The only differing opinion that contains content beyond a knee-jerk reaction is Joe Brockmeier’s post, “Real Linux advocates educate, not humiliate”, and it’s what this article is a response to.

Block-quoted material is sourced from his posting and duplicated here to facilitate response to individual sections.

The Ubuntard opinion (as outlined in Choosing an OS is Not a Team Sport) is that Linux is not well-served by gaining the average user. It would seem that few are cut from an appropriate cloth to contribute to the free software ecosystem — The majority are content to exist with a modicum of technical knowledge, deferring to their more technical friend(s) when problems occur.

Inclusionism does not serve free software well: Would the Linux kernel be where it is today if half-baked solutions from novice programmers were readily integrated into mainline? The kernel is a shining star of what’s achievable through open development because it’s developed by some of the sharpest minds in software development, with their collective oversight ensuring high-quality results.

To make my point at a more end-user level, look at the bug tracker for any major piece of software, and for every legitimate bug, there will be multiple WONTFIX or INVALID bugs, as inexperienced end-users are being taught to report whenever they encounter an issue, though they may lack the knowledge to provide adequate documentation, reproducibility, and other qualifiers. All this form of inclusionism does is waste valuable development time.

So, here we have member of the Linux community that’s dripping with contempt for people who cover technology that aren’t as expert as they are.

And, indeed, a case can be made that this happens frequently: A writer or journalist that covers tech “discovers” Linux and decides they want to spread the word. In their enthusiasm, they bite off a bit more than they’re ready to chew, and get some (often many) things wrong, and put up a piece that more expert Linux users recognize as flawed. The results of which can vary from mildly amusing to somewhat harmful if the author has given either a very wrong impression or faulty advice that might lead others to futzing up their systems.

Technology knowledge tends to be highly compartmentalized. There exists no person who can explain every facet of each kernel subsystem, let alone write code for each of them. Likewise, a database administrator may not be the person to talk to when setting up BIND. The key is that people should play to their strengths, and not attempt to exceed their own capabilities. The author here has delved far too deep with apparently zero oversight.

So, by all means, a response is called for. It’s the flavor of response that I disagree with. Where some might approach the author and gently correct their errors, and perhaps even offer help and resources to allow them to create better materials, others take the piss out of the hapless author and try to demonstrate their superiority by ripping mercilessly on the author.

Ubuntard is not about being nice, coddling people and patting them on the head when they make mistakes, telling them, “You’ll do better next time, champ!”. Line-by-line analysis of technical articles is supposed to illustrate the author’s incompetence through many egregious mistakes. As has been said before, someone who posts such factually-inaccurate dreck is likely to be a lost cause.

Which brings me to the title of this post: Real Linux advocates educate, not humiliate.

This is the same sort of exclusionism that was being criticized moments earlier. To dismiss all other view points as invalid is to put your own opinions on a tremendous pedestal. The fact is, certain actions do deserve bitter rebukes, regardless of original intent. A user who tells another that you can copy a disc via dd if=/dev/cdrom of=/dev/sda deserves punishment because their misinformation would likely cost a trusting newbie their boot disk. While the advice given out in the original article isn’t quite that egregiously wrong, teaching rm -rf dir $DIR as the appropriate way to remove a directory is bad.

As for the title of this post, I am referring to the fact that more exists than the extremes. Criticism is not useless. While highly acerbic, the past post did provide the exact reasons why each piece of advice was flawed, painting it a nice shade of grey. It’s at once mocking, yet informative.

The Linux community is, unfortunately, saddled with a reputation for being populated nearly exclusively with arrogant elitists who enjoy mocking noobs and generally being asses to people who know less than they do. The “Ubuntard” response to this author simply reinforces this attitude.

Worse yet, instead of helping to correct the situation they’ve put a writer or journalist on the defensive and made it entirely likely that the author will either stop writing about Linux and FOSS out of fear of getting it wrong again, or ensured that they now have a negative attitude about Linux which is unlikely to benefit the community at large should they choose to cover Linux again.

We should be better than this.

What’s being described here is not what’s happening in my earlier post. There, the original author is mocked for getting things consistently wrong, taking the time to type the individual commands into a terminal yet not bothering to actually test them, and, most importantly, spreading this disinformation in a location where it’s likely to be encountered by newbies who may well perpetuate the disinformation cycle.

Furthermore, with the substantial exposure the original post got, it’s almost assured that the author was notified of the inaccuracies, yet no effort has been made to correct them. I don’t see that as a well-intentioned newbie posting misguided tips, I see that as a mediocre journalist posting a hacked-together list to get a few pageviews without regard for the aftermath.

There is nothing inherently wrong with a lack of knowledge, but turning to evangelism with insufficient knowledge does nothing but damage the reputation of what you’re attempting to promote. I’m firmly not in the “Linux for everyone” camp, but even for those that are, I can’t see poorly fact-checked top-10 lists being of any use to the Linux community at any level.

Not for a minute am I suggesting that the article go uncorrected. By all means, drop the author a note or leave a comment that gently corrects the errors. For added bonus points, offer to help spot-check the next piece they care to write, or point them in the way of some better resources.

