Category Archives: Ubuntu

Firefox won’t upgrade!

Firstly, apologies about the lateness of writing a new post. I’ve been struggling with my server, trying to work out why apache2 is eating RAM. I’ve made a really nasty hack to sort it out for the moment though, which will give me more time to find out what is going wrong.

One of my old friends from Church sent me an email, asking me what was wrong with his firefox. Every time he launched it, what appeared was firefox 2. Very strange, since the version of firefox he has installed is:

3.0.1+build1+nobinonly-0ubuntu0.8.04.3 - meta package for the popular mozilla web browser

Well,Β  that looks like the normal browser to me. At one point, he has had the “ubuntuzilla” browser installed for a little while. (But not anymore).

A couple of questions on the Ubuntu-uk mailing list didn’t turn up anything. So, I asked “how do you find what binary a command runs”? The answer came back from Matthew Wild (thanks!):

ls -l $(which firefox)

I cheated a little. I’ve not come across $(command), but I have come across `command`. So, I asked my friend to run “ls -l `which firefox`”. He replied with:

lrwxrwxrwx 1 root root 20 2008-02-09 17:16 /usr/bin/firefox -> /opt/firefox/firefox

Er.. that looks wrong to me. The packaged firefox binary for version 3 is in /usr/bin/firefox-3.0. Looks like the uninstall of ubuntuzilla didn’t go so well. I asked him to run:

"rm /usr/bin/firefox && ln -s /usr/bin/firefox-3.0 /usr/bin/firefox"

Which removed the old link, and added the correct one. (I should have asked him to run those commands through sudo thinking about it..)

That solved his issue and he’s now happily running firefox 3. Anyone have a better way to implement this fix, if we ever need it again?

Matthew kindly explained the difference between “$(command)” and “`command`” in earlier today. No difference πŸ™‚

$(command) is easier to send to people so they don’t have to find the backtick key. (UK keyboards, above the tab key)

Linux command line tips & Stuff

I’ve been taught a couple of command line tips at work, and thought it wouldn’t be fair if I didn’t pass them on. So, we begin.

CTRL-R

This insanely useful trick, in a terminal or a console, will allow you to search your bash history for any command you’ve previously run and re-run it. For example, quite often on my laptop, type “CTRL-R upg” in a terminal window, which runs the following command:

sudo apt-get update && sudo apt-get upgrade -y

If you don’t know, that command updates your package repository listing (what programs have been updated), and then goes and upgrades all of the packages that have been upgraded, with the only exception of the more significant upgrades, like to the kernel. (A human has to activate those particular upgrades – and the -y tag doesn’t signify human, as that command can be cron jobbed very easily…)

CTRL-O

This one I was taught in my interview for Positive Internet. (So, I’d better not get this wrong! ;))

If you have run a series of commands in a terminal or console repeatedly, say editing a file, doing a config check and then restarting apache (as I have done whilst I’ve been playing with my Apache2 config file for this blog), then this little switch is priceless. Basically, once you hit the up arrow to find the command you wish to use, hitting CTRL-O instead of Enter, will execute the command, and then once you’re back at the shell prompt list the next command in the series. So for the first set of commands:

vi /etc/apache2/sites-available/kirrus  [ENTER and edit the config]
apache2ctl configtest [ENTER]
apache2ctl graceful [ENTER]

Ooops, I’ve just killed my blog by way of a looping redirect! Quick, undo!

[UP ARROW, UP ARROW, UP ARROW]
vi /etc/apache2/sites-available/kirrus [CTRL-O and fix the config]
apache2ctl configtest [CTRL-O]
apache2ctl graceful [ENTER]

The benefit? The second time round, once I found and initiated the series of commands, I didn’t need to type anything, other than the changes to the config file, and the initiating control sequences. Annoyingly, you can’t just hit CTRL-O once, and then expect to be in the chain next time you hit enter – hitting enter won’t provide you with the next command in the chain once you’re finished. Although, this of course can be a good thing, if you want to return to a clean command prompt.

Hopefully one of those will be useful to you.

Ubuntu-UK Planet, Caffeine and Rambling.

For some strange reason, the Ubuntu UK planet didn’t pick up my last post as a new post. Possibly because it got a little confused with the server move and IP address change? Anyway, for those of you reading this on the planet, I have a post about a couple of the tools that come with apache2 on my blog. Not much, but hopefully interesting.

Caffeine: I’ve pretty much overdosed this evening. Head’s swimming right now, and the screen appears to be filling my vision (hence the more than normal ramblingness [yes I invented a word :)] going on in this post). Stayed on at work for an hour and a half, pushing me closer to the tiredness limit. So, on the way home I drank a bottle of Coca Cola, (the tube section) and a small americano coffee (the train section). It kept me awake (yay!) at the cost of me being a little… jumpy at the moment. Still, it’ll wear down shortly, especially since I finished my food about 20 minutes ago. That always helps clear the caffeine effect. So, shortly I’m going to crash from my caffeine high, and be a Zombie. Hopefully won’t be that way tomorrow morning, but at least I can sleep on the train in and if I’m lucky and get a next-to-the-door seat on the tube quickly, on the tube in. (The glass to your left or right acts as a good, if a little hard, pillow. The glass behind you, unfortunately, moves too much, and gets painful quite quickly.)

