Every once in a while, you'll realize you've got a corrupt or missing file, maybe caused by recovery from a failing hard drive, or an accidental deletion of something important.  If you're not sure what package the damaged file is from, then one way to solve this would be to force a reinstall of every currently installed package.

While technically, this could be done manually, but considering there are usually upwards of a couple of thousand packages installed, that could take quite a while.  There are a lot of postings around the Internet asking how to reinstall all packages on a Debian or Ubuntu Linux system, but no real answers that I've found as to how to do it in an automated manner; so, I wrote this little script to do it.

It's actually quite simple to do, but it can take a long time to run this script, as it reinstalls each package individually.  This isn't a problem, as there are no dependency issues, since all dependencies are already installed, even if some may be corrupt at the beginning of this process.  The last machine I ran this on, though (which, admittedly, was a 2.8 GHz Celeron with only 1 GB of RAM, so take that time with a grain of salt) took somewhere in the neighbourhood of 12 hours to completely download and reinstall a touch over 2300 packages. 

Save this code to a file called reinstall_all.pl, make it executable, and run it.  A few hours later, all your packages will have been reinstalled, so any file corruption should be eliminated.

The code:

#!/usr/bin/perl
$\="\n";
$packages_file = "/tmp/packages.txt";
system("dpkg --get-selections | grep -v deinstall > ".$packages_file);
open(my $fh, "<", $packages_file);
while(<$fh>)
	{
	@package = split /\s+/, $_;
	print "Reinstalling package: ". $package[0];
	system("apt-get install --reinstall ".$package[0]);
	system("apt-get clean");
}
close $fh;

See?  Pretty simple.  Dump the current package list to a file, then read each line of that file, pull out the name of the package, and reinstall it using the standard system commands.

Hopefully this makes things a little easier for someone having issues with file corruption.

If it doesn't, you may have to add an extra system() call to do a dpkg-reconfigure just before the apt-get clean line, something like this:

system("dpkg-reconfigure ".$package[0]);

That will mean some prompts will come up during the process for any package that has configuration options, such as MySQL on Debian.  While it will slow things down a little, it's still much quicker than doing everything manually.

 

 

* This article has been updated.

It's been just three weeks since Microsoft ceased support for Windows XP, and it has already been announced that a vulnerability in all versions of Internet Explorer from 6 up through 11 would allow a complete compromise of the affected system.

This vulnerability is present on Windows XP, which comes with Internet Explorer version 6, and supports Internet Explorer 7 and 8.  Due to Windows XP's end of life, this flaw will never be patched on Windows XP, leaving a significant percentage of computer users with an unsupported, potentially insecure operating system.

The only safe way to continue using Windows XP at this point is to immediately cease all usage of Internet Explorer.

NOTE: Before using either of these methods, it's a good idea to make sure you have another browser already installed on the computer, as it would be difficult to download the installer without any browser.

Some suggestions:

Mozilla Firefox

Google Chrome

 

For Windows XP Pro

NOTE: This is a more complicated method than the next one listed, but it's also more difficult to reverse by someone using your computer, so it's probably safer in the long run.

On Professional versions of Windows XP, this can be enforced using group policy, either on a domain networked computer, or a standalone computer. For a standalone computer, follow these steps under an administrator account:

  1. Click Start, then Run....
  2. In the Run dialog, type gpedit.msc and click OK. This will bring up the Group Policy editor.
  3. In the left hand frame, under the User Configuration tree, double click Administrative Templates.  This will expand a subtree.
  4. Within this expanded subtree, click System.
  5. In the right hand frame, find the entry for Don't run specified WIndows applications.  Double click it.  This will bring up the settings dialog for the configuration option.
  6. Click the Enabled radio button (the "circular checkbox") close to the top. This should enable the Show... button beside List of disallowed applications.
  7. Click the Show... button. This will bring up the list of currently disallowed applications (titled Show Contents), which is probably empty.
  8. Click Add... at the right hand side.  In the text box that comes up, type iexplore.exe and click OK.
  9. Click OK in the Show Contents window.
  10. Click OK in the Don't run specified Windows applications Properties window.
  11. Close the Group Policy editor.

 

For Windows XP Home or Pro

For computers running Windows XP Home with at least the Service Pack 1 update, the following is the only easy method to prevent Internet Explorer from running, although this method also works on Windows XP Pro with SP1:

  1. Click Start, then All Programs.
  2. At the very top of the program list, there should be an entry for Set Program Access and Defaults. Click it.
  3. In the dialog box that displays, there are three radio buttons: Microsoft WindowsNon-Microsoft, and Custom. Click the Custom radio button.
  4. In the section for Choose a default Web browser, find the entry for Internet Explorer, and clear the checkbox labelled Enable access to this program
  5. Click OK, and all standard shortcuts for Internet Explorer in the start menu, and on the desktop, should be deleted.

