Posts Tagged ‘Ubuntu 8.04’

Fixing the Dim Screen in Ubuntu 8.04

Dim Screen Issues on a Laptop

After installing Ubuntu 8.04 on my laptop, a Lenovo T-60, I notice the screen was very dim. In fact so dim it hurt my eyes to use it. So I started looking into the possible issues for the dim light on the screen. Of course the first place to look is power management. If you go to Preferences/Power Management you will see several options to dim the screen when the laptop moves to battery use. Of course dimming the screen is all about saving power, the less light that is used you can save power to keep the laptop running longer.

On AC Power

When you are running on AC Power you can dim the screen when the laptop is in idle. You can change this setting by using the slider for a time period.

On Battery Power

The options here include a time period for inactivity and they also include the ability to reduce the backlight brightness and dim the display when idle. All you have to do is click the box to make it happen.

After unchecking all of these options the screen was still unbearably dim. So I started looking at the hardware and recognized the Function Key on the keyboard was an option. You can tell the Function Key as it is labeled “Fn” on the keyboard. Many laptops have this feature to enable you to connect up to a monitor or projector. In addition, I found my keyboard has two keys that I can use to control the light on the screen. These are the “Home” Key (for brighter) and the “End” Key (for darker). Using these in conjunction with the Function key(Fn) worked great! Smooth even changes to the light issues.

Selecting Ubuntu as a Linux Server

April 27, 2008 3 comments

The interest in the Ubuntu Server is directly related to the interest in the Ubuntu Desktop.

As a Linux Trainer, I have access to as many as 75 different students each week. These students are typically IT people from small organizations who have a Windows administration background and now since their company sees the cost savings of Linux are moving to Linux Servers. A typical pattern that I see is people who have a GUI preference, little understanding of the Linux OS in general and want a fast easy path to managing a Linux Server. The other typical aspect of these users is that they have a Linux laptop loaded with, yep you guessed it, Ubuntu. Easily 75% use Ubuntu as a Desktop experiment.

No one argues too much that Ubuntu dominates the Linux Desktop. That is clearly seen in all of my contact with people that I train. So how does the experience with the Ubuntu Desktop impact a choice for a Server OS and should it?

Server Training and Desktop Training

Ubuntu Live Server Training and Self-Taught Packages

The impact that the Desktop has on the Server choice is in the following:

1. Easy Administration
Sure everyone likes easy, no one but an idiot wants hard. But, can you label a text based only server as easy. Yes installation is fast, slick and one click options for things like the LAMP Install, but is that easy administration? No, it may be easy install but in reality CentOS is just as easy to install. I don’t know how many people have told me that they selected Ubuntu because the LAMP install was so easy. Well with CentOS it is simply:

yum install PHP mysql-server

One command, but the perception is that CentOS is more difficult. Just not so. My point is, there is no such thing as “Easy Administration”, Linux servers, especially from the command line, will take Windows based administrators some time to come up to speed on administration.

2. Community Based Support
Now this is really an interesting aspect. Red Hat probably has the largest most fully developed Pay for Support available for any Linux distro. Ubuntu’s Pay for Support is not well known, in fact many users had no idea that it was an option. But Pay for Support is not what Ubuntu Server admins are looking for. They are looking for the FREE Community based support. This is where Ubuntu shines. Their community based support both at the site and across the Internet is much better known than any other distro. This is the support that Ubuntu users are used to and what they think will be the answer for the server as well.

3. Cutting Edge Technology
Here is one of the major differences of philosophy between Red Hat/CentOS based servers and Ubuntu Servers. Red Hat/CentOS focus very thorough testing of drivers and applications. Whereas Ubuntu, because they pride themselves on being on the cutting edge, focus on drivers and application versions that, well…they have not been as completely tested. Again, much of this acceptance is driven by Ubuntu Desktop users who choose Ubuntu based on the ability to better detect wireless drivers for their laptop and this cutting edge thinking has carried over to the Server choice. Cutting edge is great, but you will certainly be exposing your server to greater risk in bugs and security issues with this type of focus.

4. Simple Security
Here again, Ubuntu’s lack of security focus is what draws users and what will eventually create serious issues for Ubuntu users. The “Uncomplicated Firewall” by Ubuntu is a good example. The attempt to create a firewall that is easy to manage is a misnomer. You just cannot do it …simple firewalls on a server are bad firewalls. What I mean is, you cannot just boil security for an Ubuntu server down into a few basic commands. One of the reasons administrators look at Ubuntu as an option is that it is not using the dreaded SELinux that Red Hat/CentOS uses by default. The fact that 90% of all Red Hat/CentOS servers have turned off SELinux seems to be lost on Red Hat people. The point is, users came to the Ubuntu Desktop because of it’s simple security, and now that carries over to the Server.

