Security

System Updates in LINUX can be messy or difficult if you're using non-repository software

One of the nice things about #! LINUX is that it assumes that you are smart enough to keep your system up to date by periodically checking to see if there are any updates available.  Ubuntu preferred to generate a window with a blinking icon, roughly as annoying as someone jumping up and down and waving their hands near your face just out of the corner of your vision while you're trying to compose a letter.  It was all the more annoying because I prefer to do my upgrades from terminal, because I can have an easier time handling kernel upgrades in that fashion.  This behavior is the norm from Microsoft because Microsoft assumes by default you are all idiot computer owners.  If, however, you are using LINUX, it can be safely assumed that you are not an idiot.  Of course this is what brings me to this post today.

Before I get into this, however, if you are new to LINUX or new to Debian based distributions, you should open a terminal window and type in the following two commands daily, or at the very least once a week, in order to keep your system up to date and secure:

sudo apt-get update

sudo apt-get upgrade

The first command will make sure your sources are all up to date with their lists of available software, and the second will automatically download and install new versions of your current sources.  This command will not, however, install new kernels and you will typically see a message stating that certain updates have been "held back".  If you do not have any manually installed packages (meaning without the use of dpkg, aptitude, or Synaptic Package Manager which are built-in software package management utilities) you can type the following command to upgrade your kernel:

sudo apt-get dist-upgrade

Two packages in #! that I install manually are AMD Catalyst to provide full 3D rendering support, and VMWare Player (which I have been using to create #! tutorial videos without having to modify my main system).  The downside to doing this is that these programs make changes directly to the kernel, consequently whenever the kernel gets updated, problems can occur.  Most notably they will occur when you try to upgrade other packages that impact these programs in some way, because aptitude or Synaptic Package Manager will fail to complete the upgrade.  Trying to remove the packages that have failed in order to reinstall them is not a good workaround.  Also, the following command will typically not work in this situation (but can be helpful if something did not install completely or correctly under normal circumstances):

sudo apt-get -f install

Consequently the best method is to do a manual uninstall of each program before upgrading your kernel.  This is why it is beneficial that "apt-get update" does not automatically upgrade your kernel (the above explanation has been filed under the category of "things that nobody ever bothered to explain to me but which would have been helpful knowledge to have", hence this post).

Unfortunately each program you install in LINUX manually is bound to have a unique uninstall method, and in some cases different uninstall methods depending on the version of the software you are using.  It will require some research and potentially some trial and error to figure out the correct command.  However, again, terminal will be your friend as you resolve these issues and you'll feel better knowing that you are much more knowledgeable about your computer than you used to be.

For example, the command to manually uninstall AMD Catalyst 12.1 is currently:

sudo sh /usr/share/ati/fglrx-uninstall.sh

Please note that if you have created .deb packages or installed Catalyst from a respository this command will not work.

Likewise, the current command to remove VMware Player is:

sudo vmware-installer -u vmware-player

When prompted it is likely safer to not delete your settings, unless you do not intend to reinstall VMware Player.

Once the software has been manually removed it is now safe to upgrade your linux kernal using the "apt-get dist-upgrade" command listed above.  After restarting your system, you can then safely proceed with reinstalling the software that has been manually removed.  Depending on the kernel update, it may be necessary to obtain a newer version of the software.  If a newer version of the software has not yet been released, you may wish to revert back to the previous kernel in the meantime in order to keep using your current version (which should still be available as a boot choice in your Grub startup menu).

Once you have working software again, it should be safe to uninstall the old kernel if you wish to remove it from your grub menu.

VMware Player Update: I'm using VMware Player 4.0.2 and just upgraded #! to the LINUX 3.2 kernel, which resulted in VMware Player attempting to update the new kernel and then failing to start with a "module updater unable to start services" error message.  If you run into this issue yourself, you will need to apply this patch after reinstalling VMware Player 4.0.2 before you can run it (link to patch file found at VMware Community Forums).  Download the patch to your home folder, then open a new terminal window and type the following commands:

tar -xvzf vmware802fixlinux320.tar.gz

sudo ./patch-modules_3.2.0.sh

You should now be able to run VMware Player 4.0.2 on the LINUX 3.2 kernel.

No more social media

For starters I don't even really like people.

Now that I've pissed everyone off and don't have to worry about site traffic anymore, let me amend that to state that I like certain people who are clearly not like the majority of humanity that has its head up its own ass.  If that's you (meaning someone who does not have their head up their own ass), hopefully you already know this (and if not I apologize in advance for not telling you) and if that's not you then you can take this opportunity to fuck off.

Let the hate mail commence.  Let me point out that you could simply change this situation by pulling your head out of your ass for a change, at which point we could be great friends.

But I digress.

So for a good long while there I held out.  No fucking MySpace, I said.  Fuck LiveJournal, I said. Then I had friends that devoted themselves to keeping in touch with each other on these spaces, and nobody could be arsed to get their own Blogspot account like I had done (not that I use Blogger anymore, I'm doing it right with my own personal LAMP server thank you very much), so suddenly I needed a LiveJournal.  I had LiveJournal for several months, posting this and that.

After Hurricane Katrina, I said fuck you to LiveJournal after I noticed there were a certain breed of anonymous commenting trolls that liked to sporadically appear on and mock people's misfortune, which wasn't the sort of positive support one needed after surviving a major natural disaster that forced us back to square one in terms of possessions, home and employment.

