Planet Slackadelic

     Jiggler is a small, unobtrusive application for OS X that I wanted to talk about. It sits quietly on the dock, and keeps OS X from falling into sleep mode (or even activating the screen-saver). This is a god-sent for MacBook and MacBook Pro users who want to, say, download a large file without having [...]

I wrote about it – deeply nested inside the comments section of a previous post – but it needs its own place in a separate post:

KDE SC 4.4.1 (first maintenance release for the 4.4 series ) has been made available and the Slackware packages can be found at http://alien.slackbook.org/ktown/4.4.1/

Again, I have made 32-bit as well as 64-bit packages. The “dependencies” have not changed since KDE SC 4.4.0, so there is nothing new or changed in the /deps/ directory. Read the README in the topdirectory for full installation/upgrade instructions, or look for my older http://alien.slackbook.org/blog/its-been-released-kde-sc-4-4-0/ post.

Note that you have to be running Slackware-current (not older than 02-march-2010) or lots of things will break!

Also note that this fixes some issues with  the previous KDE 4.4.0 packages – some of those had not been rebuilt on 02-march-2010 which resulted in a broken keyboard layout configurator and kopete’s Windows Live plugin.

So, the upgrade is warmly recommended if you are running my 4.4.0 packages right now!

Eric

Am I hearing sighs of relief yet?

Today, Pat Volkerding pushed out the work that has been accumulating for slackware-current behind the scenes during the past four weeks (make take a little while to reach the mirrors).
This triggered some updates to the multilib and KDE 4.4 packages which I maintain, so if you run Slackware64-multilib and/or KDE 4.4.0 then be sure to check for instructions further down!

With a ChangeLog entry that runs more than 500 lines, I think this is the largest single update yet. But that was for a very good reason, because there were updates to large subsystems:

• Kernel: woohoo we have 2.6.33 now – the latest & greatest.
• X.Org: this went up to 7.5 (X server version is now 1.7.5) – you can’t get it newer than this. There is no nouveau driver for now, but it should not be so hard to add this yourself because all its dependencies should be met by slackware-current.
• KDE: has been updated to 4.3.5 – the latest “politically correct” version which is available… No PolicyKit for us yet.
• The GTK ecosystem has been overhauled and slackware-current is now at gtk+2 version 2.18.7.
• Because the upgrade of libpng was an incompatible change (I refrain from using bad language about this piece of software, but I invite you to examine the libpng.SlackBuild closely), every single package which depends on this library needed to be recompiled. D’ oh!
• Lots of core packages were updated to their latest version as well – too many to write down here.

To get all of these updates working as a whole, took its time. I know that some of you complained that “the team is having all the fun in secret” but I assure you, you were not left out in the cold. The long silence was something that could not be avoided, as it would have been kind of stupid to write blog posts like “hey! we’re currently adding this new X.Org” in case it turned out that we could not integrate it into Slackware properly. I do think it was worth waiting for, but now is the time for the bigger test – by all of you out there.

Note for self-compiling folk:

Something you may experience when you compiled your own applications: some of them may suddenly refuse to show buttons/bitmaps. This is because the application is linked in an incompatible way with libpng… it means you will have to recompile it. For instance, I will have to update my own VLC package because the control interface is now showing empty grey squares… bummer.

Instructions for people running Slackware64 with my multilib packages and/or KDE 4.4.0 packages:

Multilib gcc/glibc packages (64-bit)

• Due to the addition of a new kernel and the upgrade of the “png” library in slackware-current, the glibc and gcc packages had to be recompiled. My recompiled multilib versions of gcc and glibc for slackware64-current are available at the ususal place – please upgrade to these versions now: http://slackware.com/~alien/multilib/13.1/ – if you forget this and instead upgrade to Slackware’s standard gcc/glibc packages, you will still have a fully functional 64-bit Slackware… just with a non-functional 32-bit subsystem.

