One of the things about having your own little server, not really used for anything absolutely critical to anyone is that you can install updates as soon as you like. Non critical updates are one of those things that you have to do sooner or later and for non critical systems it can often be appropriate to install them as and when they arrive, rather than spending a larger amount of time performing monolithic updates once a year or more. They also tend to challenge the techie in you from time to time… like this little lot on my x86_64 CentOS Slice.
Downloading Packages:
Running rpm_check_debug
ERROR with rpm_check_debug vs depsolve:
Package mkinitrd needs nash = 5.1.19.6-28, this is not available.
Oh dear. Messages like this are occasionally just a mistake somewhere in the chain, leave the updates a few days if you were only doing it because you were bored anyway and the error might just have solved itself by the time you come back…
…Not in this case however. So on we go.
The error message produced by Yum in this case is a bit useless as it omits information about the architecture of the package, let’s see exactly what’s installed with “rpm -q“.
# rpm -q mkinitrd
mkinitrd-5.1.19.6-28
mkinitrd-5.1.19.6-28
Two packages. I vaguely remember a discussion from the Slicehost forums on possibly unnecessary packages installed by default. So, let’s see if these packages are from different architectures.
# rpm -q –qf ‘%{name}-%{version}-%{release}.%{arch}\n’ mkinitrd
mkinitrd-5.1.19.6-28.x86_64
mkinitrd-5.1.19.6-28.i386
So they are. If we’re feeling brave and we’re reasonably sure we don’t actually need the i386 package,we can remove it.
rpm -e mkinitrd.i386
Which get’s us past that error. But then another pops up with a variety of packages, all of the below variety.
file /usr/share/man/man8/avcstat.8.gz from install of libselinux-utils-1.33.4-5.1.el5 conflicts with file from package libselinux-1.33.4-5.el5
So, exactly what other packages are on here that aren’t x86_64?
yum list *.i386
At this point, if we’re sure we don’t want the i386 packages the above command returns (i.e you’re sure you aren’t making use of multilib and don’t require the packages on your system) we can remove them using Yum, as this will tell us whether any software we’ve installed via the package manager actually depends on them. Anything you’ve compiled yourself however won’t be reported.
yum erase *.i386
This also showed up an i686 package, which we can double check for others of the same type and remove in a similar manner to above.
The CentOS upgrade then proceeded as expected 
- Note: Before removing packages, be sure to keep a log of exactly what you’re doing and everything that was output to terminal for each command run if you aren’t sure what you’re doing. This will be invaluable if you have to call for help.
- If there are packages knocking around on your system and you aren’t sure why, a good place to start is /var/log/yum.log – it may well jog your memory on anything you’ve installed and forgotten about
- If you’re upgrading a remote system make sure you have a way to access it if it won’t boot, on Slicehost of course you have this with the recovery console available in Slicemanager, otherwise you may want to ask your provider to hook you up a KVM for that nailbiting first reboot after the upgrade.
This is obvious, but also clever in the way of many clever things in that the attack is only obvious after it’s been explained to you. In short, if an attacker sucessfully impersonates someone you know, or gives you the impression you may / should know them, they may be able to exploit you.
Like many things, social networking sites are great until you let people use them. Yes there’s a certain disappointment when you discover a contact now hides their friends list, you can wonder what you’ve done wrong (although admittedly not so much as when that “view photos of so and so” link you used to use to browse pictures of said contact in their bikini that person to see how they were doing suddenly disappears from view. Does anyone know if the default setting on facebook is now to hide the friends list? (I doubt it somehow).
It occurs to me more and more that maybe we need to get away from being so tribal (trusting people because they look like us, or our friends appear to know them and immediately distrusting people who seem odd) and through getting most of our information once it has been squeezed into convenient stories or concepts, even if those don’t evoke much of a response anymore (see below). Funnily enough you can just imagine anyone reading this post through after it gets linked on facebook, tutting or uttering “oh dear”. Ho Hum.
Fairly often, people ask how they can keep their children safe on the Internet, or how they can lock out certain areas through address blocking or access control software. I generally liken the Internet to a city, if you’re buying your child a fully Internet capable device that they can use without your supervision, you’re letting them roam free in a city, with all the attendant opportunities and dangers that come with that.
Despite the fact the analogy is obvious, it’s heartening to know if they like QI I can just email them this link in future, in order to be backed up by the eloquence of Stephen Fry. Relevant quote reproduced below for convenience.
 
 This is an early thing I said about the internet at the time things like AOL were still huge. I said it’s Milton Keynes, that’s the problem with it. It’s got all these nice, safe cycle paths and child-friendly parks and all the rest of it.
