Linux at Long Last!!!

<div class='quotetop'>QUOTE(daniel @ Jul 5 2006, 10:33 PM) [snapback]281842[/snapback]</div>

Congrats! How about some commands for that issue:
startx
man startx
shutdown -h now
man shutdown

Try FreeBSD. I personally use the much lighter-weight xfce4 with less bloat/fluff than Gnome/KDE etc.. and closer to Apple's/NeXTStep interface, but it's not AfterStep.

 

Actually I think the lizard is the SuSE emblem? I'm still running SuSE 9.1 because I've been to lazy to upgrade to 10.0. Anyway, both Gnome and KDE are pretty good (haven't tried xfce4 yet), it just depends on what you become accustom to. I really like Kmail because it tells me what is on the mail server and asks me if I want to download it or not. That way I can delete all the junk without it ever coming to my computer. I also love having several desk tops. Linux is as good as a Prius and just as hard to learn.

 

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 01:33 AM) [snapback]281842[/snapback]</div>

What were you doing with a <strike>Avertec</strike> <strike>Averate</strike> <strike>Avertabrit</strike> oh hell, whatever that thing was anyway? Do you also own a Hugo or a <strike>Dawo</strike> <strike>Daywoo</strike> <strike>Dwo</strike> O whatever those dumb cars were?

 

<div class='quotetop'>QUOTE(daniel @ Jul 5 2006, 10:33 PM) [snapback]281842[/snapback]</div>

If you're wanting to stay in graphical mode, you can also switch the default runlevel. In the /etc/inittab file there should be a line like

id:5:initdefault:

This line defines the default runleve, in my case 5. 5 is generally the graphical, multi-user runlevel, and will probably be your preferred. Right now, you're probably in runlevel 3. I'm not sure though, because each distribution can do that differently. On Fedora, 3 is multi-user, start in text mode, 5 is multi-user graphical mode. On Ubuntu, 2-5 are all multi-user graphical and basically the same thing. There should be some comments in the file explaining what each runlevel represents. Just set it to graphical, or X11, or whatever it's called in yours.

 

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 01:33 AM) [snapback]281842[/snapback]</div>

Gnome is a perfectly nice desktop, but you can use Firefox under KDE too (actually, that's precisely the setup that I'm posting with right now). . . you don't have to use Konquerer. That's the nice thing about Linux compared to Windows . . . you don't *have* to use the browser that comes bundled with the distribution (or, in this case, the desktop environment).

P.S. Yes, I know that you can use Firefox under Windows, but there are some things that you are forced to use IE for; I'm thinking of the Windows update page, in particular. . .

<div class='quotetop'>QUOTE(NuShrike @ Jul 6 2006, 05:22 AM) [snapback]281889[/snapback]</div>

Another one of my favorites (particularly for new users) is "apropos". It's particuarly useful if you don't know what the command is, but you know something about it. For example, if you want to know something about compressing a file, you can type:

apropos compress

and you will get a long list of compression commands with descriptions. I should say that "apropos" is installed on my distribution (Red Hat 9), but might not be installed by default on SuSE.

 

Since this is a Linux posting, I'll reply Unix style

> Well, after trying everything imaginable to get Linux to work on my Averatec laptop ('because I didn't want to be always switching back and
> forth between Windows and Linux while trying out Linux) including SuSE, kubuntu, and ubuntu, I finally gave up. Then I found a
> cheapo ($400 after rebates) Compaq laptop with a full money-back guarantee should Linux not run properly on it and decided to give
> it a try. It's a Presario V2552US - bottom of the line. Smallish, wide aspect ratio screen, five lbs ten oz.

If you haven't yet, max out the memory (as least as far as cost effective). While not the resource hog that Windows is, Linux loves more memory. (Actually, to be precise, KDE and Gnome and Linux applications like Firefox, beagle and OpenOffice love extra memory).

> The long and the short is SuSE 10.0 installed without a hitch, and I'm logged on from it right now, typing this in Firefox on the
> Gnome desktop.

Before you get your 10.0 too customized, download and upgrade to SuSE 10.1. It has a version of beagle which actually works and version 2.0 of OpenOffice. It's a little more work, but fewer bugs than 10.0 and an extra six months of support before you'll be forced to upgrade. It also has a much newer and better supported Gnome (up through 10.0, SuSE was KDE centric).

