We see a lot written about security in the Linux world.
We see a lot of comparisons and contrasts made between distros as well as "other" Operating Systems as well.
What is all the talk about? Who is it it really impacting and whose fault, if any, is it if security isn't "good enough"?
First off, why do we need security?
Is it simply a bunch of miscreants and criminals who, much like the "real" world, are compelled to live life on the wrong side of the law. To steal, damage and destroy because that is what they are compelled to do?
To use the "perfect world" scenario people love to use, security wouldn't even really be needed if people minded their own business and respected others peoples space and property.
But they don't. It isn't a "perfect world", they say, and they're right. It isn't.
But, just because it isn't a perfect world, that doesn't mean people shouldn't have expectations.
Security used to be like the "old days", the Leave it to Beaver days, when the need to lock doors and bolt windows to to keep unwitting or overly curious kids and neighbors in check.
Even then, you had your share of evildoers. Those hoodlums and thugs who went the low road and gave us good reasons to be distrustful.
It is the same today really.
You have about the same proportion of actual crooks who are hell bent on stealing passwords and credit card numbers for personal gain.
You have overly curious kids and nare-do-well's who find sport in being where they don't belong.
We also have corporations who like to play both sides of the fence.
They sell us tools to keep thieves out, then sell or leak info to "the right places" which just so happens to counter what they sold previously. they're making money on both ends of the deal and to hell with "ethics" or morality. It's just about money.
By the way, those companies do exist, they have been found from time to time and sometimes, when the right politicians, lawyers or judges haven't been compromised ahead of time, they actually get in trouble for it.
So, what's an admin to do? Be it a server or network at home or in a small business, heck, even at the enterprise level, there is no shortage of advice on how to handle security.
There is a "rule" that applies to almost all businesses, technologies, practices and otherwise that applies here.
Follow the KISS method. ( and no, this doesn't mean Gene Simmons will be reading your fail2ban logs)
Keep It Simple, Stupid
Meaning. Start at the basics. Begin with practices and habits. Don't be lazy, use secure passwords, don't write them down. Exercise that flabby memory!
There are lots of great, cool tools and apps to help secure and tighten down a system. They do absolutely no good though, if you don't use them. Take the time to read how they work. Install them. USE them.
Remember, just as in securing a home or office, if someone wants in bad enough they will find a way in. It doesn't matter how much money you spend, how many tools you use, locks you install. Greed and desperation are fierce opponents. Never think you are impenetrable.
What does that mean? Never let your guard down.
Keep your eyes and ears open. Ask any police or security officer in the world. The odds of breakin are highest from within. It is a great thing to be able to trust the people around you everyday. That's why they work so hard to build that trust, so you will relax and practically hand them what they need to get what they want. Does it happen every place every day? Of course not. But, it happens often enough to cause a wise admin to always think twice about who he or she hands the keys to.
The vast majority of stolen information comes not from break-ins and being cracked. It comes from bad habits.
Not shredding critical papers.
Tossing papers into trashcans without being inspected first. Did that guy who just got his email password back really just write it down on a napkin then forget the napkin on his desk? Holy Moly.
Eavesdropping is always popular. Stand in the vicinity of the guy who is doing his darndest to look and sound important. Oh cool, he just told his secretary his username and password over the phone so she could download that file and fax it to him.
BAD HABITS. Laziness, forgetfulness, brown-nosing, vanity and a host of other things we do are most likely what will compromise our precious security.
We have seen "top secret" government high level officials almost literally "give away" sensitive information and documents because of bad habits. Or worse, violating he trust placed in them y doing exactly what they were told not to do.
Highly "secured" military laptops have been compromised because some shmuck took the machine home and forgot about it.
All the great technology, training and development in the world won't mean a hill of beans if we don't start with the most basic steps keep our information safe.
Now, I am not knocking in any way the use of the myriad and assorted apps and tools out there that can help you to keep a secure ( as possible ) environment, but I am saying, we should always start with the basics.
Good practices and habits laid down from the get go, combined with smart tools and apps will make your server or desktop system as safe as it can be.
Snort, fail2ban, bastille, SELinux, and a host of others are tremendous at helping to keep those who shouldn't be there to begin with at bay.
