After digging around for hours and seeing everyone complain about having the same problems after being told the same solutions, I decided to figure it out for myself. If you read this carefully you too will have a website setup that can be updated via subversion.

Getting Started

I’m going to assume that your SVN server and website are on the same machine and that you are using Apache to serve both. I’m also going to assume that you are somewhat familiar with SVN and Apache. I’m not going to go into much detail on how to get everything setup from scratch.

The tools you will need to have installed are as follows (may need more depending on your configuration). Apache HTTPd, Subversion, and gcc.

Many Linux users and distributions use sudo. I do not, and I will not provide information on how to use sudo. My recommendation, before doing anything, is to type sudo su which will make you root. Do everything from there so you don’t have to sudo anymore.

Setup a new SVN repository

Alright, now we are going to setup the new SVN repository. This can be done easily with:

svnadmin create <path to repository>

Place it in a good location that you will remember since you need to point Apache to it. In my examples we are going to use /home/www/domain/svn/website/ for our project location and /home/www/domain/htdocs/ for our website.

For user access controls I use a 2 part process. I have an authz and passwd file in the root of my SVN directory (/home/www/domain/svn/). The reason I do this is because I host several SVN projects and I don’t want everyone to have access to everything. This way I can also setup (this comes later) Apache to have read-only access to the repository.

First, we need to create our authz and passwd files. Lets call them svn.authz and svn.passwd so we know what they are for.

In the svn.authz file we need something like this:

[groups]
project = dkun
other1 = dkun, someguy
website = dkun, friend1
readonly = redmine,apache
 
[project:/]
@project = rw
@readonly = r
* =
 
[other1:/]
@other1 = rw
* =
 
[website:/]
@website = rw
@readonly = r
* =

Looks a bit overwhelming. Let me explain.

Starting from the top, we have [groups]. These are groups of users that we give project names to. Notice that 2 of the projects have more that one user. There is also a read-only group. You can name the groups what every you want. I do it by project name to make it easy to read.

After that you see [project:/]. This is the project group. It has one user and is set to read/write. It also has a readonly group. This way I can setup both Apache and Redmine with read only access.

Lastly you might have noticed *=. What is that? It turns off anonymous access. So unless your project has code going out to the web, make sure to put this in.

Now we need to setup the svn.passwd file. This is pretty easy. Just type:

htpasswd svn.passwd <username>

You will be prompted for the password. That’s it! Pretty easy right? Just don’t forget to setup the user apache (keep it lower case, trust me), and any others you might need.

Setup Apache

Now that we have SVN and out new project setup, we need to configure Apache to serve everything. Setup your VirtualHost to point to where you want your website to be hosted from. So for me it would be /home/www/domain/htdocs/. I’m going to assume you already know how to do this. All you need to add is a little directive.

<DirectoryMatch "^/.*/\.svn/">
     Order deny,allow
     Deny from all
</DirectoryMatch>

This will stop someone from browsing your .svn folder on the website.

Now setup an SVN VirtualHost. This gets a bit more complicated. I’m going to avoid going into detail here. I want to assume you have some background.

In your Virtual host we need to set a few options and point to the SVN repository root. Here is an example of the options you need to put inside the VirtualHost section for SVN to work. Don’t forget to set other items you need!

<Location /svn>
   DAV svn
   SVNParentPath /home/www/domain/svn
   AuthType Basic
   AuthName "My SVN Repository"
   AuthUserFile /home/www/domain/svn/svn.passwd
   AuthzSVNAccessFile /home/www/domain/svn/svn.authz
   Require valid-user
</Location>
<Directory /home/www/domain/svn>
   Options +Indexes FollowSymLinks +ExecCGI
   AllowOverride AuthConfig FileInfo
   Order allow,deny
   Allow from all
</Directory>

Note all the directories. Change them to match your server. Also, verify that your SVN modules are enabled in Apache. They should be in your apache.conf or httpd.conf (depending on your server). You will need to enable:

LoadModule dav_svn_module lib/httpd/modules/mod_dav_svn.so
LoadModule authz_svn_module lib/httpd/modules/mod_authz_svn.so

That’s it! Now type apachectl configtest and you will get messages back if there is a problem in your Apache config. If it is a warning about your website directory missing, don’t worry. Just create the directory and give full ownership to the apache user (We will get back to this in a moment).

Before continuing, restart Apache with apachectl restart and make sure your SVN works! If it does not then the next section will fail.

Do some weird stuff with Apache

Here is where things get a little weird. This is also where 99% of people fail because there is no good information out there. I will do my best to explain what to do and why you should do it.

