How to FLOSS

In my never ending quest to discover good up-to-date resources about Open Source Software I stumbled across the following.

"This guide (developed in the context of the FLOSSMETRICS and OpenTTT projects) present a set of guidelines and suggestions for the adoption of open source software within SMEs, using a ladder model that will guide companies from the initial selection and adoption of FLOSS within the IT infrastructure up to the creation of suitable business models based on open source software."

The guide seems to be pretty comprehensive and could serve as a valuable resource for persons wanting to familiarise themselves with FLOSS.

The guide can be found at http://guide.conecta.it/.

WEP?? Leopard Internet Sharing Woes

I anxiously awaited Leopard in the hope that Intenet Sharing would support WPA. I have a really hard time understanding why Leopard supports Internet Sharing through WEP. Aircrack-ng and other tools can crack WEP in uder a minute - it just does not make sense.

Perhaps the Lazyweb can recommend a solution whereby I can do WPA through third party support? From what I understand WPA has the same performance impact as WEP (when not using AES) - but it probably is a case of the Hardware only supporting the old standard...

My recommendation? If you truly need to do Internet Sharing do it through the Ethernet port (using a crossover cable) or enable WEP only for a short while and change the password every time you use it.

Leopard Firewall - OS X 10.5.1 relief

I'm glad to report that this morning after updating to Mac OS 10.5.1 the firewall seems to be working as advertised. They dropped the "Block all incoming" moniker and replaced it with "Allow only essential services", which I selected.

Also, I enabled "Stealth Mode" under Advanced.


I then ran some tests from another host to verify that the firewall was up and it seemed to be performing as advertised. I'm pretty interested to see what the "Essential" services are - perhaps I will do some digging soon.

Just for completeness run the following tests from another host on the network:
$ ping hostname
(Should return no replies if stealth is on)
$ nmap hostname
(Should also not return with any open ports)

I disabled my firewall temporarily to scan for some open ports and then tested connections to those ports using telnet after re-enabling the firewall. All results were also positive.

I'm very pleased that this issue has been resolved.

Leopard Firewall Woes

I have been using Mac OS X Leopard for the last few weeks and the article on Heise Security caught my attention. I use a 3G connection to the internet quite often and have to assume that a NAT firewall wont always be available.

I did some of my own tests and as far as I could tell setting the firewall to "Block All Incoming Connections" just does not seem to work.

The output of "sudo ipfw list" does not seem to change when switching between "Allow All" and "Block All"...

Here is what I recommend for now:
- Download WaterRoof ipfw at: http://www.hanynet.com/waterroof/ (its OSS).
- Run through the Wizard, just clicking next is the equivalent of "Block All"
- If you want "Stealth", go to "Static Rules" and add a rule to block all ICMP from "Any" to "Me".
- Make these changes permanent through: Tools -> Startup Script -> Install Startup Script.

To test if your setup is any good head over to Shields Up! Steve Gibson's excellent resource and run some tests to check that your firewall is actually working as planned. Shields Up! can be found at: http://www.grc.com/.

Please note that this test is most effective if you are directly connected to the internet. If you cannot connect directly rather Google for nmap and run some tests on your LAN. I used nmap to run some tests against the firewall to confirm the results - consider just trying to ping your machine from another host at least.

For reference here are my rules, running "sudo ipfw list" from the terminal should give you similar results.

$sudo ipfw list

00100 allow ip from any to any via lo*
00110 deny ip from 127.0.0.0/8 to any in
00120 deny ip from any to 127.0.0.0/8 in
00130 deny ip from 224.0.0.0/3 to any in
00140 deny tcp from any to 224.0.0.0/3 in
01000 allow tcp from any to any out
01000 allow tcp from any to any established
01100 deny icmp from any to me
65534 deny tcp from any to any
65535 allow ip from any to any

And remember: "Friends do not let friends get Owned" - Pauldotcom Security Weekly

You should read this if you use Facebook

Sophos Facebook best-practices

Spot on

Matt Assay quoting Michael Tiemann on Microsoft and the OSI.
Going Open Source is the _best_ thing Microsoft could do.

...

Switch!!

As of last Thursday I am a Mac OS X user - and I love it!

The latest Macs are the only platforms you can run all 3 of the major OS flavors on (my biggest reason for switching). I am running VMWare Fusion (for Windows/Unity) as well as bootcamp. My Ubuntu install is relegated to a virtual machine for now, but the hardware will run it just fine natively. Contrary to my expectations, I am really at home in OS X - the switch was quick and its complete.

Thanks, but no thanks

I have been tracking Calendar Swamp for a while now and ran across a comment this morning that according to Paul Thurrot the local calendar is dead.

