Archive | Software & Packages RSS for this section

Easily Amused

I was greeted the other morning by a coworker grinning from ear to ear. “I love Vista!” he proclaimed and proceeded to tell me of a great discovery.

As it happened, he had been working on a personal project the night before and had inserted a blank CD in the drive. What did he see? A dialogue box asking him if he would like to burn an audio CD or a music CD. How convenient is that?! The best part is, he didn’t have to buy any third-party software!

He seemed so happy, so full of glee. I didn’t have the heart to tell him that I’ve enjoyed the same luxury with Ubuntu (Nautilus, to be more pecise) for almost three years now…well, I almost didn’t have the heart to tell him.

Cheers!
-Brandon

Advertisements

NEWS: UltraEdit for Linux!

IDM’s UltraEdit is arguably the world’s best text editor…for Windows. I first used it in 2002 as part of a basic programming tool set provided by my client at the time. I was hooked, and started to use it on other engagements. I even started ‘selling’ it to my colleagues, showing them how it could solve various problems. One of my colleagues, a statistician, had to routinely convert large data files of various formats (fixed-width, CSV, etc.). He did much of this by hand (i.e. in Notepad and/or Excel) until I showed him how to convert files painlessly in UltraEdit. He bought a license the same day.

Alas, my conversion to Linux several years ago forced me to abandon UltraEdit. For me, the most useful feature was the column mode (also called ‘block’ mode) and I could not find any GUI text editor that could replace that function. I use Vim most of the time now, which does have the ‘visual’ block mode, but learning the keystrokes and writing macros to do all of the things UltraEdit can do in single button-clicks is much too time-consuming for my busy schedule to allow. I tried running it under Wine (please don’t ask which versions of either – I don’t remember now), and it seemed like most things worked, but not the column mode. Crash and burn.

Still in denial, I check the UltraEdit user forums from time to time, and what did I see just a few days ago? A post written by someone on the IDM team claiming that they are indeed working on a port of UltraEdit to Linux! It is currently called UEx and is expected to hit the market in late 2008. Joy of joys!

Cheers!
-Brandon

P.S. To find the post, go to the UltraEdit website and navigate to the User Forums under the Support menu. In the UltraEdit General Discussion category, use your browser to search for the text, “UltraEdit for Linux”. The post was written by “penntap” on December 12, 2007, which showed up on page 9 when I found it.

Top 10 Linux FUD Patterns, Part 5

Linux FUD Pattern #5: Linux is not secure

There are some out there who would like for you to believe that Linux is unsafe. What better way to instill fear than to form doubt in your mind about a system’s abilities to protect your data?

A reason for the supposed lack of security often cited in FUD is the origin and maintenance of Linux in the “hacker” community. The term “hacker” has evolved from a term of endearment to one associated almost exclusively with cybercrime. To say that Linux was created and is supported by hackers gives the impression that the OS and its related applications are riddled with built-in security holes, backdoors for gaining system access, spyware for purposes of identity theft, hidden network tools that help intruders cover their footprints as they travel from machine to machine through cyberspace, and any other sort of malicious software for various and sundry purposes. To “hack” no longer means to “tinker” or to “fiddle with”, but to “break into” and “cause harm”. The term may conjure mental images of a scene from a horror movie, an evil man with an axe about to hack his way through the door to the house protected by the dark of night. Such is the imagery used to spawn fear.

Let’s examine Linux security by answering two questions. Do security components exist? And, can they be trusted?

The components required to make a system secure depends on many factors, because different systems are used in different ways by different people. Moreover, a weakness in a system’s security may be mitigated by strengths in some other compensating controls. There are some basic options that are commonly used to secure systems, all of which are available on Linux.

Password protected login is the hallmark form of authentication. It is easy to implement, easy to use, can be highly effective, doesn’t require additional/expensive hardware and the expectations and conventions surrounding it are already present in modern culture. Sure, there are more advanced biometric devices such as palm readers and retina scanners, but the relative cost in money and effort of implementing these safeguards for the average home user and for most business desktops is prohibitively high. There are two aspects to password security: the strength of the password itself, and the authentication scheme behind it. Password strength is the responsibility of the user, not the OS. Most Linux distros either require password protection or at least have it enabled by default. Usually, the passwords are protected on the local system by shadowing and various schemes such as Kerberos can be used to protect the transmission of login information over a network.

