At this point many are about ready to write off Ubuntu, and switch back to Debian proper, or an entirely different distribution, such as Fedora 16. Some have chosen to stay with Ubuntu for now, but run a variation on it with Xubuntu (which has been my choice for now).
At this point I am not sure what Ubuntu brings to the table anymore except excellent forum support and perhaps a good set of drivers for hardware detection among various laptops and desktops. Linux Mint is already working on their own Gnome 3 fork called MGSE, which will look at lot closer to Gnome 2.
Ubuntu has reached the pinnacle of its exposure and I think the bubble in which the developers and Mark Shuttleworth live has entirely squelched the outcry, probably to their detriment.
I do hope the Gnome developers also see the error of their ways. Gnome 3.x is a “Windows Vista” of sorts — a real shark-jumping moment, but could be corrected with a mea culpa and at least an offering of a fully functioning “classic mode” for everyone not interested in Fisher Price style graphical interfaces.
I will continue to stay with Xubuntu for now, but I can readily say that I am now officially shoppin’ around.
This is a great utility if you have many jpeg’s or MP3′s that are haphazardly named and want to rename them sequentially, or with a specific pattern.
It has a very friendly GUI front end and allows for many types of character substitutions or prefixes and suffixes to be added. It also supports character substitutions for matching patterns.
Fortunately (or unfortunately) I vividly remember and identify with a great many of these “If’s…”
— You know you were part of the tech industry in the ’90s if …
1. you remember when Bill Gates did that blue-screened Win9x release onstage at Chicago Comdex.
2. you remember that there was a Chicago Comdex.
3. you were jealous of your friend’s NeXT.
4. you used a cool device that you held in your palm that made you learn how to write each letter a different way, and it changed the world.
5. you remember when people bothered to say “digital” before “camera” and “cellular” before “phone”–and only the uber-geeks and/or the really rich had either, even though both were barely usable or useful.
6. you had a pager.
7. you ever used a Macintosh clone.
8. you remember when Apple launched an unsuccessful tablet device called the Newton.
9. you defined a portable computer using terms such as clamshell, laptop, and lunchbox, instead of notebook, tablet, and smartphone.
10. you can identify the serial port and accurately discuss what it was used for.
11. you know anything at all about “the Pentium bug.” Extra credit if you know the name of the problematic instruction resulting in Intel offering replacement chips.
12. you could identify the speed a modem was connecting by the sound of the tones.
13. you went “online” with CompuServe or Prodigy.
14. your phone system and your data network used different wires.
15. you cared deeply about the 56K modem battle: spread spectrum vs. direct sequence.
16. you saw the first broadband cable modem and knew it would change the way we would think about being always online.
17. to you, Archie is not just a character in a comic and Gopher is not a small rodent.
18. you had to spell out acronyms like LAN and WAN.
19. you have a box of Zip disks.
20. you could be a network administrator and not ever use IP.
21. you remember when Ethernet was connected with hubs.
22. hearing the words “token ring” and “beacon” in the same sentence still gives you chills.
23. you saw token ring get killed when Ethernet switches were born.
24. you needed a memory manager–not for yourself but for your PC.
25. you loved that it finally was possible to attach a printer to the network and not the server.
26. you could watch flying toasters for hours on end.
27. you remember Novell had the dominant NOS and Microsoft had something called DOS.
28. you remember the OS/2 vs. Windows debate.
29. you were excited by the launch of Windows 3.0.
30. you remember when trying Linux involved downloading 27 floppy disk images, and installation carried the real risk of hardware damage if you used incorrect X Windows settings.
31. you remember the first time you used the NCSA Mosaic browser (shortly after feeding 27 floppy disks into a spare 80386 PC).
32. you could develop commercial software without fear of patent litigation.
33. you knew where Scott/Tiger came from and what software package used it as the default user name/password.
34. you thought installing software over the network instead of using floppy disks was a major leap forward.
35. you did comparative reviews of Vines, NetWare, and Windows NT.
36. you remember when IBM bought Lotus (and then everyone else).
37. you remember the Microsoft Bob operating system.
38. for you, “Chicago” means Windows 95 and “Memphis” means Windows 98.
39. you’ve actually used Windows for Workgroups or Windows Me.
40. you remember TV announcers struggling with “double u, double u, double u, dot …” and the brief period when it was considered necessary to preface that with “h, tee, tee, pee…”
41. you used the term “information superhighway” more than once, with a straight face.
42. you struggled to understand the difference between Internet and intranet.
43. you debated whether anyone would actually read the news online.
44. you remember Netscape–not just the browser but the company that put the fear of God and the Web-based operating system into Microsoft.
45. you remember publishing on the Web without cascading style sheets.
46. you ever wrote a weekly print tech-rumors column under a pseudonym.
The Top 10 things a Linux distribution might be called, if it were released by Microsoft:
10. Seattle’s Best.
9. Breakable Linux.
8. The best thing Microsoft ever came up with.
7. Open Windows.
6. Something that will never happen.
5. Closed open source.
4. Steve Ballmer’s nightmare.
3. Blue Screen Linux.
2. A distro we’ll never use.
1. SUSE
Personally, I favor #2, 3, 5, 7 and 9. I think my favorite among those would have to be #7: Open Windows. Number 10 (Seattle’s Best) sounds like a brand of Coffee . . .