I give the original author credit for a few things:

• They actually sign their name to the things they write. In my book, you lose several thousand points of credibility unless you’re willing to use your name when writing, unless you have genuine reasons for not doing so. (i.e., someone living in an oppressive regime that fears reprisal for political commentary — not someone taking the piss out of named tech authors online.)
• They were actually trying to be informative. OK, minus many points for missing the mark, but they tried.
• They have enthusiasm for the command line. Getting some CLI stuff wrong doesn’t irk me half as much as the “OMG, not the CLI!!” pieces that pop up so often about how Linux is unsuitable because you might need to touch the shell once in a great while.

I don’t see how anonymity (or lack thereof) should factor into this. Choosing to withhold your details does not say anything about your character, contrary to what “If you aren’t guilty, then what do you have to hide?” fear-mongers would have you think.

The results of ‘trying’ have been discussed several times, and I believe spreading disinformation vastly outweighs the benefits of one advocate.

The last point is valid, in that it’s rare for a Windows-centric journalist to not immediately deride *nix for its archaic command line roots. However, as above, teaching the rm -rf-as-default doctrine does nothing but harm.

That’s material that can be worked with. Yes, the original article was flawed. But if approached correctly, many of the writers who want to cover Linux can be helped to get it right. And what we want, at least what I want, is more people spreading the word about Linux. The odds of the humiliation approach being effective are zero. You’ve just gotten off on the wrong foot with a potential advocate and this approach will do absolutely nothing to correct the next newbie journalist before they write their first flawed article, because they’re not going to read this sadistic diatribe before penning their first piece. It’s only perpetuating the arrogant elitist stereotype, which many others have been working quite hard to correct.

Our opinions differ hugely on this matter, so I won’t address the first bit, as I can’t do so objectively. It’s true that humiliation causes people to retreat, but that’s not far from the intent. The elitist attitude is not all-encompassing. Most of the cynical “RTFM” answers given out in IRC channels and on forums have been quashed, and I, along with many, many others, spend time helping new users that are legitimately interested in Linux, yet have difficulties that can’t be solved with a five-second search.

The fact is, Ubuntard is not mainstream Linux reading material. It’s cynical, it’s caustic, and it’s an outlet, albeit an entertaining one for those with similar perspectives. Generally, it draws mostly from the latter half of “contructive criticism”, and that’s fine.

It’s important to remember that most journalists are generalists, not experts. And right now, most of those generalists are scrambling like mad to meet deadlines and try to pump out as much material as possible. Yes, they’ll get things wrong from time to time. Most people eff up in their jobs from time to time, the primary difference is that journalists and bloggers do so in full public view. Nearly every error is going to be on public display. (Plus the ones made by subsequent editors and people in the editorial chain, assuming one is working for a publication that still has an editorial chain, but I digress…)

As I mention in response to the first paragraph, technology knowledge is hypercompartmentalized. Combine this with the generalism of journalists and the often-minimal editorial oversight of online publications, and authors are suddenly left largely to their own devices. Those that do not adapt to this deserve to be ridiculed, for they are spreading disinformation by not checking their own facts at any level. If you’re a new user and encounter a guide such as this and can’t differentiate fact from fiction, you’ll likely blame the software, not the author, as it’s commonly assumed that journalists have some amount of integrity and check their own facts.

It’s okay to get a few facts wrong when you’re writing a thousand-word piece on climate change, but writing a short top-ten list wherein more than half the commands are demonstrably broken? That’s shoddy by any metric.

It would seem Linux users can’t catch a break. Every year, blow-hard journalists will try out a Linux LiveCD, decide it’s actually worthwhile, and declare date +%Y to be the year of Linux on the Desktop, only to run around screaming about how Linux isn’t ready for mainstream users after they manage to screw their system over while fiddling with sudo.

Combine that with the fact that the majority of journalists who do routinely cover Linux do so as an off-shoot of their Windows coverage, and thusly you end up with ignorant writers “informing” the masses. There are precious few good sources of Linux news (cough, lwn.net), yet a truly staggering amount of shoddy journalism.

Today’s target is ideal. It’s at once highly superficial, yet the misinformation communicated is dangerous in the minds of ignorant users. Of course, per usual, the misinformation is spread far and wide due to the collective unintelligence of social media sites.

In the introduction paragraph alone, the article gets several things wrong. The very first sentence being:

“This article is equal parts opinion and fact, as the most powerful commands depends on what one needs them for; someone who is running a network of Linux machines will require different commands than an individual user.”

This is completely true, of course. You see, when administrating multiple systems, GNU Coreutils are thrown out the window, replaced by networked magic.

“For example, you may need to use su instead of sudo or nothing at all, if you’re running as root.”

I’m sure su rm will do you loads of good, assuredly doubling your productivity while you sit there staring at su: user rm does not exist.

“Note: to see a full list of possibilities for commands, type ‘command –help’ in the Terminal.”

Truly, we are living in the future. Everybody uses software with GNU-style long options, and there exist no programs that only feature -h, or, perhaps, eschew help output for a man page.

With three inaccuracies in the first paragraph alone, things aren’t looking good for this article. Proceeding on to the actual commands, we see that the very first entry is the venerable ps. Aside from some misconceptions and generalizations, this entry’s fine — If only because you can’t actually do any direct damage with a program that only parses the contents of /proc/.

