[g]

Ubuntu Tricks: Update Adobe Flash 64-bit

There seem to be so many instructions to get this done that its become confusing. In my case this was trying to get MySpace Player running after receiving a notification that Adobe Flash 11.2.202 is “outdated”.

What may be even more frustrating to some is that Ubuntu Software Center shows that Adobe Flash is installed, as well as the Adobe test page successfully animating. What?!

Here’s what I did to get it working just a few minutes ago.

Make sure to get the latest Adobe Flash package (in “.tar.gz” format) from the official page. For 64-bit the correct package is: install_flash_player_11_linux.x86_64.tar.gz

If you have this setup right it should get downloaded in the ~/Downloads/ directory. Run the following commands in the terminal shell:

jamz@test:~$ cd Downloads
jamz@test:~/Downloads$ mkdir install_flash
jamz@test:~/Downloads$ mv install_flash_player_11_linux.x86_64.tar.gz install_flash/
jamz@test:~/Downloads/install_flash$ tar -xvzf install_flash_player_11_linux.x86_64.tar.gz

The important file here is: libflashplayer.so

Install in Mozilla Firefox in the current user’s home folder:

jamz@test:~/Downloads/install_flash$ mkdir ~/.mozilla/plugins
jamz@test:~/Downloads/install_flash$ cp libflashplayer.so ~/.mozilla/plugins/

Install in Chromium in the system folder:

jamz@test:~/Downloads/install_flash$ sudo cp libflashplayer.so /usr/lib/chromium-browser/plugins/

Enjoy.

Ubuntu Tricks: Oracle JDK is NOT installed.

Big proponent of patch updates? Yes, that’s me. If you’re using anything prior to Oracle Java Version 7 Update 5 then it should behoove you to know that the most recent Critical Patch for June is needed to partially address the recent rash of Black Hole Exploit kits as well as Flashback threats.

//rant-on
Ever since my trusty MacBook Pro fell to its death and on-screen (meaning its beautiful 17″ screen also bled an LCD death) late in May its been limping along until someday in August (this year, please) when Lenovo USA can reign-in its suppliers to finally deliver the laptop replacement. Really, people, seven-(7) weeks is awfully ridiculous and sadly no amount of performance from it now will make me forget the fact that if I’d ordered the new MacBook Pro 15″ Retina that Apple would have happily shipped it to me well before the trip to Washington last week. At this rate, the Thinkpad W530 will miss its mark yet again and not get to me on Tuesday before my trip to Nevada. Seriously, give me a break and get it to me before my business trip in September!
//rant-off

I digress.

The point I’d like to make in terms of Apple is that the security gloves are off (and for some time now), so welcome to the big leagues. Proprietary versions of Java are fine just so they work perfect on Mac OS, but they should really get to users before the vulnerabilities are exploited. Imagine how different and how happy the situation would be for the waning number of your users maintain that “Mac’s don’t get viruses”, to which I say “… but they’ll get every other piece of threat out there including spam, phishing, trojan horses, backdoors, etc., right?”  Mac OS X borrows its roots proudly from open-source where everyone is enjoined to comment and contribute for the betterment, so why ignore researchers who’d like to help secure it? If you’re using Mac OS X (whatever version), don’t blindly trust the automatic update and at least click on Software Update once-daily. As you may have gathered, from my much smaller soap-box, is currently the only way to hope and pray for a Java update if any of your core files are under fire.

I digress, again.

Having said all that, I’m going back into the field using a spare Dell E6400 recently retrofitted dual-boot with Windows 7 and Ubuntu 12.04 Precise Pangolin. No issues getting all the current updates on the former, and as for the latter its always been a chore ever since Oracle pulled the plug on licensing Java right after the Sun Java merger. If you so happen to have used a search engine and then followed instructions to install the Eugene San PPA (as of this current writing) or inadvertently break the update repository, instead of reading-up on the helpful instructions on the Ubuntu Community Wiki, and reach the part where,

Download done.
sha256sum mismatch jdk-7u3-linux-x64.tar.gz
Oracle JDK 7 is NOT installed.
dpkg: error processing oracle-java7-installer (–configure): 
 subprocess installed post-installation script returned error exit status 1
….

