A sneak peak at ImpiLinux 7.05

For the last couple of months our team has been hard at work to get our new desktop ready. This desktop is derived from Ubuntu 7.04 and represents more or a "Ubuntu for business" kind of experience.

But before I get ahead of myself, here are some screen shots, expect more to come as we run up to our official public release in May 2007... we're just still busy adding the finishing touches...

The usplash screen (progress bar during bootup) as it is so far...


The GDM session screen (initial user logon) as it looks so far...


The default desktop...

Compiz and Ubuntu Feisty Fawn (ATI X1400 + fglrx + compiz)

After a long struggle I have finally managed to create an easily reproducible method of starting Compiz with ATI X1400 and restricted drivers on Ubuntu 7.04 (Feisty Fawn). Feisty aims to support Compiz via AIGLX (as far as I could tell), the best way to get it running though is through Xgl.

First thing you will need to do is get the fglrx driver from ATI. The best way to enable this is:

1. Enable ATI accelerated graphics driver

System -> Administration -> Restricted Driver Manager

It is recommended that you restart your computer after you "select enable".

2. Grab the following listing and put it in a file called xgl.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Xgl
Comment=Start an Xgl Session
Exec=/usr/local/bin/startxgl
Icon=
Type=Application

3. sudo cp xgl.desktop /usr/share/xsessions/

4. Grab the following listing and put it in a file called startcompiz

#!/bin/bash # # Start beryl-manager within gnome-session # if (( `ps -A -o comm | grep -c '^Xgl$'` == "1" )); then DISPLAY=:1 gnome-settings-daemon & DISPLAY=:1 compiz --replace else echo "${0}: Error: compiz not launched. Xgl not running?" fi

5. sudo cp startcompiz /usr/local/bin/

5a. sudo chmod a+x /usr/local/bin/startcompiz

6. Grab the following listing and put it in a file called startxgl

#!/bin/sh
Xgl -fullscreen :1 -ac -br -accel glx:pbuffer -accel xv:pbuffer &
sleep 4
export DISPLAY=:1
exec gnome-session

7. sudo cp startxgl /usr/local/bin/

7a. sudo chmod a+x /usr/local/bin/startxgl

8. sudo apt-get install xserver-xgl

9. System -> Preferences -> Sessions -> New


- Name : Compiz
- Command: startcompiz


10. You will need to Log Out, then login using the Session : Xgl

You should now have compiz :-)

11. sudo apt-get install gnome-compiz-manager

You find this program under System -> Preferences -> GL Desktop to fine-tune compiz.

Funnier things have happened

So this morning I walk out of the house to find my Honda S2000 on bricks - all 4 wheels gone... I've had better days...

Take my money but leave my Podcasts!

For the last couple of weeks I have been struggling with getting Podcasts to work properly on my Ubuntu desktop. I evaluated a lot of different software packages (a lot of them with varying support of iTunes features) but still resolved to running iTunes on Windows XP as a VMware guest operating system... painful.

This process was very error prone to say the least. VMware would not my detect my iPod if the guest was already running, forcing me to reboot the Guest OS whenever I wanted to sync iTunes with the iPod. Ubuntu/dbus/usb kept on grabbing the iPod and mounting it whenever a sync was finished in iTunes (it automatically unmounts the iPod - music on the run). I had to resort to blacklisting "automount" for the iPod in fstab.

Being a FLOSS developer I resolved to investigate how to improve iPod support in Banshee. I quite enjoy Banshee and it supports basic iPod syncing pretty well - fine if you're just listening to music. The features I wanted to add:

1. Support for the Podcast menu on the iPod (I hate having to browse through music/albums/artists to find my podcasts)
2. Proper ordering of the podcast (sorted according to date, newest at the top)
3. Read/Unread status (show me which ones I have not listened to please :-) )

Enter gPodder...

After searching a little bit for some sort of format specification I stumbled across a Free Software Magazine article in which the author mentions: gPodder


gPodder is a PyGTK application which supports all the critical features I mentioned above and does a great job of syncing the latest and greatest Podcasts to my iPod. A real life saver. gPodder even behaves well with Banshee - you can sync music from Banshee and add your Podcasts using gPodder.

