Posts Tagged ‘linux’

Insecurity by Non-Obscurity

I was a bit shocked and disheartened tonight to discover that my WordPress version was being broadcast to the world without me knowing it. It’s something that I hadn’t ever really given much thought to, mostly because I always assumed that a piece of information like that wasn’t being given out. What was even more disheartening to me was what I discovered as the method for disabling this broadcasting of my version number. The easiest way, by far, was to just install the Secure WordPress extension (or I could dive into a bit of their PHP code and have to make the change with each upgrade, not so much fun). Not so long ago, there was a huge ordeal about a vulnerability in WordPress 2.8.3 that allowed an attacker to reset an admin password very easily. No wonder they urged us to upgrade so quickly – your vulnerability was being broadcast.

The sad part is, broadcasting this version number isn’t something that can be disabled using the built-in settings. I don’t know what the rationale is, but one either has to edit the functions.php file in WordPress directly, or install the plugin mentioned above.

Anyway, this got me thinking about plenty of other open source softwares that I’ve disguised over the years.. For instance, perform a fresh install of Ubuntu 8.04 with the LAMP stack and you’ll see the version listed in the headers as detailed as this:

Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch Server

Yup, there it is, script kiddies. Bust out Metasploit and eat your hearts out. In this case, if one leaves the defaults enabled, the server major version, minor version, PHP version, OS, and WordPress version all are exposed. That leaves a pretty nice little attack vector.

Of course, hiding these things doesn’t mean that anything is secure. On the contrary, one must go far deeper than that. I am just disappointed in so many open source projects that cut down the time needed for any script kiddies to start playing with my public services.

Related Posts Related Websites

Tags: , ,
Filed under Tech Trends : Comments (0) : Jan 18th, 2010

Want Faster Browsing? Google FTW!

Well, Google is at it again. I am now relying on yet another set of Google products..

This week was a big week for non-Windows users waiting for the Chrome browser. Earlier this week they released the beta of Chrome for Linux and Mac. I actually held out a bit on using many of the pre-release version of Chrome on Linux/Mac, mostly because I didn’t have a lot of time on my hands, but also because I didn’t realize just how much faster it really was than the browsers I’d been using. But, it wasn’t just Chrome that has sped up my browsing experience this week either.

Last week Google announced the general availability of its new public DNS service, touting it  as a speed booster(?). DNS typically isn’t something that we give a ton of thought to when chasing after faster browsing speeds, but I was pleasantly surprised by a bit snappier browsing experience. Of course, my download speeds really aren’t any faster, but the initial connection to my favorite websites (and non-favorite I suppose..) has sped up a bit. Just how much faster did this new DNS service make my little network go? Well, I really don’t have any numbers. If you haven’t tried it, it’s definitely worth a shot.

All’s not entirely well in my new Google world since Chrome is still in beta. I have to close the browser on occasion because things start acting up and some of my saved passwords are acting a bit weird, but overall the experience has been great. I still have to rely on a combination of Firefox and Safari for things that Chrome is buggy at (or can’t do like my Zimbra admin :( ), but that’s to be expected with a beta.

If you are running a Mac or Linux machine as a desktop, I’d encourage you to check out the new Chrome beta. I guess even more of my data are now belong to Google..

Related Posts Related Websites

Tags: , , ,
Filed under How-Tos / Tips, News : Comments (0) : Dec 10th, 2009

Linux Getting Some Upgrade Love

With Microsoft and Apple both making releases this fall, I sometimes have felt like I need to comfort my Linux desktop that it’s not getting huge upgrades at once after reading tech news. Both Snow Leopard and Windows 7 offer some usability improvements over the predecessors as well as some speed improvements. However, Linux doesn’t have to feel unloved this fall anymore. The new Linux kernel, version 2.6.31, is promising some serious speed increases, specifically for the desktop.

The speed improvements will be much more noticeable on a desktop strapped for memory as it comes from better memory management that reduces the number of reads from disk to memory. The benchmarks also show a dramatic reduction in the number of major faults on file servers as well.

Other improvements to the release include ATI graphics card support improvements, USB 3.0 support and an improved Firewire driver.

I’m glad that I’m finally able to read software release news other than for Microsoft and Apple for a change.. :)

Related Posts Related Websites

Tags:
Filed under News : Comments (0) : Sep 6th, 2009

Linux Vendors: United They Will Stand?

