Why I use Window Maker

I keep coming back to Window Maker as a desktop environment. Why? Sometimes I ask myself the same question. However, there are a number of reasons.

Simplicity. There’s not a ton of things happening on the Window Maker screen; basically, there is the Dock and the Clip and minimized application windows. That’s it. This simplicity also translates into lower memory usage.

Light-weight. This is a biggie for me. First time I truly used Window Maker in any depth was on OpenBSD installed onto a Macintosh Quadra 800. It took a while to build, but it built and was comfortable – and in that environment, GNOME or KDE was out of the question.

Unique. This doesn’t sound like a positive aspect – but to me, I love learning a new environment. After a while, the other environments can blend together. The dock is also much better than any that have followed it; others like the MacOS X dock are too small and don’t work well in a user interface. Window Maker is very clean and simple and easy to use.

Since it is included as an available package on almost every Linux installation, what does it take to make a good Window Maker desktop? With Ubuntu, KDE can be installed by installing the kubuntu-desktop; XFCE can be installed by installing the xubuntu-desktop. There is no equivalent Window Maker desktop unfortunately.

For Ubuntu, you might want to install the following packages using Synaptic or apt-get:

The menu application makes sure that all of your applications that are installed with Ubuntu are also available in the Window Maker menus.

There are other packages you may like; search for packages that end in “.app” or begin with “wm” for starters.

For wireless management, you’ll want to stop the network-manager and then install wicd instead. This is because network-manager requires a KDE/GNOME style desktop. Do this with the following:

sudo service network-manager stop
sudo apt-get install wicd wicd-gtk
sudo service wicd start
wicd-gtk &

When you do this, you should be able to configure the wireless connections as you see necessary. Note that there is no graphic controls for VPNs at this time, but you can control them from the command line.

So what do I have in my dock? Here is a list:

  • firefox (application)
  • wmbattery
  • wicd (application)
  • wmdiskmon
  • wmclockmon
  • wmcpuload
  • wmwave
  • wmmaiload
  • wmcalclock
  • wmdrawer

All of these are part of the standard Ubuntu repositories; unfortunately, wmbatteries is not. However, you can get that dock applet (or “dockapp”) and more from dockapps.org.

There are a lot of resources for learning Window Maker, although some are dated; these are all good places to go:

Hopefully, this won’t be too many resources; most are quick overviews. Don’t be afraid to try out Window Maker today!

Is the Battle for Desktop Security Lost?

Jeremiah Grossman, CTO of Whitehat Security, wrote in his blog that he thought it just might be. He reports that at a conference he just attended (FS-ISAC) that there was discussions of how a financial institution must assume that their clients (or customers) are infected or otherwise compromised. This was seen as an admission that the war over desktop security was lost to the bad guys.

I beg to differ. The war can only be won if everyone accepts that the other fellow may be compromised; this is part of normal security measures. The mere fact that we must assume the client is compromised is not an indication that the war is lost.

Gunter Ollmann, a security analyst formerly with IBM, wrote a paper on this very topic that is enlightening.

It is entirely possible that financial institutions must raise this to the next level, considering that users passwords can be scanned, SSL transmissions intercepted or decoded, fake sites created, and more. For a financial institution, the stakes are much higher.

One of the weaknesses in many security installations is, in fact, the lack of suspicion towards partners and clients. Partner networks are assumed to be as secure as the hosting network – maybe they are, and maybe they are not.

However, I think that the battle is not going well – and I think it won’t get better until users are educated and Windows is more secure (even if users don’t like it). The battle for security must be engaged at all levels if we are to beat back the bad guys.

So what must we do to secure the desktop? As users it can be easy: use virus checkers, use firewalls, don’t open suspicious emails, perhaps use non-mainstream operating systems such as Ubuntu, PCBSD, OpenSUSE, Mac OS X, or others.

For administrators, securing the desktop is harder, especially for users that might connect from outside. Some things that one could do would be:

  • Give the user a client SSL certificate to connect with. This will prevent users from giving out passwords, deliberately or accidently. This should also prevent users falling for fake sites.
  • Make the user (if at all possible) run a virus-checker routinely, and virus-check everything you receive from them (such as email and documents).
  • If a virus is found, trace it and quarantine the user until they have undergone some sort of security audit (even if it is a quick audit).
  • Educate the users about phishing attempts and other things, and encourage them to “get the word out” among their friends and so forth.
  • In extreme (or unusual) cases, encourage the use of non-Windows and non-Intel environments: these environments have fewer viruses, and those that make it will not be able to run if the environment is not the expected one.
  • Similarly, use a different browser: in the recent browser security contest at CanSecWest, only Google Chrome remained alive at the end of the contest. In contrast, in the recent attack on Google, Internet Explorer 6 was used to compromise the entire company.

Many things must be done if we are to win the war against botnets and other such nefarious ne’er-do-wells. To arms!

FreeBSD 6.3 running on the Armada E500

Things are working well with the combination of the new FreeBSD 6.3 and the Compaq Armada E500. The machine has a great feel to it, and despite the huge applications of today, 128M can still be used for a KDE environment.

There are a number of nice features, including a ton of connectors (10BaseT, WinModem, USB, serial, parallel, PS/2, PCMCIA). The machine just keeps going, though I have had a few (few!) lockups (normally with Amarok and something else running). With the appropriate tweaks, the KDE desktop can be as polished as any from Red Hat or Novell.

Some of the things I did:

  • Replace the shutdown picture with something else; the picture of the dragon was too smarmy.
  • Replace the background (of course!) – personalization to the max.
  • Switch to the “Macintosh” version of menu layout; it’s the most user-friendly.
  • Load KDM from ports, then activate and theme it.
  • Load a splash screen for the boot loader
  • Switch the boot loader to grub then use a splash screen to start it off.
  • Configure the special buttons to work.
  • Change the KDE menu for something easier to use (such as TastyMenu or KBFX).

When all of these are combined, the environment is very slick and professional. It still wants more than 128M though.

One pet peeve of mine I might mention with regards to menus (such as KMenu or KBFX): menus should respond instantly!! I absolutely despise hiccups and watch cursors because the menu is loading its stuff. It should just pop! into place, not thrash the hard disk. Maybe one day…

What was the best part of this? I learned a ton about themes, X keys, configuring KDM, configuring the boot loader, and using grub. And learning is the best part, right?

FreeBSD 6.3 DesktopFreeBSD 6.3 Desktop