> I like Gnome better than KDE because it's got a really cool picture of a lizzard (maybe an iguana? or a gila monster?) and it uses
> Firefox. Next step: I'm gonna buy a Linux book so I can try to figure out what I'm doing. Like for example, what to do when I find
> I've exited Gnome and all I've got is a Linux prompt, and I can neither start Gnome again nor shut down the computer 'because I
> don't remember any of the commands from my Unix days.

You should have shut down available as an option when logging out of Gnome. Do a search on the web for your Compaq model and Linux. You should find several web sites where owners have already posted exactly how to get everything working and any extra tweaks required.

> Whoopee!

Oh come on, get a life! Linux is just an operating system (and the Prius is just a car). Both are tools which merely enable you to be more (or less) productive, neither is the meaning of life (but I'll end it there, as this is not FHOP).

Welcome to the world of computing for computer professionals. Next step is to get VMware Workstation so you don't have to reboot to run those occasional "Windoze" programs.

Just some advice from an experienced sufferer (been using Linux on my notebook computer(s) since 1997 when OS/2 died, pushing my notebooks to the limit back when internal "mass storage" was a 720K floppy, and getting work done on personnal computers since the days of 8" floppies and punched paper tape). So I think I can say: been there, done that, been burnt.

Good luck and have fun!

Vince

 

<div class='quotetop'>QUOTE(v.jones @ Jul 6 2006, 02:35 PM) [snapback]282133[/snapback]</div>

I went from 10.0 to 10.1 and the whole Zen updater and the switch to the newer network manager was so FUBARed that I jumped ship and went to Kubuntu.

 

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 07:21 AM) [snapback]281975[/snapback]</div>

Not to get into another OS war over it, but FreeBSD is a direct descendant of BSD Unix (from Berkeley) that created tcp/ip and such. Linux is a "clean-room" reimplementation of the corporate AT&T/USL Unix by this kid from Finland during the time when he couldn't get free sources to any UNIX because BSD and USL were locked in a lawsuit over who stole code from whom. Current BSD is free of any copyrighted AT&T code, and immune to getting sued versus the SCO vs IBM/Linux case. Here's a big history chart of it: http://www.levenez.com/unix/ . Any of you using OpenSSH probably already know it is created and maintained by OpenBSD.

Linux has grown up a lot since. Otherwise, both run on most i386 hardware, run Gnome/KDE (because X is platform independent), OpenOffice, Firefox, etc.. Basically, BSD tends to focus on picking something that works well from foundation up (engineer /cathedral style) and 10 years headstart vs Linux's "let's try this, let's try that bazaar-style". So Linux = latest cutting edge hardware support no matter how flakey (usually. BSD had USB support first), BSD = nothing until it works and it just works.

FreeBSD is completely designed as a environment from kernel to supporting packages (you can rebuild the entire OS installation from source code together) versus Linux which is just a kernel from Linus, and then some repackager (Red Hat, SuSE, Debian, etc), comes along with tweaks and surrounds it with utilities to make it complete and tested.

At least you're running SuSE which has a more easy to maintain packaging system than say Red Hat/Fedora which is RPM hell. Gentoo (Linux) most closely resembles FreeBSD because you could rebuild from source yourself and resolve a lot of packaging assumption issues that might crop up. I like it because I can individually update stuff, like the latest OpenOffice, Firefox, etc (besides running as my firewall/router before these dinky Linksys boxes came out) without waiting for somebody to package it up so I can update to it.

Oh, you'll eventually enjoy being immune to the latest cool worm/virus going around.

p.s. biggest installation of parts of FreeBSD today? OS X

 

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 07:17 PM) [snapback]282354[/snapback]</div>

There are some 2 lb laptops out there but the price goes up inversely to weight.

man -k <keyword> is easier for me to remember than apropos <keyword>.

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 07:17 PM) [snapback]282354[/snapback]</div>

I believe control-alt-backspace is the key commands to force quit X. I think it wanted you to shutdown X and restart X again which would've been startx at the command prompt.