The first step is you need to find out what user and group Apache runs under. For me, both are apache, but for you it could use www or www-user. You can find this by checking /etc/passwd and /etc/group, or by going through your apache.conf file and look for User and Group directives.

Now look in /etc/passwd for the apache user. The second to last option shows Apache’s home directory. In my case it is /srv/httpd. Go to that directory and type:

chown apache.apache ./

Set the user and group to which ever Apache runs under. This will allow Apache to create new directories there without changing ownership of anything else. Also, that is just one (1) period before the slash!

Open /etc/passwd and find the apache user again. At the end of the line you should see something like /bin/false. This keeps the Apache user from logging in. This is for security reasons. We are going to temporarily change it to /bin/bash.

Now that you are already root, type:

su – apache

Once again I assume your Apache’s user is apache. Adjust as needed.

Now you are logged in as the Apache user. You should see a new shell and be ready to go. Make sure you are in the /var/httpd directory (as stated previously as being Apache’s home directory) by typing pwd. If you are, then you have created a new session and are ready for the next step.

Navigate to the directory where the website will be served from. So if the website is in /home/www/domain/htdocs/ then go one level up; /home/www/domain/. Now we are going to perform an SVN checkout and have subversion remember our credentials.

svn co http://<domain>/svn/website

Adjust the http directive as needed. If you use SSL have subversion permanently accept the certificate. You should see a prompt for apache’s password. This is the password you created for it in svn.passwd. Type it in and when asked if you want to store the password, say yes!

If everything went as planned then you should see a successful checkout as revision 0. If not… well you did something wrong. Double check your paths, apache config files, and passwords. If needed, you may need to give ownership of the directory to Apache so that user can create a new directory and write to it.

Check to make sure a .subversion directory was created in Apache’s home directory and that there is a .svn folder in /home/www/domain/htdocs/. If now you need to give ownership of that directory to the Apache user (you will have to be root for this). If there is so .svn directory, then change ownership of the htdocs directory to Apache and run the checkout again.

If everything went smoothly then we are done as the Apache user. Type logout to return to being root.

Last thing. Open up /etc/passwd and change /bin/bash back to /bin/false. No need to have a security hole.

Create an executable

Now that we have SVN, Apache, and a SVN checkout setup, we can finally finish this. The first thing you need to do is find where svn is located:

whereis svn
svn: /usr/bin/svn /usr/man/man1/svn.1.gz /usr/share/man/man1/svn.1.gz

As you can see, I used whereis to find the svn executable. It’s the first one, /usr/bin/svn.

Navigate over to the htdocs directory. Open up your favorite text editor and dump this in it:

#include <stddef.h>
#include <stdlib.h>
#include <unistd.h>
int main(void)
{
   execl("/usr/bin/svn", "svn", "update", "/home/www/domain/htdocs/",
      (const char *) NULL);
   return(EXIT_FAILURE);
}

See where the directives of /usr/bin/svn and /home/www/domain/htdocs/ are? Just change those to match your server. Save the file as update.c and just back to the shell.
Now we need to compile the program:

cc -o update update.c

This will create an executable called update. You can call it what ever you want, just as long as before renaming it you type chown apache.apache update; chmod +s update. It should be owned by the Apache user.

Setup post-commit

Just over to your SVN repository, then into the hooks directory. So if you were following, cd /home/www/domain/svn/website/hooks. There you will see a bunch of .tmpl files. Rename of copy post-commit.tmpl to post-commit, then chmod 755 post-commit.

cp post-commit.tmpl post-commit
chmod 755 post-commit

Open post-commit in your editor. You may see a bunch of stuff in there. Just put a hash (#) sign in front of any other commands there. They are examples. Add:

/home/www/domain/htdocs/update

That’s it. Don’t add sh, or bash to the front, just put in the path with executable at the end. Save and exit.

Try it!

Now, as long as you followed along and I didn’t skip anything. This should work. Try it out. Try committing something to SVN and see what happens! If you can view the website right away, they you did it correctly. If now, you should check your apache log files. Specifically error_log. If SVN threw an error you will have to see what went wrong there. Sometimes just putting a commit message in will fix any error.

That’s it. I hope you found this informative. Please feel free to drop my a comment below if you have anything you wish to add or just want to say thanks for the info. I appreciate all feedback. Thanks for reading!

Check out https://rvm.beginrescueend.com/rvm/install/

I recommend the single user install. I did it with no problems. Things get a bit tricky when using RVM, so I decided to create this Quick and Dirty Guide.

