Dave's Tech Blog
A Third Eye on Technology

I was just browsing Ubuntu Forums recently and someone wanted to get a second opinion to see if it were indeed true that Linux doesn’t need anti-virus software.  I humbly obliged them with my own answer on the matter:

You don’t need anti-virus for Linux. Others in here will do a better job at explaining why this is, but in short, the OS has a big advantage here due to it being open source. The operating system is a product of crowd-sourcing, much in the same way as Wikipedia has been since it first showed up several years ago. And much like the highly-moderated articles of Wikipedia that require membership and an approval process for changes made to locked articles, so to is a strict moderation that goes on with the source code for Linux before it’s allowed to become part of the official distribution. Everybody is out to identify possible flaws or weaknesses or bugs in the source code and it’s much easier for any single person to make a contribution because the OS and much of the software that runs on it is open-source.

In Windows, the users don’t have the luxury of being able to dig through the source code to look for flaws. All they can do is report symptoms of problems to Microsoft, and the limited number of paid programmers that do have access to the source code then have to decide what flaws are the most important and which ones don’t merit their attention. So with Windows, a bug that affects only 500 people won’t be as important as a bug that affects 500,000 and probably won’t be fixed at all. But if it were Linux and if just one or two of those 500 people were a programmer who had access to the source code and figured out how to fix the problem on their own, the other 498 would actually stand to benefit from a patch that ends up being released thanks to the work of that one developer who had some spare time on his hands and decided to do something about a bug simply because he could.

So throughout the long life of Linux there has been this much more diversified, seasoned, multi-cultured source for development feedback that has helped to make it a much stronger, more “mature” operating system, especially in terms of the way security was designed. If there was ever a person out there who found a way to circumvent that security, there is at least one other who knows exactly how to repair the flaw. The reason viruses are able to best Windows is because their developers can only patch so many holes, and the ones they don’t have time to get around to end up being exploited the most. Third-party software developers that make Anti-Virus software make a killing because Microsoft is unable to handle this responsibility all by themselves, and even still, the best anti-virus software isn’t perfect.

The reason anti-virus software isn’t necessary in Linux is simply because the OS and its updates that patch vulnerabilities do the exact job anti-virus software in Windows is meant for: Prevent unwanted, malicious software or network activity from compromising the system. If there were a flaw in Linux found that allowed something like that, it wouldn’t be the job of some third-party software to safeguard the user against but the job of the OS itself. The reason anti-virus software even exists is simply because Microsoft is unable to handle the immense work load of patching their own source code as well as a crowd of Linux geeks can.

Am I saying Linux is perfect and invincible to viruses? Might it become more susceptible to viruses in the future if it were to ever become as popular as Windows is today? I would think that with an increase in the number of users would also come a complimentary increase in the number of clever developers that would only help to increase the number of eyes available to find flaws and fix them. Saying that Linux would get a lot of viruses down the road because more people are going to use it is like saying Wikipedia will become rife with widespread, uncontrollable vandalism because more people visit it. It hasn’t happened yet, and very likely never will happen because of the way it is designed, moderated and improved upon by the hive mind.

EDIT to add: As mentioned in the first comments below, I failed to acknowledge that while Linux is more robust in the area of security, nothing can compensate for the weakest link in this arrangement:  The User.  A novice user could easily be enticed by a sinister website  that tells them to download a deb file which might contain malicious code and absentmindedly install it or execute a destructive command from the terminal window because they didn’t know any better (like rm -rf ~/*).  Fortunately for novice users there is little if any need to actually venture out into uncharted territory like a terminal window or strange websites to get software, thanks to the official repositories that contain a HUGE collection of software which continues to grow.  I’ve even heard you will soon be able to purchase proprietary Linux-based software through it.  Unfortunately, little can really be done to compensate for user negligence, and trying to compensate for all possibilities would likely result in too many annoying alerts and prompts for the average user (like when Windows Vista sprang the UAC on its users).

There are only a couple of circumstances that I believe anti-virus software on a Linux platform would might be worth having which involve helping to protect other Windows systems.  Say you got an email from someone that contained a virus but you never knew it was there and forwarded it onto someone else who uses Windows, resulting in their day being ruined and you being blamed.  So that’s one scenario.  You might also have a Linux server administrating a network of Windows based workstations which you have read/write access to and use the server to conduct scans of these machines over the network, but at the expense of finite network bandwidth and CPU cycles on the server.

