Thursday, May 29, 2014

Logical Expressions with OSX grep

Show me a simple, working example of how to use logical expressions with the grep command that comes with OSX.

Crickets.

Problem

OSX Grep Sucks.

Solution

Replace OSX grep with GNU grep.

$ brew tap homebrew/dupes
$ brew install homebrew/dupes/grep
$ brew install pcre
$ alias grep='ggrep'
$ grep --version
ggrep (GNU grep) 2.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Mike Haertel and others, see .


Try it out


$ npm outdated | grep -E 'uglify|html'

uglify-js                          1.3.3     1.3.3     2.4.13  grunt-modernizr > uglify-js
maxmin                             0.1.0     0.1.0      0.2.0  grunt-contrib-uglify > maxmin
strip-ansi                         0.1.1     0.1.1      0.2.1  grunt-contrib-uglify > chalk > strip-ansi
async                             0.2.10    0.2.10      0.9.0  grunt-contrib-uglify > uglify-js > async
optimist                           0.3.7     0.3.7      0.6.1  grunt-contrib-uglify > uglify-js > optimist
readable-stream                 1.1.13-1  1.1.13-1   1.0.27-1  grunt-contrib-jshint > jshint > htmlparser2 > readable-stream
entities                           1.0.0     1.0.0      1.1.1  grunt-contrib-jshint > jshint > htmlparser2 > entities
strip-ansi                         0.1.1     0.1.1      0.2.1  grunt-contrib-htmlmin > chalk > strip-ansi
glob                               3.2.9     4.0.0      4.0.0  grunt-contrib-htmlmin > html-minifier > cli > glob
commander                          2.1.0     2.1.0      2.2.0  grunt-contrib-htmlmin > html-minifier > clean-css > commander
async                             0.2.10    0.2.10      0.9.0  grunt-contrib-htmlmin > html-minifier > uglify-js > async
optimist                           0.3.7     0.3.7      0.6.1  grunt-contrib-htmlmin > html-minifier > uglify-js > optimist


warning: CRLF will be replaced by LF in .gitignore.

Warnings

If you get the following warnings...


$ git status

warning: CRLF will be replaced by LF in .gitignore.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in .jshintrc.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in Gruntfile.js.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in package.json.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in .jshintrc.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in Gruntfile.js.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in package.json.
The file will have its original line endings in your working directory.
On branch master
Changes to be committed:
  (use "git reset HEAD ..." to unstage)

 modified:   .gitignore
 modified:   .jshintrc
 modified:   Gruntfile.js
 modified:   package.json

Untracked files:
  (use "git add ..." to include in what will be committed)

 .bowerrc
 .sass-cache/
 .tmp/
 Gruntfile.js_ORIG
 bower_components/
 build/
 dist/
 frontend/
 karma.conf.js
 test/bower_components/
 test/unit/


... then you probably just cloned a project that was created on the MS Windows platform and git is auto-converting the files to the unix line endings. That's a good thing, assuming you're on a Unix platform.

MS Windows apps typically put append a hidden CR + LF characters on the end of each line of a text file.

Global Settings

Run the following command to git to convert all CRLF line endings to LF before it stores it in the commit:

$ git config --global core.autocrlf input


Run the following command to prevent git from adding updates whose only function was to change the line-ending:

git config --global core.safecrlf true


If you get errors like the following, that means that the git config --global core.safecrlf true command is working.


fatal: CRLF would be replaced by LF in .bowerrc.
fatal: CRLF would be replaced by LF in .gitignore.
fatal: CRLF would be replaced by LF in .jshintrc.


...In which case, you will want to run the dos2unix command below.

Convert Cloned Files

Run the following commands to convert those CRLF line endings to LF and to update the .gitattributes file to auto enforce the LF line endings.

find ./ -type f -exec dos2unix {} \;

Notes

Though I have never had a problem with a dos2unix, it is potentially destructive, so you may want to backup your files before you run this or be more selective on which files you run it against.

Local Settings

Git allows you to set the line ending properties for a repo directly using the text attribute in the .gitattributes file. This file is committed into the repo and overrides the core.autocrlf setting, allowing you to ensure consistent behaviour for all users regardless of their git settings.

echo "# LF (not CRLF) for line endings" > .gitattributes 
echo "* text eol=lf" >> .gitattributes


Notes

If git encounters files with CRLF endings, it will display the following warning messages, which you probably should see.


warning: CRLF will be replaced by LF in .bowerrc.
The file will have its original line endings in your working directory.
warning: CRLF will be replaced by LF in Gruntfile.js.
The file will have its original line endings in your working directory.


If you really want to hide those warning messages for this project, you run the following:

$ git config core.safecrlf false


I hear that if you develop in MS Windows then autocrlf=false should keep the endings consistent between local and remote and local git repos. Good luck with that.

Add the following to your .gitattributes file:

$ echo "* text=auto" >>.gitattributes


If you have a pre-existing local repo, then also run these commands to rebuild the index:

$ rm .git/index
$ git reset



References

https://help.github.com/articles/dealing-with-line-endings

OSX Find Command to Exclude Directory

Given this directory structure, let's get a list of all files that are not in the node_modules directory.

Given Directory Structure


$ git add-commit 'added frontend'
$ tree -C -d -L 2
.
├── javascript
├── less
├── node_modules
│   ├── grunt
│   ├── grunt-cli
│   ├── grunt-contrib-concat
│   ├── grunt-contrib-less
│   ├── grunt-contrib-uglify
│   └── grunt-contrib-watch
└── public
    ├── css
    └── js


Find command to exclude node_modules


$ find . -not -path "*node_modules*" -type f
./Gruntfile.js
./javascript/app.js
./javascript/function.js
./less/style.less
./package.json
./public/css/style.css
./public/index.html


Spaces in Filenames Cause git add-commit Error

Using my handy git add-commit command failed with a pathspec error

$ git add-commit 'added frontend'
fatal: pathspec 'bower_components/modernizr/media/Modernizr' did not match any files


Looks like the error is caused by files with spaces in the filename:

$ git untracked|grep Modernizr
bower_components/modernizr/media/Modernizr 2 Logo.ai
bower_components/modernizr/media/Modernizr 2 Logo.eps
bower_components/modernizr/media/Modernizr 2 Logo.pdf
bower_components/modernizr/media/Modernizr 2 Logo.png
bower_components/modernizr/media/Modernizr 2 Logo.svg


Temporary fix

Run the following command to generate git add commands that wrap the filename with a quote character:

$ (IFS=$'\n';files=(`git untracked|grep Modernizr`);echo "RUN THE FOLLOWING COMMANDS:";for file in "${files[@]}"; do echo "git add '"$file"'"; done)

RUN THE FOLLOWING COMMANDS:
git add 'bower_components/modernizr/media/Modernizr 2 Logo.ai'
git add 'bower_components/modernizr/media/Modernizr 2 Logo.eps'
git add 'bower_components/modernizr/media/Modernizr 2 Logo.pdf'
git add 'bower_components/modernizr/media/Modernizr 2 Logo.png'
git add 'bower_components/modernizr/media/Modernizr 2 Logo.svg'


Try again...


$ git add-commit


Success.

Enhance the add-commit command to handle spaces in filenames

Changed


$ git config --global alias.add-untracked '!git add $(git untracked)'


To


$ git config --global alias.add-untracked '!f() { files=(`git untracked`);for file in "${files[@]}"; do cmd="git add \""$file"\""; eval $cmd; done; }; f'



Note

In my git add --update :/ post, I show the "best" git commands to add, commit and push your code changes to your git repo.


References

http://lexsheehan.blogspot.com/2014/05/git-add-update.html
http://lexsheehan.blogspot.com/2014/05/process-array-of-values-in-bash-shell.html

Wednesday, May 28, 2014

Suppress jshint "undefined" Warnings (and more)

If you are getting jshint errors like the following...

app/scripts/my_test.js
  line 8   col 1  'describe' is not defined.
  line 10  col 9  'it' is not defined.


... Just put the following globals section in you .jshintrc file

    "globals"   : {
        /* MOCHA */
        "after"      : false,
        "afterEach"  : false,
        "before"     : false,
        "beforeEach" : false,
        "describe"   : false,
        "it"         : false
    }   


Example .jshintrc file

{
    "node": true,
    "browser": true,
    "esnext": true,
    "bitwise": true,
    "camelcase": true,
    "curly": true,
    "eqeqeq": true,
    "immed": true,
    "indent": 4,
    "latedef": true,
    "newcap": true,
    "noarg": true,
    "quotmark": "single",
    "undef": true,
    "unused": true,
    "strict": true,
    "trailing": true,
    "smarttabs": true,
    "jquery": true,
    "globals"   : {
        /* MOCHA */
        "after"      : false,
        "afterEach"  : false,
        "before"     : false,
        "beforeEach" : false,
        "describe"   : false,
        "it"         : false
    }
}


More Granular

By File

Put this at top of file to suppress variable unused warnings:

/*jshint unused:false*/


If you get errors like the following...

'MyClass' is not defined.


... you can put this at the top of your js file

/*global MyClass*/

Warning

You should take a close look at your code now. Perhaps there is a good reason jshint is warning you that that variable was not defined.

Strict Warning

If you see the following jshint warning: Use the function form of "use strict".

You can disable it on a per file basis: /*jshint strict:false */

or adding this to your .jshintrc file: "strict" : false,

But that's probably not a good idea since it's warning you that if you put 'use strict' outside the function definition block, then if your build process concatonates files that mix strict and non-strict, there will be problems.


(function () {
   'use strict';
   // this function is strict...
}());

'use strict';
(function () {
   // but this function is sloppy...
}());


So, keep strict warning, but place the 'use strict' in the function.

'$' is not defined


If you see an error like:

app/js/main.js
  line 2   col 20   '$' is not defined.


You can put this at the top of that file (app/js/main.js in the example above).

/*global $:false */


By Section

Put this before and after statements you want jshint to ignore;

/* jshint ignore:start */
alert('code ignored by jshint');
/* jshint ignore:end */


By Line

Put this at the end of the line that you want jshint to ignore:

alert('code ignored by jshint'); // jshint ignore:line



Ignore entire file or directory

Create a .jshintignore file at the root of your project.

Ignore a file


src/components/datatables-responsive/datatables.responsive.js


Ignore a directory


src/components/*



References

http://www.jshint.com/docs/
http://www.yuiblog.com/blog/2010/12/14/strict-mode-is-coming-to-town/
http://jshint.com/docs/options/

Tuesday, May 27, 2014

Install Node.js, Grunt, Bower and webapp generator on OSX


$ brew install node

==> Downloading https://downloads.sf.net/project/machomebrew/Bottles/node-0.10.28.mavericks.bottle.tar.gz
Already downloaded: /Library/Caches/Homebrew/node-0.10.28.mavericks.bottle.tar.gz
==> Pouring node-0.10.28.mavericks.bottle.tar.gz
==> Caveats
Bash completion has been installed to:
  /usr/local/etc/bash_completion.d
==> make install
==> /usr/local/bin/npm update npm -g
==> Summary
🍺  /usr/local/Cellar/node/0.10.28: 1547 files, 18M

$ npm -v
1.4.13

$ node -v
v0.10.28


Install NPM Grunt and Bower


$ npm install -g yo grunt-cli bower

/usr/local/bin/grunt -> /usr/local/lib/node_modules/grunt-cli/bin/grunt
/usr/local/bin/bower -> /usr/local/lib/node_modules/bower/bin/bower
/usr/local/bin/yo -> /usr/local/lib/node_modules/yo/cli.js

> yo@1.1.2 postinstall /usr/local/lib/node_modules/yo
> node ./scripts/doctor

[Yeoman Doctor] Everything looks alright!

