Wednesday, December 23, 2009

Ubuntu 10.04 is on the Right Track to an LTS Release

Waterfall ModelImage via Wikipedia
In Ubuntu 10.04 LTS: How we get there, Matt Zimmerman goes over the differences between the recent releases' development process and Lucid's. The major differences are:

  1. Pulling from Debian Testing, not Unstable, leading to a more polished product from the get-go.
  2. An emphasis on testing instead of features, meaning that there's actually less to test.
  3. No major changes to infrastructure. PulseAudio was introduced (and lambasted) in 8.04. No one wants to see that mess again.
  4. An early beta release (and I understand there will be two betas).
  5. Coordination with Debian's release schedule, leading to more eyes on bugs.

I had real problems with the choices for 8.04, and several things were broken on release. I'm tickled to see Ubuntu taking an LTS release extremely seriously.
Reblog this post [with Zemanta]

Tuesday, December 22, 2009

Official Google Blog: The meaning of open

This is an extremely interesting view into Google's opinion of open standards, open source, and open information. Official Google Blog: The meaning of open

Open Standards

Today, we base our developer products on open standards because interoperability is a critical element of user choice. What does this mean for Google Product Managers and Engineers? Simple: whenever possible, use existing open standards. If you are venturing into an area where open standards don't exist, create them. If existing standards aren't as good as they should be, work to improve them and make those improvements as simple and well documented as you can. Our top priorities should always be users and the industry at large and not just the good of Google, and you should work with standards committees to make our changes part of the accepted specification.

Open Source

So as you are building your product or adding new features, stop and ask yourself: Would open sourcing this code promote the open Internet? Would it spur greater user, advertiser, and partner choice? Would it lead to greater competition and innovation? If so, then you should make it open source. And when you do, do it right; don't just push it over the wall into the public realm and forget about it. Make sure you have the resources to pay attention to the code and foster developer engagement.

Open Information

So while having more personal information online can be quite beneficial to everyone, its uses should be guided by principles that are responsible, scalable, and flexible enough to grow and change with our industry. And unlike open technology, where our objective is to grow the Internet ecosystem, our approach to open information is to build trust with the individuals who engage within that ecosystem (users, partners, and customers). Trust is the most important currency online, so to build it we adhere to three principles of open information: value, transparency, and control.

Reblog this post [with Zemanta]

Friday, December 18, 2009

Shuttleworth Steps Down As Canonical CEO

"In a surprise move (at least, it was surprising to me), Ubuntu founder and Canonical CEO Mark Shuttleworth has announced he's stepping down as the CEO of Canonical, the commercial endeavour behind the Ubuntu Linux distribution. He will continue, however, to play major role in the company and Ubuntu's future.

Jane Silber, the Chief Operating Officer of Canonical, will take over Shuttleworth's role as CEO. His stepping down as CEO does not mean, in any way, that Shuttleworth will disappear from the stage. In fact, his stepping down allows him to focus more on product design and development, his passions. He will also remain as the head of the Ubuntu Community Council and the Ubuntu Technical Board, and he wants to spend more time working with partners, especially in Asia."


"'This move will bring about is a clearer separation of the role of CEO of Canonical and the leader of the Ubuntu community,' Silber said, 'It will be two different people now, which I think will be helpful in both achieving their joint and individual goals more quickly.'"

See OSNews for full report. Also reported on Compuworld.

Reblog this post [with Zemanta]

Wednesday, December 16, 2009

So a Man Walks Into a Bar and Asks for an Ubuntu on the Rocks

A screenshot of Linpus Linux Lite.Image via Wikipedia
Earlier today, I had to go to IT Square in Laksi to do some banking. Knowing what a geek that I am, and since  there are ten branches closer than the IT Square one, you'd be forgiven for assuming that I went to bank there as an excuse for computer shopping, but you'd be wrong. I was required to go to that specific branch. After the baning, though, my gf and I walked around a little.

She was checking out laptop bags, and my attention went to the Acer display just outside the bag store. To my shock, there was a low-end laptop (about USD400) with a localized version of Ubuntu on the computer. There was a special Acer desktop background, and the menus were in Thai.  The next computer had the same system. Hmmm. The specs described the computer as having Linpus Linux installed (pictured above), but the system was definitely Ubuntu. There were about twelve models on display, but some of them weren't on.

"Do all these computers have the same operating system?" I asked.
"These two have Windows 7," the clerk answered.

Those two computers were the high-end ones, at least 50% more expensive than any other model on display. The actual OS installed was Windows 7 Home Premium.