All good things come to an end…  Fortunately, Virtual Dave isn’t one of them.  I’ve recently made the decision to drop my own remote assistance software in favor of using a new open-source VNC launcher called Gitso.  This launcher has a few benefits over the previous iterations of my older “Virtual Dave” software:

• Lightweight:  It’s written in Python and loads very fast.
• Simple:  Sometimes losing a couple “bells and whistles” is a good thing.
• Multiple platforms:  Gitso works on Windows, Ubuntu Linux and Mac OS X.
• Active Development Pipeline:  A feature request I submitted was approved for the next version less than a half hour after I submitted it.
• Open-Source:  Free as in freedom.

There are a lot of features in the coming versions of this software I have been looking for in a VNC tool for a long time.  And who knows, I might learn a thing or two about programming in Python with this little tool.

VNC is the default remote-desktop protocol for Ubuntu Linux and it can be used by anyone to access their home PC while they are away from home.  Anyone who has used VNC and also has a router are likely familiar with setting up a port-forward rule in their router so that all inbound traffic destined for port number 5900 is sent to the correct/desired PC.  But what if you wanted to be able to do this with multiple PCs on a home network and not have to relay through one PC in order to access another one?

You can do this by setting Ubuntu’s default VNC server (vino) to listen on an alternative port number.  Up until recently, changing this port number was as easy as clicking on an Advanced tab in your Remote Desktop preferences window.  For some reason, this new panel was removed after a more recent update so changing this port number became a bit of a mystery.

I’ve not done any hard digging to find out why this panel was removed, but my guess is they actually rolled the version of vino back to something older to temporarily avoid a known bug encountered with vino on servers that had Compiz enabled.  I’m sure they’ll get it fixed eventually.

In the mean time, this setting is still easy to change if you know where to go.   Here’s what you need to do:

1. Open your Gnome Configuration Editor.  You can do this quickly by pressing Alt-F2, then typing gconf-editor into the box and pressing Enter.
2. In the editor, click Desktop>Gnome>Remote Access.

Once you get to this point, you’ll notice several VNC related settings on the right half of the Gnome Configuration Editor window.  There are two we need to alter.  The first is at the top, where it says “Alternative Port” and should state 5900 (which is the default VNC port).  You’ll want to right-click on this and select “Edit Value” to change this number to whatever you want the new listen port number to be.

Second and lastly, you’ll want to check off the box that says “Use Alternative Port” or similar.  Now close Gnome Configuration Editor.

That’s it!  Restart the computer to get the settings to take effect.

You should also do one or more of the following:

• Use Firestarter to add a rule allowing inbound traffic on the new port number you specified above so that your host firewall doesn’t block it.  (Click Applications>Add/Remove and search for Firestarter to install it if you don’t have it already).
• Set a new port-forwarding filter up in your router to direct inbound traffic on that new port towards the PC you just modified (duh!)

To connect to a VNC server on an alternative port, you just add a colon and the new port number to the end of the host address.  Lets pretend the new number if 5901 instead of 5900.  You would type the host address like this:

• 192.168.1.10:5901
• dyndnshostname.homeip.net:5901
• ubuntu.local:5901
• I’ve also used a 1 instead of 5901 and it works.  For 5902 you could probably use just the number 2 by itself, and so on.

And that’s all there is to it!

Every now and then I post questions on www.techguy.org when I’m having difficultly with something computer/networking related.  It was a good place to get your feet wet when aspiring to become a grade A guru and occasionally pull your hair out if you wanted to get into a civil debate with someone about politics.

Recently, I posted the following in their Networking forum:

I have a new Linksys/Cisco router WRT54G2 v.1 with the latest firmware installed. I currently use port forwarding for things like VNC and SSH into my home PC. However, every time I try to set a new rule (for both TCP and UDP) up for bittorrent, the bittorrent clients I try say the port is closed. I’m using an Ubuntu Linux system, and both Transmission and Deluge will say the ports I select are closed, even if I change the port numbers and do another test. So I’m just wondering if anyone has encountered anything like this before and might have an idea of what could be causing this problem.

The thread was alive for a matter of seconds before a moderator locked the thread and replied with the following:

Please read the rules. We will not help with P2P apps.

I was surprised to see this happen, and that’s probably because I use www.ubuntuforums.org more often than any other forum for technical assistance.  Linux people like me approach the controversial topic of bittorrent a little differently…  I decided to send the moderator a private message to let him know what I thought about his decision:

Sorry for violating the rules. However, I would argue that I did not ask a question pertaining to P2P applications at all but a question strictly about networking problems with a Linksys router. I should also remind you that bittorrent is a common protocol used for the transfer of free, non-copyrighted information spanning from GPL licensed open-source software to free music or movies released under the creative-commons license, which is becoming more popular. There is nothing inherently illegal about using bittorrent (the protocol), but it would seem the moderators of techguy.org hold a contrary consensus that I feel they should consider revising in recognition of the legitimate and legal uses of bittorrent.

