adduser webbrowserRunning Firefox as a separate user
A simple recipe to run Firefox as a separate user. With almost no drawbacks, this puts one more obstacle in the way of a remote attacker that wants to access your personal data.
First, create an account to run Firefox as. I use adduser for these tasks.
You probably want to add the user to the typical audio and video groups so you can play web videos, etc.
Second, give your normal user permission to run Firefox as the new user, through sudo. This can be done by editing the /etc/sudoers file and adding a line like this one:
your_user ALL=(webbrowser) NOPASSWD: /usr/bin/firefoxWhere "your_user" is your normal username. Third, this new user needs to be able to use your X server. Run the following from the X session, X init or window manager startup scripts:
xhost local:And that’s it. You should be able to run it as sudo -u webbrowser firefox. You can launch it from a GUI launcher icon, or create a script that wraps this operation. By using a wrapper, you can set it for file associations in programs more easily depending on your desktop environment. I have $HOME/bin in my PATH, so I created $HOME/bin/firefox with the following contents.
#!/bin/sh
cd /
exec sudo -u webbrowser -- /usr/bin/firefox "$@"The original Firefox can still be launched with its full path or by creating a symlink with a slightly different name in a PATH directory.
Caution: an attacker exploiting a Firefox bug could still run code as the user running the Firefox process. They could still take screenshots, or log your key strokes or maybe launch programs and inject input events. Like I said, it’s only one more obstacle.
Safer but more inconvenient approaches could be:
-
Launching a second X server as a specific user and run Firefox there. This implies switching X servers from time to time, inability to copy and paste text from one server to another, etc.
-
Running Firefox inside a virtual machine, which uses an X server that in turn uses a virtual video driver, etc. This is also a bit inconvenient when downloading stuff, it takes more system resources, etc.
Comments
My trip to Rome
From April 27th to May 1st I traveled to Rome with my wife. She had been wanting to go to Rome all her life, so there was a great deal of anticipation in this trip. It did not let us down a bit and we enjoyed every minute we spent in the city. We’re eager to go back some day and spend a bit more time slowly tasting a few things we didn’t manage to visit and revisiting our favorite places.
How’s the city?
Rome is a busy city with raving traffic and packed with tourists every day of the year. If you want to go to Rome and want to get a general introduction about the city, I cannot stop recommending Wikitravel’s entry on the city. It has a lot of useful information. I don’t recommend going during summer because it will probably be hot as hell. Spring or autumn are better.
Rome’s downtown is not that big and can be traversed on foot without much trouble provided you’re not in a very bad shape. I’m still relatively thin despite not exercising in years and didn’t suffer too much walking everywhere.
Food is as cheap or as expensive as you want. There are countless fast food and pizza kiosks everywhere in the city that make it possible to have lunch for around 5 euros. Or, for a bit more money, special menus in restaurants adjacent to Fontana Di Trevi on the west are available normally consisting of two main courses plus a dessert. With a water bottle, you could end up paying around 15 euros per person. For a similar price you could also order a full pizza and a drink. Or if price is not the problem you can enter any nice restaurant and order whatever you wish a la carte.
Two hints about eating in Rome: sometimes the service is included in the price (normally around 10%) and sometimes it’s not. Check your receipt to see if you have to tip or not. Also, you may see a special menu offer outside the restaurant and no signs of it inside or mentioned by the waiters. Do not hesitate and order the menu with the name you read outside. It’s not a problem at all. Also, do not order anything without knowing its price in advance, specially around the Vatican City area. It’s a recipe to get cheated.
Where to stay?
The Tiber river crosses the city from north to south and leaves most interesting things to the east, while Vatican City and the Trastevere district remain on the west bank.
Almost always, you want your hotel to be on the east bank. In the east end you’ll find the Termini train station. Close to it you can find the best price/quality ratio without being too far. Prices normally increase as you move to the center of the city, but there are a few luxury hotels in noncentric areas. Ideally, you could get your hotel with a special discount on the Internet and close to the Pantheon. If not, move east up to the Termini station until you find a price you can agree with.
For this trip we were hosted at the Nuovo Hotel Quattro Fontane, a nice 3 stars hotel not too far away. I can totally recommend it. It’s small, affordable, and has a wonderful staff and a decent breakfast buffet. We were very close to catching a special offer to stay at the Hotel Della Torre Argentina for less than 150 euros a night, which would have been almost the ideal location. But I can’t comment on it since we didn’t stay there.
What I would visit again
If I were to visit Rome again for 3 or 4 days, I would repeat my visit to the Pantheon without a doubt. It’s an impressive building from ancient Rome converted to a Catholic church in the heart of the city. Pros: Raffael’s grave, free entrance, no queues. Cons: none I can think of.
