Logbook - page 3

  • Debian on the Tuxedo InfinityBook

    This is the first installation report after some time. Ok, it is not as detailed, as previous ones, but that is not necessary. I have created an installation report for Debian on the Tuxedo InfinityBook. The InfinityBook is my new notebook and I’m very happy with it. It is fully supported by Linux, light weight, small, quiet, powerful and has a fair price. What more could you wish?

    If you are looking for a new notebook with Ultrabook specs that is supported by Linux, check my special page for the InfinityBook.

  • efaLive 2.3.beta image for the RaspberryPI

    Finally, I managed to create a first beta image of efaLive for the Raspberry Pi. I have tested it on a Raspberry Pi 1B. It more or less works as described in the efaLive documentation. Besides the users efa and root, you have the default pi user. The language and keyboard layout is English per default. Feel free to test the image. For more information check the efaLive page.

  • How to destroy a project

    Yesterday there have been many mails on the debian-live mailing list. A few people entered a bug that announced a new piece of software called ‘live-build-ng’. The author of ‘live-build’, Daniel, complained about the name, because it is very close to the name of his package. Then the people behind the new package explained that ‘live-build-ng’ will replace ‘live-build’ in the near future, as the name already suggests. This disappointed Daniel so much, that he announced the end of the ‘live-build’ project. You can find his full post on the mailing list (or in his temporary blog).

    I would like to say thank you to Daniel, who made a great job in inventing and developing ‘live-build’! I feel very sad, that a few people attack a project leader who spent a huge amount of time to develop ‘live-build’ in such a way. They have no right to do that and there is no reason to choose a package name like ‘live-build-ng’ instead of attacking Daniel.

    We will see what tool chain I will use for efaLive in the future. Maybe there will be a fork of the original ‘live-build’ project.

    I wish all the best to Daniel. I hope you recover from this demotivating situation soon. Thank you!

  • efaLive 2.3 running on RaspberryPI

    Finally I found the time to try to run efaLive on a Raspberry Pi. It was less effort than expected. You just need a Raspbian installation that you upgrade from Wheezy to Jessie. This can be done by exchanging “wheezy” by “jessie” in /etc/apt/sources.list. Then run apt-get update and apt-get dist-upgrade. This will take a lot of time, but at the end you have a Debian Jessie based installation. Now add deb http://efalive.hannay.de/debian jessie main to /etc/apt/sources.list and run apt-get update and apt-get install efalive (ignore the missing GPG key for now). Many dependencies are installed now. At the end everything is ready to run efaLive. Just configure raspi-config to boot into the GUI and put the following lines into a file /home/efa/.xsessionrc:

    1
    2
    
    #!/bin/bash
    exec ~/.xinitrc
    

    Now you have to change the autologin user from “pi” to “efa” in /etc/lightdm/lightdm.conf. From now on, the efaLive Kiosk environment should start automatically.

    Maybe I can provide a complete image for the Raspberry Pi in the future, we will see.

  • Secure SSL configuration for Apache 2.2

    Finding a secure and compatible Apache configuration that is dealing with all the nice vulnerabilities in SSL and TLS handling is not an easy task. I always try to use an optimal configuration for my Apache 2.2. There are many threads in the Internet, but often the recommendations there don’t work, because they are for Apache 2.4 or outdated. Often it is hard to find out, which version of Apache is dealt with in such a thread. Anyway, it might be helpful for others, so here is my configuration that gets an A+ at SSL Labs. It works with Apache 2.2.29.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    LoadModule headers_module modules/mod_headers.so
    
    SSLProtocol all -SSLv2 -SSLv3
    SSLCompression Off
    SSLInsecureRenegotiation Off
    SSLHonorCipherOrder On
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    
    SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!EDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
    

subscribe via RSS