bug

Apache 2.2 with PFS on Debian 7 wheezy and Ubuntu 12.04

During I was changing all ssl keys because of the heartbleed bug I thought it is a good time to enable PFS on my Debian 7 und Ubuntu 12.04 LTS servers (ECC keys and ECDH ciphers). Here is a step by step howto, when its not your first time to install something from source it shouldn't be that hard:

1. Preperation - download source and needed tools

Apache 2.2 mit PFS auf Debian 7 Wheezy und Ubuntu 12.04

Nachdem ich nun alle Keys tauschen musste (heartbleed bug), dachte ich mir es ist Zeit auch bei den aktuellen Debian 7 und Ubuntu 12.04 LTS für PFS, also ECC keys and ECDH ciphers. Der Weg dorthin ist - wenn man ein wenig Übung mit kompilieren und apt hat, relativ einfach:

1. Vorbereitungen - Quellcode und Tools herunterladen

apt-get update: procps ... start: Job failed to start

Seeing an error message during a server upgrade is something you don't want to see - but it seems many people are hit by that Ubuntu bug. Seems my systems were hit because I use OpenVZ (or, better said, Proxmox) for virtualizing my servers.

In the bugreport comments #5 and #11 you'll find the solution: comment out kernel.kptr_restrict = 1 or (re)move the file /etc/sysctl.d/10-kernel-hardening.conf

Now the update process can complete :)

Ubuntu 12.10 and Amazon suggestions

During the first two beta releases of Ubuntu 12.10 there was a lot of excitement, as the main lens of Unity suddenly showed not only your installed programs and files, there were also Amazon search results. Mark Shuttleworth answered within hours , but some people didn't understand it completely, they thought there will be no easy way to deactivate this new feature.