Related to password authentication is the file system permissions granted to users once they’ve logged in. Linux and Unix use file-based permissions, denoting how the owner, members of the owner’s primary work group and the “world” of users on the system can interact with each file or directory. Privileges do not cascade as they do with other operating systems that use Access Control Lists.

Network security is a broad topic encompassing the combined abilities of the OS, applications, network devices, administrators and users to detect and/or prevent a breach attempted across a network connection. A basic way to accomplish this is to disallow certain types of messages from reaching the computer; this function is usually performed by a firewall server or program that monitors network traffic and filters communications based on predefined rules. Every computer that communicates over the Internet uses the TCP protocol, which allows for approximately 65,000 possible “ports”. These ports are similar to radio stations or TV channels; each application that needs to communicate does so using one port. Ports that are not used by an application but are still available for use (“open”) can be exploited. Port scans are a good way to determine if a system has any open ports that are not being used. Firewall capabilities are built into the Linux Kernel and several good front-end packages are available for configuration, monitoring and reporting purposes.

All of the safeguards discussed above constitute protection around the data. What about protection of the data? A data file can be encrypted thereby changing the contents to an encoded, unreadable format. The content is usually restored using a key or a password. E-mail can also be encrypted prior to transmission. GNU Privacy Guard (GPG) is a Pretty Good Privacy (PGP) compliant application that implements public key cryptography on multiple OS platforms, including Linux. Of course, constantly having to decrypt and encrypt every individual data file before and after use would be painful; instead, entire file systems can be encrypted by the system and several cryptographic file systems exist for Linux. It is also possible to create a loopback device, which is a file that can be mounted as an encrypted file system similar to the commercial product Cryptainer LE by Cypherix.

So, the components do exist. Now, the question remains, can these components be trusted?

FUDsters will argue that any security software for which the source code is freely available to the public is inherently not secure. This is based on the assumption that the source code will either reveal the secret functionality that makes the security software work or expose bugs in the security software itself that can be exploited as well.

First, if someone cannot open their source because they are afraid it may reveal secret functionality, then it wasn’t properly designed from the start. The worst-possible example of this is hardcoding passwords in programs, especially if they are scripts stored in clear text. Good security schemes, such as encryption, rely directly on information the user provides, and often make use of one-way functions.

Second, Open Source software is available for public scrutiny. If you cannot read and understand the code yourself, rest assured that there are many folks out there that can and do. Why? Because many businesses do actually use Open Source software and have everything to lose if they don’t test it out first. That being said, I consider many corporate “testimonials” sponsoring one OS or another based on security or other factors to be FUD, mainly because they often appear in paid advertisements and seldom reveal the details of tests performed to lead to such conclusions. Independent certification and research performed by government or other nonprofit entities are usually the most objective and reliable.

Aside from learning the code, another way to test an application’s security strength or to see if it transmits private data is to watch (or “sniff”) the port on which it communicates using a network monitoring tool. Such data may be encrypted, but the (data) size and timing of requests made by the client software should be consistent and reasonable. This is a technical task, but a bit easier than learning how the code works. Just remember, sniffing outside of your own network may be considered illegal.

Finally, there are many Linux opponents that would jump at the chance to expose real security weaknesses in Linux and its applications. These are often vendors of competing software and have both the money and channels to make themselves heard. When such a claim appears on the Web, look for specific details about the vulnerability. If there are none, it may be FUD. Also, check the software website to see if the vulnerability has been acknowledged or refuted as well as any status on its repair. Never take such claims at face value.

Here’s a few tips to remember to help protect yourself.

Any security expert worth his salt will tell you that physical security is the most important aspect of system security. If physical access to a computer is available, then it is usually just a matter of time before the system will be compromised, regardless of operating system. Obviously, the probability of such breaches skyrockets for laptop users, especially when so few (based on my own observations) choose to utilize even the most primitive of safeguards, cable locks. Also, I’ve not seen any major headlines on this so far, but Live CDs, as wonderfully useful as they can be, are ginormous threats to the security if physical access is available. This is because most Live CDs provide superuser access to a system and all of its devices. It is best to keep computers under lock & key whenever possible.

One of my friends from university used to work in an engineering lab on campus. He had set up a Linux box on the network, with full consent of the administrators of course. But one of the the permanent staff members approached him one day, asking how he managed to cloak his machine from the nightly SATAN network scans. The answer was simple! He turned the machine off before he left each day! Turning a machine off or at least disconnecting it from the Internet when not in use will deprive the would-be attacker the time needed to successfully break in using a brute force attack.

