JDPFu.com 2025

About a month ago, an editor at a large blog website followed one of my links in a comment there back here and offered to republish the story. I was already seeing increased traffic from that link on their site – like 10x more than my normal daily traffic – and it scared me. I don’t have the bandwidth to handle that sort of traffic and my Ruby on Rails blog software … er … pretty much sucks from a scalability perspective. What did I do?

May 2021 Update

• Added kernel, header, module removed command to purge them from APT.


• Clarified /forcefsck options, slightly.

Jan 2020 Update
A little cleanup.

June 2018 Update
The big ideas below haven’t changed. Really the main change is to using apt instead of aptitude or apt-get for package management. apt is a newer, simpler, front-end to apt-get that does some housekeeping things automatically. I’ve been using apt for about 2 yrs.

Nov 2015 Update
If you want 5 years of support for your Ubuntu system, then it is important to check the Ubuntu Release Support webpage to verify the official support dates. For example,

• 14.04.1 support ends April 2019
• 14.04.2 support ends August 2016
• 14.04.3 support ends August 2016
• 15.10 support ends July 2016
  What does this mean?
  Use aptitude update on 14.04.1 systems to maintain the LTS support. If aptitude dist-update is used, then support time is significantly reduced. For a desktop that will be updated to 16.04 LTS, it probably doesn’t matter. For a server that will not be update before August 2016, this is very important.

2014 Update
After years of using apt-get, I’ve finally seen the aptitude light. Aptitude has solved a few dependency problems that apt-get puked over. It is smarter. Now I’m recommending that aptitude be used over apt-get. That is the only change below and for almost every common use, swapping apt-get for aptitude is the only change. That is the situation in this article. I did not update any comments to reflect this change. Learn more about aptitude from the Debian Wiki.

2013 Update
With newer Linux installs, there has been a huge problem with old kernels not being cleaned up automatically. For some people, this has caused their package manager to get stuck with an out of storage error. Until they can remove the issue, their system is stuck in APT-Hell. Not good at all. This article has been updated to add cleaning up kernels to the list.

Original Article Continues

I decided to write this entry after reading an article over a Lifehacker by Whitson Gordon titled What Kind of Maintenance Do I Need to Do on My Windows PC.

What kind of maintenance do I need to do on my Ubuntu/Debian/APT-based PC? Good question. It is pretty simple … for desktops. This article is for APT-based desktop system maintenance, NOT for Linux servers. Linux servers need just a little more love to stay happy. I haven’t used RPM-based distros in many years, so I’m not comfortable providing commands to accomplish the things you need to do, but the methods will be similar.

Let’s get started.

Install System and Application Patches/Updates

This will patch the OS and all your applications.

$ sudo apt  update; sudo apt full-upgrade

Done.

Don’t worry. This only updates the current distro to new packages and new kernels. It will not install a new release. If you need to stay on the current kernel, use

sudo apt safe-upgrade

. I’ve needed this only a few times in 15+ yrs of being a Linux administrator.

The apt manpage is pretty good and explains the subtle differences between upgrade, safe-upgrade and full-upgrade options. man apt will show it.

Read about more tips below.

There’s an old SSL/TLS security hole (from 11/2009) that has been out and patched for over a year (since 2/2010), but it appears that many major websites haven’t bothered patching it. CVE-2009-3555

The guys over at ssltls.de have a list. Seems that consistently patching is tough for many organizations. The list is pretty shocking for who is and isn’t patched. Take a look and be afraid. There are lots of big banks on the unpatched list. Scary. The list is not comprehensive, so just because your site or bank aren’t listed, doesn’t mean they are consistently patched.

• home.americanexpress.com is patched, but
• www.americanexpress.com cannot be confirmed as patched.

There are attacks in the wild that take advantage of this issue. I need to check whether my SSL sites are vulnerable too. Here’s an SSL checker

I hope you will indulge me and allow a non-technology post.

Recently I found myself with a bottle of Coconut Rum and didn’t know what to do with it. I like rum and I love coconut, so this was a good problem to have. Google to the rescue, but as much as I enjoy rum AND coconut, nothing tasted as good as a Piña Colada using the standard mix in a bottle from my local grocery. That seemed sad to me, so after trying a few recipes like

• Coconut Cola (great if you like coconut and rum and cokes)
• Coconut Orange (a little too tangy for me)
• Goombay Smash
• Rummple
• Deep-7
• A Day At The Beach
• The Bianca Pop (good to get an evening started)
  You can find more coconut rum drinks.
  I decided to try to smooth some of the bite a few of those drinks had by mixing things I liked, while not getting too complex. I call it TheFu:

TheFu Recipe

Use a Highball Glass

1. 3 oz orange juice
2. 3 oz pineapple juice
3. 1 1/2 oz coconut rum
   Fill glass with 50% crushed ice, add rum, then add both juices and stir.

Nothing too complex, but the OJ and Pineapple really complement the coconut rum. Without both juices, there’s just a little too much bite for me. I tried drinks with just 1 or the other. It was a tough day of experimentation. ;) Sure, there are other drinks that can be made with a few other ingredients, but I was
a) thirsty
b) without those other ingredients.