A few months later my wife was pointing out to me all of our friends from New Orleans that were now on MySpace for us to reconnect with.  Fine...(sigh...[clickety]) ok I've got a MySpace account (shudder).  Ok I've got contact with my old friends now.

Of course eventually everyone shifts over to Facebook, causing the inevitable transition to Facebook, resulting in the mounting aggravation as Mark Shuttleworth turns out to be a complete douche who wants nothing more than to ownz all yer private personal secretz and sell it to the highest bidder.  Aggravation rises further as I find myself fighting an ever losing war to maintain my security settings in such a way as to protect pictures of my kids and loved ones from being available to any perv surfing the web.  And they are, make no mistake.

So Twitter comes along, and seems basic, clean, no friggin malware advertisements, pretty straightforward, groovy. Then they start dissolving how they do things and initiating an evil plan involving the use of Java on their entire goddamn site.  In the meantime I've deleted my Facebook account, but due to overwhelming demand created a new one with the hopes that I could better protect my data by not loading as much of it and poisoning the well by submitting inaccuracies regarding my physical location, age, etc.

So along comes the almighty Google, promoting their solution of Google+ with its circles of trust that you can maintain.  But you still have to use your real goddamn name, first and last, no funny stuff, or risk having your account suspended.  If it's someone like me who has a Droid phone that would also become less useful in the process as a result of account suspension, I can't even tempt fate. So it sticks in my craw something fierce, even though I quite like the rest.

But then I watch as Facebook attempts to become more Google+ like, while Google+ seems to steadily become more Facebook-like and it seems inevitable to me that everything will implode.  Add a little YouTube nonsense involving someone reposting footage of my kids without permission and all hell starts to break loose, because it becomes painfully obvious how easy it is to track me down, whereas before Hurricane Katrina I didn't even exist online.  I dump my initial G+ account and create a new one under a different user to throw the possible stalkers off the track, but thanks to Google's caching of search content the original stuff still floats somewhat in the results, attached to my real name.  Thanks Google, your real name policy did cause a legitimate issue after all.  Fuck.

So I start listing shit on the new G+ account and after a while it hits me.  Fuck this, I'm just setting myself up again.  At some point G+ is going to follow the path of Facebook and MySpace and sell out everyone who has an account registered.  Furthermore, if I've really got something to say why the hell can't I just say it plain right here? I mean seriously, isn't that why I still have a blog?  It's not so I can waste my time posting inane vacuous shit on some other social media site, that's for damn sure.

The problem is laziness.  It's easier to post a quick blurb about how Taco Bell gave me the shits than to sit down and write something long-winded like this post.  And everyone's at the same site already posting about how their own feces turned liquid upon eating some other fast-food laced with parasites and human body bits that came off at the factory from some poor worker.  I mean, fuck, it must be really hard to type fatedtoend.com into the address bar of your Internet Explorer that you won't get rid of no matter how many times it's the direct portal to the viruses and spyware that turn your personal computer into a swollen bloated infected mass.  I can see why you'd rather just set your home page to http://www.facebook.com and forget that there's even an internet out there.  It's kinda like the shopping mall.  Or Walmart.

Sarcasm phone, it's for you.

So yeah, fuck it.  I deleted all content on my G+ account under my real name.  If you need my real name, G+, you can have it and a two year old photo of me without facial hair.

If you do check my website from time to time, check it more frequently because due to the sudden lack of social media sites I no longer post to, I should theoretically have more to spout off about here.  I apologize in advance for the technobabble, I'm a geek and that part won't change.  I likes me LINUX.  Maybe you could give it a go instead of rolling your eyes and heading off to http://icanhascheezburger.com for the rest of the night.  You might learn something.

Infected - Microsoft can go to hell

So my previous post was about defending your PC from zombies.  Then irony struck and my PC got infected just two days later, even with following all of the advice I wrote in my article.  Talk about pot calling the kettle black, right?

I'm still working on virus cleanup. Yesterday, Willow noticed that Microsoft Security Essentials was reporting 30 infected files detected and shut the PC off, then told Brigitte. Smart kid - how many 9 year olds do you know of who would do that when they wanted to play a video game on their Dad's PC?

So I started cleanup last night with the UBCD4Win on USB flash drive, caught & removed some things with Antivir 9 Personal, other scans didn't find anything. Next step is to boot into safe mode, run MalwareBytes AntiMalware and a full scan with MS Security Essentials, disable system restore if it's not already disabled, clear temp files and look for rogue software in startup under services.msc and using HijackThis to scan for the ones not listed anywhere.

Following that will backup the entire drive, delete all partitions & erase the MBR, then will be loading Ubuntu 10.10 64-bit as the only OS install. Will be running Wine 32-bit to handle any games that I feel like loading that won't run under LINUX natively, and that will be that. Next step will be eliminating Windows on all other systems in the house one at a time (long-term project) - future pre-built systems will be Apple products, and systems I build myself will be LINUX.

Microsoft's crappy, vulnerable software is going to be completely purged from my home. The only thing that has really been holding me back is Netflix, but this will be addressed in the form of standalone Netflix players so I don't have to go through this again.

I've been in PC repair for 10 years, I know how vulnerable this crap is, and I know for a fact that nobody clicked on or downloaded something they shouldn't. These machines were compromised by the latest drive-by infections that exploit Adobe's equally shoddy and vulnerable software or Java vulnerabilities and even with added security measures in place and a Limited Access user account they still find a way in. You don't need to click anything anymore - all you have to do is open a website with a compromised advertising banner. I've known better all along & I'm done wasting my time with this crap in my own home. 

Syndicate content