I' Been to Ubuntu

eBox is a server management platform that handles some really advanced configurations and makes them easy to set up. I reported about eBox a couple of weeks ago and told you that there were some cool new features in the pipeline. Well ... here they are, according to the developers:

• Auto WAN Failover: you can configure tests that will detect and disable those routers that are not working OK.
• eGroupWare 1.6
• Manage group membership from user screen
• Multi gateways rules use services
• New backup module
• New Monitor Module: CPU, Load, Disk Space, Thermal, Memory
• New Asterisk (VoIP) Module: Users are created with Extensions, and Voice Mail Boxes. They can make and receive external calls. Conference Rooms can now be created.
• New IDS Module (Snort)
• Support for multi user conference rooms in Jabber
• Support for most major Dynamic DNS providers
• Support for User/Group Authentication in the Web Proxy Module
• Support for anti-virus in the Web Proxy Module
• Support for categorized URL list such us: urlblacklist or shallalist
• Support for Cache Exceptions and Cache Size
• Support for anti-virus in Samba
• Support for audit log in Samba
• Samba PDC Enhancements: Drive Letter, Password Policies
• New UserCorner, a web interface where users created in eBox will be able to change their own passwords
• Support for hooks that are run before and after an eBox module saves its config. This allows you to extend the eBox funcionality via shell scripts
• Switch from Courier to Dovecot
• New Installer with Curses Interface to select eBox Packages or an eBox Profile (Gateway, Security, Comms, Infrastructure, Office) to install. It also includes a L7-filter capable Kernel, and the necessary modules for Asterisk.
• Reduced memory footprint and increased performance of the UI

  The big functional changes are the change from eGroupware 1.4 to 1.6, the introduction of Asterix, and the group chat feature. Anti-virus, Snort, and failover support make the system more secure and resilient.

Installation

eBox now comes with profile support in the installation. Profiles that you can choose from include Firewall, Security, Communication, Office, and more, or you can choose the individual packages by themselves. The installation is built on Ubuntu 8.04 LTS and can either use a dedicated installer or an Ubuntu Server installation with the addition of the eBox PPA. If you use the installer, a full server is installed first, and eBox finishes the installation after a reboot.

eGroupware

eBox includes a complete groupware server with webmail, calendaring, project management, document management, a wiki, a knowledge base, and much more. eGroupware was offered during the development phase, but the version was the older 1.4. The bump of eGroupware up to 1.6 offers these new features:

• Complete new implementation of the filemanager DMS by means of PHP stream-wrapper and WebDAV, ACL control on directories and files - the new architecture allows now uploading of big files.
• Implementation of new functions like multiple mail accounts and many bugfixes in the email client.
• Extensive new features for the tracker-application: for example escalation-matrix for tickets and automatic mail-conversion as a ticket.
• Improved calendar functions especially with recurring-events.
• Supplements and adaptations in the addressbook like appointment-view, custom fields, distribution lists shown in the contact directly and in the addressbook list, multiple categorization of contacts in the addressbook list.
• Improvement of the template functionality of the project manager and some bugfixes.
• New theme for the 1.6 release
• Massive bug fixes for SyncML
• Many useful extensions and adaptations as well as bug-fixes in all modules.[1]

eBox Desktop

As I reported a couple of weeks ago, eBox now has desktop support for Ubuntu, meaning that  you can have centralized log-in and automatic application configuration for these applications:

• Evolution (Mail service): The mail account of the user is read from LDAP and added.
• Nautilus (File sharing): Links to the samba user share and all group shares for the user are added on the desktop.
• Ekiga (VoIP): The asterisk account for the user is added. A workaround is needed to ask the user for the password before start Ekiga the first time because it can't do it if it isn't specified in the configuration.
• Pidgin (Jabber service): The jabber account of the user (if it has one) is added. It also adds a conference to its buddy list for each group that the user belongs to.
• Firefox (EGroupware & User corner): Links to these two services are added to the bookmarks toolbar. Currently it only works if the user corner port is the default one (8888). [2]

eBox Desktop only works with Ubuntu 9.04 Jaunty for right now.

Getting eBox

If you need a server (or servers) for your SMB, look to eBox to offer:

• Firewall
• Network infrastructure
• VPN
• Mail server
• Web server
• Groupware
• File sharing
• Directory services
• Chat server
• VOIP, and
• Updates

Go to the eBox website to learn more.

