I've been "gone" for almost three months now. I didn't plan for it to be that long, but there were several factors slowing me down.
Korea instituted its i-PIN law requiring real-name registration for websites with over 100,000 daily visitors. Suddenly, I was unable to log into many of the resources that I used to get good information from.
My computers took six weeks to be shipped from Korea to Thailand. I didn't want to slap crap articles together in an hour at an Internet cafe. (What's this, then, eh?)
I couldn't get Internet here for almost two weeks. (There's a whole rant I could go into over that!)
I should be getting back into the swing of things this week, though, and I'll ramp up the posting. With Ubuntu 9.10, OS X Snow Leopard, and Windows 77 coming out of the gate, I've got plenty of material to work with.
One question for Linux gurus: Why is it that Linux/Ubuntu is said to be so secure..? (to the point you almost don't need AV)
Is it because simply no viruses are programmed for Linux (like Macs), or is there something special about Linux architecture/core that makes it less vulnerable to attacks..?
I'm not a guru, though with twelve years' experience, I feel I am qualified to answer.
The most important part involves the history of Unix (Linux is a Unix-alike), Which is forty years old. Unix has had privilege separation and emphasized multi-user environments for over thirty years, While the system for privilege separation is rather simple by today's standards, every program on any modern Unix (or Linux) grew out of the Unix multi-user culture. Programs respect it. They don't require Root (Admin) privileges to run. They don't expect a single user environment.
Like I said, this user/group/all privilege system is too simple to be comprehensively secure with all the sophisticated attack methods people use these days. SELinux and AppArmor are additional systems which sit on top of the old u-g-a system and which sandbox processes. Ubuntu uses AppArmor for a lot of applications.
On the other hand, desktop systems like Windows and Mac come from a single-user culture. Sure, the NT kernel and XNU kernel (part of Darwin) used by modern versions of Windows and Mac both have privelege separation (and in fact, Mac is a certified Unix, unlike Linux), but the cultures have long been single-user, and applications written on top of the kernels express that. It's difficult to secure a system when the applications are fighting you. In fact, Windows' security model is probably more advanced than Ubuntu's now, but some poor programming practices and the single-user culture shoot Windows' security in the foot. Mac, too, makes extreme compromises in the name of user-friendliness and sets itself up as the first to be the first to go down in all the Pwn2Own competitions.
Secondly, we have diversity and heterogeneity. Microsoft makes great effort to retain backward compatibility between releases. In other words, the ABI is stable. Binary programs which worked in version N-1 are expected to work in version N. The Linux kernel promises nothing of the sort, and indeed, seems to take great pride in changing the ABI as often as possible. Binary applications break randomly and no one makes an effort to stop that. Imagine being a Trojan or virus trying to keep up with the latest version. At any one time, there are tens of kernel versions in the wild, and in truth, each distribution generally has a slightly customized version.
Why doesn't that lack of ABI stabiliuty destroy the Linux ecosystem? Well, because few programs are binary. Linux has a relatively stable API, so applications can be easily re-compiled (by Debian and Ubuntu, in this case) to use the new kernel headers.
When you look on top of the kernel layer, you see even more heterogeneity, Not only do you have desktops for GNOME and KDE, but XFCE, ROX and LXDE. You have window managers like OpenBox, FluxBox, and RatPoison. You have two different print systems. You have three major word processors. i don't even want to count the number of browsers, file managers, and text editors. In a diverse system like this, what attack can be automated? Non-automated attacks are costly. Heck, you can even run Debian on the FreeBSD kernel if you want to.
Which is the more attractive target for automated attacks?
Finally, you have the market share factor. It's real. Windows is a large target with that homogeneity that Linux lacks. Not only does Linux have 1-2% of the installed base, that 1-2% is misleading ... because each distro is in actuality a different OS which likely needs different automated scans to be penetrated. How is all that work worth the effort?
Is Linux impenetrable? No, of course not. Red Hat 5 and 6 were especially vulnerable to some automated attacks, and one of my boxes even got owned back in 2000 or so. These days, there's not so much to worry about, but you are unlikely to stop a dedicated and talented individual from breaking in unless you know a good deal about system hardening. Then there's the user issue. Create a nice trojan. Package it as a .deb. Advertise it as a great new screensaver. Get users to install the .deb. Bang! The users are owned.
