Author Archives: Simon

Updating The Sun JDK On Debian

Posted on by

The final version of sun-jdk-6 in Debian Wheezy before it was removed was 6u26. The latest from Oracle (excluding Java7) is 6u30, so I decided to manually install it myself.

In fact it couldn’t be easier, all you do is download the jdk-6u30-linux-x64.bin file and run it, which extracts it to a directory called jdk1.6.0_30, which you then rename to java-6-sun-1.6.0_30 and move to /usr/lib/jvm, you then delete the java-6-sun symlink and recreate it to point to the newer directory:

root@localhost:/usr/lib/jvm$ ln -s java-6-sun-1.6.0_30 java-6-sun

As alternatives is setup to point to /usr/lib/jvm/java-6-sun there’s no need to update anything for the files we need to build Android for example:

root@localhost:/usr/lib/jvm$ update-alternatives --get-selections | grep java
...
appletviewer                   auto     /usr/lib/jvm/java-6-sun/bin/appletviewer
firefox-javaplugin.so          auto     /usr/lib/jvm/java-6-sun/jre/lib/amd64/libnpjp2.so
java                           manual   /usr/lib/jvm/java-6-sun/jre/bin/java
javac                          auto     /usr/lib/jvm/java-6-sun/bin/javac
javadoc                        auto     /usr/lib/jvm/java-6-sun/bin/javadoc
javah                          auto     /usr/lib/jvm/java-6-sun/bin/javah

jar seems to have been replaced by fastjar on Debian, so there’s no need to link the Oracle version in /usr/lib/jvm/java-6-sun/bin/jar

Finally its a good idea to add this environment variable in ~/.bashrc – again pointing to the symlink, not the specific version:

export JAVA_HOME="/usr/lib/jvm/java-6-sun"

Apparently Cyanogenmod7 will compile using OpenJDK6 (and 7 with a patch) even though AOSP won’t compile with anything other than Sun JDK6.

I’ve also updated the blog to WordPress 3.3

Junos 10

Posted on by

Today I have been mostly installing Junos. Well actually I’ve wasted most of the day trying to get Junos 10.4 to work in Olive under VirtualBox. I understood that it required FreeBSD 7.1, so tried installing it under 7.1 and 7.4 to no avail.

In the end I cloned my Junos 9.0/FreeBSD 4.11 VM, allocated 512Mb instead of 256Mb and installed 10.4 as an upgrade, which also meant I didn’t have to bother removing checkpic.

I wasted a few rounds of installing due to using the export version, which doesn’t include SSH! Also part of the trick of getting it to work under VBox seemed to be to create a serial port as a named pipe – not sure why but that seemed to help get past the bootloader hanging, possibly as it had a TTY to allocate.

I also upgraded my 9.0 to 9.6 which has a bit of a more useful JWeb interface, and also requires 512Mb now.

All of this was to aide my development of a set of NASL scripts to do Junos security compliance auditing. It seems Tenable have worked around the UNIX-only limitation of Nessus’ ssh_cmd() function by putting in a special check for when uname -a fails – i.e. its either IOS or Junos (or unsupported). Of course in Junos shell mode, it will pass (as its FreeBSD) so you have to check that you’re in CLI mode to do the config checking.

Its only taken them four years of me asking for this, and I guess its come as a result of Nessus’s new IOS support for their own compliance plugin and local security checks for Junos patches etc.

Update: I’ve written 20 NASL plugins to do the Junos auditing now and I noticed I was hitting the SSH rate-limit setting in Junos, so my plugins were getting booted off. It was because for each plugin I was calling ssh_cmd() at least once and also a function that checks I could login with the correct level/privileges etc; so was making at least two SSH connection attempts per plugin, which soon hit the 10 connection attempts per minute limit that was configured.

So now I’ve moved all of my ssh_cmd() calls into one big include file which uses a single SSH connection to send 30 or so commands, and populates the knowledgebase with the results. The plugins then have that in their script_dependencies() and don’t use SSH at all, just a couple of calls to get_kb_item() which simplifies the code quite a lot and an entire scan can be done in 10secs!