In a way I agree, but essentially, as it stands today, I have an issue with Google (for example) owning my calendar. I fully agree that having my calendar confined to my PC is a pain, and really not very useful to me. I see the solution as having an alternative, if possible, and host my _own_ calendar online (On infrastructure that I own and on software that I control) I would love to say "Thanks, but no thanks" to all these targeted adds and hosted services. As far as planning my own life is concerned and hosting my email I would like to have full control.

Luckily there are positive developments in this direction.

1) Web Contracts (at least in some parts of the world) cannot be changed without notice. I like the idea that Google could not potentially change its terms of service or privacy policy behind my back.

2) Jimmy Wales (from Wikipedia fame) has kicked off Grub. I see this as a really exciting development. How wonderfull would it be to get high-quality search results without someone tracking your search habits, storing your private information and targeting adds at you all the time. Go Jimmy!

3) Open Source Groupware is maturing very nicely. The Kolab and Horde projects are converging slowly but surely and I hope to host all my calendar and email services, that I currently "outsource", myself soon. My email and calendar - hands off.

7 Actions to browse the Internet a little safer

My 2 cents worth regarding a safer browsing experience, I am ordering these from easy-to-do to really-paranoid and hard to set up.

1) Use Firefox
(http://www.mozilla.com/en-US/firefox/)
2) Disable "Remember passwords for sites" in
Edit -> Preferences -> Security
3) Clear you private data when you close Firefox
(Edit -> Preferences -> Privacy -> Private Data. (I clear all private data on logout without Firefox prompting for permission)
4) Disable JavaScript
(https://addons.mozilla.org/en-US/firefox/addon/722)
5) Use strong passwords
(https://addons.mozilla.org/en-US/firefox/addon/469)
6) Browse inside a Browser Appliance
(http://www.vmware.com/vmtn/appliances/directory/browserapp.html)
7) Browse using a LiveCD
(http://www.ubuntu.com/getubuntu)

The Internet has Crashed!

This is excellent!

The Semantic Desktop

Oh wow...

Watch out, here comes KDE4!
http://nepomuk.semanticdesktop.org/xwiki/bin/view/Main1/Participants

http://www.internetnews.com/dev-news/article.php/3688606

This is quite frankly mind-boggling, amazing, exciting stuff :-)
I love it when a good plan comes together!

First step towards the Semantic Web

It seems that the ideas reflected by Havoc Pennington and other GNOME developers in the GNOME Online Desktop echo some of the concepts put forward by Sir Tim Berners-Lee with his Semantic Web.

Very interesting...

I also have the desire, more and more everyday, that my data should integrate. I'm tired of synchronization issues, multiple calendars and task lists. The fact that items "dont match up". Standardization is definitely driving the ability to have a Semantic Web forward...

The challenge that we will then face is security and privacy. I for one would not want my personal calendar and tasks to be seen by everyone or synchronized with software or hardware that I do not fully control or own. Even though I would find it incredibly useful to see my work calendar on my personal phone (for planning purposes) that should not imply entitlement by my employer to have access to the rest of my data.

Did Enterprise Linux slow Linux adoption?

I have been fondly thinking of the "good old days" of Red Hat 9 recently. It seemed so clear back in the day that if you wanted to run any kind of server (or proprietary server software) that you could just run it on Red Hat 9. Everyone seemed to be using Red Hat. Debian was extremely popular, but if you just wanted to get going and run something Red Hat 9 seemed to be the obvious choice.

Red Hat Enterprise Linux and Suse Linux Enterprise just never could obtain the same kind of ubiquitous/de facto status as those early distributions had. All of a sudden sysadmins had to scramble to find new solutions or pay up. A lot of uncertainty ensued for vendors and for customers. The reasoning behind the change was sound but it left a big gap, which Debian and more so Ubuntu gladly filled. I know that Fedora and more recently OpenSUSE are strong, robust alternatives, but it just doesn't fit the bill as old Red Hat 9 did.

Could it be that had Red Hat just opened their development process to leverage the community more (the Ubuntu model) the world would've been a different place? I think now that things are really starting to take off the opportunity for revenue through services and support is really taking off for Ubuntu (and Canonical for that matter).

It is hard to tell how things would've been different, but I cannot seem to shake the feeling that if the latest server offering from Red Hat was still as free and ubiquitous as good old Red Hat 9 the world would've been a very different place by now.

Hooray for GPLv3!!

Welcome to the new kid on the block http://www.gnu.org/licenses/gpl-3.0.html

ImpiLinux 7.05 arrives

Its official, ImpiLinux 7.05 is here (http://www.impilinux.co.za/).

Its not a massive departure from the brilliant Ubuntu 7.04 but it has more of a business focus. We included Beagle, Kontact (as opposed to Evolution), Seahorse and Authtool by default.

Good news regarding patent laws

This is not brand new news, but I just re-read the article and it dawned on me that it is very good news for non-US countries - especially the EU - when it comes to software patents.

http://news.bbc.co.uk/1/hi/business/6608863.stm

The US supreme court ruled that US software patents do not apply to countries outside the US, a short quote from the article:

"The presumption that United States law governs domestically but does not rule the world applies with particular force in patent law," said Justice Ruth Bader Ginsburg.

