Eu buntu nix

Google
 
Web Eu Buntu nix

Sunday, April 30, 2006

How-To LINUX

How-To LINUX-www.linuxboxadmin.com

Configure serial ports

View serial ports/multi-port boards (must be root)

setserial /dev/ttyS0
setserial /dev/ttyS1

Set a serial port to 115k (must be root)

setserial /dev/ttyS0 spd_vhi
 This only configures the port, not any attached modem or serial device.
Other speeds:
spd_normal 38.4 k
spd_hi 57.6k
spd_shi 230k
spd_warp 460k


----------------------------------------------------------

Set ethernet to full duplex

Set an ethernet adapter to full duplex (must be root):

mii-tool --force=100baseTx-FD eth0

If you want to force full duplex as boot time, add the above command to one of the startup scripts, such as /etc/rc.d/boot.local.



----------------------------------------------------------


Set the real time clock

Set the real time clock

hwclock --set --date="3/21/02 01:10:00"


----------------------------------------------------------

Tune IDE disks

See IDE disk settings (must be root)

hdparm /dev/hd? (hda, hdb, etc.)

Set DMA for IDE disks (must be root)

hdparm -d1 /dev/hd? (hda, hdb, etc.)
 Usually big performance gains, especially for DVD drives.

Tune additional IDE disk settings (must be root)

hdparm -d1 -c3 -m16 /dev/hd? (hda, hdb, etc.)
 The -c3 option turns on the 32-bit EIDE interface. The -m16 option sets the read ahead buffer to 16 sectors. Fairly non-agressive settings for modern EIDE disk.

Test IDE disk performance (must be root)

hdparm -tT /dev/hd? (hda, hdb, etc.)


----------------------------------------------------------

View detected hardware

General

The Linux kernel stores all hardware settings in the virtual directory /proc.

See IO ports

cat /proc/ioports

See IRQs

cat /proc/interrupts

See PCI devices

cat /proc/pci
also
/sbin/lspci

See USB hubs and devices

cat /proc/bus/usb/devices
also
usbview (gui program)

See IDE disk settings (must be root)

hdparm /dev/hd? (hda, hdb, etc.)

View serial ports/multi-port boards (must be root)

setserial /dev/ttyS0 setserial /dev/ttyS1

Active network cards

/sbin/ifconfig
also
/sbin/ip addr

Boot time hardware detection messages (kernel ring buffer)

dmesg | less

----------------------------------------------------------

Apt and dpkg commands


To update the local cache from apt repositories

apt-get update

To download and install a package (including dependencies):

apt-get install package-name

To install a single .deb package:

dpkg --install package.deb

To remove a package:

apt-get remove package-name

To find all available packages that match a pattern:

apt-cache search pattern

apt-cache searches the package names and descriptions.

To display package information:

apt-cache show package-name

To show all installed packages:

dpkg --list

To show all files that belong to a package:

dpkg --listfile package-name



----------------------------------------------------------

Cron fields


Crontab fields

Here is how the fields are defined:

  1. minute
  2. hour
  3. day of the month
  4. month of the year
  5. day of the week
  6. program or command to run

An asterisk (*) in any field means run every time for this field. Ranges (X-Y) and steps (X-Y/Z) can also be defined.

User crontabs

To edit a user crontab (including root):
crontab -e

To delete a crontab:
crontab -r

System crontab

The system crontab is stored in /etc/crontab. It can be changed (as root) with a text editor.

The system crontab has one extra field before the program to run, which is the user to run the command as (usually root).


----------------------------------------------------------
Default gateway

To set the default gateway:

route add default gw ip-address interface

For example, route add default gw 10.1.1.1 eth0

To view the current routing table:

route -n
Here is a typical routing table: 

Kernel IP routing table
Destination    Gateway    Genmask         Flags Metric Ref  Use Iface
10.241.1.118   0.0.0.0      255.255.255.255 UH    0     0    0  eth1
192.168.1.203  0.0.0.0      255.255.255.255 UH    0     0    0  eth0
127.0.0.0      0.0.0.0      255.0.0.0       U     0     0    0  lo
0.0.0.0        192.168.1.1  0.0.0.0         UG    0     0    0  eth0
The entry with a destination of 0.0.0.0 is the default gateway.


----------------------------------------------------------


Disk quotas


The Linux kernel supports disk quotas if the support for quotas is compiled into it. The kernel configuration option is CONFIG_QUOTA=y. Most distributions include this option in their kernels.

There are four steps to enabling quotas on a file system.

  1. Add the usrquota option to the /etc/fstab entry
  2. Use quotacheck filesystem to create initial quota files
  3. Use edquota to set quota limits for users/groups
  4. Enable quotas with quotaon filesystem

Quota files (binary)

Two quota files are stored in the root of the file system where they apply. They are:

  • quota.user (v1) or aquota.user (v2)/li>
  • quota.group (v1) or aquota.group (v2)

To set quotas for a user:

edquota -u user

To set quotas for a many users based on a another user:

edquota -p protouser -u user [user]

To set quotas for a group:

edquota -g group

To see a summary report on all quotas

repquota -a

To disable quotas:

quotaoff filesystem

To scan/update/repair quota files (unmount file system first):

quotacheck -u -g

Hard and Soft Limits

There are two limits that are enforced in the quota system. The first is a limit on the total amount of space used by all files owned by the user (block limit). The second is a limit on the maximum number of inodes used (file limit). Each limit has a soft (warning level) and hard limit (stop level). If a user exceeds the soft level, they have a grace period (7 days) to correct the problem. When they hit the hard limit, the system will not allocate any more space to them until they remove some files.



----------------------------------------------------------


File Timestamps


Each file has three dates associated with it (stored as the number of seconds since the epoch, Jan 1, 1970). The three timestamps are

  • Access time (atime) - the last time the file was read
  • Modify time (mtime) - the last time the file contents were changed
  • Change time (ctime) - the last time the file permissions were changed

In a long directory listing, the timestamp shown is the Modify time (mtime). To see all timestamps, use:
stat filename

Here is sample output from stat: 

  File: `apache.php'
Size: 9791            Blocks: 24         IO Block: 4096   Regular File
Device: 302h/770d       Inode: 1818841     Links: 1
Access: (0644/-rw-r--r--)  Uid: (32045/ wileyjb)   Gid: (32045/ wileyjb)
Access: 2006-03-08 13:48:55.000000000 -0500
Modify: 2006-03-04 14:33:37.000000000 -0500



Change: 2006-03-04 14:33:37.000000000 -0500


----------------------------------------------------------



Find suid/sgid files



Find all SUID root files:

find / -user root -perm -4000 -print

Find all SGID root files:

find / -group root -perm -2000 -print

Find all SUID and SGID files owned by anyone:

find / -perm -4000 -o -perm -2000 -print

Find all files that are not owned by any user:

find / -nouser -print

Find all files that are not owned by any group:

find / -nogroup -print

Find all symlinks and what they point to:

find / -type l -ls


----------------------------------------------------------

Fstab fields


Each line in /etc/fstab contains infomaton on one filesystem. For example,

/dev/hda7 / ext3 defaults 0 0

There are 6 fields:

  1. device name (e.g., /dev/hda)
  2. mount point
  3. filesysem type (ext2, reiser, iso9660, etc.)
  4. options (ro, noauto, user, usrquota)
  5. dump should backup this filesystem (0=no, 1=yes)
  6. fsck order on reboots (0=dont check, 1=root filesystem, 2=other filesystems)



----------------------------------------------------------


Iptables




Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

If any routing or forwarding is to be done with iptables, set the ip_forward kernel value:
echo "1" > /proc/sys/net/ipv4/ip_forward

Here is the general syntax for iptables commands:
iptables -t table -[ADC] chain rule-specification [options]

The -ADC is for append, delete, or change the rule. The -t table can be either filter (default), nat, or mangle.

Rules are processed in order until they match, then they are either sent to another chain or are handled immediately through one of four targets (ACCEPT, DROP, QUEUE, or RETURN). The jump (-j) option at the end of a rule determines the fate of a packet.

Meaning of targets:

  • ACCEPT means to let the packet through.
  • DROP means to drop the packet on the floor.
  • QUEUE means to pass the packet to userspace (if supported by the kernel).
  • RETURN means stop traversing this chain and resume at the next rule in the previous (calling) chain.

Each of the main kernel tables has a fixed number of chains where rules can be applied:

  1. filter (default)
    1. INPUT (for packets destined for the box itself)
    2. FORWARD (for packets being routed through the box)
    3. OUTPUT (for locally-generated packets)
  2. nat (masquerading)
    1. PREROUTING (for altering packets as soon as they come in)
    2. OUTPUT (for altering locally-generated packets before routing)
    3. POSTROUTING (for altering packets as they are about to go out)
  3. mangle (special processing)
    1. PREROUTING (for altering incoming packets before routing)
    2. OUTPUT (for altering locally-generated packets before routing)
    3. INPUT (kernel >= 2.4.18)
    4. FORWARD (kernel >= 2.4.18)
    5. POSTROUTING (kernel >= 2.4.18)

To save the current iptables rules to a file:

iptables-save > firewall-rules.txt

To restore saved iptables rules from a file:

iptables-restore <>

To clear (flush) all rules for the filter table:

iptables -F -t filter

To list all rules currently in effect for the filter table:

iptables -L

To list all rules currently in effect for the nat table:

iptables -t nat -L

To blacklist an IP (drop all incoming packets from that IP):

iptables -t filter -A INPUT -i eth0 --source 1.2.3.4 -j DROP

To port forward SMTP to an internal IP:

iptables -t nat -A PREROUTING --destination 64.14.241.55 -p tcp --dport 25 -j DNAT --to-destination 10.0.1.9

To masquerade outbound traffic from the internal network (traditional NAT):

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To delete rule 4 from the PREROUTING chain of the nat table:

iptables -t nat -D PREROUTING 4



----------------------------------------------------------


Kernel Modules


Kernel module dependencies are stored in:
/lib/modules/kernel-version/modules.dep

To show loaded kernel modules:
lsmod

To display information about a module:
modinfo module-name

To load a module (and dependent modules):
modprobe module-name

To unload a module (and dependent modules):
rmmod -r module-name

Altering how kernel modules are loaded

The /etc/modules.conf file can be used to alter how kernel modules are loaded. The most common entry is an alias mapping a generic name to an actual module. For example:
alias eth0 e100
The above line loads the e100 module if modprobe eth0 is executed.

It can also be used to pass parameters to modules, or force loading a module stack not defined in normal dependencies.

Kernel sources

Installing the kernel sources varies considerably since most distributions ship heavily patched kernels. Follow the docs of the distribution.


----------------------------------------------------------

RPM commands



Location of RPM database files:

/var/lib/rpm/

To install a package (i=install v=verbose h=show hash marks):

rpm -ivh package.rpm

To uninstall (erase) a package:

rpm -e package-name

To upgrade a package:

rpm -Uvh package.rpm

To test a package without installing (checks dependencies):

rpm -Uvh --test package.rpm

To verify a package:

rpm -Vvv package-name

To verify ALL installed packages:

rpm -Va

To find installed package names matching a pattern:

rpm -qa | grep pattern

To see what files a new package is going to install:

rpm -qpl package.rpm

To see what files belong to an installed package:

rpm -ql package-name

To see what package owns a file:

rpm -qf filename

To rebuild the RPM database:

rpm --rebuilddb

To bypass running the install/uninstall scripts in a package:

rpm -ivh --no-scripts package.rpm
also
rpm -e --no-scripts package-name

Mass install:

rpm -ivh *.rpm

Mass uninstall of packages that match a pattern:

rpm -qa | grep pattern | xargs rpm -e



----------------------------------------------------------


Sar - System Activity Report


Sar is the "system activity report" program. In Linux, it is often found in the sysstat package. The package includes the sadc program that gathers stats and stores them in binary files in /var/log/sa/, and the report programs, sar, mpstat, and iostat. It also includes the sa1 and sa2 shell scripts that execute sadc and produce daily summaries of the data.

Capturing performance data

If you install sar from a package, several scripts may be set up automatically to gather data. Check the cron configuration for sa1 and sa2 scripts. If the scripts are not scheduled to run, here is a typical cron configuration:
# run system activity accounting tool every 10 minutes
*/10 * * * * root /usr/lib/sa/sa1 1 1
# generate a daily summary of process accounting at 23:53
53 23 * * * root /usr/lib/sa/sa2 -A

To show CPU performance:

sar -u

To show average IO performance over time:

sar -b

To show average IO performance by device:

iostat

To show average network performance:

sar -n FULL

To show network performance by device:

sar -n DEV

To show network errors by device:

sar -n EDEV

To show memory performance:

sar -R

To show paging (swap file) performance:

sar -W



----------------------------------------------------------

Shared Libraries and Tracing


Many Linux programs use dynamic shared libraries (.so=shared object), similar to Windows DLLs. The list of directories that Linux searches for shared libraries is defined in /etc/ld.so.conf. At run time, Linux uses a cache of available libraries (updated during boot from /etc/ld.so.conf) to determine what to load from where when a call is made to a shared library. The cache file is /etc/ld.so.cache.

Adding or updating libraries

After a change to /etc/ld.so.conf or after new libraries are installed, update the library cache file (as root):
ldconfig

To determine which libraries are used by a program or another library:

ldd [program-name | library-name]

Stack tracing

To see all system calls made by a program, calls to libraries, and signals received, use:
strace program-name
note: see also ltrace

Static linking with gcc

To statically link libraries with a program while compiling, pass the -static flag to gcc:
gcc [other options] -static

If compiling from a Makefile, set the linker options in the LDFLAGS variable:
LDFLAGS = -static




----------------------------------------------------------


SMTP test


To test SMTP from the command line:
  1. telnet host-to-test 25 (connect to port 25 on mail server)
  2. HELO sending-host
  3. MAIL FROM: foo@foo.com
  4. RCPT TO: bar@bar.com
  5. DATA
    (enter one blank line after DATA)
  6. Subject: test
    To: to-user
    From: from-user
    (enter one blank line after From:) test text for email
    . (enter a single period by itself on the last line)
  7. QUIT


----------------------------------------------------------

Special Permissions


In addition to the standard permissions (rwx), there are 3 special permissions that can be set for a file or directory: suid, sgid, and sticky bit.

suid -- this special permission allows the file to be executed with the security permissions of the file owner instead of the permission of the user who ran the program. This can be a source of security problems. Some daemons run as suid root. The suid permission is seen as an "S" in the user executable position a long directory listing (ls -l). Has no effect if the file is not executable.