grunt-cli@0.1.13 /usr/local/lib/node_modules/grunt-cli
├── resolve@0.3.1
├── nopt@1.0.10 (abbrev@1.0.5)
└── findup-sync@0.1.3 (lodash@2.4.1, glob@3.2.11)

bower@1.3.3 /usr/local/lib/node_modules/bower
├── is-root@0.1.0
├── junk@0.3.0
├── stringify-object@0.2.1
├── chmodr@0.1.0
├── which@1.0.5
├── osenv@0.0.3
├── opn@0.1.2
├── archy@0.0.2
├── graceful-fs@2.0.3
├── lockfile@0.4.2
├── rimraf@2.2.8
├── bower-logger@0.2.2
├── lru-cache@2.5.0
├── bower-endpoint-parser@0.2.1
├── nopt@2.2.1
├── abbrev@1.0.5
├── retry@0.6.0
├── mkdirp@0.3.5
├── tmp@0.0.23
├── q@1.0.1
├── chalk@0.4.0 (has-color@0.1.7, ansi-styles@1.0.0, strip-ansi@0.1.1)
├── request-progress@0.3.1 (throttleit@0.0.2)
├── semver@2.2.1
├── fstream@0.1.25 (inherits@2.0.1)
├── shell-quote@1.4.1 (array-filter@0.0.1, array-reduce@0.0.0, array-map@0.0.0, jsonify@0.0.0)
├── bower-json@0.4.0 (intersect@0.0.3, deep-extend@0.2.10)
├── p-throttler@0.0.1 (q@0.9.7)
├── promptly@0.2.0 (read@1.0.5)
├── fstream-ignore@0.0.8 (inherits@2.0.1, minimatch@0.3.0)
├── tar@0.1.19 (inherits@2.0.1, block-stream@0.0.7)
├── glob@3.2.11 (inherits@2.0.1, minimatch@0.3.0)
├── bower-config@0.5.1 (optimist@0.6.1)
├── decompress-zip@0.0.7 (mkpath@0.1.0, touch@0.0.2, readable-stream@1.1.13-1, binary@0.3.0)
├── request@2.34.0 (json-stringify-safe@5.0.0, aws-sign2@0.5.0, forever-agent@0.5.2, qs@0.6.6, tunnel-agent@0.3.0, oauth-sign@0.3.0, node-uuid@1.4.1, mime@1.2.11, form-data@0.1.2, tough-cookie@0.12.1, http-signature@0.10.0, hawk@1.0.0)
├── cardinal@0.4.4 (ansicolors@0.2.1, redeyed@0.4.4)
├── bower-registry-client@0.2.1 (request-replay@0.2.0, lru-cache@2.3.1, async@0.2.10, request@2.27.0)
├── inquirer@0.4.1 (readline2@0.1.0, through@2.3.4, mute-stream@0.0.4, async@0.2.10, cli-color@0.2.3, lodash@2.4.1)
├── handlebars@1.3.0 (optimist@0.3.7, uglify-js@2.3.6)
├── mout@0.9.1
├── update-notifier@0.1.8 (semver@2.1.0, request@2.27.0, configstore@0.2.3)
└── insight@0.3.1 (object-assign@0.1.2, async@0.2.10, lodash.debounce@2.4.1, request@2.27.0, configstore@0.2.3)

yo@1.1.2 /usr/local/lib/node_modules/yo
├── open@0.0.4
├── async@0.2.10
├── chalk@0.4.0 (has-color@0.1.7, ansi-styles@1.0.0, strip-ansi@0.1.1)
├── nopt@2.1.2 (abbrev@1.0.5)
├── sudo-block@0.3.0 (chalk@0.3.0)
├── findup@0.1.5 (commander@2.1.0, colors@0.6.2)
├── shelljs@0.2.6
├── lodash@2.4.1
├── update-notifier@0.1.8 (semver@2.1.0, request@2.27.0, configstore@0.2.3)
├── yeoman-generator@0.16.0 (dargs@0.1.0, diff@1.0.8, debug@0.7.4, class-extend@0.1.1, rimraf@2.2.8, findup-sync@0.1.3, text-table@0.2.0, mime@1.2.11, mkdirp@0.3.5, isbinaryfile@2.0.1, glob@3.2.11, iconv-lite@0.2.11, underscore.string@2.3.3, file-utils@0.1.5, request@2.30.0, cheerio@0.13.1, download@0.1.17, inquirer@0.4.1)
└── insight@0.3.1 (object-assign@0.1.2, lodash.debounce@2.4.1, inquirer@0.4.1, request@2.27.0, configstore@0.2.3)


Install generator-webapp


$ npm install -g generator-webapp

generator-mocha@0.1.3 /usr/local/lib/node_modules/generator-mocha
└── yeoman-generator@0.14.2 (dargs@0.1.0, diff@1.0.8, debug@0.7.4, rimraf@2.2.8, chalk@0.3.0, text-table@0.2.0, mime@1.2.11, async@0.2.10, mkdirp@0.3.5, isbinaryfile@0.1.9, shelljs@0.2.6, glob@3.2.11, underscore.string@2.3.3, iconv-lite@0.2.11, lodash@2.2.1, findup-sync@0.1.3, request@2.27.0, file-utils@0.1.5, download@0.1.17, inquirer@0.3.5, cheerio@0.12.4)

generator-webapp@0.4.9 /usr/local/lib/node_modules/generator-webapp
├── chalk@0.4.0 (has-color@0.1.7, ansi-styles@1.0.0, strip-ansi@0.1.1)
├── cheerio@0.13.1 (underscore@1.5.2, entities@0.5.0, CSSselect@0.4.1, htmlparser2@3.4.0)
└── yeoman-generator@0.16.0 (dargs@0.1.0, diff@1.0.8, debug@0.7.4, class-extend@0.1.1, rimraf@2.2.8, findup-sync@0.1.3, text-table@0.2.0, mime@1.2.11, async@0.2.10, mkdirp@0.3.5, isbinaryfile@2.0.1, shelljs@0.2.6, underscore.string@2.3.3, iconv-lite@0.2.11, glob@3.2.11, lodash@2.4.1, request@2.30.0, file-utils@0.1.5, download@0.1.17, inquirer@0.4.1)



Notes



If you try to install generator-webapp before installing yeoman, you'll get this error:


$ npm install -g generator-webapp

npm ERR! error rolling back Error: ENOTEMPTY, rmdir '/usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/download/node_modules/nopt'
npm ERR! error rolling back  download@0.1.17 { [Error: ENOTEMPTY, rmdir '/usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/download/node_modules/nopt']
npm ERR! error rolling back   errno: 53,
npm ERR! error rolling back   code: 'ENOTEMPTY',
npm ERR! error rolling back   path: '/usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/download/node_modules/nopt' }
npm ERR! Error: ENOENT, utime '/usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/request/node_modules/node-uuid/README.md'
npm ERR! If you need help, you may report this *entire* log,
npm ERR! including the npm and node versions, at:
npm ERR!     

npm ERR! System Darwin 13.2.0
npm ERR! command "node" "/usr/local/bin/npm" "install" "-g" "generator-webapp"
npm ERR! cwd /Users/lex/dev/yeoman
npm ERR! node -v v0.10.28
npm ERR! npm -v 1.4.13
npm ERR! path /usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/request/node_modules/node-uuid/README.md
npm ERR! fstream_path /usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/request/node_modules/node-uuid/README.md
npm ERR! fstream_type File
npm ERR! fstream_class FileWriter
npm ERR! fstream_finish_call utimes
npm ERR! code ENOENT
npm ERR! errno 34
npm ERR! fstream_stack /usr/local/lib/node_modules/npm/node_modules/fstream/lib/writer.js:305:19
npm ERR! fstream_stack Object.oncomplete (fs.js:107:15)
npm ERR! Error: ENOENT, lstat '/usr/local/lib/node_modules/generator-webapp/node_modules/yeoman-generator/node_modules/request/node_modules/forever-agent/LICENSE'
npm ERR! If you need help, you may report this *entire* log,
npm ERR! including the npm and node versions, at:
npm ERR!     


. . . ...Just run this command and next time, install yeoman first.

$ sudo npm cache clean


p.s. That command fixes a slew of other npm error conditions such as the following:

$ npm install -g yo
npm ERR! Error: ENOTEMPTY, rmdir '/usr/local/lib/node_modules/yo/node_modules/yeoman-generator/node_modules/inquirer'
npm ERR! If you need help, you may report this *entire* log,
npm ERR! including the npm and node versions, at:
npm ERR!     

npm ERR! System Darwin 13.2.0
npm ERR! command "node" "/usr/local/bin/npm" "install" "-g" "yo"
npm ERR! cwd /Users/lex
npm ERR! node -v v0.10.28
npm ERR! npm -v 1.5.0-alpha-1
npm ERR! path /usr/local/lib/node_modules/yo/node_modules/yeoman-generator/node_modules/inquirer
npm ERR! code ENOTEMPTY
npm ERR! errno 53
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     /Users/lex/npm-debug.log
npm ERR! not ok code 0



References

http://brew.sh/
http://gruntjs.com/
http://bower.io/
http://nodejs.org/

SCSS Syntax Highlighting in Sublime Text

Steps to configure SCSS Syntax Highlighting in Sublime Text:

Install Sass and Compass




$ gem install sass
Successfully installed sass-3.3.7
1 gem installed



$ gem install compass
Fetching: sass-3.2.19.gem (100%)
Successfully installed sass-3.2.19
Fetching: chunky_png-1.3.1.gem (100%)
Successfully installed chunky_png-1.3.1
Fetching: fssm-0.2.10.gem (100%)
Successfully installed fssm-0.2.10
Fetching: compass-0.12.6.gem (100%)
Successfully installed compass-0.12.6
4 gems installed


Install Sublime Text Package Control

Install Package Control via the Sublime Text console. The console is accessed via the ctrl+` shortcut or the View > Show Console menu.

Once open, paste the appropriate Python code for your version of Sublime Text into the console.

Scripts to install Sublime Text Package Control

Sublime Text 2


import urllib2,os,hashlib; h = '7183a2d3e96f11eeadd761d777e62404' + 'e330c659d4bb41d3bdf022e94cab3cd0'; pf = 'Package Control.sublime-package'; ipp = sublime.installed_packages_path(); os.makedirs( ipp ) if not os.path.exists(ipp) else None; urllib2.install_opener( urllib2.build_opener( urllib2.ProxyHandler()) ); by = urllib2.urlopen( 'http://sublime.wbond.net/' + pf.replace(' ', '%20')).read(); dh = hashlib.sha256(by).hexdigest(); open( os.path.join( ipp, pf), 'wb' ).write(by) if dh == h else None; print('Error validating download (got %s instead of %s), please try manual install' % (dh, h) if dh != h else 'Please restart Sublime Text to finish installation')


Sublime Text 3


import urllib.request,os,hashlib; h = '7183a2d3e96f11eeadd761d777e62404' + 'e330c659d4bb41d3bdf022e94cab3cd0'; pf = 'Package Control.sublime-package'; ipp = sublime.installed_packages_path(); urllib.request.install_opener( urllib.request.build_opener( urllib.request.ProxyHandler()) ); by = urllib.request.urlopen( 'http://sublime.wbond.net/' + pf.replace(' ', '%20')).read(); dh = hashlib.sha256(by).hexdigest(); print('Error validating download (got %s instead of %s), please try manual install' % (dh, h)) if dh != h else open(os.path.join( ipp, pf), 'wb' ).write(by)



Install the sass-textmate-bundle plugin

Package Control is driven by the Command Pallete. To open the pallete, press ctrl+shift+p (Win, Linux) or cmd+shift+p (OS X).

When the Package Control Pallete opens, type SASS and hit Enter.

Close Sublime and reopen your .scss file

From Sublime menu > View > Syntax > Open all with current extension as...

Then choose Sass

Good To Go

From now on, when you open a .scss file using subl you'll get color syntax highlighting


Building Automatically

  • Consider installing the SASS-Build-SublimeText2 plugin to enable building (and compressing) scss files from Sublime
  • Consider installing the SublimeOnSaveBuild plugin to automatically kickoff a build when you save changes



References

http://www.metropoliscreative.com/web-development/how-to-install-sass-an-easy-guide-for-developers/
https://sublime.wbond.net/installation#st2
https://sublime.wbond.net/docs/usage
https://github.com/nathos/sass-textmate-bundle
https://github.com/jaumefontal/SASS-Build-SublimeText2
https://github.com/alexnj/SublimeOnSaveBuild

Auto Semver Patching

I typically use a technique that I call Auto Semver Patching to automate the updating of dependencies without (much) fear of breaking running applications.

When you specify the dependency version, use the tilde "~" character and the full MAJOR.MINOR.PATCH number of the most recent version of the referenced library.

In package management parlance, the tilde "~" characters means, "equal to or greater than the last digit".

In the case of "bower": "~1.2.6" it is assumed that the latest version of bower at the time the build file was created is 1.2.6.

When subsequent builds are run, the package manager can upgrade the PATCH number indefinitely, ex: bower 1.2.999; However, the MINOR number may not be incremented, ex: bower 1.3.0 would be invalid.

Notes

If you have the following, incorrect, library version in your NPM package.json file...

"grunt-contrib-requirejs": "~0.3.5",


...and try to install, then currently you will get the following message:

$ npm install
npm ERR! notarget No compatible version found: grunt-contrib-requirejs@'>=0.3.5-0 <0.4.0-0'
npm ERR! notarget Valid install targets:
npm ERR! notarget ["0.1.0","0.2.0","0.3.0","0.3.2","0.3.3","0.3.4","0.4.0","0.4.1","0.4.2","0.4.3","0.4.4","0.4.0-rc7"]
npm ERR! notarget
npm ERR! notarget This is most likely not a problem with npm itself.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.


Note that "~0.3.5" literally means '>=0.3.5-0 <0.4.0-0'

Auto Semver Patching Examples

Entries from NodeJS's package.json file


  "devDependencies": {
    "bower": "~1.2.6",
    "grunt": "~0.4.1",
    "grunt-bower": "~0.7.0"
  },


Entries from Bower's .bower.json file


  "dependencies": {
    "bootstrap-sass-official": "~3.1.0",
    "modernizr": "~2.6.2",
    "jquery": "~1.11.0"
  },


Entries in Ruby Bundler


gem 'js-routes', '~> 0.9.7'
gem 'factory_girl', '~> 4.4.0'


Semantic Versioning

Semantic versioning is a set of rules that specify how you should version your software components.

