Why Business Doesn’t “get” Desktop Linux

I used to skateboard when I was a teenager. This was during the times when Tony Hawk was in his prime…Powell Peralta was the number one skateboard company on the planet, and Thrasher magazine was the number one choice of reading material.

Most of my friends at that time all rode Powell Peralta boards. The thing is…I was always looking for an advantage…something that could give me a competitive street skating advantage or something that just plainly worked better.

I found that advantage in H-Street equipment. I began riding a naked H-Street board with H-Street Arrow wheels. Switched from tracker trucks to independent and changed my bearings from German to Swiss. I watched Hokus Pokus and idolized Danny Way. I was ridiculed. I was told that I didn’t know what I was doing. I was told that H-Street was no Powell Peralta. A year later, everyone had a Hokus Pokus poster on their wall and were trying to get the gear and equipment I had already purchased.

I’m not saying I’m a trend setter. I’m saying I recognized quality and functionality before most did. Many businesses today are exactly like my friends. They don’t want to change. They don’t recognize quality or something that can give them a competitve advantage (at least not until its too late in most cases).

Why is this? Why is it that many corporations and small to medium businesses cannot or will not take a step back and look at the competitive advantage and cost savings Linux and Open Source software will give their business?

Continue reading “Why Business Doesn’t “get” Desktop Linux”

ClarkConnect – Enterprise Linux for Your Home

Ever wonder how you could get a solid Security Enhanced Enterprise Grade Linux Router/Server with ftp, apache, traffic shaping, pop-up blocker, content filter, intrusion detection/prevention, and other nice handy tools that every robust server should have…and here’s the kicker…installed and running in about 30 minutes in your home? I know quite a few friends of mine that went out and bought routers from brand names like Linksys, Dlink, and Netgear and then bragged about how cool their new router was (especially concerning ‘gaming routers’. Good lord that’s a con). I then showed them that their router was hackable within a few minutes because most of them didn’t change their default password. It’s interesting also that their routers didn’t do a whole heckuva lot other than route traffic…without throttling or intrusion prevention/detection. On those that were wireless…after some intense packet sniffing, I logged into their network and began surfing the web.

The bottom line is…most routers, if not configured correctly and used to full potential, are wide open and provide only a few functions. If you’re like me, this just won’t do. To combat this in the past, I used to use Red Hat 7.2 on a PI 75Mhz like an appliance to provide DHCP addresses for the LAN and a tidy firewall via ipchains and later iptables. Now there is a Linux distro that is more robust, more organized, and much more dynamic than most Linux router/server configured systems and it provides MANY functions. That distro is ClarkConnect. Today, I’m going to take a look at ClarkConnect 3.2 and show you how you can secure your network using its web interface and excellent administration tools.

ClarkConnect is based on CentOS 4.X and offers a very robust set of tools organized into easy to navigate administration pages. The administration pages are very similar to those that you would find with IPCOP and Smoothwall. However, ClarkConnect throws in extras such as the ability to use Samba and set it up as a PDC (Primary Domain Controller), 2 click updates, a caching dns server, a transparent proxy to speed up web surfing, a pop up blocker built into the proxy, dansguardian with blacklisting, online log viewer…there just is a list of features WAY to long to list here. So I’ll link to the features page and you can read a few more things for yourself. Also, if you’re wondering Point Clark Network’s take on community and open source, please read this page. They’re committed to community AND open source.

I started using ClarkConnect at version 2.0. Back then, they used Red Hat Linux as their base. Today, they’ve ported over to CentOS packages…which are Red Hat Enterprise Linux binaries repackaged by the CentOS project. All in all, I’ve been extremely pleased with the performance and handy web interface ClarkConnect provides which enables me to monitor my home network from afar. One thing that truly impresses me is that the home version remains free and open source despite the rise in business that ClarkConnect is currently enjoying. The people at Point Clark networks have a strong sense of community and they are continuously helping in the forums. They are to be commended for keeping this version available to home users! Any problems you might have with CC can be and will be addressed in the community forums. If you get lost or need to understand something better at anytime, please check the userguides at clarkconnect.com. You can also download the Quickstart Guide to get things rolling as well.