What's the punchline to this joke?

"But we can install Linux on those two for you if you prefer," the clerk added with a smile. "It's Open Source."

My, how times have changed! Six years ago, there were Linux computers on display everywhere, but the salespeople knew nothing about it and encouraged everyone to pay the extra money to have Windows installed.

Reblog this post [with Zemanta]

Friday, November 27, 2009

Multi-Platform is the Enemy of the Epiphany Browser

(Aproximated) vectorized version of :Image:Epi...Image via Wikipedia
The GNOME Journal for November was just announced, and it includes an article about Epiphany "from a - not so experienced - user perspective." A important quote from the article is
As I read in the Epiphany Manifesto, Havoc’s “main goal is to be integrated with the GNOME desktop.” For me, it’s interesting that the first priority of people who think and reflect on Epiphany and are behind its development is the exclusive integration with GNOME, and that they don’t feel compelled to make Epiphany usable outside of GNOME. This argument stems from the intuition that “the union of all features anyone’s ever seen in any equivalent application on any other historical platform” is not necessarily the path indicated to a good UI.
Other points in the article:

  • Epiphany is focused on just browsing (in the Unix tradition)
  • It's simple and intuitive
  • It has a private mode. 
GNOME needs more of this. More integration. More specialization. More connections between integrated and specialized desktop apps. GNOME is a desktop environment. It is also a development platform, but the desktop has default applications, and those applications need to move in the direction of integration, specialization, and connection.

Epiphany is in flux right now from Gecko to WebKit ... so it's not particularly featureful but GNOME 2.30 should solve most of the problems. With Tracker-store as the future back-end for Zeitgeist, I'd like to see the Epiphany bookmark storage move into Tracker.

Reblog this post [with Zemanta]

Wednesday, November 25, 2009

Ubuntu 10.04: Lucid's Papercut Redux Reveals Much

Screenshot of Gwibber 2.0. See egally Gwibber 1.0.Image via Wikipedia
There is going to be a second set of papercut fixes, divided into ten rounds of ten bugs each, the first three of which will actually be about Karmic fixes that didn't get into the release.
Round four will be specifically about Empathy.
Round five will be about Gwibber. That's right, Gwibber is going to be a default app in Lucid.
Round six is going to work on sound and video, including PiTiVi. Again, that means PiTiVi will be included.
Round seven will target F-Spot since The GIMP is definitely out of Lucid.
Rounds eight, nine, and ten will work on notifications (fixing the location?), Compiz, and "etc.," respectively.

To summarize -- GIMP out, Gwibber and PiTiVi in.
Reblog this post [with Zemanta]

Tuesday, November 24, 2009

Making Chromium a Decent Browser

Google ChromeImage by Matrixizationized via Flickr
I'm getting ready to start another 30-day "The OS is Dead" trial in honor of the first look at ChromeOS (of course I'll do it with Chromium), and that means that I need to get Chromium in shape for the trip, which it's not by default. For my purposes, that means installing the following extensions:

  • Adblock+: You'll need to make sure that Chromium is fully updated for this one to work.
  • Facebook Enhancer: This extension pins the FB menu bar and side panel during scrolling.
  • Facebook Notifications: This creates a button with notifications.
  • Gmail Checker: This does the same for GMail instead of FB.
  • Google Bookmarks: This gives access to Google Bookmarks via a button.
  • Google Tasks: This creates a (hidden) task window on every page visited.
  • Jamendo Radio: This extension puts Jamendo at your fingertips. Unfortunately, it didn't work as installed and the links needed tweaking in the options.
Since I used the Zemanta Firefox plug-in for blogging, I needed to find something similar for Chrome. Zemanta's not the greatest, but it works with a feature set comparable to off-line clients. Luckily, Zemanta has a bookmarklet which causes the controls to load on supported pages. The system isn't automatic, but in my case, that's actually better since I can compose the whole post and load the components at the end, saving refreshing.

That's all I've done so far. I still need to find a video plug-in, I guess

Reblog this post [with Zemanta]

Proposed "Ten Commandments" are very Open Source Friendly

A composite of the GNU logo and the OSI logo, ...Image via Wikipedia
Ars Technica has a short article on the UN-backed Internet Governance Forum 2009 and its discussion of new rules for the computing world. Unsurprisingly, these proposed rules are quite FOSS-friendly since they are modeled on the early years of computing and the Internet, when RFCs were the norm if you wanted your tech to take off. Take a look:
  1. Independence of applications
  2. New applications can be added anytime that’s a core value
  3. Permissionless innovation
  4. Open standards
  5. Accessible and globally inclusive—anyone can use it
  6. User choice—I can choose what applications I use and where I go to with them
  7. Ease of use—I can use it in my language, I can use it in a device I’m familiar with
  8. Freedom of expression
  9. The ability to change rapidly
  10. Trustworthy and reliable is one we have to work on; it’s got to be a core value.
Your hardware should be unlocked and you should be able to add applications you want to use. Those applications shouldn't lock you into an upgrade cycle and you should be able to change whenever you want.