To set the suid permission:
chmod u+s filename

sgid -- this special permission allows the file to be run with the security permissions of the group instead of the permission of the user who ran the program. This can be a source of security problems. The sgid permission is seen as an "S" in the group executable position a long directory listing (ls -l). Has no effect if the file is not executable.

To set the sgid permission:
chmod g+s filename

Note: If sgid is set on a directory, any file created within that directory will have the same group owner assigned as the directory. Useful when a group of users is sharing the same directory.

sticky bit on a directory -- Prevents any files in a directory from being deleted by anyone but the owner of that file. Often used on the /tmp directory. Good to prevent accidental deletions by rm * commands. The sticky bit is seen as a t in a long directory listing (ls -l). Setting the sticky bit on a file is ignored by Linux.

To set the sticky bit:
chmod o+t dirname




----------------------------------------------------------


Sysctl


Sysctl is used to view and modify kernel parameters at run time. It is slightly more elegant than copying values directly to /proc.

The /etc/sysctl.conf file is the sysctl default file that often contains multiple parameter settings to be loaded at once. It is sometimes used by start up scripts so be careful making changes to it. To modify multiple parameters at once, it is safer to create a new file.

To view all kernel parameters:

sysctl -a

To set a new value for a kernel parameter:

sysctl -w variable.name=xxxx

For example:
sysctl -w net.ipv4.ip_forward=1

To load multiple parameters from a file:

sysctl -p filename



----------------------------------------------------------


Tar and cpio



Create a gzipped tar archive

tar czvf archive files-to-backup

Extract a gzipped tar archive

tar xzvf archive files-to-backup

Create a bzipped tar archive

tar cjvf archive files-to-backup

Extract a bzipped tar archive

tar xjvf archive files-to-backup

List files in a tar archive

tar tf archive

Create a cpio archive

ls /dir/* | cpio -ov > archive.cpio

Extract a cpio archive

cpio -ivd <>

List files in a cpio archive

cpio -it <>

----------------------------------------------------------

TCP wrappers



The TCP wrapper program is /usr/sbin/tcpd. It is typically used to limit access to services in the inetd superserver based on IP address or user name. It is also available as a library, libwrap, that can be linked into a program.

The IP based controls in TCP wrappers have been mostly superceded by the kernel based iptables, which is more flexible. TCP wrappers is compiled into the xinetd superserver used in Red Hat and SUSE.

To protect an inetd service, replace the call to the original service with a call to tcpd and pass the original program name as a parameter. For example, here is a line in /etc/inetd.conf for the proftpd program:
ftp stream tcp nowait root /usr/sbin/proftpd

and here is the line modified to use TCP wrappers:
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/proftpd

The two files that control access, and are checked in this order. The search stops at the first match.
/etc/hosts.allow
/etc/hosts.deny

If a match is not found in either file, the default is to permit access.

Both files use the same syntax:
daemon_list : client_list [ : shell_command ]

The client list can be a pattern that matches a host name or IP address. Client lists can include the user name, like user@host. The optional shell command allows additional action to be taken after a match.

To set up a default deny policy, use this entry in hosts.deny:
ALL:ALL
 Then, anything not explicitly permitted in hosts.allow will be denied.

This is an example for hosts.allow that permits access to the proftpd daemon from localhost and from the company.com domain:
proftpd: LOCAL, .company.com



----------------------------------------------------------

Users and Groups


Shadow Suite

The shadow suite is used in every modern distro. It adds encryption to passwords and moves them, along with expiration dates to /etc/shadow (users) and /etc/gshadow (groups).

The main system account files are:

  • /etc/passwd
  • /etc/shadow
  • /etc/group
  • /etc/gshadow

Another important file in the shadow suite is /etc/login.defs It defines the site-specific configuration for the shadow login suite. It controls how the login program behaves, minimum password length, etc.

Add a new user:

useradd user-name

When a new user is created, the system also copies the files from /etc/skel to the new user home directory, including subdirectories. The system adds them to passwd, group, and shadow files as necessary.

Delete a user:

userdel -r user-name

Deletes the user from account files and removes the home directory. Does not delete other files owned by the user, they must be deleted manually or assigned to another user.

Set an expiration date for a user:

usermod -e MM/DD/YYYY

Change user password:

passwd user-name

Lock a user account:

passwd -l user-name

Unlock a user account:

passwd -u user-name

Add a group:

groupadd group-name

Delete a group:

groupdel group-name

Change group password:

gpasswd group-name

Gpasswd is rarely used since many distros create one group for each new user.

List the groups a user belongs to:

groups user-name

----------------------------------------------------------


Bash Shell


Bash initialization

When you first login, bash reads these initialization files in order (if they exist):

/etc/profile -- systemwide profile applies to all users

Then, it looks for these files and executes the FIRST one it finds:

~/.bash_profile
~/.bash_login
~/.profile

For interactive non-login shells, it executes:

~/.bashrc

At logout, it looks for this file to execute:

~/.bash_logout

The amazing technicolor multiline bash prompt

Set the PS1 environment variable in bash to customize the prompt. This is the prompt I use. It works best with a black background. If you want to keep it, add it to one of your bash startup files (like .bashrc).
PS1='\[\e[32;1m\]\u@\h \[\e[33;1m\][\w]\n\[\e[36;1m\]\t\[\e[0m\] $ '

Built-in shell variables:

$# number of command line arguments
$? exit value of last command
$$ process ID of current process
$! process ID of last background process $0 command name
$n where n=1-9 are the 1st thru 9th command line arguments
$* all command line arguments
$@ all command line arguments, individually quoted ($1 $2 ...)

If statement

if condition ; then
commands
elif condition ; then
commands
else
commands
fi

Test the return status of the previous command:

if [ $? == 0 ] ; then
commands
fi

Loops

while condition; do
commands
done

for var in list; do
commands
done

for (( expr1; expr2; expr3 )); do
commands
done

Case statements

The case statement can be used in place of a complex if statement:
case expression in
pattern)
commands
;;
pattern)
commands
;;
*
commands
esac

Traps

Bash scripts can trap signals to handle error processing better or unexpected events (like the user killing the script).

This traps signal(s) and executes "command" instead:
trap "command" signal [signal ...]

You can list active traps with:
trap -p

You can reset traps with:
trap - signal [signal ...]



----------------------------------------------------------

Rsync


Note: examples that use a shell use ssh

To synchronize a local directory with a remote one, use:

rsync -r -a -v -e "ssh -l username" --delete hostname:/remote/dir/ /local/dir/

To synchronize a remote directory with a local one, use:

rsync -r -a -v -e "ssh -l username" --delete /local/dir/ hostname:/remote/dir/

To synchronize a local file with a remote one, use:

rsync -a -v -e "ssh -l username" hostname:/filename /local/filename

To synchronize a remote file with a local one, use:

rsync -a -v -e "ssh -l username" /local/filename hostname:/filename

To synchronize a local directory with a remote rsync server:

rsync -r -a -v --delete rsync://rsync-server.com/stage/ /home/stage/

To synchronize a local directory with a local directory (make a backup), use:

rsync -r -a -v --delete /local/dir/ /backup/dir/



----------------------------------------------------------


Vi - bare essentials



There may be times when vi is the only text editor available, so it helps to at least know the basics. It is the default editor when changing a crontab. For a while, I used vi as my primary editor, but today I use nano.

On most Linux distributions, when you run vi, you are really running vim (vi improved). For basic editing, you'll never know the difference.

Note: A chunk of this small guide came from a web page I found long ago, but I don't remember where so I can't give proper credit. I've added and changed things from the original text.

Vi has two modes, command and insert (really, three if you count replace mode). Command mode is used to navigate, search, and issue other commands. Insert mode is used to enter text.

Vi starts in command mode.

You can precede most commands with a number indicating how many times to perform a command. For example, entering 99 followed by the down arrow will move the cursor down 99 lines. "99x" will delete 99 characters.

While in command mode (case sensitive)

  • move the cursor with arrow keys; if there aren't any arrow keys, use j,k,h,l
  • i - change to insert mode (before cursor)
  • a - change to insert mode (after cursor)
  • A - change to insert mode (at end of line)
  • r - replace one character
  • R - overwrite text
  • x - delete one character
  • dd - delete one line
  • yy - yank line (copy)
  • p - paste deleted or yanked text after cursor
  • P - paste deleted or yanked text before cursor
  • G - go to end of the file
  • 1G - go to top of the file
  • J - merge next line with this one
  • / - search, follow / with text to find
  • :wq - write file and quit
  • :q! - quit without saving
  • %s/old/new/g - substitute; replace "old" with "new" on all lines

While in insert mode

  • ESC - change to command mode
  • any text typed is entered at the cursor

Typical vi session

  1. Type "vi file.txt" at command prompt
  2. Move cursor to where new text will be added
  3. Type "i" to change to insert mode
  4. Type new text
  5. Type ESC to go back to command mode
  6. type ":wq" and ENTER to write the file and quit



----------------------------------------------------------



MySQL

MySQL communicates through either local unix sockets or over TCP/IP port 3306 (default). Database names, tables, field names, and passwords are case sensitive. SQL Commands are not case sensitive.

The configuration file is /etc/my.cnf. Usually doesn't need tweaking, except when using the InnoDB storage engine.

The main command line utilities are mysql, mysqldump, and mysqladmin. Many people like the phpMyAdmin package to manage MySQL through a web browser.

Server Administration

Show all running MySQL processes

mysqladmin --user=root --password=xxx processlist

Show detailed status report

mysqladmin --user=root --password=xxx extended-status

Reload grant tables (after making security table changes)

mysqladmin --user=root --password=xxx reload

Show running configuration settings

mysqladmin --user=root --password=xxx variables

Kill a slow or locked process

First, get the process id using processlist, then
mysqladmin --user=root --password=xxx kill id

Reset the value of an autoincrement field in a table

  1. mysql --user=root database
  2. alter table tablename autoincrement=100;
Note: reset the autoincrement field to 100. Use caution!

Security

Change/set the root password

  1. mysql --user=root mysql (initially no password)
  2. update user set Password=password('new_password')
    where user='root';
  3. flush privileges;

Create a user with remote update authority

  1. mysql --user=root --password=xxx mysql
  2. insert into user (Host, User, Password, Select_priv, Insert_priv,
    Update_priv, Delete_priv) values ('%', 'remote', password('xxx'),
    'Y', 'Y', 'Y', 'Y');
  3. flush privileges;
Note: This creates user 'remote' with global update authority, that can access MySQL from any host (%). In most cases, a remote user should be limited to a single database.

Create a user with access to just the db1 database

  1. mysql --user=root --password=xxx mysql
  2. insert into user (Host, User, Password)
    values ('localhost', 'foo', password('xxx'));
  3. insert into db (Host, Db, User, Select_priv, Insert_priv,
    Update_priv, Delete_priv) values ('localhost', 'db1', 'foo',
    'Y', 'Y', 'Y', 'Y');
  4. flush privileges;

Backup and Restore

Dump all databases (schema and data)

mysqldump --user=root --password=xxx --all-databases > databases.sql

Dump a single database (schema and data)

mysqldump --user=root --password=xxx --databases db1 > db1.sql

Dump a single database (schema only)

mysqldump --all --no-data --user=root --password=xxx --databases db1 > db1.sql

Restore a database from a dump file

mysqldump --user=root --password=xxx <>


----------------------------------------------------------


Postfix


Postfix Administration

Check the configuration and queue directories for the correct security settings and setup:
postfix check

Display all settings:
postconf

Display non-default settings:
postconf -n

Check mail queues for messages pending delivery:
mailq

Display headers and details about a message:
postcat /var/spool/postfix/deferred/message-id

Delete a message in the queue:

  1. mailq (to get the message-id)
  2. postfix stop
  3. find /var/spool/postfix -name message-id -print | xargs rm
  4. postfix start

Configuration files

There are many configuration files used by Postfix located in /etc/postfix. The two main files are:

  • master.cf -- defines how/what slave daemons are called by the master daemon
  • main.cf -- defines all other configuration options and files

Optional but often used configuration files are:

  • alias -- rewrites recipient addresses for local delivery
  • virtual -- rewrites recipient addresses for all local, virtual and remote mail destinations.
  • generic -- rewrites outbound addresses
  • transport -- defines how messages are delivered by email address
  • access -- restrict the messages accepted by host/domain/network/address
Optional files must be converted to a postfix lookup table with postmap. For example, postmap virtual creates the lookup table "virtual.db".

Master.cf

To change the smtpd daemon to only accept mail from the localhost, set the service option for smtpd to this: 

        #service        type  ...     command
localhost:smtp  inet  ...     smtpd
To change the smtpd daemon to accept mail on port 8025 instead of 25, set the service option to this: 
        #service        type  ...     command
localhost:8025  inet  ...     smtpd

Set up a catch-all address for a domain

Edit /etc/postfix/main.cf and add a line for the virtual map:
virtual_alias_maps = hash:/etc/postfix/virtual

Edit /etc/postfix/virtual and add the following: 

        ###############
# local users #
###############
user1@domain.com   user1
user2@domain.com   user2
user3@domain.com   user3

#############
# catch-all #
#############
@domain.com        catch-all

Run postmap virtual, the postfix reload. Now, all email addressed to anyser@domain.com will go to the catch-all address except the explicitly defined local users.

Get BCCed on all email

Add this line to /etc/postfix/main.cf:
always_bcc = foo@user

Bypassing MX lookups for a domain

The transport map can be used to deliver certain email to a different mail server than where the MX record points. This can be useful if the mail server sits in a DMZ and needs to deliver mail to an internal mail server.

Add a line to the /etc/postfix/transport file similar to this:
# the [] skips MX lookups
foo.com smtp:[10.1.5.1]

Then, run postmap transport and postfix reload.