In another case were Java 7u5 is actually working but Ubuntu Software Center or Update Manager often complains and popping a box that that some unmentioned Package not installed. , and with you being annoyed then later on trying your luck by following the excellent instructions from Web Upd8 to install Java 7 via PPA and still failing … Well now, the fix is really quite simple. Do this:

sudo rm /var/lib/dpkg/info/oracle-java7-installer*
sudo apt-get purge oracle-java7-installer*
sudo rm /etc/apt/sources.list.d/*java*
sudo apt-get update
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer

And it’ll all be finally alright, with many gracious thanks to SirCharlo who posted the above instructions first on AskUbuntu.

 

 

Crave Gear: Intel Core i7-3930K and Asus P9X79 WS

This is my new workstation this year. This is my first new-built machine after such a long time and will serve as the staging point for the next few months. Parts arrived a few weeks ago and it’s been going through the paces of installing all I need for working on some serious projects.

Build components:
Corsair Obsidian 800D case
Intel Core i7-3930K C2
Asus P9X79 WS motherboard
Corsair Dominator XMP 1.3 (4x8GB)
Corsair H100 radiator (push-pull)
Cooler Master 120mm (4x)
Corsair M4 256GB SSD
Western Digital Raptor (4x300GB)
XFX Radeon HD 5770 ZNFC
Corsair HX1000W PSU

 

Finished product

Here’s a quick video of how things look when put together. I thought those RSA 2011 pins of Alice & Bob were a nice touch. Unfortunately the blinking lights eventually died after a few weeks.

 

Over-clocking?

An Intel Core i7-3930K runs at stock 3.2 GHz. The nice thing about the Asus X79 series of motherboards is the built-in overclocking utility. So far initial extreme auto-overclocked at 4.7 GHz. However, this proved to be somewhat unstable. Below are some screenshots of the auto-overclock attempts over time and in real use:

 

Update 2012/May/30

H100 noise – after a few weeks the motorboat noise seems to have settled down. OC settings – some instability so dropped it down today to a safe auto-Extreme. CPU-Z report – http://valid.canardpc.com/show_oc.php?id=2389781

At this point I have yet to consider overclocking the GPU but will probably do that with an add-on cooler installed first.

 

 

 

 

 

 

 

5 GHz?

Maybe just to see if it could happen. Its just a few points away. However, I think adding a bit more RAM to fill all eight-(8) slots might make reaching that level easier. We’ll see.

 

 

Mac OS X Tips: Burn a Bootable ISO Image

There seem to be dozens of instructions on how to get this done but from my personal experience somehow your mileage will vary depending on what type of ISO image you’re operating on. As this blog in part journalizes my journey (and yes, I also use it to offload stuff I sometimes forget), listed below are the currently most useful references that have gotten me through some projects:

  1. OSXDaily – Burn an ISO Image from the Command Line
  2. NightLionSecurity – Burn ISO to bootable USB flash drive in Mac OSX terminal
  3. Web Upd8 – 4 Ways to Create Bootable Live USB Drives

By far, for those of you into system building will appreciate NLS’s instructions and the interesting nuances of converting ISO to IMG files when creating a bootable flash drive. It’s worked so well, I’m pasting the instructions below:

First thing to note is that this procedure requires an IMG file, not an ISO. So the first thing we will be doing is converting the ISO file to the accepted DMG format.

  1. Download the desired file
  2. Open the Terminal (in /Applications/Utilities/ or query Terminal in Spotlight)
  3. Convert the .iso file to .img using the convert option of hdiutil (e.g., hdiutil convert -format UDRW -o ~/path/to/target.img ~/path/to/ubuntu.iso)
    Note: OS X tends to put the .dmg ending on the output file automatically.
  4. Run diskutil list to get the current list of devices
  5. Insert your flash media
  6. Run diskutil list again and determine the device node assigned to your flash media (e.g. /dev/disk2)
  7. Run diskutil unmountDisk /dev/diskN (replace N with the disk number from the last command; in the previous example, N would be 2)
  8. Execute sudo dd if=/path/to/downloaded.img of=/dev/rdiskN bs=1m (replace N with your disk number)Run diskutil eject /dev/diskN and remove your flash media when the command completes
    • Using /dev/rdisk instead of /dev/disk may be faster.
    • If you see the error dd: Invalid number ’1m’, you are using GNU dd. Use the same command but replace bs=1m with bs=1M.
    • If you see the error dd: /dev/diskN: Resource busy, make sure the disk is not in use. Start the ‘Disk Utility.app’ and unmount (don’t eject) the drive.
  9. Run diskutil eject /dev/diskN and remove your flash media when the command completes
  10. Restart your Mac and press alt while the Mac is restarting to choose the USB-Stick