The above comment and any replies received in any form will be posted publicly on my blog. Thank you for your time.

I got a reply fairly fast.  Here’s what it said:

We cannot and will not assist in the illegal downloading of software through P2P applications, and that includes any impediments offered by networking components to such downloading. Any legal uses of such software are few and will unfortunately need to be included in this prohibition.

The policy has been in place for quite some time now and will not be changed.

Thank you for your concern,
Elvandil

I like his use of the word “prohibition”; like bittorrent is some sort of drug paraphernalia.  I also noticed Mr. Elvandil happens to be Microsoft MVP and a die-hard Windows user who is probably adverse to anything of value that isn’t proprietary.  This is just my own opinion as he is ignoring the fact that millions of people use Linux and a large portion of us download and share our Linux ISO files (for burning to CD) via bittorrent, among many other things 100% legal to share.  It is a world he is unfamiliar with or in denial about.

Fortunately in the world of Linux it’s recognized that bittorrent itself is not illegal at all and I was glad to see a helpful reply in ubuntuforums.org within minutes; a reply that made me realize that sometimes I can be a completely narrow-minded person, too.  ”Did you check your host-firewall?”  Why… NO!    So I opened my firewall manager Firestarter and sure enough saw blocked events taking place on the port I told my bittorrent client and router to use.  All I had to do with allow inbound traffic to take place on that port.  Talk about overlooking the obvious!

(Special thanks to this blog post for showing me how to get this working finally).

About 2 months ago or so I read the tutorial in the above link to help get my fingerprint sensor setup in Ubuntu.  The problem was that it left one simple instruction out:  Paste a line of  text AT THE TOP of a config file (and not at the bottom like I did).  The mistake has been corrected and I’m happy to say my finger print sensor is working in Ubuntu 9.04.  Based on the directions from the the link above, here’s how to set it up (these instructions are meant for version 9.04; see the above link for instructions for 8.04 and 8.10):

Step 1: Click Applications>Accessories>Terminal and paste in the following command:

sudo apt-get update && sudo apt-get install aes2501-wy fprint-demo libfprint0 libpam-fprint

Step 2: Still in Terminal, paste in the following text:

sudo gedit /etc/pam.d/common-auth

This will open a text file called common-auth in Gnome Text Editor.  (Here’s where I screwed up last time).

Step 3: If you want to use both the password and the fingerprint to authenticate (more secure) add at the bottom:

auth required pam_fprint.so

If you want to use either the fingerprint or the password to authenticate (i.e. completely bypass the password through the fingerprint) the following string must be placed at the top of the file:

auth sufficient pam_fprint.so

Once pasted, save and close the file.

Step 4: Press Alt-F2, type “fprint_demo” without the quotes and press enter.

This will launch the fingerprint utility that you can use to enroll the finger you wish to use for future authentications.

That’s basically it.  Special notes:

• If you happen to screw something up in the config file by mistake and lock yourself out of your PC by accident, you can boot into Recovery Mode from the GRUB boot menu to access a root command prompt and edit the above config file using nano (nano /etc/pam.d/common-auth).
• Not all login screens are compatible with this feature.
• To test your finger print in fprint_demo, click on the verify tab at the top and use the verify button to compare an enrolled fingerprint to another finger (or the same finger) and you’ll see the difference.

As of Ubuntu 9.04, I’ve noticed the following quirks:

• Often you will not see an on-screen prompt asking you to swipe your finger across the sensor if the system is waiting for it.  Examples include the login screen, running Update Manager or Synaptic Package Manager, and otherwise most other programs that required your password to run them.
• The only actual on-screen requests I’ve seen so far is when you are unlocking a screen-saver, or are running a program with sudo privileges in a terminal window.

About two years ago I went looking through Ebay trying to find a cool sticker/case-badge with the Ubuntu logo on it.  I had just purchased a new laptop, had installed Ubuntu on it with Compiz Fusion effects running, and was quite happy and proud about it.  So I wanted to get a sticker to replace the “Built For Microsoft Windows XP” sticker that was on my laptop.  I was fortunate enough to find this little guy, on sale from China, for about $5 dollars after shipping:

That’s the original auction photo, and not only did it arrive looking as good as it did above, but a second sticker with the Linux penguin mascot also came along with it, which I didn’t expect.  So I was quite happy with what I purchased.

