Distros have changed. In the past, they were made up of a small, tightly knit group collaborators working toward a common goal. With distributions today we now have an informal, large group of collaborators…some of which may not even be aware of the main goal of the distro. That informal collaborator may just want package foo version 2.2 included in his/her distribution so that he/she can use it on their desktop. How does that informal collaborator become empowered? How can the developers reap what that collaborator sows and harness the collective collaboration of thousands of informal contributors? The answer for many software projects is version control. But how can this system benefit package management?

What If?

What if you could combine SVN/CVS/git behavior and packages? What if when you build the package properly, it is checked into the software development tree. You’d be eliminating an entire step in the process (i.e. working more efficiently) and you’d reap all the benefits of version control (diff, merge, shadow, exports, rollbacks, tags, logs) with the actual software packages without losing the benefit of working with source or binaries. Thousands of contributions could be made in the form of ready to install packages that are CERTIFIED (see how this is possible later in this post) to work on the distribution. The contributions would come in on a version control branch designed by the distribution developers…say 1-contribs (much like a contribs rpm server would be)…but unlike most distributions, they would be certified to run on your distro before they even hit the contribs server/branch. Imagine the impact that this would have for bug testing alone.

Sound too good to be true? It’s not. It’s Conary and it is getting ready to go to version 2.0. Let’s take a look at some advantages that conary has over traditional package management and how it can empower the end user.

What Are The Advantages?
In standard distro land, packages are tracked by version/name. If you packaged wget 1.0.12, your package would include this version string in the name. What if someone else packages that same software up and names it something different than you did? What does this package with name wget-1.0.12-suse93-i586.rpm have as an advantage over wget-1.0.12-suse9.3-i586.rpm? As you might be able to tell, this is hard for a package management system to understand concepts of older or newer packages and what should be installed on a system. There is no automatic solution to this process in standard distro land. This is done manually by a developer. The developer selects which version of a package is included in the repository.

Regardless, relying on a name that is manually created and given means that dependency resolution with most distributions will break sometime. Repositories end up with version clashes, missed/overlooked patches, clashing names in between distros for the same package. A disconnect opens up between those developers working with packages…not just packages for a single desktop environment but various ones (KDE, Gnome, Openbox) because the only thing that connects them is a SVN or CVS tree. Updates to one branch do not always make it upstream. With conary, this problem is solved. It works using a distributed version tree and therefore changes always flow upstream from various branches that don’t have to be located in the same place as in traditional version control systems.

Ever done an apt-get upgrade and had only half of the packages install before a failure occurs? You may have a broken xorg after that half update was applied. In rpm land, if I updated and didn’t get through all my package installs I may end up with missing dependencies and a broken system. With Conary this NEVER happens. If an update will break the system, Conary automatically rolls back the changes so that your system is in the EXACT state it was when you began the update. This behavior is built into the package manager and happens automatically during attempted updates/upgrades. It can also be manually done to return to a state that existed before the update.

As an example, have you ever installed a group of software from a development/testing repository that you don’t want installed anymore? Don’t want to go through logs to find out what group of software you installed? Can’t remember each and every package name? With conary simply do a sudo conary rollback # where # is the number of updates you want to rollback to and conary will return your desktop to the state it was before that update.

More advantages…let’s say you’re out on rpmbone.net and you’re searching for the latest release of KAlbum. Which one do you pick out of the results

? If you see your distro represented, great! You’re set…until you need to update from that version. Will you remember what repository you got your software from so that you can get future updates? Will you add this repository to your repository sources list? This being the case you’re going to get a whole lotta updates from that new source unless you do some heavy pinning. Wouldn’t it be great if you didn’t have to remember? Wouldn’t it be great if your package manager would manage this for you as well? Conary does this lifting for you. If you install a conary package from a different conary repository, it REMEMBERS for you where you got it. No alteration of sources because there isn’t a sources file. There isn’t a list of repositories to manage. Conary remembers where all your software is from and tracks this as part of the version control.