The comments page over at FossForce.com have a pretty healthy number of further recommendations for such a distribution . . .
Thunderbolt is a new over-the-wire technology. Expect to start seeing it more and more in 2012, and I think it may eclipse USB 3.0 before it really gets off the ground.
It’s essentially PCIe over a wire, but also incorporates the DisplayPort standard which also allows the wire to handle monitor connections – the connections can also be daisychained, and it’s bidirectional. It supports up to 10Gbps in either direction (so 20Gbps bidirectionally).
For a sense of scale, in order:
- USB 2.0 runs at 480Mbit/sec (total speed in any direction)
- eSATA runs at 3Gbps (total speed in any direction)
- USB 3.0 supports 5Gbps (total speed in any direction)
- Thunderbolt can support up to 20Gbps, 10Gbps in each direction.
In real life, this wire will transfer about 3/4 of a Gigabyte (768 megs) to 1 Gigabyte in ONE second.
This is an Intel technology, but the only one using it right now is Apple. Apparently a really good reason to use this is to make devices (like tablets & laptops) lighter because it’s only 1 port, where you don’t need multiple ports to get things done. So a Thunderbolt wire could connect to a projector, monitor, PC, external hard disk, etc.. and they can all be daisychained…
I had commented that I did not like the way Ubuntu was going with its Unity interface, nor was I happy at all with Gnome 3′s interface. In that post I had explained that I had ultimately decided to go with Xubuntu, which is the latest Ubuntu mixed with the XFCE desktop.
It would seem that Linus Torvalds has also decided to adopt XFCE, and has urged Gnome to fork itself to bring back the Gnome 2 interface, just as I had said in my previous post.
Apparently there’s a vigorous discussion going on about it, in which Linus is participating. Below are some excerpts from the original Google+ thread (linked here):
From one message Linus says: “While you are at it, could you also fork gnome, and support a gnome-2 environment? I want my sane interfaces back. I have yet to meet anybody who likes the unholy mess that is gnome-3.”
From another post Linus says: “it’s not that I have rendering problems with gnome3 (although I do have those too), it’s that the user experience of Gnome3 even without rendering problems is unacceptable.
Why can’t I have shortcuts on my desktop? Why can’t I have the expose functionality? Wobbly windows? Why does anybody sane think that it’s a good idea to have that “go to the crazy ‘activities’” menu mode?
I used to be upset when gnome developers decided it was “too complicated” for the user to remap some mouse buttons. In gnome3, the developers have apparently decided that it’s “too complicated” to actually do real work on your desktop, and have decided to make it really annoying to do.
Here’s an example of “the crazy”: you want a new terminal window. So you go to “activities” and press the “terminal” thing that you’ve made part of your normal desktop thing (but why can’t I just have it on the desktop, instead of in that insane “activities” mode?). What happens? Nothing. It brings your existing terminal to the forefront.
That’s just crazy crap. Now I need to use Shift-Control-N in an old terminal to bring up a new one. Yeah, that’s a real user experience improvement. Sure.
I’m sure there are other ways, but that’s just an example of the kind of “head up the arse” behavior of gnome3. Seriously. I have been asking other developers about gnome3, they all think it’s crazy.
I’m using Xfce. I think it’s a step down from gnome2, but it’s a huge step up from gnome3. Really.”
In my previous post about graphical interfaces I had also thought that XFCE was a step down from Gnome 2, but leaps & bounds better than Gnome 3 or Ubuntu’s Unity interface (which are remarkably similar). Apparently many others in the thread have adopted XFCE as well.
Here’s hoping the folks over at Gnome are listening (indeed, listening to Linus himself!) and give us back the Gnome 2 interface. If they love Gnome 3 so much, let them keep it — but at least offer the rest of us who don’t care for it the option to use the Gnome 2 interface again.
A sysadmin unpacked the server for this website from its box, installed an operating system, patched it for security, made sure the power and air conditioning was working in the server room, monitored it for stability, set up the software, and kept backups in case anything went wrong. All to serve this webpage.
A sysadmin installed the routers, laid the cables, configured the networks, set up the firewalls, and watched and guided the traffic for each hop of the network that runs over copper, fiber optic glass, and even the air itself to bring the Internet to your computer. All to make sure the webpage found its way from the server to your computer.
Fig. 1 Ted.
A sysadmin makes sure your network connection is safe, secure, open, and working. A sysadmin makes sure your computer is working in a healthy way on a healthy network. A sysadmin takes backups to guard against disaster both human and otherwise, holds the gates against security threats and crackers, and keeps the printers going no matter how many copies of the tax code someone from Accounting prints out.
A sysadmin worries about spam, viruses, spyware, but also power outages, fires and floods.
When the email server goes down at 2 AM on a Sunday, your sysadmin is paged, wakes up, and goes to work.
A sysadmin is a professional, who plans, worries, hacks, fixes, pushes, advocates, protects and creates good computer networks, to get you your data, to help you do work — to bring the potential of computing ever closer to reality.
