Wednesday, 30 May 2007

Getting access to gmail accounts of the deceased

Do you have a gmail address ? And do you store sensitive information in your gmail account which you have received from your contacts ? Then you (or rather people close to you such as your family) might be interested in knowing the ways in which someone can gain access to your account in the event of your demise.

You have to follow a number of procedures to eventually gain access to someones gmail account. This article explains what it takes to make google reveal the password of a gmail account not your own.

While this is not strictly related to Linux, I am sure you will find this information useful as I have because, I have an email address at gmail.com.

Tuesday, 29 May 2007

QEMU-Puppy - A portable personal computer on a USB stick

A few months back, I bought a 4 GB Kingston USB memory stick. It cost me around 1800 Indian Rupees (In US dollars it comes to just over $45). My idea was to use it partly as a data storage where I could keep files as backup and to use a part of the USB stick to install Linux.

The USB stick initially had only a single FAT 32 partition. So I repartitioned the USB stick to two 2 GB partitions each, both having FAT 32 file system. And in the first partition, I decided to install Linux. I went through the process and copied the distribution of my choice to my USB stick partition and even made it bootable using syslinux - which is a boot loader for Linux operating system. But as luck would have it, my computer refused to boot from the USB stick complaining there was no boot loader on the USB stick.

Later I came to know that syslinux has a limitation of working only if the partition is less than 1GB size and my USB stick had a partition of 2 GB. I didn't get the time to go back and try it out again. Perhaps I will try it some time soon on a 1 GB partition.

Today I came across this quite exhaustive but very informative article titled - "QEMU-Puppy - A Personal Portable Computer" written by Erik Veenstra where he explains how to turn your USB stick into a personal portable computer. He uses Puppy Linux (A very good minimalistic Linux distribution) and QEMU for the same. Erik walks one through the installation of QEMU and Puppy, to booting, configuration of various parameters, some tips and tricks that will save your time and a bit of Puppy Linux internals. All in all a very interesting article and a project worth trying out.

LINA - Truly portable Linux applications

A truly portable application is one which can be run on multiple operating systems spanning diverse architectures without recompilation of code. One language which creates truly portable applications is Sun Microsystem's Java language. Programs created using Java can be run under any operating system - be it Mac OSX, Windows, Linux, OS/2 and so on. This is made possible because programs compiled using Java are not binaries in the original sense. When you compile a Java program, you get byte interpreted code. And it is the duty of the Java virtual machine which is installed in the parent OS to interpret the code to machine language which the OS and the architecture can understand.

Now there has been a new development for Linux. A startup company in Alameda, California has developed a technology called LINA (Not an acronym) which allows one to compile Linux applications to make them run in any operating system - be it Windows, Linux or Mac OSX. The idea is to have a virtual machine in similar lines of Java virtual machine which will be released as native builds for the respective operating systems. Then developers and independent software vendors can build Linux applications on top of LINA that run on all operating systems with native look and feel.

The company plans to dual license the technology, with GPL ver 2 for non-commercial uses and a separate license for commercial uses.

Salient features of LINA
  • Applications written for LINA are distributed as Linux executables guaranteed to run on all machines, Linux and otherwise. So you can have say, one Firefox build which runs flawlessly in Windows, Linux, Mac OSX or any other operating system.
  • Portable LINA applications enable users at home and in the enterprise to use Open Source applications on their existing operating systems.
  • With LINA installed, programs written for Linux will run securely, regardless of changes made to the underlying operating system.
  • Developers can write the code once and run their applications anywhere.
You can get an idea of running LINA applications by viewing this screencast which demonstrates how a Linux native build of links web browser packaged using LINA is run in Windows.The company has also released a white paper (PDF) describing the LINA technology. While some might see LINA as similar to what Sun Microsystems has accomplished with Java language, it is notably different. In the case of Java, it is required that programmers sit down and start developing programs using this language. But as far as LINA is concerned, the applications are already there in the form of 10s of 1000s of open source and Free Software programs for Linux. And it is only a matter of re-compiling the source of these programs to run using LINA virtual machine.

While many would consider this new project quite exiting (who wouldn't want a truly portable copy of their favorite Linux application, right?), there has been a somewhat similar project in existence for some time now which goes by the name Cooperative Linux. Short named as coLinux, it is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine.

