Linux Blog

Ubuntu & Gentoo Servers compromised

Filed under: General Linux — TheLinuxBlog.com at 11:00 pm on Wednesday, August 15, 2007

The case of the Ubuntu servers being breached [wiki.ubuntu.com]
Missing security updates and system administrators not running updates on servers is a problem. I don’t know why they didn’t do any updates past Breezy. They suggest that it was because of problems with network cards and later kernels but I don’t get it. Since when do software updates for an operating system have anything to do with what kernel is running? If there is a problem with hardware support for the network card you have two choices. The first is to fix the driver yourself or pay some one to do it. The second is to replace the network card to a better supported device. Both situations could be costly but it would get the problem fixed and five of the servers wouldn’t have been taken down at the same time.
If the kernels were configured correctly, the boxes probably wouldn’t of even had to have been rebooted.
Running FTP instead of a more secure version is not so bad unless they were running accounts with higher privileges than guest or using system accounts. In which case thats just stupid.

The Gentoo Situation [bugs.gentoo.org]
Apparently there is a problem in the packages.gentoo.org script. The bugzilla article goes into deeper explanation but basically there is some pretty unsafe code which could have allowed any one to run any command. I understand that the code is old but it probably should have been audited at some point. The problem would have stuck out like a soar thumb if looked at by a python coder and they probably would have fixed it, or at least suggested a fix. The problem was found on Tuesday the 7th. All of the infra- (I assume they mean infrastructure?) guys were at a conference last week so they couldn’t work on it. It still seems that if they were at the conference until midnight on the 12th they would still have been able to put up a coming back soon placeholder on the packages site by now. Hey, if they put some pay per click ads up there maybe they will get some additional funds during the down time. I would like to see what products would be pushed thru the advertising on that one. I believe that they could have reduced the downtime by releasing the code for the packages.gentoo.org site as open source or by asking for help from developers to review and upgrade the code as needed.

Its not strange for web servers get hacked. They get hacked all the time but who’s fault is it in the open source community? I really think that there is a problem in the community when it comes to situations like this but the blame can’t be placed on any one person. I would offer any assistance I could into getting these situations resolved but its not as easy as that. There has to be a certain level of trust for those working within a project. If they gave out keys to their servers to anyone the servers probably would have been compromised a long time ago. I hope that the affected sites can pull them selfs together and get back up and running as normal. It seems that Ubuntu did not have complete down time, but the Gentoo site is still down and there is no indication of when it will be back up.

Living Without Windows

Filed under: General Linux — TheLinuxBlog.com at 8:58 pm on Monday, January 8, 2007

Some may have heard the quote:
“In a world without fences, who needs Windows and Gates?” Although this phrase is clever and slightly funny in reality people do need to use and rely on Windows to do their business on a daily basis.

Like it or not, Windows is here to stay. Given how frustrating it may be, it is not going away any time soon. I have heard so many people complaining about how much they dislike Windows and explain how it is a badly coded unstable operating system but they still choose to run it.
If it were such a bad operating system why do so many people use it? And why is Microsoft still in business? The answer is clear – There is no better alternative for every situation. Some people make claims that Linux is better. Is it? Do these people use it on a daily basis and know that it is in fact a better operating system? It may be a better operating system for one purpose but it is not better in every situation. An example of this could be in the medical field. Imagine the staff are very familiar with Windows and know how to operate it to complete their job. Now imagine your life depended on the staff being able to do their job. Is Linux still a better choice for the given situation?

Linux may be a little harder to set up and use but once a user is familiar with Linux it rewards them with the flexibility they need to get the job done. Tasks that are possible with Linux are not always as simple to accomplish with Windows without pricey third party software.

So how can I live without Windows?

There are two excuses people often use when not running Linux. One is hardware support and the other is software. Below I offer some solutions to these two problems.

Software

Open Source Alternative
A lot of times if the application one relies on doesn’t work on Linux an alternative piece of software is available. If searching freshmeat.net and sourceforge.net yields no results. Asking on forums may also spark some interest with your application need.

Use Cross Platform Software
As a casual Windows user I like to use software that works on Windows, Linux and BSD variants.
Below are some application categories and solutions.

Development: Zend Studio (Java) Commercial
Development: JEdit (Java) Open Source
Development: Eclipse (Java) Open Source
Mind Mapping: Freemind (Java) Open Source
Project Management: Gantt (Java) Open Source
Graphics: Gimp (C++) Open Source
Graphics: InkScape (C++) Open Source
3D Graphics: Blender3D (C++) Open Source
Instant Messaging: Gaim (C++) Open Source
Instant Messaging: aMSN (C++) Open Source
Office: OpenOffice (C++ & Java) Open Source

Web Applications
Most web applications are cross platform and are very good at the task at hand. Some may be free while others come with a subscription fee. They may be not be as fast as desktop equivalents and response time may vary but web applications are becoming more popular.