Of course I also have the advantage of working for Impi Linux which meant that Francis (one of our distribution guys) could give me the luxury of just typing:

sudo apt-get install gpodder

Now I'm just waiting for my favorite shows to update so that I can enjoy my ride home listening to my favorite podcast programs. Joy!!

Ubuntu and the Enterprise Directory

One of the Google Summer of Code projects for Ubuntu is "LDAP Out-of-the-box" (https://wiki.ubuntu.com/GoogleSoC2007) - something that we are busy addressing within Impi Linux at the moment.

After a cursory investigation I have come to belief that unfortunately not much has changed in the last 4 years regarding Linux and something like an Enterprise Directory.

What do I mean by an Enterprise Directory?
- A product like Microsoft Active Directory (http://en.wikipedia.org/wiki/Active_directory) and Novell eDirectory (http://en.wikipedia.org/wiki/Novell_eDirectory) built from FLOSS

The challenges?
- Just as far as Kerberos is concerned here is a preview...

1. Currently neither Heimdal or MIT Kerberos can be found in the stable Dapper repositories (only in Universe).
   
2. A sane default configuration has to the developed and packaged for easy installation.
3. Bootstrap processes need to be developed to get the system up and running.
4. Clients have to recompiled/patches/fixed to support SSO via Kerberos
5. The client OS has to be "kerberized" (pam support for kerberos logon, changing of passwords, password policies...)

Then there's LDAP, Samba, Cups, DNS, etc, etc.

No wonder the state has not changed much in the last 4 years...

The shoulders of giants

I've been in the privileged position over the last 2 months to see the company that I work for go from strength to strength. The company is of course Impi Linux (http://www.impilinux.co.za) and the majority shareholder is Mark Shuttleworth. The idea behind Impi is to create derivatives of Ubuntu (http://www.ubuntu.com) for business and government.

Ubuntu is a fantastic Linux distribution, do yourself a favor and try the latest preview of the upcoming version 7.04 (Feisty Fawn). It is truly terrific and its getting rave reviews already (http://www.osnews.com/story.php/17505/Ubuntu-Feisty-Fawn-Desktop-Linux-Matured), Feisty Fawn demonstrates what the potential of a mature Linux distribution is.

Ubuntu aims primarily at the desktop and its audience is a global one. This means that although the offering is very mature and has most if not all of the features that a user would need, it does not cater out-of-the-box for the enterprise. That is where Impi comes in.

With Impi Linux we have the advantage and privilege of standing on the shoulders of giants, we take the solid base that Ubuntu offers us and we add what our customers require to deploy it in the business environment. To give you an idea of what this means, these are the features that we focus our attention on:

1. Single-Sign On (Kerberos, Password Management)
2. Directory Enabled clients and servers (based on Ubuntu 6.06 LTS Server)
3. Groupware (based on Kolab/http://www.kolab.org)

And much, much more...

When a business looks at Impi they get the advantage of a great product, due to its Ubuntu heritage, but they also get those features that are critical to their day to day operation and productivity.

From high up here it sure looks promising for the Linux desktop and server.

This one is quite Feisty

The past couple of days I have been evaluating the upcoming version of Ubuntu code-named Feisty Fawn. Feisty seems to be set for greatness. A couple of points of interest:

1. It "just works" - although I am evaluating Herd 4 I am experiencing very few issues with the system - a very good omen for the final release.
   
2. Its fast. Feisty feels extremely responsive in comparison to previous versions - my colleagues have also said the same.
3. Everything I need is available.
1. Setting up my ATI screen driver was a breeze
2. Beagle desktop search was but a "apt-get" away
3. Bluetooth is available and shows a lot of promise (more on this later)
   
4. My laptop suspends/hibernates/resumes without a hitch

Watch this space for more feedback as it becomes available.

Hello 2007

Another year, another attempt at blogging. 2006 was a really good year for me and 2007 promises to be even better. So what is up for 2007 and what can you expect to see in here if you follow my blog:

1. Hello Impi Linux - From 1 February 2007 I will be employed at Impi Linux, Ubuntu for Africa.
2. My move to Impi will mean one can expect a distinctive FLOSS slant to my blog and blog postings.
3. Enterprise and FLOSS - as a part of my responsibilities at Impi Linux I will be helping the company ready Ubuntu for the enterprise - expect some interesting tips/tools/tricks.
   