Sunday, 27 May 2007

TrueCrypt Tutorial: Truly Portable Data Encryption

TrueCrypt is one of the many disk encryption tools available in Linux and other Unices. Some of the features of truecrypt are as follows (and I quote):
  • Creates a virtual encrypted disk within a file and mounts it as a real disk.
  • Encrypts an entire hard disk partition or a storage device such as USB flash drive.
  • Encryption is automatic, real-time (on-the-fly) and transparent.
  • Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
    1. Hidden volume (steganography).
    2. No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
  • Encryption algorithms: AES-256, Serpent, and Twofish. Mode of operation: LRW.
Lipiec at Polishlinux.org has written a very good tutorial which explains how to setup and use truecrypt in Linux. He explains right from the start which is - download the code, compile, and install it to creating encryption volumes. Just so you know, truecrypt has been made available in deb and rpm formats as well. So if you are using one of the major Linux distributions such as Debian, Ubuntu or Fedora, you can skip the compilation from source step.

Truecrypt is available for Linux and Windows but the developers have provided a easy to use GUI only for Windows platform. Linux users are still made to depend on the command line to setup and manage encrypted volumes using truecrypt.

FFmpeg tutorial - Develop a video application in less than 1000 lines of code

FFmpeg is a library which can be used to build applications that record, convert and stream audio and video. It includes libavcodec, the leading audio/video codec library. FFmpeg is developed under Linux, but it can compiled under most operating systems, including Windows.

The FFmpeg toolkit consists of a number of programs them being :
  • ffmpeg - which can be used to convert one video format to another. Say you want to convert a YouTube video in flv format to mpeg format, this tool will help you convert it.
  • ffserver - This is a HTTP server which can be used to stream audio and video across the web.
  • ffplay - is a simple media player based on SDL and on the FFmpeg libraries.
  • libavcodec - a library containing all the FFmpeg audio/video encoders and decoders. Most codecs were developped from scratch to ensure best performances and high code reusability and ...
  • libavformat - which is a library containing parsers and generators for all common audio/video formats.
I came across this excellent tutorial on Ffmpeg where the author demonstrates how to develop a video player in less than 1000 lines of code. Just so you know, one of the prerequisites of understanding the tutorial is some knowledge of the C language.

While on the subject of videos, you may also be interested in the different ways of creating screencasts in Linux.

Wednesday, 23 May 2007

Work productively without starting X server in Linux

When was the last time you logged into a console only mode in Linux ? By console only mode I mean in run level 2 or 3 where X server is not running? Obviously now-a-days you needn't resort to such a drastic step as the GUI applications have gotten richer and the end user has a variety of choices before him. More over, most Linux distributions boot into graphical X by default the very first time they are installed. I am willing to bet that in a couple of years time, the new users embracing Linux won't have any idea of what a console mode is unless somebody specifically tell them.

This was not the same till a few years back (go back to 8 years) when even the average user had to first deal with the console mode and learn to start X by running a command before he was put into a graphical environment. He had to learn the syntax of the XF86config file (it is now xorg.conf), learn to use a console editor and so on before he was able to enjoy the fruits of Linux in GUI mode.

On this note, if you are wondering how the heck then the people using Linux were productive, it seems there were a number of command line tools at ones disposal. They are still around (if one bothers to look). Luke at "Terminally Incoherent" blog has compiled a nice list of command line tools in an article titled "A day without X", where he lists console programs that help one to accomplish common tasks like sending and receiving emails, web browsing, viewing images and so on. Another blogger, K.Mandala has also compiled his own list of command line applications which you can read here.

Who knows, if you face a situation where your favorite uncle gifts you with a 486 machine loaded with a stripped down version of Linux as a birthday present, you can genuinely be happy (instead of just pretending) and assure him that you will put it to good use....

Monday, 21 May 2007

PC-BSD 1.3.4 Review

FreeBSD along with OpenBSD and NetBSD form the triumvirate of BSD operating systems. Traditionally these BSDs are server centric operating systems - ie. those which are tuned to be run on a server rather than to be used by the end user as a desktop. Still, with a bit of tweaking and configuration, all the three of them can be used as viable desktop operating systems.

PC-BSD is a direct descendant of FreeBSD. As the name indicates, PC-BSD is a BSD operating system which lays stress on its use as a Desktop catering to the end users. From the point of its inception, the USP (Unique Selling Point) of PC-BSD has been to make it as easy as possible to install, update and use software, at the same time bringing all the powerful security features and stability of the traditional BSDs. Over one year back, I had reviewed PC-BSD 1.00 and if you have read the review, you would have found that my initial impression of this operating system was very positive. In the succeeding months many changes have taken place for PC-BSD. For one, in October 2006 PC-BSD got acquired by iXsystems which is now in control of the project - though Kris Moore, the founder of PC-BSD is still its project leader and has the final say. Apart from the acquisition, the project has moved quite smoothly.