Filtering email based on headers

Add this line to /etc/postfix/main.cf:
header_checks = regexp:/etc/postfix/header_checks

Edit header_checks and define regular expression rules:

        /^From: *@spammer.com/ REJECT
/^Subject: *mortgage*/ REJECT
/^content-(type|disposition):.*name[[:space:]]*=.*\.(exe|vbs)/
   REJECT Bad attachment file name extension: $2
Above are blocks based on the From:, Subject:, and file attachment extension.

Debugging Postfix

One way to debug postfix is to increase the verbosity level on a service in the /etc/postfix/master.cf file. Add from one to three -v arguments to the end of a service name, then monitor the mail log for the additional debug messages. For example, this increases verbosity on the smtpd process:
smtp inet n - n - - smtpd -v

If you suspect problems with a remote host instead of the postfix, you can use the debug_peer_list and debug_peer_level options in /etc/postfix/main.cf. This allows you to debug only connections with specific remote hosts. The verbosity level can be set from 1 to 3. For example:
debug_peer_list = foo.com
debug_peer_level = 2

Email related RFPs

  • RFC 821 (SMTP)
  • RFC 822 (email message format)
  • RFC 974 (mail routing)
  • RFC 1855 (netiquette)


----------------------------------------------------------

SMTP benchmarking


The smtp-source program is an SMTP benchmark and load testing program included with Postfix. It has a flexible set of options for testing SMTP servers.

An example of using smtp-source:
smtp-source -c -l 100 -m 200 -f test@foo.com -t test@foo.com mail.foo.com

Here is what the options mean:
-c = show count of sent messages
-l nnnn = length of each message (uses X's for body)
-m = number of messages to send
-f = MAIL FROM
-t = RCPT TO
the last option is the receiving mail server

By timing how many messages a server can receive, you can get an idea of the load it can handle.


----------------------------------------------------------

SSH

SSH server

The first time sshd runs, it generates three cryptographic key pairs and stores the keys in /etc/ssh.

  • ssh_host_key and ssh_host_key.pub (v1)
  • ssh_host_dsa_key and ssh_host_dsa_key.pub (v2 DSA)
  • ssh_host_rsa_key and ssh_host_rsa_key.pub (v2 RSA)

SSH communicates over TCP port 22 by default. The global server configuration file is /etc/ssh/sshd_config.

To deny all root logins, set this value in the the sshd_config file:
PermitRootLogin no

To disable the less secure v1 SSH protocol, use:
Protocol 2

To disable X forwading, use:
X11Forwarding no

To disable password logins (force public/private key authentication), use:
PasswordAuthentication no

SSH client

Note: because of their sensitive nature, the ~/.ssh/ directory and most of the files in it MUST be read/write for the user and not accessible to group or other. For example:
-rw-------
Otherwise, SSH will ignore them. If you copy personal SSH files to a new system and they don't work, check the permissions.

The default client configuration file is /etc/ssh/ssh_config. The user configuration file, ~/.ssh/config takes precedence over the default configuration.

To connect to an SSH server using a different user ID:
ssh userid@server-name-or-IP

To securely copy file(s), use scp:
scp localfile userid@server-name-or-IP:remotefile
also
scp userid@server-name-or-IP:remotefile localfile

To generate an SSH keypair for logins without passwords:
ssh-keygen -t dsa
 The system will prompt you for the secret key passphrase, then create the keys:
id_dsa (v2 private key)
id_dsa.pub (v2 public key)
 Next, append the v2 public key to the ~/.ssh/authorized_keys2 file on the server(s) where you want to login. To bypass the passphrase every time the secret key is needed, load the key into ssh-agent.

SSH-Agent

To load secret keys in the ssh-agent manually, execute:

  1. ssh-agent
  2. ssh-add keyfile (once for each key)

It is usually more convenient to run ssh-agent and load keys in the X startup script or the startup script for your window manager. Another option is to use the keychain script

Port Forwarding

SSH can port forward local and remote connections securely. Only root can forward privileged ports (<=1024).

To redirect a local port to a remote host port:
ssh userid@remotehost -L localport:remotehost:remoteport

To redirect a remote port to a local or remote host port:
ssh userid@remotehost -R remoteport:host:localport




----------------------------------------------------------

Apache


Basic Authentication

To use basic authentication, the AllowOverride directive must be set at the current directory (or higher up in the document root). This sets AllowOverride at the document root:

        
   AllowOverride All

Create a password file outside the Document Root using the htpasswd program, and add the first user (will prompt for the new user password):
htpasswd -c passwords username
For example, this file could be created in /etc/httpd/passwords.

Add a user to an existing password file (will prompt for new user password):
htpasswd passwords username

To prevent someone from reading .htaccess files, set this global files directive at the document root: 

        
Order allow,deny
Deny from all
Many distributions include this in the default httpd.conf file.

Simple example of an .htaccess file placed in the directory it will protect. It only requires a valid user:

        AuthName "Foo Web Directory"
AuthType Basic
AuthUserFile /etc/httpd/passwords
Require valid-user

Name Based Virtual Hosts

Virtual hosts allow multiple web sites to be served from one instance of Apache. Named based virtual hosts make the decision of what to serve based on the name of the site requested in the incoming HTTP header. IP virtual hosts make the decision based on the IP address the request came from, usually from a NIC with multiple IP addresses.

The first virtual host defined is the default web site, so that site is served if the name in the HTTP header does not match any other virtual host.

Sample virtual host definition with domain wildcards and separate log file:

        NameVirtualHost *

   DocumentRoot /var/www/virtuals/foo.com
   ServerName foo.com
   ServerAlias *.foo.com
   ScriptAlias /cgi-bin/ "/var/www/virtuals/foo.com/cgi-bin/"
   CustomLog /var/www/logs/foo.com/access_log combined
   
       DirectoryIndex index.php index.html

Aliases and Redirects

Redirects can be done using either mod_alias or mod_rewrite modules. These examples use mod_alias; mod_rewrite is beyond the scope of this micro how-to.

Aliases can be used if the new location is in the same document root and virtual hosts are not used. Here is an alias to serve the /new directory when /old is requested:
Alias /old /new

Redirects are needed when redirecting the location to a new domain, even if both domains are virtual hosts served from the same physical box. Here is a simple redirect:
Redirect /old http://foo2.com/new

SSL

SSL uses crytographic key pairs to secure data transferred between server and clients (in this case, apache and a web browser). In many distributions, the SSL private key is created automatically.

If not, use:
openssl genrsa -des3 -rand randfile1:randfile2:randfile3: 1024 > /path/to/ssl.key/server.key
 Enter the passphrase when prompted.

The key must be signed by a third party Certificate Authority (CA), such as Entrust or Verisign. In order to get a signed key, or certificate, a Certificate Signing Request (CSR) must be created and sent to a CA. Of course, CAs charge money for this.

To create a CSR:
openssl req -new -key /path/to/server.key -out /path/to/ssl.csr/server.csr
 Answer the prompts regarding Country, Common Name, etc. Some CAs may want specific answers to be blank or answered a particular way. Check the instructions for your CA.

When the signed certificate comes back, save it to:
/path/to/ssl.crt/server.crt

To enable SSL in Apache, use a virtual host definition on port 443 in httpd.conf: 

        
DocumentRoot "/var/www"
ServerName www.servername.com:443
ServerAdmin root@localhost
SSLEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
This is not a complete configuration. There are many more SSL directives available. The distribution may have reasonable defaults set, so these may be the only directives that have to be updated.

Domain wildcards

To configure domain wildcards so that any subdomain name displays the content of the main site, use the ServerAlias directive:
ServerName foo.com
ServerAlias *.foo.com

The asterisk will match all subdomain names for the domain and return the document root page for foo.com. This also works with virtual hosts.

note: Apache is only half of setting up domain wildcards, the DNS server must also be set up to direct all subdomains to the web server IP address. See the DNS micro how-to for details.


----------------------------------------------------------

Apache Bench


Apache bench, (ab) is a benchmarking program that ships with the Apache web server. While it may not be the most sophisticated tool, it is still very useful.

Apache bench should be run from a remote client since running it on the web server will skew the results down. Ideally, it should be run from multiple remote clients at the same time from different networks to better simulate actual web traffic.

To measure HTTP GET performance, use:

ab -n 10000 -c 25 URL

The -n is the number of requests to make and -c is the number of concurrent requests to make.

To measure HTTP PUT performance (form submissions), use:

ab -n 10000 -c 25 -p postfile.txt URL

The test PUT file, postfile.txt, does not have a to be a formatted as a valid PUT request, it can be a plain text file of the length you want to test.

Here is a sample report:

This is ApacheBench, Version 1.3d <$Revision: 1.73 $> apache-1.3
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/

Benchmarking linuxboxadmin.com (be patient).....done
Server Software:
Server Hostname: linuxboxadmin.com
Server Port: 80

Document Path: /
Document Length: 15738 bytes

Concurrency Level: 4
Time taken for tests: 14.986 seconds
Complete requests: 100
Failed requests: 0
Broken pipe errors: 0
Total transferred: 1599796 bytes
HTML transferred: 1576465 bytes
Requests per second: 6.67 [#/sec] (mean)
Time per request: 599.44 [ms] (mean)
Time per request: 149.86 [ms] (mean, all requests)
Transfer rate: 106.75 [Kbytes/sec] received

Connnection Times (ms)
     min  mean[+/-sd] median   max
Connect:       79    93    9.7     93   122
Processing:   403   503   32.1    509   564
Waiting:      322   503   32.1    509   564
Total:        403   597   28.5    599   654
Percentage of the requests served within a certain time (ms)
50% 599
66% 605
75% 613
80% 619
90% 628
95% 638
98% 648
99% 654
100% 654 (last request)

----------------------------------------------------------


DHCP


DHCP clients

The dhcp client in most distributions comes from the Internet Software Consortium (ISC). The program is dhclient and uses the /etc/dhclient.conf configuration file. The DHCP client will attempt to configure all network interfaces unless specified otherwise on the command line or in the configuration file.

To obtain an IP address lease for eth0:
dhclient eth0

To release the current IP lease:
dhclient -r eth0

Current lease information is stored in:
/var/lib/dhcp/dhclient.leases.

Some distributions use dhcpcd or pump as their dhcp client.

DHCP server

The ISC DHCP server is dhcpd. It implements the DHCP and BOOTP protocols.

The configuration file is:
/etc/dhcpd.conf

The lease file is:
/var/lib/dhcp/dhcpd.leases

Sample DHCP subnet configuration:
subnet 10.1.4.0 netmask 255.255.255.0 {
range 10.1.4.100 10.1.4..250;
default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.4.255;
option routers 10.1.4.1;
option domain-name-servers 10.1.5.1, 10.1.5.2;
option domain-name "foo.com";
}

Sample fixed IP assigned by MAC address:
host tk421 {
hardware ethernet 00:00:45:12:EE:F4;
fixed-address 10.1.4.99;
option subnet-mask 255.255.255.0;
option broadcast-address 10.1.4.255;
option routers 10.1.4.1;
option domain-name-servers 10.1.5.1, 10.1.5.2;
option domain-name "foo.com";
}


----------------------------------------------------------

DNS


DNS client name resolution

When a DNS name lookup is requested, it calls the resolver library (gethostbyname() C function). Programs linked against glibc will search using the order defined on the hosts line in /etc/nsswitch.conf. Typically, the hosts line is defined as:
hosts: files dns
This tells the resolver to look in /etc/hosts first, then ask DNS. Sometimes, NIS or a central database is included on the hosts line.

The resolver uses the name servers defined in /etc/resolv.conf. Most distributions use some kind of configuration tool to manage this file, so be careful of manual modifications.

DNS client utilities

The dig program (Domain Internet Groper) sends domain name query packets to name servers and can be used to test DNS configuration.

Dig queries use this format:
dig @server domain query-type query-class
where query-type is one of all, mx, ns, soa, txt or axfr (zone transfer).

For reverse DNS lookups:
dig -x 1.2.3.4

DNS/BIND server

There are 13 root servers that are the master servers for the whole system. The latest root server file can be downloaded from FTP.RS.INTERNIC.NET.

The DNS/BIND server daemon is "named". By default, named listens on UDP port 53.

The named configuration file is:
/etc/named.conf.

Within /etc/named.conf, the location of the zone files is specified with the directory option. For example:

        options {
   directory "/var/named";
};
And here is a typical authoritative zone definition:
        zone "foo.com" {
   type master;
   file "foo.com";
   allow-transfer { 1.2.3.4; };
   allow-query { any; };
};

Here is the minimal zone file (/var/named/foo.com) defined above:

    $TTL 3600
@       IN      SOA     ns1.foo.com. hostmaster.foo.com. (
           2005092601      ; serial, todays date + serial #
           3600            ; refresh, seconds
           900             ; retry, seconds
           1209600         ; expire, seconds
           3600 )          ; minimum, seconds

IN      NS      ns1.foo.com.
IN      NS      ns2.foo.com.
IN      MX      10 mail.foo.com.  ; Primary Mail

localhost         A     127.0.0.1
ns1               A     1.2.3.4
ns2               A     1.2.3.5
foo.com.          A     1.2.3.6
mail              A     1.2.3.6
www               A     1.2.3.6

When updating a zone file, the serial number must be incremented or named will not load the new configuration.

Here is a typical reverse lookup zone file (always in domain in-addr.arpa):

    $TTL 3600
4.3.2.in-addr.arpa.  IN  SOA  ns1.foo.com. hostmaster.foo.com. (
           2005092601      ; serial, todays date + serial #
           3600            ; refresh, seconds
           900             ; retry, seconds
           3600            ; expire, seconds
           3600 )          ; minimum, seconds

; name servers
3.2.1.in-addr.arpa.     IN  NS    ns1.foo.com.
3.2.1.in-addr.arpa.     IN  NS    ns2.foo.com.

; reverse DNS mapping
6.3.2.1.in-addr.arpa.  IN  PTR   mail.foo.com.

