Thursday, May 26, 2011

Google country settings

I'm abroad for a while, using my old Lenny laptop, and doing some Googling this morning, I noticed I was getting results from google.com- not what I wanted as I was looking specifically for UK based advice pages on a certain topic and was seeing US pages. I remembered that I'd been able to set Firefox to use google.co.uk on my other laptop while abroad- fortunately I found the link again. The Mycroft Project has a page that allows you to set Google search in Firefox to get results from just about any country's own Google page.

Wednesday, May 11, 2011

Virtual browsing

My two previous posts remind me of this site somebody pointed me to recently. It purports to test recent malware against quite a few if not most of the best Windows security products. I think these tests are a better indication of the effectiveness of security products (anti-virus, anti-spyware etc.) than tests against a huge bank of malware samples. In such tests, security products often score 96-97% in detecting malware; in tests like this, they score far lower- 40-60%- because "0-day" malware is designed to evade detection- and largely does.
This is why the results obtained by DefenseWall (a product I'd never heard of) impressed me: 100% protection. How do they do it? Well I checked the product web site, and it seems DefenseWall is a virtual system: a computer within a computer. av-comapratives.org has a review. (The DefenseWall site seems to have disappeared, so I don't know if the product still exists.)
Running a virtual system is one way to beat malware- until the virtual system is breached, and you need to run the virtual system in a virtual system to remain secure- but it must carry a performance penalty.
While Windows users are running virtual machines and sandboxes to remain secure, I'm running Linux with no layers of virtualisation, no sandboxes, no HIPS or behaviour blocker- indeed, no security products at all to slow down my computer. Of course it's possible to argue that this security is down to Linux's low profile rather than inherent superior security, but for the moment at least Linux is ipso facto more secure.

Chrome's sandbox compromised?

A French security research firm boasted today that it has discovered a two-step process for defeating Google Chrome‘s sandbox, reports Brian Krebs.

A comment has a solution:
Chrome is in fact one of several browsers that I utilize, but each Internet facing application on my system also runs in an “untrusted” state in a DefenseWall sandbox. So when I’m running Chrome, it’s like having a sandbox encapsulated in another sandbox.
And so ad infinitum.

100% Safe browsing in Windows

100% safe browsing has finally arrived in Windows:
German security company released a version of Firefox 4 that runs independent of the operating system on a client PC and automatically contains malware that may be downloaded via Firefox.
How is this achieved?
The browser version, originally developed upon request by the German government, is quite possibly the most secure browser you can use today. The software called BitBox (Browser-in-the-box) Virtualbox 4.04 comes as a self-contained package with a stripped version of Debian 6 Linux and runs within a virtual machine environment. The browser itself is isolated from the actual host computer, which does not have access to websites when the Sirrix browser is used.
Hey, that's really great. But couldn't I be just as secure by running Firefox on Debian? Oh wait, I already am! ;-)

Get recent Mozilla packages in Debian

Debian stable releases come with a re-branded version of Firefox (and a re-branded Thunderbird is available too). However, the version doesn't get upgraded, so Lenny users still have Iceweasel 3.0.6 (unless they've got 3.5.16 from backports) and Squeeze users 3.5.16.
The Debian Mozilla team "provides various versions of some Mozilla related packages for use on different Debian systems". There's a wizard to help you find the packages suitable for your system.
If I'd known about this, I probably wouldn't have installed Firefox on Squeeze- I'd've gone for an updated Iceweasel and saved myself the manual updates (3.5.16 has an annoying bug in the way it handles dark menus in Gnome, which was fixed in 3.6).

Sunday, May 8, 2011

Enable hardware-accelerated OpenGL drivers on ATI X1600 in Debian Squeeze

If you have a ATI X1600 graphics card, are running Debian Squeeze and enjoy fragging bots in Open Arena, and find that you can't run the game because hardware accelerated video isn't working and the game runs like cold treacle, try adding the debian-multimedia.org repository and updating libdrm-intel1, libdrm-radeon1, libdrm2. These libraries...
...implement the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portionof the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on Linux to provide hardware-accelerated OpenGL drivers.
There must be some sort of patent-encumbered aspect of these libraries that is disabled in Squeeze, because installing the updates from debian-multimedia.org allowed me to run the game at full speed.