One of the main changes I can see for PC-BSD 1.3 when compared to ver 1.0 is the drastic enhancement of the graphical installer with a couple of additional options thrown in. For example, at the time of installation, there is an option to encrypt the swap partition, there are options to open or close most popular ports such as the port used by SSH and so on, a choice of enabling or disabling the firewall and with a few clicks you finish installing the OS.

Fig: PC-BSD desktop

The current version of PC-BSD is ver 1.3.4. Some time back, I had downloaded ver 1.3.0 of PC-BSD and had installed it on my machine. The PC-BSD team have made it possible to upgrade the OS to the most recent version - 1.3.4 by downloading and installing a couple of patch files. Thus I had to download and install just over 40 MB of patch files which are made available in PBI format, to upgrade PC-BSD from ver 1.3.0 to 1.3.4. As a matter of fact, you do not even have to download individual files yourself to upgrade the OS. There is a GUI tool called "PC-BSD Online Update" which can be accessed by navigating through KDE Menu -> Settings -> System Administration -> "PC-BSD Online Update", that can be configured to automatically detect if there are updates available and then download and install them for you.

Post Installation scenario

It is really remarkable that the installation of PC-BSD went without any glitch and all the peripherals were detected properly. Sound worked out of the box and in no time, I was face to face with the graphical login screen. PC-BSD is a KDE centric operating system and comes with the latest version of KDE ver 3.5.5 and many useful software installed by default.

Once I logged into PC-BSD, I navigated to the PBI resource web page which contain the latest versions of most popular software such as FireFox 2.0.0.3, OpenOffice.org and so on and started installing those software which I use on a regular basis. As far as PC-BSD is concerned, you do not have to worry about dependencies as each PBI is a stand alone package which contain all the necessary libraries needed to run the program. So FireFox PBI will contain not just the FireFox binary but also dependent libraries as well.

Fig: It is possible to schedule the update of the OS to install security patches.

The PBI (short for PC-BSD Installer) is a GUI installer that is similar to its Windows counterpart, and is coded using Qt. To install a software, just double click on the respective PBI and follow the instructions. You also have the option of cleanly uninstalling the software from within the PC-BSD software manager.


Fig: View and remove the installed PBIs

Essential housekeeping in PC-BSD

One of the first things you should do the first time you boot into PC-BSD is to update the ports and install them. PC-BSD uses the FreeBSD 6.1 ports. And when you install software using the ports, you are essentially installing FreeBSD software. But unlike FreeBSD where you have to dabble with command line to update and install the ports, in PC-BSD, you can do the same using the GUI front-end with the click of a button (See the image below).

Fig: Install ports with the click of a button

Next I had to install the multimedia codecs to enable PC-BSD to play audio and video files in proprietary media formats. As with all Open Source projects, PC-BSD also follows the principle of not shipping the proprietary codecs by default and requires that the end user install them by themselves if they want to. Here is the interesting part. To install the multimedia codecs, all I had to do was to download and install the requisite PBI file from the PBI online repository. And viola!!, I was able to not only play wmv and quick time files but also watch encrypted DVD movies as well.

Fig: Kaffene media player detects all the codecs.

I have an Nvidia graphics card and I wanted PC-BSD to harness the full potential of the graphics card. Usually you can get along very well with the Nvidia open source driver but if you want to use OpenGL programs for instance, you need to install the proprietary driver. In the PBI repository, you will find a number of builds of Nvidia proprietary drivers for PC-BSD and you can choose the best package which works for you.

I found enabling Flash to be a little tricky affair. Mainly because Adobe has not yet released Flash Player ver 9.0 for BSDs. And the native build of Flash player for BSDs is still at ver 7.0. While you can very well install this version of flash player, many flash enabled websites now a days require you to have version 8.0 or above to view them - a big handicap for BSD users. One work around you have for PC-BSD is to install the Linux version of FireFox web browser. You heard me right. It is possible to install most Linux software and run them without any modification in PC-BSD. This is made possible because PC-BSD has a Linux compatible module installed.