Turning off or limiting recursion

Recursive lookups (allowed by default) can create security risks and performance issues, specifically DNS cache poisoning attacks. To turn off recursion altogether, use this option in named.conf:

        options {
   recursion no;
};

To allow recursion for certain hosts, use an access control list to define the IP addresses of hosts that can use recursion. Use this to allow recursion for internal hosts while denying recursion for the public:

        acl recursionok { 192.168.1.0/24; 192.168.2.100; };
options {
   allow-recursion { recursionok; };
};
This would only allow hosts with source IP addresses of 192.168.1.0/24 or 192.168.2.100 to query about domains the server is not authoritative for.

Setting up a caching only name server

If you don't want to host your own DNS zones, but do want to centralize name lookups to reduce DNS overhead, you can set up a caching only name server. This server accepts DNS requests and forwards all requests that are not cached to another DNS server to resolve, passing the result back to the client.

To set up a caching only server, do NOT define any authoritative zones in the /etc/named.conf file, just enter valid DNS servers in the forwarders option. For example:

        options {
   forward first;
   forwarders {
       1.2.3.4; 1.2.3.5;
   };
};

The "forward first" option tells the server to try the forwarders first, then do a lookup itself if the forwarders fail to resolve the name. The "forward only" option tells the server to try the forwarders, then fail if it does not get an answer.

DNS domain wildcards

To configure DNS wildcards so that any subdomain name resolves to the main site, use an "*" in the CNAME record:
www IN A 1.2.3.4
* IN CNAME www

The asterisk will match all subdomain names for the domain and return the IP address of www, sending the browser to the main web site. This technique is often used in marketing programs where you want everyone to arrive at the same web site, but want to track who sent them there by the HTTP REFERRER.

note: DNS is only half of setting up domain wildcards, the web server must also be set up to accept all subdomains and show the same content. See the Apache micro how-to for details.

Testing your DNS configuration

A good tool that runs many tests against your DNS server can be found at:
DNSreport.com



----------------------------------------------------------



NFS

NFS Server

The Network File System is a TCP/IP file sharing protocol invented by Sun Microsystems. The daemons that implement the server are nfsd, mountd, and if quotas are needed rquotad. Since NFS relies on remote procedure calls, the portmapper daemon must also be running.

Shared files systems are defined in the /etc/exports file.

Each line describes a file system to export and which client machines can mount it with what permissions. By default, the user ID of the mounting user is used for file level permissions on the server machine. So, if you mount a remote file system as user "foo", then the permissions of the user "foo" on the server machine control what can be done on the mounted file system (within the limits of the /etc/exports definition). This is considered a weakness of NFS security because if a remote user gains root access, he has root permissions on NFS shared files. However, root connections can be blocked in the /etc/exports file.

Here is a simple example of /etc/exports: 

        /dir1       (rw)
/dir3       *.localdomain(ro, root_squash)
/dir2       (rw,all_squash)
dir1 is shared read/write to all machines; dir2 is shared read-only to all machines in localdomain, and root connections are mapped to the anonymous uid/gid; dir3 is shared read/write to all machines, and all connections are mapped to the anonymous uid/gid.

NFS Client

To mount a remote NFS filesystem, use:
mount -t nfs servername:/exported-file-system /local-mount-point

To allow all users to mount the NFS filesystem, add this to /etc/hosts:
nfssrv:/exported /mnt/local nfs noauto,user,exec 0 0
where nfssrv:/exported is the remote NFS server and filesystem and /mnt/local is the local mount point.

NFS Utilities

Check NFS traffic on the server with nfsstat.

Show server statistics:
nfsstat -s

Show client statistics:
nfsstat -c

Show exported filesystems on a remote server:
showmount --exports nfs-server

Show all mounted filesystems:
showmount --all nfs-server

NFS Performance

The NFS HOW-TO recommends mounting all NFS shares with these options:
hard,intr,rsize=8192,wsize-8192
The read size and write size buffers will greatly increase performance in most cases. The hard option tells the system to lock an app that is using an NFS mount if communication is lost between server and client. The intr lets you kill such an app with the Interrupt signal (don't have to use kill -9).


----------------------------------------------------------

Postgresql


By default, Postgres listens on TCP port 5432.

Dump all databases

pg_dumpall --clean > databases.sql

Dump a database with compression (-Fc)

pg_dump -Fc --file=database.sql --clean database

Restore a database from a dump file

pg_restore -Fc database.sql

Start the postgres interactive terminal

psql

Psql - show all databases

select * from pg_database;

Psql - show all tables

select * from pg_tables;

Psql - copy a table to a tab delimeted file

COPY table TO 'table.txt';

Psql - load a table from a tab delimeted file

COPY table FROM 'table.txt';

Run the vacuum utility

vacuumdb --verbose --analyze --all
Note: vacuum reclaims space from deleted records and updates indexes. It should be set up in cron. Newer versions of postgresql may run vacuum automatically.

Increase perfomance with shared memory

One effective performance tuning tip for Postgresql is to increase the shared memory buffers. This might require adding RAM to the server. Many Linux distros default to 32MB of shared memory, controlled by two kernel parameters:
/proc/sys/kernel/shmmax
/proc/sys/kernel/shmall

These values can be changed at run time, but it is better to set them at boot using the /etc/sysctl.conf file. This increases shared memory to 1GB:
# increase shared buffers for postgres at boot
kernel.shmmax=1073741824
kernel.shmall=1073741824

Then, tell Postgres to use 768MB of the 1GB available in the /var/lib/pgsql/data/postgresql.conf file:
shared_buffers = 98304 # min 16, at least max_connections*2, 8KB each

Restart postgres for the change to take effect.

posted by Ehrwin at 1:30 AM | 2 comments

GNOME won the desktop battle, will Linux lose the war?

original content published on April 27, 2006

Despite the head start that KDE enjoyed, the large number of KDE users and developers, and Linus Torvalds personally endorsing KDE, GNOME has won the desktop environment battle. The final victory came with the third piece of a corporate trifecta, giving GNOME the official nod from Red Hat, Sun Microsystems, and finally Novell. The question is, will the triumph of GNOME lead to the rise or downfall of the Linux desktop?

Novell goes GNOME

Red Hat and Sun Microsystems have long supported GNOME as their primary desktop environment. In August, 2003, Novell acquired Ximian, a GNOME oriented company. Then, in November, 2003, acquired SUSE, the second most popular Linux distribution and a KDE oriented company. For a time, it appeared there was an internal struggle to determine the official desktop direction of Novell SUSE.

After the departure of several high profile SUSE employees from Novell, GNOME was anointed as the default desktop. Novell pledged to continue support for both KDE and GNOME, but the writing is on the wall. With Red Hat and Sun already supporting GNOME, it probably made business sense for Novell to move in the same direction.

Beating the dead equine

The main argument I've heard for GNOME is that its license is more business friendly because the libraries are licensed under the LGPL while KDE libraries are under the GPL. Apparently, the LGPL provides more flexibility for vendors to integrate various bits of code into their distributions without GPLing all it. I am not a lawyer so I don't know how much this weighed in the decision of each company to go GNOME.

A couple of Linux heavyweights have come down on the side KDE. The most notable is Linus Torvalds himself, saying "I personally just encourage people to switch to KDE." Another luminary to side with KDE is the Slackware founder and leader, Patrick Volkerding, who stated "I do believe it would be best to let Dropline produce Slackware's GNOME and quit wasting my own time with it. Probably 1/3 of development time here is used maintaining GNOME, and *most* of the bug reports I get have something to do with GNOME (and aren't bugs I caused, or can fix)."

My own myopia

I've created "hello world" programs using KDevelop and GTK+, but never written a substantial application in either. KDE is based on C++ and GNOME is based on C. While I am not a fan of C++, the KDE class library is clean, consistent, and well documented while I found the GNOME model confusing. To me, the relationships in GNOME among GLib, GTK+, Pango, ATK, GdkPixbuf, and GDK were harder to grasp. Then, there is a segment of the GNOME world that is pushing Mono (a clone of Microsoft .NET/C#). Technically, KDE seems better thought out while GNOME seems to have grown organically out of the Gimp libraries.

As a user, I think both environments provide roughly equivalent feature sets and I can be happy and productive in both. Each has some programs I think are best of breed. In a vacuum, I would go with KDE, but I'd much rather use GNOME if all the programming talent from both camps could be focused in the same direction. Even 75 percent would be enough to smooth out whatever rough edges there are in GNOME.

Finally, I think the desktop environment will grow less significant over time. I am strong advocate of web applications. Web apps, whether they are based on LAMP, JSP, J2EE, or Ruby on Rails offer all the benefits of centralized deployment like a mainframe, but can also be run without a network connection if the server stack is installed locally. I like that the same code can be used as a multi-user network application and a single user local application.

Beggars have to be choosers

A logical question is do we have to pick one over the other? The answer depends on what you want out of Linux. If the goal is to advance Linux on the desktop, I think the answer is yes. There are countless obstacles to overcome before Linux gains popularity as a desktop, and I don't think everyone who uses Linux cares if it does. But for Linux to get commercial desktop applications and more hardware vendor support, there needs to be one desktop standard. It is just too expensive to support two.

This doesn't mean KDE would ever go away. It just means KDE would become a power user's choice like the dozens of other window managers and environments that exist. I've faced the fact that GNOME has won the battle and I'd better learn more about it. The benefit in the long run is more applications for the Linux desktop and better hardware and driver support.

Trickle down theory

While Linux as a server infiltrated the business world from the bottom up, I think the desktop will have to go from the top down. The people who brought Linux into the datacenter and the people who use Linux as a desktop today are by definition early adopters. They are power users not afraid to tinker with their computers that for most people are mysterious black boxes. I've even had trouble getting IT colleagues to try out desktop Linux because they don't want to invest the time. Most people are busy and have enough going on in their lives that they won't try Linux until they are introduced to it at work (i.e., forced to use it).

Most large desktop deployments will be driven and implemented by the big dogs in business, and will likely use GNOME. If desktop Linux can make inroads in the work place, it will become a lot less scary to the rank and file. It would also create an incentive for people to try it at home to improve their job performance.

With more Linux users at home, large hardware vendors have more incentive to offer it preloaded (and supported). That's when Linux on the desktop will really take off. I cringe at using the words "domino effect", but that's the way I see it happening, if it does.

I think the immediate hurdle is to standardize on the desktop. If the community refuses to get on board, and so far they have, no progress will be made. I have been ambivalent about it up to now, but see the wisdom in standardization.

The Long and Winding Road

Settling on a single desktop is just one step in a long, twisty path toward getting desktop Linux into the mainstream. GNOME has won the corporate battle and needs the support of the broader community. Because many people view KDE as technically superior and there are some egos at stake, that may be a bitter pill to swallow. Even if the community does coalesce around GNOME, it in no way guarantees success, but the continued fragmentation of the desktop guarantees it will languish.

posted by Ehrwin at 1:24 AM | 0 comments

Sun is working "true to the spirit"

Sun is working "true to the spirit"

I found Ron Hovsepian's comments quite different from my perception and couldn't help but comment on them.

I can't see how OpenSolaris creates any forks from any of the open source efforts and really does help many folks that do use it. Freedom is the ability to have choice, in addition to removing the restrictions of licenses. OpenSolaris accomplishes both, and works to become "true to the spirit".

Let us not forget that free software (in the unrestricted sense) goes back quite a bit farther than than GNU. I first read about Richard Stallman in a book by Steven Levy titled "The Hackers". It was this hacker ethic that Stallman based the GNU software on to some extent, which is quite dominant in open source efforts. The sources should be left in the top drawer and available for others to use, and locks should not exist, to paraphrase.

But there was lots of sources available in the public domain prior to GNU getting known (not even popular, but known). People were sharing them even before acoustic couplers were used to transfer the bits to 8" hard sectored floppies in ARC file format on heathkit computers. Folks like myself used to run BBSs on our phone lines so we could share those files. RBBS was a freely distributed set of BASIC sources. I wanted to point all of this out as both ARC and RBBS fell victim to proprietary programs (ZIP and PCBoard respectively) because they incorporated open, but inferior solutions at the time. ARC and RBBS couldn't survive as there weren't people willing to work on them to update the technology, but there are many more people with computers now and the trend has changed. This is important for all open source efforts. OpenSolaris is gathering a lot of interest these days, and people are working on it. This is a system that many folks laughed at the thought that Sun would even be able to overcome the legal obstacles to live "true to the spirit".

Even before I joined Sun, they participated in the open source efforts, and their contribution of OpenOffice was also created "true to the spirit". Sun is trying to do what they believe is the right thing, true to these roots of open source software. And while not perfect and learning to change the company with this model, is making great strides. I'm not sure how Sun has caused any fragmentation. Much of the software is the same on Solaris/OpenSolaris, Linux, BSD, OSX, etc...other than the kernel. There is more than one kernel available to use with open source software. HURD is one, and of course Linux, and Darwin. The OpenSolaris kernel is also an option today. Free choice is good for everyone.

It's worthy of nothing that there is a growing number of OpenSolaris distributions at this point, Schillix, Belenix, Nexenta (based on Debian), and more. We also have a lot of open source projects these days such as Blastwave, Gentoo, pkgsrc, and others...

Unlike some of the license loophole games that some folks play, Sun has been doing a good job at opening up the sources, issolating out the encumbered pieces, and working to get all of the sources open and free. This seems "true to the spirit".

As an example, when Red Hat released the sources to their Enterprise Server, but didn't provide any of the Makefiles or configure scripts to create them. Of course there is nothing in the GPL to keep folks from holding back the Makefiles and configure scripts to create them. That was something that was not "true to the spirit".

Or how about when Monte Vista would release the sources for the "previous" toolkit distribution while they worked to get the current sources ready in a "reasonable time". This is not very "true to the spirit".

Yet, in both of the above cases they can meet the GPL through loopholes, but the action is not very "true to the spirit".

Both DTrace and ZFS were both state of the art technologies that were released as open source. FreeBSD has a project going on to add DTrace functionality to their OS, from the OpenSolaris sources. They had the advantage of the DTrace sources, and Sun's engineers were actively helping the developers where they can. Not only are there no other comparable technologies pre-dating DTrace with the sources available, but Sun was encouraging dialog with the developers working to incorporate that technology into a competing OS. That is certainly "true to the spirit".

