Category Archives: Linux

Misc rants on Linux desktop, Mac OS and Antivirus

1 Reply

Linux desktop is in bad shape…

The culprits? Unity and Gnome 3. I am not talking about KDE, as I never felt good with it. I had tried KDE 4 and it did not change my opinion, not to mention that I suffered from several bugs.

Unity? Like many people, I just don’t get it. It is pretty clumsy and feels unachieved. I also suffered from a lot of performance issues like this that are never fixed and make it a pain to use daily.
Gnome 3? Actually, I liked it. It looks nice, is pretty fast and smooth. What I like the most is the workflow. It really makes use of workspaces logical and optimum. But… it did not work for me! Instability, again and again.
You will tell me, that I should have stayed with Gnome 2 or go to XFCE / Openbox / etc. I have used all of them. They have qualities, sure, but we are in 2012 and I want something with more features.

Conclusion: it is sad that after so many years, Linux is not yet ready for the desktop, because some guys decided to break everything again instead of doing incremental enhancements. Why breaking so suddenly things that work? I don’t get it. I felt really fustrated with the feeling that I was at the same point as 5 years ago, dealing with the same kind of bugs. I have long been a Linux advocate and I believed I was right a few years back when I told people it was promising and superior to the competition (Windows XP at the time). Now years have passed, and I started to feel I was lying, or hiding the truth that is Linux Desktop failed and went nowhere.
Yes, I just got tired to fight with the computer to get basic things done. And considering the Linus post and several reactions into the comments, I am not alone in this case.

… so I gave a try to Apple…

I recently got a Mac Book Pro. The main reason is I wanted a very stable workstation to focus on my work. It was hard to admit after so many years using it, but I came to the conclusion that a Linux desktop could not meet this requirement anymore.

So I am going to be with Mac OS Lion for a while (though I am certainly not closing the door to the Linux desktop forever). I have to say that it is a nice OS and it is damned stable. It is good to have something that works out of the box, without any frustration or need to customize things to have something suitable.

And what about the stability of Mac OS? It is very eye candy, but is it stable?

At first, I actually had some serious troubles. It was freezing almost every day, forcing me to a cold reboot. I started to be seriously doubtful concerning the stability of Mac OS, when I found by chance that the freeze occured every time that Sophos Antivirus started an update…

Antivirus and Mac OS…

Wait, what? Antivirus? On Mac OS? I know it will be the reaction of many Mac users. I do also think that it is useless, but for a different reason than most of them.
Of course, I don’t get the “Mac OS is secure” marketing. Actually, it has the less secure kernel around, even though it benefits from a robust Unix architecture.
No, my point is that antivirus all fail anyway. In forensic analysis, we can even not trust an antivirus scan to decide if a machine is sane or not. Instead, we have to use specific tools and memory acquisition to make sure.
It is simply because signature-based detection can always be worked around by malwares. There are hundreds of ways to achieve it successfully: changing binary headers, code obfuscation, encryption, hooking (see rootkits and bootkits).
Ok, antivirus vendors claim that they also offer behavioral detection, sandboxes, etc. Yes, that’s a good move, but they can’t check all of the system activity and again there are many ways to bypass it. So why bother?

I mean, I still think it matters to have an antivirus on Windows. Especially for people who are not too techy. At least, it will detect the most basics threats and throw out alarms. There are thousands of such threats on Windows, and on this point antivirus offer a simple way to defeat them (though awareness and education are certainly more important).

But on Mac Os, and on Linux as well, there are very few threats. Once again, it is not that they are so much secure, but at the time I am writing, it is a fact.

So to summarize:

  • very few threats on Mac OS and Linux
  • antivirus still massively rely on signature-based detection

You see: if there is nothing much to detect, an antivirus is overhead. It will only eat some resources and fail anyway against coming threats.
Just keeping the system up-to-date is certainly the best thing to do so far.

Well, so why did I set an antivirus? I was actually using it for my forensic analysis on Windows machines. It was a convenient way for me to have a local scanner that I could started on dumped suspicious processes, without having to connect on Viruscan. It used to be convenient when I was traveling without connection, but I can live without it.

About Sophos for Mac OS

So moreover this piece of software was crashing my laptop. The update part seems to be executed with root privileges, and for some reason it locks the system (not only mine, look at the forums). Not to mention that having such a component may offer more room to malicious code to exploit the kernel…

A shame, a pure piece of crap. Now that I removed it, I am enjoying an uptime of about 30 days!

Conclusion

Sophos Antivirus for Mac OS is pure crap, run to remove it if it happens to be on your computer.

Anyway, you don’t need an antivirus on Mac OS. Moreover, it seems that several vendor offer solution that lack of maturity and testing on this platform. So you would actually degrade your system stability and security if you would installed on of these.

And Mac OS is a nice Unix-based desktop alternative to have the work done, even though sadly it is not open-source.

Headphones not muting the speakers with a Gigabyte motherboard

2 Replies

It had been months since I had an weired issue with the embedded audio controller of my Gigabyte motherboard.