I installed the Linux version of the latest build of FireFox from the PBI online repository as well as the Flash player ver 9.0 from here. And I was able to view flash websites without any problem. Of course I encountered a minor glitch in that each time I open two flash based websites simultaneously, Linux version of FireFox crashes. But by and large I was able to manage as long as I had only one flash website open at any given time.

I also downloaded and installed Sun's JDK 1.5 from the PBI online repository.

Is PC-BSD a FreeBSD clone ?

At first glance, one might be tempted to pass off PC-BSD as a clone of FreeBSD with some frills thrown in, as PC-BSD uses the FreeBSD ports. And it is easy to think that if you are installing software using ports, you are essentially getting FreeBSD software. But on close scrutiny, I was able to find notable differences. Some of them are as follows :
  • A GUI installer which eases the installation process.
  • Use of PBIs to install many software.
  • Incorporating OpenBSD's robust and powerful PF firewall instead of the firewall bundled with FreeBSD.
  • Many GUI front-ends which aid package management.
  • Easily start/stop and enable/disable services via its equivalent GUI.
  • Use of blacklist script to automatically ban IP addresses of machines of potential crackers who try to hack into your machine.
Suggestions for further improvement of PC-BSD
  1. The three BSDs namely FreeBSD, OpenBSD and NetBSD have their own independent ports. PC-BSD team could also start maintaining its own independent ports system instead of depending on the FreeBSD ports. One disadvantage of depending on FreeBSD ports is that you have to sometimes wait a long time before the software gets updated in the ports.

    Take for instance GnuCash finance software. It is not easy to create a standalone PBI of GnuCash as it has to satisfy a lot of dependencies. And as of now the FreeBSD ports have the older version (1.8) of GnuCash which is markedly different from the latest version of ver 2.0 especially in the file format which the respective versions use to save the data. And the PC-BSD team has to wait until the GnuCash port has been updated to the latest version by the FreeBSD port maintainers. Truth be told, there is a GnuCash 2.0 place holder in the ports I downloaded in PC-BSD but when I give the command :
    # make install clean

    ===> gnucash-2.0.5_3 depends on package: guile>=1.6.8_2 - not found
    ===> Found guile-1.6.8_1, but you need to upgrade to guile>=1.6.8_2.
    *** Error code 1

    Stop in /usr/ports/finance/gnucash.
    *** Error code 1
    ... it complains that guile package is an older version and GnuCash requires a newer version of the same. These snags could be done away with if PC-BSD maintains its own ports with periodic selective syncing with FreeBSD ports.

  2. When a user enters a root password to do system administration tasks using GUI, PC-BSD should offer to remember the root password so that the user does not have to enter it the next time he want to run a program in super user mode. Many Linux distributions such as Debian and Fedora have this feature. At present, if I want to install say 10 PBI's I have to enter the root password 10 times - ie. each time I execute the PBI, it asks for root password which gets really tedious. KDE dialog has a check box which offers to "keep the password" but it doesn't seem to have any effect.

  3. The PBI should have an option to install software system wide or on a per user basis. This suggestion might seem strange but in a multi-user environment, it is not possible to hand over the root password to every one. And if a user wants to try out a software by downloading the PBI, he should be allowed to install it in his home directory if he cannot enter the root password.

  4. The PBI should also support execution from the command line. This is not a must have feature but it can be convenient to execute and install a PBI package in certain situations where you have booted into console mode.

  5. It would be nice to have a GUI front-end which allows a lay person to write custom firewall rules for PF.
Epilogue

PC-BSD is turning out to be an excellent alternative to other popular Desktop OSes. After testing and using PC-BSD for some time now, I can't but admire the sheer amount of work that is put into creating, developing and molding an OS for the lay person albeit with a strong slant towards FreeBSD. The fact that PC-BSD is able to accomplish all the tasks expected by an end user - be it using the Internet for communication, listening to music, watching movies or using it for recreation purposes holds it in good stead as a viable Desktop OS.

Friday, 18 May 2007

(IN)Secure Magazine - a free security magazine in PDF format

One thing which any operating system worth its name should take seriously is the concept of security. In this internet age when more and more people are getting access to always-on broadband, security is all the more important.

I read in one article in a mainstream media that credit card fraud is becoming rampant and is on the rise. The fraudsters hack into vulnerable machines and access confidential data. While some operating systems struggle to contain the security threats, many others fare better in this department. Linux is inherently considered to be more secure. But the most secure operating system is by far OpenBSD which has seen only two vulnerabilities in its code in 10 years.