And the same with ZFS, a 128-bit filesystem that will take users well into the future. The current filesystem limitations will no longer have any impact on the architecture of this filesystem. There is no technology that compares in filesystems, and the sources are freely available, today!

This is done "true to the spirit", and can't fragment any other efforts, when they just do not exist. ZFS is the only 128-bit filesystem available on any system today! It seems to me that the open source world is better off with this code for others to share...

Zones technology is another effort which Sun provides with open sources, as is the Service Management Frameworks, and Security, and a lot of other tehcnology.

Mr. Hovsepian has really given no facts to back up his statements, and if he'd like to give Sun's new CEO, Jonathan Schwartz an opportunity to an open debate on this topic at a conference of his choice, I would hope that Jonathan could accomodate him. I would certainly encourage him to do so and feel not only does Mr. Schwartz represent Sun well, there is no question that he is "true to the spirit". This would make a great open debate at LinuxWorld. As I recall Novell attends those conferences, and maybe it would be convenient for Mr. Hovsepian to debate this topic with Jonathan Schwartz at that venue?

posted by Ehrwin at 1:20 AM | 0 comments

Thursday, April 27, 2006

Open Source is bad... except when Microsoft uses it

Apr. 19, 2006

Back in January 2005, Bill Gates took a back-handed slap at open-source saying, "There are some new modern-day sort of communists who want to get rid of the incentive for musicians and moviemakers and software makers under various guises." Where he says "modern-day sort of communists," think "open-source advocates."

Fast forward to April 2006. Eric S. Raymond, the main man behind the idea of open-source, the author of The Cathedral and the Bazaar, the seminal work on open-source, has just discovered that Microsoft is now selling a vector-graphics editor "Microsoft Expressions," which includes some of his open-sourced work.

Microsoft, the anti-open-source company, is using open-source software from one of open-source's leading lights. You've got to love it.

The code in question is GIFLIB. "GIFLIB is open-source software for hacking GIF images -- the direct ancestor of libungif, which is the name under which the codebase is more widely known these days," Raymond writes.

Microsoft didn't place the code in the product itself. That was done by the program's creator, Creature House. This company's code, technology, and development team was acquired by Microsoft in 2003.

Of course, Microsoft has been putting open-source code into its programs and operating systems for years. The classic example is its TCP/IP networking stack, which owes much of its goodness to the BSD TCP/IP code.

Still, as Raymond points out, "I'm OK with this, actually. I write my code for anyone to use, and 'anyone' includes evil megacorporate monopolists pretty much by definition."

Since the code is under the open-source MIT-license, Microsoft has every right to use it, so long as they keep Raymond's copyright announcement.

"Besides... now, when Microsoft claims open source is inferior or not innovative enough or dangerous to incorporate in your products or whatever the FUD is this week, I get to laugh and point. Hypocrites. Losers. You have refuted yourselves," concluded Raymond.

I couldn't have said it better myself.


-- Steven J. Vaughan-Nichols

posted by Ehrwin at 11:29 PM | 0 comments

IDC's Asia Pacific Security and Continuity Conference 2006


IDC's Asia Pacific Security and Continuity Conference 2006
Dynamic Resilience: Security & Continuity 2006
Conference

May 19, 2006

posted by Ehrwin at 10:56 PM | 0 comments

Leader of the Free World

Leader of the Free World

How Linus Torvalds became benevolent dictator of Planet Linux, the biggest collaborative project in history.


Linus Torvalds wants me to believe he's too boring for this story. The creator of the Linux operating system portrays himself as a mild-mannered soul leading a humdrum life, just another guy lucky enough to own a McMansion in the hills above San Jose courtesy of the money-mad late '90s. Before agreeing to meet me, Torvalds sent an email imagining that I'd be overwhelmed by the tedium of hanging around with the likes of him.

Ian White
Ian White
Torvalds, now full-time at the Open Source Development Lab (right), dons a mask of the Linux mascot Tux.

"Six shots of coffee and I was expecting Linus to really spring into action," he wrote, pretending to be me. "Where would he go next? Fighting evil software hoarders? But no. He got into his car (dammit, if I had a car like that I wouldn't act so sluglike) and drove sedately back home I closed my eyes and dreamt of more exciting assignments."

On one level, Torvalds' life really is filled with quotidian routine. He works from home as a fellow for the Open Source Development Lab, a corporate-funded consortium created to foster improvements to Linux. His commute is a walk down a flight of stairs to an office he shares with Tove, his wife of nine years. It's jammed with Linux-related books, few of which he's read, and looks out onto the narrow walkway between his home and the neighbor's. The early July day he invites me to visit is his first official one as an OSDL employee, but it isn't long after my arrival that he excuses himself to take out the garbage because Tove nags him about the smell. Later, he takes a break to feed a lunch of milk splashed over Cheerios to his three daughters, all younger than 8, while Tove runs errands.

Torvalds, 33, looks like a supply clerk. His wispy brown hair frames preternaturally blue eyes and a soft, open face with an ample nose and heavy jaw. He's almost never without a benign grin, a smile so pearly-white perfect that he could get work in a teeth-bleaching ad. And he's dressed as though ready for a casual morning of tennis: white socks, white shorts, and a slight variation of the same shirt he more or less always wears - a white polo obtained for free at some Linux event.

Yet Torvalds' humble office is the de facto world headquarters for an operating system now used by more than 18 million people around the globe, and this self-described ordinary Joe is admired by legions of fans who cast him as a modern-day warrior courageous enough to challenge the most powerful technology companies in the universe and smart enough to win. It's easy to see why that hyperbolic depiction has taken hold. At 21, wearing a ratty robe in a darkened room in his mother's Helsinki apartment, Torvalds wrote the kernel of an operating system that can now be found inside a boggling array of machines and devices. He posted it on the Internet and invited other programmers to improve it. Since then, tens of thousands of them have, making Linux perhaps the single largest collaborative project in the planet's history. Twelve years on, the operating system is robust enough to run the world's most powerful supercomputers yet sleek and versatile enough to run inside consumer toys like TiVo, as well as television set-top boxes and portable devices such as cell phones and handhelds. But even more impressive than Linux's increasing prevalence in living rooms and pockets is its growth in the market for servers, the centralized computers that power the Internet and corporate networks. It's only a matter of time, concluded Goldman Sachs in a study released earlier this year titled "Fear the Penguin," before Linux displaces Unix as the dominant operating system running the world's largest corporate data centers. It's impossible to measure precisely the spread of software that anyone - from a resident of a third world country to the CTO of a multinational giant - can download for free over the Internet, but Linux has surely proved itself the most revolutionary software undertaking of the past decade.

Linux's mainstream arrival is testament not only to the worth of the code contributed by programmers working out of love rather than pursuit of a paycheck, but to the power of its progenitor, who still gives a thumbs-up or thumbs-down to any changes. Torvalds acknowledges being "benevolent dictator of Planet Linux," as he calls it, yet the secret to his success is not, apparently, his technological prowess but his disarming personality. Check in with the loyal subjects who have watched Torvalds' rule - a process best accomplished via email - and they'll agree. As Cliff Miller, an early Linux contributor, writes: "He is a great leader, which he may not even realize."

Over the past decade, other free software products have been hailed as critical building blocks of our networked world. About two-thirds of the servers that collectively make up the Internet deliver Web pages and other data through a program called Apache, developed by a band of programmers who receive no direct financial compensation for their work. The programming language Perl, another freebie, has become so indispensable to Web developers that it's been referred to as the duct tape of the Internet. And most of the world's email is routed through Sendmail, yet another exercise in mob authorship. Like Linux, each of these was created by coders abiding by the open source credo: Do what you wish to improve a product, charge for it if you like, but share the underlying source code you added.

These efforts, impressive as they are, haven't matched Linux in terms of reach and acclaim. That's partly because, as an operating system, Linux plays the glamour position in the software world, akin to the quarterback or lead guitar. But hackers have backed other free operating systems, and none have attained the following that Linux enjoys. "This is not due to the variation in technical merit, development style, or licensing scheme," Miller writes to me. "The difference is spelled L-I-N-U-S." People have tried to make Torvalds into what he's not - anti-money, anti-capitalist, anti-Microsoft - so they tend to miss his true strengths. Those who work closely with Torvalds describe him as a steadying force atop an ever burgeoning community populated by more than its share of prickly programmers and zealots. Under his guidance, they manage to crank out software that matches, if not exceeds, the work produced by the salaried armies of Microsoft, Sun Microsystems, and other well-financed behemoths.

Those giants have certainly taken notice. Microsoft's top executives acknowledge Linux as a top adversary, and it's no wonder. Time has shown a strong correlation between a company's stock price and the vigor with which that company has embraced Linux. Oracle, IBM, and Intel - three of the system's earliest corporate proponents - have mostly held their value on Wall Street over the past couple years. Sun, which was late and halfhearted in adopting Linux, has watched its stock plummet.

Ian White
Ian White
Still, for all its recent triumphs, Linux now faces its single greatest threat: a lawsuit that seeks to prove that Linux represents a widespread case of intellectual property theft and to charge its users steep fees as compensation. In March, the SCO Group, a Utah-based company that owns the rights to the Unix operating system, accused IBM of dropping thousands of lines of Unix into Linux. Since then, SCO executives have charged that the presence of its code in Linux raises ownership issues that call into question not only Linux's legality but the very process that makes open source such a vital part of the tech world. Linux is based on donated code: Torvalds and his peers who oversee popular open source projects accept contributions from any and all sources based on the merits of the code alone. They don't have the institutional resources to ensure that a programmer isn't guilty of plagiarism.

"We need to step back and take a look at the open source business model, which doesn't provide [private enterprises like ours] with inherent protections," SCO chief executive Darl McBride charged in August. To pursue its claim against IBM, whose programmers have been some of the most prolific contributors to Linux, SCO has hired David Boies, who represented the government against Microsoft and Gore against Bush before the US Supreme Court.

Legal papers filed by SCO cast Torvalds as a ringleader encouraging his followers to brazenly flout the law, and though the suit wouldn't have a significant financial impact on him (he collects no royalties from his operating system), Linux has come to define his identity. Torvalds never set out to champion an alternative method for creating software, but inadvertently he has, and now he's both proud of that accomplishment and angry that his life's work is under attack. For better or for worse, he has emerged as the poster boy for the open source movement, and SCO has thrown a big fat dirtball at the cause. "I spend a lot more time than any person should have to talking with lawyers and thinking about intellectual property issues," Torvalds says with a sigh.

Torvalds is a work-at-home dad with no formal management training. He confesses to being terribly disorganized. His approach to voicemail is to let messages stack up and then delete them without listening to any. His memory is so lousy that he can't recall whether he was 6 or 8 or 10 when his parents divorced. And he's awfully absentminded: We are heading out the door for lunch when Torvalds suddenly remembers that his wife is out and that if we leave, his kids will be home alone. Then there's his ambivalence about his role as Linux's leader. "I don't have a five-year agricultural plan," he says. "I don't want to dictate: This is how we're all going to march in lockstep." Yet the 12 years he's presided over an unruly group of volunteer programmers is worthy of study by those who teach leadership inside the world's finest MBA programs.

His hold over Linux is based more on loyalty than legalities. He owns the rights to the name and nothing else. Theoretically, someone could appropriate every last line of his OS and rename it Sally. "I can't afford to make too many stupid mistakes," Torvalds says, "because then people watching will say, hey, maybe we can find someone better. I don't have any authority over Linux other than this notion that I know what I'm doing." He jokingly refers to himself as "Linux's hood ornament," and he's anything but an autocrat. His power is based on nothing more than the collective respect of his cohorts.

Almost from the beginning, Torvalds has surrounded himself with a circle of deputies he calls "maintainers." These are programmers whose contributions have impressed him in a particular category - networking, say, or file system management - so that now they contribute code as well as screen the contributions of others that fall into their area of expertise. "Nobody gets declared into any of these positions," explains Alan Cox, who until this summer was responsible for those layers of the operating system that communicate with disk drives. Instead, Torvalds will simply start relying on that person to help him weigh the merits of others' work; suddenly the programmer finds himself occupying an exalted role. Today, Torvalds has a dozen maintainers who help him manage upcoming versions of Linux. According to Cox, Torvalds tends to have a different relationship with each one. Some he's collaborated with for many years and trusts implicitly. Others he reviews more closely because "perhaps he doesn't trust their design decisions or some of their coding," writes Cox in an email. "We all have our weaknesses." That's one of the great advantages of the open source model, Cox adds: constant feedback and peer review.

This geographically dispersed group meets at least once a year to talk about its goals for the operating system. "Linus sets a philosophical direction about how he likes the code to be," says Andrew Morton, who has been working on core components of Linux since 2000. "The rest of us pretty much follow his lead." Torvalds has final say over their decisions, but it's extremely rare for him to overrule any of them.

Earlier this year, Torvalds asked Morton to take over informally as number two. Morton, who for several years ran software development teams inside Nortel Networks, is now overseeing the release of Linux version 2.6, expected by the end of this year. But that arrangement is represented more clearly on an organizational chart than in reality. Some people, it seems, still send potential 2.6 fixes directly to Torvalds - and he'll respond rather than defer to his lieutenant. "Somehow things move ahead fairly well," says Morton.

By all accounts, Torvalds has a good feel for when he should hold forth and when he should keep his opinion to himself. He'll debate an issue passionately - favoring terms like pinhead and brain-damaged when arguing technical points - and sometimes make the wrong call, but if so, he's proved willing to publicly admit his mistakes. More than anything he seeks to avoid taking sides in a way that might splinter his followers. "I'd much rather have 15 people arguing about something than 15 people splitting into two camps, each side convinced it's right and not talking to the other," he says. Often, when things are on the verge of getting messy, he'll consciously avoid making a decision, allowing time for feelings to dissipate. "Eventually, some obvious solution will come to the fore or the issue will just fade away," says Morton.

In a way, Torvalds is less a ruler (or a hood ornament, for that matter) than an ambassador, roaming his virtual world and exerting his influence to prevent technical fights from devolving into sectarian battles. Take the factions that want him to make toppling Microsoft a priority: Create a version of Linux as simple for novices to use as Windows, they reason, and you loosen Redmond's grip on the PC. "That's the kind of politics you see inside Oracle and Sun," Torvalds says. "Once you start thinking more about where you want to be than about making the best product, you're screwed."

