Oracle Base has a fantastic article on how to get Oracle 11g Release 1 working on Red Hat Enterprise Linux. The fact that CentOS is a stripped version of RHEL is a good reason to be using it, because if there is one Linux that’s likely to be used in enterprise situations then it would be RHEL. All up I’m less than happy with Oracle and Documentum’s Linux installers. I know that they’re ports of what are essentially Windows products, but the fact is that if you’ve going to bother writing something in Java(Documentum) then you should at least make sure that it really is portable,  otherwise why not just use C/C++ and be done with it.

The main Oracle install I struggle to understand, since the Oracle XE install was so painless, zero to database in no time. It clearly doesn’t fit well into the Linux way of doing things though:

• It doesn’t install services/scripts  to /etc/init.d (or equiv).
• It doesn’t setup users for you, i.e. install as root, run as oracle (yet it requires root privileges to do two tasks).
• Requires SELINUX to be disabled.

Delving into changing memory limits and such is another matter, I think it may be better to leave those to the user,  just because they can fundamentally change/break the system. Ah, to go back to PostgreSQL, which I once thought difficult compared to MySQL.

I found this question as a quote on slashdot, and couldn’t resist responding.

Lemmings? Lemmings as popularised by the game by the same name are supposedly creatures that follow each other and just keep going regardless of dangers enroute to their destination. Being a lemming is equated to being one of the Herd or not thinking for yourself. This is an unfair and baseless accusation. Linux users by their very minority are not followers, until recently there were no computers that came with linux installed by default. Clearly if you wanted to run Linux you had to leave the Herd.

Well-engineered commercial software? That would be a stretch considering the issues that Microsoft has had over the decades since it started working with operating systems. I’m not saying that Linux has it all worked out, because it most assuredly doesn’t, but the difference is that if you’re not happy with something in Linux you have the power to do something about it. With all commercial software you are at the mercy of the company that owns the software to be dilligent.

Now I’m not saying that Windows doesn’t have good things, on the contrary there are features that I miss very much when using Linux, but the downsides are far outweighed by the benefits of an extremely stable OS. More importantly Linux is an OS that given enough time and dedication will run rings around anything Microsoft can field to compete with it.

There are supposedly 10 laws of security. Laws that are a firm basis for understanding computer security. They’re obviously not the be all and end all of computing security, but for beginners and those that aren’t going to focus on security they’re an important start.

The Ten Immutable Laws of Security

Microsoft’s Security Response Center Manager, Scott Culp, as a part of his job produced a list He calls “The Ten Immutable Laws of Security.”

They are:

1. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
2. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
3. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
4. If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
5. Weak passwords trump strong security.
6. A machine is only as secure as the administrator is trustworthy.
7. Encrypted data is only as secure as the decryption key.
8. An out-of-date virus scanner is only marginally better than no virus scanner at all.
9. Absolute anonymity isn’t practical, in real life or on the Web
10. Technology is not a panacea.

Even without further explanation (which is available from here) it is a fairly straight forward and common sense list of laws.

Law 0

The fact is that these laws don’t go far enough towards describing the problems that are faced by everyday users on the internet. Security people often forget that its not just big companies that are the target of attacks; they may indeed be the target of more personalized attacks

1. If you can’t read the source code for your operating system (and applications) then it’s not your computer anymore.

I hate being the open source advocate, but the fact remains that if you and the community can’t get into the source code for auditing and patching purposes then its not your computer its Microsoft’s. You are essentially relying on their good will and the competency of their programmers to protect you against any flaws in the operating system that may let attackers in.

Microsoft has in the recent past finally hopped on the security band wagon, they’re better than they used to be, but its still them against the world, and in practical terms this makes for an impossible situation. The odds are that one of the millions of hackers is going to find it before Microsoft does. Even with their ability to look at the source code they’re still vastly outnumbered.

Open Source

Open Source is not a complete solution to this problem, but its better. The millions of security researchers out there, the developer community and the general public all get the chance to look for flaws in the code. Immediately once it’s discovered a patch is written for it. Unlike a situation where you have to wait for a company to release a patch, you have the ability to patch the problem yourself, its not you against the world though. It’s you and every other technically competent person that uses that particular software against the world.
Yes, hackers have the same opportunity of finding the flaws. But the playing field is more level. Even if they do find a flaw, chances are that it’ll be patched much more quickly than if millions of eyes weren’t looking at the source code.

Open Source vs. the Other Ten

When you look at open source as a solution to the problem above; it puts them in a whole new light. Let’s start with No. 7, not because of the fact that it’s a good number, more the fact that it has long been the belief of the scientific community that closed encryption algorithms are useless.