Given a version number MAJOR.MINOR.PATCH, increment the:

MAJOR version when you make incompatible API changes,
MINOR version when you add functionality in a backwards-compatible manner, and
PATCH version when you make backwards-compatible bug fixes.


Minor Version

Minor version Y (x.Y.z | x > 0) MUST be incremented if new, backwards compatible functionality is introduced to the public API. It MUST be incremented if any public API functionality is marked as deprecated. It MAY be incremented if substantial new functionality or improvements are introduced within the private code. It MAY include patch level changes. Patch version MUST be reset to 0 when minor version is incremented.

Incrementing the minor version indicates that there is new or improved functionality that does not break existing interfaces.

So, if the component vendors adhere to the rules, then you should be able to allow your package manager to automatically update components using Auto Semver Patching without anything breaking.

The advantage of using Auto Semver Patching is that the dependencies will be at the latest version possible, which should pickup most urgent security patches and performance enhancements without breaking your application.

The disadvantage of of using Auto Semver Patching is that every time you run the package manager to update the dependencies, there may be a dependency component that has a bug or does not follow the rules and ends up breaking your application.

So, should you use this Auto Semver Patching technique?

As usual, It Depends. ™

  • Will your test suite robust enough to catch any bugs from the new, possibly broken dependencies?
  • Can you stop a package update, and revert back to working dependency versions, if a bug is detected?
  • How important is is that your application keep up to date on security patches and minor enhancements?


Words to the Wise

  • It is best practice to run a full regression test anytime you update underlying components.
  • Auto Semver Patching technique can help for a while, but it won't be long before you'll need to update to the latest major version of your libraries and their dependencies.



Package Managers that support Semantic Versioning

  • Ruby Bundler
  • NPM
  • Bower
  • Composer
  • CocoaPods




References

http://semver.org/
http://bundler.io/
http://bower.io/
https://www.npmjs.org/
https://getcomposer.org/
http://cocoapods.org/
http://blog.versioneye.com/2014/01/15/which-programming-language-has-the-best-package-manager/

Friday, May 23, 2014

Improve Users Directory File Permissions

You may notice the following warning when opening a Rails 4 console:

... ruby/gems/2.1.0/gems/bundler-1.6.2/lib/bundler/runtime.rb:222: warning: Insecure world writable dir /Users in PATH, mode 040777


That indicates that the /Users directory has an insecure file permission setting. Solution Tighten up security on the /Users directory like this:

$ sudo chmod 040755 /Users


The "040" is the file type flag representing a directory.

Here's what the permissions should look like:


$ ls -l / | grep Users
drwxr-xr-x@    6 root  admin      204 Apr 10 15:25 Users


Increase your HEAP SIZE in RubyMine


$ (FNAME=$(grep RUN_PATH `which mine`|head -n1|awk '{print $3}'|tr -d "'")/bin/idea.vmoptions;sed -i -e "s/-Xms128m/-Xms1024m/" $FNAME;sed -i -e "s/-Xmx512m/-Xmx2048m/" $FNAME;sed -i -e "s/-XX:MaxPermSize=250m/-XX:MaxPermSize=1000m/" $FNAME)


Original Settings

For default installs, you should be able to find the settings file here: /Applications/RubyMine.app/bin/idea.vmoptions

-Xms128m
-Xmx512m
-XX:MaxPermSize=250m
-XX:+UseCompressedOops



Notes

If you get the following error message, check your settings for a typo:


$ mine
$ LSOpenURLsWithRole() failed with error -10810 for the file /Applications/RubyMine.app.


Thursday, May 22, 2014

git add --update :/

What git command should be used to add files to your git index?

It depends ™
  • Do you want to recursively add every file modification (created, modified, deleted)?
  • Are you using git client version 2.0 or more recent?

If so, then this command should work great for you.

Want to add absolutely every file, whether it's tracked or not, and process deleted files, too?

If so, please continue reading...

Create a Git Aliases

You can create a global git aliases like this:

$ git config --global alias.untracked 'ls-files --other --exclude-standard'
$ git config --global alias.add-untracked '!f() { files=(`git untracked`);for file in "${files[@]}"; do cmd="git add \""$file"\""; eval $cmd; done; }; f'
$ git config --global alias.add-updated 'add --update :/'
$ git config --global alias.add-all '!git add-updated && git add-untracked'


Subsequently, you can add all file modifications (including untracked files) like this:

$ git add-all

Notes

Fix for files with spaces in the filename

Previously, the following failed to add files with spaces in the filename:

git config --global alias.add-untracked '!git add $(git untracked)'


The exclamation point character "!" allows us to execute shell commands.

You should get a warning message if you run the git add-all command and there were no files to add to the git index aka "staging area".

$ git add-all
Nothing specified, nothing added.
Maybe you wanted to say 'git add .'?


Commit and Push

After adding files to the index, you'll want to atomically commit the changes, with a comment, and push those changes to the git repo.

$ git commit -m "Descriptive comment here"


If you want to push your changes to a remote repo, configure it like this:

$ git remote add origin git@github.com:<account>/<projectname>.git


Now, you can push your changes from your local git repo to the remote git repo:

$ git push


add-all is Better Than add -A

Most Git commands that can be used with or without pathspec operate tree-wide by default, the pathspec being used to restrict their scope. A few exceptions are: 'git grep', 'git clean', 'git add -u' and 'git add -A'. When run in a subdirectory without pathspec, they operate only on paths in the current directory.

The inconsistency of 'git add -u' and 'git add -A' is particularly problematic since other 'git add' subcommands (namely 'git add -p' and 'git add -e') are tree-wide by default. It also means that "git add -u && git commit" will record a state that is different from what is recorded with "git commit -a".

Flipping the default now is unacceptable, so let's start training users to type 'git add -u|-A :/' or 'git add -u|-A .' explicitly, to prepare for the next steps:

* forbid 'git add -u|-A' without pathspec (like 'git add' without option)

* much later, maybe, re-allow 'git add -u|-A' without pathspec, that will add all tracked and modified files, or all files, tree-wide.

A nice side effect of this patch is that it makes the :/ magic pathspec easier to discover for users.

When the command is called from the root of the tree, there is no ambiguity and no need to change the behavior, hence no need to warn.



One Command to Add, Commit and Push

Leveraging the git aliases that we previously created, we create two more:

$ git config --global alias.add-commit '!f() { git add-all && git commit -m "$1"; }; f'
$ git config --global alias.acp '!f() { git add-commit "$1" && git push; }; f'


Subsequently, you can add all file modifications (including untracked files), commit with comment and push the commit to your repo like this:

git acp 'Descriptive comment here'

Notes

Notice that we defined a shell script function to pass parameters to multiple chained shell commands.



Tell Git to Only Push the HEAD of Your Branch

If you get and error like the following...

$ git acp 'update 1, add 1'
[master ff5b42b] update 1, add 1
 2 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100755 new-file-name-here
fatal: The current branch master has multiple upstream branches, refusing to push.

...Then, tell git to push the HEAD of your branch, which is likely "master".

$ git config remote.origin.push HEAD

References

https://github.com/git/git/commit/0fa2eb530fb748774c5b2f309a471cf048b8d9d9
http://lexsheehan.blogspot.com/2014/06/git-delete-untracked.html

Unable to SCP?

Problem


$ scp username@REMOTE_IP_OR_HOSTNAME:/REMOTE_PATH/FILE_NAME .
Password:
protocol error: bad mode


The problem is that the SSH session must be "clean".

What often happens, though, is that there are statements in either the system or per-user shell startup files on the server (.bashrc, .profile, /etc/csh.cshrc, .login, etc.) which output text messages on login, intended to be read by humans (echo "Hi there!", etc.).

Solution

Find every greeting message in your startup files and only allow it to echo to standard out if you're connecting locally.

For example, if in your ~/.bashrc you echo the current directory, wrap that in a test to determine whether you're connecting from a remote session.


if [ "$SSH_CONNECTION" == "" ]; then
    # not a remote connection
    echo "Current directory: `pwd`"
fi


References

http://www.snailbook.com/faq/sftp-corruption.auto.html

Tuesday, May 20, 2014

shallow over http or ftp not supported

shallow over http or ftp not supported

Ever seen that?

Perhaps, the client version of git you're using and the https protocol running on your repo server are incompatible.

$ git clone --depth 1 https://github.com/visionmedia/git-extras.git
Initialized empty Git repository in /tmp/git-extras/.git/
shallow over http or ftp not supported


In any case, if you do see that error try down grading to the plain git protocol and try again

$ git clone --depth 1 git://github.com/visionmedia/git-extras.git
Initialized empty Git repository in /home/deploy/CHDataStructures/.git/
remote: Reusing existing pack: 5941, done.
remote: Counting objects: 145, done.
remote: Compressremote: ing objects: 100% (84/84), done.
remote: Total 6086 (delta 61), reused 123 (delta 46)
Receiving objects: 100% (6086/6086), 5.34 MiB | 3372 KiB/s, done.
Resolving deltas: 100% (3576/3576), done.


Git Protocols

Here's the list of current git protocols. Choose the most appropriate. ssh is typically recommended.

git

  • Example: git://repo_name/github.com/
  • basic, no security, server not verified
  • can pull, cannot push

http

  • Example: http://repo_name/github.com/
  • does not provide security, server not verified
  • not available on github.com

https

  • Example: https://repo_name/github.com/
  • server not verified via ssl certs
  • password auth for push, allows anonymous pull

ssh

  • Example: ssh://repo_name/github.com/
  • Example: git@repo_name/github.com:user_name/
  • You must generate an ssh keypair, then add it to your account
  • GitHub/Bitbucket account required


References

https://help.github.com/articles/generating-ssh-keys
https://confluence.atlassian.com/display/BITBUCKET/Use+the+SSH+protocol+with+Bitbucket

Upgrade OpenSSL on Mac OSX


$ brew update
$ brew install openssl
$ brew link --force openssl


You may get a warning about needing to unlink, if so just do what brew tells you to do and followup with brew link --force openssl

Update links to openssl

If you are encountering error messages when attempting to install ruby via rbenv that mention openssl, then odds are one of the homebrew installs upgraded your openssl, but left your openssl symlink pointing it to an old version.

Rename your /usr/bin/openssl file, instead of deleting it, just in case.

$ ls -l /usr/bin/openssl
$ sudo mv /usr/bin/openssl /usr/bin/openssl_OLD
$ sudo ln -s /usr/local/Cellar/openssl/1.0.1g/bin/openssl /usr/bin/openssl
$ mv /usr/local/bin/openssl /usr/local/bin/openssl_OLD
$ ln -s /usr/local/Cellar/openssl/1.0.1g/bin/openssl /usr/local/bin/openssl


Verify OpenSSL Versions

Search for all openssl files (and links) on your system.

Verify that they all point to the most recent, correct, homebrew-installed version of openssl:

$ find / -name "openssl" \( -type f -o -type l \) -exec ls -l {} \; 2>/dev/null
lrwxr-xr-x  1 root  wheel  44 May 20 08:05 /usr/bin/openssl -> /usr/local/Cellar/openssl/1.0.1g/bin/openssl
lrwxr-xr-x  1 lex  admin  36 May 20 08:00 /usr/local/bin/openssl -> ../Cellar/openssl/1.0.1g/bin/openssl
-rw-r--r--  1 lex  admin  10588 Aug 31  2013 /usr/local/Cellar/bash-completion/1.3/etc/bash_completion.d/openssl
-r-xr-xr-x  1 lex  admin  508776 May 19 16:35 /usr/local/Cellar/openssl/1.0.1g/bin/openssl
lrwxr-xr-x  1 lex  admin  62 Aug 31  2013 /usr/local/etc/bash_completion.d/openssl -> ../../Cellar/bash-completion/1.3/etc/bash_completion.d/openssl
lrwxr-xr-x  1 lex  admin  40 May 20 08:00 /usr/local/include/openssl -> ../Cellar/openssl/1.0.1g/include/openssl
lrwxr-xr-x  1 lex  admin  27 May 20 08:00 /usr/local/Library/LinkedKegs/openssl -> ../../Cellar/openssl/1.0.1g
lrwxr-xr-x  1 lex  admin  24 May 20 08:00 /usr/local/opt/openssl -> ../Cellar/openssl/1.0.1g


Run the following and it should say, OpenSSL 1.0.1g 7 Apr 2014 or later.

$ openssl version
OpenSSL 1.0.1g 7 Apr 2014


Now, when you attempt to install ruby via rbenv, or any other brew that depends on openssl you should not get any more openssl-related errors.

Temporary Solution

When you run brew doctor you will likely get the following error.

That is expected, for now.

I expect that a not to distant upgrade to the openssl brew package will fix the original problem and hence deprecate these instructions.

$ brew doctor
Warning: Some keg-only formula are linked into the Cellar.
Linking a keg-only formula, such as gettext, into the cellar with
`brew link ` will cause other formulae to detect them during
the `./configure` step. This may cause problems when compiling those
other formulae.

