How To Patch The Debian 6 Squeeze Shellshock Bug

Debian I run a few webservers at work that are internal facing only (intranet) that run Debian 6 Squeeze.  I’ve been monitoring the Shellshock exploit since it was discovered a few weeks ago and have been looking for a way to get those few systems patched…despite them existing only internally.  Patches for Squeeze-lts (long term release) were released quickly and then just a last week, another patch was put into play as well.  I decided to go ahead and patch these internal systems and since I couldn’t find much out there for blog posts on how to do it…I decided to share how I did it.

Difference Between Squeeze and Squeeze-lts

The difference between Squeeze general and Squeeze-lts is that the LTS (long term support) repositories will continue to receive backported patches from the current release tree (which is version 7 for Debian).  I didn’t originally install/setup these two internal servers so the first thing I have to do is get the version of Debian these servers are running and then check to see if they are using the LTS repositories.

Finding Your Version of Debian

lsb_release -a

This command returns a vanilla squeeze install for me.

Changing Repositories to LTS

Now to see which repositories are enabled.

nano /etc/apt/sources.list

You should open your sources list with your favorite text editor.  If you just have vanilla sources like the two servers I have you can just comment out the sources listed there and paste the following:


deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Now that your sources have changed, update and patch your system:

 apt-get update && apt-get upgrade && apt-get dist-upgrade

Checking To See if You still Vulnerable

You can use bash itself to see if you’re vulnerable to the bug.  Execute the following command:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

This should return the following if you are patched:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

If you’re not patched…the word ‘vulnerable’ will appear in your results.

Further Reading on Shellshock

You can read further about how to switch to LTS repositories here:  https://wiki.debian.org/LTS/Using

For more reading on the Shellshock bug, how it is being exploited and the history/timeline, see here:  http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Netrunner – The Best Distro You’ve Barely Heard Of

Netrunner

In my quest to find a professional and polished distribution of Linux that used KDE as the default desktop…I tried out quite a few flavors:  Kubuntu, Salix, Manjaro, PCLinuxOS and even OpenSuse.  All done in the past few weeks.

Each time I installed these distributions on this Dell Latitude D630 I pretended I had no idea how Linux was supposed to work.  I’d step through like a less than technical person would do.  How do I connect to wireless?  Is it easy?  Can I stream Youtube videos?  Will my mp3 collection play?  How do I manage that mp3 collection?  Will DVD’s play?  Do things ‘just work’ out of the gate?

I blogged about the beginning step in Manjaro Linux…it wasn’t as polished as I’d like.  I jumped next to Salix and found that Wicd, the default network manager…makes you jump through 9 different hoops to connect to a hidden network.  PCLinuxOS came next but it was so slow on this laptop that it lasted less than a day.  OpenSuse repeated the PCLinuxOS slowness.  Kubuntu was last and it was fine and polished…but once again, slow…random hangups when doing things like file browsing/web browsing.  Kubuntu was the closest I came to a great KDE flavored distribution…it stayed on the laptop for a couple of days.  So the question remained:  Can the distribution I am running be considered professional and polished while getting out of the way

The majority answer for most of these distributions is a resounding “NO”.

One distribution however, stood above the rest of them.  Instead of stopping on one of the above questions…I found myself having to create new and more intricate ones.  This distribution wasn’t holding me up…it was pressing me forward.  THAT is what a distribution of Linux should do.  It should be out of the way and allow you to get on with your business.  The distribution that does this the best out of that handful mentioned above is Netrunner.

The Hardware

I have an old Dell D630 Laptop which was a standard business line laptop from Dell circa 2007 or so.  It’s got an Intel Centrino and I loaded it up with 4 GB of RAM.  It has a 40 GB Hard drive in it and an Nvidia Quadro graphics card.  Overall, nothing special.  It’s very Linux friendly overall and I’ve used numerous distributions on this laptop since I picked it up at a liquidation sale.

Installation

netrunner2Netrunner uses the Manjaro installer.  Manjaro is based on Arch Linux.  Normally when people think of Arch Linux, they think of a very technical distribution that is only for the Linux elite.  The installer for Netrunner shuns the idea that you need to speak binary to install it.  Simple choices are laid out for you…I was able to encrypt my hard drive and didn’t need to know how to partition anything to get it moving.  The wizard was, simply put, phenomenal.  It was a well put together and excellent installer.

