Can government be run like the Internet, permissionless and open? Coder and activist Jennifer Pahlka believes it can — and that apps, built quickly and cheaply, are a powerful new way to connect citizens to their governments — and their neighbors.
It has been years since PAM was hit by a serious bug in PAM, but people who upgrade to libpam-systemd version 44-1 can find that sudo stops working. Reading the bugreport on Debian and FreeDesktop.org it doesn’t look promising as it also effects other distributions. For now it may be wise put systemd on hold in case the package transfers from unstable to testing.
About a month ago a transition in Debian took a wrong turn for systemd users. This ended in systemd users who where unable to shutdown there system, but recently a newer version was uploaded to unstable solving this issue. So time to unlock the block packages and upgrading systemd to version 37-1.1 and blocked packages.
$ echo "bootlogd install" | sudo dpkg --set-selections $ echo "initscripts install" | sudo dpkg --set-selections $ echo "sysvinit install" | sudo dpkg --set-selections $ echo "sysvinit-utils install" | sudo dpkg --set-selections $ echo "sysv-rc install" | sudo dpkg --set-selections $ sudo apt-get install -t unstable systemd libpam-systemd libsystemd-daemon0 libsystemd-login0 bootlogd initscripts sysv-rc sysvinit sysvinit-utils
Only remark after upgrade as for the last time a normal reboot isn’t possible since the system already looks at the new location, but a `halt -f` solves that.
I have been a VirtualBox user for a long time, but since I’m now looking more closely at BtrFS I also took a closer look at what is in $HOME. VirtualBox harddisks and ISO-images are a large chunk of it and maybe the time has come to look at a different solution. One of the plans is to move virtual machines to a dedicated machine instead of running some on my workstation when I need them. This could give me more options for longer experiments as then my personal data doesn’t has to share the same encrypted volume with the virtual machines.
As VirtualBox is mainly a desktop solution, then the other options are Xen and KVM for now. I picked KVM as it is shipped with RHEL6 and part of the vanilla Linux kernel since 2007. Also there is a nice (remote) management solution and closer integration in GNOME 3.4 in the form of GNOME Boxes. So the time has come to give it a go and first we create a line in /etc/fstab to mount the BtrFS subvolume.
LABEL=datavol /var/lib/libvirt btrfs defaults,relatime,nodiratime,subvol=libvirt 0 0
Now we create the BtrFS subvolume and mount it. Afterward we install all required software and make a user member of the right group. It is important to note that one needs to logout and login afterwards. These right are only needed when doing local maintenance.
$ sudo btrfs subvolume create libvirt /media/btrfs-datavol $ sudo mount /var/lib/libvirt $ sudo apt-get install qemu-kvm virt-manager virt-viewer virtinst $ sudo usermod -a -G libvirt <username> </username>
The machine is now able to run virtual machines if it has an CPU with Intel-VT or AMD-V technology. And the first tests with Debian 6.0, Solaris 11 and Windows 7 looked very promising. The management interface is very clean and people who have worked with Solaris Container the commandline tool virsh is also a good option. One thing that seems to be missing is a storage snapshot option as in VirtualBox, but if it is a real miss I doubt as most images are on BtrFS and BtrFS supports snapshots on subvolume level.
For now KVM appears to be a good and free alternative for VirtualBox and VMWare. It may need some more love in the future, but for now it deserves some more testing from my side together with SELinux for stronger separation of virtual machines. Maybe I can say goodbye to DKMS for recompiling VirtualBox modules with every release and the Qt-toolkit as dependency for VirtualBox and switching back on the default GTK toolkit on my machine.
In the past I already removed Flash and Mono from my systems due to security concerns, but since CVE-2011-3544 it was the final call for Java. It took some dependency checking as Debian was replacing OpenJDK with GCJ or vice versa in most cases, but the command below finished that on a lot of systems. I said farewell to NetBeans a long time ago since it was to slow on my system and the only thing left was LibreOffice Base that needed to be removed as well.
$ sudo apt-get remove --purge libgcj12 libgcj-common gcj-4.6-jre-headless \
libgcj12-awt default-jre-headlessThis action also made me wonder about the state of LibreOffice as it is mainly a big blob of code on the system like Firefox is as well btw. I read on there website somewhere that making Java an option is a long term goal, but will it be enough? For now it should be, as I prefer my documents in OpenDocument-format. When the next GTK3 based version of Abiword and Gnumeric are released I need to do some testing again to see if they support OpenDocument now better.