Swimming Upstream

Just a week after the firs GNU/Linux meeting I attended in NYC, the group come up with another meeting on the topic of Linux Security. Being a CISSP and Security Specialist at my job, I would certainly not miss this meeting even I had to finish a painting of an old man in my painting class at the same night.

Fortunately the meeting is just 2 blocks away from my class. I told my teacher about the plan and he allowed me to sneak out of the classroom after the class started and came back to work on the painting before 10pm.

After primed some crimson on canvas, I thought it’s a good time to leave, as it would take some time for the color to completely dry before I resume the work.

I rushed to the Linux Security Round Table meeting in Yodle office. The meeting had started. I saw some familiar faces from the last meeting, they are a friendly crowd and seems not minding my late at all.

The presentation was excellent. It really tap into the potential of Linux’s configuration capabilities. Indeed the owner of a Linux OS is in full control and could lock down the OS via various configurations tools.

I usually don’t bring my laptop around these days, but this time I didn’t even have my sketchpad with me so I didn’t take any notes. I could barely remember half of the presentation on the second day, so I posted a comment on the GNU Linux Meetup site asking if the presentation could be me shared.

I thought my request was quite lame and didn’t expect any response at all. To my surprise Aaron responded in length and shared his full notes with all group members. Cheers to the spirit of Open Source!

Here is the summary of Aaron’s notes:

* Physical security: where data is stored. Backup facilities included.

* Soft security: Limit access to information, attack surface.
Layered approach: (((data, application, host, internal network, perimeter)Phscial Security)Policies e.g. check out universities)

* Perimeter: IPTables ingress and egress firewall on host and user?

* Policy, drop, deny by default.

* Host based security
/etc/security/limit.conf
quotas: edquota
cgroups: user groups with allowances, virtual machines increase risk
chroot jails
APP Armor

* SeLinux (security enhanced linux, NSA dev, mandatory access control, NSA uses multilabel security, no one else does, makes everything impossible, targeted mode, processes are confined)

* RES exploit works on everything?, module blacklist e.g. /etc/modprobe.d/blacklist.conf get all modules from lsmod

* Host Based Security Detection
Tripwire http://sourceforge.net/projects/tripwire/
AIDE (automated intrusion detection and )
Chkrootkit http://www.chkrootkit.org/
Syslog? Read the logs, store them off host. Feed them into splunk (commercial, free version)?

* Hardening
Limit daemons, (especially in servers), know what you’re running,
Less is more: Remove users, remove software, limit kernel module autoloading!, isolate processes systems and data

* SSH disabled – default in new Fedora

* zeitgeist log operations, file access

* Test your system: (available in backtrack linux)
nessus www.nessus.org
metasploit
nmap your system remotely
denyhosts

* using ssh keys for authentication
sshagent
truecrypt for usb

Many security topics were brought up and discussed during discussion. It was wonderful to share experience with people coming from wildly different backgrounds. I will absolutely come back to the meeting when there is a next one.

I ran back to my class before the meeting finished (missed the beer!). The model was still posing, but I had barely 50 minutes left to finish the painting. Here is a picture of the unfinished painting:

Finally, I made myself a member of local GNU/Linux User Group in NYC, after moved to here 2 years ago. The first meetup meeting I attended was about Puppet.

It’s indeed a cute name for a data center configuration management tool. Puppet configuration (.pp files) are written in Ruby, which allows great flexibility to configure how software are installed and configured on client machine. Facert, another Ruby project, discovers all system information to be used by Puppet configuration.

Several group members are experienced user of Puppet and share their knowledge selflessly. I look forward to the next meeting on Linux security tomorrow.

Product link: http://www.puppetlabs.com/

I also found a good technical article about Puppet online: http://www.sparksupport.com/blog/puppet-configuration-management-tool

It’s Spring Festival eve tonight, which is the equivalence of western Christmas in China. Following the tradition, people will fire crackers and fireworks at midnight, which will turn the city into a battlefield. Personally I prefer to celebrate it in a quiet way, hence I made this piece of drawing to share with friends.