That laptop bit the dust about 3 weeks ago and I’ve since replaced it with a new laptop.  Again, I wanted to get a cool case badge like the one above.  But had some trouble finding it.

A lot of people would tell me, “Go to System76.com!  They’ll send you a few badges for free.”  I did that.  Here’s what I got:

It’s thin, cheap looking and with a solid white backing instead of a thicker, shinny alluminum backing.  I’m not really complaining though; it’s nice that System76 will send these to you for free by just asking for some.  But you get what you pay for, and they don’t offer nicer quality stickers either.  So the search continued.

Then I recently discovered another place online.  I think I was using google’s formerly named “Froogle” online shopping search engine, and discovered a site called ZeReason.com.  And to my delight, I found they sell good quality stickers at one hell of a discount (10 badges for $5.00 shipped)!

Well those stickers were ordered about a week ago and they just arrived today.  Here’s what they looked like:

And here’s one on my laptop after I ripped off the XP sticker and replaced it with the new Ubuntu sticker:

So if you’re looking to totally nerd out your Ubuntu laptop or PC, then stop on by www.zareason.com.  I’m quite pleased with the quality of these stickers and you will be too.

EDIT:  My idea has been marked as a duplicate of another that was posted back in March of 2008.  So visit this link to go vote for its posted solution.

Every now and then I drop by the Ubuntu Brainstorm website to post an idea that I think would help improve the user experience of Ubuntu Linux. Sometimes these ideas are geared more towards a specific application rather than the operating system and in this case the suggestion I made recently has to do with Firefox.

One of the things that’s bothered me about using Firefox in Linux is the fact that when you click on a link for a file, an Open With dialog box appears, but if you want to open the file with something other than the default application shown, you are forced to browse the Linux root file system. This strikes me as an unfriendly way to have the user select an alternate application. If anything it wreaks of Linux elitism, the kind that acts like nothing is wrong with the way things are currently being done. If this were Windows or Mac OS and you wanted to find a different application to open a file, you wouldn’t expect to have to wade through sub-directories of a file structure most sane users wouldn’t want to be familiar with.

Let me show you what I’m talking about.  This is what appears when you hit Browse (for applications) button in Firefox on a Windows PC:

You’re presented with a simple list of applications to scroll through and pick the one you want.  It works the same way with Internet Explorer, and I would suspect all browsers do this in Mac OS X as well.

Now, here’s what you get in Linux when you click on the “Other…” button (which is equivalent to Browse in this context):

Do I even have to ask you which of the two above examples looks more user-friendly?

Anyway, if you’re a member of Ubuntu Brainstorm, I encourage you to vote for my idea by clicking here. And if you’re not a member, sign up! It’s free and only takes a minute and you could post an idea that will forever change Ubuntu Linux for the better.

Now, I’m not the first person to submit a suggestion about this quirk. In fact someone submitted a bug report about 4 years ago suggesting the exact same thing.  You might ask yourself, “If they submitted a bug report that long ago, why hasn’t it been fixed by now?”  Because in the eyes of developers (who are obviously a strange, bizarre species of emotionally sensitive anti-social hermits), this isn’t a bug.  It’s a “feature request”, and is considered something of a lower priority as a result.

It’s damn frustrating, I know.  Just look at the responses I got when I tried to point out that Amarok was installing missing a certain mp3 decoder package in GNOME systems, and was told that in order to get it to work correctly out of the box, a “feature request” would have to be submitted and approved before the app would install with all the necessary packages.  So for things like this it seems the only thing that gets developers off their pias/lazy asses are statistics (votes, in this case) showing them that people (normal earth-dwelling humans) actually want a feature to be added to an app.  I would suspect they need this kind of persuading because they have a very difficult time understanding what non-technical people expect from their computers.  But seriously, what idiot out there thought it was smarter to force users to browse the root file system instead of present a simple list of installed applications to pick from?  So please go vote this idea up, because it seems that sometimes a “feature” is actually something that should have been there in the first place, but wasn’t implimented for very stupid reasons.