Plugin the headphones on the front panel of my box didn’t mute the output to the speakers, which nullified the purpose of having headphones.

I long thought that it was some hardware issue that I would have to sort some day by opening the box and checking the connections.

Yesterday, I decided to solve it for good and I started to google… and found out that it was a pure software issue!

The culprit sounded to be some unproper settings of the ALSA module and this Ubuntu guide just saved me.

I carefully followed the steps and it appeared that for my Gigabyte GA-790FXTA-UD5, it was necessary to this line:

add options snd-hda-intel model=3stack-hp

to

/etc/modprobe.d/alsa-base.conf

Ok, it did not go so smoothly as I picked out randomly models from the list until I find the right one (I had no idea of what was embbeded on my board). I hope this may help, as I have quite a lot of people with similar issues with all kinds of vendors.

How do you manage your passwords?

6 Replies

We all know that passwords sucks, that they are the nightmare of all administrators and security guys. So many hacks have been eased because the victims reused the same password everywhere : email account, forum, bank, critical systems…

Sadly, so far, there is even not the beginning of a replacement solution. Passwords will be there for long, so we would better use them accordingly.

Yes, I am aware of many on-line services like FisrtPass, KeePass, 1stPassword, etc. However, I don’t feel comfortable with having all my password somewhere on-line, even if they claim – and I believe they are sincere, that they use strong encryption and can’t access to it.

Instead, I use a combination of the Firefox password manager and the Pwgen add-on. I use this add-on to quickly and conveniently generate a random password when I subscribe to a web service. When Firefox prompts for it, I just choose to remember the password automatically. SSO quick and dirty.

For the other passwords that I can’t and don’t need to memorize, I store them in a local encrypted file.

To edit the file, I simply use Vim with this nice GPG plugin:

  • copy gpg.vim to /home/$user/.vim/plugin
  • if not done yet, generate you GPG key : 
     $ gpg --gen-key
  • Encrypt your password file and erase it: 
    $ gpg --encrypt --recipient 'your name' passwords
$ rm passwords
  • Now, it’s done. Just edit password.gpg to decrypt and access to your passwords (you will be prompted for your passphrase): 
    $ vim passwords.gpg

If you don’t like the overhead of GPG, a more straightforward solution is to use the OpenSSL extension :

  • Copy the openssl.vim file to /home/$user/.vim/plugin as well.
  • Now, to encrypt to file to, say, AES (note the .aes file extension which makes sense for the plugin): 
    $ openssl aes-256-cbc -in passwords -out passwords.aes
  • Decryption will occur as soon as you edit the file with Vim: 
    $ vim passwords.aes

I believe that, if not perfect, it is pretty secure. I mean not more, not less than your system is. Anyway I don’t have any need for an on-line manager. And you, how do you manage your passwords? Let us know about your tips.

Disk wiping : Myth broken

Leave a reply

There are many urban legends in the industry. I did believe in one of them : “wiping a disk to properly prevent data restore requires random writes and several passes”.

At least until I found this very instructive article, “Disk Wiping – One pass is enough“. Don’t miss the second part which clarifies some points and gives more details.

In short, after one pass, every bit of the disk is filled with zero and there is simply no way to find out what the previous value was. Even the best tools out there have no clue to do it.

Then, there is a theory of physically restoring each bit using a magnetic force microscope. It has always came with a high error rate, and with modern high density disks it is even less reliable. Now, considering any real world data length, errors occurring on the restored bits would make it impossible to rebuild any usable data. There is obviously no chance for such a technique to recover a file.

So, in the future, I will not only save time doing one pass, but I will replace :

$ dd if=/dev/urandom of=/dev/sda

with

$ dd if=/dev/zero of=/dev/sda

Note that formating just reset the partition table. In no way it clears out every bit of the disk.

Corrupted virtual disk with VMware

10 Replies

Wow, this article and especially one of its comments saved my day.

My computer crashed and one of the VMware machine hosted on it could not start anymore :

“Cannot open the disk ‘path of vmdk’ or one of the snapshot disks it depends on.
Reason: the specific virtual disk needs repair.

Checking on the VMware forums, I quickly found the command that was supposed to help :

$ vmware-vdiskmanager -R /path/to/disk.vmdk
The virtual disk, '/path/to/disk.vmdk', is corrupted but the repair process has failed.

Damned ! I almost resigned restoring the last backup and loosing a week of work when, by chance, I found the article mentioned above.

As recommended, I downloaded the Virtual Disk Development Kit 1.2 from VMware, untared it and still doubtfully launched :

$ ./bin64/vmware-vdiskmanager -R /path/to/disk.vmdk
The virtual disk, '/path/to/disk.vmdk', was corrupted and has been  successfully repaired.

Saved! Thanks so much to the guys. I would have never thought about trying it, I wonder how they could find it.

But how is it possible that the utility coming with vmware workstation 7.1 suck so much and is not on par with other versions ?