Right. I can feel myself starting to slow down, so I’d better sign off before the Zombieness (Yay for creating random useless words!) comes into play.

Stay safe πŸ™‚

Hidden Ubuntu Gems: Window Selection, Always on Top & Password Gen

I thought it was probably a good time for another Ubuntu-related post, so here we go.

Window Selection

Window controls, selection raising etc

Something I found on one of my explorations, is this really handy feature (handy for me at least), which allows you to give a window “focus” (or selection) merely by putting your mouse over it. To activate it, click on “System”, go to “Preferences”, and then click on “Window”. Up pops a small selection window.

As you can see, I’ve ticked “Select windows when the mouse moves over them”. You can also have windows be raised to the top of the screen if you hold your mouse over them for a certain length of time. As my collegue at work found, setting the interval to “0” is not very useful…

There are a couple of other tweaks you can make here. I’ll let you explore them on your own πŸ™‚

Always on Top

“Always on Top” allows you to basically tell the system that you want a window to be the upper-most on the screen, no matter what else you do. You can’t “Raise” anything above it. I tend to use this little gem with my next tip.

Set a window to be always on top by right clicking on the title bar (the big orange bar at the top of the window, which contains the minimize, maximize and close buttons). Click the “Always on Top” option. ThatΒ  window will now stick on top of your screen. Undo it, by right clicking again on the title bar, and clicking “Always on Top” again.

Password Gen (pwgen)

pwgen is a small, neat, command-line program to quickly generate fairly easy-to-remember, fairly secure passwords. You can install it by clicking here, or going to whichever package manager you prefer (synaptic, Add-Remove Programs, apt-get or aptitude) and installing “pwgen”.a screenshot of pwgen with my preferred settings in use

Use it simply by typing “pwgen” in a terminal (“Applications” > “Accessories” > “Terminal”). I tend to run it with the command “pwgen 8 1”, which generates one 8 character password.

Now, if you’re adding a lot of users to a system or something (I am currently at work), using a combination of these tips will save you time… I’ll leave it up to you to work out how to combine them. (Hint: resizing a terminal window like I did above is a good starting point.)

Bugs, a failed walk, and photos

Bugs

Since my rant about the state of bugs in Ubuntu, I’ve been going over my bugs, one by one, poking them and re-triaging them. I did this to one bug for gweled, 110268. One of the people who had experienced this one tagged it “bitesize” (easy to fix) and “packaging”. I reset it into “confirmed” state, assigned it to the MOTUs. (I tend to set them to “incomplete” whilst poking them to make sure they’re still an issue – that way if there is no response and I randomly disappear, launchpad will automatically mark them for expiration). As a result of my poking it, Effie Jayx was asked to it, and the bug is no-more in Hardy. Nice πŸ˜€

Thinking about it, I probably should have chucked that particular bug upstream earlier. The reporters had done all the work tracking down the bug… there we go, live and learn. I’m slowly poking all the bugs that haven’t been fixed, that I’ve triaged, making sure they all go to the right places…

A failed walk

‘How can a walk fail?’ I hear you ask. Quite simple, I was attempting to find a few geocaches, in a long walk around my local area. Geocaches are basically small hidden caches, which you find with a hand-held GPS.

So, I parked up with my recently repaired car (long story), and set off. However, I managed to go the wrong way (yes, even with a gps with topographical maps of the area), so I didn’t get anywhere close to finding any geocaches. I’ll probably try a completly different route next time…

On the way though, I did manage to take a couple of nice photos, so here are the best of them. As usual, all photos are under the Creative Commons share-alike attribution licence, click on the photos to see a bigger version on flickr.

This one is looking through a wire fence, fairly close to where my next one was taken. Sorry the background is blurry, should have put it into macro mode. The hill was quite steep here and my footing was tenuous so I wanted to move on quickly…

Hillside fence

Went past this wall whilst walking back to my car in the woods. Its falling to bits, but not being kept up, as it’s been replaced by wire fences. There are quite a lot of crumbling dry-stone walls in this particular wood.

Crumbling Wall

Weir

As usual, my water photography continues πŸ˜‰
I took these two at a local park, which is very close to where I work. I go there to eat lunch sometimes, and there’s a artificial pond created by this weir/dam.

Dark Weir Weir

Attacked by the Storm Botnet

Once upon a time there was no internet crime. Then humans came along…

Recently, we came under attack from the Storm / Nuwar Botnet. The post I made about it on the third of October: We had mis-identified it as a referral spam attempt. Close, but no cigar.