1. Encrypted data is only as secure as the decryption key.

While this deals with the key that is used to encrypt the data I would go further and say, that encrypted data is only as secure as the Algorithm and Key that is used to encrypt the data. It doesn’t take genius to work out that even if I encrypt my information using my own proprietary method that doesn’t mean that it’s safe. Unless someone else can test my encryption method, and try and break it, I have no way of knowing whether my information is protected by the encryption; because, I have no way of knowing whether my encryption algorithm is sound, or whether there are fatal flaws in my design.
History is littered with examples of this, and if you look closely at companies like RSA you will notice that they post challenges, trying to get people to break their encryption.More importantly if you can’t look at the encryption algorithm and analyse it for yourself, how are you to know that the creator hasn’t put in a backdoor for themselves, or governments to use.

Watching the Watchers

An out-of-date virus scanner is only marginally better than no virus scanner at all.

Nearly everyone that I know, knows to use a virus scanner now, its slightly harder getting them to workout Spyware and AntiSpyware programs, but here’s the twist, if you can’t look at the internals of the anti virus, how do you know that its doing an adequate job of protecting you.
I’m not trying to say you should be using Linux because of the fact that it is less prone to viruses, the fact is that most viruses are written for windows, and if everyone switched to Linux, then those same people would target Linux. It remains to be seen how well Linux would respond to this kind of problem.
What I am saying is the applications that you pay good money for, you subscribe to a service by Symantec or McAfee, and you really have no idea how well you are being protected. The same goes for firewalls, and any other piece of security software that you use to protect your computer. If you can’t look at the internals then you have no idea what the application is really doing.
You can apply this same principal to at least some of the other laws, and in truth it serves to cement the 0^th law in place.

Regarding Patches

It is not often that I have the chance to talk about security, but one of the things that occurred to me in my day to day work is the fact that Microsoft’s move to allow only ‘Genuine’ users to download patches and applications, most notably SP2 and Microsoft AntiSpyware, was a foolish one.
Regardless, of the fact that most if not all of my clients have legal copies of Windows, it is rare that they keep them patched and up to date (I tend to fix this), but it leads me to believe that there is a large number of legal windows users out there that don’t patch their computers properly.
Now, it’s not overly smart of them, but the fact of the matter is that denying patches and other downloads to ‘non genuine’ users, ends up negatively affecting even those with legal copies in a round about way; look at it like this:
the greater the number of unpatched computers on a given network, the more chance that a bad guy/worm will get in.”
This is easy to apply, but what is more important is that it takes into account not just small local networks, but the internet as well. The more unpatched computers that remain on the internet, the more chance that the bad guy will get control of them; and the more computers that are either part of botnets, or infected by viruses the easier it is for it to spread, or the attacker to use the given host as a base for another attack.

A Note on Piracy

I’m not in anyway condoning & supporting piracy, but there comes a point when you need to accept that a problem isn’t going to be solved and make smart moves. Becoming tight and vindictive about piracy only makes the given company *cough*Sony*cough* look bad.
Locking your legitimate users out is bad methodology, and putting so many ‘copy protection’ methods into a given technology that it negatively affects it is not healthy either. Security is important, but it needs to protect the interests of the user not the interests of the greedy Mega Corporation.

I’ve had problems with desktop Linux in the past. While I openly promote Linux in the use of servers and the like, my attempts to promote it as an alternative to Windows XP have gotten me burnt. Users who can barely grasp the fundamentals of computing are ill equipped to be thrown into the deep end.

Even I find it hard to commit to using linux as my primary operating system. The majority of my clients use Windows, and compatibility issues have killed me in the past. All this had bred in me a belief that Linux while it was a great tool for the computer geeks of the world, it was never going to cut it as an everyday tool for the masses. I could not have been more wrong.

Not long ago a friend suggested that I take a look at ‘Ubuntu’. I hadn’t missed its appearance on the now glutted Distro scene, I’d simply written it off as another wannabe. Ubuntu is forging new roads, making steps towards that holy grail of operating systemish glory; conquering the desktop. I didn’t know this, so it took a while and a lot of kicking Fedora (and Debian) before I finally downloaded the ISO.

I’ve found my laptop to be a very good tool for testing the various operating systems and distros. Even Fedora in all its hype fell short of the mark, it took me several recompiles and a couple of double back flips to get both my sound and wireless cards working.

The Installation

Having downloaded the 5.10 (Breezy Badger) ISO, and burned it to CD, I slapped in one of the spare 20GB laptop hard drives I have sitting around and booted from the CD. The Installer is the first place you will recognize the similarity to Debian, I use the word loosely because while it is clearly derived from the Debian installer, it doesn’t overload the user with options you may, or more likely, may not understand.

The installation is mostly automated, only stopping a couple of times to ask for vital details. The complexity of the install process falls very close to that of windows, and while Fedora may have a flashier interface, it also gives more options. In some respects, particularly when dealing with inexperienced users overwhelming options can be a bad thing.

So far so good; the installation flies along at a nice pace and I’m left looking at a VERY brown login screen.

First Impressions

Entering the username and password that I setup during the installation process presents me with a fairly standard Gnome interface. Perhaps my only beef with the distro is this standard interface. I’ll make no secret that I don’t like my menus up the top. I used a Mac for years when I was younger, and if there is one thing I like about Windows its the menu at the bottom.