Upgrades Galore

Posted on by

I fitted my new SSD to my fileserver yesterday as it was a rainy Sunday afternoon. Oddly enough the new 2.5″-to-3.5″ drive rails I got don’t fit in a floppy bay – well they do but the screw holes won’t line up, so I fitted it in my one remaining hard disk bay.

Anyway I was surprised how quickly I replaced the Ubuntu 9.10 setup with Debian 6.0.3 without losing any functionality. I decided to stick to Squeeze+Backports as Wheezy like on my desktop machine is way too much maintenance for a fileserver – I can’t cope with the “apt-get upgrade” fear! ;-)

Speaking of backports, to replace OpenOffice.org with LibreOffice, you need to run this and answer “yes” to the dependency questions:

apt-get -t squeeze-backports install libreoffice libreoffice-gtk

Anyway the main thing I was worrying about – the printer/scanner was truly plug’n'play – I turned it on to do some scanning and CUPS automatically configured the printer part, and SANE just worked. None of the Epkowa (iscan+pips) Epson proprietary crap required.

I encrypted the boot drive using LUKS+LVM so I only need to enter the passphrase once, that seemed a lot easier than when I installed Wheezy and did multiple partitions.

I copied across the fstab and /etc/exports and all the various disks mounted and shared over NFS to the Mac seamlessly. I literally rebuilt the fileserver in two hours! Plus now it is all encrypted I can use it as a backup desktop machine for work.

Next up was the Mac Mini, currently running Leopard 10.5.8, I decided for £21 I might as well upgrade to Lion 10.7.2 as I already have 2Gb RAM and a Core2Duo, and apparently the new version of Plex doesn’t work on 10.5

Luckily I had a Snow Leopard 10.6.8 install in a virtual machine, so I bought Lion via the App Store (basically iTunes) using that. Wow the App Store is crap – I had to sign in about 6 times, I guess they’ve not heard of sessions at Apple.

I then used these instructions to create a bootable USB disk to do a fresh install of Lion – all within VirtualBox.

I’m actually dual booting Leopard and Lion using these instructions. Shrinking the disk so I could add a partition in the free space took the longest, installation was about 25mins. I’m glad I did it actually as although Lion runs fine (except it doesn’t like etherwake) the latest Plex 0.9.5.1 is rubbish, so I’m booting Leopard and Plex 0.9.3.4 at the moment.

Hard Disk Goodness

Posted on by

I’ve been busy today fitting, backing-up and restoring a whole bunch of new hard disks. I fitted the 2x2Tb Hitachi drives, which turned out to be SATA 6Gbps 64Mb cache 7200rpm Hitachi 7K3000 drives, not 7K2000′s (3Gbps/32mb) that I expected, and they’re selling for way over twice what I paid for them! What a waste putting those in a USB2 enclosure, mind you they did come out of the enclosure pretty easily ;-)

I also fitted the hotswap dock thing, which came in handy restoring my 1Tb WDC to my 2Tb Hitachi, and backing that up to my replacement 2Tb WDC! Its a bit stiff getting the drives in, and getting them out seems even worse.

Seeing 7.5Tb capacity in Disk Usage was quite surreal! I’ve run out of SATA connectors now as one is dedicated to eSATA (with another 1Tb hanging off it!) Next I’ve got to replace the old 250Gb HDD with a new 96Gb SSD and fit the new PSU, but I’ll leave that until all the disk syncing is done.

The State Of DVB-S On Linux

Posted on by

I just wasted a few hours experimenting with DVB applications for Linux as I thought I’d like an alternative to Kaffeine that I currently use.

Guess what? None of them worked despite tuning fine using w_scan, scan or their internal scanners.

Totem and gnome-dvb-control use gnome-dvb-daemon as their backend which just coredumps almost instantly, the frontends just spawn a load of python errors whenever you click something.

The CLI favourite “vdr” just kind of sits there doing nothing instead of displaying a menu.

xawtv is just a joke these days, tvtime is not much better.

Everything seems to be focused on DVB-T (Freeview) rather than DVB-S2 (Freesat/Sky).

So I’m sticking with Kaffeine to drive my WinTV Nova-HD-S2. It works well but I’d like a console interface and a better EPG.