Related articles by Zemanta

• What is eBox and Why Should You Care? (ibeentoubuntu.com)
• eBox Moves Onto the Desktop (ibeentoubuntu.com)

If you are testing Ubuntu 9.10 Karmic Koala, you will have noticed that it is now dead simple to add Launchpad PPAs to your list of repositories. How simple?

1. Open System > Administration > Software Sources.
2. Go to the "Third Party Software" tab and press "Add...."
3. Type ppa: and press "Add Source."
4. There is no "4."

The PPA will be added, along with its GPG key, meaning that you no longer have to go through that mess.


Cool beans, eh?

Help me brainstorm here, please. What's the problem with using the file manager as the "Open File" dialog? If the file manager respects some basic switches to limit the types of files that are displayed to those that are supported by the calling appliction, couldn't you just call the file manager instead of gtk-open?

Of course, this would be a lot easier in a tag-based file manager, wouldn't it? You'd just call the manager with a search for supported file types and be done with it.

I'm reading a lot of crap opinions lately about how Google should be worried about being investigated by the DoJ over the Chrome OS deal, and that it would be unfair to MS if Google is given a pass. I call these things "crap opinions" because they aren't well thought out.

Microsoft got in trouble with the DoJ in 1991 due to alleged abuse in the OS market. There was a settlement in 1994 where MS promised not to tie other MS products to the sale of the OS. Later, in 1998, MS got in trouble for bundling Internet Explorer and using the Windows and DOS monopoly to compete in the sale of web browsers.

Whether or not you think that MS did anything demostrably wrong, you can clearly see that Microsoft's problem wasn't the tying, but the leveraging of a monopoly using tying as the instrument. Let's compare that situation with Google's Chrome OS.

Google arguably has a monopoly in search in many countries, especially the U.S. You can see in these comScore rankings that Google has a greater share of search than the other four engines listed combined. In fact, Google's almost certainly to have more than the next ten combined. Because of the fluidity of the search market (including Google's promotion of competitors like Yahoo! in search results), I don't think 60% is actually a monopoly, but I can accept for the sake of this article that there is, in fact, a monopoly in the search business.

The Chrome browser, of the other hand has a U.S. share of 2-3%, according to this StatCounter page. Since the OS hasn't been released yet, it obviously has a market share of 0%. Tying the two together doesn't leverage anything. In short, Google is legally trying to get into a new market without leveraging its monopoly position, which is perfectly legal in the U.S.

If Google starts using search to push people toward the Chrome browser or the Chrome OS, then Google will probably be in trouble, but in order to do that, Google would need to make search work well with Chrome and have limited funtionality or severe breakage with other browsers. Is Google doing that?

If you visit YouTube with IE6, you'll receive a warning (as I did when my USB thumb drive sporting Portable Apps didn't work in a classroom computer today) and be recommended to use another browser. the listed and linked optins, in order, are:

1. Firefox 3.5
2. Internet Explorer 8
3. Chrome

Chrome is listed third. I don't think anyone can say that Google is giving Chrome undue promotion.


In summary, Google is not using one monopoly as leverage in a new market, and is relatively careful about tying its monopoly product to other products. From that perspective, Google is completely safe from the kind of DoJ attacks that MS suffered so quit talking about them. On the other hand, you're still allowed to be worried about privacy and market dominance issues.

Related articles by Zemanta

• Clash of the titans (economist.com)
• comScore Study: Bing Is Off To A Very Good Start (techcrunch.com)
• Web browser makers line up battleships (theregister.co.uk)
• Google Asks Common Man "What is a Browser?" Common Man Has No Clue [Video] (mashable.com)

Just in case you're ever tempted to say something stupid like "Ubuntu is unkackable," watch this video, then re-think the statement.


The video shows a local root exploit in the Linux 2.6.30 kernel. Karmic will ship with 2.6.31 so this exact exploit isn't likely to still work. Oh, and even though the vulnerability is local, remember that remote user exploit plus local root exploit equals remote root access. ;)

Related articles by Zemanta

• 5 Things Linux does better than Windows (ghacks.net)
• EXT4, Btrfs, NILFS2 Performance Benchmarks (slumpedoverkeyboarddead.com)
• Next Ubuntu alpha reveals video change (theregister.co.uk)

In an article on Techradar which looked at the upcoming Karmic Koala release of Ubuntu, Clement Lefebvre, the developer of Linux Mint, a popular Ubuntu derivative, and Mario Limonciello, the maintainer of the Ubuntu-sanctioned Mythbuntu media center distribution both took aim at what they saw as the chief weakness of Ubuntu.