The next? rm, of course. The perennial favourite power tool of the ignorant neophyte, with which they can trivially hack their limbs off. So full of misinformation that it can be barely contained by the PNG format:

The signal to noise ratio is decidedly in favour of noise, here. It seems to be common for idiots to deem -rf (Which equates to the long options –recursive and –force, respectively.) necessary to the operation of rm. However, this is arm-gnawingly stupid. If you’re carelessly using wildcards and match a directory without arguments, rm will refuse to delete the directory. Those files you carefully made non-writable? They’re gone, too, because –force overrides the default behaviour, which is to warn when attempting to delete read-only files.

That’s not even to mention the fact that rm -rf dir $DIR will obviously delete dir and $DIR, and that ‘dir’ is in no way a part of rm’s syntax. Moving past that, we run into the most monumental bit of stupidity yet: “rm -rf dir / will delete the home directory.” Ah, to be young and stupid. To write articles for a publication whose editor is either non-existent or sufficiently inept to not actually test or even glance at the commands being published. I’d riff on the fact that the terminal image is actually depicting rm - rf dir which would obviously cause rm to attempt to delete -, rf, and dir, but frankly I think the author has already illustrated her own stupidity sufficiently at this point.

Moving on to #3, pstree. While it produces pretty output, ps can do everything it can do with or without a tree view. Combine that with the fact that ps produces better output for grepping, and you’ll find that not many serious users have a use for pstree.

#4, history, conveniently omits the fact that shell histories are written asynchronously, and thusly, an open terminal won’t have written its activities to disk until it’s closed. Most comically, the author illustrates gross ineptitude with the terminal, piping output to “adobe” and leaving trailing pipes, then failing to compile an application before giving up and installing a binary through the package manager.

As for #5, apropos, there’s only a hint of misinformation. See, apropos is not magical, but, alas, technology does appear magical to the wholly ignorant. Being equivalent to man -k, there’s really no need for apropos — Why use a second application to essentially grep through the NAME field of man pages, when that’s one of the basic abilities man already has?

ls. What lousy list of commands would be complete with the most obvious command of them all, the command necessary to actually display files, directories and their properties? Of course, this paragraph cites invocation as LS and LS -LH. As any user with more than two brain cells knows, by default, Linux (Most *nix, really.) filenames are case-sensitive. So, assuming you can get /bin/ls to actually run, you’re left with the arguments -LH which are entirely disparate to -lh, the former dereferencing symlinks and the latter doing… absolutely nothing.

I’m surprised to find grep here. It’s something the mouth-breathers tend to forget about, but that does not forgive previous transgressions. Again, idiotic syntax is advocated: Simply because grep can take [aAbBcCdDeEfFgGhHiIjJkK] as an argument doesn’t mean it’s useful, or efficient. Anybody with more than two brain cells will opt for a range, such as [a-z]. Secondly, CamelCasing your input is dumb, and you should just use the -i option, which disables case sensitivity.

Yet another often-omitted tool, if ls is a pair of pruning shears, find is a chainsaw. However, true to past experiences, this article does a very poor job of describing and selling it. As literally every Linux sysadmin should know, /etc/passwd does not contain password information, unless you have managed to deliberately disable shadow passwords, and you do not edit the hashes in /etc/shadow without making use of the passwd utility. Stupid example aside, the author then goes on to mention “commands” that can be used with find, which are, of course, simply compiled-in arguments.

Unsurprisingly, yet more idiocy. Capitalizing “terminal” as though GNOME Terminal is the only terminal emulator, and, in the second paragraph, giving a time example of 04, 07, 23, 45 * * * *. What will this do? Explode horribly, mostly. See, cron is picky, and you should ideally not violate the format by throwing extraneous spaces in. 04,07,23,45 * * * * would work fine, of course.

Perhaps the most clueless statement is “If you would like a command to run every specific set of minute intervals, add an asterisk after the minute command”, though. Running at minute 5* is equivalent 5,50-59. What actually works would be minute */5. Lastly, the image is quite funny, as if pasting a crontab entry into your terminal will do anything besides cause your shell to spew errors about unrecognized commands.

Having seen this before (Blind Leading the Blind), it would seem this is the trendy, stupid mistake to make. You know what -m does? It mirrors. It does not download page requisites, and it recurses infinitely. Enjoy your gigantic mess.

Last but not least… the author. A “self-appointed Linux guru”, to be sure. It would seem that the worst dreck always comes from those who think they know something. The overconfident make stupid mistakes, such as this article, which is nothing but a series of stupid mistakes.

The author demonstrated knowledge roughly comparable to that of consumer-level support such as Geek Squad, but at least they have the decency to supply their employees with a handbook and some fire-and-forget utilities so that the employees’ ineptitude doesn’t actually do damage, most of the time.

Perhaps the Laptop Logic people should stick to pricing out laptops and writing video game guides, where hopefully their terrible advice isn’t able to do any serious damage.

As is written on our About page, novice users have an annoying propensity towards zealotry. They may not be able to install and update packages without a GUI, but damnit, Ubuntu is the best operating system around, and they’ll try to force it on everyone they meet.

The key fallacy herein is as such: Market share doesn’t matter, in the grand scheme of things. The majority of free software developers develop in such ways for practical and philosophical reasons — The ease with which third-party developers can submit patches, and the vast amount of available, reusable code provided by thousands of other projects, among many other things.

The average zealot behaves like a drunk at a sports bar. By the end of the night, he’s no longer able to articulate exactly why he likes the teams he does, but that doesn’t cause him to diminish his volume. The bartender would’ve stopped serving him hours ago, but he tends to get violent when deprived of what he wants.