Mike Olson is the CEO of a Massachusetts-based database startup called Sleepycat Software and contributed critical components to Linux as a UC Berkeley grad student. He describes Torvalds as "very, very good - much better than engineers in general - at smoothing out difficulties, building consensus, and building community. He really has only a technical agenda."

Perhaps there's no plainer example of Torvalds' equanimity than his unflappable attitude toward Richard Stallman, the intellectual forefather of the free software movement. A former computer scientist at MIT's Artificial Intelligence Lab, Stallman has been arguing as far back as 1984 that proprietary software is practically a crime against humanity. That's the year he launched a project called GNU with the aim of creating a free operating system that would displace Unix. (GNU is a recursive name that stands for GNU's Not Unix.) He obstinately rejects the term open source despite its now near universal use, preferring free software, the name he coined. And although Torvalds released the kernel of his operating system well before GNU produced a reliable one of its own, Stallman insists Torvalds' work should properly be called GNU/Linux, because early contributors adapted GNU components for Linux - never mind that the Linux core is non-GNU and now approaches 6 million lines of code. (Stallman declined to be interviewed unless this article used his nomenclature throughout.) Torvalds diplomatically declines to say anything about GNU and Stallman: "That's not a debate I want to get involved in."

That's typical Torvalds, according to John "maddog" Hall, who heads a nonprofit advocacy group called Linux International and has been friends with Torvalds since they met at a computer conference in 1994. Hall claims he's seen an angry outburst only once, when a stranger was pestering Torvalds about a technical point while he was drinking a beer with friends. "This is different from some of the other free and open source advocates and project leaders whose anger is legendary," Hall writes in an email.

Torvalds has a good human touch. Hall, who has no children, says he will be forever grateful to his friend for choosing him as godfather to two of Torvalds' daughters.Yet when it comes to weighing the merits of a technology, Torvalds is adept at separating the idea from the person suggesting it. His is a world that works only if the best idea wins; he has no giant marketing budget to compensate for poor technical decisions, no clout in the marketplace to compensate for mediocrity. It's invariably painful when Torvalds rejects someone's contribution. The friends of one programmer told Torvalds their pal had threatened suicide after a feature he had obviously spent a lot of time developing was not included.

"Torvalds makes decisions based on whether he feels a design is clean, of high quality, whether it's going to be easy to service and, very important, whether it's needed by a broad set of users," says Dan Frye, who as director of IBM's Linux technology center oversees a team of more than 300 developers. "He's very good at staying away from anything just to satisfy a single corporate user or any entity's agenda."

"If you're too commercial," Torvalds says, "you end up being too shortsighted. You have a 'this is what we need' mentality, and you blow everything else off. But you want the commercial side, because commercial forces end up listening to different customers and meeting different needs compared to those doing it just for fun."

"I was an ugly child." That's how Torvalds chose to open his 2001 autobiography, Just for Fun: The Story of an Accidental Revolutionary, written with journalist David Diamond. He describes himself as "a beaverish runt" of a kid and goes out of his way to stress his flaws, as if unaware that the standard practice of the genre is to make oneself sound more grand and important.

Perhaps he inherited his penchant for self-deprecation from his mother. Mikke Torvalds, a journalist with the Finnish News Agency, chose "Linus, schminus" as her subject line in the first email she sent to me. "As Sara [his sister] and I used to say, just give Linus a spare closet with a good computer in it and feed him some dry pasta, and he'll be perfectly happy," Mikke wrote.

In a way, Linus was born to be a revolutionary. His parents were campus radicals at the University of Helsinki in the 1960s. Torvalds' father was a card-carrying Communist who spent a year studying in Moscow when his son was about 5. He served a stint as a minor elected official (he's now a prominent television and radio exec). Other kids teased Linus about his father's politics. "Growing up, I was terribly embarrassed by him," Torvalds says.

Reading through his autobiography, anyone might think that his first true love was not a girl but the British-produced Sinclair QL, a then state-of-the-art machine he bought while a computer science student at the University of Helsinki. The QL, one of the world's first 32-bit boxes, provided Torvalds with his motivation for writing Linux: He wanted an OS for his home computer that would be as stable and strong as Unix, which he used on campus. At first he turned to a knockoff called Minix, but in time found it frustratingly inadequate as well. Since higher education is free in Finland and there isn't the pressure to finish a degree in four years, Torvalds decided to take a break and turn his attention full-time to creating his own operating system.

Through the spring and summer of 1991, Torvalds worked on the kernel of the system. He lived in near-isolation, rarely bothering to open the thick black curtains he had hung over his windows to reduce glare. He would have been a total recluse, he recalls, if not for Wednesday-night gatherings at a local pub, where he'd drink beer and talk shop with fellow members of the university's computer club. Finally, on September 17, 1991, he posted a message in a Minix users newsgroup, announcing that a rough cut of his creation could be downloaded for free from a university Internet site. Use Linux if you'd like, he instructed people, but any changes, new features, or improvements you devise must be shared with everyone else at no cost. It's an idea he borrowed from Richard Stallman, who had devised the General Public License, an agreement by which entrepreneurs could charge as much as they liked for a program but had to provide access to its source code. Torvalds opted for a version of the GPL that forbade anyone from making money selling modified versions of Linux.

He bristles when I suggest it can't be coincidence that a man born to socialist firebrands created something many people regard as revolutionary because it's shared gratis with the masses. "It never was, Take this and let us together build a better world," he says. His choices were to either keep this unfinished core of an OS for himself or share it with anyone who wanted it.

"My reasons for putting Linux out there were pretty selfish," he says. "I didn't want the headache of trying to deal with parts of the operating system that I saw as the crap work. I wanted help." Besides, he couldn't fathom collecting money for something he viewed as unfinished work that required the contribution of others.

A few months after he unveiled Linux, Torvalds received an email asking if he would add a compression feature so that Linux would work on systems with limited memory. It was nothing Torvalds would ever use - his system had ample RAM - but he worked on the feature throughout Christmas eve and into Christmas day.

The feature proved to be the add-on that gave his creation a leg up on Minix and other Unix knockoffs. Almost immediately after Torvalds posted the improvement, Linux gained hundreds of users, and he began receiving messages from people offering bug fixes and new features that made the OS increasingly valuable. This early sign of success gave him the confidence to change the licensing agreement so that people could make money selling Linux-based products as long as they continued to share the source code on any features they devised. The move led to the creation of companies such as Red Hat, founded in 1993, adding the energy and drive of entrepreneurs to the mix of those contributing to Linux.

These kinds of strategic decisions proved as key to Linux's success as the technical choices Torvalds made. One complaint about Linux at the time was that it worked only on PCs, so in 1994 Torvalds began seeking new outlets for his operating system, starting with a workstation computer called the Alpha, made by Digital Equipment Corp. Serendipity also played a role in the spread of Linux. Torvalds had nothing to do with the creation of the server software package Apache, but its developers wrote it first for the Linux platform, which gave the operating system entrée into corporations in the mid-1990s. By 1997, tech analysts were conservatively estimating that at least 3 million computers worldwide were running Linux.

With renown came unexpected demands. Torvalds' private life became fodder for discussion and debate. He met Tove, a six-time Finnish karate champ, while teaching an introductory computer course at the University of Helsinki. (She responded to his first homework assignment - each student was to send him an email - by asking him out on a date.) When word spread that the couple was going to have a child, the open source community greeted the news with fear rather than joy. Could Torvalds balance Linux and family, members of newsgroups wondered in emails, especially given the demands of grad school?

The reaction was even more intense when, in 1997, he announced that he was taking a job with Transmeta, a chipmaker in Santa Clara, California. Linux fans feared he'd never be able to remain true to his open source roots in a commercial atmosphere. Worse, the venture was funded in part by Microsoft cofounder Paul Allen, which fueled sarcastic references to the "evil corporate environment" he was entering. For Torvalds, though, the decision was fairly straightforward. He'd always hated the cold, dark winters in Finland, and this was an opportunity to live in sunny Silicon Valley, the center of the universe to anyone in the computer field. He had been offered jobs at Linux-based businesses like Red Hat, but he was loath to favor one vendor over another. His arrangement with Transmeta, where he wrote software that allowed operating systems to communicate with the company's chips, permitted him to also spend time on Linux. In return, Transmeta would receive the services of a talented engineer who brought with him invaluable media attention - employment as a publicity stunt.

Torvalds arrived in Silicon Valley at a time when the computer world was looking for a new David to go up against Goliath. Microsoft seemed to have its hand in every aspect of computing, and once Netscape lost the browser wars with Microsoft, those committed to the cause glommed on to Linux as the next big threat to the Redmond beast. Like Windows, Linux ran on Intel-based PCs, but Windows was crash-prone even on a single machine, whereas Linux could reliably lash together dozens of computers. That gave it an advantage with corporate customers.

Journalists had a field day contrasting Torvalds - seemingly so indifferent to wealth that he didn't charge a penny for his product - with Gates, filthy rich with all that monopoly money. Fan sites popped up in dozens of languages. "The easy story line was that I was an idealist, even though that isn't the motivation for Linux," Torvalds says. He didn't exactly help put the kibosh on that narrative when he turned down the $10 million in options that a Linux-related company offered him to sit on its board of directors. He thought he'd compromise his objectivity if he lent his authority to any single company. His reasoning was sound, but was it any wonder the press depicted Torvalds as an otherworldly creature walking the Valley, where lucrative board appointments and IPO shares were treated as an entitlement?

Torvalds' home is spacious - a split-level, five-bedroom spread with a three-car garage and a backyard Jacuzzi housed in a wooden gazebo. The master bedroom affords enviable views of the hills and is so large that it contains both an exercise bike and a treadmill (neither of which, Torvalds confesses, he ever uses). Another room upstairs, outfitted with a pool table, wet bar, and temperature-controlled mini wine cellar, serves as his playpen. The home teems with the Linux mascot, from porcelain penguins in various sizes to partying penguins on a blue hand towel in the guest bathroom. But his favorite toy is a sunburst-yellow Mercedes SLK32 sitting in the garage. Still, it's the rear end of the black Acura SUV next to it that draws my attention. The faithful can be seen up and down Highway 101 in Northern California, driving their 7-year-old Hondas and used Volvos outfitted with bumper stickers that proclaim them Linux rebels. But the gleaming silver license plate frame affixed to Tove's car reads: coffee, chocolate, men: some things are better rich.

Torvalds was hardly wealthy his first few years in the Valley. Dotcom kids were getting rich on inventions barely worth mentioning in the same breath as Linux, yet he was living modestly on his Transmeta salary, his growing family cramped in a duplex. People would send him emails pleading for a handout, assuming he was as flush as he was famous. A man he never met even asked him to deliver the eulogy at his father's funeral. Steve Jobs and Bill Joy were among the tech bigwigs who contacted him out of the blue. He was idolized by fans and at the same time burdened by the practical worries of any Valley-based programmer struggling to make ends meet. His mother recalls him fretting about the eventual cost of college tuition for his children.

His fortunes changed in 1999. Red Hat and VA Linux, both leading purveyors of Linux-based software packages tailored for large enterprises, had granted him stock options with no strings attached, thank-yous from entrepreneurs who hoped to grow rich off his creation. When Red Hat went public that year, Torvalds was suddenly worth $1 million. On the day VA Linux (now VA Software) went public, Torvalds was worth roughly $20 million, though by the time he could sell his shares, they were valued at only a fraction of that.

Torvalds hesitated before buying himself his first expensive bauble, a two-seater BMW convertible. "I was a bit nervous about people's reaction," he confesses. "Are they going to think I've gone over to the dark side?" In the end he decided that the shape and price of the hunk of metal he drove to and from work each day was his own business. Despite counsel to the contrary, Torvalds wisely sold all of his stock and spent almost all of the windfall on his home and his cars, trusting that he'd always be able to earn a good salary as an engineer.

For the moment, Torvalds has the security of his post at the Open Source Development Lab, an organization whose scope and ranks have expanded along with Linux. Created in 2000 by a small consortium of major technology companies, including Intel and Hewlett-Packard, the OSDL aimed to accelerate Linux's adoption by financing well-equipped labs where programmers could test software features built specifically for the corporate world. Today, the organization has more than two dozen employees working in labs in Beaverton, Oregon, and in Yokohama, Japan, and 23 sponsoring companies - some of which contribute as much as $1 million a year.

"We seek to be the center of gravity for Linux development," says Stuart Cohen, who took over as CEO of the lab in April. Working groups staffed by employees of member corporations meet regularly to devise wish lists meant to tailor Linux for use in new areas, such as global telecom networks and high-end servers running the most demanding software applications.

For Torvalds, a well-paying gig as the lab's first full-time research fellow seemed like a dream come true. He'd be able to do what he's always done, but without the Transmeta-related obligations that were vying for his time. Instead, he started the job just as SCO's McBride declared that pretty much anyone using Linux is violating copyright laws and ripping off SCO. "With the US legal system, it's always hard to tell what the hell is going to happen," Torvalds says. "So I can't just dismiss the lawsuit as the complete crapola I think it is."

Near the end of our day together, Torvalds and I head out in his Mercedes to eat at a nearby sushi place, followed by a visit to Starbucks. Behind the wheel, Torvalds is manic and possessed, driving with such a lead foot that even a brief ride leaves me woozy. "The man with the flashy car," says the Starbucks barista who greets Torvalds, "the man with the secret wild alter ego." She brings him a tall double latte without waiting for him to order.

Here we finally talk about what Torvalds describes as the "unpleasantness" surrounding the SCO suit. The smile that graced his face for hours is gone. The man who only 30 minutes ago seemed incapable of a bad mood sits slumped in his chair.

At first, the suit seemed like a narrowly defined contract dispute. SCO, which specializes in software systems for small and medium-size businesses, licenses Unix to larger com- panies like IBM that sell proprietary versions. SCO claims that IBM dumped Unix code into Linux, and that this contribution helped Linux to grow from a home-brewed plaything into an OS reliable enough for IBM to sell Linux-based systems to Fortune 500 companies. A trial isn't scheduled to start until well into 2005.