And, as always, be careful what you download. There is always a chance that someone will write spyware or malware for Linux. Stick with applications that have large communities and good reputations if you can. Search the Internet for evidence that an app may not be secure before downloading it. To quote the the Gipper, “trust, but verify”.

Cheers!
-Brandon

<< Go To Part 4 Go To Part 6 >>

Top 10 Linux FUD Patterns, Part 3

Linux FUD Pattern #2: Linux is not “officially” supported

When you hear the phrase “official support,” what comes to mind? Informative user manuals? A well-staffed call center? But what makes it “official”? This is the second item on my Top 10 List of Linux FUD patterns: the lack of “official” Linux support. The goal of FUD based on this notion is a mixture of fear and uncertainty, to make you believe that using Linux means having no place to turn when a problem occurs.

Generally speaking, “official support” for a product is provided by the entity that owns the intellectual property for the product and/or has the right to produce and distribute it. Products are typically sold or leased, both of which are types of business transactions; this implies that the entity in question is operating as a business. A third-party provider paid to support a product may be licensed by, or otherwise affiliated with the original vendor, but only the vendor’s fixes and upgrades are “officially” supported. “Official” support connotes a certain level of authority or expertise, but also implies consequences, usually legal or fiscal, for a failure to meet service expectations. This is the model used by businesses today.

Linux, however, is not a business-supported product (per se). Linux is not “owned” by a particular entity, nor does one particular entity retain the exclusive right to update and distribute it. It is licensed under the GNU Public License (GPL), which permits any software recipient to modify and distribute the software or derivatives thereof as long as the conditions of the GPL are not violated. This is coupled with the open source philosophy, but they aren’t exactly the same thing – an open source application may be licensed under something other than the GPL.

So then, who does “officially” support Linux? The answer is that Linux has always been a grassroots movement. Though it was originally created by one man, Linux is “officially” maintained by a community made up of individuals, groups, and yes, businesses. Different groups within the community support different parts of the system. These groups are commonly known as “maintainers” and usually include original authors or those to whom the torch of authority has been successively passed. For example, assuming the Wikipedia article on the Linux Kernel is not out-of-date, Mr. Torvalds still supervises changes to the core of Linux and has designated the maintenance of older releases to other individual maintainers. The parts maintained are typically called “projects”. Various entities, such as Ubuntu and Red Hat, bundle various system parts together as a unit and ensure that their respective distributions operate as expected, that is to say, that they operate well.

While maintainer and/or community support for a Linux distribution or a particular project may be “official”, technical assistance may not be readily available, on demand, free of charge, or for that matter, available at all. Most maintainers are polite and willing to help, but please remember that much of Linux has been contributed by developers and that support offered pro bono publico doesn’t help feed the family or pay the mortgage. This is where the rest of the community helps out, in the form of online support forums.

Paid support is available as part of the commercial offerings made by Red Hat, Novell, Linspire and others. Additionally, some of these companies offer professional services, such as consulting and training, though these services are typically meant for consumption by businesses, not home users. Any company offering fee-based technical support for Linux is free to set their own price, whatever the market will bear.

In an increasingly tech-savvy world, I think the difference between commercial and community-based support is rapidly decreasing. Consider the available courses of action that may be taken when a problem does occur with a commercial OS. Almost always, the first step is to search the Internet for a root cause, if not a full-blown resolution. This is often done as a cost-saving measure (easy fix) or so that the user/administrator can better explain the problem to tech support when a call is eventually made. Moreover, help may be actively sought in a multitude of discussion groups, mailing lists, blogs, chat rooms and other forums dedicated to supporting various operating systems. Another option is to consult with a friend or relative that knows about these sorts of things. Of course, the “official” vendor or (gasp) a consultant can be called upon, usually for a fee of course. At the discretion of the user/administrator, the problem may be eliminated by brute force: reinstalling the OS. (Actually, this last option isn’t all bad as long as no data were lost – it provides an opportunity to “clean house” and possibly upgrade to a newer release or move to a different distribution.) The order of preference for these alternatives depends on the facts and circumstances surrounding the problem, but they almost always rank from the least- to the most-expensive in terms of time, effort and cash outlay.

Hardware support (or lack thereof) often appears as diversionary FUD regarding “official” support. Hardware must be able to communicate with the computer at several levels, starting with the physical. For example, a USB device can be attached to any machine with the appropriate port, but to use the device the OS must know how to communicate with both the USB itself and the device on the other side. Obviously, this issue quickly boils down to device drivers and brings us back to a discussion of “official” software support.