You can download and burn the 3.2 Home version of ClarkConnect (or CC as it is commonly referred). When installing, you’ll be greeted by a variation of the old Red Hat Anaconda text installer. It’s relatively easy to follow and hardware detection is superb…although I’ve found some older computers (think 266Mhz 🙂 ) do have a bit of trouble with the newer kernel (2.6 branch). I’ll assume that you can get it installed and up and running. Please be advised that in order to route traffic on your LAN, you’ll need at least two Network Cards in the computer you’ll be installing ClarkConnect on (see requirements)…one for internal and one for external traffic. Please also be advised that if you do install ClarkConnect onto a computer, it will wipe the entire hard disk of all operating systems. After installing, point your browser in a computer on your LAN to the IP address you assigned CC during install (should be an internal IP address). So you’d point your browser to https://192.168.1.X:81. The port number 81 and https are important…81 isn’t a standard web port and https means this is a secure transaction of information.

You should be greeted by the dashboard screen. –>

The dashboard tells you what your two (or how ever many you have) interfaces are (LAN and External Internet, DMZ, whatever) as well as gives you the opportunity to set languages, set system time, and see a quick overview of current intrusion attempts. Navigating to other areas is a snap with the menu bar at the top of the screen.

Updates

First, let’s move over and update the system. To do this, we’ll have to register with Point Clark Networks (who develop ClarkConnect) using their built in registration. Registering gives you a dynamic domain name (yourname.pointclark.net but hey, it’s automatically configured and allows you remote access to your box from the outside world). You can also piece together other services should you decide to purchase them. Of course, since I use the home version, I choose only the dynamic DNS service which is free so that I can connect from work to my box at home. So, back to updating the system. After you register, click on the sidebar item “Critical Updates”. Any updates that are critical to the system, including kernel patches, will update themselves here. To install the updates, turn off your popup blocker for this site, toggle the checkmarks, and click “go”. A window will pop up and show you apt-get progress. Close it when it states it is done. Feel free to browse other updates and install them at any time.

It’s important to note that all updates are pushed through this interface. This includes major updates to new versions as well. Updating to new versions is therefore extremely easy. The upcoming ClarkConnect 4.0 release is currently in beta and ClarkConnect is looking to release this in the very near future. Look for some new packages including Horde Webmail, Kollab groupware, ClamAV, and others.

Another handy thing that ClarkConnect does is keep track of those patches you’ve installed (as long as you go through the services tab on this webconfig). You can also update via apt and the shell (soon to be yum with the next release 4.0)…I use putty to connect via SSH to the box and update from time to time. You can cycle through other updates as well and even see some of the handy community contributed modules. Install any you’d like and head to the various resources that clarkconnect has to get you started such as the forums, the newbie guide, and Ya-FAQ.

Users
To take a look at the users present and to have control over whether or not your users have shell accounts available, etc. Head over to the users tab. Here you have ultimate control over all the users on your system. This makes it handy in situations where you’d like to setup a user for VPN but don’t want that user to have a shell account (for security reasons). I leave one user and make the password as complex as I possibly can. I also change the password about once every 3 months to keep things secure. Whatever your security policy is, the web interface makes things easy to administer and easy to use.

Reports

Now that we previously updated the system, let’s take a look at the overview of all hardware. Click on the reports tab and make sure “current status” is selected. This gives us a graphical overview of all hardware and current performance. As you can see from the screenshot, you don’t need a fast computer to power your ClarkConnect install (pictured is my emachines Celeron 900). I’ve had over 194 days of uptime with this current install of ClarkConnect (version 3.2). I don’t see any reason why it won’t continue other than a hardware fail. Overall, ClarkConnect is stable, secure, and the most handy server distro I’ve ever used. I trust it so much after using it these years as my main workhorse server that I’m prepping to start a side business installing and configuring ClarkConnect boxes for small businesses. Point Clark Networks is doing a great job helping small businesses have the functionality they need at an affordable price. Anyway, back to the review.

Back to the reports tab; In reports, you’ll be able to check out all the logs on your server. This makes reading logs less of a hassle and something you can do without cracking the shell.

Services

Click the services tab. In this view, we should be defaulted to “Running Services” which is the handiest page in the admin section. Here you will find a service listing of all the system services/software that can be toggled “on” the CC box. You can start, stop, enable at boot, or disable at boot any single service you see in this view. The color scheme will tell you what is enabled (Green) and what service is disabled (red). Take a look to make sure you have running what you need to have running…since CC defaults are safe, we can leave everything as it is or turn on whatever it is we need.