This ruling makes it imperative that countries which are still able resist software patents, do so as long as possible. US software developers frustrated by the patent mine-field created by the US patent system can also distribute their software outside of the US without fear of retribution.

A sneak peak at ImpiLinux 7.05

For the last couple of months our team has been hard at work to get our new desktop ready. This desktop is derived from Ubuntu 7.04 and represents more or a "Ubuntu for business" kind of experience.

But before I get ahead of myself, here are some screen shots, expect more to come as we run up to our official public release in May 2007... we're just still busy adding the finishing touches...

The usplash screen (progress bar during bootup) as it is so far...


The GDM session screen (initial user logon) as it looks so far...


The default desktop...

Compiz and Ubuntu Feisty Fawn (ATI X1400 + fglrx + compiz)

After a long struggle I have finally managed to create an easily reproducible method of starting Compiz with ATI X1400 and restricted drivers on Ubuntu 7.04 (Feisty Fawn). Feisty aims to support Compiz via AIGLX (as far as I could tell), the best way to get it running though is through Xgl.

First thing you will need to do is get the fglrx driver from ATI. The best way to enable this is:

1. Enable ATI accelerated graphics driver

System -> Administration -> Restricted Driver Manager

It is recommended that you restart your computer after you "select enable".

2. Grab the following listing and put it in a file called xgl.desktop

[Desktop Entry]
Encoding=UTF-8
Name=Xgl
Comment=Start an Xgl Session
Exec=/usr/local/bin/startxgl
Icon=
Type=Application

3. sudo cp xgl.desktop /usr/share/xsessions/

4. Grab the following listing and put it in a file called startcompiz

#!/bin/bash # # Start beryl-manager within gnome-session # if (( `ps -A -o comm | grep -c '^Xgl$'` == "1" )); then DISPLAY=:1 gnome-settings-daemon & DISPLAY=:1 compiz --replace else echo "${0}: Error: compiz not launched. Xgl not running?" fi

5. sudo cp startcompiz /usr/local/bin/

5a. sudo chmod a+x /usr/local/bin/startcompiz

6. Grab the following listing and put it in a file called startxgl

#!/bin/sh
Xgl -fullscreen :1 -ac -br -accel glx:pbuffer -accel xv:pbuffer &
sleep 4
export DISPLAY=:1
exec gnome-session

7. sudo cp startxgl /usr/local/bin/

7a. sudo chmod a+x /usr/local/bin/startxgl

8. sudo apt-get install xserver-xgl

9. System -> Preferences -> Sessions -> New


- Name : Compiz
- Command: startcompiz


10. You will need to Log Out, then login using the Session : Xgl

You should now have compiz :-)

11. sudo apt-get install gnome-compiz-manager

You find this program under System -> Preferences -> GL Desktop to fine-tune compiz.

Funnier things have happened

So this morning I walk out of the house to find my Honda S2000 on bricks - all 4 wheels gone... I've had better days...

Take my money but leave my Podcasts!

For the last couple of weeks I have been struggling with getting Podcasts to work properly on my Ubuntu desktop. I evaluated a lot of different software packages (a lot of them with varying support of iTunes features) but still resolved to running iTunes on Windows XP as a VMware guest operating system... painful.

This process was very error prone to say the least. VMware would not my detect my iPod if the guest was already running, forcing me to reboot the Guest OS whenever I wanted to sync iTunes with the iPod. Ubuntu/dbus/usb kept on grabbing the iPod and mounting it whenever a sync was finished in iTunes (it automatically unmounts the iPod - music on the run). I had to resort to blacklisting "automount" for the iPod in fstab.

Being a FLOSS developer I resolved to investigate how to improve iPod support in Banshee. I quite enjoy Banshee and it supports basic iPod syncing pretty well - fine if you're just listening to music. The features I wanted to add:

1. Support for the Podcast menu on the iPod (I hate having to browse through music/albums/artists to find my podcasts)
2. Proper ordering of the podcast (sorted according to date, newest at the top)
3. Read/Unread status (show me which ones I have not listened to please :-) )

Enter gPodder...

After searching a little bit for some sort of format specification I stumbled across a Free Software Magazine article in which the author mentions: gPodder


gPodder is a PyGTK application which supports all the critical features I mentioned above and does a great job of syncing the latest and greatest Podcasts to my iPod. A real life saver. gPodder even behaves well with Banshee - you can sync music from Banshee and add your Podcasts using gPodder.

Of course I also have the advantage of working for Impi Linux which meant that Francis (one of our distribution guys) could give me the luxury of just typing:

sudo apt-get install gpodder

Now I'm just waiting for my favorite shows to update so that I can enjoy my ride home listening to my favorite podcast programs. Joy!!