It looks to me like Open Source Software is already there. The closed-source world is the one that needs to catch up.

Reblog this post [with Zemanta]

Saturday, November 21, 2009

How to Try Out ChromeOS in Virtualbox

VirtualBoxImage via Wikipedia
First, you need to download a VMWare disk image (.vdmk). Here's a torrent file. Unpack the bz2 file to somewhere convenient. Next, open up Virtualbox (install), go to File > Virtual Media Manager and add the VDMK.

Either create a new appliance or add a second controller to an existing device. You'll need to change the network adapter to Intel Pro 1000 MT Desktop in order for the network to work.

Boot to the new hard drive and try ChromeOS out. There's not much to see, but it does launch fast, even in a VM.

Reblog this post [with Zemanta]

Friday, November 20, 2009

Karmic Issues That I've Faced

The CrackImage by irene gr via Flickr
Everyone has their share of Karmic Koala stories (well, not everyone, but most people). Since I had four home machines on different distributions and versions, and since I had moved to Thailand where bandwidth is somewhat limited, I decided to standardize on Ubuntu 9.10 x86 and use an apt cache to help ease the bandwidth burden for mirrors and the country.

My re-installations weren't without problems. Here are the ones I personally ran into. No hearsay here ... say. Ahem.
  • Flashing text and no X after installation, but only on one of the four. All four have i945 chips.
  • Samba (and network in general) discovery isn't working correctly.
  • Avahi doesn't work due to .local domain on the ISP's part, and disabling the check is no longer an option in /etc/default/avahi-daemon (which doesn't exist now). It's possible, but it's hard-coded into the start-up script, meaning that any updates will kill my change. 
  • One machine that tracked the beta had a completely broken GStreamer until re-installation.
  • Amazingly long Firefox freezes. I'm talking about over a minute. I've tried turned off safe browsing but that didn't change the behavior.
  • Brasero problems (of course!). Known bugs for eight months or so regarding DVD writes.
  • Totem YouTube plug-in gives DBus errors.
  • Totem Video Disk plug-in doesn't work since it uses Brasero.
None of these are show-stoppers for me, but they are certainly annoyances. One of these is hardware related. The others are just half-sharpened pencils.

Reblog this post [with Zemanta]

Obligatory ChromeOS Post


Since ChromeOS requires Ubuntu to build the new operating system (and is based on it), I can't ignore it, can I? I may get fancy-schmancy and build it if an image doesn't come on-line in an hour or two.

About ChromeOS


Open Development

Boot Speed

ChromeOS in Summary

  • The OS is Chrome, basically
  • All apps are web-based
  • There's no permanent local storage and everything is stored on the Internet
  • But thumb drives are supported
  • Local config and cache are encrypted
  • File browsing is done from within Chrome
  • Music and videos, too
  • There's no printing
  • The OS is self-repairing at boot, probably limiting the customization
  • But it's largely open source so you can customize and compile your own
  • "They want, wherever feasible, to build on existing components and tools from the open source community without unnecessary re-invention. This clear focus should benefit a wide variety of existing projects and we welcome it."[1]
  • x86 and AMD64 are supported now
  • ARM support is "coming soon."
Here is the system daemon-type info:

  • D-Bus: The browser uses D-Bus to interact with the rest of the system. Examples of this include the battery meter and network picker. 
  • Connection Manager: Provides a common API for interacting with the network devices, provides a DNS proxy, and manages network services for 3G, wireless, and ethernet.  
  • WPA Supplicant: Used to connect to wireless networks.
  • Autoupdate: Our autoupdate daemon silently installs new system images. 
  • Power Management: (ACPI on Intel) Handles power management events like closing the lid or pushing the power button. 
  • xscreensaver: Handles screen locking when the machine is idle. 
  • Standard Linux services: NTP, syslog, and cron.