Backups

Next, let’s make a quick backup snapshot of all our settings. You can do this by staying in the services tab and clicking “backup/restore”. From there, you can backup all your settings in CC. This is handy if, like me, you’re thinking of starting a business. One click snapshots means less configuring. It also makes things nice if you are planning on reinstalling. You can take this backup snapshot you’re creating and upload it to a fresh install to restore settings. Please be advised though that this backup is configuration files only (in /etc and /usr) and only for CC default apps. If you install something else, CC won’t backup that install without hacking.

Proxy Server

How about setting up a transparent proxy server to speed up your web browsing? Point Clark and CC have you covered in a couple of point-clicks. Head over to the Software tab. Select “Web Proxy” on the left side menu. From there, select the proxy to auto start if you’d like it to start at boot, then select to start the service. You can setup cache space, enable download size limits, and set maximum object size. Let’s set all to defaults for now…just make sure that if you plan on downloading larger files to set the maximum download file size to Unlimited. Also, if you want to use content filtering along with our transparent proxy, select “transparent + content filter” in the selection box titled “Transparent Mode.” You can clear your proxy out anytime by selecting “Reset Cache.”

Pop-Up Blocker

Now that you have the web proxy setup, let’s put the pop-up blocker on and look at content filtering. Select “Banner/Pop-up Blocker” from the menu on the right. Start it up by clicking on the links (Autostart if you choose). That’s it! Pretty simple eh? Let’s move over to content filtering. Click on “Content Filter” on the left side menu.

Content Filter

Now CC will automatically update your blacklists for content management for you. However, you’ll have to upgrade to one of the service levels to do so. Since I’m a home user and someone who’s run DansGuardian (the content filter system they use) for quite some time…I do my updates manually and pass on the upgrade in service. Point Clark networks has no problem with this, they simply have this in place to cater to their business clients to provide no-hassle management of their servers. Let’s get our update in place. Head over to the folks at URLBlacklist.com, specifically their download section. Download the bigblacklist.tar.gz. This is a one time free download for personal use. This is an up to date blacklisting that we can drop into our dansguardian directory to make sure that it is running with the latest and greatest. Drop all the contents of bigblacklist.tar.gz inside the /etc/dansguardian/blacklists directory. Remember, you will need to either purchase a subscription through dansguardian, urlblacklist.com, or go with purchasing the personal gateway service through clarkconnect to have a completely updated dansguardian blacklist. I’ve found that I don’t really need an up to date box…it does quite nicely on it’s own and I can add and remove sites as I see fit. Plus, you can do well to check out dmoz and their urlblacklists for squidguard which translate nicely into dansguardian (for advanced users only). You can enable dansguardian with a couple of clicks and set options for it on the Software Tab >> Content Filtering Menu.

Network

Now that we’ve seen some of the wizbang features built into ClarkConnect, let’s take a look at the rest of the tabs. You can see from the screenshot to the left of this paragraph that there is plenty other software that you can configure in CC, but let’s move over to the other tabs to show you just what you can control using the web interface. Click on the “Network” tab. ClarkConnect can operate in gateway mode (which is ‘router’ style mode with ipmasquerading, etc.), DMZ mode if you want to have a DMZ (demilitarized zone), standalone with firewall, and standalone without firewall. You can set these anytime you’d like to and control all of your network interfaces here. You can also go straight to DHCP configuration which will allow your CC box to give computers connected behind it a network address.

One thing that is a definitive plus for CC is the firewall manager. You can control incoming, outgoing, and port forwarding all from the web interface. I specifically like the group manager. Why? Because it is handy if I want to use torrents, I setup a group to open up ports 10000-60000 and forward to my desktop behind my CC box. When I’m done, I turn it off by disabling that group of rules. Handy eh?

Intrusion Detection/Prevention

Also contained in the network tab is intrusion detection and intrusion prevention. I enable both of these but will enter into the intrusion prevention exempt list my work IP address and all the addresses of my LAN. That way I don’t have my CC box thinking that I’m trying to break in and dropping my connections to it as I test things or connect to it using various methods (ftp, ssh, web, vpn, etc). Intrusion detection rules can be updated through Point Clark Networks by upgrading to gateway service level to SOHO which is around $10 USD a month. I just enable mine and let it go :D. Seems to do a fine job using the default rules and as long as I keep a watchful eye on my firewall rules, I’m just as safe as if I had a Security Enhanced Linux Fedora box running things. To read your intrusion detection and prevention logs, head over to your reports tab and then select the appropriate area on the left.