But the internet is a city and, like any great city, it has monumental libraries and theatres and museums and places in which you can learn and pick up information and there are facilities for you that are astounding – specialised museums, not just general ones.
As important as the more traditional cultural institutions?
|
But there are also slums and there are red light districts and there are really sleazy areas where you wouldn’t want your children wandering alone.And you say, “But how do I know which shops are selling good gear in the city and how do I know which are bad? How do I know which streets are safe and how do I know which aren’t?” Well you find out.
What you don’t need is a huge authority or a series of identity cards and police escorts to take you round the city because you can’t be trusted to do it yourself or for your children to do it.
And I think people must understand that about the internet – it is a new city, it’s a virtual city and there will be parts of it of course that they dislike, but you don’t pull down London because it’s got a red light district. 
The search terms people use to come across your website are a constant source of amusement. This has to be one of the best ever *drumroll*
“free harmless bs media player”
Microsoft, I hope you’re listening for Windows Media Player 12… I wonder if this particular visitor found what he was looking for, or if when he searches for the term next month he comes across this
These days, gallery is a massive image oriented CMS (so much so that the developers are refocusing on their core objectives for Version 3), with a ton of modules / plugins and themes. It should be no surprise therefore that it’s easy to add a cart / checkout to it.
Continue reading Configuring a Paypal Checkout on Gallery 2
(Or how to Install GTA IV PC if you’re getting CRC errors).
We’ve come a long way since you used to have to have a PC to play the best games. Granted a £2000 PC with a £400 screen will still out perform any console out there but these days you get to play most of the big releases on the consoles as well and increasingly you’ll get to play them there first.
The “burden of screwing around” however on PC is now beyond a joke. It took the best part of an entire afternoon to install GTAIV PC from the two DVDs it comes on because of repeated CRC errors stopping the install progressing. After trying everything to correct these I dropped to Windows safe mode and the thing installed without any errors. I can thus only assume that the copy protection that comes with the game was interfering with something already installed on my machine. A quick search reveals that I’m not the only one and other people out there are getting replacement DVDs and in some cases hard disks (both of which can legitimately cause CRC errors if they’re failing). Uninstalling your CD burning programs (Nero, DirectCD etc) should NOT be a requirement simply to bypass an issue with over zealous copy protection.
It’s been said in forums a million times over but you’re now better off illegally downloading your PC games, with the copy protection hacked out than you are going to a shop and making a legitimate purchase. For years now I’ve tried to convince people that you’re better off buying the games you like, so that more like it are made in future, but I really don’t believe my own words anymore.
If the PC does dramatically decrease in market share games wise, this will be a pity, because the PC will nearly always be the most technologically advanced platform for developers to play on and they deserve the budgets to match.
From a consumer perspective however, that PS3 is looking vastly tempting…
Like many this Christmas, I found Amazon’s offer of £3 of free MP3s tempting. I’ve avoided buying music online all these years on principle because the DRM experience mixed with using multiple computers and OS types has just been miserable. The CD has generally been cheaper, with the very minor inconvenience of ripping it when it first arrives to a nice high bitrate play-anywhere set of files.
So, like a mug off I merrily go to order my MP3s of choice, supposedly free of DRM or any other BS. However, once you get through the ordering process, you’ll find that some BS has persisted. If you have ordered more than one track you are not served a direct download of each track, or a zip of everything you have ordered. You are prompted to download an app with the promise that it’ll add the tracks to your iTunes or Windows Media Player collection. Grand and all that, if you actually use either of these apps, which on windows I don’t. Alarm bells ring.
Still, there are download links for a variety of Linux flavours, so I give it a whirl. The download for OpenSuse 11 doesn’t work immediately on 11.1 due to missing dependancies, no biggy there we’ll just make sure the correct libs are installed for that architecture via the package manager. After some messing around and a little searching it turns out the app has never installed properly
To be fair, fire up Windows in a VM and the little app installs without issue, however by default it still tries to insert every track into Windows Media Player, which if you’ve not clicked through the setup wizard for media player will result in a prompt for every single track.
On one hand the app is quite neat, you get served a little file which presumeably has information about which tracks to fetch encrypted within it and off it goes and grabs them. Unfortunately it’s just unnecessary, an online store should not need a helper app to serve unprotected DRM free MP3 files and if you are going to make a helper app compulsory, at least make sure it works. Oh, and if you’re going to serve a little encrypted file people might not know what to do with instead of a music download, make sure it can be redownloaded easily from the order history (I couldn’t find an option to re-download at all, but had saved the original file).
Back to ordering CD’s and ripping them it is.