If you don't lay down the rules, procedures and practices with yourself and your staff/users, they will sit there and be of much less value and significance.
Think of it in terms of your home or office. If you buy a fantastic central air system, put in the best power surge equipment and fans/blowers, electronic thermometers and control systems, that's great.
It won't be of much good if everyone leaves the doors wide open.
You got a tremendous security system for your house? Electronic monitoring, laser scans, fingerprint entry. Way Cool.
If you don't set the system when you leave, what's the point?
These things are what many people would consider "common sense" types of things, and yet, on a daily basis, techs and support staff are confronted with the results of these ideas not being observed and followed through on.
Help yourself, help your system. save some time energy and maybe money.
By all means, use the fancy tools and apps. Get the latest updates.
Just remember to lock the door when you leave.
Saturday, September 20, 2008
Friday, September 19, 2008
Just what is up with PCLinuxOS anyway?
PClinuxOS is a Linux distribution that gets mentioned quite a bit actually. It often is mentioned in the same breath and at the same table when we discuss the "big boy" or commercially supported distributions, like ubuntu, Fedora, OpenSuse, etc...
This is pretty good when considering that PCLinuxOS is not commercially funded or supported in any way. Of course, they are not alone in that regard, Debian and Mint, Gentoo and others are not commercially supported either.
There is something about PCLinuxOS that keeps it at the forefront of discussion though. It has an appeal to many users and enjoys community support like only a few active distros ever see.
First of all, let's take it's basic position. At it's roots, the originator and lead developer of PCLinuxO, often known as "Texstar", did something that was a step away from most other distros.
He followed the advice that one should "do one thing and do it well".
PCLinuxOS is a home/user desktop. That's it's primary focus and intention. Every aspect of it is geared toward and directed at being just that.
So many other distros in Linux follow a somewhat cardboard cutout plan that says a Linux distro must be everything to everyone. They include in their repositories and offerings every kind of application that could possibly be available.
From business apps to servers and web apps, to school apps and games and educational programs and music editing, video editing, CAD and artistic design, etc... Every kind of app under the Linux sun is made available.
When people discuss the "confusion" of what apps to pick from, this is part of that predicament. This inclusion of not just so many presentations of one type of app, but the selection from so many user markets as well.
Texstar started out different. I have watched the development of PCLinuxOS since I first discovered it at release 0.92
It really was a marvel at that early point in it's development because it positively shined as a home user desktop. Considerations were made both cosmetically and functionally to be one of the best performing nd best "out of the box" Linux user experiences around. To this day, the only other distro I have seen accomplish that feat is Mint. A standout distro by anyone's standards.
Other distros come close and are even now beginning to be able to match it, but from it's inception, PCLinuxOS was ahead of it's time.
One of the main reasons for that is Texstar and his helpers focused almost solely on it's intended purpose. They did not try to throw everything in. The servers, the business apps and the special video and graphical apps. They searched for those apps they knew would be most used and most appreciated by the majority of users. Those apps that would be used by 75% or more of home and "general" users.
Because of that focus and attention to detail, PCLinuxOS has become known for it's presentation. It's forward looking and user focused "heart'. It has heart, I think that is exactly the word I want to use.
If one reads through the user forums and reviews, the people who use PCLinuxOS aren't, for the most part, just content with it's performance or delighted with it's image and presentation.
They are Proud. They actually feel pride and take a bit of ownership in their choice of distro. They are pleased as punch to wait until Tex and the development team release an updated ISO, because they know that due to PCLinuxOS having a rolling repo, they will soon benefit from those new pkgs as well without having to do a new install at all. They reap the benefits of patience.
Waiting for a team who epitomizes the old wine commercial that proclaimed " there will be no wine before it's time."
The majority of users of PCLinuxOS perpetuate a notion of this distro as being "refined'. It offers a customized presentation of a KDE desktop environment and carries with it tools it inherited from it's origins in Mandriva, chiefly the PCLinuxOS Control Center.
The artwork in PCLinuxOS is widely and often proclaimed as inspired and artistic.Often having an overall look that is well coordinated, sleek and pleasurable to view as default artwork goes. Most people will customize things like wallpapers and iconsets ,etc to their preference anyway.