Go team, go!

The free software movement is not tied to market share, and in my experiences, most good developers will find their way to a project on their own. Seldom do valuable contributors arise after having something forced upon them, in which they had no initial interest. Many smaller projects exist to serve the developer’s personal interests, and as such, a lack of users will not cause the project to die. In such a case, the primary purpose of distributing and open-source licensing of the software is to solicit feedback, and perhaps bug-fix patches.

Using a computer has grown ever simpler. Those so inclined are able to use a computer while knowing nothing of its inner workings, or even why the actions they’ve memorized have the results they’ve grown to expect. The fact is that the majority of users simply want to use, not learn. They don’t want to contribute code, feature requests, or even bug reports. At most, they will pester the person who inflicted this Linux thing on them, or perhaps clutter up help forums with questions that have been asked dozens of times before.

Some argue that increasing free software’s market share diminishes the hold of proprietary applications, and this is somewhat true. If not for the rise of standards-compliant browsers like Firefox, web developers would still be spending the majority of their time writing hacks to make sure their sites rendered correctly in IE 6.

It’s true that Adobe released an x86-64 version of Flash for Linux before Windows due to a persistent demand for it, but don’t think for a minute that was brought about by novice users. No, that was likely a result of persistent lobbying by enthusiasts, while the novice users were busy thinking that x86-64 was only for systems with over 4GB of RAM.

Market share does not affect smaller ecosystems, and in some cases, advocating alternatives can create a divide. To provide an example: In the slow-moving world of corporate IT, many intranet services work only with IE 6 and earlier. As such, installing a Linux distribution on a friend’s work laptop may do both parties harm. The installer is deluged with questions and complaints as to why Linux doesn’t work with the company’s software, and in the end, the user is left with a bad taste in their mouth, viewing Linux as difficult to use and incompatible with existing software.

It would seem that rampant fanboy antics are mostly confined the technological sector — You won’t find someone telling others off for their choice in shoe brand. Though advocating operating systems versus shoes are rather disparate affairs, to those who have interest in neither, the outcome is the same: The person being set upon for their choices feels they’re being attacked, grows alienated, and tunes out the other party.

Linux is everywhere. The majority of servers run Linux, as do the vast majority of supercomputers, many cars, cell phones, and appliances. But when consumers interact with Linux-powered devices, it’s not a conscious choice. Joe Sixpack doesn’t care what operating system Google uses in their data centers, as long as Youtube continues to serve him funny videos of cats.

The average user doesn’t choose their operating system. In fact, They don’t actually know what an operating system is. Given that the average user thinks the definition of operating system ranges from “Asus” to “MS Word”, telling them their operating system is inferior causes their eyes to glaze over in much the same way as a physicist explaining quantum entanglement to a four-year-old.

There are five programming books in this beard. Can you spot them all?

The core point is this: In its infancy, Linux attracted those who had worked with Unix, with voluminous beards in which they could hide copies of C reference books. These days, Linux attracts two types of conscious users, cut from the same cloth: those who are philosophically opposed to proprietary software, and those who have practical, typically usability- or bug-related issues. Pushing Linux onto those who are reasonably happy with Windows seldom ends well, so it’s best to only introduce it to those who aren’t — Or, ideally, they could find Linux themselves. It’s not as if it’s hard to Google (or Bing, for some irony) “free Windows alternative”.

Follow us on Twatter

As per the existing no-nonsense layout, we’ve opted to provide increased functionality without degrading readability — Here’s looking at you, site with half a dozen floating objects and in-line ads.

In order to move to FeedBurner, we’re redirecting our RSS feed via a redirect header. Some clients don’t play nicely with the redirect, so if your feed drops, please pull out your LART and beat your feed reader into submission. Also, if you’re not subscribed already — do so, for extra slack.

We’ll be sending out secret decoder rings to all RSS subscribers; don’t miss out on this excellent piece of kit. Sign up today!

That is all. ^D

twatter image credit

I began using Linux in Fall of 1989, and have since learned many things that help me day-to-day. Being dedicated to the community, I thought I’d share some of my knowledge, to help make Ubuntu faster and more usable than ever.

Linux in the days of yore.

Let’s start with the configuration file used by the Bourne-again shell, .bashrc. As the configuration file for the most popular shell used with Linux, it plays an important part in how friendly the command line is.

The $PS1 was unveiled by Sony in 1994, achieving worldwide release in 1995. It was discontinued in early 2006, though it is still in use by a large number of Linux distributions. In order to greatly speed up the shell, you might try replacing the antiquated $PS1 with a $PS3, introduced in late 2006 and featuring a vast array of features.

To do this, open a terminal and run sed -i 's/$PS1/$PS3/g' ~/.bashrc. If you want to apply your changes immediately use source ~/.bashrc

Once you’ve done this, your shell should be running orders of magnitude faster.

A little usability tip, now. I find it to be useful to get coloured output from ls and grep, so echo -e "alias ls='ls --color=auto'\nalias grep='grep --color=auto'" > ~/.bashrc and you’ll have colour for both commands. The former may already be provided by the default Karmic Koala .bashrc. While alias duplication has never hurt anybody, output redirection often has.