Happy Spring Festival!

Before I realized it, it’s two weeks away to Software Freedom Day. I have been traveling again and haven’t done much to contribute, so I received some official complaint from Fred (the BLUG president) and scrambling to figure out how to help. Well, there is at least one task I am keen to do (and I promised to deliver long ago) – which is to design the logo of Ubuntu China community.

After one day’s serious head scratching, this is the output from Amy’s petit art workshop today:

Next I will work with some community people to print T-shirts/other gifts for the event. Fancy to get a T-shirt with the new design of Ubuntu China community? It’s all cool stuff (Open source, SFD, Ubuntu):

Come and join the event in TshingHua University this year. Detail here: http://sfd.beijinglug.org

Last week a journalist of an open source magazine in UK asked me several questions on the subject of Open Source in China, here I am sharing the answers:

1. Question: Can you tell me how you got involved in open source, and how healthy and vibrant you perceive the free software movement to be in China?

Answer: I was involved with free software when I joined UNDP China as an IT manager back to 5 years ago. There are several Linux servers in UNDP’s server room which are my responsibility to administer. I then bought several Linux books and taught myself some simple Linux commands. I end up like these linux servers very much for their outstanding performance and stability. That’s the start of my Linux experience. I was lucky that Beijing Linux User Group was just founded when I joined it and I become an early and key member of the team, which put me in the social scene of open source people in Beijing. I have kept learning new tricks from other geeks since then.

The free software movement in China is quite vibrant comparing to other developing countries in Asia (not Japan, South Korea or Taiwan). I’d say it’s also quite healthy in the sense that it encourages sharing, innovation, and self learning among young generations, but there are also some main drawbacks which may cause the development of free software unsustainable in long term:

1. Lack of commitment and support from big enterprises, which in many cases due to people’s lack of understanding about Open Source license.
2. Absent/lack of Free Software concept/knowledge on computer textbooks in current education system

These days I have read some new actions taken by Chinese government to improve the situation of the above mentioned problems, and I believe those changes are for good.

2. Question: We hear good news stories about Chinese organisations adopting open source from time to time. What is your view of government and enterprise migration to Linux in China? Is Linux still very niche, or do you believe it is really gaining a foothold in the country?

Answer: In my view these migrations were only good when it brought values to the Chinese organizations, with improved efficiency/security and reduced cost. As a fan of free software, I am aware of the philosophical and technical implications of FOSS to society in general, but when it comes to the business world, I believe the product value is almost the only key factor. Linux has gained a foothold in China only in some industry where it actually demonstrate a significant competitive advantage than other platforms, like in telecommunication sector. By the time more innovative solutions are developed based on Linux, I believe it will gain foothold in other business sectors too.

3. Question: A lot of people in the UK think of China as having a huge pool of computer scientists who could play an important role in the growth of open source if they learn on Linux-based systems rather than Windows. (I read that 100,000 programmers graduate in China each year.) Can you give me your perspective on that? Do you think it is possible that some of the Linux migrations in Chinese schools and universities will lead to a Linux-based IT industry in China in a few years?

Answer: Free software in the sense that it gives user the freedom to study it and improve it, made it a perfect educational OS for computer science student to understand how the wheels been invented in the first place. I am a strong advocate for computer science student should develop their skills on Linux along with other skills on other platforms, then it’s up to their own decision for which platform that they’d like to adapt when they become decisions makers for enterprise IT solutions. I believe some Linux migrations in Chinese schools and university will give students access to know/learn about Linux, and in long term will be favorable to a widely adaption of linux technology in IT industry. It’s favorable to students too for they would have built a more flexible/agile skill set which will lead to better job opportunities.

4. Question: With software piracy rates in China so high and proprietary software being almost free as in beer, do FOSS advocates like yourself have to work harder to persuade users to try Linux than advocates in other countries?