So if you can read this, thank your sysadmin — and know he or she is only one of dozens or possibly hundreds whose work brings you the email from your aunt on the West Coast, the instant message from your son at college, the free phone call from the friend in Australia, and this webpage.
If you don’t have expensive PDF editing software, you can convert your PDF to a JPG and then edit/add text/graphics accordingly, then convert the image back to a PDF.
To convert a PDF to a Jpeg, you’ll need Imagemagick (sudo apt-get install imagemagick).
The quality setting can be from 0 to 100 (100 being the best, but often a huge file), I have found 20 to be a good balance of size vs. quality. The interlace option helps with readability, and density specifies the dots per inch (for printing). For PDF’s with color images, you may find you need to add the option -colorspace RGB.
The default print resolution when using the convert program on PDF’s is 72 dots per inch, which is equivalent to one point per pixel. Computer screens are normally 72 or 96 dots per inch, while printers typically support 150, 300, 600, or 1200 dots per inch. To determine the resolution of your display, use a ruler to measure the width of your screen in inches, and divide by the number of horizontal pixels (1024 on a 1024×768 display). Generally, I prefer to maintain enough density to support a possible print job.
This does work the other way around, so the command below will work just fine:
When convertnig PDF’s to Jpeg’s, each page will be it’s own numbered Jpeg. You can then convert multiple Jpeg’s back into a single PDF (the page order will depend on the filename sorted order, so be sure to number your files in the preferred order).
The command below will take a series of Jpeg’s and convert them into a single PDF:
This news is a few days old, but I thought I should post an update about it as I’ve covered Dropbox security issues in a previous blog entry. There is an extensive article in Wired magazine about this Dropbox fiasco. Apparently an FTC complaint has been filed.
From the article . . .
The FTC complaint charges Dropbox (.pdf) with telling users that their files were totally encrypted and even Dropbox employees could not see the contents of the file. Ph.D. student Christopher Soghoian published data last month showing that Dropbox could indeed see the contents of files, putting users at risk of government searches, rogue Dropbox employees, and even companies trying to bring mass copyright-infringement suits.
Soghoian, who spent a year working at the FTC, charges that Dropbox “has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts therir data,” which amounts to a deceptive trade practice that can be investigated by the FTC.
Dropbox dismissed Soghoian’s allegations.
“We believe this complaint is without merit, and raises old issues that were addressed in our blog post on April 21, 2011,” company spokeswoman Julie Supan said in a short e-mail to Wired.com. “Millions of people depend on our service every day and we work hard to keep their data safe, secure, and private.”
All files stored on Dropbox servers are encrypted (AES256) and are inaccessible without your account password.
to:
All files stored on Dropbox servers are encrypted (AES 256).
The difference, Soghoian charges, is very important. (If his name sounds familiar, you might remember him as the one who exposed Facebook’s attempt to place anti-Google stories in the press this week.)
Dropbox saves storage space by analyzing users’ files before they are uploaded, using what’s known as a hash — which is basically a short signature of the file based on its contents. If another Dropbox user has already stored that file, Dropbox doesn’t actually upload the file, and simply “adds” the file to the user’s Dropbox.
The keys used to encrypt and decrypt files also are in the hands of Dropbox, not stored on each user’s machines.
Those architecture choices mean that Dropbox employees can see the contents of a user’s storage, and can turn over the nonencrypted files to the government or outside organizations when presented with a subpoena.
Ran into a great application called Plop Boot Manager. The software allows you to boot off USB devices for those older computers whose BIOS doesn’t support USB booting.
The software is free for personal use, but not free for commerical use. It’s also not open source, but a good tool nonetheless.
I thought this was a very witty creation. It’s certainly not all-inclusive but perhaps a live, interactive Google map of the Great Linux World Map would be a good idea!
This site got a 71/100 … not bad. One of the biggest suggestions was to recompress the jpeg’s on the site much more than they are currently for an estimated 50% improvement. Though, I think the site loads pretty quick, it’s still a great tool for analyzing your own sites.
Well, recently we’ve seen some interesting developments. Canonical (makers of Ubuntu Linux) have come out with their latest version of Ubuntu (11.04), featuring their new default desktop interface called Unity. Meanwhile, the folks over at Gnome have also come out with Gnome 3, replacing the amazingly popular Gnome 2.x style interface. Boy, they look pretty similar, don’t they? Both of them are chasing Apple’s OS X interface for some reason.
I’m not a big fan of Apple’s interface and I’m very much not a fan of what Canonical and Gnome are doing with my desktop. While Ubuntu 11.04 offers an “Ubuntu Classic” mode (read Gnome 2.x mode here), this will only be around for 11.04. Once 11.10 comes out in 6 months, the “classic” will be discarded.