(IN)Secure is a magazine which is dedicated to discussing security related aspects of Operating systems. It is a monthly magazine which is freely made available for download in a PDF format. Mirko Zorz is its Chief Editor. The magazine carries security articles related to all operating systems. In the latest (11th edition) of the magazine, you may read an article on iptables titled - "IPtables : An introduction to a robust firewall". I may add that the article was contributed by me and so if you do read the article and find any faults, you may let me know about it rather than troubling Mirko ;-). You can download the 11th issue of the (IN)Secure magazine here (PDF file).

Wednesday, 16 May 2007

Difference between Computer Science, Computer Engineering and Software Engineering degrees

There was once a time when a major percentage of people who had anything to do with computers were in more ways than one Electrical Engineers by training. In fact I have seen many popular books on Computer science and electronics which are authored by people who have a background in Electrical engineering.

Then with change in times and fast technological progress, the electronics and computer field evolved and they branched into seperate engineering fields. And now computers have come a long way that this branch of learning has in turn split into sub streams namely Computer Science, Computer Engineering, Software Engineering and so on. Ask a techie what is the difference between these similar streams of study and in most cases you are sure to get a blank stare.

I myself didn't know about the difference between these computing streams until I chanced upon this very informative article authored by Tony. In the article, he explains in what way these are different from each other. For example he notes that Computer Science is inherently mathematical in nature and is about writing code where as Software Engineering is thinking about writing the said code (what ever that means). And Computer Engineering discipline deals with design of specialized type of software, and incorporates more hardware material into studies.

Sunday, 13 May 2007

Using netselect-apt - Tip to select the fastest Debian mirror

Each time I install Debian - and I have done it scores of times on multiple machines, I get frustrated in choosing the right Debian mirror for updating the package database on my machine using 'apt-get update', or installing a new package for that matter.

Some of the questions that I had to find a solution for were ... Do I choose the Debian mirror in my country (India) or do I use one of the US servers ? Is there any way to find which of the two are the fastest for my geographic location ?

It might sound ironical, but experience tells me that the truism of choosing a Debian apt mirror closest to ones location does not hold true for me. Because at all times, when I have used a mirror from India, it is dead slow. And believe it or not, the responsiveness of the mirror will do a great deal of difference to how fast you are able to update your Debian machine.

Enter netselect-apt, a package which helps one to find and use the fastest Debian mirror for his region. What this script does in conjunction with 'netselect' command is, it first downloads a list of all the Debian apt mirrors from the official Debian website using wget. The list is saved in a file named 'mirrors_full' in your current directory. It then checks the responsiveness of each of the servers in the list and then selects the fastest among them. Finally it writes the necessary code in the sources.list file and saves it in your current directory. Considering that on last count there are a total of 248 Debian mirrors to choose from, that is a pretty tedious job.

In order to use netselect-apt, the first thing you have to do in your newly installed Debian machine is download and install the netselect-apt package. This can be done as follows :
# apt-get install netselect-apt
The netselect-apt package depends on the netselect package and so it will also be automatically installed.

You can pass a couple of options while invoking the netselect-apt command. For instance, I have Debian Etch installed on my machine. And if I want to find the fastest Debian Etch repository mirror for my geographic region, I run the netselect-apt command as follows :
# netselect-apt etch
If I want it to include non-free software section as well while creating the sources.list file, then I use the -n option :
# netselect-apt -n etch
You can also ask netselect-apt to select only ftp servers instead of http ones by passing the -f option.
# netselect-apt -n -f etch
Apart from etch, you can pass the following options - stable, testing, unstable, experimental, woody, sarge and sid. If you choose not to pass any options, then by default netselect-apt uses 'stable' as the option.

Once it finishes its work, you will find a newly created sources.list file in your current directory which will have the necessary code pointing to the fastest Debian server for your location. Now all you have to do is to copy the sources.list file to /etc/apt/ directory and do an apt-get update.
# cp ./sources.list /etc/apt/sources.list
# apt-get update
Please note that the speed of the servers change over a period of time and is dependent on a variety of external factors. So the server that netselect-apt chooses today need not be the fastest one for you say, a couple of weeks hence. So if you are in the habit of installing and updating software all the time, it will be prudent to run netselect-apt once every week or so and update your sources.list file to point to the fastest mirror.