Answer: I don’t like to use the word persuade. It’s true that there is almost no economic incentive for users to opt Linux over Windows on their PCs in China, but let’s face the fact that this option has rarely been an economical decision. Even in developed countries, where people has to pay for proprietary software as enforced by copyright law, how many Linux users have chosen Linux merely because it’s free as in beer? Linux is a better product than Windows in many perspectives, and my role is to introduce people come to see Linux as they are, I am passionate about this job but there is no such a message in my speech that Linux is better than Windows in every perspective, and personally I think strong/aggressive selling is actually manipulating other people’s mind, I have tried to respect every individual’s own judgment to make the best decision for themselves.

I am posting this blog as part of the discussion initiated by Stephen Walli, who has got plenty of wise opinions on Open Source business in general:

http://stephesblog.blogs.com/my_weblog/2007/06/open_source_bus.html

This is a latecoming blog entry for the Open Source Software Summit in Beijing on March 27th, 2007. I won’t talk in length about the event here since it’s an old event and there are already some blogs entries:

* Stephen Walli’s blog and Flickr stream
* Jim Grisanzio’s blog and Flickr stream
* Nat Torkington’s blog commentary.
* Michael Iannini’s blog coverage for ZDNet Asia.
* Jing Jing Helles Flickr stream.

During the event I noticed an unfamiliar term in Nat Torkington’s presentation. When he was referring to Free and Open Source Software, instead of using aconym FOSS (which is most familiar to geeks in China), he used the term F/LOSS (Free/Liberal Open Source Software) in his presentation.

I brought up a question about this term to Nat during his Q&A session, he explained that it is a widely used term in Europe. I was surprised that he was not at all concerned about the acronym as it reads like floss, and carris a bad meaning with ‘LOSS’. In my superstitious asian culture, people spend their lifetime to give good and lucky names to their kids, their business, their pet, or anything that they are entitled to give names. It’s a science developed in thousands of years and rooted deeply in culture. Europeans might not care about it, I am sure Asian geeks will be reluctant to use F/LOSS for Free and Open Source Softwares.

An interesting case about cultural difference, even when we are speaking the same language – English.

This was my first time to Auckland, a city with unpretentious beauty. I was also a bit confused that it’s late summer there, then I realized that it’s just different weather from where I come from, the term summer doesn’t mean it’s different time… as usually the season stands for.

That disappointed me a bit. Subconsciously I was hoping to travel to a place where I can go back in time, like autumn of last year!

The event was organized in an extreme professional manner, as Intel always do. I was hugely impressed during the keynote speech session when Donald McDonald announced that Intel will make 10 billion media impressions to public this year. 10 billion. Now you must understand why Intel is everywhere.

This is Canonical’s booth:

We met friendly people everywhere! It’s hard to stay modest when everyone we met talking favorably about Canonical and Ubuntu. I literally has nothing to do with this, our engineer team is the real heros and the honor is theirs. : )

Having said that, our Canonical business team is quite cool too. We were active during the event, and we know how to have fun while doing a good job.

It’s the second day of Chinese new year today. Like every product release of Ubuntu, every Chinese year is associated with an animal code, and this year is the year of pig. : )

Here is a card for you and for a splendid year of Ubuntu.

Ginger, my IBM X60 laptop, had a plastic surgery (implanting Beryl on her face) during the weekend, and looks very SEXY now:

Being vain and proud, I have been showing off her new look to all geeks I know here – all they could say is to admit Beryl is super cool. : )

However prettiness comes with a price. Ginger gets slow after Beryl was loaded, and once a while my keyboard wouldn’t response… Quinn Storm, could you guys fix this for all users who is crazy about your work?

