Ubuntu Tutorials

I’ve been using Flock now for almost two months I’m a total “Flockstar!” I really enjoy its smooth interface, compatibility with Firefox extensions and integrated social browsing options. It has simple browser-blogging, double-click URL bookmarking to del.icio.us or Shadow. Also integrated Flickr & PhotoBucket accounts. Try it out. Join the Flock!

For those of use using Ubuntu, prior to a .deb package being made for Flock, I’ve put together a simple 5 step installation tutorial. This will install a menu listing and make Flock available for all users on the machine.

1. Download Flock (Save As…)

2. Save the archive (should be on Desktop): sudo tar -C /opt -xzvf flock-*.linux-i686.tar.gz

3. Create a link: sudo ln -s /opt/flock/flock /usr/bin/flock

4. Create menu item: sudo gedit /usr/share/applications/flock.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Flock
Comment=Flock Web Browser
Exec=flock
Icon=/opt/flock/icons/mozicon128.png
StartupNotify=true
Terminal=false
Type=Application
Categories=Applications;Network


5. Refresh the menu: killall gnome-panel


Blogged with Flock

This tutorial will outline how to install Gaim 2.0beta3.1 plus Off-The-Record 3.0.0 on Ubuntu Dapper v6.06.

I had been one of the early adopters of Gaim 2.0beta3 but had trouble finding support for the encryption plugins that I was used to. I initially reverted to Gaim 1.5.x and used the gaim-encryption plugin (which was yet unsupported in 2.0beta3).

After additional research I have found that the OTR (Off-The-Record) plugin is superior. If you currently don’t use any type of encryption I would suggest looking into it. The below steps will allow you to use the latest version of Gaim plus Off-The-Record messaging on Ubuntu Dapper Drake v6.06.1

Step 1:

sudo aptitude install libavahi-compat-howl0 libgnutls11 libmeanwhile1 libotr2

Step 2:

Download my gaim2.0 beta3.1 package which includes the latest gaim, gaim-data, libgadu and OTR builds in .deb format. Also includes optional 'guification', 'gaim-dev' & 'gaim-dbg' packages.

Step 3:

sudo dpkg -i gaim_2.0.0+beta3.1-0ubuntu1_i386.deb gaim-data_2.0.0+beta3.1-0ubuntu1_all.deb libgadu3_1.6+20060616-1_i386.deb gaim-otr_3.0.0+cvs20060530-1_i386.deb

Step 4:

Activate the Off-The-Record plugin in Tools > Plugins > Off-The-Record Messaging

Step 5:

When initiating a conversation with a contact using OTR right-click on the OTR button and 'Start Private Conversation'. Follow the prompts & then 'Verify Fingerprint' in the same menu.

EDIT: Updated the included package with the gaim 2.0beta3.1 package released Aug 20, 2006.

I want to publically convey my disgust with the VHCS v2.4.7.1 Pro project. Anyone considering using this should go find another project. I will detail my reasons below, but the overall message is DO NOT USE VHCS.

First of all lets take a stroll down memory lane encompassing the last six months and my trouble with VHCS. Below are previous blog posts about my trouble with a huge VHCS v2.4.7.1 Pro security issue that nobody has done anything about.
May 7, 2006: Server rebuilt after being hacked

July 29, 2006: Hacked Again

July 30, 2006: Hacked Site

August 15, 2006: Hacked again, had gone unnoticed for about a week

There is a very easy to find VHCS v2.4.7.1 Pro exploit page that allows you to create an admin user on ANY VHCS v2.4.7.1 Pro (or earlier) system. The security hole is so huge that a simple javascript attack based in an html form will give complete access to any VHCS v2.4.7.1 Pro or earlier system. The only thing you need to know to take over control of a machine is the URL. (note: I have decided to omit the link to the exploit. I don’t mean to spread cracking tools, my main purpose is to point out the reason not to use VHCS.)

VHCS is vulnerable up to & including the latest VHCS v2.4.7.1 Pro. There has been no updates or work on this issue that I can find in the last six months! The developers are very aware of this issue and have done nothing to fix it! I have posted on their forums and contacted them directly, as have other people in the community, and nothing has been done! The latest news I can find on the VHCS site is about the pending 3.0 release, but that is also a dated post & no work has been done to release a security fix.

A writeup about the vulnerability, how it works & details on the lack of updating can also be found at: http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt Below is an excerpt from the advisory.

.: [ HISTORY ]

* 19/Jan/2006: - I discovered bug #1 on VHCS 2.4.6.2 while evaluating the software.

- Asked for VHCS security contact.

- Alexander Kotov contacted.

* 20/Jan/2006: - I noticed the bug was fixed in 2.4.7.1 (although it was hard to detect because

vendor -one more time- did not clearly announce it on its main page).

* 05/Feb/2006: - VHCS security patch v.1 was released.

* 07/Feb/2006: - I noticed the patch release and reviewed it.

