debian – Page 2 – jig.tools

Foswiki 1.0.4 released – OSX, Windows and Debian installers ready too

Foswiki 1.0.4 has been released with more than 100 bug fixes and some small enhancements. Upgrading is highly recommended. If you did not upgrade from TWiki yet, now is a good time as Foswiki 1.0.4 fixes more around 300 bugs relative to TWiki 4.2.4.

Grab it now from : http://foswiki.org/Download/WebHome – the straight and upgrade archives, OSX installer and my Windows Installers are here.

My debian package repository now spans Foswiki 1.0.4 and 168 Foswiki extensions – its never been easier to install 🙂

see http://fosiki.com/Foswiki_debian

Over the 4 months of our project’s existence, 33 developers have been involved in making ~3000 commits – next up, the future !

debian repository for Foswiki

I’ve set up a debian repository that you can help test the release package before it gets uploaded into debian proper.

To try it out, add the following to your /etc/apt/sources.list

deb http://fosiki.com/Foswiki_debian/ stable main contrib deb-src http://fosiki.com/Foswiki_debian/ stable main contrib

and then run

gpg --keyserver the.earth.li --recv-keys 379393E0AAEE96F6 apt-key add /root/.gnupg/pubring.gpg

OR (if theearth.li doesn’t work for you) wget http://fosiki.com/Foswiki_debian/FoswikiReleaseGpgKey.asc apt-key add FoswikiReleaseGpgKey.asc

apt-get update

apt-get install apache2 foswiki

This repository contains about 281 (Apr2011) foswiki-extensions – auto updated nightly direct from foswiki.org. The packages have as many dependencies as I was able to coerce my build scripts to work out – but there is more work needed.

Foswiki delivers results.

In just 10 weeks, the Foswiki project has re-built the project infrastructure, fixed an additional 100 bugs over and beyond those we fixed in the TWiki source repository before the fork, moved to a new web application architecture (FSA) and undertaken a detailed security audit, fixing at their roots a large number of potential exploits.

Windows installer, Debian packages including Extensions, OSX installer, Virtual machine.

Additionally, we already have the following easy installers:

Windows Installer

OSX Leopard installer

Debian and Ubuntu linux

Virtual machine image

So given the over 1800 commits in 10 weeks, a release, and much much more, It seems to me that Foswiki is a success..

Download Foswiki today!

TWiki 4.2.3 JeOS Virtual Machine

TWiki 4.2 JeOS VM

mirror 1 460MB (USA) TWiki 4.2.3, (does not include VMware):

Easy installation on Windows, Linux and OSX!

Trivial upgrades of TWiki and TWiki Plugins

Summary: This package enables you to quickly and easily install a pre-configured TWiki 4.2 ‘software appliance’ on Windows, by using the free VMware Player or VMware Server – like another computer running within your computer. This generally performs better than a normal WindowsInstallCookbook approach and is easier to install than IndigoPerlCookbook (takes just 5 minutes, a bit like installing a hard disk that has TWiki and Linux pre-installed). Although running TWiki on Linux on top of Windows may seem complicated, it’s actually much simpler than installing TWikiOnWindows – no TWiki or Linux knowledge is needed to get a working TWiki installation!

This uses TWiki VM 4.2.3 released on 12 September 2008. It is installed using SvenDowideit‘s fosiki TWiki debian package repository to make upgrades, and installation of TWiki Plugins (with external dependencies) easy.

firefox 3.x on debian amd64

I’ve been running a firefox 3.0 pre-release build for ages now, and finally thought I’d upgrade – (it turns out) mozilla do not provide 64 bit binaries. The i686 build that you can download from getfirefox.org does not work on my debian amd64 system – but not everything is lost.

As I’m a developer, I’m reasonably happy to play with nightly builds – and so – http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ has what I need – today its firefox-3.1a2pre.en-US.linux-x86_64.tar.bz2.

Unziped into my non-debian firefox dir, and runs seemingly fine, except that the firefox addins won’t run, as they are scared of firefox versions that they have not been tested on 🙂

That too can be solved – edit the application.ini file, and replace the Version=3.1a2pre with Version=3.0.1 or whatever the release is that your addons are willing to work on.

so far, only VMWare’s addon won’t run – perhaps I need to set the Version lower, as it worked on Minefield 3.0pre.

http://packages.debian.org/search?keywords=iceweasel&searchon=names&suite=testing&section=all tells me that 3.0.1 is in amd64 debian testing since July 2008

VMWare’s addon to give console access won’t run in the 3.0.1 debian version either – talk about disappointing. The 3.1 nightly build seems to feel faster too, so I suspect I’ll be running that most of the time, and will look to migrate away from VMWare over time.

ever had Perl CPAN not work on your debian, even though you installed make etc?

CPAN, while incredibly useful, can be a pain, if you forget that you need to re-configure it after installing essential tools.

For example, if you make the mistake of setting up a basic, non-development Debian virtual machine, configure CPAN, try to use it, and on seeing ‘make’ errors like (from install Bundle::CPAN of all things) :
Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Running install for module Compress::Raw::Zlib Running make for P/PM/PMQS/Compress-Raw-Zlib-2.012.tar.gz Is already unwrapped into directory /root/.cpan/build/Compress-Raw-Zlib-2.012 Has already been processed within this session Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible Running make for P/PM/PMQS/IO-Compress-Zlib-2.012.tar.gz Is already unwrapped into directory /root/.cpan/build/IO-Compress-Zlib-2.012 Has already been processed within this session Running make test Can't test without successful make Running make install make had returned bad status, install seems impossible

cpan>

You install make apt-get update ; apt-get install build-essential…, only to continue to see the same errors wizz past….

