Five reasons your parents won’t use Linux (or UNIX)

Over at foogazi, Adam wrote about 5 reasons your parents should use Linux.  These are excellent reasons, and I can find nothing wrong with any of them.

However, when I tried to get my mother to use Linux, she eventually brought the Linux system back.

Here are some reasons that she and others won’t be using Linux any time soon:

1. Linux doesn’t work like the system they use at work (Microsoft Windows, of course).
2. Linux requires learning something new which they say they can’t do. Either they’ll tell you they don’t have time or they’ll tell you they just can’t learn new things.
3. The new system (or donated old system) already has Microsoft Windows on it.  It just works, and is something they already know.
4. Viruses?  Often, they may not use the system all that much, and may even leave it off most of the time.  With proper email and firewall etiquette, they won’t get any viruses.
5. It doesn’t run the software they want to use.  Virtually everything anybody wants to run will only run on Windows – nobody says “The system must be able to run Firefox” (or The Gimp – or Inkscape – or Thunderbird ….)  Linux won’t run Microsoft Outlook – or Microsoft Project – or Microsoft Excel – (notice a pattern?).

None of these are suitable reasons – but they are what users will tell you.  New adopters, people who like to learn something new, or are technically savvy will have no problems.  Most of these come down to one major complaint: They don’t want to learn something new.  Often times, “hard to use” translates into “doesn’t work like Windows.”

This is really unfortunate, but remains a problem that will not be solved by anything other than actually running Microsoft Windows.  Too bad, really.

Abusing chroot() for security

Tags

adrianbunk, alancox, jail, kernel, kerneltrap, vserver

It is often suggested that people lock programs into a chrooted environment. A heated discussion about using chroot() for security purposes came up this week on the Linux Kernel mailing list (as reported on KernelTrap), with a quote from Alan Cox summarizing the backlash against using chroot() in this way:

chroot is not and never has been a security tool. People have built things based upon the properties of chroot but extended (BSD jails, Linux vserver) but they are quite different.

Adrian Bunk (current Linux 2.6 maintainer) even went so far as to say:

incompetent people implementing security solutions are a real problem.

Alan’s suggestions are worthy of consideration for security. BSD jails should always be used wherever they are available, as they are designed for this purpose. However, BSD jails are not normally available on Linux, though there are alternatives like the Linux vserver.

There was discussion about how easy it was for the root user to escape a chroot environment. It comes to a total of three steps:

1. Create a subdirectory within the environment.
2. Do a chroot to that subdirectory (while remaining outside of that directory).
3. Change directories at will.

The basic premise is that the chroot call maintains a single directory as the root (“/”) and that it will only prevent a user from moving from inside the environment to outside. If the user is already outside of that environment, then the containment does not happen. If the chroot call is made a second time, then it overwrites the original value of “/” with the new one for the current user (at least until the chroot() is exited).

So for serious security work, perhaps one should reconsider the use of chroot as Alan suggests.

Identifying the Right Disk…

Tags

diskreplacement, disks

When it comes time to replace a disk – such as when a disk goes bad in an external hot-swappable disk cage – it can be catastrophic to remove the wrong disk (to say the least). Assuming that you have “read” capabilities on this drive, how do you identify the disk associated with the one you know is bad (which you’ve identified from the operating system)?

Well, in a UNIX-based environment, you can use dd. How?

Make the disk light on the disk glow by entering this command:

dd if=/dev/baddsk of=/dev/null

This will read the entire disk, starting at the beginning, and send the output to…. nowhere! It does, however, make the disk light light up.

In system administration, it is never wrong to double-check. So: execute the command, and check which disk has lit up. Then stop the command and watch to see that the light goes out (or is no longer solidly lit). Restarting the command should then light up the disk. So now you know.

Connecting to the Internet with Bluetooth: After One Month Plus

Having used my Bluetooth-enabled phone (now the Nokia 6165i) to connect to the Internet using my Mac Mini and MacOS X 10.4, I want to relate my experiences.