On to lower-level optimizations. With the quest for lower boot times, cruft has been trimmed down. Less services are started at boot time, and in general, the boot process is highly optimized. However, nobody’s perfect, and there are number of flaws that cause the boot process to be delayed. For example, the file /boot/vmlinuz has its name not for any logical reason, (some rationalize it as the ‘z’ indicating compression, which is untrue) but instead originated as a typo which has become so ingrained that boot loader developers have had to work around it, to the detriment of boot time.

Some say Ubuntu's performance is stuck up a tree.

Note that since these are low-level system modifications, they all require superuser privileges. It’s tiresome to prepend each with sudo so you might instead su root or, if you don’t have a root password set, sudo su.

Due to the slow execution speed of the boot loader, checking various locations for the Linux kernel executable delays the boot by several seconds. To remedy this, you can mv /boot/vmlinuz /boot/vmlinux and your system should boot several seconds faster, as the boot loader need not do as many heuristics.

Next, the filesystem. During boot, a number of files are accessed and modified, and the writes that the system must do to update the timestamps on these files slows the boot process. To combat this, you can use a text editor of choice (I recommend vim) to edit the fstab file, as such: vim /etc/fstab and change every instance of defaults to defaults,noatime. Noa time is a new method of time-stamping that is both more accurate and faster than regular time-stamping, using Noa units, which are directly analogous to Swatch Beats.

A very important step that many users miss is the device tree. With a generic configuration, most devices will be mounted at /dev/sd*, but this is sub-optimal for performance. What few know is that each category in the device tree is intended for a family of devices. For your benefit, here’s a list of several common device prefixes:

• /dev/fd: Floppy and Flash drives.
• /dev/hd: Hard disk drives and high-definition televisions.
• /dev/lp: Line printers and vinyl records.
• /dev/sd: Solid-state drives and Secure Digital cards.
• /dev/tty: Cannot be mentioned in polite company.

If you wish to determine which device names your storage devices are using, run fdisk -l. If you find your hard drives are using the /dev/sd prefix, worry not! You can run a simple for loop to correct the issue: cd /dev/ && for i in sd*; do mv $i $(echo $i | sed 's/sd/hd/'); done

The loop can be modified as you see fit. Keep in mind that as hard disk drives and high-definition televisions are quite different, the shared driver for the two device families is rather generic and bloated. The hard disk’s read/write heads operate on the platters in a similar manner to a cartridge and needle reading a 12″ LP. As such, you may wish to do the following to optimize your hard disks: cd /dev/ && for i in hd*; do mv $i $(echo $i | sed 's/hd/lp/'); done

Another large performance bottleneck is the number of TTYs spawned by default. Each getty process uses up to several hundred kilobytes of memory, and given that Ubuntu spawns six by default, they can eat up a substantial portion of your resources. While no longer bleeding edge, my Thinkpad 760 ED is still formidable with its 16 MB of RAM and 133 MHz Pentium, and yet Ubuntu would waste a substantial percentage of my memory if I didn’t disable the needless TTYs.

To remove them, edit the appropriate file, vim /etc/default/console-setup and change line seven’s range from"/dev/tty[1-6]" to "/dev/tty[1-2]", and then rm /etc/event.d/tty{3..6}.

As any experienced user knows, all the great things in the world run on steam: Locomotives, kettles, the majority of ships from the 19th to 20th century, and, of course, politicians. For this reason, it’s highly recommended to install sl, a package available in the Universe repository, as it provides an adequate quantity of steam.

Congratulations! If you’ve made it this far, you now have a highly-optimized system and are ready to impress your friends with the responsiveness of your computer.

Lastly, a bit of inspirational prose:

Sudo or do not, there is no
-bash: try: command not found

If you're not careful, hackers can do this to your computer.

This guide covers a number of common Linux security flaws that make using the shell an unnecessarily risky experience.

For the security-conscious, choosing an open-source operating system like Linux should be simple common sense. The open-source development model encourages third-party scrutiny by its very nature, whereas closed-source models inherently mandate none. Companies often do little internal auditing, additionally prohibiting reverse-engineering through complex end-user license agreements.

The fact is that it’s very easy to corrupt a proprietary application from a security perspective: management decides on  a subversive feature and the developers are obliged to implement it, while in an open-source environment,  nobody has the final say. Those who strongly oppose a change may simply fork the project, and time will decide which project made the right decision. On the other hand, those who oppose questionable changes in a proprietary application are terminated by their employers via papers or private military corporations.

Contrary to public belief, large, current distributions are often a poor choice for security. As time goes by, projects are increasingly tainted by corporate and governmental interests, to the detriment of security-conscious users. Likewise, newer software is not necessarily better — New software is continually scrutinized for vulnerabilities, and as such is less secure than its long-forgotten predecessors. Without compromise, all users should find and use a suitably archaic set of software (such as Linux kernel 2.0) such that no new vulnerability analysis is taking place. Likewise, older software tends to be more compact — It is easier for a user to analyze the source of the Linux 2.0 than it is to read the millions of lines within Linux 2.6. However, being pragmatic, Ubuntu is a good choice because the upstream Debian patching often fixes software (and warps it in interesting ways) such that general-purpose exploits become infeasible.

When securing a distribution, there are a number of common pitfalls — applications that are often accepted by novices, yet carry a significant security risk with them. As any experienced, security-conscious user will tell you, the average default installation performed by many of the more user-friendly distributions is often lacking in security, catering more for general use. But what of the dangerous exploits that can turn your power supply into a bomb?