Security Model

  • Process sandboxing
    • Mandatory access control implementation that limits resource, process, and kernel interactions
    • Control group device filtering and resource abuse constraint
    • Chrooting and process namespacing for reducing resource and cross-process attack surfaces
    • Media device interposition to reduce direct kernel interface access from Chromium browser and plugin processes
  • Toolchain hardening to limit exploit reliability and success
    • NX, ASLR, stack cookies, etc
  • Kernel hardening and configuration paring
  • Additional file system restrictions
    • Read-only root partition
    • tmpfs-based /tmp
    • User home directories that can't have executables, privileged executables, or device nodes
  • Longer term, additional system enhancements will be pursued, like driver sandboxing

How encryption works

In a nutshell, each user gets an encrypted image file in a hidden directory that is created at her first login. Thereafter, each time she logs in, the encrypted image is unlocked and made available for use. On logout or reboot, the user's data is locked away again. On some logouts, the encrypted image may be compacted. This step minimizes data loss due to file system fragmentation inside the image.

Find out more at the ChromiumOS site.

Reblog this post [with Zemanta]

Is Ubuntu Too Big for Its Own Good?

I miei CD di Ubuntu ShipIt!
Image by -= TreviƱo =- via Flickr
After writing my post about the default applications in Ubuntu last night, I had some thoughts which Fieldyweb might agree with:
What they should do, is redesign that, take ALL the apps out of Ubuntu, other than ff add adobe flash and as many codecs, 3g ethernet and wifi drivers as they can get away with, then redesign the app store, so if you want printing, you install it from there, if you want evolution, gimp whatever you install it from there.
My opinion is that the universe and multiverse repositories contain too much software for Ubuntu to QA properly. The number of bug reports during alpha and beta is so large that many of them aren't triaged until long after release. The release bugs aren't triaged until the next version is just around the corner. Invalid is the natural response in that situation.

Ubuntu is a foundation-run project, but the software reflects on Canonical, which sells support. The Self-Appointed Benevolent Dictator for Life needs to take the lead here and move the MOTUs out of the official Ubuntu repositories and into Launchpad, Canonical's code hosting and buid server. Making optional software available in individual PPAs, will mean that Ubuntu becomes responsible for much less and can concentrate on making the applications in main, especially default applications. Canonical can work toward its stated goal of creating a worthy competitor to OS X 10.6 (Snow Leopard) and Windows 7.

What would the process of moving towards more streamlined look like? First, there would be no more mass import from Debian Unstable. Ubuntu would be responsible for the basic application and drivers necessary to run the various projects. MOTUs should be encouraged to move as quickly as possible to PPAs. AptURL should have the prohibition on PPAs removed for Finally, the Software Center needs to be reworked into a front-end for Launchpad PPAs. Backports will be responsible only for core applications (and likely only for LTS releases).

In the end, MOTUs and their PPAs would be obviously responsible for third-party package bugs which are now blamed on Ubuntu. Ubuntu development would more closely model its rivals (OS X and Windows), concentrating on the core OS and leaving the extra applications to interested parties. Users would still get one-click installation of software. Users would also stop bitching about having to upgrade in order get the newest software. The default Ubuntu install would just work.

There are some problems with this approach:
  1. Making sure users understand how to get PPA software and that the process is easy. This is solved using AptURL and one-click adding of PPAs and keys.
  2. Enforcing a packaging method in PPAs which limits or eliminates dependency conflicts. This is solved by having the software center only search for MOTU PPAs, where MOTUs are responsible for limited numbers of packages. Python bindings for Coherence (uPnP) are handled by one MOTU and Python programs which use that binding are assigned to other MOTUs.
  3. Ubuntu will definitely get some backlash for supporting fewer applications. Hopefully, this problem is mitigated by the improved quality of the core OS.

What Applications Should be in the Standard Installation?

An image of a compact disc - Pencil included f...
Image via Wikipedia

You may have heard that GIMP and F-Spot aren't safe for inclusion in 10.04. 700MB isn't much space to work with Why not question all the applications in Ubuntu, then? What should be in the default installation? I'll look category by category, but I'll talk a little about why the current defaults are chosen first.

Ubuntu is first and foremost a GNOME distribution. It takes GNOME applications unless there's a definitive reason not to. For example, Firefox was originally used instead of the GNOME default Epiphany browser because Epiphany was in a terrible state at the time, and FF is still preferred because it's a very poplar browser and serves as a familiar signpost to switchers. But mostly, you've got Totem, Nautlius, Evolution, and all the gang. Ubuntu thus looks much like any other GNOME distribution.

But it doesn't have to be that way. The questions about The GIMP are great -- they represent a critical look at what should be included. How many people do advanced photo editing? Few, probably. I would guess that the same can be said for PIMminess. Has the average user even even opened Evolution? Most home users handle all their personal business through web services like Yahoo! or Google.

