Debian: Force users to use more secure login password with pam_cracklib

One of the factor that makes your system easily crackable is the weak password. PAM cracklib forces users to choose stronger password by analyzing the password strength, length and entropy.

To enable pam_cracklib in Debian / Ubuntu operating system, you need to install libpam_cracklib:

sudo apt-get install libpam_cracklib

Then edit the “/etc/pam.d/common-password” file using your favorite editor. Then, add and uncomment the following line at the end of the file.

password required pam_cracklib.so retry=3 minlen=6 difok=3

difok determines the number of same characters that allowed to be present in the old and new passwords.

How to use rsync to backup and synchronize files to USB drive

Portable USB drive (sometimes called pendrive) has gained popularity as a medium for storing documents. Computer users would work on the files that they store on the usb drive and occasionally would copy them on their computer, or vice versa.

However this would cause problems if there’s a lot of files being worked on and transfered between usb drive and computers. Valuable time might be lost solely for identifying which of the files are more recent and need to be updated.

Fortunately there’s ‘rsync’, a tool which can be used to synchronize files between the computer and usb drive. Assuming you use Debian or Ubuntu, you only need to start ‘synaptic’ and select ‘rsync’ package. Once installed, start the terminal application and you can begin synchronizing the files using this command


$ rsync -r -vv /home/username/Documents/ /media/your_usb_drive

The general format of rsync command is :

$ rsync -r -vv <local document directory> <remote backup directory>

rsync only updates file which has been changed and would save time and precious harddisk space from maintaining duplicate files.

A Windows version is also available at : http://www.rsync.net/resources/binaries/cwRsync_3.1.0_Installer.zip

Quick Way to upgrade to Ubuntu 10.10 Maverick Meerkat

Ubuntu 10.10 Maverick Meerkat release is just around the corner!

Here’s how to upgrade Ubuntu 10.10 Maverick Meerkat using bash shell

sudo sed -i 's/lucid/maverick/g' /etc/apt/sources.list && sudo aptitude update && sudo aptitude dist-upgrade

sudo aptitude install update-manager-core
sudo do-release-upgrade -d

That’s it! Happy upgrading!

How to make JavaME .jar files downloadable from Apache Web Server

Mobile application developers may have realize that one of the best (and recommended) way to distribute their JavaME/J2ME application is by hosting it on a website. This makes it easier for potential users to navigate and download the .jad or .jar files from their phone browsers and to execute it directly.

However, some web servers are not configured to handle .jar / .jad file requests, eventually leading to failed install response received by the mobile users.

To remedy this, .jad / .jar files need to be associated with the correct MIME type. In Apache, you can do this by creating ‘.htaccess’ file in your web directory, and inserting these lines :

# JavaME
AddType text/vnd.sun.j2me.app-descriptor .jad
AddType application/java-archive .jar

Afterwards, safe the file. The web server should behave accordingly when requests are made to either of these files. For other web servers, please refer to their respective manual or online-help on how to change document MIME type.

How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu

Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).

What do you need?

  • apache2 (Web Server)
  • openssl
  • A bit patient, because it will take some time to learn

Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.


openssl genrsa -des3 -out server-sec.key 4096

…and certificate signing request (CSR)


openssl req -new -key server-sec.key -out server.csr

After that, generate the server certificate by signing it with the server key.

openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt

Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.

openssl rsa -in server-sec.key -out server.key

By this time, you should have :

  • server.key (passwordless key for Apache)
  • server.csr (certificate signing request)
  • server.crt (certificate)
  • server-sec.key (server key)

Continue reading “How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu”

Upgrade Pidgin to solve Yahoo messenger Issue

Regarding the previous post Solving Pidgin Yahoo Messenger Connection Problem , the temporary solution may not work anymore as Yahoo already upgraded their server to accept newer authentication mode.

Pidgin logo

The good news is, users can download the latest Pidgin release (2.5.7) in order to keep connected with Yahoo Messenger.

For Ubuntu users, Pidgin 2.5.7 is available for download from the Click-and-Run GetDeb.net portal. Just select Pidgin package, and choose to open it with gdebi.

Hopefully you can solve the Pidgin login problem through this post.