KDE 4.4.0 (32-bit as well as 64-bit)

• Due to the upgrade of the “png library” I also had to recompile some of the KDE 4.4.0 packages and their dependencies. I took the opportunity to also add a couple of fixes to the KDE packages. I also removed two dependencies which are now covered by Slackware-current (deps/libv4l and deps/libxklavier).
  Here is the list of my updated packages (for both architectures, 32-bit and 64-bit):

• deps/libiodbc
  deps/qt
  deps/virtuoso-ose
  kde/kdebase-workspace
  kde/kdelibs
  kde/kdepim

To upgrade, you can either download only those packages I just mentioned from http://alien.slackbook.org/ktown/4.4.0/ and use “upgradepkg” to upgrade them, or if you already have a local mirror of http://alien.slackbook.org/ktown/4.4.0/ you can refresh this mirror and upgrade according to the article I wrote earlier: http://alien.slackbook.org/blog/its-been-released-kde-sc-4-4-0/ . Please note that I did not create an “update” or “patches” directory – the new packages have just replaced the old ones (with an updated build number).

Enjoy!

Eric

If you ever ran a SSH server on the Internet, you will probably have noticed the massive amount of ssh break-in attempts.

There are a few easy ways to get rid of the attacks and at the same time prevent your root account from being compromised.

1. move the SSH listen port from TCP port 22 to a non-standard port
2. disallow connections with the older and easily cracked “Protocol 1″
3. disallow remote root logins

These countermeasures are easily taken by editing the ssh daemon’s configuration file “/etc/ssh/sshd_config“. below, I will show you the lines to lookup and the changed line which needs to take its place:

• Move the ssh listen port from 22 to 12345. This will get rid of most break-in attempts right away because these only target the well-known port 22:

#Port 22
Port 12345

• Disallow the use of the old “Protocol 1″

#Protocol 2,1
Protocol 2

• Disallow the root user to logon directly

#PermitRootLogin yes
PermitRootLogin no

After these changes have been made, you will have to restart the SSH server:

# /etc/rc.d/rc.sshd restart

When you disable root logon through SSH, the only possibility to become root on this computer remotely is to logon as a normal user first, and then use “su” or “sudo” to become root.

This has negative implications if you are used to make remote backups from your server and connect to it as root… because that is the only way to be able to access and read every file in the filesystem.

When you need remote root access but still want to disable password logins for root, there is a further change you have to make to one of the lines I showed you earlier. What I will show you next is how to prevent password logins for root while still allowing entrance using a SSH key. You can protect this SSH key with a passphrase so that it is impossible for someone who steals this key to force his way in as root – he will have the SSH key in his possession, but will not know the passphrase to unlock it!

In order for this to work, the SSH server must allow Public Key Authentication for Protocol2. In Slackware this is the default anyway:

#PubkeyAuthentication yes
#AuthorizedKeysFile     .ssh/authorized_keys

Now, let’s allow root to use a SSH key for loggin in. Change the following line in “/etc/ssh/sshd_config“:

PermitRootLogin no

to

PermitRootLogin without-password

and then restart the SSH daemon again (see above).

Finally, you will have to generate a SSH key that can be used for remote logins and copy the public keyfile to your SSH server.

ssh-keygen -t rsa

You will have to answer a few questions: under which name should the new keyfile be stored, and what passphrase should be used to protect the keyfile.

Once you have generated this keyfile, copy the public key (which is the keyfile but with the “.pub” extension) to your SSH server and on that server, as user root, append it to root’s “.ssh/authorized_keys” file like this (I am using an example public key filename “your_new_sshkey.pub”):

cat your_new_sshkey.pub >> /root/.ssh/authorized_keys

In case the “authorized_keys” file did not yet exist, you will have to secure other people’s access to the file or else remote logon will still not work:

chmod 600 /root/.ssh/authorized_keys
chmod 700 /root/.ssh

Once this has been done you should now be able to logon to your SSH server as root remotely:

ssh -p 12345 -i ${HOME}/.ssh/your_new_sshkey root@remoteserver

If you want ssh to use this SSH key automatically so that all you need to type is “ssh root@remoteserver“, you should add a few lines to your “~/.ssh/config” file. Perhaps that file does not yet exist in which case you can just create it. Mind the indents, they are required:

Host remoteserver
User root
Port 12345
IdentityFile /home/your_user/.ssh/your_new_sshkey

Good luck with this!