The weakest link is always the user. Once Linux gets an install base outside of techies, I expect we'll see some trojans.
In addition to the patch to Nautilus, David also used GlobalMenu, reduced font sizes, and turned off the status bar. If you agree with David, you can get 90% of his improvements without needing to patch or add a repository.You can't remove the "Home" and "Computer" icons or move the breadcrumbs onto the toolbar.
Step 1: Open a Nautilus window (Places > Home) and go to the View menu. Uncheck "Location Bar" and "Status Bar."
Step 2: Go to System > Preferences > Apearance in the main menu and click on the "Interface" tab. Change "Toolbar button labels" from "Text below icons" to "Icons only."
Step 3: In the "Appearance" dialog, choose the "Fonts" tab and change
Application Fonts to Sans 9 or Sans 8.
The result?
Want even more real estate? Use Globalmenu. More? Press F9 to get rid of the sidebar.
Want the max? Open the Nautilus preferences and go to the Behavior tab. Uncheck "Always open in browser windows." Welcome to "Spatial Nautilus."
In a Slashdot story on Google Wave, Rossifer commented on Google's business strategy. He claims to work at Google, making the post extremely iformative, but this is the Intarweb so the post could merely be amazingly insightful. Either way, it's something that needs to be read enough that I included it in this blog despite the post not being about Ubuntu, Debian, or anything remotely related to them.
What you're not seeing is Google's strategic intent (I work for Google, but this stuff is public).
Google's goal is to commodify (reduce the marginal profit to zero) of everything that they don't make money on. The hardware is pretty much commodified already. Plenty of competitors and the profit margins are razor thin. Next levels are the OS and the applications. These are not yet commodified due to Microsoft's aggressively maintained monopoly. Contrary to common knowledge, Microsoft's real monopoly is in the Officefile formats. From that, they've levered a monopoly into basic individual productivity applications and then (with Apple's cooperation) the operating system. They are also a serious player in second-generation collaboration tools (extensions to basic email).
In order to reduce Microsoft's war chest and eliminate their competitiveness, Google seeks to lower the profit margin on everything Microsoft currently produces at a profit (Windows and Office). So they produce a cheaper operating system, cheaper productivity applications, and cheaper collaboration tools (ideally free to the typical user). Google doesn't need to make money (though breaking even would be nice), Google just needs to apply pressure to Microsoft to cut their revenues/profits and the strategic goals are being met.
Writing apps that run on Windows? Doesn't help Google very much (though SketchUp and Picasa and a few other things are native apps). Writing protocols that run on any machine? Helps Google a lot. Writing web applications that use those protocols and run on any machine? Helps Google a lot.
Look at the bigger picture. Google is acting extremely rationally here. As for whether Wave is innovative or not, I don't think you've tried it and are speaking without informing yourself. Wave is to email as email is to snail mail (single addressee, no broadcast, etc.). Wave tackles the problem of a widely CC:'d email with an attached Word or Excel document (two threads of changes: one in the email thread, one in the document) (multiple obsolete copies of the document available) (possible confusion and delay as people are added to the thread and have to re-read the history duplicated in most of the recent emails). Wave creates a "place" for this discussion/collaborative authoring to happen and then let's everyone bring whatever they want to help out. Wave is not email++ (which is what Outlook and Gmail are).
eBox is a server management platform that handles some really advanced configurations and makes them easy to set up. I reported about eBox a couple of weeks ago and told you that there were some cool new features in the pipeline. Well ... here they are, according to the developers:
Auto WAN Failover: you can configure tests that will detect and disable those routers that are not working OK.
New Monitor Module: CPU, Load, Disk Space, Thermal, Memory
New Asterisk (VoIP) Module: Users are created with Extensions, and Voice Mail Boxes. They can make and receive external calls. Conference Rooms can now be created.