Debian Multimedia wants to update packages

Enabling multimedia in Linux often means installing packages excluded from outside the main distro repository because they are not free software or because there are legal restrictions on their use- proprietary video drivers and codecs covered by patents, for example.
In my current installation of Debian Squeeze I had to enable some proprietary firmware for my video and wifi cards, and to install some patent-encumbered packages to decode MP3 files. This I did from the Debian non-free repository.
I haven't had any problem playing multimedia content (I had also installed Adobe Flash from non-free, but that's it as far as I recall) but today I needed to install a package from debian-multimedia.org to enable MP3 decoding.
I was going to just install the one package since I haven't had any trouble with other multimedia content, but I noticed that Synaptic was telling me that there were updates available for several packages. This worried me because the only information Google was bringing up was a Debian Q&A question that suggested these updates could break things that work in Squeeze- like video playback.
I did some more digging and found this more reassuring comment on the Debian forum:
Many (most?) of the packages that he has available are not available in the official repos, for one reason or another (patent issues being a big one). If packages are in both his versions usually have things turned on that are not available in the official repos (often encoders of various types, again often related to patent issues). (Since he's located in France software patent issues that are applicable in the USA don't effect him).
I went back and checked the updates debian-multimedia.org had made available and noticed these: libdrm-intel1, libdrm-radeon1, libdrm2.

The information on these libraries says:
This library implements the userspace interface to the kernel DRM services.
DRM stands for "Direct Rendering Manager", which is the kernelspace portionof the "Direct Rendering Infrastructure" (DRI). The DRI is currently used on Linux to provide hardware-accelerated OpenGL drivers.
Could these packages from debian-multimedia.org have something turned on that isn't turned on in the Squeeze version? Hardware-accelerated OpenGL drivers caught my eye. I'd been a fan of Open Arena in Ubuntu. Lenny didn't have drivers for my video card that supported 3D effects; Squeeze does but Open Arena was as slow as treacle on a cold day.
Could there be a patent-encumbered aspect of Squeeze support for my video driver that I was missing.
I took the plunge, installed the updates, rebooted and tried Open Arena again. Was I to be disappointed again, or could I frag some bots at last? Please see my next post.

How to enable mp3 output in SoundConverter

SoundConverter is a program I've used before to convert sound files to a format that will play on my MP3 player (basically just that as it plays only MP3 and WMA files). I converted some MP4 files to MP3 format,
probably in Ubuntu at the time
[EDIT: Actually it was in Lenny: I've been here before and forgotten]. Now MP3 encoding requires LAME, which due to some patent issues, is not installed in most Linux distros by default. In Ubuntu, it's in the multiverse repository. A post on the Debian forum today reminded me of the issue- I checked and found I hadn't even installed SoundConverter on my Debian Squeeze. When I did install it, of course MP3 encoding wasn't enabled.
A quick Google search brought up instructions for enabling MP3 output in the major Linux distros. I added the debian-multimedia.org repository as instructed and installed the gstreamer0.10-lame package, after which MP3 output was enabled.
But that's not the end of the story. I noticed that after I had added the debian-multimedia.org repository, Synaptic was telling me there were updates available for several packages. At first I couldn't find any information about why this might be, and was wary about letting a third-party repository update packages, but then.... well, I think this will have to be another post.

Saturday, May 7, 2011

Adobe Flash Player 10.3 Release Candidate

Adobe have a release candidate for their Flash player. I have installed the flashplugin-nonfree package in Debian from the contrib repository, so trying out the release candidate simply involved download and unpacking the Flash Player 10.3 Release Candidate 1 tar.gz from Adobe, and dropping libflashplayer.so into /usr/lib/flashplugin-nonfree.

Friday, May 6, 2011

2.6.39 kernel will drop 686 flavour

Updating my Linux kernel recently in Squeeze (and previously in Lenny), I had to chose a 'flavour' to match my CPU architecture. For me this was the 686 flavour- compiled and optimised for modern multi-core chips.
An email from Debian Project News recently informed me that the 686 flavour kernel is to be dropped.
From the information linked to at Ben's technical blog, it seems I'll be able to use the '686-bigmem' flavour- even though my computer only has 1GB of memory- with a tiny hit on performance but a slight security advantage:
Even those that have less than 4 GiB RAM do support PAE and can run the '686-bigmem' flavour. There is a small cost (up to about 0.1% of RAM) in the use of larger hardware page tables. There is also an important benefit on recent processors: the larger page table entries include an NX bit (also known as XD) which provides protection against some buffer overflow attacks, both in the kernel and in user-space..
There are a few 686-class processors that won't be able to use 686-bigmem and which will have to use the 486 flavour- apparently with a performance gain (see the blog for details).

Thursday, May 5, 2011

Linux kernel wonder patch hits Debian Squeeze

Linux kernel 2.6.38 has arrived in Debian backports. I installed it using the guide at backports.debian.org. Linux kernel 2.6.38 contains a much-hyped wonder patch.
I rebooted and observed... no noticeable difference in performance. But then I wasn't running a HD movie, compiling a complex program and running a 3D game stress test- if you do, you might.
The patch is also reported to improve web page load times with a busy CPU, by non other than... Linus Torvalds.
Now if only I weren't such a slacker my CPU might be busy enough to test this, but no.... CPU usage at about 5%.