Still, “And all that could have been” was worth the trouble. (Note, fan made video below includes stuff you might not want to see etc etc…)
It’s not particular eloquent, but TV or Movie tie in games are normally, well… balls. “The Simpsons game” turns out to be an adequate platformer raised to worth playing status by the addition of tv-quality Simpsons animation shorts linking the levels and a storyline most gamers will appreciate… well, that is if you’re over 20 and get the in gags. Hell there are jokes about games in here that were around before I got my Master System.
That said there is plenty here for recent devotees to the past time of essentially completely wasting time, such as the epic final boss just wanting to get back to his almost 100% complete game of Oblivion and for you all to just go away.
Those who regularly only watch the oooold episodes on channel four might have missed the fact that the Simpsons has got a bit naughtier (my personal favourite is when Homer is charged with “buggery” when he threatens an endangered insect) and there is a fair bit of that here.
Basically the humour hasn’t been dumbed down for the game, so it’s essentially as child friendly as any current episode of the Simpsons, i.e the rude bits will probably / hopefully go over kid’s heads and there’s plenty for those whose age labels them “mature”, but aren’t really that mature at all.
As a game, muster is passed. This is basically a platformer and being in 3D has all the camera nastiness you can normally expect and there are a good few annoying jumping sections. Puzzles are scattered throughout and if you get stuck it’ll be because you’ve missed the fact that something in the environment is interactive, they aren’t really hard in any way. Each character has different abilities, and this lets them solve puzzles in different ways which are appropriate to their characters, Lisa for example can stun enemies and turn them on each other, Homer can turn into a giant ball. Levels are usually based around the abilities so you generally have to use them (i.e it’s impossible to complete the “French cheese eating surrender monkeys” level without using Bart’s cloak to ride the plumes of smoke to otherwise unreachable areas).
Essentially you’ll be playing this because it’s the Simpsons, which is fine because good use is made of the actual voice actors from the series, such as when weighting down one end of a set of dinosaur bones so Bart can jump off the other end Homer remarks in a sniffly voice “I hope my bones will be this useful one day”. The characters are well used in the setting, such as allowing Marge to incite angry mobs and set them on Police, other characters and video game advertising hoardings for “Grand Theft Scratchy” The game doesn’t try to suspend the fact you’re playing a game and in fact makes it integral to the plot, allowing it to take some swipes at the industry itself and gamers themselves as it goes.
Remember some years ago now all the (justifiable) furore around how long you could connect a vulnerable Windows PC to the net for before it got hacked / infected? The statistic ended up being 20 minutes, i.e not long at all.
I’ve not seen any similar research (at least as widely publicised) for popular web apps, such as Wordpress, SMF, Joomla etc. But the statistic has to be something pretty similar. Watching my own logs, and the logs of the system’s at work, script installs that have never been compromised are probed regularly for vulnerabilities. Those that have been compromised before are probed even more regularly, making it likely that they’ve made it onto “suckers lists” that are passed around or sold.
Web scripts that have been compromised, or used to launch attacks on others are normally seen as a sign of bad administration by the site owner and this is sometimes the case, however in a lot of cases the odds are still stacked against even the vigilant web site operator. Whilst many scripts now have built in update notifications in their admin panels for security updates for their core installs (and sometimes for plugins too) there is an inevitable time lag between any announcement and the admin
- 1. Seeing it
- 2. Being able to action the upgrade.
Script / CMS developers can do more here to help. A part of the install for any web forum or blog should be signing the owner email (or another email of choice) to a security update notification feed. Can you offer security notifications by SMS for a small extra charge?
Backup configuration should also be a part of the core install and not left to third party plugins. Yes this is extra work, but with these present there isn’t a lot more you could humanly do to protect site owners.
Wordpress now has one click upgrade options for both plugins and with 2.7 the main script itself, providing you’re running a server setup (suphp or similar) that can support it, this is great. Whilst automatic (i.e without site owner intervention) upgrades are becoming possible, the large variety of server configurations out there make this less realistic in the short term although it would be nice to see the feature experimented with in more web apps. Although somewhat rightly most site owners would probably be suspicious of automatic upgrades.
Options could also be added to automatically put the install into a maintenance mode / offline mode so that it could not be attacked until a severe issue is patched. Whilst most who make money from their site (but don’t have 24/7 IT staff to do upgrades, and believe me this is an awful lot of people) wouldn’t initially like the idea, you have to consider what’s worse
- 1. Your site being down for an afternoon until you’re available to patch it
- 2. A listing at google badware as well as having to replace your file base / database from a clean backup.
If you’ve seen any research into the above question , I’d be interested in a link
By default, Hsphere runs SMTP on port 587 as well as the default of port 25. This appears to be recommended as part of the setup for SPF, so that roaming users can send messages where port 25 is blocked and not fall foul of strict SPF records.
Edit: As defined here
|
|