Let’s say you roll your own rpm and make it locally on your own build environment. Upstream, the package you built is updated to a version above the local rpm/deb you’ve installed. It installs automatically over the top of your change when you update. With conary, this wouldn’t happen…it tracks local installation of conary packages as well and preserves them if you so desire.

There are countless other advantages that I won’t go into here. The advantages that I went over are meant to support the main point of this post which is that you can get more done by combining package management with version control. This turns one developer into many and allows for many collaborators to contribute certified packages into a distributed version tree repository. This is working smarter and not harder.

More Information on Conary

Certified Packages

Knowing as a developer that you’re getting a CERTIFIED version of a package onto a contribution server is a huge amount of stress relief. Certification occurs with the tool rMake, which “facilitates building packages consistently across computers with dissimilar environment”. If you click on the link to the rMake page, you’ll see plenty of the benefits of using such a tool to package software. rMake creates a chroot

and installs the package you are building in that chroot. Since a chroot is a pristine and unaltered environment, all packages can be certified to run in that pristine and unaltered environment. When a package is committed to a conary repository, you KNOW that it worked inside a chroot on a conary based system. Therefore, you have less to worry about with system conflicts. You’ll be able to build and test packages BEFORE they’re even committed to the repository.

With rMake, you don’t have to worry if that package will run on your distro…you only have to worry about the possibility of unforeseen conflicts…package foo won’t drop its use of dbus for package bar and package bar fails…and package bar was just contributed by Joe Schmoe onto your contribs server. This is what distributions SHOULD be allowed to concentrate on…conflicts between packages on an installed system and not dependency resolution or patch management. The place where developers work on conflicts should not be the packages themselves or the repository…it should be the users’ desktop.

Empowerment

Taking the worry that a package committed to the repository won’t work away, developers can empower users. Empowerment is a powerful tool in open source. Often times, a user of desktop linux becomes soured when he/she realizes that something doesn’t fit exactly what they want. For example, Joe Schmoe may want a software suite that isn’t included in the distributions repository. Should they learn how to roll an rpm or package a deb to do this? Can they? Will the developers trust the package when or even if it is submitted to the contribution server? Most likely not.

When Joe created his package, he created it on his local system. Dependencies that are unforeseen will be present in that package because Joe’s system differs from other installed systems. He didn’t package and test with a chroot to make sure that all his dependencies were resolved before submitting his package to the contribution server. If Joe were using Conary and rMake, developers wouldn’t have to worry about whether his package were up to where it needed to be…because in order for him to commit it to the contribs server it would have to have all dependencies resolved and would have to be built in a chroot before it is even submitted.

The ability to package and contribute packages is therefore available to standard users. The package is also IMMEDIATELY available for consumption by that end user…no waiting period for it to trickle down into stable…it was already stable when contributed. When it changes from 1-contrib to 1-devel, conary automagically tracks that move and updates from 1-devel in the future. It’s that smart. Developers are still in the driver seat and can control the overall flow of packages in the repository…the power still rests with them. But conary does all the lifting for them and often times the developer finds themselves letting conary manage things.

Imagine KDE and Gnome desktop distro developers working side by side and sharing fixes/patches and packages of common shared software…remember, with conary repositories, all changes can be seen by both development trees (KDE and Gnome) so the changes are automatic when put in place. Instead of having to push that fix to both branches of software, conary allows for fixes to be automatic between the two desktop development branches.

Work smarter, not harder. Conary can be an incredible tool that can empower users to contribute and merge different development trees seemlessly between various versions of software. Is there a learning curve? Of course! If you don’t know or understand the concepts of version control, you’ll have a bit of an uphill climb when learning conary. When learning to package, you’ll have to understand some of the classes and superclasses that are passed down so you can take advantage of not reinventing the wheel with each package you roll.