How to Install and Setup Redmine with RVM

Be sure to pay attention to directories, I will make notes to help make things easy. Also, I recommend trying this out in a VM or a dev box. Please read the HowTos on redmine.org and do some research and testing before following this guide.

Note: This was done running Slackware 13.1. I do NOT use sudo on my machines. If you get a permissions error you can use sudo if your Linux distro is setup for it. The first part of this I did as the root user. If you use sudo, type ‘sudo su -’ to become full root. If you see Redmine (with the capital R), I’m referring to the Redmine program or website. Lowercase, is the user redmine.

After downloading the source from redmine.org extract it and rename the folder to redmine, you don’t have to do this, it’s just how I did it.

Setup a Redmine user

This user doesn’t need remote access, or the ability to login directly. We are going to create a new user and group for Redmine to run under.

groupadd redmine
useradd redmine -g redmine -m

Now set permission to where you extracted Redmine to. We are going to give everything to the redmine user and group.

chown redmine:redmine redmine/ -R

Now you need to su – redmine. Make sure you are in the redmine user’s home directory. Usually /home/redmine/

Setup RVM

Now that you are the redmine user and in their home directory, it’s time to install RVM. Be sure to check out their website for full and up to date information. The information listed here maybe out of date!

Lets install RVM for single user use. You are welcome to use the multi-user version, but this way worked just fine for me. Once again, make sure you are in the redmine user’s home directory.

bash < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer )

This will get the installer going. Once it finishes, run this:

echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function' >> ~/.bash_profile

Now logout. Log back in as the redmine user. and type:

type rvm | head -1

You should get back rvm in a function. If not, something went wrong. Try the commands listed above again. If you get an error about a broken pipe, don’t worry about it. I got it once, but never again. I have no idea why.

If you do get back the good news type:

rvm install 1.8.7

This will install ruby 1.8.7! Once it is complete type:

rvm use 1.8.7

If you don’t get back any errors, type:

rvm use 1.8.7 --default

This will set that ruby version as your default (only for the redmine user!) RVM is now setup. Good job!

Install Some Ruby Gems

Now that RVM is setup and Ruby 1.8.7 is installed, we need to setup some gems for ruby. First step is getting the correct version of RubyGems installed. As per the Redmine documentation, we want version 1.3.7. I find the easiest way of doing this is to grab their .tgz file. Once you get it (you can also find a list of versions available for download here. Extract it, and run setup.rb.

wget http://rubyforge.org/frs/download.php/70696/rubygems-1.3.7.tgz
tar zxf rubygems-1.3.7.tgz
ruby rubygems-1.3.7/setup.rb

It should only take a second or two to install. Once it’s complete there are two more gems that need to be installed before continuing. It is easy and straight forward. Note: If your system appears to freeze when running the commands below, do not worry. It’s working in the background a may take a minute or two.

gem install rails -v=2.3.11
gem install -v=0.4.2 i18n

Setup MySQL

Assuming you are still the redmine user and MySQL is setup and ready to go, these next steps are very easy and were taken right from Redmine’s website. Follow the steps below.

mysql -u root -p
create database redmine character set utf8;
create user 'redmine'@'localhost' identified by 'redpass';
grant all privileges on redmine.* to 'redmine'@'localhost';
flush privileges;

Take note of redpass. Change it to the password you want to use!

Log out of MySQL and stay logged in as the redmine user. Change directory to where the redmine program is stored. For this example, and the rest of the article, I’m going to assume it’s in /srv/redmine

Copy config/database.yml.example to config/database.yml then edit config/database.yml to include your db setup (under production. You can remove the others)

Copy public/dispatch.cgi.example to public/dispatch.cgi then changes first line to the path of the redmine user’s ruby location (/home/redmine/.rvm/bin/ruby in my case)

public/dispatch.cgi needs to have execute permissions. If it does not, type: chmod 755 public/dispatch.cgi

Uncomment NV['RAILS_ENV'] ||= ‘production’ in config/environment.rb

Now we need to setup MySQL access. Below are four (4) commands that will do all this including building the MySQL gem. Please note the path to mysql_config. Make sure this matches your setup!

rake generate_session_store
gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
RAILS_ENV=production rake db:migrate
RAILS_ENV=production rake redmine:load_default_data

If any of these fail, something may have gone wrong with RVM or MySQL. Check you meet the minimum qualifications listed on Redmine’s website and your paths are correct.

Setup Passenger

Passenger is designed to run as an apache module to keep Ruby of Rails running. If Redmine isn’t used for a while, Ruby of Rails may stop running, it’s not a big deal, it just means it will take a second longer to access your first request. It’s easy to setup, and can be done as the redmine user. So make sure you are still logged in as your redmine user.

