Search This Blog

Wednesday, October 25, 2017

Ubuntu 17.10 review -- Installing

I installed Ubuntu 17.10 this week, a couple days after it came out. I'll be posting my first impressions in a few posts.

I bought a new SSD to replace my HDD, because SSDs are so much faster. That meant that i did a clean install to a blank hard drive, not an upgrade from 17.04.

My original plan was to create a few partitions -- /boot, /, /var, /home. I reached the installation type screen:
Screenshot not mine. Taken from Google and linked to the source.

I chose the manual partitioning to set it up as i like. I did not create a swap partition, because supposedly this version is supposed to use a swap file.
When i went to click install now, i got this message:
Force UEFI Installation? This machine's firmware has started this installer in UEFI mode but it looks like there maybe existing operating systems already installed using BIOS compatibility mode, If you continue to install Debian in UEFI mode, it might be difficult to reboot into any BIOS-mode operating system.
I don't know why it's detecting other OSs when the disk is literally empty. Also, i now can't click on anything -- not go back, continue, or even the X. Known bug, apparently. I'm stuck opening the system monitor and killing the installer. :(

Take 2. When i reach the partitioning step, i follow the advice in the bug tracker to create a FAT32 partition, then modify to EFI after clicking go back. Unfortunately i can't click go back again.

Take 3. Create the FAT32 partition and set it to have a mount point of /boot/efi.

Take 4. Create the partition directly as EFI. Again, no dice.
Getting really fed up with the installation process here.

I head to restart the computer, to make sure i'm starting with a clean slate and nothing broken from all those times killing the installer. After clicking reboot, i get hit with a black screen with text that ends in:
A start job is running for Hold until boot process finishes up (4min 3sec / no limit)
I wait out the 4 minutes, then give up and have to REISUB. Frustration level: shaking fist at computer. Literally.

I read here that it can have to do with leaving the "download updates" option checked in a previous step, so this time i tried unchecking it. When i reach the manual partitioning step, i don't even remember now what i tried, but it didn't work.

Game over. I give up and go for the automatic partitioning. I opt for full-disk encryption and LVM. It says it's creating partitions for EFI, boot, root, and swap. Swap? I thought it used a swap file, not partition. Whatever, doesn't make a difference.

Finally finish installing. REISUB to reboot the live USB again, and finally i'm in!

I am very impressed with the speed of the new SSD. On my HDD, it took around a minute from booting till i had a usable system and could open apps. On the SSD, around 8 seconds.

I don't know why it was so hard to do manual partitioning this time; i've done it in the past without such a problem.

Final verdict: Grrrrr.

Sunday, September 10, 2017

Install Internet Rimon Root Certificate on Linux

I had a bit of trouble with this; i decided to post the solution for anyone else.

Internet Rimon is an Israeli ISP for "kosher" (filtered) internet. Because they check each page, they want access to your encrypted pages also. To enable this, you need to install a root certificate from them. (If you don't, you get an invalid certificate error, and pages with HSTS enabled simply won't load.) I know, filtered internet and FLOSS don't usually go together, but sometimes you're not in control...
Apparently it's not to difficult to get around their filtering (use a VPN), but i decided it wasn't worth my while and i'll just play by the rules.

On a "normal" (read: Windows) setup, you go to their certificate download page and choose your browser. There are 4 options: IE, Chrome, Firefox, Safari (Mac only).
I don't know this is specifically set up for Windows yet. I'm using Chrome, so i pick Chrome.

Chrome (and IE) take you to a download for a myca.reg file, which is for modifying the Windows registry, arguably the simplest solution for a non-technical user (3 clicks and you're done). Needless to say, this doesn't work on Linux.

So now i try the Firefox option. The image instructions seem even simpler (on Windows) than for Chrome. Downloading the file gets you a myca.crt file, the actual certificate, which is what you need. It is available at the time of this writing here. Opening the file on my Ubuntu machine brought up a viewer with an option to import, so i clicked, but it didn't work (sites still blocked). It could be i needed a restart; i didn't check (update: didn't work after restart).

To import it into Chrome, open settings, scroll to Privacy and Security (or search for cert), and click on manage certificates. You will see 4 tabs: Your Certificates, Servers, Authorities, and Others. There is an import button in the middle of the screen. Don't click it. I tried this at first and came up with a missing private key error.
Go to the Authorities tab and import from there. You'll need to check at least the first box (Trust this certificate for identifying websites); i didn't bother with the rest. The CA name is Netspark. You are now good to go.

For Firefox, open preferences, go to the advanced tab, then certificates. Choose the authorities tab and import. Same instructions as for Chrome.

Note that this does not install it as a root certificate on the computer, so other programs (e.g. command line) trying to access secure sites won't work.

For completeness, the Safari option downloads a .dmg file, which probably (i haven't tested) applies system-wide and will work on Mac no matter what browser you're using.

Saturday, February 25, 2017

You are about to view sensitive medical information, please take appropriate privacy measures

My medical clinic has an app. You can make appointments, view lab results, medical history, etc.

I logged in to make an appointment. As it was connecting, it tells me "You are about to view sensitive medical information, please take appropriate privacy measures." OK, sounds reasonable.

Now let's take a step back. How did i log in? Was it with a username and password? A one-time verification code texted to me? NO. It was with my government-issued ID number and birth year!

I am indignant! That isn't even private information! The number of places my ID number and birthday appear -- publicly and privately -- is shocking.

You don't even implement a secure login and have the chutzpah to tell me to watch my privacy?!

I am going to write to them and complain as soon as i figure out who to send it to.

UPDATE: It appears that this easy login only works for making appointments. Viewing any other information requires your ID, randomly-assigned username, and password, which i suppose counts as secure enough.