Thoughts on Package Management originally appeared on Yet Another Linux Blog on December 12, 2007.

ClarkConnect is based on CentOS 4.X and offers a very robust set of tools organized into easy to navigate administration pages. The administration pages are very similar to those that you would find with IPCOP and Smoothwall. However, ClarkConnect throws in extras such as the ability to use Samba and set it up as a PDC (Primary Domain Controller), 2 click updates, a caching dns server, a transparent proxy to speed up web surfing, a pop up blocker built into the proxy, dansguardian with blacklisting, online log viewer…there just is a list of features WAY to long to list here. So I’ll link to the features page and you can read a few more things for yourself. Also, if you’re wondering Point Clark Network’s take on community and open source, please read this page. They’re committed to community AND open source.

I started using ClarkConnect at version 2.0. Back then, they used Red Hat Linux as their base. Today, they’ve ported over to CentOS packages…which are Red Hat Enterprise Linux binaries repackaged by the CentOS project. All in all, I’ve been extremely pleased with the performance and handy web interface ClarkConnect provides which enables me to monitor my home network from afar. One thing that truly impresses me is that the home version remains free and open source despite the rise in business that ClarkConnect is currently enjoying. The people at Point Clark networks have a strong sense of community and they are continuously helping in the forums. They are to be commended for keeping this version available to home users! Any problems you might have with CC can be and will be addressed in the community forums. If you get lost or need to understand something better at anytime, please check the userguides at clarkconnect.com. You can also download the Quickstart Guide to get things rolling as well.

You can download and burn the 3.2 Home version of ClarkConnect (or CC as it is commonly referred). When installing, you’ll be greeted by a variation of the old Red Hat Anaconda text installer. It’s relatively easy to follow and hardware detection is superb…although I’ve found some older computers (think 266Mhz ) do have a bit of trouble with the newer kernel (2.6 branch). I’ll assume that you can get it installed and up and running. Please be advised that in order to route traffic on your LAN, you’ll need at least two Network Cards in the computer you’ll be installing ClarkConnect on (see requirements)…one for internal and one for external traffic. Please also be advised that if you do install ClarkConnect onto a computer, it will wipe the entire hard disk of all operating systems. After installing, point your browser in a computer on your LAN to the IP address you assigned CC during install (should be an internal IP address). So you’d point your browser to https://192.168.1.X:81. The port number 81 and https are important…81 isn’t a standard web port and https means this is a secure transaction of information.

You should be greeted by the dashboard screen. –>

The dashboard tells you what your two (or how ever many you have) interfaces are (LAN and External Internet, DMZ, whatever) as well as gives you the opportunity to set languages, set system time, and see a quick overview of current intrusion attempts. Navigating to other areas is a snap with the menu bar at the top of the screen.

Updates

First, let’s move over and update the system. To do this, we’ll have to register with Point Clark Networks (who develop ClarkConnect) using their built in registration. Registering gives you a dynamic domain name (yourname.pointclark.net but hey, it’s automatically configured and allows you remote access to your box from the outside world). You can also piece together other services should you decide to purchase them. Of course, since I use the home version, I choose only the dynamic DNS service which is free so that I can connect from work to my box at home. So, back to updating the system. After you register, click on the sidebar item “Critical Updates”. Any updates that are critical to the system, including kernel patches, will update themselves here. To install the updates, turn off your popup blocker for this site, toggle the checkmarks, and click “go”. A window will pop up and show you apt-get progress. Close it when it states it is done. Feel free to browse other updates and install them at any time.

It’s important to note that all updates are pushed through this interface. This includes major updates to new versions as well. Updating to new versions is therefore extremely easy. The upcoming ClarkConnect 4.0 release is currently in beta and ClarkConnect is looking to release this in the very near future. Look for some new packages including Horde Webmail, Kollab groupware, ClamAV, and others.

