The news from the Windows front has been that there is a new update to Windows 8.1, which is supposed to cure all of the failings of Windows 8/Windows 8.1. From the reports that I have seen, many folk are disappointed. Apparently, the update doesn’t provide what they had been hoping for.
Apart from the disappointment, it does seem that this is a required update. Future updates to Windows 8.1 are expected to build on this update.
So I went ahead and installed the update. Or, at least, I attempted to install the update. It’s a large update, with something like a 750M download. There were several other updates in this weeks collection, so I told Windows to install them all.
Well, I’m not actually doing much other than being alert. In this post, I’ll go through my decision process, and hope that is a useful guide to others.
What is “heartbleed”?
“Heartbleed” is the name being given to a bug discovered in the openssl code. Its name comes from the bug being in the heartbeat code, the code that keeps ssl connections alive. A recently discovered bug allows attackers to access server memory, leaving no trace of their activity. Bruce Schneier calls it catastrophic, and that assessment is probably correct.
My first step was to assess my risk. And my next step was to apply the update available from opensuse. I used Yast online update for that, though using “zypper” at the command line, or using the update applet for your desktop should do just as well. Normally, I do updates on Mondays and Fridays, just before I boot to Windows to allow it (Windows) to update its anti-virus tables. Although I assessed my own risk as low, I decided it was worth an extra update check and reboot. I rebooted after the update, so that running software would all be using the updated version of the libraries. Read More…
I was having problems on an older computer, with some hints that it might be a disk failure. The only way to be sure, was to replace the hard drive and see if that corrected the problems. The old drive was a WD 320G SATA 1 drive. I purchased a WD 750G SATA 3 drive as replacement. I looked at smaller drives at Amazon, but some of them appeared to be refurbished. So I went with a clearly new 750G drive.
Replacing the drive
The computer, itself, is a Dell Dimension C521, purchased in 2007. Replacing the drive turned out to be relatively easy. No tools were required. I had to pull on a latch to take off the panel. Next, pressing a lever, I could lift out the DVD, and unplug its cables. Then I unplugged the connector on the sd-card reader, pressed the same lever, and slid that back so that I could lift it out. And then I could slide the disk drive back enough to lift it out, disconnecting the cables as I did so. I reversed those steps to install the disk drive and reinstall the other components.
I recently tested the firefox extension “KDE Wallet password integration“, mainly in response to an opensuse forum question. So I thought I would post a review of it here.
I tested this in my test-user account, rather than my regular account. I had long ago decided that I probably didn’t want this extension for my regular use. I’ll also explain that below.
What does it do?
The main purpose of this extension, is to allow firefox saved passwords, such as you might use to login to web sites, to be saved in KDE wallet (or “kwallet”), instead of the usual place where firefox saves it. This protects the saved passwords, assuming that you have set a password to open kwallet. And it allows you to keep passwords for various software components, all in the same place.
My initial report on milestone 0 was based on running from live KDE media. I have since installed (twice), so I am able to provide a little more information.
My first install was from the live KDE image (on a USB). That did not go well, and left me with a broken system. Other folk appear to have had a similar experience. So I advise against trying that.
My second install used the 64bit DVD image (again, on a USB). I installed on a UEFI box, though that is probably not very relevant. While there were some problems, this install gave me a working system. The problems that I encountered could be resolved. Milestone 0 is early in the development cycle, so it was expected that there would be problems. That’s why these early versions are released for testing and uncovering problem. Read More…
I have already mentioned this in my previous post, where I wrote:
I could not get secure boot to work on the Think Server. Or, perhaps it works, but opensuse is broken. If I turn on secure-boot, then I cannot boot opensuse.
The problem appears to be a limitation in the firmware of the ThinkServer. My thanks to Gary Lin, from the suse team, who provided the insight needed to track the problem down. For full details of the discussion, see Bug 869786.
Apparently the opensuse file “shim.efi”, used for secure boot, is digitally signed by both the Microsoft UEFI key and the opensuse key used for secure-boot. It turns out that the firmware on the ThinkServer does not support multiple signatures, so does not recognize “shim.efi” as properly signed.
Gary Lin explained how I could remove the second signature. With that done, I retested and secure-boot then worked.
I am guessing that there is probably other hardware out there, with the same limitation.
As mentioned in my previous post, I have set the new computer to prefer UEFI booting. In this post, I want to say what I am seeing in terms of the UEFI implementation.
The ThinkServer seems to handle UEFI best, if I disable CSM (compatibility support module). That disables legacy booting. UEFI still works with CSM enabled, but is a bit more messy. At the moment, CSM is enabled, but I will probably leave it disabled most of the time, enabling only when I need to boot a legacy system.
The F12 key on boot
If I hit the F12 key on boot (while the logo is showing), I am given a menu to use to select the current boot source. That is similar to what I have seen on my Dell. This is useful for one-time selections, such as when trying to boot from a DVD or USB. The normal boot default gives USB flash drives highest preference (after the non-existent floppy), hard drives next, then DVD/CD. Hitting F12 allows changing that.
One of my computers was having problems. I might try replacing the disk drive and see if that helps. However, it is an older computer, so I decided that I needed a replacement.
I looked at several sites, including Dell and HP. I also looked at Amazon. One of the computers that showed up in the Amazon listing of desktops, was the Lenovo ThinkServer TS140. And it looked interesting, and reasonably priced. The Amazon reviews were mostly quite good. After a few days to think about it, I decided to go with the ThinkServer.
The release cycle for 13.2 began today, with an announcement of milestone 0:
This is early in the development cycle. The final release is expected to be in November. For the last few months, the development team have been enhancing OBS (open build service) and other tools, in preparation for work on 13.2. Development work on 13.2 continued during that period, but no beta releases until now.
I have downloaded the distro. I then booted a live KDE USB (64bit version). It loaded smoothly and ran without problems on my laptop (with Intel graphics).
Some of the features mentioned in the announcement will be hard to test without first installing. I’m not sure whether I will be installing milestone 0. At present, the computer I use for most testing is having hardware problems, though a replacement box is on the way.
My opensuse install includes several graphic login managers, so I decided to try them all out. This post will report my experience with them. In particular, I will be discussing:
- kdm – this is installed as part of the KDE pattern;
- gdm – this is installed when you install Gnome;
- lightdm – this appears to come with XFCE;
- lxdm – the login manager for LXDE
- xdm – a standard and tradition part of a basic Xwindows install.
During testing of 13.1 pre-release versions, I also installed enlightenment. Apparently, that comes with “entrance” as a login manager. But I do not currently have that installed, so I did not test it. My experience with enlightenment was unenlightening.