Rest assured, common devices such as keyboards, mice and thumb drives, almost always work using standard Linux drivers. In other words, they don’t support Linux; rather, Linux supports them. Newer device classes for which no “official” Linux drivers are provided often suffer a period of incompatibility or reduced usefulness. For example, Wi-fi network interface cards are now going through the same sort of transition that consumer-class Ethernet cards did about six or eight years ago. Many times, this is because drivers have to be derived from messages sent to and from the devices, often requiring many hours of experimentation. A general rule of thumb: hardware compatibility problems are more common as the hardware becomes more exotic. For example, I experienced new levels of frustration with the big-name vendor of a certain USB-ready programmable television remote control for which future Linux support was promised and never delivered. But, the fact is, hardware vendors have the right to choose to support Linux or not, a decision based on supply and demand. The need to operate specific hardware may dictate which OS is used.

The best advice I can give is to ignore the FUD and adopt a pragmatic approach to defining your support needs. Your needs are specific to you. Compile a scorecard and do some research. Questions that should be answered include the following. What is your level of expertise with computers? Have you needed professional OS support in the past? Do you expect to need it in the future? Are you comfortable doing your own support work? Based on community-supplied information? Is your hardware “officially” supported or listed in one of the various compatibility lists? Do you use exotic hardware components? Have you tried running a Linux Live CD, especially Knoppix? When buying a new PC or laptop, have other users posted their experiences with the same model? Research never hurts, but just be on the lookout for more FUD!

Cheers!
-Brandon

<< Go To Part 2 Read Part 4 >>

Linux Tool Highlight: Desktop Data Manager

Desktop Data Manager Clipboard HistoryI found this great utility for Gnome that I just can’t keep as a secret! 🙂 It is called the Desktop Data Manager and includes “a clipboard history for many different types of content” like text and images that sits in your notification area (system tray), and an application to take screenshots of a single window, a region of the screen, or the whole desktop. Being able to select the region of the screen is VERY important to me and it’s a huge time-saver.

The clipboard application is like Klipper, but for Gnome. Wickedly sweet!

Wow! This is the best Linux gem I’ve found in a while!

In Windows, I used a little old program called ClipCache Plus for years, which is also a clipboard extender that allows you to save ALL of your clipboard history. I couldn’t live without it. (By the way, they just recently released their first new version since 2003!) Migrating to Linux made it difficult to let go of ClipCache and Klipper doesn’t play well in Gnome. Desktop Data Manager has solved it and is even better than Klipper! It doesn’t hold ALL of your history — it has a user-specified limit — but it’s better than no history at all!

Screenshot ApplicationAnother thing I REALLY wanted ported to Linux is SnagIt by Techsmith. SnagIt, of course, is a screenshot application that does it all! It’s an amazing piece of software that allows you to take any kind of screenshot, add effects to it, add arrows, pointers, balloons, and so much more. Too much to list, and that’s not an exaggeration. This little gem doesn’t do all of this, it just captures regions or windows or entire screens, but it just makes it easier to send to Gimp for editing.

Desktop Data Manager is available as a .deb (Debian Packager), a .rpm (RedHat), and .tar.gz. Ubuntu users need to download the Debian Package (.deb file).

Get it now
and spread the news!


Digg!

Color Scheme Designer for Gnome Desktop

In Thomas Wood’s blog post about supporting color schemes in the gnome-theme-manager, a reader named Drew Kerr pointed readers to a nifty little tool that helps users and designers (even painters!) to select color schemes.

Agave ScreenshotAgave “allows you to generate a variety of color schemes from a single starting color.” It is free software licensed under the open-source GPL License.

Agave allows you to generate 6 different types of color schemes: Complements, Split Complements, Triads, Tetrads, Analogous, and Monochromatic from any base color you desire. It supports Drag and Drop between Agave and GIMP, as well as many other programs.

Other features allow you to save your schemes as favorites, generate random schemes, selecting colors outside of Agave with a dropper, and more.

Debian Package Directory Search

Debian If you’ve ever wondered where you can find a Debian package, look no more! This search engine for Debian packages allows you to “search the contents of Debian [Linux] distributions for any files (or just parts of file names) that are part of packages. You can also get a full list of files in a given package“. Wicked sweet!

Yes, you fellow newbie Ubuntu users! 😉 This is for you… these are the type of packages (programs) that you can download and install by double-clicking the file. 🙂

Bookmark it now!