As a dialup user, I found the cell-phone connection to be pleasantly faster, but not overly faster. Having been used to dialup speeds (and expecting nothing outstanding) I was pleased with the speed of the connection. Someone used to broadband speeds would be dramatically disappointed, but the ability to use cell-phone-based Internet connectivity anywhere can be a real asset.

I also found that the “modem” inside the mobile phone would react in strange ways at times, sometimes not responding at all, other times responding but refusing to make any connections, other times accepting input but not responding to input. Part of this may be due to bugs in the modem software – after all, the modem is not nearly as heavily used by the users as the mobile phone portion of the software. Part of this may also be due to lack of a strong data signal.

This brings me to what may be the worst drawback – the data signal is quite separate from the cell signal – so there is no indication of how strong it is or even if it exists in the current location. Thus it may be that when the data signal is weak, the modem will refuse to dial (the equivalent of not receiving a dialtone).

Much of this is hypothesis on my part about how the modem works – but I’ve found that MacOS X seems to be largely sound in its handling of the connection.

I’ve also seen the system go through a sequence (on the menu bar, starting in a connected state): “Disconnecting…” followed by “Authenticating…” followed by a continuation of the time spent online. I’ve attributed this to a possible loss of signal or a weak signal. It remains, however, rather disconcerting – but nothing bad comes of it.

The other bluetooth-based connections I use – one from the phone itself, and one from a Nokia 770 Internet tablet – are nowhere near this informative, so can’t say much about those, except the speed is the same (at least, it should be, eh?).

Also, my experiences with spontaneous loss of connection – for instance, when the phone goes dead! – have not been pleasant. Complete loss of bluetooth signal seems to be well-handled, but when the phone dies, there may be something else going on. Thankfully, this has not happened to me for some time, but I recommend not trying it 🙂

Running Linux/UNIX in Tight Spaces

After trying to run a variety of systems, it becomes clear that certain kernels are much smaller than others. In the past, I’ve tried several different versions of small memory Linux and BSD.

It becomes clear that the BSD kernel is the smallest of the three major flavors, and can run where nothing else can. PicoBSD can run in places that floppy-based Linux distributions couldn’t, and there are other instances as well. In trying to get Linux or UNIX running on the Compaq Armada E500 (with 128M), it became obvious to me that BSD is smaller than the Linux kernel or the Solaris kernel. Solaris appears to be the largest – running Solaris in 512M of memory (with KDE) is almost (but not quite) usable. Trying to install Fedora Core 5 failed as 128M of memory wasn’t enough to install it. Solaris 8 did run in 128M, but it is two versions out of date, and not really usable in that nothing current is available for it.

FreeBSD 6 works in 128M without trouble, despite being the most current version – where as Fedora and Solaris cannot run in that amount of memory. I should say, too, that this is, in all cases, with an X session running – whether WindowMaker (low memory) or KDE or GNOME (more memory).

So, if things are tight, best to go with BSD – whether with FreeBSD, NetBSD, or OpenBSD. And do yourself a favor and run WindowMaker….

The Wheel Group and MacOS X

The setup used here was MacOS X 10.4 (not MacOS X Server) on a PowerPC MacMini.

The wheel group is already set up, but is not called wheel. The group wheel does exist, but the group admin is used by su as the wheel group. The user root belongs to both the wheel group and the admin group.

Another point to remember is that the system uses the NetInfo database, not /etc/group. When NetInfo Manager starts, it presents a list of items (like a list of folders). Select group, then in the next pane, select admin. In the window pane below, look at the property labeled “users” and see that your user id is there as well as root.

If you want to add another user to the “wheel” group (in actuality, the admin group here), add a new value to the users property. First, click the lock at the bottom right and enter your password so you can make changes. Select the users property. Next, in the menu bar, select Directory, and under that, select Insert Value. Put the selected user in the entry box that shows up and press Enter when done.

Don’t forget to save this or no changes will take place. This can be done with the usual Command-S or under the menu Domain, select Save Changes.