Another handy thing that ClarkConnect does is keep track of those patches you’ve installed (as long as you go through the services tab on this webconfig). You can also update via apt and the shell (soon to be yum with the next release 4.0)…I use putty to connect via SSH to the box and update from time to time. You can cycle through other updates as well and even see some of the handy community contributed modules. Install any you’d like and head to the various resources that clarkconnect has to get you started such as the forums, the newbie guide, and Ya-FAQ.

Users
To take a look at the users present and to have control over whether or not your users have shell accounts available, etc. Head over to the users tab. Here you have ultimate control over all the users on your system. This makes it handy in situations where you’d like to setup a user for VPN but don’t want that user to have a shell account (for security reasons). I leave one user and make the password as complex as I possibly can. I also change the password about once every 3 months to keep things secure. Whatever your security policy is, the web interface makes things easy to administer and easy to use.

Reports

Now that we previously updated the system, let’s take a look at the overview of all hardware. Click on the reports tab and make sure “current status” is selected. This gives us a graphical overview of all hardware and current performance. As you can see from the screenshot, you don’t need a fast computer to power your ClarkConnect install (pictured is my emachines Celeron 900). I’ve had over 194 days of uptime with this current install of ClarkConnect (version 3.2). I don’t see any reason why it won’t continue other than a hardware fail. Overall, ClarkConnect is stable, secure, and the most handy server distro I’ve ever used. I trust it so much after using it these years as my main workhorse server that I’m prepping to start a side business installing and configuring ClarkConnect boxes for small businesses. Point Clark Networks is doing a great job helping small businesses have the functionality they need at an affordable price. Anyway, back to the review.

Back to the reports tab; In reports, you’ll be able to check out all the logs on your server. This makes reading logs less of a hassle and something you can do without cracking the shell.

Services

Click the services tab. In this view, we should be defaulted to “Running Services” which is the handiest page in the admin section. Here you will find a service listing of all the system services/software that can be toggled “on” the CC box. You can start, stop, enable at boot, or disable at boot any single service you see in this view. The color scheme will tell you what is enabled (Green) and what service is disabled (red). Take a look to make sure you have running what you need to have running…since CC defaults are safe, we can leave everything as it is or turn on whatever it is we need.

Backups

Next, let’s make a quick backup snapshot of all our settings. You can do this by staying in the services tab and clicking “backup/restore”. From there, you can backup all your settings in CC. This is handy if, like me, you’re thinking of starting a business. One click snapshots means less configuring. It also makes things nice if you are planning on reinstalling. You can take this backup snapshot you’re creating and upload it to a fresh install to restore settings. Please be advised though that this backup is configuration files only (in /etc and /usr) and only for CC default apps. If you install something else, CC won’t backup that install without hacking.

Proxy Server

How about setting up a transparent proxy server to speed up your web browsing? Point Clark and CC have you covered in a couple of point-clicks. Head over to the Software tab. Select “Web Proxy” on the left side menu. From there, select the proxy to auto start if you’d like it to start at boot, then select to start the service. You can setup cache space, enable download size limits, and set maximum object size. Let’s set all to defaults for now…just make sure that if you plan on downloading larger files to set the maximum download file size to Unlimited. Also, if you want to use content filtering along with our transparent proxy, select “transparent + content filter” in the selection box titled “Transparent Mode.” You can clear your proxy out anytime by selecting “Reset Cache.”

Pop-Up Blocker

Now that you have the web proxy setup, let’s put the pop-up blocker on and look at content filtering. Select “Banner/Pop-up Blocker” from the menu on the right. Start it up by clicking on the links (Autostart if you choose). That’s it! Pretty simple eh? Let’s move over to content filtering. Click on “Content Filter” on the left side menu.