The Piña Colada is still very tasty, but who wants a 350 calorie drink all the time when a 200 calorie drink that is pretty easy to make, without any mess, no blender to clean up, is just slightly less tasty? I still like the coconut rum and coke just as much, but as long as there’s OJ and pineapple juice in da house, this new drink will be it.

Perhaps I need to pick up some grenadine?

7/3/11 Update: Seems there’s a very similar recipe to TheFu called Jack-is-Back

• 2 oz Coconut Rum
• 2 oz Pineapple juice
• 2 oz Orange juice

similar, but not quite.

Adobe has decided to stop development for their fairly new Adobe-AIR platform on desktop Linux. For some reason, they will continue development on Android. Huh? Doesn’t Adobe know that Android is Linux?

AIR on 64-bit Linux Sucked

I tried AdobeAIR on a 64-bit Linux desktop about a yr ago to try a stock tracking app. It was slow and heavy so I removed it. Where I work, we dislike proprietary solutions that force vendor lock-in. AIR will not be installed on any of our machines regardless of OS and we advise our clients of the issues with AIR and all proprietary tools. The same applies to Silverlight. We won’t install it here and recommend that our clients do not as well. I would remove Flash if there wouldn’t be a revolt and I’ve already removed Adobe Acrobat from all our systems. We use alternatives with better security (or just fewer attackers). Adobe management doesn’t seem to understand how to build software that can be secure. They certainly haven’t shown a desire to do this based on the number of unfixed zero day exploits published continuously.

Whenever I visit a new website and they ask me to create a new login, I always wonder how that data is stored, especially the password. Some clues to poor password management:

1. plain text
2. hashed without a salt
3. reversible
4. support knows it
5. the system can email your password back to you
6. the system displays your password on a web page.

Theres a website that tracks sites with poor password management called PlainTextOffenders.com . That site estimates that 30% of all websites aren’t handling passwords appropriately. If you know of an offending website, let the plain-text-offenders know and publicize it. Sometimes that spotlight is enough to get the company to change.

Many of us backup important data to optical disks like CDROM or DVD media. Over time, that media is known to fail. This means that every 5-10 years, a plan to migrate all the critical data to newer media needs to be included. It also means that when data is stored to this type of media, steps should be taken to protect the data. Recently, I had a need to pull some data, old family movies, from a DVD. The movies were stored as xvid/mp3 data inside an AVI container. Anyway, after loading the disk onto a network drive, the movie began playing, then abruptly stopped about 2 minutes into the hour long movie. I have other copies on other media … somewhere, but this would be a good opportunity to try a contingency plan that I’ve been using for at least 10 years.

Read more below.

What should kids know to be reasonably safe? That’s a tough question.

Below is a draft Kid-Safety Checklist for parents to work through with their kids.

All kids do need to know these things.

Today I wanted to add another OS to a netbook, an Asus Eee. My common practice is to boot a gparted ISO from a USB flash drive, move some data and partitions around and add a new logical partition to the end of the extended partition space. Write everything back out to disk. Then I’d boot the install disk/ISO and install to that newly created partition. Life was good, usually.

Today, I was greeted with gparted showing unallocated for the entire drive, all 160GB – unallocated. Ouch. This is the first time I’ve had partition table issues, ever, in over 20 yrs.

The folks over at PenDriveLinux have been busy. They have a new version of their multi-boot creation tool for flash drives, YUMI (Your Universal Multiboot Installer). YUMI-0.0.1.7.exe is the current released version, replacing MultibootISO.

The MultibootISO tool never worked for me. I was using unetbootin to load a single ISO onto a single flash drive, but often I’ve needed gparted, then DBAN, then PARTIMG, then an full Linux like Ubuntu 10.04 or Puppy or TinyCore. With YUMI, you can have all of those on a single flash drive and select which to use at boot time. It seems to work fine.

They finally added an Unknown ISO option so ANY ISO you have with a distro can be added to the boot menus. The boot-up screens are automatically organized nicely by type of tool.

I just placed about 5 ISO files onto a single 2GB flash drive. As I write this, Android-x86 is booting on a netbook. SWEET! I can’t wait to try it out for an hour or so before trying out the new MeeGo x86 release. As long-time readers know, I run Maemo today, so MeeGo would be the next update for that device.

Well, I’ve attempted to boot 3 different OSes.

1. MeeGo failed almost immediately.
2. Lubuntu displayed the boot screen, asked for a language and eventually failed.
3. Android x86 was left to boot for over 30 minutes – the ……………. just kept coming.

The gparted ISO that I specified didn’t show up in the boot menu – I used a different ISO at the 3rd decimal point – mine was newer. I probably should have put it into the Unknown ISO group.

Some Good News

SpinRite did work perfectly. It is running now across all the partitions to refresh any lazy bits.
I moved the gparted ISO into the Unknown ISO group. Hopefully, it will work better there.