First of all, UBuntu needs to decide whether it wants to be a home or professional operating system. Pro users want different things out of the box. Trying to please  both sets of users with one CD is an exercise in frustration. Take a look at the table below to see what groups I think want various features (and keep in mind that it's easy to install these bits if you are an exception).

Application Class
Current Choice
Home User
Professional User
Printing, Calculator, etc.
Yes, and more
Photo Manager
Bitmap Editor
Vector Editor
OO.o Draw
Image Scanner
On insertion of a scanner
On insertion of a scanner
IM Client
Probably no
Personal Information Manager
Not likely
Web Browser
Remote Desktop
VNC Client and RDP Client
Bittorrent Client
No (a hundred times, "No!")
File Synchronization and Back-up
Ubuntu One
Yes, but not this one
Presentation Software
OO.o Impress
Spreadsheet Software
OO.o Calc
Word Processor
OO.o Write
Disc Burner
Video and Audio Player
Music Manager

Using very rough calculations (via apt-cache show's size), the home user profile above would shave 75-80MB. That's more than enough to add more themes, a video introduction on first run, a video editor, cool games, or other things deemed useful for the home user.  The corporate user will only get 60MB or so, but you could then make a case for removing Tomboy so that Mono could be ripped out, saving even more space. What would go in instead? Certainly the would be tools for connecting to directory services. Tracker should be installed and Nautilus should have Tracker functionality re-enabled.

Ubuntu devs are constantly fighting amongst themselves about which applications deserve to be on that tiny, 700MB disk. Serving two different customer bases with one CD just makes that problem worse.

Thursday, November 19, 2009

The Fate of Photo Editing in Ubuntu 9.10 Karmic Koala

You may have started to hear rumors that The GIMP and F-Spot aren't safe for inclusion in 10.04 Lucid Lynx. "What?!?" you say. "The GIMP has been in every GNOME distribution since GNOME existed (sinceGNOME is written to GTK, which stands for the GIMP ToolKit)." Well, well. Good idea. Not likely to move forward.

The argument goes like this:
  1. Not many people actually edit photos.
  2. Fewer people use GIMP to do the editing, since the interface may be difficult for some.
  3. Most of the editing people want to do on photos is available from within F-Spot, and thus GIMP is duplicating functionality.
I think getting rid of The GIMP in the default install is a great idea. It takes up precious space on the Ubuntu Live CD. It's easy to add later by searching for "graphics editor" or "photo editor." Unfortunately, getiing rid of the GIMP means that F-Spot needs to be examined, and it has been in a terrible state for several releases.
  • It didn't work at all on 8.04 AMD64 at release time.
  • It had an awful "the sidebar has zero width" bug for two other releases.
  • It doesn't categorize or edit photos that aren't imported, even if those photos are in the ~/Pictures folder.
The sharks circle F-Spot and say "since we're removing The GIMP, let's replace F-Spot, too. $Foo is a great project," where $Foo is one of:
  1. gThumb
  2. Shotwell
gThumb has been around for a long time (and is still the default for Fedora), but was replaced with F-Spot on Ubuntu several years ago. Are the Ubuntu developers going to admit that moving to F-Spot was a mistake? Are they going to appear to cave in to the Ubuntu users that oppose Mono apps in the default installation?

Shotwell is a new photo management app for GNOME written in Vala, and it gets decent reviews. Still, it's new, untested, and doesn't support tagging or real editing options. Check out the Shotwell PPA by entering "ppa:yorba/ppa" into the Software Sources -> Third-party tab.

So ... I don't think it's going to happen. I'd like to see this change (along with some others in the default application area), but there's not a clear path forward, and definitely not enough agreement to get a real plan.

My preference? Leave 10.04LTS alone, get it as stable and bug-free as possible, and look to replace F-Spot with Solang (install Solang) in 10.10 when GNOME 2.X gives way to GNOME 3. Debarshi Ray has put a lot of work into this project. It's a photo manager which stores tagging information in Tracker, and he's written a Nautilus plug-in which handles Tracker tags, as well.  Wouldn't it be nice if the information you entered in your photo manager was available to your other applications, and to Zeitgeist, as well?