Saturday, 12 May 2007

Metric equivalent of Microsoft fonts for Linux

Visit any random website and chances are the website expects your machine to have a set of fonts which have become the de-facto standard on the Internet. The fonts being Arial, Times New Roman, Courier New and so on. While it may not be illegal to install these fonts on a Linux machine, they are propritery and are owned by Microsoft. And Microsoft does not licence third parties to redistribute these fonts - a reason why you don't find these commonly used popular fonts installed in Linux by default.

This is going to change once and for all. Red Hat in association with Ascender Corp has developed a set of fonts which are the metric equivalent of the most popular Microsoft fonts, and they have released it under the GPL+exception license. Three sets of fonts have been released, them being:
  1. Sans - a substitute for Arial, Albany, Helvetica, Nimbus Sans L, and Bitstream Vera Sans
  2. Serif - a substitute for Times New Roman, Thorndale, Nimbus Roman, and Bitstream Vera Serif and
  3. Mono - a substitute for Courier New, Cumberland, Courier, Nimbus Mono L, and Bitstream Vera Sans Mono.
The advantage for Linux users is that now you don't have to explicitly install Microsoft fonts anymore as the web sites or documents which use Microsoft fonts will display flawlessly using the metric equivalent fonts which can be included in all Linux distributions by default.

The work on the fonts is yet to be completed and so will be released in two stages. In the first stage, all the fonts are released as fully usable but will lack the full hinting capability provided by True Type/Free Type technology. In the second phase of the release which will happen some time in later half of 2007, the fonts will have full hinting capability and will be at par with or excel the Microsoft fonts in quality. For now Red Hat has made available all the fonts for download so that you can test it on your machine.

Creating good quality fonts - ie. fonts which retain its quality even in smaller sizes is a very tedious and time consuming process. And buying good quality fonts is a very costly affair with each set of fonts costing anything upwards of $100 . By taking the initiative to develop good quality fonts which are the metric equivalent of Microsoft fonts, and releasing them under a Free licence, Red Hat has done a very good deed for the Free Software and Open Source cause.

Wednesday, 9 May 2007

A new way to look at networking

Van Jacobson is a research fellow at PARC. Prior to that, he was the Chief Scientist and co-founder of Packet Design, Chief Scientist at Cisco and has also headed the Network Research group at Lawrence Berkeley National Laboratory.

Van talks at Google Tech Talks about the concept of a network and how it enables the efficient transfer of data from one remote location to another. In the talk Van laments how the network research in the US has stuck in a dead end for the past decade or so and it should be a wonderful time for networking as every thing is connected to everything else, there are cell phones, computers, laptops, PDAs and so on and each can be connected with each other. But unfortunately as Van puts it every thing we do with networking is getting harder. Wireless barely works and information or data is not at sync with all the diverse devices we use. In his talk he puts forward his idea of how networking can be made simpler.

A very informative talk worth watching by anyone who is interested in knowing how computer networks work. Duration: 1 Hr 21 Min



Sunday, 6 May 2007

EnGarde Secure Linux 3.0.14

EnGarde Secure Linux is a Linux distribution developed by Guardian Digital - an open source Internet security company, and is designed with security in mind. Built from grounds-up, this product has been in development since 1999. EnGarde Secure Linux highlights its "Secure by default" tag as the one reason that it should be favored to be used as a Linux server. The developers have considerably reduced its size to include server-only applications and the whole administration of the server from the rebooting to its shutting down as well as configuring and maintaining web servers, database servers and so on can be done remotely from the confines of a web interface.

Guardian Digital has split EnGarde Secure Linux into three branches. Them being
  1. The Unstable branch which contain bleeding edge packages and is open only to developers.
  2. The community branch which is provided for free and is supported by the open source community. And lastly...
  3. The professional branch which is officially supported by Guardian Digital. And which needs to be bought.
The main difference between the community branch and the professional branch apart from the fact that one is free and the other is paid version is that Professional branch is much better tested and documented and can avail of the official support of Guardian Digital. Compared to that, the community branch will have to rely on the mailing list for support.