Content Filter

Now CC will automatically update your blacklists for content management for you. However, you’ll have to upgrade to one of the service levels to do so. Since I’m a home user and someone who’s run DansGuardian (the content filter system they use) for quite some time…I do my updates manually and pass on the upgrade in service. Point Clark networks has no problem with this, they simply have this in place to cater to their business clients to provide no-hassle management of their servers. Let’s get our update in place. Head over to the folks at URLBlacklist.com, specifically their download section. Download the bigblacklist.tar.gz. This is a one time free download for personal use. This is an up to date blacklisting that we can drop into our dansguardian directory to make sure that it is running with the latest and greatest. Drop all the contents of bigblacklist.tar.gz inside the /etc/dansguardian/blacklists directory. Remember, you will need to either purchase a subscription through dansguardian, urlblacklist.com, or go with purchasing the personal gateway service through clarkconnect to have a completely updated dansguardian blacklist. I’ve found that I don’t really need an up to date box…it does quite nicely on it’s own and I can add and remove sites as I see fit. Plus, you can do well to check out dmoz and their urlblacklists for squidguard which translate nicely into dansguardian (for advanced users only). You can enable dansguardian with a couple of clicks and set options for it on the Software Tab >> Content Filtering Menu.

Network

Now that we’ve seen some of the wizbang features built into ClarkConnect, let’s take a look at the rest of the tabs. You can see from the screenshot to the left of this paragraph that there is plenty other software that you can configure in CC, but let’s move over to the other tabs to show you just what you can control using the web interface. Click on the “Network” tab. ClarkConnect can operate in gateway mode (which is ‘router’ style mode with ipmasquerading, etc.), DMZ mode if you want to have a DMZ (demilitarized zone), standalone with firewall, and standalone without firewall. You can set these anytime you’d like to and control all of your network interfaces here. You can also go straight to DHCP configuration which will allow your CC box to give computers connected behind it a network address.

One thing that is a definitive plus for CC is the firewall manager. You can control incoming, outgoing, and port forwarding all from the web interface. I specifically like the group manager. Why? Because it is handy if I want to use torrents, I setup a group to open up ports 10000-60000 and forward to my desktop behind my CC box. When I’m done, I turn it off by disabling that group of rules. Handy eh?

Intrusion Detection/Prevention

Also contained in the network tab is intrusion detection and intrusion prevention. I enable both of these but will enter into the intrusion prevention exempt list my work IP address and all the addresses of my LAN. That way I don’t have my CC box thinking that I’m trying to break in and dropping my connections to it as I test things or connect to it using various methods (ftp, ssh, web, vpn, etc). Intrusion detection rules can be updated through Point Clark Networks by upgrading to gateway service level to SOHO which is around $10 USD a month. I just enable mine and let it go . Seems to do a fine job using the default rules and as long as I keep a watchful eye on my firewall rules, I’m just as safe as if I had a Security Enhanced Linux Fedora box running things. To read your intrusion detection and prevention logs, head over to your reports tab and then select the appropriate area on the left.

Bandwidth Management

One other area of interest here in the network tab is bandwidth management. Select “Bandwidth” from the left menu area. In this menu, you can enter in upload and download limits for bandwidth and take control of your network. Very handy if you have a multiple computer LAN and a teenager that downloads EVERYTHING. Play around with the settings and when you’re satisfied, let’s cinch things up with samba, ftp, and webserver.

Samba

CC comes ready to operate as a PDC (Primary Domain Controller) for your LAN. If you only operate a small LAN (1-2 computers) having a PDC is really for bragging rights only. Instead, you might want to configure your samba shares using CC’s handy web interface. Head over to the “Software” tab and click “Windows File Sharing”. ClarkConnect has common shares already in place for you. You can enable these or disable them. You can even add your own. It’s up to you. Starting samba is once again just a point click away. There is also an advanced setup option for those of you who are a bit more experienced with samba.

Personally, I don’t use the samba interface from ClarkConnect. I instead use Network Attached Storage which automatically is detected on my network by all my desktops (easy as connecting to another PC) so I haven’t found the need to implement samba on my CC box. In the future, when I expand to include a computer for my son, I will implement a PDC with roaming profiles so that all settings are backed up to ClarkConnect. Thus, if a computer fails, I still have all settings saved server side.