Binaries provided by keg-only formulae may override system binaries
with other strange results.

You may wish to `brew unlink` these brews:

    openssl


mac ports

If you are using mac ports, it should be as easy as...

$ sudo port upgrade openssl


Wednesday, May 14, 2014

Temporarily Run Staging Server

Run Staging Version of Web App

Sometimes, you may want to temporarily run a staging version of your web application for testing purposes.

Here's a simple hack that you may consider using in order to test your web application.

Go to root path where the staging version of the application is located.

Assuming you have deployed the development environment version of a rails application and wish to run it on port 8080, preface the server start command with nohup and append an ampersand &.

This will ensure that even when you close the terminal where you executed those commands that the staging server will continue to run...until you kill it.

$ cd /opt/webapps/staging

$ nohup bundle exec thin start -p 8080 -e development &


Stop Staging Version of Web App


$ kill -9 `ps -ef|grep ruby|grep 8080|awk '{print $2}'`

Notes

Your staging server will continue to run until you kill it or your server reboots.

OpenSSL Heartbleed Vulnerability and Implications

An extremely critical defect in the cryptographic software library (OpenSSL) has been found, the vulnerability is named Heartbleed and it affects the heartbeat implementation in OpenSSL version 1.0.1 up to version 1.0.1f.

This vulnerability can be used to get the user Ids, passwords, SSL private keys (and pretty much anything in your servers memory) so it is important to update your affected servers immediately.

The bug has been fixed in OpenSSL 1.0.1g. All Major Linux Distributions have released updates to the vulnerability.



Implications

  • Vulnerable OpenSSL libraries have been running in production for over two years
  • OpenSSL is used in the Apache and nginx Web server applications (and most apps that use SSL encryption) on most Linux systems
  • OpenSSL is also used in many serial devices that are connected to the internet
  • Exposed private keys enables eavesdroppers to decrypt any of your site's SSL traffic
  • No data on your server is "safe" until you fix this vulnerability ***

*** Will your customers will be willing to shop at a site that can't keep their passwords, credit card numbers or other personal and financial information safe?

*** What will your HIPPA penalty (or legal settlement) be if patient medical data is exposed from one of your servers or connected serial devices?

Breach Notification

Breach notice laws typically define, “personal information” as, "A user name or email address, in combination with a password or security question and answer that would permit access to an online account."

The data that a Heartbleed attack could capture would trigger a breach notification; However, the problem (gift?) for most health based organizations is that they have no idea whether a breach has occurred, unless they have advanced monitoring solutions in place, see How to Safeguard Against Future Vulnerabilities section below.

HIPAA Security Rule

The Heartbleed vulnerability does not constitute unauthorized access or acquisition of personal information subject to most state and federal data breach notification requirements, including the HIPAA Data Breach Notification Rule. However, the HIPAA Security Rule contains a number of provisions that require covered entities and business associates to maintain procedures to monitor system activity for potential security incidents and investigate any such potential security incidents.

The HIPAA Security Rule requires covered entities and business associates to “regularly review records of information system activity, such as audit logs, access records, and security incident tracking reports.” 45 C.F.R. § 164.306(a)(1)(ii)(D). HHS guidance materials further state that this specification “should also promote continual awareness of any information system activity that could suggest a security incident.” See CMS, HIPAA Security Series Vol. 2 Security Standards: Administrative Safeguards

The HIPAA Security Rule requires covered entities and business associates to create and maintain appropriate records of system activity. See 45 C.F.R. 164.312(b). However, covered entities and business associates have significant discretion to create and maintain activity records based upon the formal assessment of their security risks.


Action Plan

  1. Update every system, application and device that needs an OpenSSL update
  2. Restart all services and devices
  3. Install new SSL certificates (revoke old certs and replace encryption keys)
  4. Reset all passwords (force password resets for users)
  5. Request users to reset passwords to 3rd party applications, e.g. DropBox, Google, etc.
  6. Evaluate the effectiveness of your audit and security incident tracking systems
  7. Consider installing IPS or NGFW



Reality Check

Many sites have reported that more than two thirds of the sites on the internet were affected.

It was likely less than half of the sites on the internet, since it was not every *nix server and also because the OpenSSL software had to be built in the last two years.

Today, however, it appears that less than 3% of the sites on the internet are vulnerable.

So, web site admins were responsive.

Regardless, if your site is in the 3% you are in dire need of an OpenSSL upgrade.



Who's Affected?

The most obvious potential victims are commerce web sites.

Do you shop at any site looking for the best deal?

If so, consider installing a web browser plugin that will indicate whether the site you are about to share your confidential information is affected.

Check out Chromebleed

More alarming is that fact that there are many more devices with internet connectivity that may never get patched.

Some of those devices are simple routers other devices control industrial and medical equipment.

Had medical diagnostics performed lately? How secure are the devices at your doctor's office or local hospital?

Have one of those fancy home automation systems to control your garage door or security cameras?

Hacking into one of those devices and controlling it may not be easy, but gathering enough information from it to determine when you are home is.



How to Safeguard Against Future Vulnerabilities

Since the Heartbleed bug exposes a seemingly random chunk of 64KB of data, odds are that it would take quite a few requests before a private key could be recovered. Recovering working user Ids and their passwords would not take near as many tries.

Sites protected by intrusion protection devices (IPS) can be configured to block traffic from an end point that is sending an inordinate amount of requests.

Sites that have monitoring tools, like Splunk, in place to look for traffic anomalies and security admins to interpret the logs are in a better position to detect such a breach.

However, not many sites are equipped with such sophisticated security devices and traffic monitoring tools and even fewer have trained eyes that can interpret the traffic.

Sites that have valuable data to secure typically not only have high performance intrusion detection devices, but also hire a third party security team to analyze and act on attacks.

I'm partial to the IBM product line: IBM Security Network Intrusion Prevention System

What CTO ever went wrong hiring IBM security services? IBM Intrusion prevention and detection services

NextGen Firewall Solutions

The NGFW has a focus on application awareness that integrates packet inspection and threat detection on the the firewall.

A NGFW can look into HTTP(S) traffic and determine if it contains confidential data like credit card numbers or social security numbers.

A NGFW can be configured to allow specified user groups access to Facebook, but disallow Facebook chatting.

The placement and configuration of a NGFW takes thought, but can be well worth the investment.

IBM and Palo Alto NGFWs are the best on the market, IMHO.

This is what I worked on a few years ago: IBM Next Gen IPS

Check this out to see a video of IBM Next Gen IPS: IBM Demos Some of My Work on Youtube.com

Splunk

For the do-it-yourself companies, there is Splunk.

Splunk Enterprise is a data collection and analysis platform for real-time operational intelligence. It's the easy, fast and secure way to search, analyze and visualize the massive streams of machine data generated by your IT systems (event logs, devices, services, TCP/UDP traffic, etc.)

Set up alerts to notify you when something is wrong. Troubleshoot application problems and investigate security incidents in minutes instead of hours or days, avoid service degradation or outages, deliver compliance at lower cost and gain new business insights.

http://www.splunk.com/



How to Fix the Heartbleed Vulnerability


Simply upgrade your OpenSSL library to version 1.0.1.g or later of OpenSSL to fix the vulnerability.

Check Your OpenSSL Version


# openssl version
OpenSSL 1.0.1b 10 May 2012

Ubuntu and Debian


# apt-get update
# apt-get upgrade

Centos and Fedora


# yum update

OpenSuSE


# zypper update


Verify Upgrade Was Successful

Ubuntu and Debian

Here's an example of a successful upgrade to OpenSSL:

#dpkg-query -l 'openssl'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                Version           Architecture   Description
+++-===================-=================-==============-============================================
ii  openssl             1.0.1e-3ubuntu1.3 amd64          Secure Socket Layer (SSL) binary and related

Confusing Version Number

Don't be confused by the fact that the version number listed is 1.0.1e.

The official Ubuntu SSL page lists that version number as the correct, patched version. For details see: http://packages.ubuntu.com/saucy/openssl

CentOS and Fedora

Use rpm to verfiy your version of OpenSSL.

# rpm -qa | grep openssl


Reminder

After upgrading your OpenSSL library, don't forget to restart services that use it such as:
  • httpd
  • postgres
  • mysql
  • cpanel
  • dovecot
  • postfix


Also, you'll need to reissue your certs and revoke any certs created before Apr 7 2014.

Verify Your New OpenSSL Fix


You can use the following site to verify your server: http://filippo.io/Heartbleed/

Warning: Do not use this site to check sites that you do not own.

The technique used to check the SSL flaw is an exploit that requests extra bytes from the target server's buffer. Viewing those extra bytes would be tantamount to unauthorized access to data, which is illegal in most countries.

Unauthorized Access

"Unauthorized access" entails approaching, trespassing within, communicating with, storing data in, retrieving data from, or otherwise intercepting and changing computer resources without consent. These laws relate to either or both, or any other actions that interfere with computers, systems, programs or networks.

For details see Computer Crime Statutes

Ethical Hacking

On April, 11, 2014, a cloud service provider, CloudFlare, set up an nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key.

Several people independently retrieved private keys using the Heartbleed exploit.

See: http://blog.cloudflare.com/the-results-of-the-cloudflare-challenge


 

Better Safe Than Sorry

Stephen Arthuro Solis Reyes I was dismayed to read about this young man. A computer science student that failed to think through the consequences of his actions.

The Royal Canadian Mounted Police have arrested a 19-year-old London, Ontario, man for his alleged role in exploiting the Heartbleed vulnerability to steal data from the Canada Revenue Agency website.

See 19-Year-Old Teenager Arrested for Exploiting Heartbleed Bug to Steal Data

Like I said in the Unauthorized Access section above, accessing data that's not yours without consent is a crime and if don't know everything about how you can be tracked, don't do it. Even if you do, don't do it. Don't limit your future by making snap decisions.




Earlier Version of OpenSSL

Here's a case where an older operating system, running an old version of OpenSSL, is not affected by the Heartbleed bug.

Determine Currrent openssl Version


# apt-cache policy openssl
openssl:
  Installed: 0.9.8g-4ubuntu3.20
  Candidate: 0.9.8g-4ubuntu3.20
  Version table:
 *** 0.9.8g-4ubuntu3.20 0
        500 http://old-releases.ubuntu.com hardy-updates/main Packages
        500 http://old-releases.ubuntu.com hardy-security/main Packages
        100 /var/lib/dpkg/status
     0.9.8g-4ubuntu3 0
        500 http://old-releases.ubuntu.com hardy/main Packages

# openssl version -a
OpenSSL 0.9.8g 19 Oct 2007
built on: Mon Feb 18 21:40:29 UTC 2013
platform: debian-amd64
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DMD5_ASM
OPENSSLDIR: "/usr/lib/ssl"

# openssl version -b
built on: Mon Feb 18 21:40:29 UTC 2013

Attempt upgrade


# apt-get update
Hit http://old-releases.ubuntu.com hardy Release.gpg
Ign http://old-releases.ubuntu.com hardy/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy/universe Translation-en_US
Hit http://old-releases.ubuntu.com hardy-updates Release.gpg
Ign http://old-releases.ubuntu.com hardy-updates/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy-updates/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy-updates/universe Translation-en_US
Hit http://old-releases.ubuntu.com hardy-security Release.gpg
Ign http://old-releases.ubuntu.com hardy-security/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy-security/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy-security/universe Translation-en_US
Hit http://old-releases.ubuntu.com hardy Release
Hit http://old-releases.ubuntu.com hardy-updates Release
Hit http://old-releases.ubuntu.com hardy-security Release
Hit http://old-releases.ubuntu.com hardy/main Packages
Hit http://old-releases.ubuntu.com hardy/restricted Packages
Hit http://old-releases.ubuntu.com hardy/universe Packages
Hit http://old-releases.ubuntu.com hardy/main Sources
Hit http://old-releases.ubuntu.com hardy/restricted Sources
Hit http://old-releases.ubuntu.com hardy/universe Sources
Hit http://old-releases.ubuntu.com hardy-updates/main Packages
Hit http://old-releases.ubuntu.com hardy-updates/restricted Packages
Hit http://old-releases.ubuntu.com hardy-updates/universe Packages
Hit http://old-releases.ubuntu.com hardy-updates/main Sources
Hit http://old-releases.ubuntu.com hardy-updates/restricted Sources
Hit http://old-releases.ubuntu.com hardy-updates/universe Sources
Hit http://old-releases.ubuntu.com hardy-security/main Packages
Hit http://old-releases.ubuntu.com hardy-security/restricted Packages
Hit http://old-releases.ubuntu.com hardy-security/universe Packages
Hit http://old-releases.ubuntu.com hardy-security/main Sources
Hit http://old-releases.ubuntu.com hardy-security/restricted Sources
Hit http://old-releases.ubuntu.com hardy-security/universe Sources
Reading package lists... Done

# apt-get upgrade openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Verify Installed Version


# openssl version -a
OpenSSL 0.9.8g 19 Oct 2007
built on: Mon Feb 18 21:40:29 UTC 2013
platform: debian-amd64
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(ptr2)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DMD5_ASM
OPENSSLDIR: "/usr/lib/ssl"


# openssl version -b
built on: Mon Feb 18 21:40:29 UTC 2013

# dpkg-query -l 'openssl'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name                                       Version                                    Description
+++-==========================================-==========================================-====================================================================================================
ii  openssl                                    0.9.8g-4ubuntu3.20                         Secure Socket Layer (SSL) binary and related cryptographic tools

Summary

This old OpenSSL 0.9.8 branch is not vulnerable.