<rant> At this point I could go on about how these changes are trying to change my desktop into an oversized smartphone, or how for power users this is an absurd interface reminding me of a Fisher Price laptop, or an interface for children first learning to use a computer, but I won’t. While this perhaps might be a good interface for a tablet or a smartphone, it is not the way a desktop operating system should present itself to the user. There’s a plethora of posts on the internet about forking Gnome 2.x into its own project maintained by a separate community of developers from those over at Gnome. Others are talking about porting the Gnome 2.x shell & set of panels into the GTK 3.x platform: essentially porting the great Gnome 2.x desktop interface over so that they work well in the Gnome 3 code base. I am not sure if either of these will happen or not, but I can tell you that I cannot afford to wait & see. </rant>
The people over at Linux Mint (the second most popular Linux after the Ubuntu family) have stated that they will adopt Gnome 3, but without the Gnome 3 shell (which is the interface that is presented to the user, AKA “The Desktop”.) I’m not sure exactly how they will do that, but I am sure it will require a lot of custom coding.
Ubuntu has always offered me the perfect blend of Debian’s rock solid stability with my choice of the latest & greatest apps pre-installed. I’ve enjoyed using it for a few years now, however, forcing the Unity interface on users who’ve enjoyed the classic desktop is too much for me to bear. I know in some way Canonical’s hand was forced here in that Gnome was already abandoning it’s 2.x desktop, so instead of moving with Gnome’s 3.x shell, they decided to create their own version of an astonishingly similar, child-like desktop. Both interfaces are wrong for the desktop and wrong for the power user.
The developers at Gnome are equally guilty of abandoning the classic, best desktop, forcing a completely different interface on its users without the choice & option of what I suppose has to now be called “Gnome Classic”. It’s a mistake to offer users change without choice.
For those who may think all is lost at this point: DON’T PANIC, I know where my towel is located.
In my effort to find a new home for myself, I started selectively searching through the myriad of Debian-based Linux distributions. I tried Linux Mint and while it’s based on Debian, I don’t think it’s my cup of tea. On a hunch I tried Xubuntu (Ubuntu with the XFCE desktop instead of Gnome). I’ve always regarded XFCE as a Gnome knock off with less polish. Certainly, XFCE has come a long way, but it isn’t as intuitive as Gnome 2.x. Having said that I am reluctantly choosing Xubuntu as my distro of choice. XFCE is close enough that I can bridge the gap with some tweaking. I am mostly tweaking the panels. The default bottom panel that comes with Xubuntu 11.04 is useless in my estimation. I’ve deleted that in favor of a fresh panel with simply a Window Menu, Workspace Switcher & Trashcan. I’ve removed the Window Menu from the top panel and added some quick-click launcher icons at the upper left of the panel to launch often-run apps such as Chrome, Xchat, File Manager, Calculator, etc.
All tweaks aside, Xubuntu allows me to maintain the advantage of the Ubuntu line of repositories (including medibuntu!) while offering me a desktop that is much more familiar. For me, Xubuntu is the safest bet for a new home. One should not confuse a desktop interface with an entire Linux distribution. I could easily run Ubuntu 11.04 and just install the XFCE desktop onto Ubuntu and then choose XFCE as my default desktop under Ubuntu, instead of running Xubuntu. I do think though, that while that approach may work, the folks over at Xubuntu have integrated XFCE a bit better into the Ubuntu base than I could. It would allow me to cleanly run a variant of Ubuntu without the extra Unity baggage and enjoy an overall lighter distribution as well.
The plethora of support offered in the great Ubuntu Linux community was also an important factor in my decision. Fortunately, Xubuntu is so close to Ubuntu that all the forum posts out there supporting Ubuntu will also work for Xubuntu as well. Sure, there may be some Xubuntu-specific issues with which to deal, but the grand majority of forum posts specific to Ubuntu will also address questions for the Xubuntu user.
This is very much a personal decision. Some are sticking it out with Ubuntu and the Unity interface. Others are installing Gnome 3, replacing Unity. Yet others are switching over to KDE . . . mmmkay . . . ya . . . I’m not a KDE fan. I always thought KDE was chasing the Windows “start menu” concept and I generally don’t care for their desktop. Others still are abandoning Ubuntu altogether and switching over to Fedora or OpenSuSE.
I am sticking with Debian, and with Ubuntu — just in the Xubuntu camp. Ultimately I hope Gnome 2.x finds a home with an active bunch of developers (or gets ported to GTK 3.x!!) so that I can re-adopt it. Though I fear that the decade old, rock solid Gnome 2.x desktop may be dead: wow.
Apparently, there’s no desktop for old men. The forums are afire with posts similar to this blog post (though maybe with or without the Xubuntu choice). I hope to find some camaraderie on the IRC with some folks and see where this goes. This may not be the last post on this topic.
One of the great things about Linux is choice. I wish Gnome hadn’t made their choice to abandon their 2.x interface and I wish that Canonical hadn’t forced Unity on their users, but as a member of the Linux community I can exercise my own choice and adopt Xubuntu with the XFCE desktop as my new home. I hope others in the community will not let the Gnome 2.x interface die, either by forking it or porting it over to GTK 3.x. I’d very much like to return to it, but until then, goodbye to the “original” Ubuntu and to Gnome: so long and thanks for the fish.
