Tag Archives: Ubuntu

The top 10 mistakes made by Linux developers

My colleague, Dr. Joel Isaacson talks about the top 10 mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world.

The Little Engine That Could

Copyright 2004 Joel Isaacson. This work is licensed under the Creative Commons Attribution License.

I  try to explain what are the top 10 mistakes made by Linux developers as I see it. I’m aware that one person’s mistake is another person’s best practice. My comments are therefore subjective.

I will use an embedded Linux device, the WRT54GS, a wireless router as an illustration of an embedded Linux device.An interesting article about this device can be found in: http://www.pbs.org/cringely/pulpit/pulpit20040527.html.

“The Little Engine That Could” How Linux is Inadvertently Poised to Remake the Telephone and Internet Markets – By Robert X. Cringely

So what are the top 10 mistakes made by Linux developers?

10 – Pick a vendor.
9 – Then pick a platform.
8 – We are not in Kansas anymore.

Support Issues

10 – Pick a Vendor

  • In my experience picking a large foreign company for support is not the best way to go for various reasons.
  • More about this later.

Continue reading

Tell your friends and colleagues about us. Thanks!
Share this

Open document interchange

I read today that the South African government is more committed to ODF than ever.

(ODF – is Open Document Format – for the unwashed…) As someone who has been involved with open source since 1998 – I believe that the support and adoption of ODF by the South African government would never have happened if Open Office had not reached it’s current level of maturity.

Ostensibly, support for ODF is a public policy position with declaratory, functional and political aspects. It is also impossible to ignore the fact that Microsoft in South Africa is a powerful competitor for government business with excellent products.

Therefore – I believe that this is primarily an economic decision.

The Rand has depreciated from 7 to almost 12 on the US Dollar since last June.   A committment to ODF is  also support for Open Office and Ubuntu – all excellent, free Open Source products that  save the South African tax-payer millions of Rand a year on license fees to Microsoft.

Tell your friends and colleagues about us. Thanks!
Share this

Ubuntu in Warsaw

I was in Warsaw two weeks ago on a data loss project and walking down the street – lo and behold – I run into this. It’s hard to see in this little picture but one of the sponsors of www.ubuntu.pl is Subaru.

Someone seems to have stolen the hubcaps which is an indication of free open source spirit – assuming that they reused them and gave credit where credit is due.

Who would have thunk!?

From it’s African roots to a young, dynamic Open Source development community in Poland – well that’s saying something I think.

Ubuntu to stare afrykańskie słowo oznaczające “człowieczeństwo dla wszystkich“. Kierując się tym przesłaniem firma Canonical Ltd. opracowała i udostępniła opartą na Debianie dystrybucję Linuksa Ubuntu.

Tell your friends and colleagues about us. Thanks!
Share this

Automated hacking of Joomla Web sites

A lot has been written about Google-aided automation of hacking. There is little I can add to this topic besides some personal and practical advice.

If you’re running Joomla 1.5 you may have noticed queries of the sort  “powered by joomla .domain_name_extension” in your Apache access.log file. It’s almost certain you’ll find a few of these if you’re running a Web site with an Israel domain suffix – .co.il. This is an interesting attack vector – Islamic groups use Google to search for Israeli Web sites powered by vulnerable versions of the Joomla 1.5.x software.  If the exploit works then the results are anything from Web site defacing to taking over the admin account.

Here are 4 tips to mitigating this particular class of vulnerability:

1) Stay up to-date with the latest version of Joomla software. There are a ton of resources on the Web telling people how to do that. Use Google.

2) Less is more. The latest versions of Joomla 1.5.x have more than enough functionality for a world-class content web site. Instead of installing a bunch of vulnerable plugins – concentrate on writing interesting and relevant content.

3) Obfuscate. Remove references to “Powered by Joomla” in templates and document.php:

a. Edit the footer and document templates, you can do that in the administrator GUI.

b. Edit libraries/joomla/document/document.php and remove the Meta generator tag reference to Joomla 1.5.   I see no reason in advertising to search engines what version of the CMS you’re using.   Put anything else instead – like DotNet Nuke if you’re running Joomla on a Ubuntu box. I don’t believe you can use Google for passive OS fingerprinting like p0f.

c. Rename the admin user account – call it anything else but admin – no point in giving the bad guys an advantage.

4) Diversify your applications.    Diversification is a technique used in investing and telecommunications in order to reduce risk. Basically what it means is to distribute your application services and create a smaller attack surface on your content management site. If you need a mailing list – use one of the commercial mailing list services like Constant Contact. If you need a social network – use a commercial service like Ning or use an Open Source social networking application like Elgg. If you need a blog then use WordPress or Blogger. Diversification means not putting all your eggs in one basket – if someone hacks your server and steals a list of 5000 names, you might be liable for third party lawsuits, you may have committed a criminal offense under one of the US State privacy laws like California SB1386 or EU privacy regulation depending on where your servers reside.  If someone steals names from Constant Contact — you won’t have liability and without names, your database is a less attractive target for identity theft attacks.

Tell your friends and colleagues about us. Thanks!
Share this