Another sterling example of utility within PCLinuxOS is it's use of "remasterme" a tool that makes use of "mklivecd" and allows a user to install PCLinuxOS, customize it to their preference, install those apps and files they feel are "must haves" as a starting point for their needs then 'remaster' or make an installable duplicate of their customized version of PCLinuxOS.
So if one were ever in the need to reinstall for any reason, or to provide a common, customized install to several computers in their area, it can be accomplished by using that remaster instead of customizing each one individually.
There have been users who have tried PCLinuxOS and not found it to their personal interests. If one reads the list of complaints, it is that they do not want to be patient and wait for what is waiting in the wings. Moreso, they are seeking immediate gratification in their search for the latest, greatest in apps and features. For those who are seeking the newest and "bleeding edge" in Linux offerings, they are not content for the methodical, slower pace of PCLinuxOS.
The one thing that Linux as a whole promises and delivers on is choice. There are several hundred "distros" or remasters of distros made to appeal to wide market groups and very specific ones.
I liken it to cheese or wine perhaps. You can walk into a store and buy a perfectly good cheddar or 'american' cheese. it doesn't cost a lot and it gives you what you want. that taste of cheese. Then some people who like a particular taste or flair will look into a good swiss or ricotta perhaps. There are not only several types of cheese, but several qualities of it as well. You can buy a $4.00 swiss or you can buy a $20.00 piece of Swiss that is the same size, but of a different 'quality' or taste.
Linux distros can be said to be similar. There are those that are "common" which try to appeal to the widest group of people and uses possible, thereby extending their reach and 'popularity'.
There are others who specialize. They offer a focus on a specific area or group that takes time, consideration and creativity. the focus of these 'specialty' distros isn't to gain the broadest acceptance or common usage. They are appealing to a particular, smaller segment of the community who is seeking a unique and more focused experienced.
I believe PCLinuxOS falls into this latter category. It isn't that they are trying to ignore any specific group or segment of the larger Linux community, but instead put a fine point on what they want to offer. Because there will be such a fine point, it will be of appeal to a more limited number of people.
But those people will not just value it and appreciate what it offers. They will embrace it because it meets some special interest to them. Something that the others do not.
Much the same can be said about Apple computers, their community and users. Those who use Apple don't just "use' them, they embrace them.
Before I finish, there are those who will take this discussion out of context and try to say I am describing 'elitism' here. When in actuality, elitism describes those who think they or what they have is "better" than everyone else around them.
What I am describing is 'Pride'. The level of appreciation for something that so uniquely fills a need that is not commonly found as to make someone think it is "custom made" for them.
PCLinuxOS offers that 'Pride' to it's users.
This is pretty good when considering that PCLinuxOS is not commercially funded or supported in any way. Of course, they are not alone in that regard, Debian and Mint, Gentoo and others are not commercially supported either.
There is something about PCLinuxOS that keeps it at the forefront of discussion though. It has an appeal to many users and enjoys community support like only a few active distros ever see.
First of all, let's take it's basic position. At it's roots, the originator and lead developer of PCLinuxO, often known as "Texstar", did something that was a step away from most other distros.
He followed the advice that one should "do one thing and do it well".
PCLinuxOS is a home/user desktop. That's it's primary focus and intention. Every aspect of it is geared toward and directed at being just that.
So many other distros in Linux follow a somewhat cardboard cutout plan that says a Linux distro must be everything to everyone. They include in their repositories and offerings every kind of application that could possibly be available.
From business apps to servers and web apps, to school apps and games and educational programs and music editing, video editing, CAD and artistic design, etc... Every kind of app under the Linux sun is made available.
When people discuss the "confusion" of what apps to pick from, this is part of that predicament. This inclusion of not just so many presentations of one type of app, but the selection from so many user markets as well.
Texstar started out different. I have watched the development of PCLinuxOS since I first discovered it at release 0.92
It really was a marvel at that early point in it's development because it positively shined as a home user desktop. Considerations were made both cosmetically and functionally to be one of the best performing nd best "out of the box" Linux user experiences around. To this day, the only other distro I have seen accomplish that feat is Mint. A standout distro by anyone's standards.