Ever since reading OStatic’s article about how Linux netbook returns really aren’t the problem with Linux market share, I can’t seem to quite get over the conclusion. They make an excellent point. Microsoft has lots of money and can afford to throw a lot of it at marketing. And Linux vendors? Not so much. To ‘requote’ (RQ?) Joe Brockmeier from Novell:

“If you took the marketing budgets of all the Linux vendors combined, and then doubled that figure, and then added a zero, you might start approaching what Microsoft spends on marketing Windows. Maybe.”

Wow. That’s one heck of a deficit to overcome. The funny thing about the software business is that as long as your technology is ‘good enough’, often that’s all it takes. From there it’s marketing. It’s sad, but true. It’s not that one has to match dollar-for-dollar, but that’s certainly not a difference that’s easily compensated for.

Okay, so there’s a problem. What’s the solution? Let’s read on in Brockmeier’s quote:

“The ad councils for various industries have the right idea — it’s a good idea to pool your money to grow the market when you’re jointly competing with another industry.”

This is where I have to disagree. Pooling money for marketing from Canonical, Red Hat, and Novell (and perhaps some lesser-known Linux vendors) for the benefit of whom? Linux? What Linux? Ubuntu? Red Hat? SUSE? If I were a Red Hat shareholder, I wouldn’t exactly appreciate my dollars being spent marketing ‘Linux’. While I like Linux, Red Hat needs to market Red Hat.

Is this what Linux has come to? A charity that vendors can pool their money into with the hopes of getting something out of it? Now, it is true that these vendors rely upon Linux upstream to have a product to sell, but as long as there are differences in distributions, there will be different marketing strategies. And that’s for good reason. Ubuntu is popular on desktops and laptops. Red Hat is not. In fact, Red Hat appears to not even care about the desktop market. SUSE fits somewhere in the middle there.

Can the three combine marketing strategies? Maybe. While I definitely like the idea of Linux dominating both the server and client operating system market shares, I would hate to see tension created between vendors because advertising doesn’t help out each equally. That would just serve to hurt all three. As a community, Linux vendors can’t even agree on a sound subsystem, let along a marketing strategy.

Related Posts Related Websites

Tags: , , , ,
Filed under Tech Trends : Comments (0) : Aug 16th, 2009

Five Reasons I Would Switch (Exclusively) to Linux

Yesterday I took a look at some of the applications that I’d miss if I decided to switch away from Mac OS X to using Linux exclusively. I felt that wasn’t quite fair as there are some really compelling reasons to switch to Linux and I really didn’t give it much chance (publicly that is). Here’s five reasons I do want to make the switch.

Aptitude
Good package management is absolutely critical on any OS that one is going to be developing or serving data off of. Sure, you can download and install packages as needed, but if those packages aren’t bundled up nicely (as often happens with open source software ported to OS X or Windows), installing those packages become a pain. Need to install an application with its dependencies? No problem! Just do an apt-get install (or use yum or yast, etc. pick your poison). Sure, there’s projects like Macports, but let’s face it, you can’t beat a good native package manager.

Usable OpenOffice.org
Yes, I know that OpenOffice.org runs on Mac OS X. However, every time I’ve seen it run on OS X it’s much slower than running it in Linux on slower hardware. Even using the NeoOffice product, it seems like it just isn’t as responsive or load nearly as fast as running OOo on Linux.

Gnome / KDE (i.e. choice)
One could argue that the Linux desktop managers offer too many options, but being able to theme (nicely, not like those lame underwater themes everyone ran on Windows 98) and tweak everything is definitely a bonus. One Linux box can look exactly the same or dramatically different than the next. The important thing is, it’s all up to the user. OS X looks beautiful, but freedom is worth something as well.

Hardware Freedom
I don’t violate the EULA by installing Linux on standard PC hardware. That’s a pretty compelling argument for Linux right there. I will agree that the Mac hardware is pretty dang slick and nice, but having the freedom to run my OS on the machine of my choice is a very important deciding factor in choosing which OS I will use. I also only have to mention virtualization and Apple loses out big-time there as it won’t allow OS X to be licensed to run in a virtualized environment (except for the server).

Native X11
I know that you can run X11-based applications on OS X, but what a pain in the butt. They’re slow to start, the keyboard options change and the window management is terrible. Seriously, run GIMP on a Mac and then use it on Linux. You won’t go back.

Related Posts Related Websites

Tags: , , , ,
Filed under Tech Trends : Comments (0) : Jul 31st, 2009

« Older Entries