348. Using the official firefox 19 binary on debian testing/wheezy

UPDATE 20/3/2013: installing a system from scratch I'm having issues with xulrunner-10.0:i386, since it pulls in libstartup-notification0:i386 which causes all sorts of headaches (uninstalls xulrunner-10.0 and everything it depends on)

This post made me realise that installing the pre-built firefox binary isn't as straight-forward as one might like. A small nuisance is that the getfirefox.com versoin is only 32 bit, but that's life.

Here we go.

Download the standard binary version of firefox from here:
http://www.mozilla.org/en-US/firefox/new/?from=getfirefox

You can install it wherever you want, but I'm going for a local installation. Put the firefox-19.0.tar.bz2 in your home folder and untar it:

tar xvf firefox-19.0.tar.bz2
cd ~/firefox/
./firefox

If you get

bash: ./firefox: No such file or directory

then you are missing 32 bit compatibility libraries:

sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs
sudo apt-get install xulrunner-10.0:i386

To get flash set up you'll need the 32 bit version. Download the 32 bit version from http://get.adobe.com/flashplayer/?no_redirect

mkdir ~/.mozilla/plugins -p
mv ~/Downloads/install_flash_player_11_linux.i386.tar.gz ~/firefox
cd ~/firefox/
tar xvf install_flash_player_11_linux.i386.tar.gz
cp libflashplayer.so ~/.mozilla/plugins/libflashplayer.so

And that should leave you with a working firefox versions. Note that running 'firefox' as a command will invoke iceweasel if installed. To get around that you can e.g. do

echo "alias ffox='$HOME/firefox/./firefox'" >> ~/.bashrc
source ~/.bashrc

after which you can launch firefox by running ffox form the terminal. A standard installation would be to put everything in /opt and set up a .desktop file -- but there's plenty of guides to how to do that.

347. Minor ECCE oddity when pasting basis sets from BSE: lines longer than 254 chars wreak havoc

Using lines longer than 254 chars when editing nwchem input in ECCE leads to the rest of the input being dropped.

I discovered this when pasting basis sets from bse.pnl.gov. If you paste something which has a line longer than 254 chars, such as the one starting with # H He and ending with valence below (345 chars), everything that comes after that line will be dropped.

#  Def2-SVP  EMSL  Basis Set Exchange Library  2/27/13 8:08 PM
# Elements                             References
# --------                             ----------
# H He Li Be B C N O F Ne Na Mg Al Si P S Cl Ar K Ca Sc Ti V Cr Mn Fe Co Ni Cu Zn Ga Ge As Se Br Kr Rb Sr Y Zr Nb Mo Tc Ru Rh Pd Ag Cd In Sn Sb Te I Xe Cs Ba La Hf Ta W Re Os Ir Pt Au Hg Tl Pb Bi Po At Rn : F. Weigend and R. Ahlrichs, Phys. Chem. Chem. Phys., Balanced basis sets of split valence, triple zeta valence and quadruple zeta valence
# quality for H to Rn: Design and assessment of accuracy 7, 3297 (2005).
# 



BASIS "ao basis" PRINT
#BASIS SET: (4s,1p) -> [2s,1p]
H    S
     13.0107010              0.19682158E-01   
      1.9622572              0.13796524       
      0.44453796             0.47831935       
H    S
      0.12194962             1.0000000        
H    P
      0.8000000              1.0000000        
#BASIS SET: (7s,4p,1d) -> [3s,2p,1d]
O    S
   2266.1767785             -0.53431809926E-02      
    340.87010191            -0.39890039230E-01      
     77.363135167           -0.17853911985    
     21.479644940           -0.46427684959    
      6.6589433124          -0.44309745172    
O    S
      0.80975975668          1.0000000        
O    S
      0.25530772234          1.0000000
[..]

To reproduce, set up a calculation. In the editor, click on 'Final Edit'. Now paste your basis set. Save and exit (it's vi/m, so that means using :wq). 

Everything seems to be fine

Now, either select the job and hit Ctrl+I to see the input, or open the editor and click on 'Final Edit' again.

Nothing below the line immediately preceding the long line will be saved. It's not a visualisation issue either -- if you launch the job and do ctrl+o to see what NWChem received as input, it mirrors what you see as input.

Pasting anything other than that overly long line works fine.

A more artificial example would be to try to save this

a
b
abcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyz1234
d
e

which works, vs this:

a
b
abcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyzabcdefghijklmnopqrstuvxyz12345
d
e

which doesn't. There's a difference of one character.

346. Tripwire -- keeping an eye on important files

The whole UEFI/Secure Boot debacle lead me to this post: http://arstechnica.com/information-technology/2013/02/linus-torvalds-i-will-not-change-linux-to-deep-throat-microsoft/

In the comments section 'rhavenn' wrote this in passing: " ...by taking a SHA512 hash of your kernel, offloading that to a 3rd party and occasionally verifying the hash. It's nothing tripwire or any other software hasn't been doing for ages. "

Which lead me to check if tripwire was in the debian repos -- and it is.
UPDATE: You can also checkout 'aide' which is also in the repos.