Other distros come close and are even now beginning to be able to match it, but from it's inception, PCLinuxOS was ahead of it's time.
One of the main reasons for that is Texstar and his helpers focused almost solely on it's intended purpose. They did not try to throw everything in. The servers, the business apps and the special video and graphical apps. They searched for those apps they knew would be most used and most appreciated by the majority of users. Those apps that would be used by 75% or more of home and "general" users.
Because of that focus and attention to detail, PCLinuxOS has become known for it's presentation. It's forward looking and user focused "heart'. It has heart, I think that is exactly the word I want to use.
If one reads through the user forums and reviews, the people who use PCLinuxOS aren't, for the most part, just content with it's performance or delighted with it's image and presentation.
They are Proud. They actually feel pride and take a bit of ownership in their choice of distro. They are pleased as punch to wait until Tex and the development team release an updated ISO, because they know that due to PCLinuxOS having a rolling repo, they will soon benefit from those new pkgs as well without having to do a new install at all. They reap the benefits of patience.
Waiting for a team who epitomizes the old wine commercial that proclaimed " there will be no wine before it's time."
The majority of users of PCLinuxOS perpetuate a notion of this distro as being "refined'. It offers a customized presentation of a KDE desktop environment and carries with it tools it inherited from it's origins in Mandriva, chiefly the PCLinuxOS Control Center.
The artwork in PCLinuxOS is widely and often proclaimed as inspired and artistic.Often having an overall look that is well coordinated, sleek and pleasurable to view as default artwork goes. Most people will customize things like wallpapers and iconsets ,etc to their preference anyway.
Another sterling example of utility within PCLinuxOS is it's use of "remasterme" a tool that makes use of "mklivecd" and allows a user to install PCLinuxOS, customize it to their preference, install those apps and files they feel are "must haves" as a starting point for their needs then 'remaster' or make an installable duplicate of their customized version of PCLinuxOS.
So if one were ever in the need to reinstall for any reason, or to provide a common, customized install to several computers in their area, it can be accomplished by using that remaster instead of customizing each one individually.
There have been users who have tried PCLinuxOS and not found it to their personal interests. If one reads the list of complaints, it is that they do not want to be patient and wait for what is waiting in the wings. Moreso, they are seeking immediate gratification in their search for the latest, greatest in apps and features. For those who are seeking the newest and "bleeding edge" in Linux offerings, they are not content for the methodical, slower pace of PCLinuxOS.
The one thing that Linux as a whole promises and delivers on is choice. There are several hundred "distros" or remasters of distros made to appeal to wide market groups and very specific ones.
I liken it to cheese or wine perhaps. You can walk into a store and buy a perfectly good cheddar or 'american' cheese. it doesn't cost a lot and it gives you what you want. that taste of cheese. Then some people who like a particular taste or flair will look into a good swiss or ricotta perhaps. There are not only several types of cheese, but several qualities of it as well. You can buy a $4.00 swiss or you can buy a $20.00 piece of Swiss that is the same size, but of a different 'quality' or taste.
Linux distros can be said to be similar. There are those that are "common" which try to appeal to the widest group of people and uses possible, thereby extending their reach and 'popularity'.
There are others who specialize. They offer a focus on a specific area or group that takes time, consideration and creativity. the focus of these 'specialty' distros isn't to gain the broadest acceptance or common usage. They are appealing to a particular, smaller segment of the community who is seeking a unique and more focused experienced.
I believe PCLinuxOS falls into this latter category. It isn't that they are trying to ignore any specific group or segment of the larger Linux community, but instead put a fine point on what they want to offer. Because there will be such a fine point, it will be of appeal to a more limited number of people.
But those people will not just value it and appreciate what it offers. They will embrace it because it meets some special interest to them. Something that the others do not.
Much the same can be said about Apple computers, their community and users. Those who use Apple don't just "use' them, they embrace them.
Before I finish, there are those who will take this discussion out of context and try to say I am describing 'elitism' here. When in actuality, elitism describes those who think they or what they have is "better" than everyone else around them.