If Ginger is considering to get a boyfriend of her class… there are some Beryl guys from Japan and South Korea who are pretty hard core:

Some people showed interest on the gift design I did for the Edgy Release party in China, and I have promised to share the artwork. For various reasons (travel and getting sick) this is coming quite late (sorry!), the image files are available on a wiki page I created in Ubuntu artwork category now:

https://wiki.ubuntu.com/Artwork/Incoming/Marketing/EdgyPartyChina

On another blog entry about the Edgy release party I also promised to share the audio file of Mark Shuttleworth’s speech, unfortunately all recordings I have collected so far are in poor quality or incomplete, so there is no audio file available after all. : (

This is the email I got the other day:

Dear ubuntu administartor,

At first, please allow me to introduce myself, my name is xxxxxxxx, I come from china, I am a teacher in an out – of – the – way village. The whole school only me a teacher and dozens of schoolchildren. We would very much like to know the outer world computer – the only court open to us. We want to get more storing of information, we want to study the linux, our school have no internet, and have no the Compact Disk ReWriter, also we want to download the Ubuntu 6.10 from the internet, but the ISDN is very slowly, So we very much in need of you to help. we want the Ubuntu CD! we will like to have you consider ourselves. And we will to share the Ubuntu for our friend, and to spread the ubuntu
Thank you,the best wish & blessing.

xxxxxxxx
mychinese name is:xxxxxxxx
my site:xxxxxxxxxxxxxxxx
my postcode:xxxxxxxx
my telphone:xxxxxxxx

Emails like this made me see the meaning of my work and found I am doing something to help people (especially poor people) to connect to the rest of the world with a Free OS. We are not making money off this one, and this has nothing to do with business, but none the less it motivates me much more than money could work on me.

I have got some beautiful CDs for this guy and will send it off first thing tomorrow.

The day November 2nd started with several unexpected bad news… Traffic will be super bad for a whole day, since several main roads will be blocked to welcome Sino-Africa Summit guests; some people claimed they haven’t received my email about the Edgy Eft Release party yet; I was told T-shirts and sweaters are not made as I designed cause the cost was too high for small orders; 2 people called me apologizing for not going to make the Edgy Release party, and one said I shouldn’t expect seeing too many students considering this is weekday night + traffic is bad.

After several rounds of phone calls, I am even more frustrated to realize that I am running late for the first business meeting of the day… It’s definitely one of the worst start of a day for this year.

… …

How was the party? Look at these pics:

We planned the party for 200 people, 600 showed up, since nobody got ultrawide lens to take the whole meeting hall, this picture shows about half of the room:

Many people sit on the floor:

The whole speech + Q&A lasted for an intensive 1 and half hours (felt like 30 minutes as one student said, I shared his feeling), there was no one left, no one had seperate meetings, no one even diverts their attentions… Mark was the star of the night.

I was the intepretor.

On getting free Edgy Eft CDs and entering the meeting hall, community has asked attendees to put down their company name and email address on paper – that’s how I got a name list of almost 400 people (out 600) , to find the population was actually quite distributed – from almost all big science universities in Beijing (Peking, Tsinghua, Beihang, Beiyou, Beijing Normal University etc…) as well Google, IBM, Sun, Oracle, TongFang (PC brand), Founder and plenty of software companies including some other linux distros.

WOW.

I mean, WOW.

I must admit the organization of the party is a bit awkward, as we didn’t expect so many people to show up. The event was blogged by several bloggers who attended the meeting, all criticizing about the crowdy venue and less-than-perfect translation (yeah I am a bit nervous and my intepretation is lower than my average level), none the less all of them are praising Mark’s passionate speech and the legend of Ubuntu.

For the ones who’d like to watch Mark’s speech again, I will put video on internet later.

Thanks for Fridge’s support to put the event up on your site:
http://fridge.ubuntu.com/node/630

Hou ZhengPeng and Yu ShiQi are the heros to make the party happen, my Beijing LUG friends have been helping spreading the words around the town, and by google search I also found some OSS geeks who I have never met in the past also helped advertising the event on IRC/Forum/BBS this time.