<div class='quotetop'>QUOTE(daniel @ Jul 6 2006, 07:17 PM) [snapback]282354[/snapback]</div>

This is usually easier in BSD because it comes default more secure than Linux - less stuff turned on and installed (instead of thousands) and all the settings are generally in one file.

Anyways, much like in Windows, you have to become familiar with the processes that are running, and what normally should be running. This involves using top or ps ax. Also, when the OS is starting up, watch the screen because it tells you what it is starting up. You should be able to assume that it shouldn't be starting up much of anything except sshd, and maybe mail services. Everything else is fluff. From there, it's identifying what you need such as Samba for Windows file sharing. If you can list what you see running /startingup as it scrolls by, we could identify what you really need.

I'm not familiar with how to turn off stuff in SuSE because every distribution of Linux HAS to do it differently including different directories for configuration, and I work in a primarily Red Hat shop, but it shouldn't be hard to figure out. A lot it involves what's in /etc/init.d/, and maybe the service command.

You can also get a list of what network ports are open with netstat -na and look at the list of ports. It shouldn't be many tcp nor udp ports open.

Also, never run as root unless you need to do some system configuration. Create a separate user account and use that primarily and learn to su. A firewall is not as important in a UNIX OS as it is in Windows because you generally know without mystery what services are running and you can easily turn stuff on and off as needed unlike windows which usually has Windows file sharing on in some form, and Messenger, and a bunch of other stuff and it's somewhat exploitable.

Oh ya, use a text email reader (pine, mutt, etc) so you can open any emails and all attachments all you want because it won't automatically spawn a program that'll get hacked. This is how it always has been until Windows.

You don't have to worry about spyware because usually that's Internet Explorer/ActiveX hacks, so unless they really start hacking through Firefox/Konqueror to drop stuff into a UNIX OS and then run it, don't worry about it. There's no registry in a UNIX OS.

So don't need antivirus/antispyware scanners, period.

 

<div class='quotetop'>QUOTE(daniel @ Jul 7 2006, 11:23 AM) [snapback]282523[/snapback]</div>

Most of the vulnerable processes in Linux are things that accept connections from the outside world. Stuff like Apache Web Server (which is still heads and tails more secure than IIS) and the like.

You can get a list of what's running on bootup by opening YAST and looking at the runlevel editor or services. I'm not sure which tab they're located in under YAST, but I have used them in the past.

SUSE also does include a firewall, which it wouldn't hurt to turn on I guess.

 

Daniel,
Most services and servers are off by default; there is no vbasic type crud; you are now free of MS spyware, and most (?all) installations require you to segregate your daily computing from admin type tasks.

You can do more, but unless you are opening up tcp/ip ports I doubt you have to. I like ubuntu, although my wireless card using an NDIS wrapper is still not stable

 

<div class='quotetop'>QUOTE(EricGo @ Jul 7 2006, 12:29 PM) [snapback]282561[/snapback]</div>

Slightly off topic, but what wireless card do you use? I picked up a DWL-122 off ebay for 20 dollars, and it is supported natively. I had tried NDIS wrapper before, but it was too unstable for me to rely on it.

 

If you can copy us the dump you get from dmesg, it would be one way to identify what you have default running. Usually the services that get started up are at the bottom of the scroll.

<div class='quotetop'>QUOTE(daniel @ Jul 7 2006, 08:23 AM) [snapback]282523[/snapback]</div>

You have to understand the security model first. Users in Windows pretty much always run as root aka user with admin privileges. It follows that any time they get infected with something, the infection can easily do the most damage.

Let's break down security: Windows NT and afterwards is based on the UNIX style security model of separated user security levels. Windows 2000/XP and up have this security model, but by default also run a crap-load of "helper" programs turned ON that ease computer use without having the user understand what is needed and configuring it. Without these helper programs and using a non-admin account, you would be at the same security level (locked-down) as a bare-bones UNIX setup which usually default to OFF. With Linux becoming more user-friendly these days, it IS gaining the bloat of a Windows OS, and coming with too much turned ON.