I’m running version 3.0.11 or Passenger, you are welcome to do the same. There are only three (3) simple steps involved. So I put them below. Just give it some time to build, it can take a few minutes.

wget http://rubyforge.org/frs/download.php/75548/passenger-3.0.11.tar.gz
tar zxf passenger-3.0.11.tar.gz
./passenger-3.0.11/bin/passenger-install-apache2-module

Once the build finishes there are some lines you need to add to your apache.conf file. They are listed above, they are easy to see. Now, depending on your Linux distro, there are several names and locations for this file. You will need root access to edit the Apache config.

At this point you can stop being logged in as the redmine user. Go back to being root (or your regular user with sudo access)

Setup Apache

This setup worked well for me, I would recommend reading up on Apache config options at http://www.redmine.org/projects/redmine/wiki/HowTo_configure_Apache_to_run_Redmine

The page is a little hard to understand when talking about mod_fcgi and mod_fastcgi. You do NOT need them. They maybe faster, but I find that mod_cgi works just fine.

I’m getting a bit lazy here, and I don’t feel much like going into a lot of explanation on all the options you can use in Apache. Below is a sample of what I used.

<VirtualHost *:80>
   ServerName redmine.<YOUR-DOMAIN>.com
   ServerAdmin webmaster@<YOUR-DOMAIN>.com
   DocumentRoot /srv/redmine/redmine/public/
   ErrorLog /srv/redmine/redmine/log/redmine_error_log
   <Directory "/srv/redmine/redmine/public/">
      Options Indexes ExecCGI FollowSymLinks
      Order allow,deny
      Allow from all
      AllowOverride all
   </Directory>
</VirtualHost>

Obviously there are changes you need to make, like ServerName and ServerAdmin. Note how all the directories start with /srv/redmine/, Update it to where you extracted the Redmine program.

All done!

At this point you should just have to restart apache and you are good to go! Assuming you actually read the Redmine documentation, you can now login as admin (password admin) and give it a go. The first thing I recommend doing is creating a new Admin Level User and removing the default admin. If you get an Internal Error 500 when trying to add a new user, then something is definitely wrong. Check the redmine_error_log and production.log file (both should be in the same directory). If you see something about an error with US_ASCII, then Ruby is not running out of the redmine user’s home directory. Go back through and double check your settings.

I have been told that creating the redmine user in the fashion shown above can create a security risk. As root open /etc/shadow in your favorite editor. At the bottom of the list will be the redmine user. You may see something like:

redmine:!:12585:0:99999:7:::

If you change the exclamation point to an asterisk, it disables the account. That way you can not log into it remotely. Also, if you really want to play it safe, you can edit /etc/passwd also. Just change the last part of the file from /bin/bash to /bin/false. However, by doing this you will not be able to login, or su to that user.

Well?

Did this guide work for you? Do you have any suggestions that may work better? I would love to hear! Feel free to post a comment and let me know how it worked for you, and let me know what Linux distro and version you are running. Thank you.

Permission denied: /srv/http/domain/files/images/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

If you are, you may be wondering why apache is looking for a .htaccess file in the images sub-folder. You may even be wondering why it is asking for one at all because you don’t even use .htaccess file anywhere. Turns out there is a very simple fix.

The problem has to do with file and directory permissions on the server. First off we need to check permissions, here is a fake directory tree for an example.

-rw-r--r--  1 root root    72K 2006-09-30 17:06 file1.htm
drw-r--r--  2 root root   4.0K 2007-05-09 11:52 images/
-rw-r--r--  1 root root    72K 2006-09-30 17:06 index.htm
-rw-r-----  1 root root    625 2010-10-17 14:25 news.php
-rw-------  1 root root    598 2010-10-17 14:25 stuff.php
-rw-r--r--  1 root root     56 2008-03-23 13:42 stuff2.php

See how everything is owned by root? Sometimes this is OK, but for some users it is not possible. Find out from your service provider if you need to use another name, such as apache, or your login user name. For me, I like having everything owned by root. That way other programs or users on my server can’t edit my files.

Look at the images/ directory. It’s permissions are wrong. It turns out Apache wants the directory to be executable. Currently the directory has read-write on user, read on group, and read on world level permissions. We need to make is rwx-r-xr-x, or read-write-execute on user, read-execute on group, and read-execute on world levels.

chmod 755 images/

That should do it. Did you see any other problems with the directory tree above? I actually put 2 more mistakes. They are news.php and stuff.php. Chmod them both to 644. Then they will have the same permissions as index.htm.

