endperform.org

I may be jinxing myself, but it seems like my age-old Nvidia lockup bug might be a thing of the past. Ever since upgrading to Gutsy, I have yet to have a lockup, and I’ve done some 3D-intensive things as well as letting the machine idle, two things which seemed to contribute to the lockups most of the time. I’ll have to get the versions of what I’m running exactly, but this is good news. So far Gutsy has been working pretty well, with one exception. I installed F-Spot to play around with pictures, but upon trying to run it, it complained about not being able to find a DBUS session and told me to try running with dbus-launch f-spot. I attempted that command, only to find that there was no dbus-launch. Apparently the dbus package got split up, and you’ll need to install dbus-x11 to get the launch portion. Once installed, though, it worked and brought the application up. Additionally, I submitted my first bug report. On my laptop, I needed to load a custom DSDT to get the sound functioning, but For some reason, the custom load functionality was removed from the kernel for Gutsy. As a result, I don’t have sound on the laptop right now. I submitted a bug, and it’s now being looked at. Ah the power of a development community that listens.

Desktop Effects, you know: Beryl, Compiz and now Compiz Fusion has been an option in Ubuntu for a while now, but I’m wondering if it was a good idea to present that to the users this early on. As I read through the Ubuntu forums, I’m seeing a lot of posts concerning errors or issues with enabling these effects. Sometimes it’s a driver issue, sometimes the window manager just crashes, etc. I can understand the “cool factor” of having a pretty window manager, but how does it make the distribution look when this fails? Sure, it’s an option and you don’t have to enable it, but if I remember correctly, it will be coming enabled by default in Gutsy.

Is this a good idea? Personally, I think at the very least it should be optional until a stable release of Compiz Fusion has been released. New users are going to be frustrated either by the crashing, or worse still, finding out their card doesn’t support it and wondering why they can’t have the cool eye candy. Personally, I don’t need my windows to wobble, or rain to fall on my desktop, or even a cool 3D cube. I just need my stuff to work, and my 3D working so I can game. I understand that people like pretty desktops, but at the very least the window manager should be a bit more stable before unleashing it on the masses.

Tonight I upgraded the desktop to Gutsy. So far, so good. 700MB worth of downloads, one reboot and an Nvidia driver reinstall and I was back up and running. I’m interested to see if the newer Xorg resolves the issue I’ve been having with the Nvidia hardlock issue on the desktop. The laptop is next on the list, but I don’t think there’s going to be much of an issue there, either. So now the bug reporting begins, although I don’t know how much help I’m going to be since I’m not running full-blown Gnome… instead, I’m in Fluxbox land :)

Patrick made a good point in a comment on my last post, and I figured I’d go with that. The original intent of the forum posting mentioned was along the lines of getting GUI functionality in place to eliminate the need for users to hit the command line, and in essence the potential risks that go along with it. However, if a pretty GUI were in place, there still could be issues, especially if a new user follows instructions to the letter without any idea of what’s going on. From Patrick’s comment:

The OP’s argument that better GUIs improve understandability makes some sense. However, I bet that 9/10 or better that someone getting advice from another user will follow that advice even if the UI is blaring DON’T DO THIS!!!

To fix your stuck files, you have to clear them:
Click on Start,
Click on Admin File System
Click on Re-Format
Select Ext3
It’ll warn you that this is dangerous, but this is the only way to do this.
Click Yes, I Really Really Want To Re-Format

The Ubuntu forums are a decent community, and someone would end up picking up on this potential problem and respond, saying “DON’T DO THAT!”, but it falls right back in line with blindly typing commands into a terminal. In any case, the user should be careful with what they are doing, no matter if it’s GUI or command line and regardless of the OS. Definitely a thought provoking kind of post, and it makes me want to research exactly what kinds of evil can be done via command line.

Today’s post comes from a thread I spotted on the Ubuntu forums about how the command line has the potential to be abused, based on the fact that some tasks need to be done via the command line. The main argument is that a “spammer” could give some command that would turn that machine into a zombie, or send personal information, or other things of that nature. While this might be able to be done, it would require a user to blindly copy and paste a pretty long command into their terminal. You can read my response (I’m Endperform on the forums :) ), but basically I answer some of the points being made with some commentary of my own, but I wanted to point out a couple of the comments and elaborate a bit on them:

But I’m counting that Ubuntu will be a major player in the OS world, and soon virus will be released that target Linux (Ubuntu) as well. And you must agree with me: it is fair EASIER to get infected by a hypotetical virus in Ubuntu from a bad CL than from downloading an executable file (just think that the user would still need to set the file executable).

This is definitely not the case. The original poster continually mentions about a bad command line ‘virus’ from a couple of commands. If anything, there are some malicious commands, but nothing that would classify as a virus. The comment above I feel is a bit untrue, if not unfair. In order to compare, cmd.exe would need to be compared against Bash, and Windows is definitely just as dangerous. One command can wipe out your system. In order for this comparison to make a bit more sense, we should compare the software installation methods on Windows and on Ubuntu.

On Windows, software installation is accomplished by downloading an installer and double-clicking on it and following some prompts. If that file happens to have a virus riding with it, and you don’t have the proper protection set up, you’ve just become a victim. For Ubuntu, there are at least three methods of installing software. First, there’s Synaptic, a GUI which allows you to select which software to install, and then install it. Then, there’s aptitude, a command-line software installation client. Finally, there’s installation via dpkg, which requires the manual download of a .deb package file. Synaptic and aptitude use software repositories to download from, and chances are very, very slim that you would catch any virus from an official repository. The third method is a bit trickier, and it has the potential for trouble.

It is true. But they still need to DOWNLOAD something to do some harm. Ubuntu, on the other way, comes pre-installed with LOADS of command line software than can do some nasty things already, you just need to type or paste one simple command and voilá - not even anti-virus software would prevent it.

Ubuntu is no more dangerous than Windows is out of the box. I can give a Windows user one command and if they type it, no more system, right out of ghe box. Also, don’t forget about VBScript and the multiple vulnerablilities right out of the box with a fresh Windows install. Also with these ’simple commands’, in order for something really bad to happen, you’d have to prefix the command with sudo, while the Windows command would not need sudo as most likely the user already has administrative rights on the box.

Please remember that Linux is secure as long as the user knows what he is doing or at least is not messing with the system. It can take just only one good written piped command to make the Linux box send lots of packets to a target every time it boots, which could contribute to a massive DoS.

I’d love to see the bash command that would do this. It would need to write a script and install itself to enable it to run on startup. While it might be possible to write a script to download a pre-made script to do such things, I don’t think there is one well-crafted command that could do this.

I didn’t mean for this post to ramble on, but it just seemed like a good topic to touch on. I do see some of what the original poster was saying, but it seems like his examples are pretty far-fetched, and are stretching it a bit. It should be noted as well that it seems more like the poster is talking about malicious commands, which I think would be the more appropriate term in this context.