After the article 10 flaws with Ubuntu 7.10 which generated mixed feelings among the reader it is time to release a follow up on how to fix them. To be honest I don’t know why so many people become so hostile and rude, might be the fact that they don’t share the same opinion as I do. An opinion that you should contribute and give feedback so things get better.
With that said I also think having the title saying flaws, was maybe a mistake as it was more about feedback, maybe 10 things I would want to see improved in Ubuntu 7.10 would have been better?
Installing Sun’s Jre
This is very straight forward, all we have to do is grab the packages from ubuntu’s repositories. But before you can do that you have to add the multiverse repository.
Linux Planet has released an article series on how you can get consistent fonts throughout your system. Good articles, if you too feel that the font issue is a pure pain then I strongly recommend you to read these articles.
I won’t rewrite information that is already available on the net. Instead I’ll give you a link to the article I used to get my Wacom table to work as it should.
Ubuntu unofficial guide, Ubuntu wiki guide etc, etc.
That’s a very good resource for everyone who has questions about how to install certain things or how to get some issues worked out. If you are new to linux and ubuntu then I strongly recommend that you bookmark this wiki. As it most likely will give you the answers you want and you won’t have to spend x amount of time searching and trying to find the answers.
This is for Ununtu 7.10 and it hasn’t become as huge as the wikis for the earlier versions, so you might check with the how-to for an earlier version as well in some cases.
Thumbnails in Firefox file manager
To this I do not have an answer to, we’ll have to wait for firefox to implement this.
However if anyone reading this know a method to get the thumbnails, feel free to share with us.
Share with the world:These icons link to social bookmarking sites where readers can share and discover new web pages.
So I have been running Ubuntu 7.10 on one of my desktops for a while now, and I have to say that generally speaking I’m satisfied with what it has to offer. But with that said I have experienced a couple of minor things that are missing or that I feel don’t work as I want.
This is not a post where I want to throw dirt on ubuntu but more of a feedback kind of thing to share what I have experienced, after a post where I presented what great things this version has to offer it just feels natural to also present the other side as well.
Let’s begin then, there will not be a list I’ll just present them as I go.
The Java support that comes with the installation is just pure crap in my opinion, too many problems and well it just doesn’t work for me. Instead I have to install Sun’s JRE to get rid of the problems. Hopefully this issue will vanish once OpenJDK is fully functional and 100% finished.
The file manager that opens up when you want to open a file or upload a file on a website cannot display thumbnails. This may not be an issue you reading might think of as something a person would bother with. Sure but let’s face it, if you want to upload a picture locating it by viewing the thumbnails is much faster than first find it remembering the name then selecting it.
The regular file manager has this feature and I would like to see it in the other one as well.
You cannot get your Wacom-tablets without going into xorg.conf and set it up manually. They really should develop a graphical interface where you can set your settings for it and not have to relay on spending some time in the command line. This is something they should do primarily for new users and as a plus it will be less hassle for the rest of us too.
When you install drivers for your graphics card, you don’t get the administrative tool for it installed automatically. You have to install it separately. If you have Nvidia the package is called nvidia-settings. Also after you install it, it’s not put into the menu and you have to start it through the command line or add it to the menu yourself.
When you have twin monitors, the 3D desktop Compiz Fusion is turned on automatically, which might not be something you want. Apparently this will be sorted out in their next version.
The package compizconfig-settings-manager that you need to get all the effects has to be installed manually. I think that this should come with the installation.
You cannot navigate through the menu only by using the “hot/fast” keys without using the arrow keys. It should be possible to open the menu and jump to different options by pressing the first letter of them. This doesn’t work as it should you have to open the menu navigate with the arrow keys then you can press the first letter. Both Gnome and KDE has problems with this.
The support for playing DVD movies cannot be downloaded from the regular repositories, you have to add a separate source, which a new user could find as something tricky.
The fonts aren’t consistant, you have one type of font in gnome another type in openoffice and a third in for example virtualbox. This might not seem as a problem for you, but I would really want to see a consistent font base throughout the desktop environment.
A part from those issues which I can live with I still have to add that Ubuntu 7.10 feels as a good and stable version and I’m thinking of running it on all my desktops. And this problems are more of creating a better and easier environment for new users which I still think is an important issue, hence this post.
It’s Linux Foundation that holds 2007’s case study about what you want the Linux developers to focus on next year. So fill out the survey and get your voice heard. Why doesn’t you use Linux?