What I am describing is 'Pride'. The level of appreciation for something that so uniquely fills a need that is not commonly found as to make someone think it is "custom made" for them.
PCLinuxOS offers that 'Pride' to it's users.
Monday, September 8, 2008
Dumb questions and simple answers.
The world of so called "journalism" especially in the realm of technology and Linux is full of questions and comments that aren't really worth the cost of the ink it takes to bold and highlight them.
There are a few that have been around for awhile now that have already been answered yet the press and "pundits" have chosen to ignore the answers because then they wouldn't have anything "exciting" to write about anymore.
Let's take for example, the question of "When will Linux be ready for the desktop?"
Linux is on the desktop. It has been announced for several companies and government agencies around the world. This is a fact. Linux IS on the user desktop. Now, is it on a billion desktops as some other OS's are claimed to be? Of course not. Is there a suggestion by some, even many people that perhaps Linux should be on so many desktops? Yes, lots of people wish or suggest that if Linux were to be taken "seriously" it needs to have the numbers of a Microsoft product, which has had the benefit of being largely unchallenged and monopolized in contract agreements concerning past deployment and sales agreements that no other software has enjoyed before or since. That is simply fact, no need to bemoan the past, accept it, move on.
Here's another fact, Linux will never enjoy world domination as Windows has had. The market and business agreements have changed since Microsoft was taken to court for monopoly practices. It is not likely that any one Linux distribution will make such gains and highly questionable if they somehow managed to.
However, Linux and other OS's will make gains in the future. Open Source software is gaining acceptance worldwide as institutions, governments and people realize that locking information away is not acceptable.
Here's another dumb question. "When will Linux finally begin to act and look more like Windows or Apple?" Now, Most of us have heard that Linux is not Windows. It is not Apple either. What it is, is an implementation of Unix, only, not exactly, but close enough.
The assumption is that for Linux to be successful, it must ride the coattails of those who have been successful on the desktop before. There is another argument that says due to the proliferation of Windows, more people are familiar with it's use and if a new OS is to gain a foothold, it must emulate that to a certain degree so people will feel comfortable using it. It will look like what they have used before.
The truth of the matter is, ALL Operating Systems must do the same job, allow people to interact with and use the physical machine that is the computer. Because they must all do the same job and most all people have two hands, one head, two eyes, ten fingers, etc... we all will interact or expect to interact in a fairly common way.
Looks, style, layout design, all of these can be changed to suit any group of people and people can learn to use a variety of different approaches.
People learn to speak multiple languages, use multiple sets of tools, artists learn to work with a wide variety of mediums like canvas or paper or clay tablets or papyrus. All can be painted upon, but all have different methods and approaches to using them.
There is no need to paint Linux into the same corner and image as another OS. Appreciate and explore what it can be as it is. As the French say, "Vive la diference."
One of my favorite dumb questions is "Why does Linux still include a command line interface?" The suggestion here is that the CLI is an antiquated notion that somehow shows that Linux is not modern or capable as a "modern" OS.
As has been mentioned before, Linux is related to Unix, evolved from it you could say. As such, it inherits the nature of being a multi-user operating system. This means networks.
It is true that as a means to interact with a computer on a regular basis, the graphical user interface (GUI) has become the accepted and "modern" method of using a computer, leaving behind the days when the CLI was the only way to work with a computer.
Having said that, two kinds of users need access to Linux based computers, actually, ALL, OS's have this duality.
There are end users who do their task like wordprocessing and CAD and play music and any number of things, then get up and walk away from the computer.
There are technical users who are most often in support and maintenance positions that need a common interface to make things happen behind the scenes across not only one computer, but an entire group of them. If not for the CLI, that would be a much more daunting task. The common ground of the CLI means that what a tech does on one machine should most likely be the same for the other Linux computers, regardless of distribution. It isn't always exactly identical, but often the differences are minimal.
It is interesting to note that Windows computers and Apple based ones as well, do indeed offer a command line interface on their systems as well. The CLI isn't just a reference to a time before Graphics, it is a tool to allow common access to the computer. Does this mean end users must or need to use the CLI in Linux, of course not, in fact, most Linux distributions now offer entire suites of GUI based tools to make system modifications without ever seeing a CLI.