So what’s my point?
I believe there is trouble on the horizon for Ubuntu administrators in general. Organizations that choose a server OS based on Simple Administration, Community Based Support, Cutting Edge Technology and Simple Security are likely to regret it. That is not to say that the Ubuntu Server is a bad choice. Organizations need to choose Ubuntu Server with a focus on training their administrators in the difficult aspects of server administration. They need to evaluate fee based support and reject the temptation to just “google” all of their solutions. Organizations must carefully evaluate if they need cutting edge drivers and if not, carefully eliminate applications that could be potential risks. And finally, business must get serious, very serious about security. Security is not simple…it is hard work. If an organization will carefully evaluate these issues their Ubuntu Server experience will be much more rewarding.

My Mom Learns the “Uncomplicated Firewall” on Ubuntu 8.04

April 23, 2008 10 comments

I was recently excited to see that Ubuntu has included an “Uncomplicated Firewall” in the Hardy Heron release. This was perfect since my mom has just had Ubuntu 8.04 placed on her laptop and I was concerned that she have a firewall to protect her laptop. She has struggled with Linux and making the transition from Win…whatever so I have been searching for simple solutions. Ubuntu known for their simple solutions, has saved the day again by simplifying security for users. Here is the simple process and a record of how quickly my mom picks this simple stuff up. Click Here for the ufw Tutorial.

“Mom…I have a simple solution for the security on your computer!”

“Oh great I know you have told me that Linux is soooo simple, I need an easy uncomplicated way to make sure I don’t get hacked. What do I need to do?”

Linux Training Options: Desktop and Server

“Ok mom, sit down, fire up that puppy and let’s get to work.”

“I am so pleased you are going to help me, that stupid firewall you showed me before was just too difficult for me. I remember I had to:

sudo apt-get install lokkit

That command was tough alone but then picking the ports that I should have open after the install was confusing since I had to know that remote support from you was coming in on port 22. And I had to click OK…

Red Hat Firewall

Besides that worthless firewall said “Red Hat” on it and I certainly do not need that on my Ubuntu machine!”

“Yea mom, I know the Lokkit firewall was complicated, two steps is just too much to ask….we will be working with the ‘Uncomplicated Firewall’ so you can just take it easy…. Here we go now open up a terminal.”

“Terminal who?”

“Mom, this is really simple, just open up the command line terminal, Applications/Accessories/Terminal…yea now you got it…good we are almost there. Now just check the commands that you can run by typing ufw”

Usage: ufw COMMAND

enable Enables the firewall
disable Disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information

“What is all this stuff? And what do I need this for…am I done?”

“Well no mom, this is information about how to set up rules.”


“Rules mom….simple uncomplicated rules for how it will interface with iptables on the INPUT, OUTPUT and FORWARD chains…it’s easy.”

“I don’t want no rules…I don’t want to learn no rules and I DON’T WANT TO HEAR ABOUT EASY RULES!!!!”

“Mom….look just turn it on.”

“My computer is on…look at the screen why do you think I am typing….see.”

“No mom I mean turn on the uncomplicated firewall.”

“You mean I have to turn it on…why do I have to turn it on, where is the button?”

“Sorry, the developers thought you might have another firewall running and this might interfere with the
rules that you had written so it is off when you first start Ubuntu 8.04. All you have to do is this command to start it:”

ufw enable

“OK now it is on…”

“Are we done NOW?”

“No mom you need to set a default deny policy for your chains. See just do this:”

ufw default deny

Default policy changed to ‘deny’ (be sure to update your rules accordingly)

“Deny…deny what and who….I just want a simple uncomplicated firewall thingy”

“OK mom almost done. Now you need to type this command so you can see your rules. See your Chain INPUT rule is DROP by default and your FORWARD chain is DROP by default.

# iptables -L -n

Chain INPUT (policy DROP)

target prot opt source destination
ufw-before-input all — ufw-after-input all —

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-forward all —
ufw-after-forward all —

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-output all —
ufw-after-output all — Chain
ufw-after-forward (1 references) target prot opt source destination
LOG all — limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK FORWARD]: ‘ RETURN all —
Chain ufw-after-input (1 references) target prot opt source destination
RETURN udp — udp dpt:137
RETURN udp — udp dpt:138
RETURN tcp — tcp dpt:139
RETURN tcp — tcp dpt:445
RETURN udp — udp dpt:67
RETURN udp — udp dpt:68
LOG all — limit: avg 3/min burst 10
LOG flags 0 level 4 prefix `[UFW BLOCK INPUT]: ‘
RETURN all —
Chain ufw-after-output (1 references) target prot opt source destination
RETURN all — Chain
ufw-before-forward (1 references) target prot opt source destination
ufw-user-forward all —
RETURN all —
Chain ufw-before-input (1 references) target prot opt source destination
ACCEPT all — ACCEPT all — ctstate
INVALID ACCEPT icmp — icmp type 3
ACCEPT icmp — icmp type 4
ACCEPT icmp — icmp type 11
ACCEPT icmp — icmp type 12
ACCEPT icmp — icmp type 8
ACCEPT udp — udp spt:67 dpt:68
ufw-not-local all — ACCEPT all —
ACCEPT all — ufw-user-input all —
RETURN all — Chain
ufw-before-output (1 references) target prot opt source destination
ACCEPT all —
ufw-user-output all — RETURN all —