It looks innocent, but is your power supply plotting to kill you?

Below is a list of common applications that are responsible for the vast majority of damage inflicted during system compromises.

• ls: Many see ls as an innocuous command, useful for finding files within a directory and determining their attributes. However, this command is commonly replaced with malicious binaries due to the frequency with which it is invoked. I recommend moving the ls binary to a 16 or 32-character random location, such as /usr/bin/OGh1eoL2hDqZOBl8. To generate this with sufficient entropy, I asked an acquaintance afflicted with severe multiple personality disorder. As this string has been disclosed, it is now to be considered compromised and should not be used for security purposes.
• cp: Another seemingly innocuous command. In the dream land full of rainbows and marshmallows that most users concoct in their heads, cp is used to duplicate files. This may seem innocent, but in practice it is more often used for malicious ends. After a hacker has compromised the root account and finished compiling a malicious binary, he will use this to copy it into the place of an existing binary, an attack I mentioned in the last paragraph. A cp-savvy attacker is far more dangerous than one who only uses mv, as the former is capable of replacing multiple binaries at a time, and has a back-up in the event his activities are noticed.
• dd: While some will insist it can be useful, it should never be touched. A hacker can easily use this to erase the filesystem from one of your devices, or copy the filesystem of a malicious device onto your system. This utility is highly dangerous, being responsible for a large number of catastrophic data wipes, and is to be avoided at all costs. Any distribution that packages dd is ideally avoided. Note that this often means creating your own distribution, as dd is included in GNU Coreutils, a commonly-packaged suite of applications ranging from the mundane to the critically dangerous.
• cd: While technically a shell built-in, this highly damaging command deserves its own entry. While it would be beneficial to start users in a random, deeply-nested directory without a $PS1 (or pwd support), due to cd’s default behaviour of navigating to the home directory when called without arguments, this potentially useful security technique is rendered useless. Likewise, the tilde (~) expands to the home directory’s path, and it too is often used when compromising a system. Ideally, this command would not be compiled into the shell. The other dangerous link cd makes use of is “..”, which allows the shell to traverse up the directory tree without actually knowing the name of the parent directory. This is the equivalent of allowing a blind lunatic with a chainsaw into your home and playing Marco Polo with him.
• bash: Commonly used to interact with the computer in a text-based way. This is the most common shell on Linux systems, and as such, it facilitates the vast majority attacks. Capable of executing arbitrary commands and code, it alone is responsible for over 99% of the damage inflicted during attacks. You should remove this as a first step in securing your system, along with any fall-backs such as ‘ksh‘, ‘zsh‘, and ‘dash‘. Busybox, functioning as a minimal replacement for the shell and GNU Coreutils, is a better alternative, but remember: A system you can log into is a system you can compromise.

The file /etc/passwd contains important information about your users and their shells. An attacker reading this file now only has to guess the password of the user account, which makes username security worthless. Remove this and use a 32-character randomly-generated string for your username. Do not generate the username through /dev/urandom or any such device, as it is not a true random number source, producing pseudo-random output which can be predicted by severely obsessive-compulsive individuals like myself. Likewise, Internet servers providing so-called ’secure’ random numbers are likely fronts for governmental agencies interested in harvesting your data, so you should find your own source of entropy.

The Internet: An unnecessary security risk?

The Internet is the vector through which the vast majority of attacks occur. A common application which uses the Internet is the browser, which communicates over HTTP, typically using port 80. This port is commonly used by hackers to send malicious data to unsuspecting users, and as such you should read ‘man iptables‘ and drop all packets being sent to port 80 on your machine in order to reduce the chances of an attack. It is also wise to drop packets on 443, which is used by HTTP over TLS/SSL, a supposedly ’secure’ protocol utilizing government-vetted (and thus highly suspect) algorithms.

Remote access is another primary attack vector. So-called ’secure’ remote access utilities such as OpenSSH use algorithms such as RSA, DES and AES to secure their payloads, all of which were developed or analyzed by major governmental cryptography agencies, and as such are likely to have back doors allowing the government (and other knowledgeable, malicious entities) to read your confidential information as it is sent over the wire. I recommend xor and rot13 for maximum data security, as they are uncommon and thus your data will be secure. If you feel you need additional security, utilize rot14. While rot13 is able to be decoded in the same manner as it is encoded, rot14 must be run 26 times for the message to be deciphered. It is also possible to rot -1, but this is a highly sophisticated attack that few are capable of.

There is a directory on every machine, /usr/share/man, which contains information on much of the software you have installed. Through this facility, attackers can determine what you have installed, and compromise your system through vulnerabilities in these applications even if they aren’t running: That’s how deadly /usr/share/man can be. Keep in mind that man pages are created by the people who package software for your distribution, and sometimes by the upstream developers themselves.This is clear evidence of the system deliberately working  against the user. While it is impossible to determine whether your ‘rm‘ binary is intact, I suggest attempting to use it as such: ‘rm -rf /usr/share/man‘. If it has not been compromised, this directory will be removed and your system will be markedly more secure.