For those willing to give Xubuntu a try, I thought I’d mention a few issues right off the bat during my Xubuntu setup and some of the fixes:
First you’ll have to install VLC, Audacious, VNC, VINO, Chrome, LibreOffice, Screen, Nautilus, Gconf-editor, NFS server and client, SSH, SSHFS, ECryptFS, Samba, SmbFS, RDesktop, EOG (Eye of Gnome Pic Viewer), Imagemagick and perhaps a few other things I haven’t yet come across.
Below are a couple of the important ones that required some configuring beyond the basic “sudo apt-get install“:
1. XFCE didn’t auto-create a menu item when I installed Chrome, so I had to add it manually.
Add a launcher to the panel (right click the panel, go down to panel –> Add new items), then select Launcher.
Once selected, a blank square will appear on the panel at the far right, and will have a light grey/black box. Right click that new box on the panel, click Properties.
Add an item to the launcher (click the blue + sign) and search from Chrome. If it’s not listed you can add it manually by clicking the “add empty item” icon which is the white paper with the gold star. Select the icon for the application (when selecting icons its easier to select from the ALL ICONS item in the pull down) and then for the command in the launcher itself type:
/opt/google/chrome/google-chrome %U
2. Default File Manager is Thunar: No thank you. Thunar, while very light, is too light on features. I need tabbed file browsing. Therefore I have manually installed Nautilus which worked very nicely. For this you’ll also want Gconf-editor since that allows some Nautilus-specific customizations. So simply type:
#sudo apt-get install nautilus gconf-editor
Then to use Nautilus as your default file manager, go to Settings Manager –> Preferred Applications –> Utilities Tab, then select Nautilus from the File Manager pulldown menu.
If you prefer a /text/path/to/your/files instead of the graphical button style in Nautilus, the quick fix is to run gconf-editor from the command prompt, then in the configuration editor and navigate down to: apps –> nautilus –> preferences –> always_use_location_entry and make sure to check that box off.
3. I also had problems VNCing into my new Xubuntu install. To fix this, just install Vino.
sudo apt-get install vino
Then run vino-preferences (from command line) and check off your preferences:
#vino-preferences
Then you’ll have to set up Vino to start with a reboot: Go to Session & Startup in your Settings Manager, then click on Application Autostart then click ADD. Enter whatever you like for Name & Description, but in the command field, enter:
This year is certainly the year for birthdays. The File Transfer Protocol, otherwise known as FTP is 40 years old today. Originally put forth as the RFC 114 Specification on April 16, 1971, FTP (and the various iterations inspired from it) is as heavily used today as it was back then by people and companies all over the world.
Originally put forth as RFC 114 and used as such from 1971 to 1980, it changed when in 1980 it was put forth again as RFC 765 by Jon Postel of ITI. This standard retired RFC 114 and introduced more concepts and conventions that survive to this day, including: A formal architecture for separate client/server functions and two separate channels, Site-to-site transfers, Passive (a.k.a. “firewall friendly”) transfer mode among other improvements. RFC 765 was replaced by RFC 959, which formalized directory navigation in 1985.
The third and current generation of FTP was a reaction to two technologies that RFC 959 did not address: SSL/TLS and IPv6. It was essentially a security upgrade to FTP.
The latest RFC’s that handle the FTP protocol are RFC 2228 in 1997 (which added SSL extensions and is how FTP became FTPS) and RFC 2428, which added IPv6 suport in 1998.
While FTP matured into FTPS, it is not to be confused with SFTP.
FTPS is essentially a secured or hardened FTP protocol that uses two channels, one for the data transfer and one for directory listings and other data not associated with the actual transfer. It’s FTP + SSL.
SFTP is a complete departure from FTP and is part of the Secure Shell File Transfer Project and was built from the ground up as an extension of SSH. It is a secured file transfer protocol built as an extension of SSH itself. While many confuse SFTP with “an FTP session through SSH”, it isn’t. While FTPS is FTP with security extensions (namely SSL), SFTP is an extension of SSH that adds easy file transfer capabilities to the already secure SSH session. Also not to be confused with SCP, SFTP allows for many more dynamic commands than that of simple SCP.
It is interesting to note that many companies still use classic FTP over VPN connections as well.
Anyone lost yet? Just checking . . .
For the record, I prefer SFTP, since I love SSH and do everything I can over SSH, even mapping file systems over it with SSHFS (more info about SSHFS here).
Relative to an earlier post I made about the birth of the Internet, a heritage site is being set up where the very first message was sent over what would become ARPAnet and later, the Internet at UCLA. There’s a couple of great pictures in the article as well.
Our heritage site is a restoration of the original 1969 ARPA lab that sent the first Internet message from 3420 Boelter Hall at UCLA. It will be open to the public and feature key artifacts including the very first piece of the Internet infrastructure, namely the Interface Message Processor (IMP). We use teaching tools from the 1960s such as slide projects and blackboards to tell the story of the Internet’s early history.
As an archive, historical documents from the Internet’s early history are being identified, acquired, and made available to scholars and the general public through social media and scholarly databases. The physical copies are held permanently, securely, and accessibly in the world-class archive facilities at UCLA. It is our conviction that the more of this information we make available – with particular attention paid to typically under-represented groups – the more objective, inclusive, and interesting a history of the early Internet can be written.