Linux Foundation want to know everything about your computer habits and also what may be keeping you away from switching to Linux.
The survey takes only a couple of minutes to fill out, questions like what programs are critical for you, what functions you would like to see in the operating system, what you use now and what you would want the developers to especially work on during 2008.
Security, now that’s an important thing when dealing with coding, but also with everything else that has contact with the surrounding world. There are a lot of different techniques and ways a systems can be breached by, the majority of them requires you to know a lot about the system you want to access, in addition to that you will have to be good at creating exploits and applying them.
But there is one way that pretty much eliminates all those needs, if successful of course, and is in my opinion one of the most effective ways to get where you want. Unfortunately this technique isn’t that well known by the regular individual and it’s often them who are targeted in such an attack, so here’s my attempt to educate you about the topic social engineering. I’ll be presenting different approaches you can go with, this is purely for education purposes only, I do not recommend any of you to try these techniques for malicious purposes, remember it’s illegal!
I believe that to be able to protect yourself from attacks you need to know how they work; when you know how one thing works you can start taking steps to preventing attacks from happening. If you don’t know how it’s performed, then tell me how can you be able to prevent them? And that’s why I’ll be presenting the techniques here, how you use the knowledge later on is entirely up to yourself.
What is Social engineering?
Social engineering is a term used to describe techniques used to trick and manipulate people to perform tasks the attacker wants. The difference between social engineering and regular fraud is slim, but the term is mostly used when the fraud is done to get information about or get access to a computer or network systems.
The techniques used are based on flaws in the human logic, a chain is only as strong as its weakest link, and in some cases that weak link is you or one of the workers or administrators. If you don’t know about these techniques then you will most likely not see through them before it’s too late.
Some techniques
I have to make one thing clear; there is no list with all the techniques being used, the ones I know about I either have read about or is way I used myself. The goal with these methods is one of two situations, to get the victim to do what you want or tell you what you want. How you get there can be done in many ways, how effective you are is basically determined by your creativity.
Mostly these methods are used as a part of a bigger attack, but sometime it might be the attack itself.
When I hear of social engineering I think of all the cases when people phoned in pretending to be someone to get information or get the individual on the other side of the phone to perform something they want.
Let say a system administrator gets a phone call, the person calling present himself as the IT head administrator from the main office in New York, he tells them about a problem they are having and want to check with the system administrator on a couple of things, whether it is to shut down some systems or login into a machine, could be anything. Now an unsuspicious administrator might follow along not knowing that by performing this he just gave away valuable information or did something that will make it a lot easier job for the attackers to penetrate into the system.
You should always be on the lookout for anything suspicious, if you find something not right ask them to wait and phone back to the head office and confirm. Also if these things happen your boss is most likely to be informed and brief you about it before you get contacted.
But there have been a lot more creative ways in getting information. Imagine this: You work in an office and in the elevator or hall you find a CD and some papers with the headline “this month’s income reports” or something else. So you assume somebody must have dropped it there and you pick it up.
Now what do you do with it? You might take a look what the CD holds, unknowingly getting infected with a Trojan horse or releasing a worm into the network. You might not be tempted with looking at what this is so you hand it over to one of the guys in the economy department or to your boss and someone of them might check the content of the CD. Now how many of you would suspect that as an attack attempt?
Remember that this doesn’t have to be a CD, it could be a memory stick, floppy or something else.
As I said before these attacks can be very creative and hard to see through, especially for anyone who isn’t aware of this. Just phone workers at a company telling them you are calling from the tech-support. Eventually you’ll find someone who reported a problem, so you’ll help that person solving the issue, but in the process you’ll get the victim to type in some commands of which result they are not aware of to help you gain access to their system.
This is a problem; normal non technical persons are the ones that most likely will be targeted with these types of attack. They do not know what the commands do and most of the times they do not suspect anything being not right.
This reminds me of my days when I was nicking hotmail accounts from people, (yes I used to do that, way back though), not knowing what this technique was called back then I was dealing with social engineering to gaining access to people’s accounts.
The attacks were made possible by one thing that I consider being a big security mistake, and that is having a “secret question” option, if you answer it correctly you are in.
So what did I do, I simply added people on msn messenger talked to them for a day or two, just so they trusted me a little, then smoothly popped in a question that was the same as their secret question into the conversation, and most of them answered it without thinking twice about it, and they sure as hell should have thought about answering the question with it being a ticket in into their accounts.