Features of EnGarde Secure Linux are many and are as follows (as quoted from their website) :
  • Linux 2.6 kernel for the latest hardware compatibility
  • SELinux Mandatory Access Control provides high security by strictly enforcing service separation at the kernel level
  • Guardian Digital Secure Network features free access to all system and security updates and allows for quick and easy updating of the entire server
  • Broad support for server hardware, including 64-bit AMD architecture and hardware RAID
  • Web-based management of all functions, including the ability to build a complete web presence with FTP, DNS, HTTP, SMTP and more
  • Secure up-to-date LAMP stack serves virtual websites with Apache v2.0, MySQL 5.0, and PHP 4.4 (PHP 5.0 available as an optional package)
  • Latest BIND 9.3 provides secure DNS services
  • Completely new WebTool, featuring easier navigation and greater ability to manage the complete system via a secure web browser connection
  • RSS feed provides ability to display current news and immediate access to system and security updates
  • Integrated firewall with ability to manage individual firewall rules, control port forwarding, and creation of IP blacklists
  • Commercial grade Network Intrusion Detection System displays and graphs incoming attacks in real time
  • Built-in Host IDS monitors system files for unauthorized changes to ensure system integrity
  • Built-in UPS configuration provides ability to manage an entire network of battery-backup devices
  • Real-time access to system and service log information
Ryan Berens who is an open source advocate at Guardian Digital tells me that EnGarde Secure Linux is a fully functional platform distribution that focuses on integrated security and ease of management. EnGarde Secure Linux has also been released by Guardian Digital as a Live CD so that it can be taken for a test drive without installing on ones machine.

Friday, 4 May 2007

Is brand name Ubuntu over hyped ?

Ubuntu is a Linux distribution which is famed for its ease of use and has built up an image of being a newbie friendly Linux distribution. Ubuntu has arguably the largest community following compared to all other Linux distributions. And it has enhanced its cause many times by following the policy of shipping free CDs of Ubuntu to anyone willing to try this Linux distribution.

Nowadays if you visit any tech blog or site, you seldom fail to notice at least one article espousing the cause of Ubuntu Linux. In fact, even the media pundits have jumped on to the bandwagon and have started tomtoming the virtues of this very popular Linux distribution (see here, here and many other places).

But recently when I reverentially downloaded the latest version of Ubuntu 7.04 (Feisty Fawn), burned it to a CD and booted into it, guess what? it failed to load.

Fig: Error encountered while booting Feisty Fawn LiveCD

The picture of my monitor above gives an idea of what I was faced with while booting Ubuntu 7.04 from the CD. It was showing an error on the lines that the ata2 port on my machine failed to respond. And I was put into an initramfs built-in shell.

The machine I tried to boot Ubuntu is a moderately recent Pentium 4 machine with 631 MB memory - more than twice the recommended minimum memory needed to load Ubuntu. The machine doesn't have any extra features like bluetooth, WiFi or out of the ordinary peripheral devices. And Debian Etch has been running quite flawlessly on this machine.

I am not an Ubuntu critic. Not even by a long short. In fact, if you search this blog, you will find numerous articles related to Ubuntu where I have talked favorably about it. I was really impressed with Ubuntu 6.06 (Dapper Drake) and its 6 step install method.

But a regular reader of this blog will find that I have been unusually quiet about the next release version which is Ubuntu Edgy Eft (6.10). It is not because I hadn't downloaded and installed it. But I did not find anything worth talking about that particular version. In all fairness to Edgy Eft, it at least booted to a complete desktop on my machine. But the latest version of Ubuntu 7.04 - Feasty Fawn, refuses to even boot and gives me the message as seen in the picture above. In all certainty it is a problem related to the Linux kernel bundled with Fiesty Fawn. Then the question arises as to why the Ubuntu team decided to use that particular version of the kernel. Perhaps that is a price you pay when you adopt experimental features without proper testing. I would really like the Ubuntu team to bring out succeeding versions at par with ver 6.06 in terms of quality.

Considering my experience with Ubuntu Fiesty Fawn against the eulogies in the media, I am forced to ask if the brand name Ubuntu is over hyped - most probably the residual effect of an over-zealous community behind it. No Linux distribution is perfect. Each has its pros and cons. I for one would like to see a balanced discussion about the pros and cons of a distribution without delving into unnecessary fanboy-ism.

Update (22 May 2007): It seems this problem is the result of a bug in Ubuntu Fiesty Fawn. Two days back, I received the CD I ordered through shipit. And even this CD refused to boot properly on my machine. A bug report has been filed at launchpad.net which you can read here. And Bheesh has provided a work around to this problem on his site, which I concede I haven't tried out yet as I do not have the patience to go through the whole ruckus just to boot into a Desktop. So as long as Ubuntu team sleeps over this undecided bug, it is sayonara from me to Ubuntu.