I use Dropbox heavily for storing many files I’d like immediate and synchronous access to across various systems. I enjoy knowing that if I place a file on my Dropbox folder at home, it’ll be available on my laptop later, on my work machine, or on other machines I use remotely. It’s very convenient.
Dropbox is essentially offering a “public cloud” to its users to hold their files. This also means that our files are stored on servers that we do not entirely control. Because of this, I make a habit of encrypting all the data in my Dropbox folder (call me old school, but there it is…)
This does make things a bit difficult, as the files are not immediately available to me insofar as I have to decrypt them first (using eCryptFS). While that’s essentially a simple process, it is an extra step. It does however give me a measure of relief knowing that if there should be any problems with the public cloud and my files were to fall into the hands of a third party, at least they’d then have to decrypt them first.
It turns out that Derek Newton has found some security issues with Dropbox. Every Dropbox installation under windows places a config.db file under %APPDATA%\Dropbox (in Linux the file would be under ~/.dropbox/ and is called dropbox.db and host.db).
All an attacker would have to do is first gain access to a system running dropbox and copy the config.db file (or the dropbox.db and host.db file under Linux) and place them on his own system, in his own vanilla Dropbox (fresh) installation. As Derek puts it:
. . . the config.db file is completely portable and is *not* tied to the system in any way. This means that if you gain access to a person’s config.db file (or just the host_id), you gain complete access to the person’s Dropbox until such time that the person removes the host from the list of linked devices via the Dropbox web interface. Taking the config.db file, copying it onto another system (you may need to modify the dropbox_path, to a valid path), and then starting the Dropbox client immediately joins that system into the synchronization group without notifying the authorized user, prompting for credentials, or even getting added to the list of linked devices within your Dropbox account (even though the new system has a completely different name) – this appears to be by design. Additionally, the host_id is still valid even after the user changes their Dropbox password (thus a standard remediation step of changing credentials does not resolve this issue).
I understand that Dropbox is trying to keep their system as easy to use as possible and allow systems to easily sync files, but this requires a second look and perhaps a bit of re-engineering.
Check out Derek’s full post here. He agrees that the only remedy at this time is to encrypt the files in your Dropbox folders. I also recommend you read the discussion occurring after his post, as there’s a vibrant discussion on the topic and Derek responds to some of the more cogent remarks. In this matter, I agree with Derek entirely that Dropbox (while very convenient) is vulnerable to some trivial attack vectors.
Dropbox may decide that for convenience, this design merits keeping without correction. If they should decide that, I’m OK with that since I encrypt my data anyway. This does stand as a warning though to those that don’t, that your files could be at risk and you should either avoid putting any sensitive data in Dropbox folders, or employ encryption.
This will of course make mobile Dropbox clients useless, since I’m aware of few encryption programs available for Android (or iThings) that are also available to the desktop. I know eCryptFS isn’t available for mobile devices, which means that viewing files on my cell phone has been and remains impractical.
Cloud storage is nice and can be convenient, but it is critical to protect your data. If you’re interested in eCryptFS (which I prefer over other encryption applications such as Truecrypt), check out my older blog post here for a full explanation of it and how to implement it on Debian-based systems (such as Ubuntu, Linux Mint, etc.)
In addition to all this, other bloggers are talking about Dropbox’s use of deduplication to backup its data. What this means is, if two different users with their own Dropbox accounts store the exact same file to their respective folders, Dropbox will only backup one copy of that file and simply attribute the bits to both users.
While this saves Dropbox a ton of storage requirements for backups as well as bandwidth and money, it does so at your expense. It also means that they’re not really encrypting your data. As Christopher Soghoian mentions in his post,
The service tells users that it “uses the same secure methods as banks and the military to send and store your data” and that “[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.” However, the company does in fact have access to the unencrypted data (if it didn’t, it wouldn’t be able to detect duplicate data across different accounts).
This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed.
If you value your privacy or are worried about what might happen if Dropbox were compelled by a court order to disclose which of its users have stored a particular file, you should encrypt your data yourself with a tool like truecrypt or switch to one of several cloud based backup services that encrypt data with a key only known to the user.
[Of course I recommend eCryptFS over Truecrypt, as I've stated before. I have not tried SpiderOak.com (referred above in the quote) -- it may be a viable alternative to Dropbox, but I'd still encrypt my data.]
An interesting tidbit I’ve intuited here, is that Dropbox must be using deduplication on the fly in its client. For depulication to happen on the fly ahead of any file upload to the Dropbox network the client must indeed send key bits (also known as a hash) back to the Dropbox network for deduplication analysis.
Tests show (according to Christopher Soghoian’s post) that indeed dropping an identical file at a later time generates a slim fraction of network traffic back to Dropbox (from your computer) than a file that the Dropbox network has never seen before. This means that Dropbox is looking at all its data in aggregate across all users for duplicated bits, so that only the unique bits are backed up. If all users’ data were truly encrypted, this could not happen as encryption scrambles bits and would deny Dropbox the efficiency of bit level comparisons.
