2012-04-22

Who is user jetty and why does he have an account on my machine?

As some people can tell, I have installed Fedora 17 on one of my systems at home.

The work laptop (a very nice IBM thinkpad T500) is about dead due to a TSA checkup from last FUDcon and has never been able to handle any of the GNOME-3 updates (I tried Fedora 15 and 16 for a short while but the system would auto-shutdown from heat overload after a bit.)

I had gotten an ASUS laptop for the Christmas of 2010 which had been used to deal with various "Windows" software that was needed for our neighborhood association and for me to play around with Cygwin. I finally decided I had done enough of that for a while, and it was time to play around with Fedora on it to see if how it would run. I had also tried Fedora 15 and Fedora 16 LIVE on the system, but had found it rather flakey in its graphics.. After reading Adam Jacksons and others updates to the X server I figured I should give 17 a go.

Install Trial #1. Since I have to keep the Windows side until my time on the association board is over.. I decided to resize the Windows partitions to fit Fedora on it. I had read that Fedora could do this but found out that this feature was no longer available, or that something with the laptops Windows 7 NTFS was not recognizable. Never fear,  ask.fedoraproject.org had the answer I needed: reboot into Windows and use its built in tools.

Install Trial #2. Install the Beta from the DVD. The install went very well though I wish some of the pages could have been replaced with the ones that will show up in Fedora 18. I went through and customized the packages I had installed so that I would get my evil vice: emacs. Laptop rebooted and firstboot got all my information ready for me. Login showed up and there was user jetty (well actually I missed it at first, but realized it when I could not log in with my password.)

Finally log in as smooge, and tada! Look I have a GNOME3 desktop. System seems pretty zippy and windows are much smoother on this system than when I had used the LIVE images (either on USB or Cdrom).

So who is Jetty? The jetty user comes from my choosing eclipse to install. jetty is a java server that the eclipse-platform package requires. I am guessing there is a packaging bug somewhere that is causing the "user" to show up as a possible login. The reason is

jetty:x:995:992::/usr/share/jetty:/bin/sh

A quick bugzilla 815177 and we have done our minimal testing duty. Now to start learning how to use the Fedora 17 desktop as a new Fedoran would.

2012-04-05

Mailman Passwords: How Fedora IT is dealing with them

Fedora uses Mailman software to run its mailing lists which for all its strengths is showing its age. One of its biggest irritants is its password system. Back in the stone age of the 1980's mailing list software was usually dealt with either by archaic email commands to some sort of list server software, or would have to have user changes done by a list administrator (mainly because it might take 8 or so emails to be able to get some versions of the mail software to put you on vacation or change your email to digest, UUCP or whatever.. and it only took 1 email to the list administrator to get it done.)

When the web came around in 1995 or so, various mailing lists added software to allow users to "self-service" themselves without having to try and reach the list administrator. This had great benefits but "griefers" also found it great to unsubscribe people, change their options, etc etc. So the creators of mailman put in passwords to stop this, and because they knew that the first thing people would do is forget the password they put in a monthly reminder email system.

These days those of us with many email subscriptions usually call the first of the month "Happy Mailman Day" as we get multiple emails telling us that we are subscribed to devel@lists.fedoraproject.org and we chose the password "spew-guts-twiggles" as our password in case we want to change some options. Now this is all fine if we don't use spew-guts-twiggles to password protect our bank.. but some people will use the same password in multiple places.

In order to combat this, most mailing lists have the following text:

Your email address:  
Your name (optional):  
You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.
If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options. Once a month, your password will be emailed to you as a reminder.  


However as one can guess, this isn't read by many people and password reuse becomes normal. After a bunch of work, Fedora Infrastructure has hopefully fixed it so that password reuse won't happen for mailing lists anymore.


  1. We found all accounts whose mailman password matched their FAS password and we changed those passwords.
  2. We removed the options on the mailman servers to allow for passwords to be set in the first place. It turns out that if we remove those two fields in the file.. mailman will just create a password for you and email that to you instead. [Mailman 3.0 has this as the default and when it is in beta state we will look at upgrading to it. It will also have a some other work that Fedora is helping with but that should be covered by the people doing that work.]
tl;dr. Mailman passwords allowed for a place where passwords could be reused and stored in the clear. Fedora IT has reset passwords we knew were reused and turned off the ability for people to enter in bad passwords again. Further changes will be done as needed.


Steps to install Fedora Linux 17 on a Trim Slice Pro

So you have heard of this ARM thing, but can't wait to get a Raspberry pi to plug into your TV. There are various other models on the market.. and for my first one to try, I got a Trim Slice Pro. Here is a shortened, no frills setup instructions.
  1. Buy a Trim Slice Pro
  2. Wait two weeks for delivery.
  3. Get onto freenode IRC and join #fedora-arm. If things don't work this is where you will need to get help from.
  4. Acquire needed extra parts
    1. An external USB keyboard.
    2. An external USB mouse
    3. A serial crossover cable to another system.
    4. A network cable to plug into your local lan. **
    5. A SD card to do an initial install on. I bought a 32 GB. I recommend staying away from Kennsington
  5. Plug in the system and play around with Ubuntu Natty. For extra fun, do an OS upgrade to 11.10 and brick the system.
  6. Download blc (Brenden Conoboy)'s latest image for the OS.
    1. wget http://blc.fedorapeople.org/fedora-arm/f17/fedora-arm-17-latest-armhfp-trimslice-mmcblk0.img.xz
    2. unxz fedora-arm-17-latest-armhfp-trimslice-mmcblk0.img.xz
  7. Set up SD card (I have a 32 GB card so we will go with the following).
    1. insert card into system.
    2. dd if=fedora-arm-17-latest-armhfp-trimslice-mmcblk0.img of=/dev/mmcblk0
    3. sync; sync;
    4. remove card from system
  8. Power off the trimslice if you had it on before.
  9. Insert card into system and reboot trimslice. The card will need to be inserted upside down versus the way you expect :).
  10. Boot the box.. if you have plugged the disk into a monitor.. you can unplug it now. Currently the nvidia driver is propietary and Fedora does not support it. You will either ssh in or use a serial console.
  11. Look at your router to find out what DHCP and mac address came up. If you can, you can put this into your router for a more static setup later.
  12. either use the serial console or ssh into the box
        ssh root@192.168.18.223 # found via router
        Password: fedoraarm
  13. The system will have started the steps to resize the downloaded arm image to disk space. You should do the following and check to see if it worked.
      fdisk -l
    
    The size of /dev/mmcblk should show that the /dev/mmcblk0p2 is now the size of the disk, but a df will show it not the right size.Time to reboot.
  14. After the 2nd reboot a resizefs should be running in the background and you should have a working system to start installing packages to.


But wait.. what good is a box that has no monitor? Well not much for desktop people.. but for a server it is pretty darn useful. Future articles will show the following:
  • Setup of serial console (I didn't get my crossover cable yet).
  • Setup of nvidia drivers for those who want a desktop more than purity.
  • How to start a kickstarter to pay for a developer to port a free video driver
* I would like to thank Dennis Gilmore, DJ Delorie (of the DOS GCC fame) and Brendan Conoboy for their advice and not throttling me as I was pretty clueless on this adventure.

** I am assuming you have a local network plugin and a DHCP (most router/modems have this built in). I found that the trimslice built in wireless did not work as well as I hoped without an external antenae, and I also found that having a wired connection allowed for you to ssh into the box directly.