The Heartbleed bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug (Mon Apr 7 20:31:55 UTC 2014).

References

http://heartbleed.com/
http://www.cnn.com/2014/04/08/tech/web/heartbleed-openssl/
http://www.ubuntu.com/usn/usn-2165-1/
http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed
http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
https://library.linode.com/security/openssl-heartbleed
https://blog.pay4bugs.com/2014/04/08/howto-update-ubuntu-to-fix-heartbleed-ssl-bug/
http://www.pcworld.com/article/2143080/tests-confirm-heartbleed-bug-can-expose-servers-private-key.html
http://www.ubuntu.com/usn/usn-2165-1/
http://www.debian.org/security/2014/dsa-2896
http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
https://lists.fedoraproject.org/pipermail/announce/2014-April/003206.html
https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AD833
http://grahamcluley.com/2014/04/heartbleed-bug-explained/
http://grahamcluley.com/2014/04/heartbleed-bug-can-expose-private-ssl-keys/
http://www.hotforsecurity.com/blog/caution-advised-as-heartbleed-poses-serious-security-threat-8365.html
http://thenextweb.com/insider/2014/04/12/node-js-team-member-cracks-cloudflares-heartbleed-challenge-proving-bug-exposes-ssl-keys/
http://www.technologyreview.com/news/526451/many-devices-will-never-be-patched-to-fix-heartbleed-bug/
http://www.technologyreview.com/news/514066/what-happened-when-one-man-pinged-the-whole-internet/#comments
http://arstechnica.com/security/2014/04/now-theres-an-easy-way-to-flag-sites-vulnerable-to-heartbleed/
http://beta.slashdot.org/story/200697
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
https://news.ycombinator.com/item?id=7548991
http://www.reddit.com/r/IAmA/comments/233161/i_am_the_author_of_the_heartbleed_test_site_ama/

Tuesday, May 13, 2014

Updating Packages on a Legacy Ubuntu Server

...And Deployment Automation Suggestions

Symptoms of Out of Date System

When you're unable to install basic applications, then it's time to update your server.


$ sudo apt-get install unzip
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python-support
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  unzip
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 167kB of archives.
After this operation, 365kB of additional disk space will be used.
Err http://archive.ubuntu.com hardy/main unzip 5.52-10ubuntu2
  404 Not Found [IP: 91.189.92.200 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu2_amd64.deb  404 Not Found [IP: 91.189.92.200 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

$ sudo apt-get update
Ign http://archive.ubuntu.com hardy Release.gpg
Ign http://archive.ubuntu.com hardy/main Translation-en_US
Ign http://archive.ubuntu.com hardy/restricted Translation-en_US
Ign http://archive.ubuntu.com hardy/universe Translation-en_US
Ign http://archive.ubuntu.com hardy-updates Release.gpg
Ign http://archive.ubuntu.com hardy-updates/main Translation-en_US
Ign http://archive.ubuntu.com hardy-updates/restricted Translation-en_US
Ign http://archive.ubuntu.com hardy-updates/universe Translation-en_US
Ign http://archive.ubuntu.com hardy Release
Ign http://archive.ubuntu.com hardy-updates Release
Ign http://archive.ubuntu.com hardy/main Packages
Ign http://archive.ubuntu.com hardy/restricted Packages
Ign http://archive.ubuntu.com hardy/universe Packages
Ign http://archive.ubuntu.com hardy/main Sources
Ign http://archive.ubuntu.com hardy/restricted Sources
Ign http://archive.ubuntu.com hardy/universe Sources
Ign http://security.ubuntu.com hardy-security Release.gpg
Ign http://security.ubuntu.com hardy-security/main Translation-en_US
Ign http://security.ubuntu.com hardy-security/restricted Translation-en_US
Ign http://security.ubuntu.com hardy-security/universe Translation-en_US
Ign http://archive.ubuntu.com hardy-updates/main Packages
Ign http://archive.ubuntu.com hardy-updates/restricted Packages
Ign http://archive.ubuntu.com hardy-updates/universe Packages
Ign http://archive.ubuntu.com hardy-updates/main Sources
Ign http://archive.ubuntu.com hardy-updates/restricted Sources
Ign http://archive.ubuntu.com hardy-updates/universe Sources
Err http://archive.ubuntu.com hardy/main Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy/restricted Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy/universe Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy/main Sources
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy/restricted Sources
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy/universe Sources
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy-updates/main Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy-updates/restricted Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy-updates/universe Packages
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy-updates/main Sources
  404 Not Found [IP: 91.189.91.13 80]
Err http://archive.ubuntu.com hardy-updates/restricted Sources
  404 Not Found [IP: 91.189.91.13 80]
Ign http://security.ubuntu.com hardy-security Release
Err http://archive.ubuntu.com hardy-updates/universe Sources
  404 Not Found [IP: 91.189.91.13 80]
Ign http://security.ubuntu.com hardy-security/main Packages
Ign http://security.ubuntu.com hardy-security/restricted Packages
Ign http://security.ubuntu.com hardy-security/universe Packages
Ign http://security.ubuntu.com hardy-security/main Sources
Ign http://security.ubuntu.com hardy-security/restricted Sources
Ign http://security.ubuntu.com hardy-security/universe Sources
Err http://security.ubuntu.com hardy-security/main Packages
  404 Not Found [IP: 91.189.88.153 80]
Err http://security.ubuntu.com hardy-security/restricted Packages
  404 Not Found [IP: 91.189.88.153 80]
Err http://security.ubuntu.com hardy-security/universe Packages
  404 Not Found [IP: 91.189.88.153 80]
Err http://security.ubuntu.com hardy-security/main Sources
  404 Not Found [IP: 91.189.88.153 80]
Err http://security.ubuntu.com hardy-security/restricted Sources
  404 Not Found [IP: 91.189.88.153 80]
Err http://security.ubuntu.com hardy-security/universe Sources
  404 Not Found [IP: 91.189.88.153 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/main/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/restricted/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/universe/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/main/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/restricted/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy/universe/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/main/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/restricted/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/universe/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.91.13 80]
deb http://old-releases.ubuntu.com/ubuntu/ hardy main restricted universe

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/main/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]
deb http://old-releases.ubuntu.com/ubuntu/ hardy main restricted universe

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/restricted/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/hardy-updates/universe/source/Sources.gz  404 Not Found [IP: 91.189.91.13 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/main/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.88.153 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/restricted/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.88.153 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/universe/binary-amd64/Packages.gz  404 Not Found [IP: 91.189.88.153 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/main/source/Sources.gz  404 Not Found [IP: 91.189.88.153 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/restricted/source/Sources.gz  404 Not Found [IP: 91.189.88.153 80]

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/universe/source/Sources.gz  404 Not Found [IP: 91.189.88.153 80]

E: Some index files failed to download, they have been ignored, or old ones used instead.\

$ sudo apt-get install unzip --fix-missing
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  python-support
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  unzip
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 167kB of archives.
After this operation, 365kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  unzip
Install these packages without verification [y/N]? y
Err http://archive.ubuntu.com hardy/main unzip 5.52-10ubuntu2
  404 Not Found [IP: 91.189.92.201 80]
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.52-10ubuntu2_amd64.deb  404 Not Found [IP: 91.189.92.201 80]

Solution

Update Sources

This Ubuntu server installation was so badly out of date that the repository (sources.list) server host address had changed from "archive.ubuntu.com" with "old-releases.ubuntu.com"

Replace "archive.ubuntu.com" with "old-releases.ubuntu.com" in /etc/apt/sources.list


$ cat /etc/apt/sources.list
deb http://old-releases.ubuntu.com/ubuntu/ hardy main restricted universe
deb-src http://old-releases.ubuntu.com/ubuntu/ hardy main restricted universe

deb http://old-releases.ubuntu.com/ubuntu/ hardy-updates main restricted universe
deb-src http://old-releases.ubuntu.com/ubuntu/ hardy-updates main restricted universe

deb http://old-releases.ubuntu.com/ubuntu hardy-security main restricted universe
deb-src http://old-releases.ubuntu.com/ubuntu hardy-security main restricted universe


Global Search and Replace Using Vi Editor

$ sudo vi /etc/apt/sources.list

Once in the Vi Editor, hit the Escape key + : and enter the following to globally replace "security.ubuntu.com" with "old-releases.ubuntu.com"

:%s/security.ubuntu.com/old-releases.ubuntu.com/g

Upgrade Distribution

Run "apt-get dist-upgrade" to install available updates for the Ubuntu release that have already been installed.

Unlike apt-get upgrade it may install new packages or remove installed packages if that is necessary to satisfy dependencies.