 

Day to Day Use

I’ve found Netrunner to really and truly be out of my way.  I don’t have to think to use it.  I open up music and play it.  I watch movies with no issues.  I browse Youtube videos without a thought.  Flash video just works.  When I pop in a USB Drive, it detects and mounts like I’d expect it to.  Overall, the operating system gets out of my way.  I normally use Openbox for my Linux laptop and I’ve actually gotten used to using KDE because of how polished Netrunner rolling is.

One of my favorite things about Netrunner rolling was Octopi, the graphical front end for pacman.  This tool allows you to manage all the packages on your system and to search out new ones.  It also allows you to manage AUR packages as well.  While this might not be something the average user would dive into right away…having been an Arch and Manjaro user before…I found it fantastic to have a “one stop shopping” experience via Octopi.

The overall speed of the distribution is fantastic.  I found none of the slowness that plagued the laptop during the testing of other distributions.  Things were quick and crisp when opening.  The only time I experienced slowness was when I had about 15 browser tabs open and was trying to open GIMP (I also had KDE Telepathy, Konversation, and dolphin open in the background).  Overall, I’ve found the speed quite acceptable.

Conclusion

My overall conclusion with Netrunner Rolling is that there is no better Arch platformed Linux distro with KDE as the default environment out there.  It just works.  It gets out of the way and it gives the end user a clean, crisp and efficient desktop right out of the gate.  You don’t have to know binary to get it installed, updated, and running.  You don’t have to sacrifice a goat to Cthulhu (I’ve heard that comes later?) to have a pleasing KDE experience for your desktop.  I keep saying this, but it just works.

I found it really odd that I hadn’t heard very much about Netrunner in the past but I readily admit that I hadn’t kept up with KDE based distributions in the past few years due to my fascination with Openbox.  Netrunner has won me over though…I will definitely be paying attention to this fine distribution in the future as it has taken its place as the top KDE distribution I’ve ever tried.  I hope you’ll give it a try in the future (if you haven’t already) and kudos the developers and community of Netrunner!

 

Manjaro KDE Notes

manjaro kdeThis week I decided to step up from Window Manager Manjaro Openbox and give the latest version of the Desktop Environment in KDE try.  I’m one of those odd people who love minimalist desktops like openbox, xmonad, and i3 but still have a soft spot in their hearts for KDE.  We’re few in number and many with insanity. 🙂

So I downloaded Manjaro KDE edition and installed it onto my Dell Latitude D630 laptop.  Upon first boot, everything looks professional and nice.  The bootscreen is professional and the desktop has a common theme that is pleasant to look at.

 

Then I went into the menu to see what programs come installed by default.  Bleh…everything with a bag of chips, the receipt, and then even more.  Too much mess.  Multiple entries for single programs.  It’s a mess in there.

4 entries for the ‘Marble’ program greet me inside of the ‘Education’ area.  FOUR?  This is very simple to fix…you simply right click the menu button and choose ‘edit applications’ but how does something like that make it past the QA process?

Sound was muted across the board by default….I’m pretty sure this is just due to my sound hardware but it’s important to note that not everyone will know to look for that.

Desktop effects enabled by default means that things were DOG slow until I installed a video driver.  Not a good first experience.

I attempted to download a few torrents out of the gate to see what kind of throughput KTorrent would give me.  I use magnet links mostly and upon grabbing my first torrent I realized that nothing was happening.  The metadata wasn’t even downloading.  So I attempted a restart of the application with no fix.  I tried logging out and back on with no fix.  Then I tried a restart of the entire PC with no fix.  No matter what I did…torrents wouldn’t download.

So I switched to qBittorrent.  Still no fix.  No matter what happens, torrents don’t work for me with this version of Manjaro.  In my previous version they worked just fine.

About this time, i started to get rather irritated and stopped looking around for things that were wrong.  No offense to the Manjaro KDE guys…but this isn’t a very good implementation of KDE in my opinion….there is just too much installed by default and what is installed doesn’t seem to work well.  There were quite a few other oddities I experienced while exploring the desktop including multiple KWin crashes when launching specific applications.

Overall, I wasn’t happy.

So I’m heading over to Salix KDE now to see if a simplified approach to KDE will cleans the palate so to speak.  I neglected screenshots when testing Manjaro KDE out but I’ll take many with Salix and follow up here.

Manjaro Linux – My Current Distribution

manjaroI’ve been running Manjaro Linux Openbox Edition since about November of 2013.  I haven’t re-installed…since Manjaro rolls with it’s releases…I haven’t needed to re-install.  It’s been as steady as a rock for 2 releases and many months of torture and pain from yours truly.