 

Hurricane Electric IPv6 Certified

IPv6 Certification Badge for Jamz

IPv6 Certification Badge for Jamz

IPv6 Certification Badge for Jamz

 

There are several ways to post this badge in HTML as well as in Adobe Flash but the latter wouldn’t display if you were on an iOS device. Yeah, that kinda sucks in the meantime — lets all gear up for HTML5!

As you may have surmised by now, we’re using Hurricane Electric‘s excellent 6to4 stack to be reachable via IPv6. In reality, this blog has been compatible since last year during IPv6 Day but its only the past month where the final piece of an IPv6 compatible DNS was resolved. I’m using a modified script of the instructions in the DD-WRT Wiki which details how to use OpenDNS to get this all done.

 

Linux Tip: Find Your External IP Address

I’ve always used Speedtest.net to find out my current network speed as well as my connection’s external IP address. However, if you haven’t yet setup your browser or possibly when trying to automate this process a hat tip goes to Debjit for this useful command line:

dig myip.opendns.com @resolver1.opendns.com +short

Malware in WordPress Themes and Joomla! Templates

Moving forward with my web content series I was looking at some easy ways to spruce up the default templates for both my WordPress and Joomla! installations. In the course of doing so, and like most predominantly via search engines, surely many of us have come across dozens of premium as well as free websites that offer just what we need. I’ve come to trust the basic default offerings more than the pre-configured ones for the simple reasoned assumption that given the large user base of most content management systems they have usually done the cautious job of vetting every piece of code. Granted we’ve heard of site compromises from time-to-time but those yet again get the proper response of re-validation — not so similar it appears when considering all these free stuff one can download from elsewhere.

In the year review for 2010, Trend Micro called out WordPress as one of the most dangerous website software owing to the numerous attacks and exploits that happened that year. By itself, that statement caused an uproar in the community and perhaps rightly so. Personally, I attribute this to the fact that WordPress alongside Blogger/Blogspot have the largest chunk of user-base out there. Blogging in itself is just a means to an end which is to get your thoughts out there and focus on content rather than the usual to-do-list of first securing one’s blog from the threat of attack. It goes without saying that a lot of bloggers could be facing several levels of security issues including mis-configured databases, easy to guess passwords, publicly shared directories, and so on. However, at the bottom of it is the fact that it’s your blog so pay attention. I’d also like to mention that as part of protecting users from compromised blog sites this could result in your site being temporarily blocked until its been cleaned out. Thus, let me revise that statement with the above lengthy explanation of the many underlying issues that brought about this situation.

One of the oldest examples of bad guys redistributing a hack modified WordPress plugin that I was able to find in my haste was a blog entry from Derek in 2007. He points out one important security tip which is to always download from the original author’s site when considering any add-on to your public blog.

An example of a sneaky trojanized WordPress theme was analyzed in detail by Otto in December of 2010. In it he points out another rule of thumb which is to only download themes from the official WordPress distribution site (which, as I’ve mentioned above will at least go through community review and follow some rules).

ThemeLab’s Leland called out to stop downloading templates from untrusted sites and even addresses that fact that one of his seem to be victim back in 2009. In it he suggests using the Theme Authenticity Checker (TAC) plugin, except for the fact that its now 2012 and the latest from BuiltBackwards only shows tested compatibility for WordPress 2.8? However, it still looks to be working when combined with other tools like Donncha’s Exploit Scanner plugin (incidentally he’s also the developer for the WP MU Domain Mapping plugin). Siobhan in his blog entry at WPMU in early January 2011 notes why you shouldn’t look for WordPress themes using a search engine and does a follow-up review a week later on some alternative sites that have gone through the knife in a separate development sandbox.

Yet, again I digress. I was telling you about using search engines to find your next content management theme or template earlier. There are a bunch of templates in my downloads directory, mostly Joomla!-based as thats whats on my plate now, that I’m now considering. Its so tempting to just go through the pile and see what works.