Bandwidth Management

One other area of interest here in the network tab is bandwidth management. Select “Bandwidth” from the left menu area. In this menu, you can enter in upload and download limits for bandwidth and take control of your network. Very handy if you have a multiple computer LAN and a teenager that downloads EVERYTHING. Play around with the settings and when you’re satisfied, let’s cinch things up with samba, ftp, and webserver.

Samba

CC comes ready to operate as a PDC (Primary Domain Controller) for your LAN. If you only operate a small LAN (1-2 computers) having a PDC is really for bragging rights only. Instead, you might want to configure your samba shares using CC’s handy web interface. Head over to the “Software” tab and click “Windows File Sharing”. ClarkConnect has common shares already in place for you. You can enable these or disable them. You can even add your own. It’s up to you. Starting samba is once again just a point click away. There is also an advanced setup option for those of you who are a bit more experienced with samba.

Personally, I don’t use the samba interface from ClarkConnect. I instead use Network Attached Storage which automatically is detected on my network by all my desktops (easy as connecting to another PC) so I haven’t found the need to implement samba on my CC box. In the future, when I expand to include a computer for my son, I will implement a PDC with roaming profiles so that all settings are backed up to ClarkConnect. Thus, if a computer fails, I still have all settings saved server side.

We’ve covered a varying amount of information in this review and I won’t cover everything that CC has to offer either. But two other areas I wanted to discuss was ftp and webserver. CC uses proftp for their ftp server and apache 2 for their webserver. One thing I’ve found of value for the webserver (which I’ll discuss first) is their virtual host creator.

FTP and Webserver

The webserver interface is handy. Very handy. You can enable SSL for Apache by toggling a setting. You can setup a virtual host by typing in the webaddress. Dead easy. I’ve found that setting up virtual hosts via this interface is better than doing so through webmin because it configures all defaults for you a bit better than webmin does. No idea why, but I’ve had trouble with webmin in the past with vhosts. I usually create a vhost with CC on their web server interface…such as linuxblog.sytes.net shown in the picture. This was my old blog location when I hosted it at home (2004 with CC 2.2 I think). I now have a virtual host setup so that all requests for linuxblog.sytes.net go through my CC box…I’ve written a rewrite rule to forward all traffic from the old blog to this current blog. Handy and easy with ClarkConnect. Like I said, I create the vhosts with CC and then hand them off to webmin for more detailed configuration. It’s important to note that you can install webmin through your “services” tab.

If you notice in the picture in the previous paragraph, I have linuxblog.sytes.net as a virtual host. I use the no-ip service I previously blogged about to register this name. If you plugin the topic to that article with a ClarkConnect install…you can see that they’d be a fine fit together and that you can have your own webserver running in a matter of minutes. Put that together with Gallery, which CC is bundled with, and you’ve got yourself a family photo album!

Lastly, let’s look at the ftp server in CC. Click on the “Software” tab and then select “ftp server” from the menu on the left. You are a few clicks away from having a fully operational ftp server. Change the details you’d like to using the form provided by the web interface, then click to start and autostart the service. By default, CC shares /var/ftp. It is also open to anonymous connections. You’ll have to edit /etc/proftpd.conf to your liking to get your ftp server up and operational for other directories and users. Please see the proftp homepage for more details.

Summary

We’ve taken a semi-detailed look at ClarkConnect Home Edition 3.2 and how you can benefit both from the vast amount of software/programs already enabled on it and the ability to have an up and running router/server in as little as 30 minutes. Combine this with my previous article on using a no-ip domain and there isn’t any reason why you shouldn’t be able to show off a gallery or ftp server to your friends and relatives. If you have any problems, please head over to the ClarkConnect forums and ask…but not before using their search tool to see if the topic has been covered. As previously stated, there are two websites you can also connect to Ya-FAQ and the Newbie Portal. These two sites can provide you with good info as well as How-Tos made by the community.