Presentations using PDFs

Tags

acrobat, evince, kpdf, NeoOffice, pdf, skim

Since I will be presenting soon (a talk on GNU Screen at the Chicago Linux User’s Group) I am once again considering how to present a slide show. I created the slide presentation in NeoOffice, and saved it to several presentation formats.

However, I was introduced to one presentation format which I was not aware of before: PDF. I had never thought of using a PDF for a presentation. That is, create a PDF from your slide show, and use a viewer such as Evince to present it. I think even the current Adobe Acrobat will support this, as do several others – I think Skim (for MacOS X) also supports a full-screen mode for presentations, as does KPDF for KDE.

In the past, I’ve used full-screen as a way to read the selected PDF; however, it looks like the full-screen mode was designed for presentations entirely – and this is true of all of these PDF readers.

Give it a try today!

Wheel Group and Fedora (Red Hat) Linux

My post on the importance and methods of wheel groups remains popular. I though I would go into various UNIX variants and detail specifically how to activate wheel groups.

Today, the discussion is around Red Hat Linux (speaking generally). The test system was running Fedora Core 5; however, this area of Red Hat has not changed in quite some time, so it is likely to be the same in Fedora 7 and so forth.

First, make sure there is a wheel group in the /etc/group file. On Fedora Core 5, there is:

wheel:x:10:root

If this line does not exist, add it.

Of course, you must put users that you want to be admins into the wheel group. To do this, add the user to the end of the wheel group line. This will make the wheel group a secondary group; I don’t know if that will make a difference today, but it might somewhere.

Second, change into the /etc/pam.d directory, and edit the file su. This file controls the access to the program su and modifies its behaviors during the authentication process. The change will modify the access so that only those in the wheel group have access to the program su.

Find these lines in /etc/pam.d/su:

# Uncomment the following line to require a user to be in the “wheel” group.
#auth required pam_wheel.so use_uid

And change them (as suggested) to this:

# Uncomment the following line to require a user to be in the “wheel” group.
auth required pam_wheel.so use_uid

This access change is not necessarily limited to the su command, but no other command has normally been included in the past. If there are other commands that only those in the wheel group should be able to access, then this line could be put into their PAM configuration (in the right place).

Note that editing PAM files could very easily lock you out of your machine completely; thus do not take editing PAM files (in /etc/pam.d) lightly. The Red Hat authored wheel group modification is simple and easy; other changes you make may not be.

Then, expand the permissions in sudo to account for those with wheel permissions. Edit the configuration file with visudo and change these lines:

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

To this (as recommended):

# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL

This will allow anyone in the wheel group to execute commands using sudo (rather than having to add each person one by one). It would also allow anyone this sort of access on any machine that they have wheel group membership.

New Ways to Present Information

Bar charts, pie charts, line graphs, plots – is there any new way to present information? Over at Smashing Magazine, there is an article that describes a vast array of ways to present data described across the web. Bookmark this site, then go and visit the sites and articles that it lists. This list is fantastic, although creating such charts may be a challenge (or perhaps not).

How might you use such charts and so on? How about a graphical display of the traffic in the network on a typical day? How about a graphical display of the utilization of a host over time or by some other quantity? How about disk space growth analyzed according to some other quantity (such as time of day)?

It has been written elsewhere how using statistical tools such as R can assist in analyzing data; perhaps they also have the ability to create some of these unique displays.

Some of the tools listed in the article are also online tools; try them out!

New Ways to Present Information

Bar charts, pie charts, line graphs, plots – is there any new way to present information? Over at Smashing Magazine, there is an article that describes a vast array of ways to present data described across the web. Bookmark this site, then go and visit the sites and articles that it lists. This list is fantastic, although creating such charts may be a challenge (or perhaps not).

How might you use such charts and so on? How about a graphical display of the traffic in the network on a typical day? How about a graphical display of the utilization of a host over time or by some other quantity? How about disk space growth analyzed according to some other quantity (such as time of day)?

It has been written elsewhere how using statistical tools such as R can assist in analyzing data; perhaps they also have the ability to create some of these unique displays.

Some of the tools listed in the article are also online tools; try them out!