We’ve covered a varying amount of information in this review and I won’t cover everything that CC has to offer either. But two other areas I wanted to discuss was ftp and webserver. CC uses proftp for their ftp server and apache 2 for their webserver. One thing I’ve found of value for the webserver (which I’ll discuss first) is their virtual host creator.

FTP and Webserver

The webserver interface is handy. Very handy. You can enable SSL for Apache by toggling a setting. You can setup a virtual host by typing in the webaddress. Dead easy. I’ve found that setting up virtual hosts via this interface is better than doing so through webmin because it configures all defaults for you a bit better than webmin does. No idea why, but I’ve had trouble with webmin in the past with vhosts. I usually create a vhost with CC on their web server interface…such as linuxblog.sytes.net shown in the picture. This was my old blog location when I hosted it at home (2004 with CC 2.2 I think). I now have a virtual host setup so that all requests for linuxblog.sytes.net go through my CC box…I’ve written a rewrite rule to forward all traffic from the old blog to this current blog. Handy and easy with ClarkConnect. Like I said, I create the vhosts with CC and then hand them off to webmin for more detailed configuration. It’s important to note that you can install webmin through your “services” tab.

If you notice in the picture in the previous paragraph, I have linuxblog.sytes.net as a virtual host. I use the no-ip service I previously blogged about to register this name. If you plugin the topic to that article with a ClarkConnect install…you can see that they’d be a fine fit together and that you can have your own webserver running in a matter of minutes. Put that together with Gallery, which CC is bundled with, and you’ve got yourself a family photo album!

Lastly, let’s look at the ftp server in CC. Click on the “Software” tab and then select “ftp server” from the menu on the left. You are a few clicks away from having a fully operational ftp server. Change the details you’d like to using the form provided by the web interface, then click to start and autostart the service. By default, CC shares /var/ftp. It is also open to anonymous connections. You’ll have to edit /etc/proftpd.conf to your liking to get your ftp server up and operational for other directories and users. Please see the proftp homepage for more details.

Summary

We’ve taken a semi-detailed look at ClarkConnect Home Edition 3.2 and how you can benefit both from the vast amount of software/programs already enabled on it and the ability to have an up and running router/server in as little as 30 minutes. Combine this with my previous article on using a no-ip domain and there isn’t any reason why you shouldn’t be able to show off a gallery or ftp server to your friends and relatives. If you have any problems, please head over to the ClarkConnect forums and ask…but not before using their search tool to see if the topic has been covered. As previously stated, there are two websites you can also connect to Ya-FAQ and the Newbie Portal. These two sites can provide you with good info as well as How-Tos made by the community.

I’d also like to take the time to let everyone know that I am in NO WAY being compensated for this article. I’ve used the software for quite some time and felt that I might be able to repay the people at Point Clark Networks by giving them props through this review. Whenever a new user is looking for a quick server oriented distribution, I always point them to ClarkConnect. In my opinion, it is the best distro out there to have for your home LAN. Hopefully, you’ll give it a test drive and come to the same conclusion.

ClarkConnect – Enterprise Linux for Your Home originally appeared on Yet Another Linux Blog on July 25, 2006.

The first of many problems was mod_ntlm. This Apache module WILL NOT compile on my server. I emailed someone who actually got this to compile in Ubuntu and asked for how they got it to work, implemented their changes in the .c file, yet still couldn’t get it to compile. This reason alone is enough for me to not use it. But there are more reasons still that Ubuntu doesn’t do it for me.

