Wednesday, November 25, 2009

No more in Karmic Koala

Until 9.04, /etc/init.d/ was used to provide automatic initialization to several services. It was invoked from /etc/rcS.d/, before X starting.

In 9.10, it does not work anymore, and I still do not know why. So, /etc/rc.local may be a replacemente for it. For instance, I have some VirtualBox shared folders I want to be available as soon as Karmic server is ready to work. So my /etc/rc.local now is like:

#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.

# Shared Folders Mounts
if [ -z "$(grep '/media/SwitchFiles' /proc/mounts)" ]; then
/bin/mount -t vboxsf SwitchFiles /media/SwitchFiles

# Shared Folders Mounts
if [ -z "$(grep '/var/cache/apt/archives' /proc/mounts)" ]; then
/bin/mount -t vboxsf AptArchives /var/cache/apt/archives

exit 0

Some interestings notes:
- I do not trust /etc/mtab, but I'd rather believe in /proc information;
- Shared folders will just work if they are not mounted yet.
- The module vboxsf was provided by Virtualbox compilation process.

This procedure complements this article. Do not forget to comment and to tell if this was useful or not.

Monday, November 23, 2009

MSN forced update

Until some days ago, My MSN Live was always reminding me to update. But, as lots of guys, I didn't. Right now, it refused to work until I accepted to update. I don't know what for, I did not received any comment about it, I did not authorized any download. But anyway, they did it again.

I am not one of the Linux evangelists anymore, I do agree with interoperability, I do think it is necessary. But I paid any single cent for my computer, so I am the one to decided what will be in it or not.

The reason I left MS Vista HP in my Toshiba was: it is legal. After some years only working with Linux in home and XP in the office left me behind in several topics. I tried to give MS a chance.

But they keep wandering around in my laptop, in and out, without telling why or when. It is just like this is not my laptop. I am aware that they allowed me to use Vista, and that I do not own it. Okay!!! But the laptop is still mine, I own it, I must decide what I want or not! and also when!!
Up here they allow me to choose yes (Sim) or no (Não) as an answer to "May I (MS) install the software I (MS) downloaded in your laptop (the sucker's laptop)? ".

They "offered" some stuff to install, and I answered them "no,thanks". Since I have no choice (not democratic!), just give me Live MSN, thanks. But they warned it would cost 160MB. Awful!

Not only this, but there is an interesting translating problem: Silverlight's is in English !!! Here in Brazil they always complained about our poor translation. But that, years ago. Now, in 2009, they did the same ? Shame on you ...

After, I spent some minutes to overview the contract, and there they told me:
- I cannot use the service in a "harmful way" (my translation) to MS or to the announcers. So, I can't use MSN to complain about my insatisfaction with MS? Is that correct ?
- I agree that they may use whatever I type in MSN, almost in the way they understand they should.
- In case of being prejudiced, the MS can refund me as compensation no more than the value I pay monthly. Not even a penny more. Also, it doesn't matter whether MS knew or should know about anything that could prejudice me!!!
- This contract is eletronic, but I can not copy/paste it or at least perform a search in it. And if I need to find any word in it? no way!
- MS does not guarantee anything. Software SHOULD work, OS SHOULD work. And where is the problem in using free software ? It is also not guaranteed.
- In my case, as it is for everyone who lives in any country of South America, most problems related to the service should be resolved in Washington. If I am complaining, and if in Brazil we have MS offices also, why in the world should I go to Washington ?

For now, I had to accept this all. I will still try to evaluate if it is really worthy to use a licensed Windows copy. I am not speaking about piracy. I am speaking about free software, mainly Ubuntu.

Friday, November 20, 2009

Root Security in Ubuntu

Most of my Linux students always question about Ubuntu's root password. "It is not comfortable, it is unnecessary", and many more excuses. That led me to start changings in my Linux study-pack, in User Administration chapter.

Why ?

Definitively, it is really dangerous to use any OS with an administrative account. At any moment, you can be called to do something else, or for a phone call, or even something that only you can do (and since you work with computers, you ALWAYS forget to do!!!).

Anyway, if this happen, and you need to leave the workstation, maybe you are not editing a file or doing something more complex, or you are doing one of those heavy duties. If you aren't involved with this, that's okay.

If you are, you will either remember to lock your graphic desktop (or CLI environment) or not. If you remember, that's okay.

If you don't, someone else can do anything as the administrator. This is really unwanted. And worst, commands issued are not logged. Some of them may write something. But not them all.

One more thing, and I really dislike this: I do not want to give away root permission to my team. Root password (when exists) should be known by few members, all of them with administrative corporative responsibilities.


Ubuntu Server root account has no valid password, by default. Since this is the only account common to all Linux distro, nobody will be able to access it. Since it is needed to know an account, system gets little bit less unsafe.

“sudo” allows a user to execute commands as any other, mostly administrative commands. At first, the user created at install time is included in this "administrative staff". This user can do anything with sudo, as root. The configuration file is /etc/sudoers. This is written upon Karmic Koala (Ubuntu 9.10).

Including an Administrative account

If I want to include Thomas Martin (let's suppose his account is tmartin) as an administrative user, all I have to do is to add him to "admin" group:

sudo adduser tmartin admin

From now on, he can do anything as root. But, whatever he does will be registered in /var/log/auth.log. Watch this example from user "teste":

Nov 13 21:55:14 fw-tosh sudo: teste : TTY=tty1 ; PWD=/home/teste ;
USER=root ; COMMAND=/usr/bin/aptitude install vim

He installed (or tried to install) vim in Nov 13, at 21:55, in TTY1, he was in his home directory when issued this command, and it ran with "root" id We can also see that this happened in “fw-tosh” host.

