Ressources documentaires pour Mandriva Linux et les Logiciels Libres

Billets dans la catégorie Mandriva

Ghost from the past : MSEC GUI mockup

I know that I tend to procrastinate a lot, but this time… I take nearly 1 year ! Last year I decide to draw a mockup of a new possible UI for msec. Why ?

Actual MSEC issues

Present MSEC GUI UI in Mandriva 2010

Present MSEC GUI UI in Mandriva 2010

Presently I do think that msec have several issues. IMHO most of theses issues are due to the fact that the target of these tools are not clearly defined. Here are, IMHO, the current list of issues :

  1. The UI is too much technical and require too much reading
  2. Whereas the UI is technically informative most users, even some of the skilled ones, won’t be able to tel if something is wrong or not
  3. The security parameter tab presents directly some low level settings, and even worse with a two-level tab layout. When you end up doing tabs of tab … it means that something is wrong in your UI
  4. MSEC will show the raw security check logs : this requires high technicals skills to understand, and with so many informations, you may not know if something is wrong or not. On top of that the list of world writable files is displayed, and this could be very big : users homes directories should be filtered out except $HOME/public_html if mod_userdir is installed.

 

New MSEC application UI proposal

So I decide to define the public which will use the application, and what do they expect to see. So let’s define the application goal and target:

  1. The application will be seen by the end user who may not be necessarily technically skilled
  2. As reference I will use the Microsoft Windows Security Center
  3. The application will be used to notify the user about the global security state of his computer, and only to perform some basics configuration settings
  4. More advanced/complete configuration settings should be handled by the CLI or another UI
  5. The UI should give clear visual hints to the user if something wrong or not

 

The mockup

MSEC UI mockup

MSEC UI mockup from july 2010

The mockup was done using OpenOffice.org Draw. The UI is in french but I will explain everything.

The status bar

We are going to begin … from the bottom with the status bar. The status will quickly give 2 informations: if MSEC is enabled and the current security level.

The main panel

Now we are going to detailed each elements in the main panel. All elements are constructed on the same layout :

  1. Status icon: it allows to know if the component is enabled, but also if there are some issues detected. The status icon have 5 states :
    • Green: Component enabled and no errors/issues detected
    • Orange: Component enabled but some errors/issues where detected
    • Yellow: Component enabled but there are some warnings ( not critical issues or some advised features are disabled )
    • Red: Component is disabled but it is strongly recommended to activate the component
    • Grey: Component is disabled and not required
  2. Component icon: the icon allow to easily identify the component. Most of the time the icon will be the one used by the application allowing to configure the component. This way the user will quickly recognize it when looking for it in MCC or KDE system settings ( if the component is integrated and displayed there )
  3. Component name or description: allow to see the component name or description. Some additional informations may be eventually displayed
  4. Fold/Unfold icon: the icon allow to show more about the component and notably the basics actions that can be applied to the component. Most of the time these actions will allow to enable/disable the component, consult the log concerning the components. To show the logs for a component, we’d better use a standard icon to avoid putting unnecessary text.

Now let’s have a look at the details for each components.

Firewall settings

This component will allow to know if the firewall is enabled and if there are issues.

  • status icon : red and green are straightforwards. Orange will be used if scan ports or attacked have been detected and no actions have been taken by the user or a possible system policy ( block or allow/whitelist ). It means that mandi-ifw will have to communicate about its status. Yellow will be when the firewall is enabled but some features are not enable : all ports are opened, scan port detection feature not enabled, Interactive Firewall not enabled
  • component name/description: quick summary for the firewall, may show the number of firewall rules
  • component actions: enable/disable firewall, enable/disable Interactive firewall, enable/disable scan port detection, number of detected attacks, number of rules, show firewall logs

Security Updates

This component will deal with the security update.