$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apache2-mpm-prefork apache2-prefork-dev apache2-utils apache2.2-common apt apt-utils base-files bsdutils bzip2 curl dhcp3-client dhcp3-common dpkg dpkg-dev gnupg gpgv gzip irb1.8 klibc-utils
  language-pack-en language-pack-en-base libapr1 libapr1-dev libaprutil1 libaprutil1-dev libbz2-1.0 libc6 libc6-dev libcurl3 libcurl3-gnutls libdbus-1-3 libexpat1 libexpat1-dev libgnutls13
  libkadm55 libklibc libkrb5-dev libkrb53 libldap-2.4-2 libldap2-dev libmysqlclient15-dev libmysqlclient15off libnewt0.52 libopenssl-ruby1.8 libpam-modules libpam-runtime libpam0g libpq-dev
  libpq5 libreadline-ruby1.8 libruby1.8 libssl-dev libssl0.9.8 libtasn1-3 linux-libc-dev mount mysql-client mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 ntpdate openssh-client
  openssh-server openssl perl perl-base perl-modules postfix python2.5 python2.5-minimal rdoc1.8 ri1.8 ruby1.8 ruby1.8-dev sudo tzdata util-linux util-linux-locales wget whiptail
81 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 91.8MB of archives.
After this operation, 4555kB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://old-releases.ubuntu.com hardy-updates/main dpkg 1.14.16.6ubuntu4.2 [2349kB]
Get:2 http://old-releases.ubuntu.com hardy-updates/main gzip 1.3.12-3.2ubuntu0.1 [106kB]
Get:3 http://old-releases.ubuntu.com hardy-updates/main mount 2.13.1-5ubuntu3.1 [174kB]
Get:4 http://old-releases.ubuntu.com hardy-updates/main perl-modules 5.8.8-12ubuntu0.8 [2313kB]
Get:5 http://old-releases.ubuntu.com hardy-updates/main linux-libc-dev 2.6.24-32.107 [732kB]
Get:6 http://old-releases.ubuntu.com hardy-updates/main libc6-dev 2.7-10ubuntu8.3 [2556kB]
Get:7 http://old-releases.ubuntu.com hardy-updates/main libc6 2.7-10ubuntu8.3 [4890kB]
Get:8 http://old-releases.ubuntu.com hardy-updates/main perl 5.8.8-12ubuntu0.8 [4069kB]
Get:9 http://old-releases.ubuntu.com hardy-updates/main perl-base 5.8.8-12ubuntu0.8 [840kB]
Get:10 http://old-releases.ubuntu.com hardy-updates/main tzdata 2012e~repack-0ubuntu0.8.04 [690kB]
Get:11 http://old-releases.ubuntu.com hardy-updates/main util-linux 2.13.1-5ubuntu3.1 [463kB]
Get:12 http://old-releases.ubuntu.com hardy-updates/main libpam-runtime 0.99.7.1-5ubuntu6.5 [62.1kB]
Get:13 http://old-releases.ubuntu.com hardy-updates/main libpam0g 0.99.7.1-5ubuntu6.5 [90.8kB]
Get:14 http://old-releases.ubuntu.com hardy-updates/main libpam-modules 0.99.7.1-5ubuntu6.5 [274kB]
Get:15 http://old-releases.ubuntu.com hardy-updates/main base-files 4.0.1ubuntu5.8.04.8 [60.6kB]
Get:16 http://old-releases.ubuntu.com hardy-updates/main bsdutils 1:2.13.1-5ubuntu3.1 [64.3kB]
Get:17 http://old-releases.ubuntu.com hardy-updates/main language-pack-en 1:8.04+20100117.1 [2050B]
Get:18 http://old-releases.ubuntu.com hardy-updates/main language-pack-en-base 1:8.04+20100117.1 [712kB]
Get:19 http://old-releases.ubuntu.com hardy-updates/main mysql-common 5.0.96-0ubuntu3 [62.6kB]
Get:20 http://old-releases.ubuntu.com hardy-updates/main mysql-server 5.0.96-0ubuntu3 [53.5kB]
Get:21 http://old-releases.ubuntu.com hardy-updates/main libmysqlclient15off 5.0.96-0ubuntu3 [1864kB]
Get:22 http://old-releases.ubuntu.com hardy-updates/main mysql-client 5.0.96-0ubuntu3 [53.5kB]
Get:23 http://old-releases.ubuntu.com hardy-updates/main mysql-client-5.0 5.0.96-0ubuntu3 [8307kB]
Get:24 http://old-releases.ubuntu.com hardy-updates/main mysql-server-5.0 5.0.96-0ubuntu3 [28.6MB]
Get:25 http://old-releases.ubuntu.com hardy-updates/main apt 0.7.9ubuntu17.6 [1671kB]
Get:26 http://old-releases.ubuntu.com hardy-updates/main bzip2 1.0.4-2ubuntu4.2 [48.5kB]
Get:27 http://old-releases.ubuntu.com hardy-updates/main libbz2-1.0 1.0.4-2ubuntu4.2 [44.3kB]
Get:28 http://old-releases.ubuntu.com hardy-updates/main libssl-dev 0.9.8g-4ubuntu3.20 [2093kB]
Get:29 http://old-releases.ubuntu.com hardy-updates/main libssl0.9.8 0.9.8g-4ubuntu3.20 [949kB]
Get:30 http://old-releases.ubuntu.com hardy-updates/main python2.5 2.5.2-2ubuntu6.2 [3036kB]
Get:31 http://old-releases.ubuntu.com hardy-updates/main python2.5-minimal 2.5.2-2ubuntu6.2 [1284kB]
Get:32 http://old-releases.ubuntu.com hardy-updates/main apt-utils 0.7.9ubuntu17.6 [201kB]
Get:33 http://old-releases.ubuntu.com hardy-updates/main dhcp3-client 3.0.6.dfsg-1ubuntu9.3 [242kB]
Get:34 http://old-releases.ubuntu.com hardy-updates/main dhcp3-common 3.0.6.dfsg-1ubuntu9.3 [301kB]
Get:35 http://old-releases.ubuntu.com hardy-updates/main gpgv 1.4.6-2ubuntu5.2 [161kB]
Get:36 http://old-releases.ubuntu.com hardy-updates/main libtasn1-3 1.1-1ubuntu0.1 [50.6kB]
Get:37 http://old-releases.ubuntu.com hardy-updates/main libgnutls13 2.0.4-1ubuntu2.9 [345kB]
Get:38 http://old-releases.ubuntu.com hardy-updates/main libkrb5-dev 1.6.dfsg.3~beta1-2ubuntu1.8 [89.7kB]
Get:39 http://old-releases.ubuntu.com hardy-updates/main libkadm55 1.6.dfsg.3~beta1-2ubuntu1.8 [162kB]
Get:40 http://old-releases.ubuntu.com hardy-updates/main libkrb53 1.6.dfsg.3~beta1-2ubuntu1.8 [498kB]
Get:41 http://old-releases.ubuntu.com hardy-updates/main libldap2-dev 2.4.9-0ubuntu0.8.04.5 [869kB]
Get:42 http://old-releases.ubuntu.com hardy-updates/main libldap-2.4-2 2.4.9-0ubuntu0.8.04.5 [198kB]
Get:43 http://old-releases.ubuntu.com hardy-updates/main libcurl3-gnutls 7.18.0-1ubuntu2.4 [204kB]
Get:44 http://old-releases.ubuntu.com hardy-updates/main gnupg 1.4.6-2ubuntu5.2 [893kB]
Get:45 http://old-releases.ubuntu.com hardy-updates/main klibc-utils 1.5.7-4ubuntu5 [170kB]
Get:46 http://old-releases.ubuntu.com hardy-updates/main libklibc 1.5.7-4ubuntu5 [48.0kB]
Get:47 http://old-releases.ubuntu.com hardy-updates/main libnewt0.52 0.52.2-11.2ubuntu1.1 [62.0kB]
Get:48 http://old-releases.ubuntu.com hardy-updates/main wget 1.10.2-3ubuntu1.2 [246kB]
Get:49 http://old-releases.ubuntu.com hardy-updates/main whiptail 0.52.2-11.2ubuntu1.1 [36.3kB]
Get:50 http://old-releases.ubuntu.com hardy-updates/main libdbus-1-3 1.1.20-1ubuntu3.9 [140kB]
Get:51 http://old-releases.ubuntu.com hardy-updates/main openssh-server 1:4.7p1-8ubuntu3 [273kB]
Get:52 http://old-releases.ubuntu.com hardy-updates/main openssh-client 1:4.7p1-8ubuntu3 [762kB]
Get:53 http://old-releases.ubuntu.com hardy-updates/main libapr1-dev 1.2.11-1ubuntu0.2 [790kB]
Get:54 http://old-releases.ubuntu.com hardy-updates/main libapr1 1.2.11-1ubuntu0.2 [119kB]
Get:55 http://old-releases.ubuntu.com hardy-updates/main libexpat1-dev 2.0.1-0ubuntu1.2 [140kB]
Get:56 http://old-releases.ubuntu.com hardy-updates/main libexpat1 2.0.1-0ubuntu1.2 [69.2kB]
Get:57 http://old-releases.ubuntu.com hardy-updates/main libpq-dev 8.3.23-0ubuntu8.04.1 [192kB]
Get:58 http://old-releases.ubuntu.com hardy-updates/main libpq5 8.3.23-0ubuntu8.04.1 [371kB]
Get:59 http://old-releases.ubuntu.com hardy-updates/main libaprutil1-dev 1.2.12+dfsg-3ubuntu0.3 [130kB]
Get:60 http://old-releases.ubuntu.com hardy-updates/main libaprutil1 1.2.12+dfsg-3ubuntu0.3 [75.9kB]
Get:61 http://old-releases.ubuntu.com hardy-updates/main openssl 0.9.8g-4ubuntu3.20 [392kB]
Get:62 http://old-releases.ubuntu.com hardy-updates/main apache2-prefork-dev 2.2.8-1ubuntu0.25 [210kB]
Get:63 http://old-releases.ubuntu.com hardy-updates/main apache2-utils 2.2.8-1ubuntu0.25 [143kB]
Get:64 http://old-releases.ubuntu.com hardy-updates/main apache2-mpm-prefork 2.2.8-1ubuntu0.25 [251kB]
Get:65 http://old-releases.ubuntu.com hardy-updates/main apache2.2-common 2.2.8-1ubuntu0.25 [819kB]
Get:66 http://old-releases.ubuntu.com hardy-updates/main libcurl3 7.18.0-1ubuntu2.4 [211kB]
Get:67 http://old-releases.ubuntu.com hardy-updates/main curl 7.18.0-1ubuntu2.4 [199kB]
Get:68 http://old-releases.ubuntu.com hardy-updates/main dpkg-dev 1.14.16.6ubuntu4.2 [558kB]
Get:69 http://old-releases.ubuntu.com hardy-updates/main ruby1.8-dev 1.8.6.111-2ubuntu1.3 [575kB]
Get:70 http://old-releases.ubuntu.com hardy-updates/main libruby1.8 1.8.6.111-2ubuntu1.3 [1450kB]
Get:71 http://old-releases.ubuntu.com hardy-updates/universe libreadline-ruby1.8 1.8.6.111-2ubuntu1.3 [11.4kB]
Get:72 http://old-releases.ubuntu.com hardy-updates/main ruby1.8 1.8.6.111-2ubuntu1.3 [25.1kB]
Get:73 http://old-releases.ubuntu.com hardy-updates/universe irb1.8 1.8.6.111-2ubuntu1.3 [74.3kB]
Get:74 http://old-releases.ubuntu.com hardy-updates/main libmysqlclient15-dev 5.0.96-0ubuntu3 [7639kB]
Get:75 http://old-releases.ubuntu.com hardy-updates/universe libopenssl-ruby1.8 1.8.6.111-2ubuntu1.3 [121kB]
Get:76 http://old-releases.ubuntu.com hardy-updates/main ntpdate 1:4.2.4p4+dfsg-3ubuntu2.3 [65.2kB]
Get:77 http://old-releases.ubuntu.com hardy-updates/universe ri1.8 1.8.6.111-2ubuntu1.3 [1081kB]
Get:78 http://old-releases.ubuntu.com hardy-updates/universe rdoc1.8 1.8.6.111-2ubuntu1.3 [125kB]
Get:79 http://old-releases.ubuntu.com hardy-updates/main sudo 1.6.9p10-1ubuntu3.10 [189kB]
Get:80 http://old-releases.ubuntu.com hardy-updates/main util-linux-locales 2.13.1-5ubuntu3.1 [36.3kB]
Get:81 http://old-releases.ubuntu.com hardy-updates/main postfix 2.5.1-2ubuntu1.4 [1230kB]
Fetched 91.8MB in 1min3s (1455kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 37042 files and directories currently installed.)
Preparing to replace dpkg 1.14.16.6ubuntu4 (using .../dpkg_1.14.16.6ubuntu4.2_amd64.deb) ...
Unpacking replacement dpkg ...
Setting up dpkg (1.14.16.6ubuntu4.2) ...

(Reading database ... 37042 files and directories currently installed.)
Preparing to replace gzip 1.3.12-3.2 (using .../gzip_1.3.12-3.2ubuntu0.1_amd64.deb) ...
Unpacking replacement gzip ...
Setting up gzip (1.3.12-3.2ubuntu0.1) ...

(Reading database ... 37042 files and directories currently installed.)
Preparing to replace mount 2.13.1-5ubuntu3 (using .../mount_2.13.1-5ubuntu3.1_amd64.deb) ...
Unpacking replacement mount ...
Setting up mount (2.13.1-5ubuntu3.1) ...

(Reading database ... 37042 files and directories currently installed.)
Preparing to replace perl-modules 5.8.8-12ubuntu0.4 (using .../perl-modules_5.8.8-12ubuntu0.8_all.deb) ...
Unpacking replacement perl-modules ...
Preparing to replace linux-libc-dev 2.6.24-24.55 (using .../linux-libc-dev_2.6.24-32.107_amd64.deb) ...
Unpacking replacement linux-libc-dev ...
Preparing to replace libc6-dev 2.7-10ubuntu4 (using .../libc6-dev_2.7-10ubuntu8.3_amd64.deb) ...
Unpacking replacement libc6-dev ...
Preparing to replace libc6 2.7-10ubuntu4 (using .../libc6_2.7-10ubuntu8.3_amd64.deb) ...
Unpacking replacement libc6 ...
Setting up libc6 (2.7-10ubuntu8.3) ...

Processing triggers for libc6 ...
ldconfig deferred processing now taking place
(Reading database ... 37042 files and directories currently installed.)
Preparing to replace perl 5.8.8-12ubuntu0.4 (using .../perl_5.8.8-12ubuntu0.8_amd64.deb) ...
Unpacking replacement perl ...
Preparing to replace perl-base 5.8.8-12ubuntu0.4 (using .../perl-base_5.8.8-12ubuntu0.8_amd64.deb) ...
Unpacking replacement perl-base ...
Setting up perl-base (5.8.8-12ubuntu0.8) ...
(Reading database ... 37042 files and directories currently installed.)
Preparing to replace tzdata 2009j-0ubuntu0.8.04 (using .../tzdata_2012e~repack-0ubuntu0.8.04_all.deb) ...
Unpacking replacement tzdata ...
Setting up tzdata (2012e~repack-0ubuntu0.8.04) ...

Current default timezone: 'Etc/UTC'
Local time is now:      Tue May 13 15:34:54 UTC 2014.
Universal Time is now:  Tue May 13 15:34:54 UTC 2014.
Run 'dpkg-reconfigure tzdata' if you wish to change it.


(Reading database ... 37090 files and directories currently installed.)
Preparing to replace util-linux 2.13.1-5ubuntu3 (using .../util-linux_2.13.1-5ubuntu3.1_amd64.deb) ...
Unpacking replacement util-linux ...
Setting up util-linux (2.13.1-5ubuntu3.1) ...

(Reading database ... 37090 files and directories currently installed.)
Preparing to replace libpam-runtime 0.99.7.1-5ubuntu6.1 (using .../libpam-runtime_0.99.7.1-5ubuntu6.5_all.deb) ...
Unpacking replacement libpam-runtime ...
Setting up libpam-runtime (0.99.7.1-5ubuntu6.5) ...

(Reading database ... 37090 files and directories currently installed.)
Preparing to replace libpam0g 0.99.7.1-5ubuntu6.1 (using .../libpam0g_0.99.7.1-5ubuntu6.5_amd64.deb) ...
Unpacking replacement libpam0g ...
Setting up libpam0g (0.99.7.1-5ubuntu6.5) ...

Processing triggers for libc6 ...
ldconfig deferred processing now taking place
(Reading database ... 37090 files and directories currently installed.)
Preparing to replace libpam-modules 0.99.7.1-5ubuntu6.1 (using .../libpam-modules_0.99.7.1-5ubuntu6.5_amd64.deb) ...
Unpacking replacement libpam-modules ...
Setting up libpam-modules (0.99.7.1-5ubuntu6.5) ...