Hackers can also determine what you are running via the process list, and this cannot easily be stopped. You might try unplugging your ethernet cable, but due to electromagnetic emanations from your computer, data can be gathered without a direct connection and without a wireless networking device. At the lowest level, all attacks are facilitated by power. Be it 110 or 220V, 50 Hz or 60 Hz, on a 15, 20 or 30 amp circuit, without power, no attack is possible. The Paranoid Schizophrenic would thusly recommend unplugging your Linux machine to ensure data integrity and security, if it did not impact uptime in a negative manner. If you are particularly uncompromising, you may wish to do this. Data security is paramount for some, and this is one of the best ways to ensure it.

Commonly used by computer professionals, RAID, or “Redundant Array of Inexpensive Disks” is commonly used for a variety of reasons, ranging from increased speed to improved data security in the event of drive failure. I cannot condone RAID1, because it is then possible for an assailant to steal one of your drives without you being any the wiser. RAID0 is the optimal solution, across multiple disks and with multiple partitions per disk. This way, a drive failure (or damaging one drive in any way, such as airlifting the computer back to the Pentagon for analysis) is guaranteed to render the data unusable. You should pick a block size based on that you are storing — With small files, a large block size may be sufficient to store entire incriminating files. It’s recommended to use a very small block size in that case, such that the file, even if partially recovered from one drive, is useless.

At a very low level, there is also the file system. If you are running a newer file system such as ext3, ext4, or reiserfs, your computer may be SPYING on you. Everything is written to a ‘journal’ before being committed to the disk. Do you know anything about this journal? I thought not. In practice, this journal may be harvested and transmitted to governmental agencies who will be able to replay disk activity. Meta-data journaling is also an option, wherein entire files are not written to the journal — But this can still prove to be incriminating evidence. It is inadvisable to open your hard drive and have a go at the platters with a chisel, because it is difficult to identify the location of the journal.

J. R. "Bob" Dobbs: Can he be trusted?

Lastly… Can strangers be trusted? Can your friends be trusted? Can your mother be trusted? Can you be trusted? I think not. Under duress you may be willing to allow others to compromise your system, and that cannot be allowed. For perfect security, you should write your data onto floppy disks, bury them individually in crates across a large expanse, and then bludgeon yourself repeatedly in the head so that you cannot remember their locations.

Big bold headlines found their way to Digg and Reddit, proclaiming the revelation.

Karmic Koala’s New Login Screen Revealed

Let’s take a gander!

Cumbuntu

Hmm… I was expecting something a little more, uh climactic, with all the hype and buzz that surrounded the posts.

A few quotes from the critics:

Looks so smooth and stylish…

That’s hot

Sexy…

About time! Now I’m really going to do a fresh install… T_T It is best to start fresh if the next version have a lot of major changes, just like now…

Linux is finally ready for the desktop now that we can log in with style.  Those of us rebooting our boxes more frequently than every few weeks will certainly be in for a treat.

The Die Hard

Bio:  The Die Hard is out in force on Ubuntu forums and social media, commenting on blogs and tweeting about the latest upcoming Ubuntu features.  The drivel this guy spews is inane and forgettable stuff, characterized by comments that treat Ubuntu as if it is the only distribution in existence.   He downloaded Ubuntu 2 years ago after seeing his leet hax0r friend running fluxbox at university.

Blog Title: WTF Ubuntu FTW

Ubuntu Flavor: Ubuntu Alpha pre-release

Experience Level:  Moderate

Catch Phrase: “I can’t wait for Karmic, it’s supposed to boot in 10 seconds and the new boot splash is AWESOME!”

The Excited Newbie

Bio:  Newbie downloaded Ubuntu at the advice of his friend after losing his Windows partition to the typical viruses and trojans clueless users tend to pick up.  Unfortunately, Ubuntu doesn’t come with a clue stick, let alone install one alongside Windows.  Newbie’s cluelessness follows him into the Linux world while he posts questions and floods IRC channels with the most trivial questions.  Newbie adds as many third party repositories at once as possible, eventually rendering his system as inoperable as the Windows machine he previously abandoned.

Blog Title: Coming Soon!!!!11

Ubuntu Flavor: Ubuntu via Wubi

Experience Level: Clueless

Catch Phrase: “WWOW! automatix is awesome, my nvedia gfx and dvd are werking!!  btw ubuntoo is awesome!!!11eleventy”

Mr. Misinformation

Bio:  Mr. Misinformation switched from Fedora years ago after getting confused by the RPM system.  Unable to upgrade Gaim without tearing his installation apart package by package, he gave in and downloaded Ubuntu.  While not exactly an idiot, Mr. Misinformation isn’t quite the guru he thinks he is.  He hangs out in Ubuntu IRC channels and forums, answering anything the Excited Newbie can come up with.  The trouble is, Mr. Information doesn’t research his answers, and often replies with half-truths or dangerous commands off the top of his head which result in unfortunate consequences for the unsuspecting noob.

Blog Title: Ubuntu Tips and Trix

Ubuntu Flavor: Any ‘buntu – Latest Stable

Experience Level:  Just Enough…

Catch Phrase: “Oh, you need to clear your firefox profile.  Just rm -rf ~ /.mozilla and you’ll be good to go.” (Ed: Notice the space after ‘~’)

The Evangelist

Bio:  The Evangelist almost understands the GNU philosophy, but really gets off on the concept of the African word and philosphy of ubuntu itself.  She is mainly a user of mailing lists, interjecting with questions about how best to get her local school running Ubuntu to save money and topple the evil Microsoft monopoly.  Typically,the Evangelist is easy to take in small doses, but spending too much time around her can begin to grate.  There are only so many times you can be told to refer to Linux as GNU/Linux without wanting to bash her head in.