  • status icon : green = automatic security updates enabled and system up to date, yellow = automatic security updates enabled but system not up to date, orange = no automatic security updates and last security updates date from more than 1 or 2 weeks old, red = no automatic security updates and no security updates since 1 month or  updates disabled ( no security updates media defined ). No grey state as for me security updates should always be enabled
  • component actions : enable/disable automatic security updates, enable/disable security updates ( updates medias are defined and enabled/disabled in urpmi.cfg ), number of pending security updates, last security update check/installation, show security updates log

System integrity

This component allow to check for the system integrity and its global safety by relying on the MSEC security checks.

  • status icons: green = security checks enabled and no issues detected, yellow = security checks enabled but some warning from some security checks ( CHECK_WRITABLE, CHECK_SUID_ROOT, CHECK_USER_FILES, CHECK_PERMS, CHECK_RPM_INTEGRITY ). Orange = security checks enabled but some critical issues have been detected ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ), red = security checks disabled and eventually some critical issues have been detected from last manual check ( CHECK_PASSWD and CHECK_SHADOW, CHECK_CHKROOTKIT, CHECK_SUID_MD5 ) , grey = security check disabled
  • component actions: enable/disable periodic checks, security checks frequencies, enable security checks when on battery, enable/disable email notifications, enable/disable user notifications

MSEC security policy

This component allow to configure some basics MSEC security policies. The mockup lack some of the actions that should be available in this part, they will be detailed below.

  • status icons : green = msec enabled, no issues. Yellow = msec enabled but not at boot, grey = msec is disabled.
  • component actions: enable/disable msec, enable/disable msec at startup/boot show msec logs, msec security level,

Contrary to what can be seen in the mockup, I decide to replace periodic checks with system integrity as for me this is more meaningful.

Conclusion

Here was my proposal for MSEC GUI. I guess that with the new trend in Mandriva, the tool should be written using Qt Quick/QML.

Last but not least, the user notification issue should be taken care too. Indeed presently the desktop notification will just notify that a security have been done, however the user don’t know if something is wrong or not. I guess that instead we should have notifications when one of the component is in red or orange state.

So finally after nearly 1 year I do decide to talk about this mockup : I do hope this will give some interesting ideas to some Mandriva dev or contributors 🙂

 

 

 

 

 

Upgrading from Mandriva 2010.1 to Mandriva 2011 TP/Cooker

With the migration of Mandriva from rpm 4.6 to rpm 5.x, upgrading from a previous Mandriva release is not straightforward. So here are some tips to have a smooth upgrade :

  1. Install the perl-URPM 3.37 package available in main/testing repository ( 32 bits link, 64 bits link )
  2. remove all your current media : urpmi.removemedia -a
  3. add cooker media : urpmi.addmedia --distrib --mirrorlist 'http://api.mandriva.com/mirrors/basic.cooker.$ARCH.list'
  4. upgrade your Mandriva installation : urpmi --auto-update

If you have issues and error message like Unable to open /usr/lib/rpm/rpmrc for reading then it means that perl-URPM have not been updated and the rpm database conversion is not complete. Indeed part of the conversion of the rpm database is handled by perl-URPM, so if the new version is not installed, then your database end up not being completly converted. So to do this, you will have to download the latest perl-URPM version in cooker repository, extract its content with rpm2cpio, and then initiate the conversion :

  1. download the perl-URPM 4 and urpmi packages in cooker main/release repository in /tmp/rpm5
  2. as root, go the previous directory : cd /tmp/rpm5
  3. extract perl-URPM content with rpm2cpio in the current /tmp/rpm5 directory : rpm2cpio perl-URPM-4*.rpm | cpio -idmv
  4. extract urpmi package content with rpm2cpio in the current /rpm/rpm5 directory : rpm2cpio urpmi*.rpm | cpio -idmv
  5. in the /tmp/rpm5 initiate the rpm database conversion : perl -I. -Murpm -e 'URPM::DB::convert("/", "btree", 1, 1)'
  6. now install the urpmi and perl-URPM package : rpm -Uvh *.rpm
  7. You can finish to upgrade your system : urpmi --auto-update