You can assume anything turned on with a listening network port is exploitable eventually: browser, file sharing, etc.. UNIX programs generally try to assume the worse and exploit fixes are very quick. Windows defaults to broadcasting itself over the network for file sharing, if you notice ports 137/138/139/443 with netstat -na on the command line in Windows. You can probably monitor sites such as http://www.us-cert.gov/ for the latest known exploits. Generally, don't worry about it as long as you keep up reasonably with the latest version of softs.

Just my soapbox, if you haven't noticed, AV/spyware scan programs are actually a money scam. They could easily fix/plug many problems in Windows by directly turning off/removing features, but instead they just sit there and scan for the things you do and then remove it after the fact. This way, the festering wound is not actually sealed but left open, and then they have a regular revenue stream because you have to continue to get "updates" from them. This practice has been drilled/brainwashed into users to the point that it's expected that's how you can be sure you're "safe".

The analogy is you just got a new fridge where the compressor seems to constantly break down. A company pops up to sell you better lubrication oils and a fancy compressor monitoring system to warn you when a compressor failure is incoming. Then somebody else tries to sell you some better lube, or a larger exhaust for the compressor so it doesn't have to work as hard, so so forth. Can you see the real solution is to replace the compressor with something else, or a new fridge from an entirely different company. If they built bridges like that ...

A case in example, Windows Scripting Host is enabled and available in most Windows OS. VBS scripts can access anything on the computer and with the default admin priviledges, can access/do everything too. Why isn't this disabled by default and only turned on by the people that use it? Why don't the Virus/Spyware companies disable this "component" instead of just filtering .vbs scripts as they come?

Now on to more security for you today/now in your SuSE and any other OS.
1. Don't use programs in any OS with a well-known security vulnerability history, period.
Firefox is promoted heavily for this because they don't continue to ship old versions with exploits (as Microsoft continues to do with IE). Avoid Lookout (aka Outlook) if you can and use something like Thunderbird. Browsers in UNIX are running under only your permission levels so the most it can do is delete your files or drop a script and then ask you to run it. Don't do that.

2. Keep up with the latest version of programs/OS you run, especially any that touches other computers and networks. Programs update often, but because you're running a distribution OS, you might have to wait for their next distribution update for OS updates. However, SuSE should have a package manager (YaST?) that lets you keep up-to-date with the rest.

3. Keep Javascript/HTML rendering turned off on your email programs, and have your email program not automatically start up a helper program for anything such as pictures, attachments, scripting. If you can, use a text email reader because why do you need fancy HTML and image support just to read email?
If you can't, Thunderbird is a good compromise with a decent security history, and it comes with Javascript turned off. Image exploits are unknown but at least it doesn't use Microsoft image loading code.

4. Turn off services you aren't using such as filesharing(Samba), printer services(cupsd), firewire support, inetd, httpd (Apache/Web services), etc.

5. Check inetd.conf (in /etc ?) to make sure it's not starting up any services you haven't directly authorized. A good inetd.conf usually has most of the "services" listed commented out. I believe that Linux uses xinetd, so turn that off too.

6. Don't install programs packages/groups that you aren't even using. A lot of times, the initial installer drops in a lot of programs you will probably never use, but is nicely there to be user-friendly.

7. If you may, compile your own programs/packages. This way, YOU control who built the program from what sources instead of trusting somebody upstream to have done it right without sneaking something in. This also means YOU control what features get turned on in the program you're using. Generally, Linux programs come precompiled for a generic Pentium II-class cpu with all the possible to use features turned on. This wastes disk space, memory, and expands your exploit possibilities.

5. Use OpenOffice as much as you can instead of Microsoft Office to avoid the random new virus/worm that could come through by file. But if you can, use just simple text files instead of fancy "Word" docs just to send memos and such.

There maybe some more, but that's about as safe as it gets.

I personally don't run cpu/resources wasting av/spyware scanning software anymore on my Windows desktop because I've haven't had a problem in years by practicing the above.

 

Nice post NuShrike !

Turning off html in email as a default is smart advice. Along the same lines, I refuse to read simple email sent as word documents, even though I am not vulnerable to scripting exploits.

Off-topic, but my primary computer is a mac notebook. Unix goodness, wonderful interface, and two programs I refuse to give up: a program launcher called launchBar, and an info organizer called stickyBrain.