You wouldn’t believe how many people gave away their secret question answers this way!
Personally I think that this is an issue that too little people see; the best option would be to abandon this method all together as it is so unsafe and easily exploitable.
As long as there will be secret questions present on various services people will be hacked not knowing how it happened.
And as a finish to this article, a little video clip of social engineering in practice!
Share with the world:These icons link to social bookmarking sites where readers can share and discover new web pages.
Op5 is a Swedish company which delivers and implements software for qualified system monitoring. By using products for open source software, they create big competition against giants like HP OpenView and IMB’s Tivoli. Today they launch the new versions of their two new products op5 Logserver and op5 Monitor.
Op5’s products are made up of Op5 Monitor, op5 Statistics and op5 LogServer. Today the new versions are released of op5 Monitor with version number 3.2 and op5 LogServer 2.0. Among the new things in these new versions is for example more liberty to choose operating system, hardware, support and service.
The products consists of carefully packaged and customized programs where the base components are built on open source software. Names like Nagios, Cacti, NSClient++, MySQL, Apache, Hypergraph are some of the components.
Op5 aims to get costumers that cannot afford with down times because of a unusable system. The company was formed 2003 and among the clients we find Aftonbladet (a big Swedish newspaper), Volvo, Intrum Justitia, SwedBank and Bonnier. There are also costumers that come from the government companies and various counties in Sweden.
The biggest competition is what they call “the big four”, which basically are HP, IBM, CA and BCM. When the products from the big companies takes a very long time to implement, Op5 clams that they can implement the products under one week. The reason for this, says Jan Josephson at Op5, is because Swedish companies are much smaller than the American and thus their products suits them perfectly.
- We see several cases where the costumers have bought the wrong system from start, thus invested way too much in these types of solution, he continues.
- In some cases it’s almost as you’d buy a 18 wheeler to go to you’re local store for some groceries. The costumers have to get better in questioning the costs for these types of solutions, he continues.
- But can you create trust at the costumer’s side when you say that you can deliver and implement a solution in a couple of days, when you also claim that it takes several months with competitive solutions?
- Sure, we prove this fact with some implementations we performed in the past. Then you have to take the size of the company in your calculations too. Big American companies have thousands of employees, and to role out a system for system monitoring in a period of a couple of months is considered as a fast project. Here in Sweden it’s different where the companies instead have a couple of hundred employees.
- So you don’t see any skepticism from the costumers when you deliver solutions based on open source?
- No, not at all. It’s almost the opposite, costumers demand open source systems. They don’t care as much if the code released under GPL or some other license but rather that the source code is available is a have-to today.
- The code you provide to these products. Do you contribute back the modifications back to the community for open source?
- Yeah, of course we do that. Op5 is for example the largest contributor to open source in several of the projects they use. This week a couple of guys just returned from a open source conference in Germany, says Jan.
- It’s just the fact that the code is made available for everyone that is the benefit to our costumers. When we do an update out at one of our costumers, we perform the same update at the same time at all of our other costumers. The business model when it comes to proprietary programs is most time totally different. There doing the same Job 30 times and charging for the process 30 times would be normal. By using open source we create something fast and cheap which can compete with they big companies like IMB and BA, Jan continues.
- The product you deliver. Could you compare it to Microsoft’s Operations Manager (MOM)=
- Hrmm, I assume that in a PowerPoint-slide you’d put these products beside each other. But now is the fact that Microsoft’s products are good at monitoring Microsoft’s products. In the products we deliver we monitor a bunch of infrastructures like other servers, clients, routers, switches and present everything on just one and the same monitor, replies Jan.
-It’s important to make sure that the entirety in the systems and figure out what the base problem is. That’s why it’s important to have one whole sight over the system. For example if the mails stop functioning, most usually run down to the mail server to check what the problem is. But in nine cases out of ten the mail server isn’t the problem but something along the line. It can be a switch or a router.
- How does the future look like? Do you plan to expand?
- Yes, we are very happy over how well it all went. It has beaten all expectations. We have over 200 system running today. Germany is rolling and we plan to expand towards Norway, Finland. There is a huge demand after services like these today. Although they say that everything becomes more and more stable we still find more errors than we ever did. It doesn’t pass a day without you reading or hearing about a company having problems with buggy vending machines, routers or systems that went down. You know best how you react when the computer won’t start.
Demoproducts are available for testing and valuation on op5’s site and you run them in Vmware Workstation or VMware Player.
