to answer and so they start writing too much, in a vague style, a message that we’ve all come to know as RTFM type of response. Not that it’s a bad thing, but it’s often misused from position of elitism and has a strong stench of snobbishness.

“You’re too stupid! You can’t grok a simple shell script you’re not worthy of our attention!”

BS. And waste of time really. Simply counterproductive and demonstrates ego problems of the author of a message.

Beware of this type of folks on IRC, perhaps on the Internet and RL too!

Apple keyboard in Linux

I’ve got myself a wired aluminium USB Apple keyboard, and I’m running Arch Linux that mostly hasn’t been updated since the end of the summer of 2011 (just to give you some idea about how recent my software is: gnome-desktop 3.0.2, gtk3 3.0.11, compiz-core 0.8.6, glibc 2.13, gcc 4.6.0, etc).

As it was reported in this nice post, all keys except Expose and Dashboard work right out of the box (or, more accurately, are recognized but not necessarily do the expected; pleased read on). I successfully assigned Expose key to the Compiz Scale plug-in, however Dashboard was giving me a hard time. I ended up assigning keycode 212 to F13 key symbol, that works just fine, for some reason unknown to me XF86Calculator doesn’t play well with this button.

In my case I have Apple keyboard connected to a Samsung R-20 notebook computer, that is physically placed behind a 24″ DELL display. So, I’m not sure whether there’s some sort of conflict between the two keyboards that have multimedia keys on them connected to a single computer:

% xinput list
⎡ Virtual core pointer id=2 [master pointer (3)]
⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)]
⎜ ↳ Logitech USB Receiver id=10 [slave pointer (2)]
⎜ ↳ Logitech USB Receiver id=11 [slave pointer (2)]
⎜ ↳ SynPS/2 Synaptics TouchPad id=15 [slave pointer (2)]
⎣ Virtual core keyboard id=3 [master keyboard (2)]
↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)]
↳ Power Button id=6 [slave keyboard (3)]
↳ Video Bus id=7 [slave keyboard (3)]
↳ Power Button id=8 [slave keyboard (3)]
↳ Sleep Button id=9 [slave keyboard (3)]
↳ AT Translated Set 2 keyboard id=14 [slave keyboard (3)]
↳ Apple Inc. Apple Keyboard id=12 [slave keyboard (3)]
↳ Apple Inc. Apple Keyboard id=13 [slave keyboard (3)]

Continue reading