Eric

PS: if you copy your new public key to the server before you have made any of the changes I suggested, then some of the above steps can be combined into one. The following command on your workstation will copy the public key to the SSH server, and add it to root’s “authorized_keys” file, securing that file’s access attributes if needed, all in one go:

ssh-copy-id -i ${HOME}/.ssh/your_new_sshkey root@remoteserver

A few weeks back Laurent Parenteau asked me to contribute a post to his series “Meet the Linux family” on the blog “Software Development with Linux“. Well here it is: http://laurentparenteau.com/blog/2010/02/meet-the-linux-family-eric-hameleers/ . Nothing spectacular, but just enough controversy (I hope… I wrote “Steve Balmer” and “Eric Raymond” on the same page) to make it interesting for you to read.

Eric

I have always really hated the Git Version Control System (or VCS).

I am pretty comfortable working with other products like RCS, CVS and Subversion (SVN). I am not a developer, so my main use for a VCS is a to allow me to keep track of the changes in my SlackBuild scripts or my server’s log book. I use RCS for this, it is simple but effective.

Of course, in order to compile software it is often required to check out the source code for the program. This is how I got familiar with CVS, SVN, mercurial and git. Way back when I was “build manager” for a software company, I have used PVCS, Clearcase and Visual SourceSafe which are all commercial programs. So, I have been around.

Still, git still confused me after all that time as a end-user. Git uses some alien (to me) concepts which I did not grasp because I never took the trouble to dive into its documentation – I knew just enough to checkout source code from a git repository and did not need – did not want to – know more.

This changed recently. Because two of the projects I am involved with are preparing to use git as their Version Control System, I was forced to start learning how to approach the tool as a developer.

I quickly decided it was worth the while to run two parallel tracks: start reading documentation, and at the same time actually using git by setting up a server for hosting git repositories.

I found some places which host very good reading material.

• The Pro Git book at http://progit.org/ . This book is hosted itself in a git repository and the language translations are coordinated using git. Well-written with lots of visual examples.
• The Git Community Book at http://book.git-scm.com/ .

I’m halfway through the “Pro Git” book, retracing my steps a few times after the new concepts found a place in my brain. Indeed, git is starting to make sense now. Surely it has some very strong points which make it interesting not only for large projects with lots of developers who are scattered all over the place (like the Linux kernel developers) but also for small projects like those I am participating in.

Perhaps I will document more about my git activities in a future Wiki article – for instance how I am setting up an online git repository.

This made me think of something else: could it be beneficial to dump the history of my SlackBuild script repository (past and future) into a git repository? What do you think – will it help you if you are able to look at older revisions of my SlackBuild scripts? Some time ago I started copying the SlackBuild script into the documentation directory of every Slackware package I create, but I realize that once I release a newer package, the older scripts disappear from public view.

Leave your opinions in the comments section below please.

Eric

Now that almost four weeks have passed since the last update of Slackware’s “-current ChangeLog” I am seeing posts from people who (1) start getting worried and (2) are speculating that a new stable release is imminent.

Let me re-assure you: there is a lot of behind-the-scenes work going on. Some of the updates require the recompilation and testing of other packages and this takes time to get it right.

When the time comes to push the next batch to the public, be sure that it contains a lot of goodies. Nope… no PAM in there

And equally no, this is not the runner-up to a new stable release. Due to the size of the changes, I expect that some serious user-testing is required first. Just be patient for a little longer…

Eric

The KDE community has announced the immediate availability of the KDE Software Compilation 4.4.0 (“KDE SC” is the new name of what used to be called just “KDE“). In preparation for this event, the kde.org website was re-vamped yesterday to reflect their “shift in marketing and promotion vocabulary”. Looks shiny and new! Also, I think that the new layout makes it easier for people to find information about the KDE community and the software compilation.

Users of small form-factor laptops will be interested to learn that the new Plasma desktop manager now offers two workspace choices. One is the usual desktop-oriented workspace. The interesting addition is a netbook-oriented workspace, with special consideration for the netbook’s smaller screen and typical mobile usage patterns. I have not yet installed KDE 4.4 on my own Asus EEE netbook but I will most certainly do so, later this week!

In order to fully appreciate the work that went into KDE SC 4.4 and learn what has changed since KDE 4.3, you should definitely take the visual tour. Lots of new functionality and usability improvements are hidden beneath this new desktop workspace and just waiting to be discovered and used to the fullest.