This means that users’ data are ultimately not really kept separate, and any encryption Dropbox may claim they apply is rendered useless since they’re blending user data on the back end to better manage and streamline their available resources (at the users’ expense).
Ultimately, what this really means is that you should have no expectation of privacy for any data you place on Dropbox’s network, unless you go out of your way to encrypt it prior to ever placing the data into the Dropbox folder. Encrypting your data prior to dropping into a Dropbox folder will truly render the data unique, forcing a full upload of the entire file as well as depriving Dropbox of any benefit of deduplication.
What this means for Dropbox is increased costs for servers and bandwidth to backup encrypted data since it cannot be deduplicated. While I understand Dropbox’s need to maximize profits and keep costs down, it shouldn’t be at the users’ expense.
Ultimately, no faith can be put in a public cloud to protect one’s own data. They’re great solutions for offsite storage as well as convenience, so long as proper precautions are taken. Encryption ahead of time is the best way to enjoy the fruits of this great technology.
Linux is 20 years old this year … first unveiled in September 1991 as version 0.01. Three years later, in March of 1994, Linux 1.0.0 was released with 176,250 lines of code. The Linux Kernel soon grew into 14+ million lines of code, and now runs much of the world’s most important servers.
Of course, the kernel isn’t all of what we know as Linux. The GNU tools that surround it make up GNU/Linux and indeed the many distributions we know and love today, such as Red Hat, Debian, Slackware and Ubuntu.
Watch this video for a brief overview of the history of Linux.
Linux and open source software provide a valuable service for the community and businesses around the world. If you’ve ever enjoyed reading my blog or have ever enjoyed free & open source software, please consider making a donation to the Linux Foundation or to the Free Software Foundation.
I use many of these commands quite often. They’re immensely helpful when one wants to do a lot of remote work on a computer, or simply access resources on a remote machine (Linux or otherwise). (FYI: OpenSSH may be installed on Windows machines if anyone does not have a home Linux box to receive SSH sessions, and may use PUTTY to SSH from a Windows machine).
1. Using a Hauppauge HVR-1950 on one of my home machines, I often watch TV on my computer. If I ever want to watch remotely, I set VLC to stream the feed from the capture device (addressing it as a PVR on /dev/video0) using an OGG codec to the local IP address on a specific port number, then SSH to the same box from the outside with the following command:
This command will SSH to my home public IP on my alternate SSH port and listen locally (client side) on port 6500 and forward the traffic requests (encrypted via the SSH tunnel) to my local server on 192.168.0.10 on port 2503 (the port I configured VLC to stream on from the server with the Hauppauge device). When I launch VLC on my client and engage a network connection on 127.0.0.1 on port 6500 (using VLC menu option ctrl-N) — poof — TV appears on my remote PC.
This is really an extension of concepts explained in item #1. With SSH you can forward any local port to any remote port on the other side, and funnel encrypted traffic to any computer running any OS on the SSH server side. So to VNC to a home machine from a remote location, simply SSH to your home machine (may require port forwarding and/or port knocking) and divert local port traffic to a remote server of your choice.
Note the -D 15000, allows for a SOCKS PROXY, which routes any application’s traffic using SOCKS out of your SSH’ed connection. For example, you can engage a SOCKS proxy on Firefox and then check your public IP address (by going to whatismyip.com) and you’ll see that while your real public IP may be one address, all your browser traffic is routed through your home connection.
There’s a lot to say on this subject (for example DNS translations are not routed by default through the tunnel) and other nuances. Google “SOCKS PROXY SSH DNS” for more info. This link may offer some further assistance.
There are other complications, in that it’s not easy to route operating system DNS requests (outside of the Firefox browser) through SSH, primarily because DNS runs on UDP port 53. I do not believe SSH will natively handle UDP port rerouting, though I’ve seen some creative solutions with netcat and mkfifo.
Also I have read (in the man pages) that Chrome supports SOCKS, I have read running Chrome with –proxy-server=<host>:<port>. For example when running the browser, google-chrome –proxy-server=”socks://foobar:1080″(with quotation marks), assuming that foobar is 127.0.0.1 (assuming you used a -D option for dynamic port forwarding) and port 1080 was the destination port at the end of your -L port:host:port command switch. Check the google-chrome man page for more details.
In the same example used above (copied below for convenience), once I connect to my home SSH box via MyPublicIPAddress, I simply have to engage a VNC viewing session to my own client (localhost) on port 7000, and it’ll route to the IP address of my choice inside my home network, in this case 192.168.0.12. VNC defaults to answering on port 5900. Multiple -L’s may be added to route many protocols (RDP, VNC, VLC, NFS, Web (80), even e-mail ports) to various machines on the local network.
In the example below I’ve added a second -L option routing traffic from my local client on local port 6000 to another machine (192.168.0.25) in my home network on port 3389 (the Windows RDP port). In that scenario, running (in Windows) mstsc /v:localhost:6000 would allow me to RDP to my home machine, 192.168.0.25. In Linux, I would run rdesktop localhost:6000.
2a. An extension of the port redirect function of SSH in #2, I’ve written a post on dynamically adding port redirects without having to kill an SSH session to add the new redirects, instead add them on the fly: Click here for the post.