If you are like me and want to set the following permissions for everything. I have an easy way of doing it.

-rw-r--r-- for files
drwxr-xr-x for directories

chmod 644 * -R
find . -type d -exec chmod 755 \{\} \;

When complete you will get a list like this.

-rw-r--r--  1 root root    72K 2006-09-30 17:06 file1.htm
drwxr-xr-x  2 root root   4.0K 2007-05-09 11:52 images/
-rw-r--r--  1 root root    72K 2006-09-30 17:06 index.htm
-rw-r--r--  1 root root    625 2010-10-17 14:25 news.php
-rw-r--r--  1 root root    598 2010-10-17 14:25 stuff.php
-rw-r--r--  1 root root     56 2008-03-23 13:42 stuff2.php

That will do it. Keep in mind that depending on your configuration this may not work, but I hope it does. If this did work for you please drop a comment to let others know. Thank you, and good luck!

Wireless Tethering allows you to connect your computer through the phone and use the 3G (or 4G, EDGE, etc) as your internet connection. Some new phones can do wireless tether without rooting, but often times you must pay extra for the service. If you rooted your phone there are two ways of doing wireless tether. First check and see if you have wireless tethering built into your MOD. Go to Settings –> Wireless & networks –> Tethering. If you only see USB tethering then there are extra steps you must take to enable wireless tethering. See the 3 images below. Note that my phone only lists USB Tethering. If your phone is the same, then continue.
  

Some people I know are also running CyanogenMod and they have wireless tether built in. Why is that? For starters, since the phone is newer than my G1, they have a more up to date wireless card. These cards can be put into AP mode. This is the same style mode that your wireless router at home uses. Some phones that have wireless tether can also put the card into Ad-Hoc mode. This mode is also known as Computer to Computer without an Access Point. However, it seems that you still need the extra software to do wireless tethering. It is kind of hard for me to explain as I don’t have access to many phone to see how they work. Let alone ones that are rooted. With my G1, I can say that the wireless card was not even designed to operate in Ad-Hoc mode. Thanks to the software I’m running I can force the card into Ad-Hoc mode and connect to it with my laptop.

Keep in mind that wireless tethering will kill your battery quickly. Be sure to have a USB charging cable with you as your battery will not last long. Also note that many service providers do not want you to tether without paying extra. Be sure to read the terms of service of your provider before continuing.

If you made it this far you are going to need extra software. Once again, if your phone is not rooted this will NOT work! Head on over to Google Code to download. At the time of this writing I am running version 2.0.2. A later version has been released, but I have not tested it as mine works very nicely. Download the software to your phone and install. If you don’t know how, I can’t help you.

After installing there are several features to the software. I highly recommend encryption and if you want, Access Control. By default the software uses wpa_supplicant to set the WEP key. This is done via a passphrase. If you like the shell (like I do) you will need to use iwconfig to set the key. Below are some pictures of the settings menu in Wireless Tether.
  
  

If you use Access Control, before a newly connected device can access the net you will have to allow it. I don’t have pictures, but if I remember it will be in the notification bar. Just drag it down, select the computer/device and hit allow. Later you can look in the Access Control Panel by hitting Menu then Access Control. Here is what mine looks like (and no, the computer is not actually connected. I just have it set to always allow the machines based on it’s MAC address.

My laptop has a Broadcom wireless card. I’m using the b43 drivers found here. As it turns out there are several problems found with my current kernel version (2.6.28) and the rc.wireless script that Slackware uses. There are two fixes. One is to remove the b43 module and reload it (this is so we can put the card in Ad-Hoc mode) and I have had problems setting the WEP key via iwconfig. With iwconfig you can set the key (default for this software being ‘abcdefghijklm’) by typing:

iwconfig <card-id> key s:<passphrase>

I always got an error. I solved the problem by using another computer to set the key then you can type iwconfig again and see the key. In this case, the key is 6162636465666768696A6B6C6D. If needs be, write down this key so you can use iwconfig to set it again.