Normally you system should be updated to the latest cooker release. Happy testing !!! 🙂

Music tagging made easy with MusicBrainz

I must admit that I have a big collection of music files. Tagging correctly theses files take a long time, and the queue of files waiting to be tagged is becoming quite big. Whereas this was optional before, I do appreciate now to have the album covert art as it can be displayed when listening to my music on my Androïd based phone ( Acer Liquid Metal ). So I decide to look for a solution allowing to automatically tag my musics files, and if possible automatically recognize the song, and also fetch the album covert art. I found the solution while reading the latest Amarok 2.4 release note. Amarok is a very good music player developed for the KDE desktop under Linux, but which can be used in others D.E and Operating System : please feel free to visit the Amarok download page 🙂

In the Amarok 2.4 release, they added music tagging using MusicBrainz. Whereas i had already heard about MusicBrainz, I had never really check what MusicBrainz was offering as features. So I decide to take a look at the MusicBrainz Wikipedia page … What can I say ? MusicBrainz is just awesome especially thanks to the acoustic fingerprinting feature ( PUID ) which allow to recognized a song from its acoustic fingerprint : no need to worry about tags or  filename, just feed it with the music file, and it will detect the song and filled the tags. MusicBrainz allows also to retrieve the album covert art. Last but not least, MusicBrainz service is free and people can contribute their data to increase and improve the database !

Ensure about the fact that Amarok was using the acoustic fingerprint feature, I decide to consult the MusicBrainz enabled applications page. There were many Linux applications listed like Amarok, Audacious, Banshee. However the most interesting one was MusicBrainz Picard : a python based application, supported by MusicBrainz, cross-platform ( Windows, Mac, Linux ), supporting acoustic fingerprint recognition and of course … free.

MusicBrainz Picard application screenshot

Installing MusicBrainz Picard under Linux Mandriva is very easy using urpmi : urpmi picard. To start the application, you just need to launch the picard binary, or use the entry menu in Sound & Video -> More -> MusicBrainz Picard. Here are some advices to a smooth experience :

  • Enable covert art retrieval support, by activating  the corresponding plugin in Options -> Options -> Plugins.
  • Enable automatic scan in Options -> Options -> Generals ->[ ] Automatically analyze new files.
  • Display by default the album covert art in the right lower part of the main window in View -> Covert art.

Now you just need to add a file or a directory, and Picard will scan. On the right pane, you will have the estimated album names ( Picard view is album oriented ). When clicking on the album name, you will see the list of songs for the albums, and your files will appeared with a green or orange rectangle at the front. Double-click on the song ( or right click -> Details ) to display its properties, the album covert art ( if found ). You have the possibility if you want to edit the metadata. To save the change, select the song or the album, and then do right click -> Save or CTRL+S.

Happy tagging !

PLUS »

Some Mandriva 2010 Spring Reviews

Here are some Mandriva 2010 Spring reviews I found on the web thanks to http://www.tuxmachines.org/ :

Fixing computer freeze when using Intel chipset with dual view

Today I was willing to configure 2 laptop running Mandriva 2010 to do presentations during a meeting. So I was willing to use clone output. Unfortunately, doing so will result in an instant system freeze. Even worst, if the projector is plugged before powering on the laptop, the kernel will crash at boot ! Both laptop were using Intel chipsets ( Dell Latitude E6500, Asus A6VA ). The only solution is to disable KMS support. For this you need to generate an initrd without the i915 module ( use –builtin=i915 ), and then to eventually add in modprobe.conf : options i915 modeset=0. Once done, reboot the computer. Whereas you will not have KMS support, at least you will have dual ouput in clone mode support with no fear on freezing the kernel …