(Reading database ... 37090 files and directories currently installed.)
Preparing to replace base-files 4.0.1ubuntu5.8.04.7 (using .../base-files_4.0.1ubuntu5.8.04.8_amd64.deb) ...
Unpacking replacement base-files ...
Setting up base-files (4.0.1ubuntu5.8.04.8) ...
Installing new version of config file /etc/issue ...
Installing new version of config file /etc/issue.net ...
Installing new version of config file /etc/lsb-release ...

(Reading database ... 37090 files and directories currently installed.)
Preparing to replace bsdutils 1:2.13.1-5ubuntu3 (using .../bsdutils_1%3a2.13.1-5ubuntu3.1_amd64.deb) ...
Unpacking replacement bsdutils ...
Setting up bsdutils (1:2.13.1-5ubuntu3.1) ...

(Reading database ... 37090 files and directories currently installed.)
Preparing to replace language-pack-en 1:8.04+20090105.1 (using .../language-pack-en_1%3a8.04+20100117.1_all.deb) ...
Unpacking replacement language-pack-en ...
Preparing to replace language-pack-en-base 1:8.04+20090105 (using .../language-pack-en-base_1%3a8.04+20100117.1_all.deb) ...
Unpacking replacement language-pack-en-base ...
Preparing to replace mysql-common 5.0.51a-3ubuntu5.4 (using .../mysql-common_5.0.96-0ubuntu3_all.deb) ...
Unpacking replacement mysql-common ...
Preparing to replace mysql-server 5.0.51a-3ubuntu5.4 (using .../mysql-server_5.0.96-0ubuntu3_all.deb) ...
Unpacking replacement mysql-server ...
Preparing to replace libmysqlclient15off 5.0.51a-3ubuntu5.4 (using .../libmysqlclient15off_5.0.96-0ubuntu3_amd64.deb) ...
Unpacking replacement libmysqlclient15off ...
Preparing to replace mysql-client 5.0.51a-3ubuntu5.4 (using .../mysql-client_5.0.96-0ubuntu3_all.deb) ...
Unpacking replacement mysql-client ...
Preparing to replace mysql-client-5.0 5.0.51a-3ubuntu5.4 (using .../mysql-client-5.0_5.0.96-0ubuntu3_amd64.deb) ...
Unpacking replacement mysql-client-5.0 ...
Setting up mysql-common (5.0.96-0ubuntu3) ...
(Reading database ... 37093 files and directories currently installed.)
Preparing to replace mysql-server-5.0 5.0.51a-3ubuntu5.4 (using .../mysql-server-5.0_5.0.96-0ubuntu3_amd64.deb) ...
 * Stopping MySQL database server mysqld                                                                                                                                                   [ OK ]
 * Stopping MySQL database server mysqld                                                                                                                                                   [ OK ]
Unpacking replacement mysql-server-5.0 ...
Preparing to replace apt 0.7.9ubuntu17.2 (using .../apt_0.7.9ubuntu17.6_amd64.deb) ...
Unpacking replacement apt ...
Setting up apt (0.7.9ubuntu17.6) ...

Processing triggers for libc6 ...
ldconfig deferred processing now taking place
(Reading database ... 37626 files and directories currently installed.)
Preparing to replace bzip2 1.0.4-2ubuntu4 (using .../bzip2_1.0.4-2ubuntu4.2_amd64.deb) ...
Unpacking replacement bzip2 ...
Preparing to replace libbz2-1.0 1.0.4-2ubuntu4 (using .../libbz2-1.0_1.0.4-2ubuntu4.2_amd64.deb) ...
Unpacking replacement libbz2-1.0 ...
Preparing to replace libssl-dev 0.9.8g-4ubuntu3.7 (using .../libssl-dev_0.9.8g-4ubuntu3.20_amd64.deb) ...
Unpacking replacement libssl-dev ...
Preparing to replace libssl0.9.8 0.9.8g-4ubuntu3.7 (using .../libssl0.9.8_0.9.8g-4ubuntu3.20_amd64.deb) ...
Unpacking replacement libssl0.9.8 ...
Preparing to replace python2.5 2.5.2-2ubuntu4.1 (using .../python2.5_2.5.2-2ubuntu6.2_amd64.deb) ...
Unpacking replacement python2.5 ...
Preparing to replace python2.5-minimal 2.5.2-2ubuntu4.1 (using .../python2.5-minimal_2.5.2-2ubuntu6.2_amd64.deb) ...
Unpacking replacement python2.5-minimal ...
Setting up python2.5-minimal (2.5.2-2ubuntu6.2) ...

(Reading database ... 37629 files and directories currently installed.)
Preparing to replace apt-utils 0.7.9ubuntu17.2 (using .../apt-utils_0.7.9ubuntu17.6_amd64.deb) ...
Unpacking replacement apt-utils ...
Preparing to replace dhcp3-client 3.0.6.dfsg-1ubuntu9 (using .../dhcp3-client_3.0.6.dfsg-1ubuntu9.3_amd64.deb) ...
Unpacking replacement dhcp3-client ...
Preparing to replace dhcp3-common 3.0.6.dfsg-1ubuntu9 (using .../dhcp3-common_3.0.6.dfsg-1ubuntu9.3_amd64.deb) ...
Unpacking replacement dhcp3-common ...
Preparing to replace gpgv 1.4.6-2ubuntu5 (using .../gpgv_1.4.6-2ubuntu5.2_amd64.deb) ...
Unpacking replacement gpgv ...
Preparing to replace libtasn1-3 1.1-1 (using .../libtasn1-3_1.1-1ubuntu0.1_amd64.deb) ...
Unpacking replacement libtasn1-3 ...
Preparing to replace libgnutls13 2.0.4-1ubuntu2.3 (using .../libgnutls13_2.0.4-1ubuntu2.9_amd64.deb) ...
Unpacking replacement libgnutls13 ...
Preparing to replace libkrb5-dev 1.6.dfsg.3~beta1-2ubuntu1.1 (using .../libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.8_amd64.deb) ...
Unpacking replacement libkrb5-dev ...
Preparing to replace libkadm55 1.6.dfsg.3~beta1-2ubuntu1.1 (using .../libkadm55_1.6.dfsg.3~beta1-2ubuntu1.8_amd64.deb) ...
Unpacking replacement libkadm55 ...
Preparing to replace libkrb53 1.6.dfsg.3~beta1-2ubuntu1.1 (using .../libkrb53_1.6.dfsg.3~beta1-2ubuntu1.8_amd64.deb) ...
Unpacking replacement libkrb53 ...
Preparing to replace libldap2-dev 2.4.9-0ubuntu0.8.04.2 (using .../libldap2-dev_2.4.9-0ubuntu0.8.04.5_amd64.deb) ...
Unpacking replacement libldap2-dev ...
Preparing to replace libldap-2.4-2 2.4.9-0ubuntu0.8.04.2 (using .../libldap-2.4-2_2.4.9-0ubuntu0.8.04.5_amd64.deb) ...
Unpacking replacement libldap-2.4-2 ...
Preparing to replace libcurl3-gnutls 7.18.0-1ubuntu2.1 (using .../libcurl3-gnutls_7.18.0-1ubuntu2.4_amd64.deb) ...
Unpacking replacement libcurl3-gnutls ...
Preparing to replace gnupg 1.4.6-2ubuntu5 (using .../gnupg_1.4.6-2ubuntu5.2_amd64.deb) ...
Unpacking replacement gnupg ...
Preparing to replace klibc-utils 1.5.7-4ubuntu4 (using .../klibc-utils_1.5.7-4ubuntu5_amd64.deb) ...
Unpacking replacement klibc-utils ...
Preparing to replace libklibc 1.5.7-4ubuntu4 (using .../libklibc_1.5.7-4ubuntu5_amd64.deb) ...
Unpacking replacement libklibc ...
Preparing to replace libnewt0.52 0.52.2-11.2ubuntu1 (using .../libnewt0.52_0.52.2-11.2ubuntu1.1_amd64.deb) ...
Unpacking replacement libnewt0.52 ...
Preparing to replace wget 1.10.2-3ubuntu1 (using .../wget_1.10.2-3ubuntu1.2_amd64.deb) ...
Unpacking replacement wget ...
Preparing to replace whiptail 0.52.2-11.2ubuntu1 (using .../whiptail_0.52.2-11.2ubuntu1.1_amd64.deb) ...
Unpacking replacement whiptail ...
Preparing to replace libdbus-1-3 1.1.20-1ubuntu3.2 (using .../libdbus-1-3_1.1.20-1ubuntu3.9_amd64.deb) ...
Unpacking replacement libdbus-1-3 ...
Preparing to replace openssh-server 1:4.7p1-8ubuntu1.2 (using .../openssh-server_1%3a4.7p1-8ubuntu3_amd64.deb) ...
Unpacking replacement openssh-server ...
Preparing to replace openssh-client 1:4.7p1-8ubuntu1.2 (using .../openssh-client_1%3a4.7p1-8ubuntu3_amd64.deb) ...
Unpacking replacement openssh-client ...
Preparing to replace libapr1-dev 1.2.11-1 (using .../libapr1-dev_1.2.11-1ubuntu0.2_amd64.deb) ...
Unpacking replacement libapr1-dev ...
Preparing to replace libapr1 1.2.11-1 (using .../libapr1_1.2.11-1ubuntu0.2_amd64.deb) ...
Unpacking replacement libapr1 ...
Preparing to replace libexpat1-dev 2.0.1-0ubuntu1 (using .../libexpat1-dev_2.0.1-0ubuntu1.2_amd64.deb) ...
Unpacking replacement libexpat1-dev ...
Preparing to replace libexpat1 2.0.1-0ubuntu1 (using .../libexpat1_2.0.1-0ubuntu1.2_amd64.deb) ...
Unpacking replacement libexpat1 ...
Preparing to replace libpq-dev 8.3.7-0ubuntu8.04.1 (using .../libpq-dev_8.3.23-0ubuntu8.04.1_amd64.deb) ...
Unpacking replacement libpq-dev ...
Preparing to replace libpq5 8.3.7-0ubuntu8.04.1 (using .../libpq5_8.3.23-0ubuntu8.04.1_amd64.deb) ...
Unpacking replacement libpq5 ...
Preparing to replace libaprutil1-dev 1.2.12+dfsg-3ubuntu0.1 (using .../libaprutil1-dev_1.2.12+dfsg-3ubuntu0.3_amd64.deb) ...
Unpacking replacement libaprutil1-dev ...
Preparing to replace libaprutil1 1.2.12+dfsg-3ubuntu0.1 (using .../libaprutil1_1.2.12+dfsg-3ubuntu0.3_amd64.deb) ...
Unpacking replacement libaprutil1 ...
Preparing to replace openssl 0.9.8g-4ubuntu3.7 (using .../openssl_0.9.8g-4ubuntu3.20_amd64.deb) ...
Unpacking replacement openssl ...
Preparing to replace apache2-prefork-dev 2.2.8-1ubuntu0.9 (using .../apache2-prefork-dev_2.2.8-1ubuntu0.25_amd64.deb) ...
Unpacking replacement apache2-prefork-dev ...
Preparing to replace apache2-utils 2.2.8-1ubuntu0.9 (using .../apache2-utils_2.2.8-1ubuntu0.25_amd64.deb) ...
Unpacking replacement apache2-utils ...
Preparing to replace apache2-mpm-prefork 2.2.8-1ubuntu0.9 (using .../apache2-mpm-prefork_2.2.8-1ubuntu0.25_amd64.deb) ...
 * Stopping web server apache2                                                                                                                                                                     * We failed to correctly shutdown apache, so we're now killing all running apache processes. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now!
                                                                                                                                                                                           [ OK ]
Unpacking replacement apache2-mpm-prefork ...
Preparing to replace apache2.2-common 2.2.8-1ubuntu0.9 (using .../apache2.2-common_2.2.8-1ubuntu0.25_amd64.deb) ...
Unpacking replacement apache2.2-common ...
Preparing to replace libcurl3 7.18.0-1ubuntu2.1 (using .../libcurl3_7.18.0-1ubuntu2.4_amd64.deb) ...
Unpacking replacement libcurl3 ...
Preparing to replace curl 7.18.0-1ubuntu2.1 (using .../curl_7.18.0-1ubuntu2.4_amd64.deb) ...
Unpacking replacement curl ...
Preparing to replace dpkg-dev 1.14.16.6ubuntu4 (using .../dpkg-dev_1.14.16.6ubuntu4.2_all.deb) ...
Unpacking replacement dpkg-dev ...
Preparing to replace ruby1.8-dev 1.8.6.111-2ubuntu1.2 (using .../ruby1.8-dev_1.8.6.111-2ubuntu1.3_amd64.deb) ...
Unpacking replacement ruby1.8-dev ...
Preparing to replace libruby1.8 1.8.6.111-2ubuntu1.2 (using .../libruby1.8_1.8.6.111-2ubuntu1.3_amd64.deb) ...
Unpacking replacement libruby1.8 ...
Preparing to replace libreadline-ruby1.8 1.8.6.111-2ubuntu1.2 (using .../libreadline-ruby1.8_1.8.6.111-2ubuntu1.3_amd64.deb) ...
Unpacking replacement libreadline-ruby1.8 ...
Preparing to replace ruby1.8 1.8.6.111-2ubuntu1.2 (using .../ruby1.8_1.8.6.111-2ubuntu1.3_amd64.deb) ...
Unpacking replacement ruby1.8 ...
Preparing to replace irb1.8 1.8.6.111-2ubuntu1.2 (using .../irb1.8_1.8.6.111-2ubuntu1.3_all.deb) ...
Unpacking replacement irb1.8 ...
Preparing to replace libmysqlclient15-dev 5.0.51a-3ubuntu5.4 (using .../libmysqlclient15-dev_5.0.96-0ubuntu3_amd64.deb) ...
Unpacking replacement libmysqlclient15-dev ...
Preparing to replace libopenssl-ruby1.8 1.8.6.111-2ubuntu1.2 (using .../libopenssl-ruby1.8_1.8.6.111-2ubuntu1.3_amd64.deb) ...
Unpacking replacement libopenssl-ruby1.8 ...
Preparing to replace ntpdate 1:4.2.4p4+dfsg-3ubuntu2.2 (using .../ntpdate_1%3a4.2.4p4+dfsg-3ubuntu2.3_amd64.deb) ...
Unpacking replacement ntpdate ...
Preparing to replace ri1.8 1.8.6.111-2ubuntu1.2 (using .../ri1.8_1.8.6.111-2ubuntu1.3_all.deb) ...
Unpacking replacement ri1.8 ...
Preparing to replace rdoc1.8 1.8.6.111-2ubuntu1.2 (using .../rdoc1.8_1.8.6.111-2ubuntu1.3_all.deb) ...
Unpacking replacement rdoc1.8 ...
Preparing to replace sudo 1.6.9p10-1ubuntu3.4 (using .../sudo_1.6.9p10-1ubuntu3.10_amd64.deb) ...
Unpacking replacement sudo ...
Preparing to replace util-linux-locales 2.13.1-5ubuntu3 (using .../util-linux-locales_2.13.1-5ubuntu3.1_all.deb) ...
Unpacking replacement util-linux-locales ...
Preparing to replace postfix 2.5.1-2ubuntu1.2 (using .../postfix_2.5.1-2ubuntu1.4_amd64.deb) ...
 * Stopping Postfix Mail Transport Agent postfix                                                                                                                                           [ OK ]
 * Stopping Postfix Mail Transport Agent postfix                                                                                                                                           [ OK ]
Unpacking replacement postfix ...
Setting up linux-libc-dev (2.6.24-32.107) ...
Setting up libc6-dev (2.7-10ubuntu8.3) ...
Setting up libmysqlclient15off (5.0.96-0ubuntu3) ...