I went through the Joomla! forums looking for some good sites to download 1.7.xx compatible templates. It was in the second page where Ken mentioned that a bunch of these apparently free goodies were being distributed with untrusted and a bunch of embedded encrypted code. That sent my Spidey senses on overdrive and will explain my decision. There are just too many pieces of code to check and its a little more cumbersome to sift through the various code modules each time. Perhaps I’ll go back to these downloaded templates when I have the proper tools and mindset. But for now, Let’s not.

The next steps for me seem to be really learning about the innards of Joomla! with several nice guidebook and build my site from scratch. If you decided to do otherwise, then please ….

Let me reiterate:

  1. download themes and templates from the official content management distribution site
  2. download the original items from the author’s own website
  3. be careful or refrain from using a search engine to grab your extensions from a possible blackhat SEO site

Stay safe out there.

QNAP: Joomla! 1.5.20 to 1.7.3 Upgrade

Now that the WordPress Multisite is stable, its time to start playing around with another web content management system (WCMS) favorite – Joomla!

First and foremost, on the QNAP the offical QPKG version is Joomla! 1.5.20 which is as of today two-(2) versions down from the latest Joomla! 1.7.3 stable release. According to the Joomla update pages there doesn’t seem to be a direct path to the latest and the best way is to do staged updates via Joomla! 1.6.3 and then upwards. That is easier said than done due in part to the fact that there were several database improvements and field additions done in the latest release. So, how does one correctly upgrade without the prospect of possible errors once installing 1.7.xx given an existing 1.5.xx version of the MySQL/MySQLi database?

Give me a few hours to finish, time to start my Qigong class in a few minutes.

The official instructions for version 1.5.xx to 1.6.xx migration is hyper-linked right here. Doing it this way will technically fix the possible issues one might meet as it is the base of which the version 1.7.xx database references.

However, for us QNAP users there are two options if you prefer that Joomla! stays as a QPKG option in your NAS admin interface. You can either (a) build from scratch and overwrite the current installation with the extracted release downloaded straight from Joomla!’s servers, or you can (b) use the un-official QPKG package availalbe at the QNAP Forums — myself I’d rather take the latter easy route as my start point.

(a) Build from Scratch. Instructions for these are actually mentioned in passing at the bottom of the QNAP Wiki. Basically just download the latest package, extract the folder, and overwrite whatever is in the original subfolders in either /share/Qweb/Joomla/ or /share/Web/Joomla/

(b) Un-official QPKG. This is my recommended route as it has worked for me. Cristian has been nice enough to provide a Joomla! 1.6.3 package that you can directly install instead of the outdated official Joomla! 1.5.20 available from QNAP’s servers. Once installed via the QNAP NAS interface you should just go through the official Joomla! Wiki update procedure to get to Joomla! 1.7.3 stable.

 

 

WordPress Multisite: Maximum Upload File Size

It will happen eventually. You’re uploading snapshots to better explain your thoughts and then suddenly WordPress refuses to do so with this error message:

This file exceeds the maximum upload size for this site.

Using WordPress Multisite the controls for increasing the upper limit is through the Network Admin panel and in Network Settings:

You should look into your pending upload list and set the upper limit to the largest file size (in KB) in the list.

Another point of consideration is that depending on how you built your blog farm and if using multi-domain and multisite that the settings could also be slightly located differently and instead above your multisite section:

Previous to this I had tried modifying the .htaccess file as recommended in other places but that doesn’t seem to work when hosting on a QNAP TS-859 Pro+ (or any other version for that matter).

Somewhat related to the above issue is that during file uploads WordPress may also flag for security reasons as a file type it doesn’t like. You’ll notice that in my laziness I simple modified the Upload file types settings to cover possible file extensions and conventions that I use. A very important trouble shooting tip is that WordPress does not have file type checking and will base uploads on the file extensions, so check these out first before scratching your head (yes, I mean you/us Linux users!).

 

 

… and We’re Back!

As mentioned a few moments ago, I just did some open heart surgery on this WordPress installation. It looks like my choice is true, but really only time will tell.

A good thing is that the current entries from prior are still in the test and staging sites and for now will serve as the ad-hoc backup. I’ve redirected the vhosts and the DNS settings so all is done.