So stay tuned for more content.

The wonder of PodCasts

I've had an iPod Nano for a while now and mostly used it for music and as a portable HDD. The other day one of my colleagues told me about the "IT Conversations" PodCast and I made a point of chasing down the recommendation.

Having evaluated it for about 4 days now I have to admit that this is truly an exciting and useful technology (part of this whole Internet Paradigm Super Shift). As a professional it allows me to stay abreast of all sorts of trends and developments while I'm on the move or at the gym. Off the bat I would like to recommend the following PodCasts (just search for them in the iTunes PodCast Store):

Security Now! (high quality and really easy to listen to)
Security - powered by PodTech (interesting snippets and industry news)
IT Conversations (not just security related, but daily, good quality features)

The past week was really a week of new, shiny toys in which I also received my first Windows Mobile 5.0 SmartPhone, the iMate SP5. What a wonderful piece of equipment. It turns out that this platform supports over-the-air PodCasts and PodCast updates. For those of you familiar with the iTunes/iPod paradigm this means that I can now download my PodCasts daily over-the-air onto my SmartPhone without the need to have a computer with iTunes at hand.
The products that I'm currently evaluating to do this are: http://www.skookummobile.com/index.html and http://www.feederreader.com/

The only downside to this approach is that GSM data (EDGE/EGPRS in my case) is more expensive than the DSL I have at home, and the fact that the SmartPhone only comes with 128MB of onboard storage (of which 64MB is ROM) compared to my iPod's 2GB of storage. Luckily it is possible to expand my SmartPhone's storage with a 4GB MiniSD card, which would immediately obsolete my poor 3-month-old iPod...

Racial consciousness

During this paradigm shift it really seems to me that we will most probably move to a form of racial consciousness. I'm a huge fan of Frank Herbert's Dune in which he refers to the ability of the Lisan al-Gaib to tap into this racial conscience, a type of a racial destiny - the race being the human race.

Facts will become more and more trivialised as our technology continues to develop and "knowing" something will become easier and easier. Technical as well as physical demands on humans decrease as our tools, our automata, increase in efficacy - this leaves the human mind free to ponder, philosophize, emote and interpret.

We can already see some of these elements today in how the Internet is delivering knowledge, content and skill at a speed, unfathomable a decade ago. In my own industry, the IT industry, learning technical know-how, troubleshooting and many other functions are really just a function of how well you are able to leverage the information already on the Internet. Of course experience speeds things up greatly, but given enough time and skill you can find most answers relating to IT on the Internet these days.

To add to these trends I read on Slashdot about a project that tracked the global mood through the blogosphere:http://ilps.science.uva.nl/MoodViews/Moodgrapher/
Using these types of tools we can gauge the mood of the race conscious, starting to add tangible elements to it.

Paradigm Super Shift

I have been doing a lot of research lately and, accidentally, fallen more in line with what I have just termed the Internet Paradigm Super Shift. This is not merely a "Paradigm Shift" it is a massive shift in the way that we deal with our world as we know it today. You will either "get it" and be part of the new information community, or you wont.

Even being a "geek" in the traditional sense will not mean you "get it", and I can speak for myself in this matter. Even recently things like Second Life, Podcasts, Flickr, etc meant very little to me. I knew they were new, very relevant to the Internet Generation and was of the opinion that maybe the fact that I had not grown up with the Internet meant that I would never "get" these concepts. Having spent a lot of time researching new things, trying out new disruptive technologies and services and generally attempting to educate myself I have come to the conclusion that it isn't necessarily relegated to the kids who grew up with the Internet.

Something has really caught my attention though: identity. As you move more and more of your life online you have to make some really hard choices regarding your identity and the value you place on your privacy. A decision also has to be made on how you intend to protect the identity that you choose to go forward with.

Authors have long used aliases when publishing books, for various reasons. Certain individuals prefer to fiercely protect their identities and go to great lengths to protect their privacy. A lot of us just "let it be", we divulge private information to 3rd parties without necessarily knowing much about the 3rd party involved. The last scenario works very much like the proverbial "genie and the bottle" - once the information is out there you have to assume that on some level its going to be accessible to 3rd parties that you might not have wanted to be privy to the information (regardless of what the 3rd party's privacy statement might promise in the form of protection).

