System Overlord

A blog about security engineering, research, and general hacking.

Kubuntu Issues

09 Oct 2008 in Linux (Reading time: 2 minute)

I was inspired by Jono Bacon's post here and "Kubuntu, the Blue-Headed stepchild".  This started as a response to the latter, but I decided this is a better venue.

My experience with Kubuntu has been frustrating, to say the least, and I doubt it has much to do with the Ubuntu team.  Firstly, the insistence on making everything "big" drives me crazy.  How can I use KDE when it won't let me resize panels?  I also can't find a way to create custom launcher icons on the panels (in gnome, I have a few set up to open ssh connections I use very often).

Also, how can I get a functional Application menu in Kubuntu that has proper icons and does not replace one menu section with another?  It's ridiculous that it hides the list of application categories to display the applications themselves, unless the user is supposed to always know what category something is in.

Basically, I completely agree with the comments posted here: http://meta.ath0.com/2008/01/18/kde-4-ui-critique/ and am wondering if anyone knows of ways to work around them.

OOXML Debacle

09 Oct 2008 in Misc (Reading time: 1 minute)

There's a lot of issues going on around OOXML these days.  Specifically, there's alledged copyright violations by posting the OOXML specs by members of the Boycott Novell group.  I want to address a specific issue: why is something applying for ISO standardization so secret?

International standards (e.g., ISO) should be open and royalty-free.  It's ridiculous if there's a "standard" that's locked in to a single vendor.  Can someone explain any sanity to this situation?

File System Organization

08 Oct 2008 in Misc (Reading time: 2 minute)

For some reason, I have a habit of placing all kinds of random files throughout my home directory on my laptop.  Sometimes things end up in ~/Documents, other times ~/Desktop, and still others just in ~.  This is bad.

My desktop, on the other hand, I keep squeaky clean.  On the other hand, I sometimes have related files on my laptop and desktop... so even more filesystem mayhem.

So I think I need a good way to manage my laptop files.  First off, more self discipline.  :)  Secondly, I'm thinking of a small utility to merge files between two systems.  Perhaps some sort of bi-directional rsync based on modified dates?  Maybe also a method for mapping particular files/directories on one system to the other.  From the days of Windows 9x, I remember something like Windows Briefcase (if that's what it was called) and it now seems like a decent idea.  Anyone know of this?  If not, maybe it's time to learn some Glade and pyGTK.

ALF 2008: SSH & GPG (Part 1: OpenSSH)

21 Sep 2008 (Reading time: 5 minutes)

Yesterday I gave a talk at Atlanta Linux Fest 2008 on SSH and GPG.  I quickly received requests to post notes from my talk, so I'm going to try to write it up here.  If I miss anything, I'll try to keep it updated.

Slides are available here: SSH & GPG. They don't show everything, as a lot of it was Demo and Q&A, documented below.

This is Part 1 of a two part series.  I got far more questions about the OpenSSH content, so I'll be focusing on that here.  I'll add GnuPG content shortly, time permitting.

Read More...

Mozilla Firefox EULA

16 Sep 2008 in Misc (Reading time: 4 minutes)

There's been a lot of talk lately about Mozilla asking that Ubuntu display the Firefox EULA to protect their trademarks.

Mark Shuttleworth, the founder of Ubuntu, wrote:

Mozilla Corp asked that this be added in order for us to continue to call the browser Firefox. Since Firefox is their trademark, which we intend to respect, we have the choice of working with Mozilla to meet their requirements, or switching to an unbranded browser. [...]

I think it's perfectly reasonable for Mozilla to have requirements and guidelines for the use of their trademark [...] That said, I would not consider an EULA as a best practice. It's unfortunate that Mozilla feels this is absolutely necessary, but they do, and none of us are in a position to be experts about the legal constraints which Mozilla feels apply to them.[...]

Please feel free to make constructive suggestions as to how we can meet Mozilla's requirements while improving the user experience. It's not constructive to say "WTF?", nor is it constructive to rant and rave in allcaps. Your software freedoms are built on legal grounds, as are Mozilla's rights in the Firefox trademark. To act as though your rights are being infringed misses the point of free software by a mile.

I have to completely agree with this.  The reaction of the community is, in some cases, completely irrational.  People 'threaten' to fork Ubuntu if this EULA is displayed; people state they have to use another distribution because Ubuntu is not listening, etc., etc.  What people somehow don't get is that it's NOT Ubuntu's choice: they can either ship FF with the EULA popup or remove all branding and ship it under another name (ala Iceweasel), which would probably be a slight burden to Ubuntu adoption.  (People migrating from Windows would have no idea what Iceweasel is.) I do think it's somewhat shortsighted of Mozilla to feel that an EULA is necessary to call the browser 'Firefox', but that's the route they've chosen.  If you don't like the EULA, you can choose to install the 'abrowser' package or another browser.

Unfortunately for me, I don't see a lot of choice but to use Firefox or abrowser: I regularly use a half-dozen extensions (Ubiquity, NoScript, Ad Block Plus, Web Developer Toolbar, UnMHT, etc.), and I don't know of any other browser with that sort of flexibility.  Midori, the alternative browser in Gnome in Intrepid, seems to have a seriously hard time rendering some pages, and I haven't even thought about trying Flash in it.

It also makes me begin to think about alternative e-mail clients.  Can anyone recommend a client that supports GPG signing/encryption, multiple address books, and can import from Thunderbird?  It would also need to support something similar to Thunderbird's identities, as I use multiple e-mail addresses associated with a single account (as well as multiple accounts).

I'm a complete fan of open source, but I also realize that Mozilla has to protect its brand.  Mozilla is a business that has funded a great deal of Open Source Development, and that wouldn't have been possible without the partnership with Google and other aspects of the Firefox brand.  Software companies have to generate a stream of revenue somehow, and I think the people who are using the Launchpad bug as a forum are missing that.