Slackware packages galore!

Like I did with the pre-releases of KDE 4.4, I have prepared new goodies for all you Slackers. Get those 32-bit and 64-bit packages for Slackware Linux and install them on your computers (or build them yourself using the accompanying SlackBuild scripts, patches and sources).

You will find all of those at http://alien.slackbook.org/ktown/4.4.0/ .

Please take good notice of the fact that these packages are built for Slackware-current. You can safely install the KDE 4.4.0 packages if you are running a slackware-current from around 01 february 2010 or newer. Do not try to install these packages on Slackware 13.0.

Slackware 64-bit:

• Don’t forget to also install the updated or new dependencies! These “deps” packages can be found in the “x86_64/deps” directory.
• The KDE 4.4.0 packages themselves can be found in “x86_64/kde“
• And of course, the localization packages (non-english language translations of KDE) are available in “x86_64/kdei“.

Slackware 32-bit:

• Don’t forget to also install the updated or new dependencies! These “deps” packages can be found in the “x86/deps” directory.
• The KDE 4.4.rc2 packages themselves can be found in “x86/kde“
• If you need a language pack, you can grab one from the 64-bit package tree “x86_64/kdei” since these packages are in fact architecture-independent.

Here are the steps on how you download the packages and install them. You can have an older version of KDE installed, but that is not required. You will end up with KDE 4.4.0 installed on your system.

Instructions are for the 64-bit packages, I think you can figure out how to change them if you want the 32-bit versions:

1. Download everything in the directory http://alien.slackbook.org/ktown/4.4.0/x86_64/ :
   # lftp -c "open http://alien.slackbook.org/ktown/4.4.0/ ; mirror x86_64"
2. Change into the directory “x86_64″ which has just been created in your current directory:
   # cd x86_64
3. Remove the no longer required kdelibs-experimental package if you still have that installed. It is part of KDE 4.3.x (i.e. Slackware 13.0 did not have this package). If you do not have kdelibs-experimental on your system, you will get a harmless error message that you can ignore:
   # removepkg kdelibs-experimental
4. Install/upgrade the KDE 4.4 dependencies:
   # upgradepkg --reinstall --install-new deps/*.t?z
5. Install/upgrade KDE4.4.0 packages:
6. # upgradepkg --reinstall --install-new kde/*.t?z
7. Install/upgrade a language package if you prefer to have the KDE interface in your local language (I used “nl” in the example command, you should substitute your own language code there):
   # upgradepkg --reinstall --install-new kdei/kde-l10n-nl-*.t?z

Of course, you should not run those commands while running KDE…!

If you want to compile the packages from source like I did, that is entirely possible using the provided sources and build scripts. It will take quite a while though…

Have fun, Eric

Note for users of any KDE 4.4 pre-releases:

If you never before installed and used one of the Betas or Release Candidates of KDE 4.4 , then you can safely remove one package,  virtuosoconverter. This package is only needed if you were using “nepomuk desktop search” before this final release of KDE 4.4.0.

# removepkg virtuosoconverter

If you ran any Beta or Release Candidate of KDE 4.4.0 prior to upgrading to 4.4.0, then you will notice that your nepomuk database will automatically be converted from virtuoso v5 to v6, the very first time you login to your KDE 4.4 desktop. This process will take a while (not too long) and will temporarily double the size of your nepomuk database (by default, this database consumes a maximum of 50 MB in your homedirectory below ~/.kde).

If this database is not valuable to you, you can also decide to skip this database conversion by just deleting the database before starting KDE:

$ rm -r ~/.kde/share/apps/nepomuk/repository/*

or by following the instructions in Sebastian Trueg’s tutorial: http://techbase.kde.org/Development/Tutorials/Metadata/Nepomuk/TipsAndTricks#Remove_all_Strigi-indexed_data

If you manually remove the old nepomuk data, you can also remove the virtuosoconverter package of course.

If you do not have any clue about what I am talking about and what you should do, just don’t do anything… and all will be well.

A final remark about nepomuk and strigi – I think that KDE 4.4 finally has a desktop search which is optimized to a level that it no longer eats all your CPU cycles or claim a large chunk of your harddrive. Now I just wish that the strigi developer properly fixes the indexing of my PDF files!