I have already started planning the bigger, fancier, cooler, geekier, and all the way better “Beijing Feisty Fawn release party” for next April, mark your calendar, NOW! : )

Today I spent sometime to help Ubuntu community people organizing the Edgy Release party coming next week. We have decided to do everything by ourselves – including downloading ISO and burning CD Roms!

This is the design of CD-Rom sticker, we will distribute 200 CD Roms during the event (Free).

In stead of making and giving away gifts, we have decided to make and sell them. After several rounds of brainstorming, T-shirts and sweaters are considered the best souviniors for the occasion (it’s easy to make, and students love wearing them).

Beijing is getting cold these days – average 10C during day time, originally I proposed we should only make sweaters in this season, but it seems that many students can’t afford buying sweater so T-shirts are still in high demand.

Here is the design of the T-shirt, price: RMB40.00 (USD5.00)

and sweater here, price: RMB80.00 (USD10.00)

It’s going to be hot sales!

click to view bigger image.

Mark Shuttleworth will be in Beijing on November 2nd, and we will throw an Edgy release party to celebrate the occasion with him together!

This poster will be posted in several billboards of different campuses and some office buildings (where geeks are most often seen). I contacted several student commity leader of the most famous universities here (Peking unversity, Tsinghua University etc.), all are keen to organize the party! In a few days, we have got 3 options of free party venue in the campus area, and finally we decided to pick the one in Automation Research lab, which is a great meeting hall for about 200 people. I bet it will be packed on the day. We are working on making a fancy presentation about Edgy for the party now, anyone got good ideas, or slide to share?

The event will be reported by local media here. Please drop me an email at amy@ubuntu.com for pictures/media report of the event if you are interested. (I can only reply after November 2nd, of course) : )

Event vanue and time details: (if the link on poster is not quite easy to read)
http://www.ubuntu.com.cn/releaseparty

.

.

.

Mark Shuttleworth came to China in February, 2006, and I found this magazine (Open Source World 2006.3) quite lately with his picture on the cover and a featured report “The ambition of Ubuntu” included in the edition.

I am pleased to see that Open Source World dedicated 8 whole pages introducing Ubuntu and its founder Mark Shuttleworth. In its article, the ambition of Ubuntu is actually the ambition of Mark – to conquer the impossible bottom lines, building a sustainable business model on GPL licensed Linux product Ubuntu.

The featured report has 3 parts:
1. “Success with Ubuntu”, briefed Mark’s schedule during his China trip and some major companies he met;
2. “To conquer the impossible bottom lines”, intoroduced Mark’s success story and the history of Ubuntu;
3. “Ubuntu’s development route”, introduced Ubuntu’s concept (what the name stands for), and its main product features.

I am impressed with the complete and precise details of the report, and since I know the writer personnally (Mr. He, XiaoLong), I am also a bit surprised to know that he is writing this well – he is extremely young. Thank you, Xiaolong.

Difficult, challenging, and seems-impossible tasks always get me excited, that’s why I consider Canonical is being original and innovative on making profit off the free Ubuntu. Being a reasonable and logical person (a geek with 7 years IT management experience) , I would never be excited about ridiculously impossible ideas, while I do share the strong belief that Canonical’s mission is doable, and I am absolutely proud to be a member of the team.

On this topic Christopher Kenyon made some very good points on CNET New.com:
http://news.com.com/Canonical+seeks+profit+from+free+Ubuntu/2100-7344_3-6123249.html

Well done, Chris!

This is an article by Sean Coughlan on BBC news, since the website is not available in China, I am putting the story here to share with you.

Bill Clinton told the Labour conference to get into ubuntu. Eh?

Ubuntu. That was what Bill Clinton told the Labour party conference it needed to remember this week. “Society is important because of Ubuntu.”

But what is it? Left-leaning sudoku? U2′s latest album? Fish-friendly sushi?

No, it’s a word describing an African worldview, which translates as “I am because you are,” and which means that individuals need other people to be fulfilled.