Mandriva: Nine Priorities for Mandriva Incoming CEO

As everybody^wnobody know, Hervé YAHI is no longer the CEO of Mandriva. So I decide to rip off an article from The VAR Guy to issue an open letter to the Mandriva direction. So here are 9 priorities for the new Mandriva staff :

  1. A New Community: Sure, Mandriva has a strong open source community. And ??? will should work to strengthen that community, especially when seeing the clashes between Mandriva and its community. Still the new staff needs to strengthen a different type of community — a Mandriva business ecosystem that includes hardware and software partners, service providers, channel partners and OEMs (original equipment manufacturers).
  2. Strengthen the Server Story: To date, Mandriva is known mostly as a desktop and mobile operating system, with relatively strong market share in the netbook market. But Mandriva recently launched its Mandriva Enterprise Server 5 and Pulse 2. Meanwhile, ???? offers some support of MES — as do upstarts like ??? and ???.
    But Mandriva needs more server partners… And whenever a noteworthy customer embraces Mandriva Enterprise Server, Mandriva needs to get the word out.
  3. Show CloudCluster/Grid Success or Mobile success: Mandriva has been working closely with grid partners like INRIA and BSC. XtreemOS 2 is available since November. As XtreemOS seems to be a very good Grid solution, maybe the CERN could use XtreemOS instead of Scientific Linux ! Let us see if a research lab is using some Mandriva products …But Mandriva needs to show some tangible examples of Grid/Mobile success. Who’s running MES/XtreemOS/InstantOn/Pulse and how are the deployments performing? Many people will be listening for answers.
  4. Recruit Application Providers: (…) Mandriva Enterprise Server needs more ISV (independent software vendor) support. Is Mandriva Software Partner Manager ???? has been working on the ISV effort ? But real progress will require folks like Oracle, IBM/Lotus, Bull, HP, NEC, and other traditional application providers to fully embrace Mandriva.
  5. Strengthen OEM Relationships: To Mandriva’s credit, ????. HP, Lenovo and other major PC makers haven’t shown much interest in Mandriva. Can a new staff change that? Hmmm…
  6. Compete and Cooperate with Google, Intel: When Google started talking about Chrome OS in greater detail, Mandriva reveals InstantOn. Sweet. At the same time, Mandriva is working on Moblin v2. Impressive.Somehow, Mandriva must both compete and cooperate as Google, Intel and other technology giants size up their own Linux strategies.
  7. Disclose Customer Wins: Which businesses are running Mandriva and which organizations are paying Mandriva/Edge-IT for support? Mandriva needs to brag more about customer victories as they happen.
  8. Related Services: Mandriva is building a range of services and dedicated products to generate more revenue : InstantOn, Pulse 2, Mini, and Edutice. But Mandriva has to stay aggressive with Mini/Pulse 2/InstantOne/Edutice communications and messaging.
  9. Mandriva Partner Program: Is Mandriva working with training centers — such as CESI and SUPINFO — to get more IT managers and resellers up to speed on Mandriva ? We want to hear from solutions providers that are building profitable Mandriva business practices…

No doubt, new staff will have a lot of work. Although it’s difficult to track Mandriva’s financial performance, buzz about Mandriva — particularly on desktop — is slowly growing.

The original articles but concerning new ubuntu CEO is available on the VAR Guy website : Ubuntu: Nine Priorities for Canonical’s Incoming CEO

The point on some Mandriva community projects

There are many communities based Mandriva derivatives, but few of them are known. So here is a ( not comprehensive ) list of some Mandriva based derivatives or projects :

