Small-to-medium business uptake of linux?

http://www.zdnet.com.au/news/software/0,2000061733,39187298,00.htm brings up an interesting issue. Part of the topic really is a lack of management at such places. The types of tasks which need to be done in the enterprise haven’t been analyzed, and thus employees are allowed to do basically anything they want with their machines. They consequently are encouraged to rely on any old application which comes their way, and get hooked to it. SMEs really need to have a sense of what computers will do for their enterprise. Why do they have computers, and how do they add to the bottom line of the company? That reasoning then should have impacts with employee job roles and with information technology spends, no matter how small. If an employee truly only needs to work with a web browser and with a spreadsheet, it is ridiculous to use a Windows machine. Technology choices should then go from there. Employees will simply learn to copy, whatever the tasks. If Mozilla and OpenOffice are given for tasks, then the employees will cope. Once that is all they use, then if they show up one day and all their data is on a server of some sort (IMAP, shared backed up server, etc.), and they can still run Mozilla and OpenOffice, then there you go. The “gravy” (media players, chat software, etc.) really can be duplicated for free on linux without incident. Be better, in fact. This form of thinking can apply to lowering one’s Windows spend as well. There are open source alternatives on Windows, and they should be used as much as possible. Start with OpenOffice, Thunderbird, and Firefox....

SCP Hints

Just a few quick speed hints for using SCP, which came my way: The -C flag will tell SSH/SCP to compress stuff. In general I use it all the time. CPUs are so much faster than networks still so compression is your friend. Depending on your platform, using the blowfish cipher should be a little faster than using the default 3des or aes128 (don’t quote me on the aes128 claim, they’re both pretty close). Most people don’t realize, but you can configure all sorts of options on a global and a per host level in your ~/.ssh/config file. This is nice because you can force it to use a different port for certain hosts, different ciphers, not allow password, only forward X for some hosts, etc. Here’s a little snippet to drop in your ~/.ssh/config that will make you use blowfish for your cipher and compress all data going over the network with GZip at level 6. Host * Compression yes Ciphers blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc I’m actually a little confused about why exactly this works, as the docs say it is only for SSH1 and not SSH2, but testing a 11 meg text file (about 20 copies of Huckleberry Finn repeated over and over), with compression gave me an overall throughput of 90.6K (11 megs in 1 minute, 51 seconds), without compression gave an overall throughput of 32.8K (11 megs in 4:58). Totally non-scientific, but good enough for me to conclude that it’s doing something, especially considering that my cable modem says that it’s current upstream rate 384000bps. At this point, I’ll also throw in a quick plug for using mod_gzip...

Open source in the police department

What I appreciate about this article over at RedHat (as I read): 1. This guy clearly will bounce between operating systems. He mentions “MSYS” (http://www.mingw.org/download.shtml) which also should be in one’s bag of tricks with cygwin. 2. He is willing to consider some old 8086 machines and dot-matrix printers as potential time-saving tools. 3. He mentions the Penguin Sleuthkit, which looks great as a forensic tool. It is incredibly important to use tools which protect the integrity of the scene — there can be no question of tampering with anything. This kit looks like it has the tools one would need to do a rapid...

Lighter-weight linux distributions

The linux world, in its fight to act like a point-for-point rebuttal to the Windows and Mac worlds, are busily adding features and bloat to desktop offerings. However, in the process, a regular mainstream Linux distribution like Mandrake or Red Hat take as much, and at times more, memory and processor speed as a Windows XP distribution does. This came as something of a shock to me. Fedora just doesn’t run very well with 128MB, and barely does with 256MB. Yet, part of my reason for getting involved in the Linux services world is my belief that Linux is an excellent fit for older hardware. In other words, all those dusty computers from two generations ago, those Pentium Ones with 64MB RAM, could still be productive machines today. Well, maybe so, but not with a recent mainstream distribution. Those distributions will occasionally work with older machines, especially if all you need is a really slow httpd or mysql server, but not (or not really) with a windowing environment. And if you can’t deal with something other than Gnome or KDE, well, forget it. To figure out what to suggest to clients, I did a search on the state of the art in lighter-weight distributions. PUPPY LINUX Over at http://www.goosee.com/puppy/, this developer decided he wanted to take his operating system and his personal files with him in a USB 128MB pen drive. Along the way, he ended up making a fast and functional linux distribution. It is especially usable for newbies, since it uses the MS Windows ‘clone’ Fvwm95. Much else is nice about it, and there is plenty to...

Open Source Security

Open Source Is Fertile Ground for Foul Play contains important security concerns. One part of the Total-Cost-of-Ownership will be, basically, open source code auditing, for those companies who go that route. No way to gloss over that. It is most certainly possible to inject malicious code into distributions, but you will certainly have to make it past the review systems of the packages/distributions themselves (including MD5 checksums, diff reviews, the rather efficient ways in which vuln information works its way around the open source community, etc.). As more companies go the open source route, however, they will have an economic incentive to keep the code clean. For instance, MySql would have a big problem on their hands if something happened to the MySql codebase. RedHat would if Postgresql had a problem. Mandrake if KDE had a problem. Thousands of companies, if Apache, PHP, or Python had a problem. Fedora and Win2k3 don’t have many because they are relatively new. Fedora for one will certainly have scads, hundreds, and you’ll get hosed if you don’t keep things updated (and as much as possible shut off and/or removed from the system). One interesting aspect is that many vulns have to do with optional, separable pieces of the distribution. For instance, if OpenSSH has a vuln of a certain version, it will touch Debian, Slackware, RH 9x, Mandrake 9x, etc. etc., but obviously SSH might or might not be used on a system. Same for PHP, which is part of almost all the dists. But only a certain subset of installations use it for anything. To apply this to RH 9.0: Many...

Bootable Linux

One of the most enjoyable and potentially useful bits of linux paraphernalia has been the explosion of “bootable linux” distributions. For quite a while, the main ones which were well known were tomsrtbt and Knoppix. Since a couple years ago there has been a truly wonderful proliferation of bootable distributions, with more created all the time. There are several direct and obvious benefits to bootable linux distributions: You can have a special-purpose linux dist for a single task You can boot up linux on basically any machine, or at least find one that works, and so work in a familiar linux environment wherever you are You can try out several distributions, in the spirit of getting more familiar with them The bootable media is (almost always) read-only, so it won’t change or get damaged due to user error or playing with configuration settings — just restart and you’re back to where you began — thus, the bootable linux firewall: in the event of a security intrusion, reboot and you’re back to where you were before the intrusion — bad for forensics but good for uptime and recovery Anyway, here are a few of the up-and-coming ones, well, at least according to Jeff Honnold’s spindle of CDs: MandrakeMove: this is the bootable CD from Mandrake, that wacky French company which makes one of the best and most user-friendly distributions currently. PHLAK, a.k.a. Professional Hackers Linux Attack Kit: yes, if you want to set up a bunker and start your intrusion tests as a White Hat security consultant, this is one of the dists you’ll have in your spindle. MenuetOS: Joe...