Matthew Ames

Category: Tech (page 1 of 2)

Sticking with Fedora

I’ve decided that, when I start my new job, I absolutely will be sticking with Fedora. While Ubuntu 16.04 has brought with it PHP 7.0, I was amazed to find that it didn’t have the latest version of docker-compose, meaning that it needed to be installed via python-pip, rather than just from the repos. I find this to have been a very silly oversight, and just happens to be one of many oversights that seem to plague the distro. I’m not going to bash Ubuntu, because it’s really rather wonderful, but I’m at the point now where I can say that it’s no longer for me.

Fedora is has certainly become my de facto when it comes to Linux. Sure, it may sometimes slip when it comes to releases, but it does a great job of keeping on top of new technologies (except PHP 7.0, for some reason). Gnome always stays up to date, as does Firefox, though I’m using the Dev edition these days for e10s support.

Gnome Boxes is also considerably better within Fedora, which is my favourite tool for virtualisation. Virtural Machine Manger is nice and all, but it’s depth of options makes it take so much longer to boot in to a VM. Boxes has support for quick installs of CentOS, so I can bash out a VM in next to no time.

Finally, one of the cool features for wanting to play around Ubuntu was LXD, but really, it’s just LXC with a different interface, but it just isn’t as portable as Docker, which is what I’m really starting to love using in my day to day.

Ubuntu vs Fedora

For about the last year I have been using Fedora on my computers, but since the release of Ubuntu 16.04, I thought I’d give that a go. While they both work extremely well, there are cons to both, and so I cannot reconcile which I would like to install when I start my next job and get a brand new laptop. Here are the cons I have so far, and I hope that writing them down will help me.

Ubuntu Fedora
Not an RPM based distro (CentOS is default at new job) Fewer packages
Does not track Gnome upstream Often slow at updating packages (Firefox, openssl)
Gnome Boxes doesn’t work so well No LXD
Requires Unity Tweak Tool to be of any use Requires Fedy to be of any use
Often fails to fix issues in applications NIH Unpredictable release cycle
Overrides Online Accounts tool Documentation nowhere near as good as Ubuntu
Starting to feel stale, stuck with Unity 7. Proprietary driver support lacking
Even LTS desktop can be buggy
Heavy system requirements

Part of me thinks that I might use Fedora on my desktop, but Ubuntu on my server (where updates are critical). Ubuntu 16.04 already ships with php 7, but Fedora is very far behind the curve here, and it’s that which often frustrates me. Maybe there is no simple answer, and I should just install Fedora and rely on Docker and VMs for anything I need which isn’t in the repos.

Installing Apache/PHP7.0-FPM in Ubuntu 16.04 Xenial Xerus

With recent versions of Apache, it has become a lot easier to use PHP-FPM, and with Ubuntu 16.04 being packaged with PHP 7 when it is released later this month, I thought it was worth a quick how to use all these technologies together.

Firstly, you will need to install the required applications, which this one simple command:

sudo apt install apache2 php

That’s not too different to how you would have installed it in previous versions of Ubuntu, and it will default to Php 7.

Now that they’re installed, there is a small amount of configuration needed. Run these simple commands in this order:

sudo a2dismod mpm_prefork php7.0
sudo a2enmod mpm_event proxy_fcgi
sudo a2enconf php7.0-fpm
sudo systemctl restart apache2

Now that should be everything complete.

Revert tracking protection back to ON for all sites

Previously I discussed how to turn on Tracking Protection in Firefox, which has been a great boon to my browsing activity. The problem with this is that Firefox doesn’t have any way of letting you know what sites have had tracking protection disabled, so you can visit a site with tracking protaction turned off without realising it. Fortunately, Firefox stores a lot of it’s information in sqlite, which is an easily modifiable format.

The first thing you’ll need to do is find your Firefox profile path. You can do this by typing about:profiles in to your browser url bar. Look for the “root directory”, and that’ll be where you profile is stored. It is important that you now close firefox completely, otherwise the permissions will not take affect.

Now, with your favourite Sqlite3 editor, you simply need to open permissions.sqlite and run the following query:

select * from moz_perms where type = "trackingprotection" and permission=1;

This will list every site which has Tracking Protection switched off, and will look something like this:

3|http://independent.co.uk|trackingprotection|1|0|0|1458588325092
4|http://www.buzzfeed.com|trackingprotection|1|0|0|1458829675197

To then turn protection back on, you simply need to delete those lines. A command to do so will look a little like the below, where I have put the id from the first column of the above list in to the query.

delete from moz_perms where id=3;

Once that’s complete, you can load your firefox, and you’ll see all of the tracking protection permissions set back to normal.

Online advertising has to change

A couple of days ago, I posted about how to enable Tracking Protection in Firefox. While I understand the importance of blocking potentially bad ads, I’d never really been in a situation where I was likely to be caught out by any, especially because I avoid sites which have a greater chance of being susceptible to being compromised. However, today it was announced that many major websites, including the BBC and New York Times were targeted, and their adverts were compromised to server ransomware to US visitors.

Although these sites are not sites which I would normally visit often, they are sites which I would have previously deemed OK, and would have disabled all ad-blocking should the sites request that I do so. After all, these institutions are worthwhile and cannot continue without our support, and if that comes in the form of ads, then so be it.

Now the game has changed, and advertisers need to change their practices, or else browsers and ISPs are going to start blocking all ads by default, stripping them, and the sites that serve ads, all of their revenue. Mobile company Three have already been reported to be working on ad-blocking on the network level, so this technology is not far out.

If the advertising companies can work together with browser manufacturers Google, Mozilla, Microsoft and Apple, I’m sure they can come up with a harmless way of displaying ads. Firstly they need to show only ads which are not harmful to a user, and secondly they need to be able to adhere to user preferences.

Security

One of the major issues with advertising through browsers is that an advert is only as secure as the policies of the advertising company. While some of the big players will check for potential compromises, many do not. It should be a matter of process that any advert is checked for known security issues, especially those written in flash.

Secondly, there is no way of knowing if an advert has been modified somehow to include bad content. Because of this, I propose that all ads should be cryptographically signed. This means that no asset can be downloaded for an advert without it being passing checks, such as confirming the GPG signature. The advantage to such an approach is that a browser can be configured to only show signed adverts, and hide anything else which fails the checks.

User Preferences

A user should be able to chose on the following hierarchy which adverts they would like to see:

  • Video adverts with sound
  • Video adverts
  • Animated adverts
  • Image adverts
  • Text adverts

Such a hierarchy would help those users who are on metered internet, and cannot download too much without facing penalties. A desktop browser should default to Video adverts, and a mobile browser to Image. In my own personal experience, I have had two video ads try to download simultaneously on a site while I was using mobile data. I had checked just before to see my data usage, and was shocked to note that it had gone up by 10M after the page had finished loading. This is clearly not acceptable, and must be stopped. By setting the option it means that, rather than stopping all ads, we can reach a compromise which puts the user in charge again.

Conclusion

At the moment we are behind the attackers when it comes to security, and the weakest link in the chain is the one which is causing all of the problems. With more an more talk of ad-blockers being a protection racket, it’s about time the advertising companies took the time to understand the reasons for the shift in public attitudes — especially in the non-technical who are slower to pick up on technologies such as ad-blockers. Making changes to browsers stopped the scourge of pop-uips, and now it’s time we did the same for inline ads.

Olderposts

Copyright © 2019 Matthew Ames

Theme by Anders NorenUp ↑