Run your Windows applications on Linux
If you do not with to find an alternative piece of software there are some options that may be appealing to you.

Wine
Using a little setup time and a handy toolkit called Wine (Wine is not an emulator) one can run many applications on the Linux desktop without ever touching windows. Except possibly for copying important DLL files.

Cross Over Office
Cross over office is a commercial piece of software which uses wine. It eases the installation process for many supported applications.

Virtual Machines
Virtual Machines are perfect for the more modern faster machines out there. By using the commercial VMWare server (now free) the Open Source Xen or QEMU machine emulators one can run a virtual copy of windows inside an X11 Session. If your machine is powerful enough it may even be faster then an underpowered separate computer.
VMWare Server: http://www.vmware.com/products/server/
Xen: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/
QEMU: http://www.qemu.org

Another Physical PC
Nobody said that you couldn’t use a Windows box. This obviously provides the most compatibility with the software you may own. Personal Computers continue to drop in price and a reasonably equipped machine that is capable of running an older version of windows can be purchased for a reasonable price.
Potential Problems and Solutions
Space
Purchase a smaller PC
Keyboard / Mouse / Monitor
If you don’t want a separate keyboard, mouse and monitor on your desk you could purchase a KVM and use your current setup.
Use VNC. By using VNC and a LAN connection you can effectively use the computer as if you were right in front of it. I do not recommend this method over wireless connections, as the quality of the VNC session may not be very good.

Hardware

One drawback of using Linux is a lack of hardware support. Although most major hardware is supported often one may run across some strange hardware that is not supported. Often this is also used as an excuse to run Windows.

NDIS Wrapper
If you have a wireless card that has no native driver, it is probably possible to get it working with NDIS Wrapper. This allows one to use Windows wireless drivers under Linux. A friend of mine has successfully used this approach to get his Dell Inspiron wireless working.

Laptop Support
I once owned a Compaq Evo 1000v which I had successfully installed Slackware on. The hardware support seemed buggy at the time, but Linux did run on it. I traded it with a local PC store owner for a smaller underpowered Toshiba Portégé 4010 which I now have a working installation.

Peripherals
Often the techie type PC users have a lot of gadgets. Depending on how many other users have this gadget there may or may not be a driver available. If there is not, all hope is not lost.

VMWare
Sometimes with certain type devices VMWare can be used. I successfully used this method to use Linux with a Parallax PIC micro controller, which is programmable by a serial connection. All that needs to be done here is some toying with the VMWare settings.

Buy new hardware
If you have a need for a particular device and support is available for similar devices. But not your particular piece of hardware, sometimes it is advisable to purchase new hardware.

Develop a solution
If buying new hardware is not an option due to funds or no other available hardware and searching yielded no results. Posting to forums may help. If other users have this hardware maybe some one out there with the skills necessary could start a project. With a project started more owners of this hardware will find the project and may be able to chip-in.

Ignore the problem
If you are really lazy like me you may just choose to wait and do nothing about the hardware support. In some rare cases this approach will work. Ignoring the lack of hardware support and just using Linux anyway is sometimes a better approach. For example, my roommate refused to use Linux on his main PC because there was no support for his second on board Ethernet so he used Windows. What baffled me was that he wasn’t even using the second Ethernet card under windows. Some time passed and a new kernel got released, low and behold a driver for his controller is now included. He finally installs Linux and went through all of the trouble of backing up files and the installation routine again. This could have been avoided if Linux was used to begin with.
If the hardware doesn’t cause any system problems then the only problem is that the device simply doesn’t work.

Conclusion
The best way to learn Linux is to become surrounded with it.
It is easy to use Linux as a primary operating system and for those interested in Information Technology and a lot can be learned.

So which is better for me?
I could say that Windows is less practical for me because it does not always provide the flexibility I need. Constant issues with stability and drivers not working also become a problem when it is not possible for me to repair them.

After using Linux as my primary operating system for a while it has become clear how much users are restrained by using Windows. For example I have become accustomed to the Xfce 4 keyboard shortcuts and I create workspaces for different groups of applications I have running to perform a certain task. With my Windows PC at work there is no way for me to organize my windows in a way that makes sense to me. I find my self closing all applications and opening them one by one to reorder them in a way that makes sense. My productivity is higher when I am working on a Linux Box. Therefore I would say that Linux is my preferred choice.