I started using Ubuntu heavily about 3 years ago and I’ve been using the default interface known as GNOME.  Lacking an expansion of the technical differences, here’s a picture of what GNOME looks like:

I’m not going to go into the technical differences.  All I want to say is that I liked this interface because it felt like a good blend of the interface between what you find in a default Windows install (a task bar on the bottom used for switching between open applications/show the desktop/house the trashcan).  It also had an upper task bar that reminds me of the classic Mac OS (upper panel with application/places/system menus/clock/sound controls, both panels are completely customizable).  But there’s another interface called KDE, which is more like Windows than GNOME or Mac OS.  Here’s a screenshot I just took from my laptop after installing the kubuntu-desktop package (Click to see full size):

It’s something very nice to play with and try out if you have some free time.  (EDIT:  Don’t try this on a production machine.  Do it on a machine that you can tinker with in case something goes wrong). If you’re runing GNOME right now and you’d like to try this out, do this following:

1.  Click Applications>Accessories>Terminal

2.  Type:

• sudo apt-get install kubuntu-desktop

After it’s finished, log off.

When the login screen appears, click on the “Options” button in the lower left and then click “Change Session”.  Here you’ll be shown a list of the different “Front End” (Interfaces, such as KDE, GNOME and others) that you can use with Ubuntu.  KDE should be in the list.  Select it, and then click OK.

Proceed to login with your username and password.  It will then ask you if you want to make KDE the default, or if you want to just use it once for now, and revert back to GNOME at the next login.

If you’ve never used KDE on your PC before, it will take some time to load all the way to the desktop on the very first run.  I believe it sets up all the menus and shortcuts for all the installed software.  If you log off and log back into KDE, all the logins (and the  splash screen) will load a lot faster

I’m experimenting with this interface just for fun and to become acquainted with it.  I’m not going to criticize it, although there are tiny things about it that I don’t like.  That happens to everybody who tries a new GUI.  But other than the minor things, I’m liking it a LOT.

As much as it would probably sooth the stiffness in my neck and shoulders from doing busy work inventorying computer equipment today, I’m going to try to not turn this into a sarcastic sounding slam against Microsoft… although they damn well deserve it.

I’ll just keep this very short.  Internet Explorer has once again dropped the ball in the realm of Internet security and it’s something that’s been present for over 48 hours already.  You can read about the problem via BBC’s website by clicking here.

The article states in bold letters at the top, “Security experts recommend switching to a rival browser until the problem is fixed.”  Need a rival web browser?  Download Firefox at www.firefox.com.  It’s free, faster and much more secure than Internet Explorer ever will be.  Seriously.  Why is it more secure, you ask?  Because it’s open-source, just like Linux.  But again… don’t wanna turn this into a “Microsoft sucks” bashing post.

Also, on the side, I should mention that I’ve see a LOT of Windows systems get hit with viruses in the last 3 weeks, a good chunk of which have come in from emails on Facebook.  Which isn’t to say that Facebook is bad.  It just doesn’t have much of an effective spam filter or virus scanner built into it.  You would think that after a few people have recieved the same spam from their friend whose computer was compromised, they’d start filtering messages with the same links, the same stupid subject line, and all the rest that comes along with basic social engineering-based viruses.  It’s what Yahoo and Google do.  So to you Facebook/Myspace users out there (and everyone else who doesn’t uses these services), be VERY cautious about clicking on links to websites you’ve never visited to before in email sent to you by a friend.  They may not have actually sent you something.  In fact, it’s possible their account password was phished, changed, and their account used as a lauch pad for spreading the same infection to other people (like you).  So be careful.

For the last couple of months I have been under the impression that the DKMS package that was developed by Dell and included with Ubuntu 8.10 was going to take care of all our worries regarding Linux Kernel header modules.  One of the biggest annoyances I’ve had to put up with ever since I started using virtualzation software (like VMware Server and Sun Virtualbox) is the fact that after a new Linux Kernel came down the wire, I would have no choice but to open a terminal window and run a command to manually recompile Kernel headers.  I’ve been telling people for weeks, “Yeah, 8.10 does it all for you automatically.  No need to mess with the terminal anymore.”  To my surprise yesterday I downloaded the latest updates including a new Kernel, and yet I still had to recompile my Virtualbox kernel headers.  (By the way, this kernel update patched a security vulnerability that was found the day before, but now it’s fixed.  24 hours to fix a hole = lots of envy from Windows users).  I’m waiting for someone to reply to a post I put up in Ubuntu forums about this to find out what’s going on, but in the mean time here’s what you need to do to fix your VM software:

Virtualbox:

Open a terminal window and paste in the following text:

• sudo /etc/init.d/vboxdrv setup

After about 30 seconds or so it should be finished and your Virtualbox should be back to normal. Whew!

VMware Server:

Open a terminal window and paste in the following text:

• sudo vmware-config.pl -default