In the meantime, SCO is raising the stakes. In June, the company amended its suit to include an August 2001 email in which Torvalds admits he abides by a "don't ask, don't tell" policy when it comes to patent issues: "I do not look up any patents on principle because (a) it's a horrible waste of time and (b) I don't want to know," he wrote to fellow Linux hackers. Though McBride has insisted he seeks "to work through issues in such a way that we get justice without putting a hole in the head of the penguin," SCO now appears intent on doing just that. In August, McBride announced a pricing plan that his company seems to have plucked straight from city traffic ticket enforcement: Any for-profit entity using Linux must pay SCO a onetime fee of $699 per processor. Failure to do so by October 15 means the price doubles to $1,399. McBride drew an analogy to the music industry's recent decision to target individual users illegally downloading copyrighted songs. "If we have to sue end users to give us relief for our damages," McBride says, "we will." The same month, IBM filed a countersuit, accusing SCO of infringing on several IBM patents and breaching the Linux GPL.

Torvalds is unapologetic about his "don't want to know" email. "As any patent lawyer will tell you, no engineer should ever go looking for a patent." For one thing, he argues, that's a job best left to lawyers; for another, if a competitor can prove a person checked and went ahead anyway, then that engineer would be liable for triple damages. As Torvalds sees it, SCO quoted his email only to score points in the media and cast this as a broader fight over intellectual property. He does, however, regret a crack he made at the end of his email that a hit man would be the easiest solution. "The fact is," he says of the SCO suit, "I don't think in the end this is going to mean a whole lot."

Perhaps, but that assessment is offered by a man who sees every moment spent thinking about legal matters as time away from his fellow citizens of Planet Linux. Torvalds had long ago drained his latte by the time he was fed up talking about SCO. We head out to his car, and any lingering bad feelings seem to fly away as he gets behind the wheel of the Mercedes. The top is down, and the hot Silicon Valley sun glints off his forehead. Dressed all in white, with his paunch pressing against his shirt, he looks like a contented pasha seated on his throne. He is an unusual king, but then, he and his loyal subjects are an equally unusual and amazing lot.

posted by Ehrwin at 10:25 PM | 1 comments

The Diffusion and Adoption of Desktop Linux in Government

The Diffusion and Adoption of Desktop Linux in Government

by David B. Rankin


Introduction

Linux and the Open Source Software movement have affected worldwide computing -- first in the data center and now moving in on the desktop. Even though Microsoft Windows is the de facto desktop and office automation standard worldwide, more and more countries and their governments are looking to desktop Linux as an alternative. The adoption and diffusion of desktop Linux is the U.S. has lagged behind other parts of the world; however, federal, state and local governments in the U.S. are adopting desktop Linux much more than in the private sector. If government adopts desktop Linux, it can have an escalating effect on adoption in the private sector. Industry experts predict that desktop Linux adoption in government in the U.S. will happen in two to five years.

This research paper will look at some examples from the current body of published work related to Linux with an emphasis on the use of Linux for desktop computing, and will attempt to accomplish the following:
  1. Describe the worldwide Linux phenomenon
  2. Examine the reasons why Linux is being considered as a viable desktop operating system alternative to Microsoft Windows
  3. Explain the reasons why desktop Linux has not been adopted more widely, especially in government use, with correlation when appropriate to the concepts described in the book Diffusion of Innovations by Everett M. Rogers
  4. Predict where the future of desktop Linux may go

A Brief History of Linux and Open Source Software

The history of Linux and Open Source Software (OSS) are intertwined. In September 1983 Richard Stallman founded the GNU's Not Unix (GNU) project. Stallman's goal was to develop a UNIX-like operating system composed of free software (Linux.Co.Uk., n.d.). During that point in time in the 1980's, UNIX vendors had priced the UNIX operating system prohibitively out of the range of those that ran small Intel processor-based systems. Additionally, the source code for UNIX, which was once available on University campuses as a teaching tool, was now being carefully guarded and not published (Wikipedia, Linux, n.d.). The early 1980's marked a significant moment in time for small system computing, with the introduction of the IBM-PC in 1981, and IBM-PC clones appearing by 1983 (Wikipedia, IBM-PC, n.d.).

By 1990, the GNU project had developed or assembled all the components of their free operating system except the kernel. GNU made several attempts to develop a kernel -- first with a kernel development effort called Trix and later with one called Hurd.

In a completely separate and unrelated effort, Linus Torvalds, a computer science student at the University of Helsinki, Finland, was developing an operating system as a hobby. Torvalds based his "Linux" operating system kernel on Minix -- a UNIX-like operating system used for educational purposes. He released his software on the Internet for all to see, modify, and extend in September 1991. Torvalds' vision was to make his work publicly available and user-modifiable. The only caveat was that any modifications include the source code for re-release to the computing community for their use and learning. This model of sharing software with the computing community for development, education, and personal use is based on the Bazaar free software model as stated in the essay "The Cathedral and the Bazaar" by Eric Raymond (Wikipedia, The Cathedral and the Bazaar, n.d.).

Torvalds and other Linux developers tailored their kernel to work with the GNU components and utilities, in order to create a free, functional operating system. The Linux kernel and the GNU components and utilities are both powerfully impacted by the GNU General Public License (GNU GPL). The GNU GPL gives computer users the right to run the software for any purpose, study how it works, modify it if desired, redistribute copies of the software, improve the software, and re-release these improvements to the computing community. The GNU GPL was written in 1989 (Wikipedia, GNU General Public License, n.d.).

The expansion of the Internet during the same timeframe as the introduction of the Intel-based, IBM-compatible PC, Linux, and GNU programs and utilities helped to distribute Linux and the GNU programs to people worldwide.

The Linux Phenomenon

Linux adoption worldwide has many different motivations; however, some are the same in every country. Linux's low initial cost -- freely downloadable, installable, and distributable -- is an enormous draw. However low total cost of ownership, flexibility, security, and control are common attractions to Linux adopters internationally (Hanrahan, 2005).

The Apache web server is initially responsible for the introduction of Linux many organizations. Apache, written by Rob McCool, was developed in 1995 as an open source alternative to the commercial Netscape Web Server. By 1999, Apache web servers running Linux were the most popular web serving operating system, with 28.5 percent worldwide usage.

By 2002 about 28 percent of all servers worldwide were running Linux and 2.8 percent of all worldwide desktops (Wikipedia, Linux Adoption, Trends and History, n.d.).

There are several reasons why people are considering Linux as a desktop replacement for Microsoft Windows and Microsoft Office. Security, stability, initial cost, and independence from Microsoft's software licensing and upgrade paths are a few big incentives.

The Adoption of Desktop Linux Worldwide

According to Gartner Research, in 2005 there were 12.8 million Linux desktop users worldwide, representing about 1.6 percent of all installed worldwide desktops. Desktop Linux has the greatest installed base percentage in the Asia/Pacific region, with 2.1 percent or 3.2 million desktops. The second largest installed base is Western Europe with 1.9 percent or 3.4 million desktops. The U.S. has the smallest installed desktop Linux base of 0.6 percent or 1.4 million desktops (Jump, 2005).

Gartner also says that the use of Linux in emerging markets (e.g. China) is making PCs more accessible by reducing software costs. They state that governments in emerging markets are using Linux to make computers available to less educated and affluent people (Ench et. al., 2005). One of the issues preventing Linux's adoption in some emerging markets is the widespread piracy of Microsoft Windows and Microsoft Office. Also related to putting Linux in the hands of the masses is a non-profit organization called One Laptop Per Child (OLPC), which is dedicated to developing a $100 laptop computer. This computer, if developed, would run open source applications, be Linux-based, and have innovative power abilities like solar, wind-up, etc. (OLPC, n.d.).

In Europe, the governments in Denmark, Finland, France, Germany, Italy, Norway, Spain, Sweden, the Netherlands, and the United Kingdom are all using increasing amounts of open source software (IDABC, n.d.). One very visible adopter of desktop Linux is the local government of Munich, Germany, who decided in 2003 to move 14,000 government-owned and operated desktop computers from Microsoft Windows to Linux. Also, the country of Brazil is planning to convert 80 percent of state-agency computers from Windows to Linux (Hwang, 2005).

Even though the adoption of desktop Linux within the U.S. has not been as successful as in Europe, Asia, or South America, there are still some significant signs that desktop Linux is being looked at more critically. For example IBM, Dell, HP, Novell, and Red Hat are all established U.S. companies that are supporting and endorsing Linux in the data center as a general purpose server platform and as a desktop operating system alternative.

Gartner says that Linux is now a viable and serious replacement operating system for certain niche functions like kiosks, data entry, terminals, and appliances. They also state that Linux should enjoy a one to five percent adoption by mainstream consumers in 2005, and that in about two to five years desktop Linux will be on the rise for mainstream business users and consumers (Ench, et. al., 2005).

One example of desktop Linux in a niche application is the adoption of desktop Linux by Ritz Camera to run its in-store cash registers across the U.S. Ritz has 1,200 locations in 45 states and the District of Columbia. Ritz says they will use Novell Linux Desktop, as a dedicated point of sale application; Zenworks, to provide desktop, patch, and configuration management of the systems; and Novell's NetMail (Novell, 2005). Another corporate example of desktop Linux is LA Gym Equipment's migration from Windows to Novell Linux Desktop for its general staff's use (Gasperson, 2005).

There are efforts to address many of the reasons that U.S. corporate customers are not adopting desktop Linux more readily. For example, the Open Source Development Labs (ODSL) has surveyed what Linux desktop users really want and need for adoption, and has facilitated meetings with open-source and commercial companies to tackle the adoption barriers discovered in the survey. This effort is supported by Intel, IBM, HP, Linspire, Mandriva SA, Novell, Real Networks, Red Hat, Trolltech, and Xandros (Vaughn-Nichols, 2005).

According to a survey by Gartner Research, only one percent of corporate IT users run Linux desktops. Additionally, Gartner estimates that 3.2 percent of enterprise users will run Linux by 2008 (Hadfield, 2005). Reasons behind the slow corporate adoption will be addressed in the next section of this paper, "Why Desktop Linux is not adopted more widely."

In contrast, governments throughout the world, including federal, state, and local governments in the U.S., are considering and using desktop Linux. The web site, Government Forge, is dedicated to providing open source related information, programs, and tools relevant to government and the public sector. In a recent article in Government Computing News (GCN) titled "Ready for a Windows-free desktop?", Carlos Soto, a GCN staff writer, wrote about the increasing interest in the government for alternatives to Microsoft products.

Because of this interest, GCN tested three desktop Linux distributions: Novell Linux Desktop 9, Red Hat Desktop 4 ,and Xandros Desktop OS 3, along with BSD-based Max OS X version 10.3.7. GCN determined that although Novell and Red Hat's offerings had positives, they were not quite ready yet for use on commodity hardware because of driver issues. Xandros was determined to be in a good position to provide competition for Windows XP out of the box (Soto, 2005).

A June 2005 Gartner research article states that an undisclosed U.S. Midwestern state had decided to adopt Linux and open source software to provide computers for each high-school student in every class, with the goal of installing and supporting 300,000 Linux-based laptops and desktops (Rust and Silver, 2005).

Why Desktop Linux is not adopted more widely

Dr. Nir Kshetri has researched the diffusion and adoption of Linux, and published a brief paper with his findings titled "Diffusion pattern of Linux: An assessment on major technology dimensions." Kshetri maps challenges to the adoption of Linux to the Rogers' characteristics of a technology influencing its diffusion rate (Kshetri, n.d.). Kshetri focused his research on developing countries, with the belief that a vast majority of the world's population live in developing countries and should drive the diffusion and adoption of new technologies. In an attempt to continue the hypothesis of his research, this paper will map a few challenges of Linux adoption to Rogers' five dimensions, but will focus on desktop Linux adoption in the U.S., in particular.

Rogers describes five characteristics of innovations that help to explain their rate of adoption into the population (Rogers, 1995):
  1. Relative Advantage -- The degree to which an innovation is perceived as better than the idea it supersedes. Examples can be cost (TCO), social prestige, convenience, or satisfaction. Rogers states that the greater the perceived advantage of the innovation, the faster the rate of adoption.

  2. Compatibility -- The degree to which an innovation is perceived as being consistent with the existing values, past experiences, and needs of the potential adopters. In some cases this means that using the innovation so similar to the technology it is replacing, any perceived differences are unimportant to the adopter.

  3. Complexity -- The degree to which an innovation is perceived to be difficult to understand and use. If an innovation is perceived as being too difficult to try, adoption will suffer.

  4. Trialability -- The degree to which an innovation can be experimented with on a limited basis. Being able to try a new technology before total adoption decreases uncertainty.

  5. Observability -- The degree to which others can see the results of an innovation. If people see the results of an innovation, they are more likely to adopt it themselves.
Microsoft Windows XP is the current de facto desktop standard in the U.S., and Microsoft Office 2003 is the current de facto business and personal productivity software application. Gartner states that Microsoft has a U.S. Windows installed base of about 95.3 percent or about 242 million (Jump, 2005). Of that 95.3 percent, 60.6 percent or about 154 million are running Windows XP.

Microsoft says in its 2005 Annual Report that it is the world leader in business and personal productivity software applications (e.g. Microsoft Office). The report states that Microsoft Office and its related products (called Information Worker by Microsoft) are designed to be released using a "wave" approach, with a major release every 24 to 36 months. In 2005, Microsoft enjoyed a 3 percent increase in its Information Worker revenue and earned $11.013 billion in this single division (Microsoft, n.d.).

In a three part series of articles titled "Stopping Linux desktop adoption sabotage," John Terpstra alleges there is a conspiracy to purposely place hurdles in the path of Linux desktop adoption in the U.S. Terpstra is a member of the Desktop Linux Consortium and a long term member of the Samba open source team. Terpstra states that the commercial IT retail market purposely limits consumer choice by not offering pre-loaded Linux PCs, even when doing so would be more profitable by 5 to 10 percent on the sale of Linux-only machines. He states that stores like Best Buy, CompUSA, and Circuit City do not carry Linux-friendly peripherals. Terpstra says that the U.S. consumer has to bear considerable additional costs just to try Linux (Terpstra, 2005).