I’d also like to take the time to let everyone know that I am in NO WAY being compensated for this article. I’ve used the software for quite some time and felt that I might be able to repay the people at Point Clark Networks by giving them props through this review. Whenever a new user is looking for a quick server oriented distribution, I always point them to ClarkConnect. In my opinion, it is the best distro out there to have for your home LAN. Hopefully, you’ll give it a test drive and come to the same conclusion.

Bringing Linux to Work – Portal Part 3

Ubuntu just doesn’t want to be chosen for me. I’ve had nothing but problems with it since I started going on it. I decided that it would be easier to use Ubuntu (1 disk install, apt-get abilities) to house the in house Intranet portal page here where I work. However, I didn’t count on Ubuntu having so many problems.

The first of many problems was mod_ntlm. This Apache module WILL NOT compile on my server. I emailed someone who actually got this to compile in Ubuntu and asked for how they got it to work, implemented their changes in the .c file, yet still couldn’t get it to compile. This reason alone is enough for me to not use it. But there are more reasons still that Ubuntu doesn’t do it for me.

The second reason is going cold. What I mean by going cold is that it almost froze up. For example, it would take over an hour to run apt-get update, about the same to run apt-get upgrade (depending on downloads) and even 20 minutes to do a standard ls -al | grep keyword command. After a reboot everything was fine. This led me to believe that some sort of power saving module was kicking in. So I removed all power saving modules, recompiled a kernel from scratch, turned off all BIOS power saving items, crossed my fingers and rebooted. Even with all of these actions, Ubuntu still went cold after a day of uptime. This is on an IBM NetVista P4 with 1 GB RAM. Ubuntu however will not be staying on any PC at my job due to the previous problems experienced.

I’ve got an exact match of this machine to provide backup for it so I’ve simulataneously been using CentOS to experiment around with it. There’s a reason that Red Hat is the leader in the server arena…because they get it done and provide a fantastically stable Linux environment. CentOS is repackaged Red Hat Enterprise Linux and it is fantastic. So from this point on, Ubuntu will not be actively developed on by myself…I’ll be using CentOS from this point on. Which leads me to the decisions I’ve been trying to come to.

I’ve been trying to find a good portal CMS that can house documents and provide news announcements for my department. No chat is needed…no forums…just a repository for docs. With all of this being said, I need to provide a flexible solution to house these documents as well because who knows what the director will come back and say. Perhaps tomorrow he’ll change his mind and want to have all documentation developed and worked on in Sharepoint and all reports to go on our intranet page. So I need flexibility if I’m going to get a CMS running on Linux and I need it to be stable so I can show tangible results to upper managment. Otherwise, they’ll continue to go with what has been working for them…and that is Windows.

Continue reading “Bringing Linux to Work – Portal Part 3”

Brining Linux to Work – Portal Part 1

Beginning this month, I’ll be attempting to infuse my place of work with Linux. I am an new Applications Analyst and resident AIX/Linux expert for a government agency that lives and breaths Microsoft. I feel that Open Source software, mainly, Linux…can be a great addition to this agency. I’ll be documenting my attempts here while I go along. If you have tips, tricks, solutions, advice or supportive comments…please respond in kind.


You’ve Got to Start Somewhere…

Recently, I’ve been investigating portal applications (CMS portals) for an intranet server at work. The portal will act as a document repository and project status report tool. It needs to plug into the framework we have in place currently…which is a Windows 2000 Active Directory environment. Instead of powering this with IIS or WinXp with Apache…I’ve elected to go with Linux and Apache. However, I didn’t really investigate much to figure out if this would be a possibility. Problems were rampant and still are. Allow me to explain.

I’ve been given the requirements that any intranet page must be single sign on, meaning that when a user visits the page, they don’t have to login…they’re simply there and logged in already. This can be done using the apache ntlm module. I can also pass this parameter using Tomcat and JOSS with php. However, the ntlm module won’t compile on Ubuntu or SuSe and hence won’t install. So, that took away my top two choices for Linux distros (not to mention, caused me to waste 2 days of time). JOSS requires that I write and plugin my own php script which is something I don’t want to do currently. So I’m back at square one. I’ve changed direction and am instaling CentOS 4 currently…we’ll see where that takes me. I’ve had more luck with CentOS as a server (my server at home has around 120 days for uptime currently and runs CentOS at its core).