The only other distribution I’ve ever put through its paces like this that remained stable and usable was Salix…which is Slackware based.  Manjaro is Arch based and benefits greatly from the fantastic package manager ‘pacman’.  Oddly enough, Salix has a lot in common with Manjaro in that they both attempt to bring simplicity with easy upgrades/updates.  They also both tap into the community for customized packages…Salix with the ability to install Slack builds and Manjaro with the ability to add on packages from the AUR (Arch User Repository).  Both provide tools that allow a user to interface with these user built repositories.  Both are lightning fast and use a very low amount of resources.

Even though I’d hadn’t noticed before….they do have a lot in common.

I’ve demanded a lot more from my Linux distributions lately…I haven’t picked the ones I use based on what everyone else is using.  I haven’t picked one that has recently released.  I picked one that doesn’t decide what’s best for you.  I think this approach is best…doing less is more.

I don’t want a distribution to install the entire KDE application suite out of the gate taking up tons of space on my hard drive and making my Kmenu a jumbled mess.  I don’t want a distribution that doesn’t install tons of applications but is so bloated and lethargic on the desktop that I can barely function.  I don’t want a distribution that does things the wrong way by requiring me to install more than what I need (thanks meta packages!).  The bottom line is, I want a simple distribution of Linux that truly and wholly supports the ‘less is more’ mantra.  The only two I’ve settled on are Manjaro and Salix.  I’m not saying these are the only ones that ascribe to this mantra…I’m just saying these are the only two I’ve used that I like.  I’m sure there are others you might have found do the same thing and I’d encourage you to leave a comment with this distribution so that I can check it out.

I don’t do a lot of Linux reviews…but I will be doing a Salix and Manjaro one in the near future.  I think they both deserve any amount of press they get because they are fantastically simple distributions.

I am a Linux User

There are some things you just are.

Painters are painters because they paint.  Writers are writers because they write.  Whatever you identify with being (writer, painter, et. al) you are that because of what you DO…what you produce.  I am Linux user because of what I produce with Linux…what I do with it.  I don’t simply use it…I create with it.  I make it do what I want.

People give me a screwdriver and I pry things open with it…I don’t just use it on screws.  If I wanted to just use a flathead screwdriver for screws I’d be using a Mac.  If I wanted attachments for my screwdriver to become a different tool, I’d use Windows.  Instead, I rewrite what my screwdriver is used for by using Linux.

I’m a thinker because of Linux.  I have to be.  I have to think outside of the box…the standard way of thinking.  I find solutions to tech problems more quickly than people around me because of Linux.  I don’t think just of linear solutions.  I’m not just one dimensional…Linux makes me multidimensional.  When a problem arises, I meet it head on instead of waiting for others to fix it.

Linux makes me all of these things.  Without it, I still am a thinker…but Linux makes me a multidimensional, deep thinker.  Without it, I still use tools like a screwdriver but I don’t use them in as many ways.  Without it, I can still solve problems…but I don’t solve them as fast or as creatively.  There are some things you just are.

Linux helps me to be who I am.  Linux just is.

It was almost 10 years ago that I started recording my thoughts, tips and tricks on this blog.  I blog less frequently today then I did back then thanks to more professional responsibility with my work…but just the same, Linux still plays a major part in my every day life.  This website is hosted on a Linux server that I built from the ground up.  I use Linux for my Network Attached Storage at home that contains all of my movies, music and pictures.  My phone runs Linux.  I stay in touch with my friends and family because Linux is so versatile.

This blog has been through 4 major hosting changes and 3 changes of content management systems.  It’s gone through DDOS attacks, smear campaigns and even bumped heads with Groklaw before they shut their doors.  Through all of that, the one constant that remained is that Linux is.  For those of us that use it…Linux is what we use to shape our lives.  I’m glad to be a Linux user and a blogger of all things Linux.  Despite my infrequency of posting, I try to provide original content instead of just recycled news/how-to’s.  I don’t plan on changing this goal in the future…and I plan on being here for as many years as I can.

I want to personally thank each and every one of you who subscribe to my RSS feed and have my content delivered to you there…and those that subscribe to the blog via email.  Thanks to all of you who read the content I produce.  I appreciate your patronage and your support.  I began this journey with many of you over 10 years ago…here’s to the future path we’ll be travelling.  No telling where Linux will take us!