The second reason is going cold. What I mean by going cold is that it almost froze up. For example, it would take over an hour to run apt-get update, about the same to run apt-get upgrade (depending on downloads) and even 20 minutes to do a standard ls -al | grep keyword command. After a reboot everything was fine. This led me to believe that some sort of power saving module was kicking in. So I removed all power saving modules, recompiled a kernel from scratch, turned off all BIOS power saving items, crossed my fingers and rebooted. Even with all of these actions, Ubuntu still went cold after a day of uptime. This is on an IBM NetVista P4 with 1 GB RAM. Ubuntu however will not be staying on any PC at my job due to the previous problems experienced.

I’ve got an exact match of this machine to provide backup for it so I’ve simulataneously been using CentOS to experiment around with it. There’s a reason that Red Hat is the leader in the server arena…because they get it done and provide a fantastically stable Linux environment. CentOS is repackaged Red Hat Enterprise Linux and it is fantastic. So from this point on, Ubuntu will not be actively developed on by myself…I’ll be using CentOS from this point on. Which leads me to the decisions I’ve been trying to come to.

I’ve been trying to find a good portal CMS that can house documents and provide news announcements for my department. No chat is needed…no forums…just a repository for docs. With all of this being said, I need to provide a flexible solution to house these documents as well because who knows what the director will come back and say. Perhaps tomorrow he’ll change his mind and want to have all documentation developed and worked on in Sharepoint and all reports to go on our intranet page. So I need flexibility if I’m going to get a CMS running on Linux and I need it to be stable so I can show tangible results to upper managment. Otherwise, they’ll continue to go with what has been working for them…and that is Windows.

Some of you are probably saying, “just use OpenLDAP any distro”. Well, that would be just fine if my requirements were to use the LDAP database for user authentication making the user sign on one time only…however, stipulations for me were ZERO sign in…hence single sign on…they login to our domain here and then never have to login again. So, ntlm is the only way currently. Finding a CMS is up next.

I’ve looked at midgard but am thinking it is way to complicated. I just want a simple page that can act as a document repository. I’ve looked at and installed knowledgetree but there currently is no single sign on support at all so it is out of the question. I’ve looked at Zope and Plone and found it to be right along the lines of what I need. The problem I hit is that I have to use Apache to pass the ntlm to the Zope server…so it’s going to take some configuring (this is the #1 candidate right now though).

So does anyone out there have any idea of a CMS that can use SSO (Single Sign On) in a Win2k Active directory environment with minimal configuration (as this needs to go up in about 2 weeks)? I’m all ears. The next update should be my attempt to use CentOS with ntlm and apache/zope/plone.

Wish me Luck,

Devnet

Bringing Linux to Work – Portal Part 3 originally appeared on Yet Another Linux Blog on May 17, 2006.

You’ve Got to Start Somewhere…

Recently, I’ve been investigating portal applications (CMS portals) for an intranet server at work. The portal will act as a document repository and project status report tool. It needs to plug into the framework we have in place currently…which is a Windows 2000 Active Directory environment. Instead of powering this with IIS or WinXp with Apache…I’ve elected to go with Linux and Apache. However, I didn’t really investigate much to figure out if this would be a possibility. Problems were rampant and still are. Allow me to explain.

I’ve been given the requirements that any intranet page must be single sign on, meaning that when a user visits the page, they don’t have to login…they’re simply there and logged in already. This can be done using the apache ntlm module. I can also pass this parameter using Tomcat and JOSS with php. However, the ntlm module won’t compile on Ubuntu or SuSe and hence won’t install. So, that took away my top two choices for Linux distros (not to mention, caused me to waste 2 days of time). JOSS requires that I write and plugin my own php script which is something I don’t want to do currently. So I’m back at square one. I’ve changed direction and am instaling CentOS 4 currently…we’ll see where that takes me. I’ve had more luck with CentOS as a server (my server at home has around 120 days for uptime currently and runs CentOS at its core).

Some of you are probably saying, “just use OpenLDAP any distro”. Well, that would be just fine if my requirements were to use the LDAP database for user authentication making the user sign on one time only…however, stipulations for me were ZERO sign in…hence single sign on…they login to our domain here and then never have to login again. So, ntlm is the only way currently. Finding a CMS is up next.