What this line does not tells me is if his operation was well succeeded or not. But there are other log files, such as /var/log/dpkg.log that really help.

Wednesday, November 18, 2009

Shared Folders in VirtualBox with Ubuntu Server

I really enjoy VirtualBox. After knowing it a little, I quit thinking about VMWare, for my Linux courses. Now, there is something really necessary when you work with more than one Virtual Machines: a shared folder.

A shared folder exists in the host system, and accessed by one or more guest systems. Thus, if VM1 needs to copy a file to VM2, just copy it to that folder. Easy like that.

Defining the Shared Folders
First, in Virtualbox console, you set one or more folders to be shared, as shown:

In the right panel above, you can see "Shared Folders". In this example there are already 2 shared folders. Click "Shared Folders", written in blue.

All shared folders are listed here. To add one more, click the folder with a "plus" signal, at the right side.

Write the host's folder full location, at "Folder Path" field. Optionally, this folder can be set as Read Only.

Virtualbox will suggest a name according to the folder's name, as you can see above.

Preparing Virtualbox Software
Now, let's make it available in our virtualized Ubuntu Server. First, we need to install it:

$ sudo aptitude install build-essential dkms

After that, "install Guest Additions" in "Devices" menu. It is an ISO image, and will work as if it is a CD.

Let's access it's contents

$ sudo mount /media/cdrom
$ cd /media/cdrom

In this folder there are several scripts, one for each system. You need to know wich version you have. Type the following:

$ uname -m

My VM is a 64 bits. In my case I should type the following:

$ sudo ./

If the answer is "i686", the script must be "". Any of them will first verify it's integrity, and after start some compilations. It will take a couple of minutes. Since we are using Ubuntu Server, a message warns that "X Window drivers will not be installed".

Building VirtualBox Kernel Modules
After all that, we are ready to build Virtualbox kernel modules, which is a really simple step. First, you will need to install kernel headers. Verify your kernel version with the command

$ uname -r

My system is kernel "2.6.31-14-server". My kernel is "server" type, so my kernel headers are installed with the following command:

$ sudo aptitude install linux-headers-server

It is a good idea to always update your kernel. When the headers installation ends, type the following command:

$ sudo invoke-rc.d vboxadd setup

After recompiling, Virtualbox recommends you to reboot. As you know, few operations require a system reboot, and most of them are kernel changings.

Mounting Shared Folders
We can now access it normally by mounting, using the module vboxsf (VirtualBox Shared Folders). To mount it manually, we need to know the Shared Folders' name, which is "Example". I choose "/mnt" as mount point.

$ sudo mount -t vboxsf Example /mnt

After that, you can copy files to and from /mnt folder. All these files will be available to the host system (in my case, Windows Vista System). If you want, with Windows Explorer you can access these files.

You can also configure Linux to automatically mount this directory. As "root" user, edit /etc/rc.local and add the following lines by the end of the file:

if [ -z "$(grep '/media/SwitchFiles' /proc/mounts)" ]; then
/bin/mount -t vboxsf SwitchFiles /media/SwitchFiles

/proc/mounts show all mount points. If "/media/SwitchFiles" is not listed there it will be mounted. Of course, you should create this directory, case it does not exist yet.

My application
Since I have many VMs with Ubuntu Server and Ubuntu Desktop working toghether, frequently I have to install some packages, thus downloading them. With shared folders, I can download once, through any VM and use it in all the others VMs. My "/var/cache/apt/archives" is the mount point of a shared folder in Windows, in "/etc/fstab" in all VMs, as follows:

if [ -z "$(grep '/var/cache/apt/archives' /proc/mounts)" ]; then
/bin/mount -t vboxsf AptArchives /var/cache/apt/archives

Of course, in my Virtualbox console, I have created "AptArchives" shared folder in each VM.

Do not forget to comment and to tell if this was useful or not.

Thursday, November 12, 2009

ODT being read in MS Word

Maybe I am late with this, but ...

Until 2 weeks ago, I could not have my ODT document edited in MS Word 2007. All of a sudden, I open my work with Vista Home Premium (Legal Copy), and I saw my work with MS Word Icon. WOW!!! These last couple of days, Vista has warned several times it needed to restart, because of updates, and things like that. I understand updates, but I don't agree with all that everlastings restartings.

Anyway, I tried to watch the way MS Word understood my book. In past days, OpenOffice tried to understand DOC documents, but several troubles of formatting always were there, for
sarcasm of all: "it is awful, it will never do it, you will loose your work", and on.

MS did a really good job, except for some details:

1) Headings got off the margin:

2) Bullets were not correctly interpreted

3) Background images were not imported. In this image, there is a wall image behind the text "notas importantes", but it was not imported. Notice that, when I wrote this box, I inserted the image in the original ODT file. Also the watermark I defined (a Creative Commons license, converted to JPG) was not imported.

Other features I used in OOWrite worked perfectly. After all, opening ODT files in this updated version of Word was not as complicated as opening old DOCs format in OOWriter, but it was not perfect. Anyway, it is a good step for MS, having in mind interoperactivity.

If you know about more details, let me know. Also, do not forget to comment and to tell if this was useful or not.

MSWord also does not natively export to PDF documents.