CPAN really truly needs to realise that the make settings are mis configured, and tell you.

What you need to do, is to tell your cpan about it by running:
cpan> o conf init

OR, if you’ve not yet messed (configured) up your cpan, install build-essential first.

And while you’re contemplating using cpan, think hard about trying dh-make-perl instead 🙂

Ideally, CPAN should be able to realise that it can’t call make if it does not know where it is – and point this fact out, rather than making it appear as though the package being installed has an issue.

Enterprise Wiki – Debian TWiki repository updated to TWiki 4.2.2

I’ve just updated the Experimental TWiki and Plugins repository. It now contains TWiki 4.2.2 and 226 Plugins, Contribs and Skins that you can simply apt-get install

To use them, add the following 2 lines to your /etc/apt/sources.list
deb http://distributedinformation.com/experimental/ experimental main contrib deb-src http://distributedinformation.com/experimental/ experimental main contrib

then type
apt-get update
to update the available packages.

you can now see all 226 packages with apt-cache search twiki-

and install (assuming you don’t have twiki installed yet)

apt-get install apache2 twiki

Now that I’ve added external dependancies to the repository, complex TWiki Plugin like ImageGalleryPlugin is as easy as apt-get install twiki-imagegalleryplugin and then enabling it via configure.

etch:~# apt-get install twiki-imagegalleryplugin Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: defoma gsfonts libfreetype6 libgraphics-magick-perl libgraphicsmagick1 libice6 libjasper-1.701-1 libjpeg62 liblcms1 libmagick9 libpng12-0 libsm6 libtiff4 libwmf0.2-7 libx11-6 libx11-data libxau6 libxdmcp6 libxext6 libxml2 libxt6 perlmagick x11-common Suggested packages: defoma-doc psfontmgr x-ttcidfont-conf dfontmgr libfreetype6-dev graphicsmagick-dbg libjasper-runtime liblcms-utils libwmf-bin Recommended packages: libft-perl gs-gpl gs xml-core The following NEW packages will be installed: defoma gsfonts libfreetype6 libgraphics-magick-perl libgraphicsmagick1 libice6 libjasper-1.701-1 libjpeg62 liblcms1 libmagick9 libpng12-0 libsm6 libtiff4 libwmf0.2-7 libx11-6 libx11-data libxau6 libxdmcp6 libxext6 libxml2 libxt6 perlmagick twiki-imagegalleryplugin x11-common 0 upgraded, 24 newly installed, 0 to remove and 15 not upgraded. Need to get 11.2MB of archives. After unpacking 25.4MB of additional disk space will be used.

You will still need to use configure to enable Plugins.

Please report your experiences to me – bugs, gripes, you name it – its a work in progress. and I need your help!

Debian TWiki repository now with 212 TWiki Plugins, Contribs, Skins and more.

I’ve just updated the Experimental TWiki and Plugins repository. It now contains TWiki 4.2.0 and 212 Plugins, Contribs and Skins that you can simply apt-get install

then type
apt-get update
to update the available packages.

you can now see all 212 packages with apt-cache search twiki-

and install (assuming you don’t have twiki installed yet)

apt-get install apache2 twiki

and TWiki Contrib installation is as easy as

apt-get install twiki-bugscontrib

You will still need to use configure to enable Plugins.

Please report your experiences to me – bugs, gripes, you name it – its a work in progress. and I need your help!

defense against the dark arts? (Cross site scripting and Cross Site forgery)

I was having a discussion with someone on IRC about how TWiki is vulnerable to Cross-site scripting and Cross-site request forgery, and we realized that there are 2 possible approaches to securing TWiki effectively (both requiring a unique magic number for all URLs):

add a pre process to the TWiki::UI system, requiring a valid and unique magic, and a post process step between rendering and output to the browser
use a small proxy system between TWiki and browsers to add and validate the magic

is actually still risky as all scripts still are able to output directly to the browser using a =print= statement, thus giving the user urls that may not have a necessary magic in the url, or similarly for AddOns that persist in not using resthandlers.

whereas 2. abstracts the security from the application server, in much the same way as it is for ssl – goodness all round.

So – I wonder if there is such a proxy already?

There are also massive performance reasons why you should always have a proxy between browsers and heavy application servers like TWiki – this too could do with filling out.Securing TWiki is not as simple as converting all actions to POST (ie using proper REST / HTTP) because there are too many legacy conveniences, allowing GET URL’s to act upon the data. But, by delegating the securing of the transactions to an external wrapper, I think we can avoid these flaws.
see Wikipedia on Cross Site Scripting and Cross-site request forgery

Firefox 3 pre release builds includes 64bit

I’ve been using firefox 3 on my notebook since beta3, and loving its lower CPU and memory needs, but have been frustrated by the lack of 64 bit builds for my 8Gig RAM desktop development and VMWare system.

It seems that they have been building 64bit binaries for quite some time – see their nightly build dir.. http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/

NICE!