Ok. I hope by now you have the wireless software installed on your Android phone and it is running. Note: I have found that sometimes even when encryption is set it doesn’t turn on. Be sure to scan for wireless networks to see your phone and if encryption is turned on or not. Also note that the software has created an Ad-Hoc style connection. If everything seems to be working here is what you do. In the next steps I will have some bash commands, then a note on what each command does. You may need a make changes to it to suit your needs. I turned it into a script I can run on my laptop so I don’t have to type every line in every time I tether.

rmmod b43   -unloads the b43 module
modprobe b43   -reloads the b43 module
ifconfig wlan0 down   -take the card offline
iwconfig wlan0 mode ad-hoc   -set to Ad-Hoc mode
iwconfig wlan0 essid android   -set the essid (be sure to check your configs)
iwconfig wlan0 key 6162636465666768696A6B6C6D   -set the WEP key (may differ!)
ifconfig wlan0 up   -bring the card online
dhclient wlan0   -get an IP address to your phone

Now type ifconfig and make sure you have an IP. If so, try surfing! If you are a hardcore Slackware user you may note that I use dhclient instead of dhcpcd. For some reason dhcpcd never gets me an IP. If this doesn’t work try it again. Sometimes I have to run the script twice, but I always get it working eventually.

I don’t have a problem with Windows 7 on the same machine. Windows will allow you to type in the paraphrase and it works great. If you’re running Linux and using the b43 module there are several things you can try to fix any problems. I hear the 2.6.33 and newer kernel have these problems fixed. Also if you don’t run a wireless script on boot, that may help. Most newer Linux distributions have GUI programs to help you connect to networks. I’m still running an older version of Slackware, and at the time, it didn’t come with those programs.

Now for some more pictures I took of the program. No reason. I just thought I would share.
  
  

I hope this all makes sense. If not you can always ask, if I know the answer I will reply. I would also recommend asking on a help forum or asking Google. Good luck and Happy Hacking!

To start, the first thing you need to see is that in every byte (8 bits) is capable of holding a number from 0 to 255. An easy way to translate a number is to write it down. so…

101010

Now granted, this number is not 8 digits long, but it still works, just add 2 zeros in front.

00101010

Now the easiest way I have found it to make a table to put your numbers in.

128|64|32|16|8|4|2|1
----------------------------
 0  0  1  0  1 0 1 0

(Hopefully this aligns properly on everyone’s screen.)
Now, Add those numbers up and what do you get?
32+8+2 = ???
Well?
42! The meaning of the universe!

How cool is that! So take today and make it the best day you can! This only happens once (well, as long as you remove the first 2 numbers from the year). Make today the best day of your life and remember. 42 is the best number out there, today will be your lucky day!

At the time of this writing Secunia PSI was on version 1.5.0.2.

First, lets get Secunia PSI downloaded. Head on over to Secuina.com and look for the download button.

After downloading head over to where ever you saved it to, and double-click to run. NOTE: Windows may ask is you want to run the program, click yes!

Now follow the instructions. Images below will help guide you through the process.

Select a language.

Click Next

I accept the terms of the License Agreement (Don’t forget to read it!)

Select Personal Use, unless you are using it for business purposes.

More reading

Tell it where to install

Once done, click finish

It will ask if you want to run it. Say yes.

Once it starts you may see message saying “Please wait while network connectivity is verified.” Have no fear, this is normal. As soon as the program can see the servers it will continue. If you have a software firewall installed you may need to allow Secunia PSI access to the Internet.

Now onto usage!

After the program scans it will come up with a list like this. This image is a good scenario (of a bad situation), you may get one just like it or worse. If the insecure program is listed as a Microsoft product it should be dealt with by using Windows Update. I did not include how to do this because it varies from XP, Vista, and 7.

Here I’m going to update Adobe Flash Player 10.x. I click on the Blue down arrow, I get a dialog box to download the new software.

Save the file (remember where you save it to!)

Then run it! Just follow the steps for each program. In this case there were many listings for Adobe Flash Player. You only need to download it once and run it once. Once you scan again it will show them all fixed up. (FYI: The reason it lists many copies is because Flash Player is installed in several places due to different web browsers)

After you do this a few times and run windows update you can manually start the scan again. Once you are set you will see something like this.

You are set! Look at you! You have already mastered this awesome utility!

By default Secunia PSI is set to run at system startup. This may not be best if you are on a laptop, or have a very slow computer. If Secunia PSI is running you will see a little icon in the bottom left corner of your screen. It looks a little like this.

Questions?

Normally when you open an SSH connection you are presented with a password request. The down side to using passwords is that if your not paying attention you can be hit with a brute force or dictionary attack. Because you allow passwords to be used there is a chance of someone gaining access. With keys only you have nothing to fear from these types of attacks.

Here is how it works. Normally you enter a password. With keys all you need to do is form the SSH connection and the keys transmit automatically. Once the keys are paired you are connected with a shell. There are two different ways of performing key pairs. The first way is just the key. No need for a passphrase. The other is a passphrased key. I will talk about both.