With any luck we will never be in a position to attract undue attention from another party and have our privacy badly invaded by the information that is already out there, I'm of the opinion that - at least for me - the benefits of participating in the information community far outweigh the perceived risks of unintended privacy losses.

Protecting your online identity

To me the major concern is that once you let the "genie out of the bottle", that is, embrace the information community and move more and more of your personal life online, you have to protect that identity and reputation as far as possible. What does this mean?

1) Take measures to prevent impersonation in the digital era. You should consistently use proactive and repetitive actions that authenticate what you do online by, for example, signing all your emails, watermarking your digital content.

2) Only divulge personal information to reputable services. Anyone have a good idea how to benchmark this? There's an opportunity for a community driven service to rate a 3rd party's behavior when it comes to protecting their customer's private information.

3) Proactively monitor and protect your identity. Use something like Google Alerts and other tools to police when your identity, or private information is being used online.

Conclusion

The Internet is going to create a paradigm shift roller coaster for a lot of us over the next couple of years. We will do new and old things in ways that we had never imagined. Our privacy and concept thereof will change. Identity, and authentication thereof, will become more and more important every day.

I'm out of prose, so this is where I will end my soliloquy, if anyone has any comments to add please do so through the mechanisms provided by the Blogger service. Can you think of other clever mechanisms whereby to protect your own online identity?

(I'm off to research cryptographic signing of blog posts :-) I'll post my PKI public key as soon as I have one...)

Vulnerability assessment - get permission first

Before assessing systems that are not 100% your own (ownership, accountability, etc) you should get permission to do vulnerability scanning. At least is you are an ethical hacker. While doing research I stumbled across this permission memo, courtesy of Ed Skoudis, I highly recommend that readers use this, or some other means, to get permission before starting any assessments on computers that you do not own. Even your employer's computers.

http://www.counterhack.net/permission_memo.html

The Future Trends of Malware

Here is a link to a very interesting article:

http://www.whitedust.net/article/45/Future_Trends_of_Malware/

I definitely see a "market" for cryptoviral extortion. Unfortunately, as the author mentions, the economics speak for themselves. Supply and demand.

IT Security Certifications

During the last 2 weeks I have been doing some research into the available IT Security Certifications, to summarize - the prominent ones seem to be:

CISSP (from http://www.isc2.org/) - The CISSP seems to be most renowned and sought-after security certification available today.
SSCP (from http://www.isc2.org/) - Can be seen as an intermediate certification for professionals not meeting the full requirements for CISSP yet.
Security+ (from http://www.comptia.org/) - Security+ is seen in general as a very good entry-level course. It can serve as a good stepping stone on the road towards CISSP.
GIAC (from http://www.giac.org/) - Certifications from the SANS institute. Focuses more on hands-on technical experience, as opposed to a more theoretical approach taken by isc2.org.

I personally will start with the Security+ certification from CompTIA. Although one can jump into the "deep end" and pursue some of the more advanced certifications I like the idea of establishing the basic concepts and then re-enforcing them step-by-step, certification-by-certification. Some people will want to approach this differently - pursuing the certification more than the skills associated with it. I personally want to firmly embed the basics as I build a full set of skills.

Along the road, and coming soon to this blog, I am going to investigate a whole plethora of technical skills related to IT security. Expect to see some Assembler code as I investigate software vulnerabilities and develop the skills to write the exploits myself. I'll report on the tools I discover and my impressions on them as well as some short tutorials or step-by-step guides.

Hello 2006!

New year, new challenges and new opportunities.

Hello everybody and welcome to this periodical. My name is Stephan Buys, an ICT Security Engineer from South Africa. Professionally involved in IT since 1996 I have accrued experience as an IT Technician for, gasp, almost ten years now. The bulk of my experience is in email, Open Source (contributed heavily to Kolab) with my current thrust being into IT security.

In this blog, apart from the odd personal titbit, you will find information relating to my foray into IT security. I plan to publish links to interesting articles, impressions and more. I want to make this blog relevant, interesting and engaging - to that extent I welcome any feedback - so please dont hesitate to raise your voice.

So lets get to it shall we?