I would also visit the Colosseum again. Cons: if you go as-is, you’ll most likely face a 2-hour long queue to enter the building. Pros: you can get a Roma Pass card in one of the Tourist Information points and go in directly, or you can sign up and pay for a guided tour as you approach the building. Guided tours have the advantage of visiting a few areas which are not accessible otherwise. We went in with Roma Pass cards, but would sign up for a guided visit the next time.
By the way, a Roma Pass card is a card that costs 30 euros per person and gives you unlimited access to the public transport system for 3 days, plus free entrance to the first two museums, plus preferential access to a few places. It almost paid for itself when we could get in the Colosseum without waiting. :-)
The Vatican Museums are worth a second visit too. We signed up for a guided tour prior to our trip, but we didn’t like it. The next time, we would read about their most interesting things in advance (including the always-crowded Sistine Chapel) and would try to get a ticket from their official website to avoid waiting in line. After that visit, you can go directly to the St. Peter’s Basilica, which probably has the most impressive and massive dome in the world. If you have time and energy, you could climb to the top of the dome (paid apart and needing to wait in line, for sure). I did this time but do not attempt the climb if you’re afraid of heights or in very poor shape. 500 steps ahead. You can take an elevator that would save you 200.
It’s worth noting the Roma Pass card does not work in Vatican City. Different government and different country.
A few other things are worth revisiting if I have time, but those are the essentials.
What I would skip
I would skip the Castel Sant’Angelo and a lot of churches. They’re all very beautiful but there are hundreds of them and we visited a few dozen. I’d only go to the basic interesting ones with unskippable art in them.
I also had the classic Tartufo in Piazza Navona. Neither me nor my wife liked it very much. It typically costs 5 euros if you order it to take away and 10 euros if you sit outside. Only worth it if you like chocolate a bit bitter and with a slight touch of liquor.
While we’re at it, every whipped cream we got served in Rome has a distinct lack of sugar compared to how we prepare it in Spain, so I found it a bit tasteless everywhere.
What I missed that would like to visit
A walk and dinner in Trastevere. The lack of time and excess of distance prevented us from going there.
The Catacombs. Their main entrance is located in an area a few kilometers south of Rome. You can take a planned tour bus. I don’t know if it’s currently possible/sensible to go there by yourself easily.
And that’s it for now. Arrivederci, Roma.
PS: In the video, they’re sitting in Piazza Navona.
A peek into the blog web server logs
I briefly examined the web server logs today and I noticed a couple of interesting things.
First, in spite of Google announcing they’re closing the Google Reader service on July 1, 2013, the number of subscriptions as reported by their bot has not decreased. In fact, it has increased. Other news services don’t seem to be accessing the RSS feed so far.
Second, spammers seem to be accessing files from this blog and leaving a referrer URL behind that links to their spamming sites. I suppose the goal is not to spam anyone reading the server logs, which would be a bit dumb. Maybe if a site provides statistics about referrals and visitors they intend for those stat pages to link back to their site improving the page rank? Have you seen such a thing before?
Game Review: Skyward Sword
I like Zelda games a lot, but can’t call myself a Zelda fan because I’ve only played four of the sixteen main titles released so far. Here’s my review of the latest game in the series, which happens to be one of the first ones in the game universe chronology.
If you haven’t played any Zelda games before, they are RPG games. Most of them were played with a top view in the 2D days and changed to third person perspective when 3D was introduced. In them, you play an incarnation of the game protagonist, Link, at some point in time in the Zelda universe, and usually you have to rescue and/or help the incarnation of Princess Zelda defeat the main antagonist.
The first game I played was A Link to the Past for the SNES, which I thought was great at the moment and I devoured it in 3 days when I was a kid and had to be at home fighting the flu.
Then, I played Ocarina of Time for the N64, which was the best game I had ever played at that moment. I seriously think buying the N64 was almost justified only to be able to play that game. I could go on and on about this game but reading the "Reception" section at Wikipedia should be enough. It was one of the highest points in video gaming history.
I couldn’t save enough money to get a copy of Majora’s Mask, which was released for the N64 too, so I had to wait a lot of years until I got to play Twilight Princess for the Wii. For me, Twilight Princess was another amazing game. It couldn’t be as innovative as Ocarina of Time was when it arrived, and that’s its only major "fault". Both games can be directly compared. The technological advances in both graphics and game controls made Twilight Princess essentially a sequel in spirit. In Twilight Princess, you have everything you have in Ocarina of Time, but multiplied by a factor of 10.