First is the “no passphrase key.” In this example you will create a key, upload it to the host, then every time you connect you will not be asked for a password or passphrase. Keep in mind that by doing this there are risks involved. More on that later.

To make a “no passphrase key” you need to generate a key pair. The simplest way of doing this is:

ssh-keygen -t rsa

When it asks you for the password just hit enter. You will get an output of something like this.

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
52:b8:d4:fd:d3:f6:ef:46:d1:90:42:de:e2:94:f4:09 user@localhost
The key's randomart image is:
+--[ RSA 2048]----+
|           .E  . |
|       o . o.=o. |
|      o o . =.+..|
|     . o   + o ..|
|      o S   + o .|
|       .     o ..|
|               ..|
|                o|
|               oo|
+-----------------+

NOTE: These are test keys I generated, they won’t work after today.
This created two files. “id_rsa” and “id_rsa.pub”

Take the id_rsa.pub file and upload it to the remote system. There are several ways of doing this. You can use scp, or if you are already connected you can copy and paste the contents of the file in pico, nano, vi, vim, what ever your favorite editor it. Be sure if you use the copy and paste method you keep the entire key in one line!

For scp type:

scp id_rsa.pub @:/.ssh/

This will upload the pub file to the remote host. Once uploaded, login then navigate to ~/.ssh (your user’s home directory then to .ssh). Once there look for a file called “authorized_keys” and cat the contents of the pub file to it. If the file already exists type:

cat id_rsa.pub >> authorized_keys

If the file doesn’t exist use only one (1) “>”

For the copy and past method, cat the id_rsa.pub file to display the output. Select it. Login to the remote host. Open authorized_keys in an editor of your choice. Then paste the copied key. Make sure it stays all on one line! If you don’t it will not work. Save the file.

Once one of these two steps for implementing the key file has been completed you are good to go! You can delete the .pub file if you desire.

Now, onto part 2!

Here is where we generate passphrase keys. It’s basically the same task. When you generate a key put in a passphrase! Remember the passphrase. It is very important. Now when you login you will be prompted to enter you passphrase. This will unlock the key to be used for the connection. It should be different from your normal password.

Now, a few more little notes I want to talk about.

The problem with no passphrase keys: Without the need for a key is someone gains access to your system (like a laptop) they can gain access to any system you authorized that laptop to connect to. With passphrased keys you must type in a passphrase to authorize the key.

If you have problems make sure your ssh config is set to allow keys! Refer to your distro’s help files for more information. In the config you can also disallow passwords all together. The only way to login would be with the use the keys. The down side is if you lose your local key. If you do this method, ensure you have a backup plan. Like another computer with access keys. In Slackware Linux the lines to look for are in /etc/ssh/sshd_config

PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no

Note that it becomes a pain if you generate multiple keys for multiple machines. There are ways of doing it, but it adds longer lines to your ssh commands. You can use the same .pub file on any other remote machine you wish to connect to. I don’t know for sure if it would be considered bad practice to do so, but I don’t see what problems would truly arise.

What’s the true benefit to this instead of saving time typing a password? Security. If an attacker can’t use a password (since many users passwords are weak) it would essentially eliminate their ability to gain SSH access. What do you think if the likelihood of the attacker to guess your key. Look at id_rsa. It’s a pretty big key to guess.

In my example I’m working on a “sandbox” from home. The folders I work in have files with more than one owner. This becomes a nightmare even when I ssh in. Some might think an NFS share would be better. Unfortunately with NFS you are stuck with the current file permissions. With Samba those file permissions are given to you. That may sound a bit confusing, so let me try to clear it up a bit. Let us say there is only one file in the Samba share. User “ender” has ownership of the file. I can’t alter it. When I login with Samba the file appears to be owned by me not “ender”. Now I can do my work and when I log out the file is still owned by “ender”… wow, I don’t think I did a good job there either. Lets just say that when in comes to file permissions, Samba is the way to go.

But I need to work over ssh? Only port 22 is open from the outside. No problem!

We simply need to create a ssh tunnel. For this we already know we need to connect to port 139 on “sandbox”, and we need a local port to connect to. I would say just make it 139 also. Unfortunately for me I’m also running Samba on my local machine, and I can’t do that. So any non used port will do. How about 1139?

ssh user@remotehost -L 1139:localhost:139

Simple as that. That will connect port 1139 on your local machine to 139 of the remote host. The “localhost” actually refers to the remote host. It’s saying connect 1139 to my local machine to the remote host’s “localhost” port 139. If you are actually connecting to a windows box on that network you can “bounce” off the linux host to the windows. For more information you can refer to a previous post: Secure VNC for free for more information.