3. SSHFS. Not much to say about it here, simply check my full writeup on the subject.
40 years ago today at about 9pm on October 29, 1969 , two programmers sat 400 miles apart and sent information between their two computers. The first word, “LOGIN” was sent at that time. Well, actually only “LO” was sent, before the Stanford Research Institute computer crashed. They worked on the problem and about 90 minutes later at around 10:30pm, the full word LOGIN was sent to the other computer: and the precursor to what we now know as the Internet was born.
SRI, then known as the Stanford Research Institute, hosted one of the original four network nodes, along with the University of California, Los Angeles (UCLA), the University of California, Santa Barbara (UCSB), and the University of Utah. The very first transmission on the ARPANET, on October 29, 1969, was from UCLA to SRI.
ARPAnet evolved into what soon became the Internet that we all know, love and depend on for information and freedom of expression.
When you want the current weather conditions without having to visit a graphically busy weather website, or without the benefit of a GUI (say working a shell), a great app will give you the weather conditions in no time, just by typing weather at the command prompt.
Simply sudo apt-get install weather-util, and set up the .weatherrc file, and you’ll have instant local weather, plus you can set up presets for weather at [work], [home] or [elsewhere], so you can get the weather for any city.
$ weather
Current conditions at Raleigh-Durham International Airport (KRDU)
Last updated Jun 04, 2008 - 01:51 AM EDT / 2008.06.04 0551 UTC
Wind: from the S (180 degrees) at 10 MPH (9 KT)
Sky conditions: mostly cloudy
Temperature: 72.0 F (22.2 C)
Relative Humidity: 73%
City Forecast for Raleigh Durham, NC
Issued Wednesday morning - Jun 4, 2008
Wednesday... Partly cloudy, high 67, 20% chance of precipitation.
Wednesday night... Low 96, 20% chance of precipitation.
Thursday... Partly cloudy, high 71, 10% chance of precipitation.
Thursday night... Low 97.
Friday... High 72.
For those that prefer detachable Screen sessions with multiple windows in shell and want to run instant message chat sessions in CLI without the hassle of Xwindows … CenterIM is for you.
CenterIM is a pretty robust instant messaging client that runs entirely out of your command prompt. Simply sudo apt-get install centerim and you’re ready to go. It takes a little getting used to, but all the files you need are held in your home directory under ~/.centerim . Every contact gets their own folder under .centerim and gets contact-specific chat history logs. The master config files are held in .centerim as well. The first time you run the application, it will show an options window allowing you to configure your preferences. If you delete config file, it will rerun the preferences dialog when you next run the application, however you can access and modify the options by hitting ‘g’ from the main chat window.
CenterIM supports ICQ, Yahoo!, AIM, MSN, IRC, Jabber, LiveJournal, and the Gadu-Gadu IM protocol as well. Anyone familiar with pico, nano or irssi will be right at home with CenterIM.
With modern filesystems securely deleting files isn’t always easy, but one approach which stands a good chance of working is to write random patterns over all unused areas of a disk – thus erasing the contents of files you’ve previously deleted.
We all know that when you simply delete a file, it’s possible to recover it later. Sometimes this is useful, if you accidentally delete something important, but usually this is a problem, and you really want that file gone forever. I will explain here how to delete a file in linux securely and permanently, so it can never be recovered. In addition, I will show how to completely wipe previously-used (available) space which will often have complete files or file-remnants which can otherwise be recovered. This applies to hard drives, external USB drives, thumb drives, etc.
To wipe your available (free) disk space, you’ll want to install the secure-delete application. Not only will this application suite offer applications that will wipe files and free space, but it will also wipe your SWAP partition and your system memory (RAM). Wiping RAM is important for privacy as well, since many files are stored in RAM and can be retrieved even after the computer is shut down, right off the chip!
First, install the secure-delete suite of applications:
sudo apt-get install secure-delete
Then, to wipe your /home partition’s free space, for example:
sudo sfill /home
The sfill the program will fill up all free space on the designated mount point by creating a huge single file. The the contents of this file are written in a number of special steps – ensuring that all areas of the disk which were previously free have had their contents erased. Once completed, the large file is removed, restoring your free space. You can sfill any mount point. Type man sfill for more info and options.
The command to erase existing files is “srm”, short for “secure rm”. Simply type
srm filename
Where filename is the name of the file you want to securely wipe/delete. You can also use wildcards (e.g. srm filenam*)
To wipe your system’s memory (RAM) use this command:
sdmem
SDmem is short for secure delete memory. You can run the command by itself, or with options. Type man sdmem for more info.
Similarly, sswap will securely wipe your swap partition. You must unmount your swap partition before using this command otherwise your system will likely crash. Once the wipe is completed, you can remount your swap partition. Type man sswap for more info. To wipe your swap space simply type:
sswap /dev/sda8
/dev/sda8 is an example. To find your specific swap device, simply type sudo fdisk -l, or cat /proc/swaps which will list your partitions and their device labels. Also to unmount your swap space, simply type sudo swapoff /dev/sda8 and to remount it type, sudo swapon /dev/sda8.