So we finally arrive to Skyward Sword. I wanted to play this game about a year ago, a bit after it was released, but I had other important things to do then, and a lot of games were waiting to be played.
While still a Zelda game, it’s no doubt different from Twilight Princess. Most critics would say it’s yet another iteration and improvement in the game series, making it the best game so far. And many praised the game controls and how the Motion Plus controller perfectly tracks your hand and allows you to slash enemies with precision.
Yet I didn’t enjoy it so much as Twilight Princess. The game is long and the story is interesting, as always, but I found 3 minor flaws worth pointing out.
First, the game controls sometimes lose the screen center point. This means you can be pointing at the middle of the screen and the game responds as if you were pointing at one of the edges or corners. It’s not very frequent and I’m sure game developers were aware of this small problem, because they made the Wii remote down arrow a "reset" for this problem. You point to the center of the screen, hit the down arrow and that’s the center from then on. Also, while the game follows your movement almost perfectly, it interprets a slash when you move the remote fast. In the heat of battle sometimes I moved the remote too fast while preparing to hit and it considered it a premature slash in the wrong direction. This detail can be important in the game because enemies defend themselves from attacks coming from one side or another.
The second minor flaw is that some side missions don’t seem that well integrated into the main game as with other titles, and the gameplay is a bit too linear at some points.
Finally, and maybe I’m getting old, I found the game too easy for my taste. I’m now playing it in "hero" mode, which you have access to after finishing the game for the first time, and I really think it’s a bit more balanced this way. Most dungeon puzzles were easy too.
As for the score, those minor flaws prevent me from giving it a 10 out of 10. It’s a score I prefer to preserve for other games. This one is a superb game that you should definitely play and it’s a 9 or 9.5 out of 10. Ocarina of Time and Twilight Princess get a 10 out of 10, but this one is, after all, a Zelda game and I’m a spoiled child. :-)
Release announcements
If you’re a package maintainer for a Linux distribution, or a user who likes to compile a few packages by yourself, you’ll have faced the problem of noticing when a piece of software has a new release.
In the Windows world, which (still) lacks a centralized repository of software packages and users normally download and install the programs they need, it’s almost a requirement nowadays to include some kind of version checking mechanism with your program. Many major programs have it, like Firefox and Thunderbird, Chrome, Adobe Flash, Oracle Java, Steam, etc. Windows itself has Windows Update.
In the Linux world, usually you don’t want to be notified in-app because the user who is running the program doesn’t have privileges to overwrite program files without an intermediate mechanism like sudo and, furthermore, the version they’re running probably has been installed as a package and the proper way to upgrade the program is by upgrading its package. Still, package maintainers need to be notified of new releases.
Before Github and Bitbucket, many FOSS packages were hosted at SourceForge. In this site, you can create a user account and subscribe to file releases for any project hosted there. If the project was self-hosted or hosted anywhere else, or even if it was hosted at SourceForge, you also had the option of going to Freecode (formerly Freshmeat). It’s a project database (it doesn’t hold project contents) and also allowed subscribing to new releases. Many people still use it to announce new releases reliably (for example, I’m subscribed to Iotop). Release announcements are approved by humans, but everyone can submit new releases for any project which hasn’t forbidden doing so. This can make announcing new releases a collective effort. Obviously, it works best if it’s the project maintainer who submits releases. Notably, Freecode also features an API that can be used to get and post releases automatically. It started more than 9 years ago as an XML-RPC API. Now I feel old because I remember reading that announcement when it was published.
The best solution to the problem, in my humble opinion, is the announce mailing list, but not many projects have one. It’s a simple read-only mailing list that only gets release announcements. By being read-only, spam is not a problem and you only get what you’re interested in, but it requires setting up mailing list software and a server somewhere, which is not an immediate option for many FOSS authors. Some other projects have mailing lists but not an announce one, which exposes you to much more traffic. A few examples of projects that have one: Valgrind, i3 (see the bottom of the page) or Wireshark.
In the Wireshark mailing lists page you can see what is in my opinion the second best solution to this problem. They publish an RSS feed of Wireshark announce messages. RSS feeds need no subscription (in the mailing list sense) and barely any infrastructure. If the site you’re hosting your project in gives you a bit of web space, you can automatically create and host an RSS feed, leveraging the power of the web to provide information in a standardized format that is easy to manage for your users. This seems to be the best solution when hosting in Github or by yourself.
As I’m myself guilty of not providing proper release announcements for my software sometimes, nothing’s better than a public promise to do the right thing in the future. If you’re the maintainer of a FOSS project, consider using RSS feeds or announce mailing lists if possible.