Blog Title: Ubuntu for the Masses

Ubuntu Flavor:  CrunchBang on a P-II 300MHz

Experience Level:  Clueless to Clueful

Catch Phrase: “It’s really unfair that Linux Torvolds gets all the credit for our movement — please give credit where it’s due and refer to this as GNU/Linux.  That’s with a hard G, as in gifted.”

The Poser

Bio:  The Poser doesn’t actually run Ubuntu, but that doesn’t stop him from expounding on it.  A frequent of Digg.com, Poser likes to chime in on articles related to Linux in order to feel like one of the crowd.  Perhaps he doesn’t quite have the guts to run without Windows yet, or maybe he uses a Mac and suffers from multiple personality disorder.  The Poser is characterized by commenting on an article, blog post, or social media item without actually adding any opinions or substance.

Blog Title:  Just Another Wordpress Blog

Ubuntu Flavor: Snow Leopard / Windows 7

Experience Level: N/A

Catch Phrase: “Wow! This is useful! Great blog!”

The Old Timer

Bio:  The Old Timer has seen and done it all.  He’s an old-school retired Solaris or HP-UX admin who’s spent one too many days behind a CRT.  You wonder if his brain may be melting from the EMF those old green-screen teletypes used to pump out.  Regardless, this guy knows his stuff, but sticks to Ubuntu because he can’t be bothered to administrate his systems anymore.  Ubuntu is safe and easy, and in his old age, that’s the way he likes it.

Blog Title: Our Vacation Pictures

Ubuntu Flavor: Vanilla Ubuntu

Experience Level: Masterful, but unwilling

Catch Phrase: “Where can I find a Korn shell .deb?”

The Graduate

Bio:  The Graduate has been running Ubuntu since its early days, and is ready to get out.  Tired of all the characters above, the Graduate is experimenting with Arch Linux, FreeBSD, Red Hat, and Slackware on his quad-core rig with VirtualBox.  Nearing enlightenment, he takes a deep breath and fires up fdisk to repartition his Ubuntu drive.

Blog Title: Development with C++

Ubuntu Flavor: Ubuntu, Coaster Edition

Experience Level:  His Kung-Fu is Strong

Catch Phrase: “So long, suckas.”

For example, the aptly named OMG! UBUNTU! recently posted about the new boot and login screens coming to Karmic.  Gee, haven’t we seen this before?

OMG! UBUNTU! YAY!

The new boot splash is something special, for sure.  Feast your eyes:

Uh... Wow.

The ever-competent boys over at Phoronix also did another post on the new boot splash.  This time, instead of plastering their logo in the middle of captured video, like Softpedia, they decided to videotape a glare-obscured ugly-ass laptop running the alpha:

Ok, well maybe that’s not so exciting.  But surely there’s some more awesome stuff coming up, right?

Of course!  Karmic is also rumored to include Ubuntu’s new Software Store.  Here, have a screenshot:

Exciting shit

This aims to replace the aging Synaptic and Add/Remove Programs dialogs.  Fortunately, fellow reader, they’re leaving aptitude and apt-get un-fucked-with.

Well, all of this is a little underwhelming, isn’t it?  You would think that after Jaunty Jackalope’s lukewarm reception, they would pack a killer app in there or two.  Unsurprisingly, you would be wrong.  Instead of sticking with Pidgin, for example, Karmic is said to be switching to Empathy for messaging.  Nevermind that Empathy is a buggy, half baked mess.  Nevermind that Pidgin has finally added voice and video support.  I’d lay money down right now that 9 of 10 users will uninstall Empathy and replace it with Pidgin within the first hour of installation.

So what is there to look forward to?

Well, Karmic users will finally get Firefox 3.5 in the base installation and repositories.  They’ll also get GNOME 2.26, some new artwork, and another animal-kingdom idol.

But don’t forget the #1 reason for Ubuntu: its excellent and ever expanding community of Ubuntards, your personal support army.

Here’s what you’ll get with your order!

Exhibit A:

Not quite...

Exhibit B, more wisdom from the tards, after a user asks why he can’t cd to a directory:

Correct!

Then, thankfully, an expert comes along to correct the error:

Oh, so close...

These are just examples from the last two hours of posts on the forums.  I have some real gems tucked away for a later date, but these serve to illustrate the point.  They’re just the blind leading the blind.

Previously hosted on fsckvps.com (whose name can also be accurately interpreted as “fuckups”) we’re back up and running at nearlyfreespeech.net, whom I endorse mightily.  The previous hosting company suffered catastrophic failure and destruction in early June at the hands of an unnamed hacker exploiting a weakness in the management portal and bad administrative practices.  Most of the VPS systems hosted by VAServ and fsckvps.com were totally obliterated.  Ubuntard.com was one of these.

Always the tard myself, there were no full backups of the Ubuntard.com database or site.  I used Google’s cache and my own local copy of the theme to rebuild the site.

As a result, you’ll notice that:

1. Previous comments are missing.
2. A post or two may be missing.

C’est la vie.  Oh well.  Live and learn.  I hadn’t thought the site important enough to backup at the time, but after a few weeks of idleness, I was bitten again by the rage welling up inside me surrounding Ubuntu and its community.  So with little further delay, on with the posts and welcome back.