Friday, September 28, 2007

Ubuntu Gutsy Gibbon (7.10) Beta available

Canonical made public a new beta version of Ubuntu Gutsy Gibbon.
I'm downloading the version, so when I test it, I'm going to comment how it went. It's a expected version, because it includes better support for notebooks, graphical configuration tool for X, better support for dual monitors, better support for restricted drivers, compiz fusion, Apparmor, NTFS writing support, automatic printer configuration (I want to see this!), desktop search, Gnome 2.20 and a long etcetera.
Versión en español:

Friday, September 21, 2007

How to store passwords in a database

Often we write applications that must perform users and permissions validations. In these cases it is rather common that the developers include fields like 'User' and 'Password' in the users table. Also happens that the passwords are stored in plain text, which brings security problems, as we will see next.
Database administrators should NOT have access to the passwords. Also, if an attacker gains access to the database, he'll get a very easy way to get user's passwords.
Besides, depending on the database configuration, it is possible that when we query "SELECT * FROM USERS WHERE USER='my_user' AND PASSWORD='my_password';", the password is case insensitive. This facilitates the attackers to test different passwords because the case (upper and lower) is not being validated.
Sometimes the developers encrypt the passwords using some encryption algorithm. Care must be taken for the following reasons:
- In general these algorithms are bidirectional, which means that if we have the encryption key, we can get the original password from the ciphered text.
- Good algorithms are well known and checked by the community of developers and mathematicians. You must not trust those who offer 'magic' formulas or do not want to make the algorithm public.
What we must do is to hash the password (e.g. using SHA, SHA1, SHA2, MD5, etc) to obtain a scrambled code from which the original text cannot be obtained. This must be done each time the user supplies a password, be it when logging in, or when the user modifies his password. Remember to store the result of hashing the password supplied by the user in the database.
When we look for the user, the SQL query would look like this: "SELECT * FROM USERS WHERE USER='my_user' AND PASSWORD='5eb942810a75ebc850972a89285d570d484c89c4';".
Note: before, the user could ask the administrators for the passwords if he forgot it, now, you must implement a password blanking routine for these cases.
Hope this helps.


Versión en español

Technorati tags:

Tuesday, September 18, 2007

Virtual Box 1.5 networking in Ubuntu Feisty

As I published in my previous post, I installed Virtual Box 1.5.
Now that I am using it, I found a couple of problems. First, I wanted to copy the virtual disks (VDI), and to my surprise, to copy the files just won't do the trick. We must use the disks cloning tool, as in the following example:

VBoxManage clonevdi source.vdi destination.vdi

The next problem I had is that the network didn't work in 'Host Interface'. After looking at the help, and a few rounds with google, ubuntuforums and etcetera, I found a way to make it work. Here's a mini howto.
First we install necessary packages:
sudo apt-get install bridge-utils
sudo apt-get install uml-utilities

Then we must define network interfaces. We edit the interfaces file:
sudo gedit /etc/network/interfaces

We add the necessary interfaces (replacing 'user' for the user that will use the virtual machines, and obviously a correct IP):
auto br0
iface br0 inet dhcp
bridge_ports eth0 br0

auto tap0
iface tap0 inet manual
up ifconfig $IFACE up
down ifconfig $IFACE down
tunctl_user user

We restart the network:
sudo /etc/init.d/networking restart

We add the user to the uml-net group:
sudo gpasswd -a user uml-net

According to the help, this shoud work, but no. I found that for this to work we must execute:
sudo chmod 0666 /dev/net/tun
sudo chmod 0666 /dev/vboxdrv

After this, we may set 'Host Interface', and in the interface name we enter 'tap0'.

And that's it.

Versión en español

Monday, September 17, 2007

HP Laserjet 1018 in Ubuntu Feisty

I recently had to set up a HP Laserjet 1018 printer in Ubuntu Feisty.
Simple as it looks, it is not.
The printer gets added correctly, and when I try to print a test page, the process goes without errors, except: it does not print!
This seems bad enough, because, if it cannot print, at least it should notify the user.
Searching, I found a way to make it work here.
There it says we must download and compile the drivers from here.
Following these steps I was able to install the printer correctly, but nevertheless, it was a rather complex process.

Versión en español

Technorati tags:

Wednesday, September 5, 2007

Virtual Box 1.5.0 released

Innotek's people amazed me with the new version of Virtual Box.
Virtual Box is an open source virtualization system (free and libre) that allows us to have virtual machines on a host operating system.
I downloaded and installed it in a matter of minutes (I use ubuntu). The installation was a breeze. To install a virtual machine was truly simple.
What amazed me the most was the 'Seamless mode' that allows to have host operating system windows mixed with the guest operating system windows.
I am lover of virtualization, due the great benefits that provides us. This is great news for me, since other solutions such as VM Ware Server (free, not libre) are not always easy to install and implement.

I saw it at genbeta.
You can download it at virtual box's site.:


Versión en español

Monday, September 3, 2007

How to delete useless Windows Files in Ubuntu Linux

After using Windows for a long time, my music and photos folder where filled with 'desktop.ini' and 'Thumbs.db' files. For a while I've been only using Ubuntu Linux, so I decided to delete those files.
To do it, you may use this command (have in mind that this goes throughout every sub folder in the selected path, so don't do it on the root folder):

find /my_path -type f -name "desktop.ini" -exec rm -f {} \;
find /my_path -type f -name "Thumbs.db" -exec rm -f {} \;
We may also use this command to delete album covers in our music folders:
find /music_path -type f -name "*.jpg" -exec rm -f {} \;
As you see, this can be used to delete any file (or type of file) recursively in folders. You may use it to delete other files, as long as you take care not to delete files you need or want.
If you want to examine the files that are going to be deleted before doing it, you should execute the same command, changing 'rm' for 'ls', like this:
find /my_path -type f -name "desktop.ini" -exec ls -f {} \;
In this way you may control the list of files to delete.
I hope this helps.


Technorati tags: , ,
Versión en español