  • One 64 community : 64bits edition of the Mandriva One LiveCD. A KDE edition and GNOME one are available for download.
  • LXDE LiveCD : The german community is releasing a Mandriva based LXDE LiveCD. It can be used also from an USB
    stick.
  • One XFCE 2010 Live : XFCELive is a XFCE Mandriva-based LiveCD created and maintained by the Mandriva community
  • Skiper’s Xfce 2010 : A fork of the XFCELive Mandriva project. This fork aims at integrating more testing features and
    offering extra customizations with the idea of improving the visual appearance of the environment.
  • MUD Netbook-Edition : a Mandriva based Netbook tailored edition. This edition from the Mandriba german community, based on
    the Mandriva One GNOME edition, features the Ubuntu Netbook UI. This edition can be used as a LiveCD or dumped on an USB key.
  • MUD (MandrivaUser.De) : As you can see, the Mandriva german community ( MUD ) is providing many projects based on the
    Mandriva distribution. They are also providing backported packages for older releases. To add their repositories, you can use SmartUrpmi.
  • Mandriva Community Moblin : A Mandriva-based Moblin edition aiming at improving Moblin integration in Mandriva. Some non-official sources are saying that a futur official Moblin LiveCD may be released by Mandriva. As usual, everything is secret in Mandriva offices : so we will see. Please consult the Changelog to know the pending issues or fixed bugs and enhancements.
  • MIB (Mandriva Italian Backports) : This project from the Mandriva  community provided backported packages for new and older Mandriva releases. Some packages, not even available in Mandriva official repositories, are also available. They do provide some repositories for those willing to install their RPMS.
  • MIB Live KDE 2010.0 : The MIB community is also providing a 64bits version of the Mandriva One KDE : it’s a LiveDVD with packages from Mandriva, PLF and MIB.
  • Mandrivausers Romanian Backports : Another project from the Mandriva romanian community which provide backports and packages for older Mandriva releases.

As you can see there’s many communities project around Mandriva products. Don’t hesitate to test them, review them, and speak about them. It would have been interesting to have a page listing all of theses projects on the Mandriva wiki. A community section or category would have been interesting and useful 🙂

Experimental Mandriva Moblin LiveCD

Thomas Lottmann is providing experimental Mandriva-based Moblin LiveCD images. Theses images are provided in order to help testing Mandriva Moblin implementation.

The announce has been done on the Cooker ML. Please note this is a Mandriva community initative. A tracker bug is available on Mandriva bugzilla for thoses willing to track and report bugs during their testings.

Here some links :

happy testing !

Warning to Mandriva cooker NIS users

Today I’ve upgrade my workstation at work to latest Cooker packages. While doing this, the ypbind package have been upgraded to ypbind-1.29.91-1mdv2010.1. Unfortunately this breaks most of my network application. Indeed applications like curl, wget, firefox, epiphany, gftp where all broken. Impossible to install application with urpmi. Even id, the command allowing to retrieve the GID and UID informations for a user was broken. So it seems that for people using NIS authentication, they should avoid installing ypbind-1.29.91-1mdv2010.1 package.A bug report have been opened at Mandriva bugzilla : mdv bug #56029.

For those unfortunate guys, here is the method to fix their systems :

  1. As SSH is working, they can connect to another working/unaffacted computer with SSH.
  2. On this second computer, they should download the ypbind-1.20.5 package from Mandriva 2010.0 repositories
  3. By using scp, they will be able to retrieve back the package on the affected computer
  4. Then they will be able to install the package like this : [bash light= »1″]rpm -Uvh –force ypbind-1.20.5-2mdv2010.0.i586.rpm[/bash]
  5. To avoid further ypbind update, they should add ypbind to /etc/urpmi/skip.list until the issue is fixed : [bash light= »1″]echo "ypbind" >> /etc/urpmi/skip.list[/bash]

First on Distrowatch for the last 7 days

I couldn’t resist once I learn it on Facebook after a wall post by Blino : Mandriva is ranked at first position on Distrowatch for the last 7 days. This is awesome !

So congratulation to all the Mandriva team and community for this Mandriva 2010 release. Mandriva did a great job on this release, and I’m really happy by the job done by Mandriva on the Mandriva 2010 Visual Tour : they did do the screenshot, and more important, provide videos to introduce the features of Mandriva. Great job !

For those willing to see the different videos, here they are :

Catégories

My Tweets