These challenges to desktop Linux are examples of Rogers' relative advantage, compatibility, and trialability characteristics. If consumers do not get the opportunity to try desktop Linux and compare it with Microsoft Windows and Microsoft Office, this is a direct example of preventing trialability and observability. Since the average consumer may actually have to pay more to get Linux to run on commodity hardware and peripherals, this would directly affect their perception of the relative advantage of desktop Linux. Additionally, if hardware and peripheral manufacturers are purposely limiting the development of Linux-friendly network cards, wireless cards, sound cards, video cards, printers, scanners, etc., this will affect the consumer's Linux adoption experience and directly influence their compatibility perceptions.

One of the arguments for desktop Linux adoption is that since Linux is free, it is less expensive to operate and support. It is true that many Linux distributions have a freely downloadable component; however, supporting Linux as a part of an enterprise is not the same as a Linux enthusiast supporting a single machine. Supported versions of Linux, like those offered by Red Hat and Novell, are not free. If you do download and install the enthusiast version of a Linux distribution, you will then have to get your Linux support from the open-source, enthusiast community, or develop that support expertise from within your IT technical support group. If you want vendor support for your Linux installations, you will need to purchase support agreements just like you would do in a Windows environment.

Some Windows environments use desktop management software like Intel Landesk, Novell Zenworks, or Microsoft's SMS to provide centralized desktop management capabilities. Even without this software, Windows environments that use Novell's eDirectory or Microsoft's Active Directory can leverage Windows' local group policies or Microsoft's domain group policies to control many aspects of the local desktop. To manage a Linux desktop environment with the same level of policy, controls, and lockdown you would have in a managed desktop Windows environment, you will need to buy or build software to enforce organizational computing policies, provide machine lockdown and software installation restrictions, and provide your technical people appropriate support tools like remote control, software push, and patch management.

According to Gartner Research unless desktop Linux can be locked down, TCO savings will be a challenge (Silver, 2003). Looking at the perceived initial low cost of Linux, the cost of supporting Linux over time, and the cost of developing the appropriate expertise to support Linux, these additional cost factors could erode the current perception that desktop Linux enjoys of relative advantage of cost. Additionally, the Linux environment would need a rich desktop management infrastructure to be perceived as on an equal plane with commercial desktop management products. Although there are open source alternatives to provide some or all of this functionality, the building, implementation, and configuration of such a solution is not free. One advantage of Linux and open source desktop management tools is their high level of trialability. They are free to download and try, install, and use if you have the time and expertise.

Most organizations use Windows applications. As stated earlier, Microsoft Office is the de facto standard of office automation applications worldwide, and even more so in the U.S. Additionally, it makes financial sense for companies that develop commercial off-the-shelf (COTS) applications to target development for the Windows platform, because it is so prevalent. Gartner says that there are many free or open source applications, but questions whether they the applications that are needed in a typical organization. For example, Gartner states there are few open source replacements for large commercial enterprise resource planning (ERP) applications like SAP and Peoplesoft, or customer relationship management (CRM) systems like SAS Customer Intelligence (Silver, 2005). It should be noted there are some web-based or Java-based applications in the ERP and CRM area, but certainly not yet at the same caliber of the commercial industry leaders (Linux Enterprise Computing, n.d.).

The challenge for desktop Linux and the current de facto standard of Windows applications running on Windows desktops relates to the Rogers concepts of relative advantage, compatibility, and observability. Consumers may not see the relative advantage of using open source alternatives to Microsoft Office if they experience problems with sharing documents with Microsoft Office users, experience file formatting problems, experience problems with complex Excel macros, etc. The concept of relative advantage states that the innovation must be perceived as better than the idea it supersedes.

If people do not perceive open source replacements for Microsoft Office or other COTS applications as better than -- not just cheaper than -- the applications they currently use, then adoption will be slow. Until the feature set and quality of applications that can run on a Linux desktop are as good as, or better than, the quality and feature set of Windows-based applications, the consumer's perception of compatibility will be negative and this will directly affect adoption.

Unfortunately, it has been the exception, rather than the rule, for companies to adopt desktop Linux and Linux-based applications. If increasing numbers of people were to adopt Linux applications, this would foster observability, since this would help create a critical mass of desktop Linux users and foster the development of applications that would run on a Linux desktop. It should be noted that web-based applications and Java applications are directly portable to a Linux desktop. Additionally, applications that are delivered via a terminal session (e.g. 3270 or VTxx) can easily be run in a terminal session on a Linux desktop.

Another problem with desktop Linux adoption is the variety of Linux distributions. Gartner says that although all distributions use the same kernel, they have different file formats, runtime libraries, packaging and libraries (Hubley and Librano, 2006). This has an effect on software developers, who have to create different versions of applications for the different Linux distributions. One example is simply the way applications are packaged and delivered. SuSE Linux and Red Hat Linux use Red Hat Package Manager (RPM) to package and deliver applications, but RPM packages on SuSE may not necessarily install and run cleanly without recompilation on Red Hat, and vice versa. Debian uses a completely different package format called .deb, and uses a packaging system called Advanced Packaging Tool. RPM and .deb packages are not binary compatible.

Because consumers and businesses are expecting desktop applications to install and load without a lot of configuration, this is a high hurdle for Linux to have to clear. Since Windows applications will run on all Windows machines and there is backward compatibility built into many Windows applications, this makes the adoption of desktop Linux harder for the consumer and the early adopter business considering migration. This challenge is directly related to Rogers' compatibility characteristic, because of the high technical skill needed to resolve cross Linux distribution issues; complexity is a diffusion and adoption issue for the average consumer and early adopter business.

Most computer users expect a graphical user interface (GUI) to make using the computer and its applications easier to use. In the Windows environment, there is the Windows operating system and the differentiation is simply the version (e.g. 3.11, 95, 98, NT4, 2000, ME, XP, and Vista). Since Windows applications are designed to work with Windows application programming interfaces (APIs), going up or down a single Windows version does not usually cause big problems, since the APIs are well-known by the developer community. In most cases, application developers will document version issues, to warn the consumer before purchase or installation of applications.

Linux has multiple GUI interfaces, but two have emerged as de facto standards. The GNU Network Object Model Environment (GNOME) and the K Desktop Environment (KDE) are two very good Linux GUI environments, each with its own selection of tools, utilities, and packages. Because the two environments have a different look and feel, this can complicate many activities and increase the learning curve for the uninitiated user. Because of this, complexity and compatibility are more problematic for desktop Linux.

Windows and Macintosh desktops have set the standard for what users expect from their computers. When a user installs a new peripheral, they expect the operating system to prompt them for what to do or to simply make the device available. When a user loads a DVD or CD-ROM, they expect music to play, a movie to start, or a program to load. Even though desktop Linux can be programmed to do all of these things, the average consumer may be frustrated with devices not doing what they expect, or being as easy to operate as what they are used to currently. This is an example of Rogers' compatibility and complexity characteristics; and because of these two issues, desktop Linux's diffusion and adoption may be affected.

Government Desktop Linux Adoption

Ksherti states in his research that governments in developing countries are the biggest purchaser of computer hardware and software, so the adoption of desktop Linux there will have a powerful secondary effect of forcing people who want to do business with the government to adopt compatible file formats (e.g. OpenDocument vs. Microsoft Office file formats).

In the research paper "Government and the Open Source Software," Jyh-An Lee implies that the battle for government software procurement is critical for software companies. Governments, including the federal, state, and local governments of the U.S., are a very large consumer of computer software. Hence, a shift in the government's position of software -- like a shift from Microsoft Office to OpenOffice -- could have a snowballing effect on its citizens (Lee, n.d.). With that as an assumption, the diffusion and adoption of desktop Linux by the government could be the factor needed to create a critical mass.

Gartner, in its research paper titled "Hype Cycle for Government," describes technology trends in terms of visibility and maturity. The phases of these cycles are as follows:
  1. Technology Trigger
  2. Peak of Inflated Expectations
  3. Trough of Disillusionment
  4. Slope of Enlightenment
  5. Plateau of Productivity
When a technology reaches the Plateau of Productivity, it is a mature technology that is proven and accepted by consumers. Gartner says that 30 percent of the technologies' target audience has adopted the technology or is adopting the technology as it enters this plateau.

Gartner projects that desktop Linux use in the U.S. by government is currently on the rise from Technology Trigger to the Peak of Inflated Expectations, and that the Plateau of Productivity will be reached for desktop Linux use by government in the U.S. in two to five years. Gartner says that factors affecting the increased speed of desktop Linux adoption in U.S. government are the slow economy, the rising percent of software cost relative to PC costs, shrinking IT budgets, and increased pricing by Microsoft. The cost of migrating applications is limiting Linux adoption on the desktop; however, government is moving much more aggressively to desktop Linux than the private sector (Di Maio et. al., 2005).

According to Lee, the adoption of open source software such as desktop Linux can cause the software market to tip to that standard, and that governments need to be careful with their influence. The government's adoption of specific software will not only affect its citizens, but will also impact businesses that deal with the government. Lee says that he has found no empirical evidence to show that the adoption of open source software would tip the market, but the hypothesis seems plausible (Lee, n.d.).

So, even with resistance from the private sector, the lack of support by PC manufacturers, and peripheral makers and campaigns by Microsoft to slow the adoption of desktop Linux, the OS is now getting a serious look as a desktop alternative to Microsoft within U.S. government agencies. Gartner says, in a paper titled "Open-Source Software Running for Public Office," that because of Linux's success in the data center, it is now considered serious enough and stable enough for other uses (Di Maio et. al., 2003).

In short, in terms of the Rogers' characteristics, Linux has achieved trialability, compatibility, and observability with government CIOs.

Conclusion

In his three-part article, Terpstra suggests that the Linux phenomenon has already created a worldwide-supported, alternative desktop platform. The numbers of free applications that will run on Linux are growing daily and application vendors, not wanting to be left behind, are offering versions that will run on Linux. In the U.S., he states, hardware vendors are sitting on the sidelines and electronics vendors are waiting it out because of their allegiance to Microsoft. However, since Linux is worldwide, he sees China emerging as a technology power with Linux as their choice of desktop operating system.

In the U.S., the government appears to be taking the lead on Linux adoption. According to a white paper from the Center for Digital Government titled "Open Source Open Government," there is a growing critical mass of open source in government. For example, the U.S. Department of Defense uses open source for encryption, firewalls, and email list management; the Government Open Code Collaborative provides a shared registry of open source solutions for seven states and four municipalities; the U.S. Treasury Department relies on Linux for tax collection, accounting and budget management. Gartner says that U.S. government agencies will adopt desktop Linux in government in two to five years. Is desktop Linux the next disruptive technology in government? I predict that in three years it may be.

posted by Ehrwin at 8:19 PM | 3 comments

BitLocker Gives Dual-Boot Systems the Elbow

Vista security feature is 'anti-Linux'

By John Leyden
Published Thursday 27th April 2006 11:36 GMT

Infosec Security features introduced in Windows Vista will make setting up PCs to boot in either Linux or Windows far more difficult, according to security guru Bruce Schneier. Vista is due to feature hardware-based encryption, called BitLocker Drive Encryption, which acts as a repository to protect sensitive data in the event of a PC being either lost or stolen.

This encryption technology also has the effect of frustrating the exchange of data needed in a dual boot system. "You could look at BitLocker as anti-Linux because it frustrates dual boot," Schneier told El Reg. Schneier said Vista will bring forward security improvements, but cautioned that technical advances are less important than improvements in how technology is presented to users.

"The fundamental security problems have been solved and now it's all about making the technology work. Installation, implementation, and update are key. A lot of work needs to be done on the user interface," he said.

Schneier is concerned at the possibility that Vista users might be bombarded with "endless" warning messages. Overexposure to messages will lead many consumers to ignore them and blindly agree to what applications are seeking to do, he added.

Schneier made his comment during an appearance at the Infosec conference in London on Wednesday. ®

posted by Ehrwin at 7:36 PM | 0 comments

Monday, April 17, 2006

Chikka Asia goes for CMMI level 5 rating

November 25, 2005

Chikka Asia, Inc., creators of the popular Internet to mobile text messaging application Chikka Messenger announced they are now being assessed at Capability Maturity Model Integration (CMMI) Level 5 of Carnegie Mellon’s Software Engineering Institute (SEI). Maturity Level 5 is the highest standard of quality in the Information Technology Industry.

SEI-authorized ECCInternational, which is conducting the assessment further confirmed that Chikka is the only wholly Filipino-owned company to be appraised at this level.

Chikka would also be the first among wireless applications services providers (WASPs) worldwide, to be assessed at CMMI 5, with said assessment expected completed within December 2005.

“We have services which are now live in operation by over 30 telco operators in 11 countries. Higher and higher standards of quality are required by Chikka Asia today as we are now truly a global headquarters whose policies are standard and are adhered to by licensees and operational offices servicing telco partners all over the world,” said Chito Bustamante, Chikka chief operating officer.

The company only in February this year received ISO certifications for IT, information security and quality management becoming the first Filipino IT company to obtain the triple certifications.

“We owe high levels of service quality to our telco customers and partners through whose networks our services in turn become available to hundreds of millions of cellular phone subscribers, thus the quest for CMMI 5,” added Bustamante.

CMMI is the internationally recognized model that organizations such as Intel, NOKIA, JP Morgan, and even NASA compare their own processes to. This model was born in the federally-funded Software Engineering Institute (SEI) established at the Carnegie Mellon University in Pittsburgh, Pennsylvania.

Manila-based Chikka is a pioneer in wireless application services development.

Currently present in 11 countries with services live over 30 international telco carriers, Chikka is the Philippines’ leading ‘exporter’ of SMS-based applications. The company’s flagship service Chikka Messenger has over 20 million users, and is the most widely-used and viewed electronic properties by Filipinos worldwide, next to email itself.

Chikka and its affiliates adhere to the new global standards for Information Security Management Systems (BS7799) and IT Services Management Systems (BS15000). Chikka also revalidated the ISO 9001:2000 standard for Quality Management Systems first obtained in 2002.

Source: The Manila Bulletin

posted by Ehrwin at 6:36 AM | 0 comments