"Of course," compained Lefebvre, "[focusing on consolidation instead of cutting-edge features] wouldn't make sense for Ubuntu unless we became an upstream component of their distribution. I'm really happy with what Ubuntu is doing, and if I were to change anything… it would be the commitment to a release schedule and the return of a 'release when ready' policy to guarantee a stronger level of quality against regressions."

"I would prefer that the release cycles were not strictly six months," said Limonciello. "Over the last few releases there have been a variety of bugs that weren't deemed to 'hold up' the release and could just be fixed in a Stable Release Update. I'm of the opinion if you have a fix for the bug that you know works, you shouldn't put off the fix just to meet a deadline for releasing a CD. It's better to include the fix sooner and give a better experience to the user out of the box."

Ubuntu began having serious release issues in 8.04, when the developers replaced the venerable Enlightenment Sound Daemon (ESD) with the newly minted Pulse Audio for the sound system. Flash and Pulse Audio didn't play well together, causing Firefox to hang or crash often. A commonly used wireless chipset (RaLink's RT series), which had worked for Ubuntu users for several releases, shipped without a working driver in 8.04. Many users complained that Hardy (8.04) was a step back from Gutsy (7.10).

The release of 8.10 came with more wireless bugs and a new Xorg (7.4) which broke 3D effects on NVidia and ATI chips for a time. NetworkManager also had its share of problems.

Jaunty (9.04) is now famous for the awful Intel chipset drivers which worked for years before the version rev. There was also a problem with the Brasero CD writer, which was exacerbated by its integration with the Nautilus file manager and the removal of the tried-and-true Nautilus CD Writer. Pulse Audio continued to cause problems for some people.

Linux Mint is a popular Ubuntu derivative which includes everything the user needs out of the box, including Flash and restricted codecs. It also uses a more Windows-like interface and has several user-friendly software additions like a "popular software" installer and easy file sharing.

Mythbuntu is a popular and venerable media center and DVR solution which installs easily and has graphical interfaces for just about everything you need to set up.

Related articles by Zemanta

• The Perfect Desktop - Linux Mint 7 (Gloria) (howtoforge.com)
• Hive Five Winner for Best Linux Distribution: Ubuntu/Debian/Linux Mint [Hive Five Followup] (lifehacker.com)

Responsible Disclosure:

Responsible disclosure is a term concerning the subject of computer security. It is like full disclosure, with the addition that all stakeholders agree on a period of time to wait before patching the security vulnerability and publish the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding those fact could suggest a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and prevent any future damage. Corresponding to the impact of the vulnerability it may require a period between a few weeks and several months. It is easier to patch software by using the internet as distribution channel. [1]

Full Disclosure:

Full disclosure requires that full details of a security vulnerability are disclosed to the public, including details of the vulnerability and how to detect and exploit it. The theory behind full disclosure is that releasing vulnerability information immediately results in quicker fixes and better security. Fixes are produced faster because vendors and authors are forced to respond in order to save face. Security is improved because the window of exposure, the amount of time the vulnerability is open to attack, is reduced.

In the realm of computer vulnerabilities, disclosure is often achieved via mailing lists such as Bugtraq and full disclosure by other means. [2]

Microsoft requires "responsible disclosure" in order for security experts to get any credit for discovering vulnerabilities. I put the phrase in quotes because, based on the definition above, RD has an agreed upon time limit, but while Microsoft calls their process RD, the company doesn't commit to any time frame and generally holds the secret until a patch is released. Some researchers have waited years for a patch from MS, decided to disclose the vulnerability to the public, and been denied credit from MS because of the disclosure.

Now, it appears that the awful Internet Explorer / Windows XP (or Server 2003) exploit was known to MS since at least December, 2007. We'll never know exactly how long because the report (CVE-2008-0015) is protected by a non-disclosure agreement.

Attacks have been going on for at least a month (who really knows?). There's still no patch and there's no time-frame for one, either. There's a workaround, but no patch.

Disgusting. People have been vulnerable for way too long, and MS knew it. This is why I and many others support full disclosure. Patches are released quickly and users are aware of the danger.

Related articles by Zemanta

• Microsoft warns of Internet Explorer security hole (thestar.com)
• Emergency Fix Availabe For Internet Explorer - Get It (lockergnome.com)