Now, I’ve always tried to keep my name & employer from becoming too widely spread on the interweb, although there is a couple of really, really easy ways you can find it, just from this website. (One of them being, ask me πŸ˜‰ )

It appears, that as a result of the two posts I’ve made about the Storm Worm, someone decided to DDOS not this blog, but my employer’s un-related servers, attacking one of our customers’ managed servers, and then our webmail server. (This blog is hosted from servers inΒ  the same rack as those servers.)

At its peak, the attack was drawing 8Mbps of data transfer. (About 1MB per second.)

Encryptec ddos attack

Graph is read from right to left. <<<<<<< Time Flows that way. <<<<<<<

You can see at 0930, when I got in work and started combating the attack. We only really stopped it the morning this graph just ends on…

Only problem, was that they were flooding our server with requests, literally using every available incoming connection on the server all the time.

For non-techies, a web site is hosted by a computer somewhere on the interweb,
that never gets turned off, connected to a really thick pipe to the internet.
Its configured to accept a certain number of new people visiting its website(s)
at once.

We’ve now completely mitigated this attack (to the point, where at most now its drawing 50kbps 1). Technically, we can mitigate (and sustain) a much more serious attack. This was basically a “Get Lost, and STOP POSTING ABOUT US” poke.

An expensive poke. A sustained 8Mbps transfer rate is expensive in bandwidth!

So far (*wanders off to check*) we’ve identified 23,265 ip addresses which have tried to attack us. That’s a lot of infected computers, but it could have been worse.

It appears the attack has been petering out, we are identifying one new bad ip (infected computer) once every 30-60 seconds. At its peak, we were picking up at least one new ip every second.

If we have another look at that graph of the attack:Encryptec ddos attack

The attack started at 1AM GMT, and ramped up to full power in about 20 minutes. That means that it takes the Nuwar / Storm botnet about 20 minutes for a command to filter down into its bots.

At the beginning of the attack, the pattern we were seeing was a bad request from one ip, then 3 different bad requests, then back to the first IP. Sometime during the attack, I think about 1400 or 1500 (2 – 3pm) they switched to hitting us repeatedly from one ip address, showing that someone was probably monitoring at least a small part of this attack, and had noticed that we’d started to block the attacks.
Now, this happened quite a while ago.

Encryptec DDOS attack - 4 week

So why haven’t I posted about it yet? Why has it taken me 2 weeks to blog about this?

Because, its only now that we feel that we are able to safely weather another attack, should the Zhelatin Gang decide to start poking us again. If they didn’t like me posting what I have, they’re not going to like me posting this.

A message to them: I do not like bullies. Go pick on someone your own size for a change.
Thanks to stopddos.org, for analysing the logs and identifying Storm as our attackers.

UPDATE 20/10/07: A little while ago I sent a part of our logs for geographical analysis to one of the nice guys at castlecops.com.
Here is the graph that resulted from that. This is the top 5 attackers from country, in a pie chart. As you can see, Germany (Country Code DE) was the biggest, closely followed by the US. If you want to see other attack graphs, go here: http://www.spamtrackers.eu/wiki/index.php?title=Botnet_hosting (ours is listed there as BB, moved around to match up with the others, and slightly tweaked.)

  1. 5KB per second

How to turn a Ubuntu Box Brainless

Effectively, by this tutorial, we will be disabling logins on the ubuntu box, and just using gdm and the x-server to talk to a server on the local network using XDMCP. This means, that you’ll actually login to the remote server, and use the remote servers’ data and processing power.

WARNING: This will disable GUI access to your computer!
DON'T do this to a machine which you want to use without having to
play around with the X configuration files in command line.

In ubuntu, you can switch all logins to XDMCP quite simply. Here is the Howto:

  • Click on System > Administration > Login Window
  • Enter your password (if requested)
  • Click on the security tab
  • Click on the “Configure X Server” button in the bottom right hand corner of the window. This pops up:
  • Change the “Launch” value from “Greeter” to “Chooser”
  • Click close twice, and log off
  • Hit CTRL – ALT – BACKSPACE together, to restart GDM. You should now have a XDMCP host searching window, which will locate any computers which have had XDMCP logins activated. If you want a howto for setting up a server for that, please comment!

Useful Ubuntu Things to Remember

  • To open a terminal in Ubuntu, go to Applications > Accessories > Terminal
  • To add shortcuts from the applications listing to your desktop or top/bottom panel, browse to the location of the program under applications, click on it DON’T LET GO, and drag it to the bar at the top, or onto you desktop. Let go.
  • To run a unattended upgrade on an (K/X/U)buntu machine use the following command in a terminal:
apt-get update; apt-get upgrade -y
  • If you only want the upgrades to be downloaded, and not installed as well, then use this one (I think, this hasn’t been tested, and you could probably do it a bit more neatly with -dy):
apt-get update; apt-get upgrade -d -y
  • Most linux variants store their programs (e.g. lspci) under /usr/sbin
  • To force evolution (linux version of MS Outlook) to close completely, open a terminal, and run the following command:
evolution --force-shutdown