New UserCorner, a web interface where users created in eBox will be able to change their own passwords
Support for hooks that are run before and after an eBox module saves its config. This allows you to extend the eBox funcionality via shell scripts
Switch from Courier to Dovecot
New Installer with Curses Interface to select eBox Packages or an eBox Profile (Gateway, Security, Comms, Infrastructure, Office) to install. It also includes a L7-filter capable Kernel, and the necessary modules for Asterisk.
Reduced memory footprint and increased performance of the UI
The big functional changes are the change from eGroupware 1.4 to 1.6, the introduction of Asterix, and the group chat feature. Anti-virus, Snort, and failover support make the system more secure and resilient.
Installation
eBox now comes with profile support in the installation. Profiles that you can choose from include Firewall, Security, Communication, Office, and more, or you can choose the individual packages by themselves. The installation is built on Ubuntu 8.04 LTS and can either use a dedicated installer or an Ubuntu Server installation with the addition of the eBox PPA. If you use the installer, a full server is installed first, and eBox finishes the installation after a reboot.
eGroupware
eBox includes a complete groupware server with webmail, calendaring, project management, document management, a wiki, a knowledge base, and much more. eGroupware was offered during the development phase, but the version was the older 1.4. The bump of eGroupware up to 1.6 offers these new features:
Complete new implementation of the filemanager DMS by means of PHP stream-wrapper and WebDAV, ACL control on directories and files - the new architecture allows now uploading of big files.
Implementation of new functions like multiple mail accounts and many bugfixes in the email client.
Extensive new features for the tracker-application: for example escalation-matrix for tickets and automatic mail-conversion as a ticket.
Improved calendar functions especially with recurring-events.
Supplements and adaptations in the addressbook like appointment-view, custom fields, distribution lists shown in the contact directly and in the addressbook list, multiple categorization of contacts in the addressbook list.
Improvement of the template functionality of the project manager and some bugfixes.
Many useful extensions and adaptations as well as bug-fixes in all modules.[1]
eBox Desktop
As I reported a couple of weeks ago, eBox now has desktop support for Ubuntu, meaning that you can have centralized log-in and automatic application configuration for these applications:
Evolution (Mail service): The mail account of the user is read from LDAP and added.
Nautilus (File sharing): Links to the samba user share and all group shares for the user are added on the desktop.
Ekiga (VoIP): The asterisk account for the user is added. A workaround is needed to ask the user for the password before start Ekiga the first time because it can't do it if it isn't specified in the configuration.
Pidgin (Jabber service): The jabber account of the user (if it has one) is added. It also adds a conference to its buddy list for each group that the user belongs to.
Firefox (EGroupware & User corner): Links to these two services are added to the bookmarks toolbar. Currently it only works if the user corner port is the default one (8888). [2]
eBox Desktop only works with Ubuntu 9.04 Jaunty for right now.
Getting eBox
If you need a server (or servers) for your SMB, look to eBox to offer:
If you are testing Ubuntu 9.10 Karmic Koala, you will have noticed that it is now dead simple to add Launchpad PPAs to your list of repositories. How simple?
Open System > Administration > Software Sources.
Go to the "Third Party Software" tab and press "Add...."
Type ppa: and press "Add Source."
There is no "4."
The PPA will be added, along with its GPG key, meaning that you no longer have to go through that mess.
Help me brainstorm here, please. What's the problem with using the file manager as the "Open File" dialog? If the file manager respects some basic switches to limit the types of files that are displayed to those that are supported by the calling appliction, couldn't you just call the file manager instead of gtk-open?
Of course, this would be a lot easier in a tag-based file manager, wouldn't it? You'd just call the manager with a search for supported file types and be done with it.
Image via Wikipedia![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f35f28b6-3617-4abd-9393-d220a82f18f0)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=66e4c8b6-41f5-44a5-9197-88e7b571c75a)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=6756c712-f441-4517-9cbc-cf51ef4a7776)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=4cbefee8-fa13-468a-aa14-47eb2b99e848)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f3792b7e-ac90-4c6d-bdff-553fd0561f9f)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=08c59862-80b0-4482-beaf-0407b3fb2cac)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=8b9a20c4-6ea1-4327-a201-f6490a5f82b4)