Tuesday, October 20, 2009

Sorry for the long vacation

Map of ThailandImage via Wikipedia

I've been "gone" for almost three months now. I didn't plan for it to be that long, but there were several factors slowing me down.
  1. Korea instituted its i-PIN law requiring real-name registration for websites with over 100,000 daily visitors. Suddenly, I was unable to log into many of the resources that I used to get good information from.
  2. My computers took six weeks to be shipped from Korea to Thailand. I didn't want to slap crap articles together in an hour at an Internet cafe. (What's this, then, eh?)
  3. I couldn't get Internet here for almost two weeks. (There's a whole rant I could go into over that!)
I should be getting back into the swing of things this week, though, and I'll ramp up the posting. With Ubuntu 9.10, OS X Snow Leopard, and Windows 77 coming out of the gate, I've got plenty of material to work with.
Reblog this post [with Zemanta]

Anonymous Asks "Why is it that Linux/Ubuntu is said to be so secure..?"

Ubuntu Satanic EditionImage by Daniel F. Pigatto via Flickr
One question for Linux gurus: Why is it that Linux/Ubuntu is said to be so secure..? (to the point you almost don't need AV)

Is it because simply no viruses are programmed for Linux (like Macs), or is there something special about Linux architecture/core that makes it less vulnerable to attacks..?

I'm not a guru, though with twelve years' experience, I feel I am qualified to answer.

The most important part involves the history of Unix (Linux is a Unix-alike), Which is forty years old. Unix has had privilege separation and emphasized multi-user environments for over thirty years, While the system for privilege separation is rather simple by today's standards, every program on any modern Unix (or Linux) grew out of the Unix multi-user culture. Programs respect it. They don't require Root (Admin) privileges to run. They don't expect a single user environment.

Like I said, this user/group/all privilege system is too simple to be comprehensively secure with all the sophisticated attack methods people use these days. SELinux and AppArmor are additional systems which sit on top of the old u-g-a system and which sandbox processes. Ubuntu uses AppArmor for a lot of applications.

On the other hand, desktop systems like Windows and Mac come from a single-user culture. Sure, the NT kernel and XNU kernel (part of Darwin) used by modern versions of Windows and Mac both have privelege separation (and in fact, Mac is a certified Unix, unlike Linux), but the cultures have long been single-user, and applications written on top of the kernels express that. It's difficult to secure a system when the applications are fighting you. In fact, Windows' security model is probably more advanced than Ubuntu's now, but some poor programming practices and the single-user culture shoot Windows' security in the foot. Mac, too, makes extreme compromises in the name of user-friendliness and sets itself up as the first to be the first to go down in all the Pwn2Own competitions.

Secondly, we have diversity and heterogeneity. Microsoft makes great effort to retain backward compatibility between releases. In other words, the ABI is stable. Binary programs which worked in version N-1 are expected to work in version N. The Linux kernel promises nothing of the sort, and indeed, seems to take great pride in changing the ABI as often as possible. Binary applications break randomly and no one makes an effort to stop that. Imagine being a Trojan or virus trying to keep up with the latest version. At any one time, there are tens of kernel versions in the wild, and in truth, each distribution generally has a slightly customized version.

Why doesn't that lack of ABI stabiliuty destroy the Linux ecosystem? Well, because few programs are binary. Linux has a relatively stable API, so applications can be easily re-compiled (by Debian and Ubuntu, in this case) to use the new kernel headers.

When you look on top of the kernel layer, you see even more heterogeneity, Not only do you have desktops for GNOME and KDE, but XFCE, ROX and LXDE. You have window managers like OpenBox, FluxBox, and RatPoison. You have two different print systems. You have three major word processors.  i don't even want to count the number of browsers, file managers, and text editors. In a diverse system like this, what attack can be automated? Non-automated attacks are costly. Heck, you can even run Debian on the FreeBSD kernel if you want to.

Compare Linux's situation with Windows':
  • ABI stability
  • IE used in at least 60% of cases
  • MS Office installed on most systems.
Which is the more attractive target for automated attacks?

Finally, you have the market share factor. It's real. Windows is a large target with that homogeneity that Linux lacks. Not only does Linux have 1-2% of the installed base, that 1-2% is misleading ... because each distro is in actuality a different OS which likely needs different automated scans to be penetrated. How is all that work worth the effort?

Is Linux impenetrable? No, of course not. Red Hat 5 and 6 were especially vulnerable to some automated attacks, and one of my boxes even got owned back in 2000 or so. These days, there's not so much to worry about, but you are unlikely to stop a dedicated and talented individual from breaking in unless you know a good deal about system hardening. Then there's the user issue. Create a nice trojan. Package it as a .deb. Advertise it as a great new screensaver. Get users to install the .deb. Bang! The users are owned.