This is supposed to be be geared at newer users, people that have used Windows will expect the Menus and the like to be in a certain location. It is easily remedied (for someone who knows what their doing), but I would have liked to see this done better.

The applications menu, once I’ve gotten over my distaste at having to move my mouse to the top left hand corner is a pleasant surprise. It is well organized and contains only a minimum of programs that form what I would consider the star performers of the open source movement. More importantly it includes a simple method of installing/uninstalling applications just in case.

Hardware

Now Linux is great on stock hardware; server hardware. But when I’ve tried putting Linux, both Fedora and Debian, on my D800 Laptop, I had severe trouble getting the sound and wireless working. If I have to recompile the kernel that’s an instant failing grade in the hardware department. I like recompiling the kernel, seeing if I can squeeze a little extra performance from my machine…my computer illiterate windows friends just look at me strangely when I say the word ‘recompiling’ and lets not even talk about ‘kernels’.

To my shock and amazement, my sheer delight. Both the sound and the wireless card (Intel 2915ABG) work by default. I can even press the volume buttons on my laptop and see the volume bar come up on the screen. VERY COOL.

I get instant support for my USB Hard Disk, although I can’t write to it (NTFS). When I do manage to track down a disk with FAT32 I can write to it as well, BY DEFAULT from a non root account. If you haven’t noticed I put a lot of stock in the ‘by default’ ability.

On the downside my internal dialup modem doesn’t work, this would not be a problem usually in the day of broadband. However having just moved I find myself reduced to dial up. Slotting in a spare PCMCIA card solves the problem.

Another annoying factor during boot is the fact that it sits trying to DHCP the interface(s) even though one or both of them are not plugged in. It slows the boot down, which is a pity, perhaps in future releases they’ll address this issue.

Conclusions

Ubuntu has two other flaws that I could pick; It doesn’t install a MP3 Compatible music client by default, and the games installed by default lack consistency and are essentially, people really do play the stupid games provided, so WHERE is my Solitaire clone.

I am thrilled with the ‘Out of Box’ experience that Ubuntu has shown. There are tools, and applications that I would probably use that have not been installed, but then again I’m not your garden variety computer user either.

While there are things that this distro could do better, partially this is taste over necessity (Brown). Overall I would give a 8/10 to Ubuntu as a Desktop Operating System. Of all the things I should thank Ubuntu for; it’s my restored faith in Linux, and its ability to become a viable desktop alternative.

Round 1

Everybody seems to be going nuts over the ‘Open Source Movement’ at the moment; it’s become very hip to cheat programmers out of a living. Linux is maturing nicely and with it comes a wave of wannabe revolutionaries. Yet for all Linux and the open source movement’s glory, I’m still primarily using a Windows PC. Sure I’ll be the first to admit that I chuck in a Linux HD every so often and tinker around, but for the most part at the end of the day I find myself using Microsoft Windows XP.

Where Linux doesn’t measure up

Serious tools, for serious users. The open source movement has scored a couple of really useful and widespread tools, Apache being a perfect example, it has some excellent documentation, but on loading it up on my laptop I still have to deal with a number of issues that I wouldn’t have to deal with under Windows. Lets see,

To get a decent video resolution I have to install the NVIDIA driver, which I also have to do under windows, but under linux it doesn’t just compile, no I have to download the kernel source for the kernel that I’m currently running. Eventually the driver will compile, once done I go looking for the config file, so that I can change ‘nv’ to ‘nvidia’ why it can’t do it itself is anyone’s guess, my windows driver installs with a minimum of fuss why can’t my Linux one do likewise.

Enter my wireless adaptor. Linux does support it, and I did eventually get it to work, but only after I recompiled my kernel a couple of times, doing the Chumpeka mating dance, and praying for divine help; although not necessarily in that order. Functionally this is unacceptable, I’m an advanced user (if I do say so myself), while they have certainly made compiling kernels easier in recent times, there is no way a beginner is going to be technically adept enough to configure the (Intel 2915ABG) wireless card under linux.

Enough with the hardware

The level of configuration tools varies widely between the different distros, regardless of which one you use, the end-user tools you are provided with come nowhere near measuring up to the control panel and administrative tools that are provided (and for the most part taken for granted) by Windows Users. All the important configuration options can be found in one place, and while not perfect they are a damn sight better than the level of configuration that is provided by any of the various Linux desktop environments.

I’m not talking command line tools, nobody but nobody is going to argue which operating system has a superior command line, but the majority of plebs out there run into trouble remembering passwords, let alone a myriad of arcane commands and arguments.

Slack Programmers

There is a fundamental problem with developing end-user applications & tools on your own time, and for little or no money. Where a traditional company has to maintain a level of professionalism, and develop programs that are well rounded, and well supported. The open source community has no such responsibility. While some of the bigger projects DO offer a level of professionalism, time and a again I find tools that are not quite polished enough to be considered ‘good’, the author has lost interest, and because of the fact that they didn’t write the program well enough in the first place no one, will (or is stupid enough too) step into the breach.