Now comes the fun part. You have 1139 on your local machine tied to 139 on the server. Now to mount the share as a local disk.

As root we mount the share.

mount -t cifs //sandbox/www /mnt/sandbox/ -o username=<username>,password=<password>,ip=127.0.0.1,port=1139,uid=<your local UID>,gid=<your local GID>,file_mode=0770,dir_mode=0770

Fill in your Samba share’s username and password, then your local machine’s UID and GID. To find the UID and GID type:

cat /etc/passwd | grep <your local username>
cat /etc/group | grep users

This assumes your regular user is part of the “users” group.
It will show 2 numbers. UID is most likely 500 or 1000, and GID is likely to be 100.

After filling in the blanks hit enter and your set! This will use the local port 1139 through the ssh connection to 139 on the server. It may seem a little slow at first, but that may be from the old server I’m connecting to.

If you want to store the info in fstab try:

//sandbox/www    /mnt/sandbox     cifs        noauto,rw,username=<username>,password=<password>,ip=127.0.0.1,port=1139,uid=<UID>,gid=<GID>,file_mode=0770,dir_mode=0770          0   0

Now for some reason I can’t quite get this to work, but others seem to have no problem with it. You can add the mount line above into your /etc/fstab file so a regular user can mount. I did this, but it doesn’t work for me. I get an error saying “only ROOT can mount this”. If you get this error try:

chmod +s /usr/sbin/mount.cifs
chmod +s /usr/sbin/umount.cifs

Like I said, it didn’t work for me, however after creating the ssh tunnel I simply open a new terminal window, su to root and then type “mount //sandbox/www” and it works fine.

Also, the reason I don’t background the ssh connection is because if it drops you may run into some problems with trying to mount it again (or even trying to use umount). I had this problem and it gave me a head ache to try to fix it without just rebooting. I’m sure I could have forced an umount.cifs, but I didn’t try (actually I didn’t realize it was actually still mounted). When logging in I recommend running a command that continuously sends data like “top”. That will help prevent the connection from being lost. If the connection is lost you must umount the share, reform the ssh tunnel, and try again.

NOTE: If you are connecting to a share on a Windows 7 box you must open 2 ports, 139 and 443 (or so I’m told). To do this open up a few terminal windows and create two separate connections. After that I do not know as I have never tried.

EDIT NOTE: I wrote this some time ago and just now got around to posting it. I hope everything works fine for you as the mount works fine for me (except under fstab for some reason). Don’t forget that by typing the command into the shell it will be stored in your history. If the password is sensitive I would recommend clearing out your history after mounting the share.

ShopSavvy and Compare Everywhere use the phone’s camera to scan barecodes! It’s pretty cool. I have both simply because they both have their own different databases. For example, what I like to do is go to at my local super store and see what movies I would like. I always cringe when I see an older movie for $25 or more. That’s when I scan the barcode. Now I can see where to go to get the better deal. Keep in mind that the local portions don’t do very well all the time. This is by no fault of the program or it’s writers. It’s just the way things are.

Below are screen caps from both programs. Thinking back when I did those shots, I don’t know why I didn’t check the same product to see how the results differ.

First up, ShopSavvy. (Click on the picture to see the full size!)
Picture Index:
1. Main Screen.
2. Scan the Barcode. See the Use Keyboard button. You can type in what you want to find!
3. It found the book just fine.
4. Two different local businesses were found.
5. And a local map showing where to go.
1  2  3  4  5

Now I forgot to take a picture, but ShopSavvy will take you to the website where you can see more on the product and if you really want to you could buy it right away. That part is the same as the other programs.

Ok, so ShopSavvy is pretty cool. Now check out these pictures for Compare Everywhere:
Picture Index:
1. Main Screen
2. Scan the Barcode
3. Get your local and online store options.
4. Just a scroll down from picture 3.
5. Lets check these guys.
6. Opened the browser and took me right there.
1  2  3  4  5  6  

Not to bad so far right? Now I want to talk about SnapTell. If my memory serves me well, this app was originally written for the iphone, but it’s the same thing in the end. The difference here is that you take a picture of the movie, book, or what ever, and SnapTell tries the find you a match. As you will see in the pictures below, I took an alright picture of the book and SnapTell still figured it out very quickly.

Picture Index:
1. The picture I took (This is an awesome book).
2. The results.
3. Took me right to the website I wanted.
1  2  3

As you can see, all three of these programs are very cool. I use them quite often. Did you find an app like these and really like it? Let me know so I can share the information.