The weakest link is always the user. Once Linux gets an install base outside of techies, I expect we'll see some trojans.

Reblog this post [with Zemanta]

Friday, July 24, 2009

Nautilus Chrome Uses Too Much Real Estate?

David Siegel posted that Nautilus uses too much space for user controls (chrome). He uses a patch and a PPA supplied in the referenced story to go from this:
to this:
In addition to the patch to Nautilus, David also used GlobalMenu, reduced font sizes, and turned off the status bar. If you agree with David, you can get 90% of his improvements without needing to patch or add a repository.You can't remove the "Home" and "Computer" icons or move the breadcrumbs onto the toolbar.

Step 1: Open a Nautilus window (Places > Home) and go to the View menu. Uncheck "Location Bar" and "Status Bar."

Step 2: Go to System > Preferences > Apearance in the main menu and click on the "Interface" tab. Change "Toolbar button labels" from "Text below icons" to "Icons only."

Step 3: In the "Appearance" dialog, choose the "Fonts" tab and change
Application Fonts to Sans 9 or Sans 8.

The result?
Want even more real estate? Use Globalmenu. More? Press F9 to get rid of the sidebar.

Want the max? Open the Nautilus preferences and go to the Behavior tab. Uncheck "Always open in browser windows." Welcome to "Spatial Nautilus."

Reblog this post [with Zemanta]

Thursday, July 23, 2009

Rossifer Lays Out Google's Strategy -- Must Read!!!

Image representing Google as depicted in Crunc...Image via CrunchBase
In a Slashdot story on Google Wave, Rossifer commented on Google's business strategy. He claims to work at Google, making the post extremely iformative, but this is the Intarweb so the post could merely be amazingly insightful. Either way, it's something that needs to be read enough that I included it in this blog despite the post not being about Ubuntu, Debian, or anything remotely related to them.

What you're not seeing is Google's strategic intent (I work for Google, but this stuff is public).

Google's goal is to commodify (reduce the marginal profit to zero) of everything that they don't make money on. The hardware is pretty much commodified already. Plenty of competitors and the profit margins are razor thin. Next levels are the OS and the applications. These are not yet commodified due to Microsoft's aggressively maintained monopoly. Contrary to common knowledge, Microsoft's real monopoly is in the Office file formats. From that, they've levered a monopoly into basic individual productivity applications and then (with Apple's cooperation) the operating system. They are also a serious player in second-generation collaboration tools (extensions to basic email).

In order to reduce Microsoft's war chest and eliminate their competitiveness, Google seeks to lower the profit margin on everything Microsoft currently produces at a profit (Windows and Office). So they produce a cheaper operating system, cheaper productivity applications, and cheaper collaboration tools (ideally free to the typical user). Google doesn't need to make money (though breaking even would be nice), Google just needs to apply pressure to Microsoft to cut their revenues/profits and the strategic goals are being met.

Writing apps that run on Windows? Doesn't help Google very much (though SketchUp and Picasa and a few other things are native apps).
Writing protocols that run on any machine? Helps Google a lot.
Writing web applications that use those protocols and run on any machine? Helps Google a lot.

Look at the bigger picture. Google is acting extremely rationally here.
As for whether Wave is innovative or not, I don't think you've tried it and are speaking without informing yourself. Wave is to email as email is to snail mail (single addressee, no broadcast, etc.). Wave tackles the problem of a widely CC:'d email with an attached Word or Excel document (two threads of changes: one in the email thread, one in the document) (multiple obsolete copies of the document available) (possible confusion and delay as people are added to the thread and have to re-read the history duplicated in most of the recent emails). Wave creates a "place" for this discussion/collaborative authoring to happen and then let's everyone bring whatever they want to help out. Wave is not email++ (which is what Outlook and Gmail are).

Reblog this post [with Zemanta]