I’ve looked at midgard but am thinking it is way to complicated. I just want a simple page that can act as a document repository. I’ve looked at and installed knowledgetree but there currently is no single sign on support at all so it is out of the question. I’ve looked at Zope and Plone and found it to be right along the lines of what I need. The problem I hit is that I have to use Apache to pass the ntlm to the Zope server…so it’s going to take some configuring (this is the #1 candidate right now though).

So does anyone out there have any idea of a CMS that can use SSO (Single Sign On) in a Win2k Active directory environment with minimal configuration (as this needs to go up in about 2 weeks)? I’m all ears. The next update should be my attempt to use CentOS with ntlm and apache/zope/plone.

Wish me Luck,

Devnet

Brining Linux to Work – Portal Part 1 originally appeared on Yet Another Linux Blog on May 8, 2006.

The idea was inspired by the article “10,000 bugs away from World Domination“, specifically these few words:

“My diagnosis is that the problem with Linux is that it doesn’t have anyone pushing to get the newbie bugs fixed first. At Microsoft, we had Program Managers and one of their responsibilities was to be customer advocates to prioritize the bugs for the devs to fix. In many open source groups, it sometimes appears that bugs get fixed when the dev decides to work on it, not because an important user scenario is broken. The Wi-Fi tool was broken in Gnome for any months, but the bugs just sat there languishing in the database. Microsoft or Apple would not have shipped a Wi-Fi UI that was completely broken in that way.”

The author is 100% correct. And since open source communities don’t have program managers that can focus the time needed to prioritize bug fixes, we can make the community become that program manager. Read on for specifics on how to do this.

The software itself would be a simple UI for bug tracking…it can be built on top of any number of current bugtracker softwares (ie mantis, bugzilla, bugzero). The kicker is this…make the bugs pop on a distributed list similar to digg where the community can read the bug, decide if it is something that should be addressed immediately or put on the shelf for a while, and vote accordingly. Then have the software prioritize bugs based on the number of votes received and the length of time since submission. Now I don’t have the specifics…just the main idea. But to me, this seems like a very decent idea because bugs that mean a lot to newbies would be fixed first and foremost if the UI were right and we could tie this into a CMS. Care would have to be given to doing it right where a strong community vote would determine the prioritization. Instead of the complicated explanation of what the bug is…the line could read what the bug effects. It is my opinion that this will help with categorization as well and duplicate bugs (they’ll attract the same amount of attention aka votes).

In the article, “10,000 bugs away from World Domination” (quoted above), the author hits a grand slam home run…if the top 1,000 bugs were fixed in the Linux Desktop, world domination may not be far behind.

If anyone thinks this idea for a distributed model bug tracker would work…and if you have the time to take it on…I will host the project for free on my servers and provide any CMS/bugtracker/groupware needed and will even assist with some management of the overall project. Please leave comments below if you are interested.

Distributed Bugs-R-Us originally appeared on Yet Another Linux Blog on April 10, 2006.

So what does it do? It’s pretty easy and straightforward. After you download & install the necessary files, open up an Xterm and use the following syntax to parse your command:

fansetup onemachine anothermachine user@yetathirdmachine

The command above opens up 3 xterm windows in addition to the local one you opened up. Now you type your command in the original and watch as the command is mirrored in the other xterm windows. Making quick changes to smb.conf files works like a top. If you want to know the uptime of all your systems, you’re set. This makes managing a limited number of linux boxes a snap…apt-get update; apt-get upgrade anyone? The thing I like most about it is that I get to SEE what happens on each computer…that way if something goes haywire, I’m not executing a command on a file that doesn’t exist on the remote linux box.

Make sure you give this tool a go, it makes life much easier in small networks. Hope it comes to be as useful to you as it is to me.

Fan the Linux Flames originally appeared on Yet Another Linux Blog on April 6, 2006.