Saturday, May 31, 2008

VMware Tools kernel support status for VMware Workstation 6.0.4

The new VMware 6.0.4 Workstation module package builds perfectly on Ubuntu 8.04 i386 with the latest kernel. The 6.0.4 VMware Tools package still doesn't completely build on 2.6.25 kernels (like Fedora 9's latest). The vmghfs and and vmblock modules fail to compile. In case you might wanted to know :-)

Wednesday, May 28, 2008

Do the exploits for the recent Adobe Flash 0-day affect Linux?

Hell no. But a lot of sites suggest so by naming it an vulnerability in Flash Player and talking about exploits for both IE and Firefox. This suggests the vulnerability gets exploited *inside* the browser, affecting all common platforms, no?

No. Research shows that Linux is no more vulnerable for this specific than it was for the Storm worm. The exploits currently in the wild specifically target Windows. .exe files usually do, and that is what this exploit is made out of: .exe files.

The fact that downloaded .exe can be executed without any alterations in the file (setting and execute bit, for example) makes exploiting this vulnerability a lot easier on Windows.

Nevertheless, know that though the *exploits* do not work on Windows, the hole in Flash probably *does* exist on all platforms. The version on my Ubuntu box is one of the flawed ones mentioned on the SANS pages. So it might be possible to exploit the hole on Linux. It just won't be that easy and honestly, not as rewarding either. There's a lot less of us, and there's even less of us that are going to be so helpful as to chmod +x the exploit files ;-)

Edit: I am not a Flash developer, Mozilla developer or anything like that. The above is not a guarantee your Linux box won't be hacked through any of these exploits and vulnerabilities: I have been known to be wrong, on rare occasions.

Tuesday, May 27, 2008

Layout change

I got really fed up with the blue-and-pink lines template that took forever to render, so I changed the site a bit. A bit more friendly on the eyes :)

Thursday, May 15, 2008

Adobe leading the way? Of all people?

It happening, however odd this may seem: Adobe is leading the way. The company that hardly ever seemed to care about Linux in the past, has now released Flash 10 beta for *all* popular operating systems. Of course, I installed the beta on my fairly new Hardy install.

I noticed a couple of things which you might find useful. First of all: Flash 10 seems to have Pulseaudio support built in. That *is* good. I removed the old player, removed the extra lib in installed (see this post) and downloaded the beta from here. It's a matter of downloading, untarring and running the packaged installer. Yes, you read it correctly: "installer". And it actually does more than just copying the file: it does a lot of checks on architecture, browser, directory, version of glibc etc.) .

Second: it seems amazingly stable for a beta. Admittedly, I haven't tried to do a lot with it yet, but playing a couple of videos over different tabs of Firefox and playing Rhythmbox at the same time works wonderfully. No crashes, mixing is nice (install pavumeter and pavucontrol for this, trust me.) and...

Three: it's amazingly fast. For the untrained eye of sub average Flashplayer user (that's me), the opening sites like Youtube.com is fast and smooth. Again, I admit, I'm not a heavy user, so if someone tells me tomorrow Flash 10 is just a recompile of 9 with a different version number: sorry :)

Anyway, I'm using too many words again. Point is: Flash 10 *might just rock*. And it's from that company that never took Linux very seriously. Well, things can change...

Tuesday, May 6, 2008

Sound problems in Hardy? Multiple sources not working?

Hardy now uses Pulseaudio as the default sound backend in Gnome. Though this is a good development (esd wasn't maintained anymore, various apps use different sound backends), this also creates a lot of problems.

For me, the situation was as follows: I have an Intel HDA sound chip on my mainboard. Very low tech by today's standards, but otherwise works fine. My sound setup was the default as I had done a fresh install Hardy. This gave me a sound setup that either work for Pulseaudio (which is a drop-in for esd), so I had Rhythmbox working, or worked for Firefox (Flash), depending on which I started first. That sucks. Sometimes you want both at the same time, or just pause on to run the other, not closing it completely.

I think I have that working now pretty well. This is how it goes:

  1. First, install some extras: libflashsupport, libasound2-plugins and libsdl1.2debian-pulseaudio. These are libs to support Pulseaudio for Adobe's Flash, for Alsa and for SDL. The SDL lib will replace the default Alsa backend for SDL. The Flash lib will need no extra configuration, but I hear this is notoriously instable. I haven't noticed this myself, but ymmv.
  2. Now either create a /etc/asound.conf file, or a .asoundrc in your home. I have both, but then again: I have been tinkering.
  3. This is what goes into your /etc/asound.conf:
    pcm.pulse {
    type pulse
    }
    ctl.pulse {
    type pulse
    }
    pcm.!default {
    type pulse
    }
    ctl.!default {
    type pulse
    }
  4. Then run "asoundconf set-pulseaudio" to fix up your personal Alsa configuration to redirect to Pulseaudio.
  5. Profit!
For me, this gives a situation in which Flash sound works, Rhythmbox works and Totem sound works. All at the same time. Good :) Again, ymmv, but it doesn't hurt to try this.

I know libaflashsupport was left out intentionally and that it is prone to destroying everything in a 5 mile radius rather frequently. But it hasn't done so for me yet, so for the moment, I'll settle for using it and having sound instead of not using it and not having sound :)

For more information, try reading through this bug.


Monday, May 5, 2008

Installing VMware Workstation 6.0.3 on Ubuntu 8.04

Quite trivial really and works on both the 32-bit and the 64-bit versions:
  1. Download and tar zxvf the tarball from vmware.com
  2. cd to vmware-distrib and run the vmware-install.pl perl script
  3. When the installer asks you whether it should run the vmware-config.pl for you, answer no. The installer then quits.
  4. Now, download the vmware-any-any-patch, preferably from here
  5. Untar the patch in, say, /tmp. Then cd to /tmp/vmware-any-any-update116 and execute the runme.pl perl script.
  6. Continue through the whole script and fire up VMware Workstation as normal :)
I haven't tested this on 64-bit, but I am assuming this will work fairly well: I used VMware Workstation on 64-bit machines in the past and after the modules are compiled (that's what the patch is for), all should work as expected.