 

Open Source Software and New Users

Open Source Software CommunityFree/Libre and Open Source software versus closed and proprietary software doesn’t matter.  It’s not the answer to solve all our problems.  It’s not the question we need to ask anyone and everyone either.  It simply doesn’t matter.  Well, it might matter to you and I…but it doesn’t matter to most people out there.

No matter what you say and do.  No matter what ideals you preach to people.  No matter what concepts about freedom you tout to them…it just won’t matter at all.  They want what they want and when they want it.  They turn a power button on and a device powers up giving them the functionality they need.  They open up a piece of software that gives them the features they want.  They don’t care whether they pay for it, if someone can alter it, if someone can distribute it, or if it was free.

It sucks that people don’t care about their own freedom with programs/code, but it’s true.

The Great Debate

The debate that rages on is usually one or two camps that support Free Software, Libre Software, or Open Source Software (or a combination of them) and those folks will lecture the end user who doesn’t care.  Have you ever been lectured about something you don’t care about?  Usually, you won’t remember anything about what is said to you when that happens.  The same is true for end users that couldn’t care less about what software they’re using…as long as it works.

Instead of lecturing these folks and talking down to them about the benefits of FOSS/FLOSS/OSS…I say we try a different approach.  I say we identify with them.  Establish a common ground.  Less like a bull in a ceramics shop.  A common proverb here in the US is that “you can catch more flies with honey than with vinegar”.  Being tactful and pleasant instead of overbearing a sharp is a good way to win people over to view things as you do.  Education is key…if you see someone using a locked in device, you could tactfully let them know of alternatives and why they might choose them.  I’ve seen the untactful approach and it does nothing but push the person farther away from free and open source software.  Less is more in these cases…no one wants to come off as a know it all…but that’s exactly what I’ve seen happen many times.

The Importance of Free and Open Source Software

I’m not trying to downplay the importance of Open Source software (Free software or Open Source software) but I am trying to downplay the importance/intensity of the debate between the various beliefs (FLOSS/FOSS/OSS).  I’ve seen people get very livid about the idea that all of their software should be completely open source or that it should be free AND open source or else they won’t use it.  I applaud these people for having a stance and sticking to it and I believe the world would be a much better place if we had more of this type of software that everyone could work on collaboratively.  I think it would spur innovation and bring people together.  But here’s the kicker…the end user DOESN’T CARE about your debate.  While it’s great that it means something to you, 9 times out of 10 it won’t mean anything to the end user.   If they’re completely new to these ideologies try easing them into understanding.  This isn’t sink or swim…everyone starts off in the shallow end first and when they’re ready they move into the deep end.  Don’t expect everyone to care right away.

If you have a user of software who will only use Open Source software…a person who staunchly supports this concept…and that person defends their stance any chance they can get, most people see it as a good thing.  In my opinion, rabid defense of ideology is sometimes not a good thing…because many times people lose the defensive stance and go on the offensive one.  The same is true for those who will only use Free and Open Source software…they become incensed at the idea that anyone would ever use anything else or would want to use.  Both of these camps tout altering the code, collaborative design, vendor lock-in, high prices of upgrades for proprietary software, and other ideological points of contention.  As I said, it’s great that these camps are so invested in their ideals…and there is a point where you do more harm than good.

The Perspective of the Uninformed New User

It’s hard for new users to understand the perspective and ideological camps behind  free and open source software because there is nothing else like it in the world.  Insisting that someone adapt immediately to the ideals put forth by FOSS is, in my opinion, an unrealistic expectation.  When someone is new to a group or community, demanding they adhere to a set of rules they don’t understand can be overwhelming.  In my opinion, a welcoming stance from the community members followed by a path of self discovery is what develops new users into the strongest supporters of free and open source software.

The attitudes and behavior new users face when initially embarking on their open source journey will stick with them and will shape their opinions for years to come.  A few years ago, I wrote an article titled “A New User Guide to Linux Communities“.  Despite being written in 2008, it is still applicable today.  New users need patience, tolerance, understanding, and empowerment when first trying FOSS.  If we can give them a positive and up-building experience, they’ll definitely come back for more and become more avid supporters.  Leave the politics and ideologies to the wayside.  Try helping the new user without trying to indoctrinate them.  Let them come to the discovery that FOSS is where they should be at.  Let them learn things on their own time and pace.  In the end, if they come to the same conclusions we have as FOSS users on their own, they’ll be more likely to stay that way and more productive community members in the future 🙂