 

UPDATE: Regardless of the fact that Windows XP was out of support when this vulnerability was discovered, Microsoft did, in fact, decide to release a patch for XP.

Despite this, another vulnerability was announced on May 21, 2014, by ZDI, (after notifying Microsoft of the problem on Oct 11, 2013) that will similarly provide the ability for an attacker to completely compromise your computer.  As of now, no announcement has been made by Microsoft to fix this problem on Windows XP, so the danger of using Windows XP has increased significantly since its April 8 end of life.

If you have an SSL certificate, whether it be for a secure website, an SSL VPN tunnel, or what have you, it's going to have an expiry date.

If you let this certificate expire, it may result in anything from scary warnings to your website visitors, through to your VPN ceasing to work.

An easy way to check the expiry date of your certificate, on either Linux or Windows, is to use OpenSSL.  This is usually included in most Linux distributions, but it's a separate free download for Windows.

To display the expiry date, use this command:

openssl x509 -noout -in <certificate file> -dates

Of course, this can easily be scripted on either operating system, and the results emailed or texted to you.

Keep on top of your security certificate expirations.  It's important stuff.

The Linux operating system (along with most Unix and Unix-like systems) has user accounts set by default to a restricted user, meaning system-level changes cannot be made without elevating permissions.  For this purpose, the sudo command can be used, which temporarily provides elevated root-level permissions to run a single command. This functionality is similar to the more recently implemented User Account Control on Windows.

Normally, when you try to elevate using sudo, you have to type in your password.  This can be annoying when you need to perform a series of commands, typing in your password for each one.

If you're the only user on your computer, you can enable sudo to operate without a password.

This is accomplished simply by adding the line:

user ALL=(ALL) NOPASSWD: ALL

to the /etc/sudoers file.

Note that it's still not recommended to leave your system like this, as any piece of software run on your machine can potentially use this to gain root permission and do something malicious.  Unless you properly vet all software you run on your machine, you should disable this setting as soon as is reasonably practical.  Since I can pretty much guarantee that all software you run is not properly vetted, it isn't safe to leave this setting permanently.

DNS is the service which your computer uses to translate domain names, like www.google.ca, to an IP address, like 192.168.1.1, that your computer uses to actually route your network traffic to its destination.  Think of it like the phone book of the Internet.

I don't know of a single ISP in my area that hasn't had some kind of a failure with their DNS service at some point.  This basically mean that, despite the fact that your connection to the Internet is working perfectly, you can't browse, check email, or anything else you regularly do online, simply because your computer doesn't know where to find any of the online services you're trying to use.

To counter this, there are several organizations that provide public DNS servers.  Combining several of these in your network setup will mean a single failure will not prevent you from using the Internet as normal.

This also has the advantage of not providing your entire browsing history to your ISP through their DNS logs. (Yes, there are other ways for them to monitor your browsing, but most require some forethought and setup on their part.)

NOTE: Only some of these have been tested and verified as working by CB Services. 

  1. Google DNS.
    • 8.8.8.8
    • 8.8.4.4
  2. OpenDNS
    • 208.67.222.222
    • 208.67.220.220
  3. Norton Safe Connect (no commercial use - https://dns.norton.com/dnsweb/homePage.do)
    • 195.85.126.10
    • 195.85.127.10
  4. Level3 (these appear to all be on the same subnet, so a single router failure at Level3 would take them all out.  Not good as a sole DNS provider.)
    • 4.2.2.1
    • 4.2.2.2
    • 4.2.2.3
    • 4.2.2.4
    • 4.2.2.5
    • 4.2.2.6
  5. Cisco
    • 128.107.241.185
    • 192.135.350.69
  6. SpeakEasy
    • 66.93.87.2
    • 216.231.41.2
    • 216.254.95.2
    • 64.81.45.2
    • 64.81.111.2
    • 64.81.127.2
    • 64.81.79.2
    • 64.81.159.2
    • 66.92.64.2
    • 66.92.224.2
    • 66.92.159.2
    • 216.27.175.2
  7. ORSC Public Access DNS Servers
    • 199.166.24.253
    • 199.166.27.253
    • 199.166.28.10
    • 199.166.29.3
    • 199.166.31.3
    • 195.117.6.25
    • 204.57.55.100
  8. Sprintlink General DNS
    • 204.117.214.10
    • 199.2.252.10
    • 204.9.212.10
  9. Comcast
    • 75.75.75.75
    • 75.75.76.76
  10. UUNet
    • 198.6.1.3

 

This article will be continually updated as more public DNS servers are discovered.

More Articles ...

  1. Using SetUID on shell scripts in Linux/Unix/BSD
  2. How to reset Internet Explorer settings
  3. Simply Accounting crash - Someone else is already using the program under this name. Please use a different user name or try again later.
  4. Update Fuji S1000FD/S2000HD firmware with Linux, BSD
Page 1 of 2

Computer Services