Given how I use my work computers I'm more concerned with disk corruption than infection by malicious code, but as someone who goes through the occasional airport, and with it the potential risk of having to hand over my laptop (never happened so far), I do see a the use for tripwire. Also, in spite of the almost complete lack of viruses in the wild for linux, one should never be complacent (just look at OS X). Besides, learning new things is always a good thing.

Although to be fair, what tripwire does is what most (decent) antivirus programs also do.

Here's how to get set up with tripwire.

---

Installation

sudo apt-get install tripwire

You'll be asked to answer a series of questions:

Tripwire uses a pair of keys to sign various files, thus ensuring their unaltered state. By acceptin here, you will be prompted for the passphrase for the first of those keys, the site key, during the installation. You are also agreeing to create a site key if one doesn't exist already. Tripwire uses the site key to sign files that may be common to multiple systems, e.g. the configuration & policy files. See twfiles(5) for more information. Unfortunately, due to the Debian installation process, there is a period of time where this passpgrase exists in an unencrypted format. Were an attacker to have access to your machine during this period, he could possibly retrieve your passphrase and use it at some later point. If you would rather not have this exposure, decline here. You will then need to create a site key, configuration file & policy file by hand. See twadmin(8) for more information. Do you wish to create/use your site key passphrase during installation?

Tripwire keeps its configuration in a encrypted database that is generated, by default, from /etc/tripwire/twcfg.txt Any changes to /etc/tripwire/twcfg.txt, either as a result of a change in this package or due to administrator activity, require the regeneration of the encrypted database before they will take effect. Selecting this action will result in your being prompted for the site key passphrase during the post-installation process of this package. Rebuild Tripwire configuration file?

Tripwire uses two different keys for authentication and encryption of files. The site key is used to protect files that could be used across several systems. This includes the policy and configuration files. You are being prompted for this passphrase either because no site key exists at this time or because you have requested the rebuilding of the policy or configuration files. Remember this passphrase; it is not stored anywhere! Enter site-key passphrase:

Tripwire uses two different keys for authentication and encryption of files. The local key is used to protect files specific to the local machine, such as the Tripwire database. The local key may also be used for signing integrity check reports. You are being prompted for this passphrase because no local key file currently exists. Remember this passphrase; it is not stored anywhere! Enter local key passphrase:

Tripwire has been installed The Tripwire binaries are located in /usr/sbin and the database is located in /var/lib/tripwire. It is strongly advised that these locations be stored on write-protected media (e.g. mounted RO floppy). See /usr/share/doc/tripwire/README.Debian for details.

Initialise the database:

sudo tripwire -m i

Please enter your local passphrase: 
Parsing policy file: /etc/tripwire/tw.pol
Generating the database...
*** Processing Unix File System ***
[..]
### Warning: File system error.
### Filename: /proc/30401/task/30401/fdinfo/4
### No such file or directory
### Continuing...
[..]
The object: "/proc/fs/nfsd" is on a different file system...ignoring.
The object: "/proc/sys/fs/binfmt_misc" is on a different file system...ignoring.
[..]
Wrote database file: /var/lib/tripwire/beryllium.twd
The database was successfully generated.

Checking a single file:

sudo tripwire -m c /bin/ls

Integrity checking objects specified on command line...
Wrote report file: /var/lib/tripwire/report/beryllium-20130227-141840.twr


Open Source Tripwire(R) 2.4.2.2 Integrity Check Report

Report generated by:          root
Report created on:            Wed Feb 27 14:18:40 2013
Database last updated on:     Never

===============================================================================
Report Summary:
===============================================================================

Host name:                    beryllium
Host IP address:              192.168.1.1
Host ID:                      None
Policy file used:             /etc/tripwire/tw.pol
Configuration file used:      /etc/tripwire/tw.cfg
Database file used:           /var/lib/tripwire/beryllium.twd
Command line used:            tripwire -m c /bin/ls 

===============================================================================
Rule Summary: 
===============================================================================

-------------------------------------------------------------------------------
  Section: Unix File System
-------------------------------------------------------------------------------

  Rule Name                       Severity Level    Added    Removed  Modified 
  ---------                       --------------    -----    -------  -------- 
  Root file-system executables    100               0        0        0        
  (/bin)

Total objects scanned:  1
Total violations found:  0

===============================================================================
Object Summary: 
===============================================================================

-------------------------------------------------------------------------------
# Section: Unix File System
-------------------------------------------------------------------------------

No violations.

===============================================================================
Error Report: 
===============================================================================

No Errors

-------------------------------------------------------------------------------
*** End of report ***

Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc.
Integrity check complete.

As a cronjob:
You can also just run

sudo tripwire -m c

in which case your system will be checked.

I would guess that putting this as a cronjob to run once per week would be the intended way of using tripwire. Edit /etc/crontab and put

0 22    * * 7   root    tripwire -m c

Update: Tripwire on debian puts a file in /etc/cron.daily