Thursday, July 16, 2009

eBox Releases Version 1.2

eBox Platform screenshot running on a LinkstationImage via Wikipedia
Schematic representation of a proxy serverImage via Wikipedia
eBox is a server management platform that handles some really advanced configurations and makes them easy to set up. I reported about eBox a couple of weeks ago and told you that there were some cool new features in the pipeline. Well ... here they are, according to the developers:
  • Auto WAN Failover: you can configure tests that will detect and disable those routers that are not working OK.
  • eGroupWare 1.6
  • Manage group membership from user screen
  • Multi gateways rules use services
  • New backup module
  • New Monitor Module: CPU, Load, Disk Space, Thermal, Memory
  • New Asterisk (VoIP) Module: Users are created with Extensions, and Voice Mail Boxes. They can make and receive external calls. Conference Rooms can now be created.
  • New IDS Module (Snort)
  • Support for multi user conference rooms in Jabber
  • Support for most major Dynamic DNS providers
  • Support for User/Group Authentication in the Web Proxy Module
  • Support for anti-virus in the Web Proxy Module
  • Support for categorized URL list such us: urlblacklist or shallalist
  • Support for Cache Exceptions and Cache Size
  • Support for anti-virus in Samba
  • Support for audit log in Samba
  • Samba PDC Enhancements: Drive Letter, Password Policies
  • New UserCorner, a web interface where users created in eBox will be able to change their own passwords
  • Support for hooks that are run before and after an eBox module saves its config. This allows you to extend the eBox funcionality via shell scripts
  • Switch from Courier to Dovecot
  • New Installer with Curses Interface to select eBox Packages or an eBox Profile (Gateway, Security, Comms, Infrastructure, Office) to install. It also includes a L7-filter capable Kernel, and the necessary modules for Asterisk.
  • Reduced memory footprint and increased performance of the UI
  The big functional changes are the change from eGroupware 1.4 to 1.6, the introduction of Asterix, and the group chat feature. Anti-virus, Snort, and failover support make the system more secure and resilient.


eBox now comes with profile support in the installation. Profiles that you can choose from include Firewall, Security, Communication, Office, and more, or you can choose the individual packages by themselves. The installation is built on Ubuntu 8.04 LTS and can either use a dedicated installer or an Ubuntu Server installation with the addition of the eBox PPA. If you use the installer, a full server is installed first, and eBox finishes the installation after a reboot.


eBox includes a complete groupware server with webmail, calendaring, project management, document management, a wiki, a knowledge base, and much more. eGroupware was offered during the development phase, but the version was the older 1.4. The bump of eGroupware up to 1.6 offers these new features:
  • Complete new implementation of the filemanager DMS by means of PHP stream-wrapper and WebDAV, ACL control on directories and files - the new architecture allows now uploading of big files.
  • Implementation of new functions like multiple mail accounts and many bugfixes in the email client.
  • Extensive new features for the tracker-application: for example escalation-matrix for tickets and automatic mail-conversion as a ticket.
  • Improved calendar functions especially with recurring-events.
  • Supplements and adaptations in the addressbook like appointment-view, custom fields, distribution lists shown in the contact directly and in the addressbook list, multiple categorization of contacts in the addressbook list.
  • Improvement of the template functionality of the project manager and some bugfixes.
  • New theme for the 1.6 release
  • Massive bug fixes for SyncML
  • Many useful extensions and adaptations as well as bug-fixes in all modules.[1]

eBox Desktop

As I reported a couple of weeks ago, eBox now has desktop support for Ubuntu, meaning that  you can have centralized log-in and automatic application configuration for these applications:
  • Evolution (Mail service): The mail account of the user is read from LDAP and added.
  • Nautilus (File sharing): Links to the samba user share and all group shares for the user are added on the desktop.
  • Ekiga (VoIP): The asterisk account for the user is added. A workaround is needed to ask the user for the password before start Ekiga the first time because it can't do it if it isn't specified in the configuration.
  • Pidgin (Jabber service): The jabber account of the user (if it has one) is added. It also adds a conference to its buddy list for each group that the user belongs to.
  • Firefox (EGroupware & User corner): Links to these two services are added to the bookmarks toolbar. Currently it only works if the user corner port is the default one (8888). [2]
eBox Desktop only works with Ubuntu 9.04 Jaunty for right now.

Getting eBox

If you need a server (or servers) for your SMB, look to eBox to offer:
  • Firewall
  • Network infrastructure
  • VPN
  • Mail server
  • Web server
  • Groupware
  • File sharing
  • Directory services
  • Chat server
  • VOIP, and
  • Updates
Go to the eBox website to learn more.

Reblog this post [with Zemanta]

Adding PPAs Easily

Launchpad homepageImage via Wikipedia
If you are testing Ubuntu 9.10 Karmic Koala, you will have noticed that it is now dead simple to add Launchpad PPAs to your list of repositories. How simple?

  1. Open System > Administration > Software Sources.
  2. Go to the "Third Party Software" tab and press "Add...."
  3. Type ppa: and press "Add Source."
  4. There is no "4."
The PPA will be added, along with its GPG key, meaning that you no longer have to go through that mess.

Cool beans, eh?

Reblog this post [with Zemanta]

Other I' Been to Ubuntu Stories

Related Posts with Thumbnails