- Bugs #1 and #2 reported to vendor. At the same time, public
disclosure (because the impact was *minimum*: affected users
were indeed only the people who installed the buggy security
patch; furthermore, to be "infected" they first should have
noticed the patch release and have time to install it. First
condition is difficult to comply with, given that vendor
doesn't have any announce mailing-list).
- Vendor got angry due to public disclosure (it breaks its
security-by-obscurity policy) and refused to give any detail
to public mailing-lists neither privately to me.
- Moreover, vendor began insulting me and other VHCS users who
asked for clarifications about the security patch.
- I decided not to talk to that vendor anymore. This includes
stopping the reporting of security bugs to them. This advi-
sory will NOT be the exception.

* 08/Feb/2006: - I found bugs #3 and #4. I also built the exploit for them [3].

* 11/Feb/2006: - Advisory released.

DO NOT USE VHCS v2.4.7.1 Pro – DO NOT USE VHCS v2.4.7.1 Pro

I’ve decided it was time to update my site. My old theme was too vertically thin considering the content that I had so I updated it this morning to a wider auto-sizable theme.

I thought I’d share a great place to get some wordpress themes. There is a huge list of themes available, searchable by columns, colors, ratings, etc. For anyone else needing a wordpress blog facelift, check it out.

I also wanted to thank Aaron for sharing the new theme with me. I’m still working on customization.

Another failure for Microsofts WGA. I thought it was interesting that it is now having troubles in the other direction. Not only being too anal & finding false positives but also not finding blatantly illegal copies. Again, this “feature” was the final straw for me. I had a second partition for Windows but no more. Too much of a privacy breach for me so I’m done for good.

Another WGA failure by ZDNet‘s Ed Bott — I just experienced a Windows Genuine Advantage failure. Only its not a false positive, like the horror stories I’ve been hearing for nearly two months now. No, I just installed a pirated copy of Windows using a stolen product key, and Microsoft’s Windows Genuine Advantage tool says I’m perfectly legal. The whole story reveals a lot about how poorly the WGA program is being run.

Dear eBay user,

As you know, I almost never reach out to you personally with a request to get involved in a debate in the U.S. Congress. However, today I feel I must.

Right now, the telephone and cable companies in control of Internet access are trying to use their enormous political muscle to dramatically change the Internet. It might be hard to believe, but lawmakers in Washington are seriously debating whether consumers should be free to use the Internet as they want in the future.

Join me by clicking here — http://www.ebaymainstreet.com/netneutrality — to send a message to your representatives in Congress.

The phone and cable companies now control more than 95% of all Internet access. These large corporations are spending millions of dollars to promote legislation that would allow them to divide the Internet into a two-tiered system.

The top tier would be a “Pay-to-Play” high-speed toll-road restricted to only the largest companies that can afford to pay high fees for preferential access to the Net.

The bottom tier — the slow lane — would be what is left for everyone else. If the fast lane is the information “super-highway,” the slow lane will operate more like a dirt road.

Today’s Internet is an incredible open marketplace for goods, services, information and ideas. We can’t give that up. A two-lane system will restrict innovation because start-ups and small companies — the companies that can’t afford the high fees — will be unable to succeed, and we’ll lose out on the jobs, creativity and inspiration that come with them.

The power belongs with Internet users, not the big phone and cable companies. Let’s use that power to send as many messages as possible to our elected officials in Washington. Please join me by clicking here right now to send a message to your representatives in Congress before it is too late. You can make the difference.

Thank you for reading this note. I hope you’ll make your voice heard today.

I was recently referred to a site that I instantly knew I had to share with everyone else. It’s name: Explorer Destroyer. It’s mission: Kill Bill’s Browser.

I’d encourage everyone to implement this on their sites. Hey Gabe, use this on the Utah Open Source Planet instead of just causing that weird error message. Make a few bucks while you lock out the infidels.
From Explorer Destroyer:

Three settings: Gentle, Semi-serious, and Dead-serious

When you install the script on your site, you can decide how muchforce you want to use to convince your users to switch away from thedark side:

Level 1: Gentle Encouragement Rating: $$
Visitors using IE see a message encouraging them to download Firefox(with a download link) running across the top of the page.
Level 1 Demo >> (the demo will pretend you are using IE)

Level 2: Semi-serious Rating: $$$$
Visitors using IE get a friendly splash page encouraging them todownload Firefox. There's a download link, and a link to continue on toyour site.
Level 2 Demo >> (the demo will pretend you are using IE)
Update: Xavier sent us this modified version of level 2 that will only show the splash page occasionally. Download it here and see a live demo here.

Level 3: Dead serious
Level 3 will not allow people using IE past a splash page. This levelis very useful for sites that are not IE6 compatible. And there's neverbeen a more important moment to switch people to Firefox. Can youhandle it? (At least try it for a day to see how good it feels.)Unfortunately, level 3 is a little too intense for the Adsensepolicies, so for this level you'll have to use a regular, non-Adsenselink to download Firefox.
Level 3 Demo >> (the demo will pretend you are using IE)

Download Explorer Destroyer