Chain ufw-not-local (1 references) target prot opt source destination

RETURN all — ADDRTYPE match dst-type

LOCAL RETURN all — ADDRTYPE match dst-type

ADDRTYPE match dst-type

BROADCAST LOG all — limit: avg 3/min burst 10 LOG flags 0 level 4 prefix `[UFW BLOCK NOT-TO-ME]: ‘ DROP all —

Chain ufw-user-forward (1 references) target prot opt source destination

RETURN all —

Chain ufw-user-input (1 references) target prot opt source destination
ACCEPT tcp — tcp dpt:22
RETURN all —
Chain ufw-user-output (1 references) target prot opt source destination RETURN all —

WHAT????????…..Is this Chineeese…what kind of joke is this…I am too old to learn a new language and
what is the OUTPUT…it is not DROP it is ALLOW, what is the Default DROP anyway? And why am I allowing
people to get into my computer…is this really safe?”

“Easy Mom, it is really easy. OK, so the default DROP is really not a default DROP for all the chains
just the INPUT and FORWARD chain.”

“Who am I FORWARDing stuff to, does that go to you?”

“Well no Mom…this is really if you have two network cards and one was eth0 and the second was eth1
and you were FORWARDing traffic to an internal network, maybe using NAT and having a firewall on the outside
and you need to make sure that your /proc/sys/net/ipv4/ip_forward is 1 so that you can transfer traffic…..”

“Oh stop that mumble jumble garbage…this is supposed be I done?”

“Well no, just a few more steps, you need to write a rule that allows me to connect to your laptop for
support when you need it. Just use the ufw command to allow a connection from my computer at like this:

# ufw allow from port 22

“Now mom you can view your changes with the command:

# ufw status
Chain ufw-user-input (1 references) target prot opt source destination
ACCEPT tcp — tcp spt:22
ACCEPT udp — udp spt:22

“And now look it is simple to add VNC support as well.”

# ufw allow from port 5900
Rule added

“You’re kidding me right…what is this Halloween trick and treat? What is the gibberish…why don’t I just write 123456789….port what is this a fishing adventure? I told you I was sick and tired of your IT Techie baloney … I HAVE NO IDEA WHAT YOU ARE TALKING ABOUT YOU MORON!!!!!!

“Mom, please don’t start that again this really is not complicated, just type what I wrote on the notepad,
OK I will leave as soon as we are done. This really is simple…”

“Idiot, there now I typed your stupid RULE for your shipping ports.”

“Great Mom now check your status with this command:
ufw status

# ufw status
Firewall loaded

To                         Action  From
--                         ------  ----
Anywhere                   ALLOW 22:tcp
Anywhere                   ALLOW 22:udp
Anywhere                   ALLOW 5900:tcp
Anywhere                   ALLOW 5900:udp

"What ...status, I thought the default was DENY and why is there an Anywhere, does that mean that
anyone can get into my computer and who are tcp and udp ...are these your friends?"

"Come now mom, this is not complicated just stick with me, tcp and udo are protocols, they are just ways
to communicate and they connect on ports, it is really simple stuff.  No don't say anything just relax."

"Are we done?"

"No not yet, let's just go over how you can check your logs for intrusion attempts and failed
port connections in case you need to edit your RULES...OK?"  Just use this command to see the
end of the log:

 tail /var/log/messages
Apr 22 14:36:18 ub3 kernel: [28092.908356] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC= DST= LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38470 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:20 ub3 kernel: [28094.761693] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC= DST= LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38471 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:22 ub3 kernel: [28097.108344] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC= DST= LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38472 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0
Apr 22 14:36:27 ub3 kernel: [28101.809296] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:03:0d:11:f6:a9:00:14:bf:7f:59:b0:08:00 SRC= DST= LEN=80 TOS=0x00 PREC=0x00 TTL=44 ID=38473 PROTO=TCP SPT=80 DPT=38292 WINDOW=129 RES=0x00 ACK PSH URGP=0

"See there you can see your UFW is working as it has already blocked input ...see you are safe."

"Safe from who? Whose stupid idea is this anyway?  Simple ...uncomplicated firewall...who are you kidding!
I sick and tired of your Techno Blah Simple Uncomplicated Stupidity!!!!!!!!!!

WHERE IS MY WINDOWS VISTA DISK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Get every new post delivered to your Inbox.

Join 53 other followers