Continue reading “Brining Linux to Work – Portal Part 1”

Distributed Bugs-R-Us

I have a decent idea for an open source application. This could be one of the most important pieces of software to assist open source in a long time. I don’t have ideas often for software apps but when I do, normally they’re good ones.However, I don’t have the expertise to program this either. The only thing I have is an idea for bugtracker software…and it operates on the distributed journalism model of digg.

The idea was inspired by the article “10,000 bugs away from World Domination“, specifically these few words:

“My diagnosis is that the problem with Linux is that it doesn’t have anyone pushing to get the newbie bugs fixed first. At Microsoft, we had Program Managers and one of their responsibilities was to be customer advocates to prioritize the bugs for the devs to fix. In many open source groups, it sometimes appears that bugs get fixed when the dev decides to work on it, not because an important user scenario is broken. The Wi-Fi tool was broken in Gnome for any months, but the bugs just sat there languishing in the database. Microsoft or Apple would not have shipped a Wi-Fi UI that was completely broken in that way.”

The author is 100% correct. And since open source communities don’t have program managers that can focus the time needed to prioritize bug fixes, we can make the community become that program manager. Read on for specifics on how to do this.

Continue reading “Distributed Bugs-R-Us”

Why Open Source Isn’t Succeeding

“It’s not the big that beats the small; it’s the fast that beats the slow.” Niklas Zennstrom

There was a time early in the dawn of computers where .edu’s and .orgs co-mingled ideas and thoughts via IRC and newsgroups in a conducive and non-proprietary way. The great ideas that were born from this still thrive today in the form of RFC’s, Internet Standards, Protocols, and other surges of genius that sprung from these beginnings.

Lately however, certain things have begun to become apparent. Proprietary software vendors have locked the advancement of technology. This is to be expected. The open source movement is in full swing to counteract that. The only problem with the open source movement is in trying to counteract this huge pendulum and swing it from closed source proprietary toward a multi-source, multi-national technological advancement (for the gain of mankind and not company kind). Instead, open source has begun to push the stone uphill on it’s own without assistance from the VERY companies that take from it.

The bottom line is that companies will take from open source without any inhibitions at all. But when it comes to defending that which they take, they shrivel into the shadows and hope no one notices them. Companies are not in symbiosis with open source…oh sure, some of them might be sympathetic to open source. As we’ve seen with the Linux Core Consortium, companies will pledge their favor but not their resources. But until ALL companies that take from open source give back through REAL support (financial or otherwise)…they’ll continue to be identified as an entity that takes from another without providing anything in return. The word for that is PARASITE.

Companies that take from open source without giving back are a parasite to open source; they are killing it from within. The bad part about this is that we are helping this parasite…even applauding what it is doing. Many of us cheer when company X converts 250 computers to Novell or RedHat…but that isn’t open source anymore! They’re companies who happen to use Linux…they’re just not pure open source no matter what their beginnings are or were. The support and recognition go to Novell and Redhat…the financial gain goes to those companies and not back into open source. Sure, they provide some packages and free-for-home-use downloads and other niceties to try and counteract things…but open source still loses. It loses because there are more takers than givers.

Open source advocates shouldn’t be cheering when company X converts 250 computers it has to Novell or Redhat because they’re just cheering for the company. Even when Linux becomes THE accepted alternative for business and enterprise applications we should refrain from cheering companies such as Redhat and Novell because the money they earn doens’t go back into open source…and the name they make for themselves…does nothing for open source. No matter how hard they try, they’ll always take more than they give.

Some of you might be saying, “But the simple fact is that when Company X converts to Linux, they are embracing Linux in general…not just the company that sells it. This means that they’ll open up more to open source programs such as OpenOffice and Firefox”. Perhaps. But I’d be more willing to believe that company X won’t do ANYTHING that the vendor who provided them with Linux advised against…especially if warranty and license prevent it. So if said Linux vendor who provided them with 250 Linux desktops decided they didn’t want Company X to use OpenOffice…that company wouldn’t use it. The power of choice has been removed.

Until companies aren’t afraid to offer FULL and unadulterated support for Linux (LSB 2.0 standard or the Linux Core Consortium) and free open source software, the open source movement will not succeed.

Creative Commons License
Except where otherwise noted, the content on this site is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.