The former president, husky-voiced and down-home with the delegates, gave it a folksy flavour, describing it in terms of needing to be around others to enjoy being ourselves.

“If we were the most beautiful, the most intelligent, the most wealthy, the most powerful person – and then found all of a sudden that we were alone on the planet, it wouldn’t amount to a hill of beans,” said Mr Clinton.

The word comes from the Bantu languages spoken in southern Africa – and is related to a Zulu concept – “umuntu ngumuntu ngabantu” – which means that a person is only a person through their relationship to others.

And it’s entered the political lexicon through the political changes in South Africa.

Archbishop Desmond Tutu, in his book No Future Without Forgiveness, says: “Ubuntu is very difficult to render into a Western language… It is to say, ‘My humanity is caught up, is inextricably bound up, in what is yours.’”

… …

There are ubuntu education funds, ubuntu tents at development conferences, ubuntu villages, an ubuntu university – and it’s now the name of an open-source operating system.

Well, what surprised me the most, is a picture of Ubuntu thong put together with the article on BBC site. Someone over the web commented “could we have a picture of Clinton sniff the thong?”.

Rude, but hilarious. : )

P.S. Ubuntu thong is available in Ubuntu online shop.

There has been a hype about Freespire that it is giving what users want by allowing users pick either commercial or non-commercial Linux applications using CNR (Click and Run). The theory sounds very appealing, thinking that this is actually offering a lucrative incentive for software developers to develop commercial applications on Linux OS, and at the same time relieves some users’ concerns about possibilities of using their favorite applications on Linux (which has been a main barrier for many Windows users opt not to use Linux), I am pleased to see that this feature is made free and available in Freespire 1.0.

Also Debian based, Freespire has been picked in many occasions to be compared and evaluated against Ubuntu (plenty of reviews and tests on this subject over Internet). According to Matthew Newton’s article “Free Agent: The Latest Free Linux“, Freespire is not yet mature enough to substitute Ubuntu on users’ desktop with these yet-to-be-improved drawbacks:

* Hardware support, where Ubuntu is still leading the game, hardwares working in Ubuntu maybe not working in Freespire;

* Software dependencies, the apt-get (or Synaptic software manager) is actually more user friendly when it comes to search and install new softwares because it checks software dependencies for users and get the whole thing up and running with a single click (or a single command). It was found that CNR failed to check software dependencies when users choose to install a new application. This is going to drive users crazy when things don’t work out of the box.

In my opinion, none of the above defects are critical in long run since they could be easily corrected by a group of talented engineers. At the moment, Ubuntu is still in the cutting edge of desktop Linux operating system with many of our innovative and robust features like upstart etc. At the time Freespire is seeking improvements, Ubuntu will not stay still but will also be dashing on making Ubuntu a better system for users. In fact, the rule of survival in OSS world is not to beat our competitors, but to over beat ourselves consistently and quickly(!).

Competition offers us the perspective of benchmarking and stimulates innovation and diversity. Here is the eternal question to all OS suppliers: What users want? and how should we deliver?

On September 16th the Software Freedom Day, I was invited to attend the a celebration event in Beijing University. It was exciting to meet so many young students after left campus many years ago. To my surprise, many of them have heard of Ubuntu, some of them are quite hard core fan of Linux and Open Source softwares. I brought several Ubuntu T-shirts and 50 Dapper installation CDs, they soon became the most popular and demanded gifts in the event. : )

Details of the event: http://news.csdn.net/n/20060911/94604.html

The event also give away a lovely penguin doll (from LPI):

Banners of the event and Ubuntu’s name in sponsors’ list:

Software Freedom Day’s website: http://www.softwarefreedomday.com, the president of SFD is Pia Waugh, who is a very good friend, using that connection I registered China event on SFD site at a very late time (the last one to register), as you could see here.

Pia also gave a talk on LugRadio on the topic of Software Freedom Day, available here.