Controversy sells. This is why the dumb questions continue to fly even though the answers have been available for quite a while.
There are a few that have been around for awhile now that have already been answered yet the press and "pundits" have chosen to ignore the answers because then they wouldn't have anything "exciting" to write about anymore.
Let's take for example, the question of "When will Linux be ready for the desktop?"
Linux is on the desktop. It has been announced for several companies and government agencies around the world. This is a fact. Linux IS on the user desktop. Now, is it on a billion desktops as some other OS's are claimed to be? Of course not. Is there a suggestion by some, even many people that perhaps Linux should be on so many desktops? Yes, lots of people wish or suggest that if Linux were to be taken "seriously" it needs to have the numbers of a Microsoft product, which has had the benefit of being largely unchallenged and monopolized in contract agreements concerning past deployment and sales agreements that no other software has enjoyed before or since. That is simply fact, no need to bemoan the past, accept it, move on.
Here's another fact, Linux will never enjoy world domination as Windows has had. The market and business agreements have changed since Microsoft was taken to court for monopoly practices. It is not likely that any one Linux distribution will make such gains and highly questionable if they somehow managed to.
However, Linux and other OS's will make gains in the future. Open Source software is gaining acceptance worldwide as institutions, governments and people realize that locking information away is not acceptable.
Here's another dumb question. "When will Linux finally begin to act and look more like Windows or Apple?" Now, Most of us have heard that Linux is not Windows. It is not Apple either. What it is, is an implementation of Unix, only, not exactly, but close enough.
The assumption is that for Linux to be successful, it must ride the coattails of those who have been successful on the desktop before. There is another argument that says due to the proliferation of Windows, more people are familiar with it's use and if a new OS is to gain a foothold, it must emulate that to a certain degree so people will feel comfortable using it. It will look like what they have used before.
The truth of the matter is, ALL Operating Systems must do the same job, allow people to interact with and use the physical machine that is the computer. Because they must all do the same job and most all people have two hands, one head, two eyes, ten fingers, etc... we all will interact or expect to interact in a fairly common way.
Looks, style, layout design, all of these can be changed to suit any group of people and people can learn to use a variety of different approaches.
People learn to speak multiple languages, use multiple sets of tools, artists learn to work with a wide variety of mediums like canvas or paper or clay tablets or papyrus. All can be painted upon, but all have different methods and approaches to using them.
There is no need to paint Linux into the same corner and image as another OS. Appreciate and explore what it can be as it is. As the French say, "Vive la diference."
One of my favorite dumb questions is "Why does Linux still include a command line interface?" The suggestion here is that the CLI is an antiquated notion that somehow shows that Linux is not modern or capable as a "modern" OS.
As has been mentioned before, Linux is related to Unix, evolved from it you could say. As such, it inherits the nature of being a multi-user operating system. This means networks.
It is true that as a means to interact with a computer on a regular basis, the graphical user interface (GUI) has become the accepted and "modern" method of using a computer, leaving behind the days when the CLI was the only way to work with a computer.
Having said that, two kinds of users need access to Linux based computers, actually, ALL, OS's have this duality.
There are end users who do their task like wordprocessing and CAD and play music and any number of things, then get up and walk away from the computer.
There are technical users who are most often in support and maintenance positions that need a common interface to make things happen behind the scenes across not only one computer, but an entire group of them. If not for the CLI, that would be a much more daunting task. The common ground of the CLI means that what a tech does on one machine should most likely be the same for the other Linux computers, regardless of distribution. It isn't always exactly identical, but often the differences are minimal.
It is interesting to note that Windows computers and Apple based ones as well, do indeed offer a command line interface on their systems as well. The CLI isn't just a reference to a time before Graphics, it is a tool to allow common access to the computer. Does this mean end users must or need to use the CLI in Linux, of course not, in fact, most Linux distributions now offer entire suites of GUI based tools to make system modifications without ever seeing a CLI.
Controversy sells. This is why the dumb questions continue to fly even though the answers have been available for quite a while.
Subscribe to:
Posts (Atom)