Setting up libbz2-1.0 (1.0.4-2ubuntu4.2) ...

Setting up bzip2 (1.0.4-2ubuntu4.2) ...

Setting up libssl0.9.8 (0.9.8g-4ubuntu3.20) ...

Setting up libssl-dev (0.9.8g-4ubuntu3.20) ...
Setting up python2.5 (2.5.2-2ubuntu6.2) ...

Setting up apt-utils (0.7.9ubuntu17.6) ...

Setting up dhcp3-common (3.0.6.dfsg-1ubuntu9.3) ...
Setting up dhcp3-client (3.0.6.dfsg-1ubuntu9.3) ...

Setting up gpgv (1.4.6-2ubuntu5.2) ...
Setting up libtasn1-3 (1.1-1ubuntu0.1) ...

Setting up libgnutls13 (2.0.4-1ubuntu2.9) ...

Setting up libkrb53 (1.6.dfsg.3~beta1-2ubuntu1.8) ...

Setting up libkadm55 (1.6.dfsg.3~beta1-2ubuntu1.8) ...

Setting up libkrb5-dev (1.6.dfsg.3~beta1-2ubuntu1.8) ...
Setting up libldap-2.4-2 (2.4.9-0ubuntu0.8.04.5) ...

Setting up libldap2-dev (2.4.9-0ubuntu0.8.04.5) ...
Setting up libcurl3-gnutls (7.18.0-1ubuntu2.4) ...

Setting up gnupg (1.4.6-2ubuntu5.2) ...
Setting up libklibc (1.5.7-4ubuntu5) ...
Setting up klibc-utils (1.5.7-4ubuntu5) ...
Setting up libnewt0.52 (0.52.2-11.2ubuntu1.1) ...

Setting up wget (1.10.2-3ubuntu1.2) ...

Setting up whiptail (0.52.2-11.2ubuntu1.1) ...
Setting up libdbus-1-3 (1.1.20-1ubuntu3.9) ...

Setting up openssh-client (1:4.7p1-8ubuntu3) ...

Setting up openssh-server (1:4.7p1-8ubuntu3) ...
 * Restarting OpenBSD Secure Shell server sshd                                                                                                                                             [ OK ]

Setting up libapr1 (1.2.11-1ubuntu0.2) ...

Setting up libapr1-dev (1.2.11-1ubuntu0.2) ...
Setting up libexpat1 (2.0.1-0ubuntu1.2) ...

Setting up libexpat1-dev (2.0.1-0ubuntu1.2) ...

Setting up libpq5 (8.3.23-0ubuntu8.04.1) ...

Setting up libpq-dev (8.3.23-0ubuntu8.04.1) ...
Setting up libaprutil1 (1.2.12+dfsg-3ubuntu0.3) ...

Setting up libaprutil1-dev (1.2.12+dfsg-3ubuntu0.3) ...
Setting up openssl (0.9.8g-4ubuntu3.20) ...

Setting up apache2-utils (2.2.8-1ubuntu0.25) ...
Setting up apache2.2-common (2.2.8-1ubuntu0.25) ...

Setting up apache2-prefork-dev (2.2.8-1ubuntu0.25) ...
Setting up apache2-mpm-prefork (2.2.8-1ubuntu0.25) ...
 * Starting web server apache2                                                                                                                                                                    
[ OK ]

Setting up libcurl3 (7.18.0-1ubuntu2.4) ...

Setting up curl (7.18.0-1ubuntu2.4) ...
Setting up libruby1.8 (1.8.6.111-2ubuntu1.3) ...

Setting up ruby1.8-dev (1.8.6.111-2ubuntu1.3) ...
Setting up libreadline-ruby1.8 (1.8.6.111-2ubuntu1.3) ...
Setting up ruby1.8 (1.8.6.111-2ubuntu1.3) ...
Setting up irb1.8 (1.8.6.111-2ubuntu1.3) ...

Setting up libmysqlclient15-dev (5.0.96-0ubuntu3) ...

Setting up libopenssl-ruby1.8 (1.8.6.111-2ubuntu1.3) ...
Setting up ntpdate (1:4.2.4p4+dfsg-3ubuntu2.3) ...

Setting up rdoc1.8 (1.8.6.111-2ubuntu1.3) ...
Setting up ri1.8 (1.8.6.111-2ubuntu1.3) ...
Setting up sudo (1.6.9p10-1ubuntu3.10) ...

Setting up util-linux-locales (2.13.1-5ubuntu3.1) ...

Setting up postfix (2.5.1-2ubuntu1.4) ...

Postfix configuration was not changed.  If you need to make changes, edit
/etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
values, see postconf(1).

After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.

Running newaliases
 * Stopping Postfix Mail Transport Agent postfix                                                                                                                                           [ OK ]
 * Starting Postfix Mail Transport Agent postfix                                                                                                                                           [ OK ]

Setting up language-pack-en (1:8.04+20100117.1) ...
Setting up perl-modules (5.8.8-12ubuntu0.8) ...
Setting up language-pack-en-base (1:8.04+20100117.1) ...
Generating locales...
  en_AG.UTF-8... cannot open locale definition file `en_AG': No such file or directory
failed
  en_AU.UTF-8... up-to-date
  en_BW.UTF-8... up-to-date
  en_CA.UTF-8... up-to-date
  en_DK.UTF-8... up-to-date
  en_GB.UTF-8... up-to-date
  en_HK.UTF-8... up-to-date
  en_IE.UTF-8... up-to-date
  en_IN.UTF-8... up-to-date
  en_NG.UTF-8... up-to-date
  en_NZ.UTF-8... up-to-date
  en_PH.UTF-8... up-to-date
  en_SG.UTF-8... up-to-date
  en_US.UTF-8... up-to-date
  en_ZA.UTF-8... up-to-date
  en_ZW.UTF-8... up-to-date
Generation complete.

Setting up perl (5.8.8-12ubuntu0.8) ...

Setting up mysql-client-5.0 (5.0.96-0ubuntu3) ...
Setting up mysql-server-5.0 (5.0.96-0ubuntu3) ...
 * Stopping MySQL database server mysqld                                                                                                                                                   [ OK ]
 * Starting MySQL database server mysqld                                                                                                                                                   [ OK ]
 * Checking for corrupt, not cleanly closed and upgrade needing tables.

Setting up mysql-server (5.0.96-0ubuntu3) ...
Setting up mysql-client (5.0.96-0ubuntu3) ...
Setting up dpkg-dev (1.14.16.6ubuntu4.2) ...
Processing triggers for libc6 ...
ldconfig deferred processing now taking place

Update Packages

Download the package lists from the repositories and "updates" them to get information on the newest versions of packages and their dependencies. It will do this for all repositories and PPAs.

$ sudo apt-get update
Hit http://old-releases.ubuntu.com hardy Release.gpg
Ign http://old-releases.ubuntu.com hardy/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy/universe Translation-en_US
Hit http://old-releases.ubuntu.com hardy-updates Release.gpg
Ign http://old-releases.ubuntu.com hardy-updates/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy-updates/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy-updates/universe Translation-en_US
Get:1 http://old-releases.ubuntu.com hardy-security Release.gpg [198B]
Ign http://old-releases.ubuntu.com hardy-security/main Translation-en_US
Ign http://old-releases.ubuntu.com hardy-security/restricted Translation-en_US
Ign http://old-releases.ubuntu.com hardy-security/universe Translation-en_US
Hit http://old-releases.ubuntu.com hardy Release
Hit http://old-releases.ubuntu.com hardy-updates Release
Get:2 http://old-releases.ubuntu.com hardy-security Release [65.9kB]
Hit http://old-releases.ubuntu.com hardy/main Packages
Hit http://old-releases.ubuntu.com hardy/restricted Packages
Hit http://old-releases.ubuntu.com hardy/universe Packages
Hit http://old-releases.ubuntu.com hardy/main Sources
Hit http://old-releases.ubuntu.com hardy/restricted Sources
Hit http://old-releases.ubuntu.com hardy/universe Sources
Hit http://old-releases.ubuntu.com hardy-updates/main Packages
Hit http://old-releases.ubuntu.com hardy-updates/restricted Packages
Hit http://old-releases.ubuntu.com hardy-updates/universe Packages
Hit http://old-releases.ubuntu.com hardy-updates/main Sources
Hit http://old-releases.ubuntu.com hardy-updates/restricted Sources
Hit http://old-releases.ubuntu.com hardy-updates/universe Sources
Get:3 http://old-releases.ubuntu.com hardy-security/main Packages [306kB]
Get:4 http://old-releases.ubuntu.com hardy-security/restricted Packages [11.5kB]
Get:5 http://old-releases.ubuntu.com hardy-security/universe Packages [145kB]
Get:6 http://old-releases.ubuntu.com hardy-security/main Sources [150kB]
Get:7 http://old-releases.ubuntu.com hardy-security/restricted Sources [1251B]
Get:8 http://old-releases.ubuntu.com hardy-security/universe Sources [49.1kB]
Fetched 729kB in 2s (345kB/s)
Reading package lists... Done


Determine Ubuntu Server Version


$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.4 LTS
Release: 8.04
Codename: hardy


Next Steps

Now, we're as good as we're going to get unless we upgrade the operating system version.

If that is not an option, then you'd better ensure that you have hardened your server as much as possible.

However, as the owner of the unsupported operating system you need to understand the very real business risks that exist.

Upgrading to Current Release

Being that Ubuntu is, as of this writing, up to version 14.10, the best way to upgrade is a fresh install.

Using Puppet and Vagrant to automate the server installation process is also recommended.

Vagrant is a wrapper around the VirtualBox virtualization platform that manages headless server instances.

While Vagrant manages the virtual machine and allows me to spin up and destroy the instance at will, Puppet is the tool that performs the magic of installing Development Environment technology stack, e.g., Apache, Ruby on Rails, Go, and other packages such as Git. Puppet manages the long checklist of packages that are required.

References

http://www.tecmint.com/linux-server-hardening-security-tips/
http://askubuntu.com/questions/81585/what-is-dist-upgrade-and-why-does-it-upgrade-more-than-upgrade
http://en.wikipedia.org/wiki/List_of_Ubuntu_releases#Table_of_versions
https://www.andrewmunsell.com/blog/development-environments-with-vagrant-and-puppet