smashedbug.com, tech music and geek news

Yesterday I thought I’d try out the latest K12LTSP. For those who do not know, LTSP is the Linux Terminal Service Project and K12LTSP builds upon this with a target toward education and schools (though can be applicable to many other installations as well).

So what is LTSP? To put it simply, it is a thin-client, fat-server configuration. In its basic form, you load up a server that has all of the software, user accounts, and data. Client systems boot over the network and the software runs from the server. This type of a setup has several advantages:

• Since client systems do not run software, they can be low-end boxes (ie Pentium 200Mhz machines) and still run the latest and greatest applications.
• The client systems do NOT need an internal hard drive or other drives (cdrom, floppy, etc..). Many corporate policies pull hard drives from obsolete machines — these systems can make great, cheap LTSP clients!
• All administrative work is centralized on the server. Adding user accounts, program updates, etc are instantly available on all systems.
• Depending on workload, one server can easily handle 40 or more concurrent users.

To test the system, I used one of my older systems as the server:

AMD Athlon 1.33Ghz, 512MB RAM, 8.3GB HD, CD-ROM

Very basic by todays standards but adaquate for my test network. So I downloaded the install CDs (4 disks total) and booted from the CD and started the K12 LTSP 4.2 install. Nothing too eventful — very standard installation — I used all of the defaults. In about 40 minutes the installation was complete.

On reboot, the server started up and asked me to create an under-privleged standard user account which I did and then I logged in. The default interface was Gnome and the system was outfitted with a wide variety of applications including Firefox, OpenOffice.org, Gaim, Thunderbird, Evolution (PIM), Blender (3d animation/modeling), The Gimp (photo editing), a huge list of education titles (25 total), games (20 total) as well as other tools, editors and so forth. All around, pretty good. I was particularly impressed with the free education titles available.

So the server install went smoothly and I was able to login on the server, but this is LTSP and so I wanted to give it a try from my “thin clients”. On my local network, I have four other computers — my FreeBSD server, a W2K 2.2Ghz and a WinXP laptop. All of these systems surprisingly had network boot capabilities built in (no need to create a boot disk). So I enabled the network boot on these systems and restarted them.

When restarted, the network boot PXE came up and detected the LTSP server. It started loading up and within 30 seconds, I was sitting at the login screen. Success! Each system came up within a minute of each other and just like that, I had converted my entire local network to an LTSP network.

So how does it perform? With only 3 clients, the performance is exceptional. I am sitting at one of the computers as I type this and it is performing as if I was sitting at the server. Given that the resources of the server are shared among multiple clients, it highly depends on the resource load (cpu usage, ram usage, network usage) that will ultimately determine the overal user experience.

I decided to check out some usage numbers. At this time, I have three thin clients running and logged into the server as well as the server logged in as the root user.

Thin Client #1 (where I am typing this) is running..
- XMMS playing MP3’s from the server (streaming)
- 3 instances of Firefox w/12 tabs total
- Gaim (AOL Instant Messenger) client
- File manager
- Mahjongg
- OpenOffice.org Writer (two documents) and OpenOffice.org Math
- gedit (text editor)

Thin Client #2 and #3 are running..
- 2 instances of Firefox
- OpenOffice.org Writer
- Gaim Instant Messenger

Server is running..
- Firefox
- System Monitor
- Few terminal sessions

So how does it look? The server’s CPU usage is averaging around 12% utilization, 289MB of memory is being consumed (108MB of swap) out of the 512MB RAM (1024 swap). Network usage is around 20MB/minute (for reference, a 100Mbps connection sustains around 8-9MB/sec) — a significant portion of this network usage is due to the audio stream. Without the audio playing, the network usage drops significantly to around 3MB/minute.

If significant multimedia content is needed (the largest bandwidth hogs), it is possible to setup LTSP to run those applications on the client instead of the server. With systems in the 400-600Mhz range becoming common obsolete equipment for most companies, these could adaquately handle running music/video content on the client side.

Pros –

• Central administration. Update the server and everyone is instantly up-to-date. All data is stored centrally.
• Flexible. Default is a thin client/fat server setup, but it is possible to push apps out to the clients that may require additional resources.
• Efficient. All of the major processing power is located at the server. As a result, with a server upgrade, all clients benefit. Clients do not have to be updated and obsolete systems by todays standards could still be very usable 5+ years from now.
• Low cost for additional clients. Adding additional computers is easy — 1. Get a used/obsolete desktop. 2. Setup and boot off network. Yup.. no step three. No need for additional software licenses, no need to install software on the system, no need to configure the system on the network, none of that — plus, instead of paying $750+ for a computer, you can get a donated machine or perhaps a used system with monitor for under $100 — it doesn’t matter.. they all work the same (since the software runs off the server).
• Stable. It runs on Linux and has a track record of being very stable and reliable.

Cons –

• Multimedia Content. While it can do multimedia content either local or remote, it is a bit more difficult to setup than a fat client. Do-able? Sure. Easy.. well atleast from what I have read online, not particularly.
• Single Point of Failure. If the server dies, all the clients go down with it. Even when the server reboots, the clients will black-screen. Is this a major problem? Depends. If you need to minimize this risk, it is possible to setup an LTSP Cluster. I have not setup this type of a system so I am unsure of the limitations.

Microsoft has announced it is going to release a new major version of Internet Explorer for Windows XP. The new version, Internet Explorer 7.0, is planned to be released July or August of this year. The browser was original announced to be released only with the updated Windows (as it is an integrated part of the operating system.. hah.) but I’m guessing pressures from another browser has caused Microsoft to divert from that plan.

Whats interesting is Internet Explorer 7.0 is ONLY available (at time of release) for Windows XP SP 2 .. They are not going to release for non-SP2 XP users, Windows 2000 users, Windows 98 users or Windows NT 4 users. Nice.

So lets compare mainstream browsers this summer…

Quite interesting. Hopefully web developers take a really close look at this list. Seems that Firefox and the open standards it supports is the way to go for the defacto web development standard.

The entire Windows security thing absolutely blows my mind. It seems like no matter how absurd it gets, just wait a few weeks and yet another announcement comes out that tops it.

Well last week after the super-critical-everything-MS-has-a-serious-security-vulnerability notice by Microsoft, there were two additional announcements:

Symantec Norton Anti-Virus runs Virus Code.
Microsoft’s new Anti-Spyware program is easily disabled by Spyware.

According to ZDNet, Symantec’s anti-virus scanning engine has an issue that makes it run viruses that are distributed in a certain fashion. Just thinking about that makes me laugh. To top it off, the corporate edition of Symantec’s anti-virus products are _NOT_ automatically updated via LiveUpdate to correct this issue. Apparently Symantec wants corporations to call their tech line and give them info then they send out an email that has an FTP site where someone can download the update than manually apply it to their corporate desktops. So much for utilizing Live Update to fix the issue.

Microsoft’s Anti-Spyware program, not even out of beta, already has its first umm.. security issue. According to this article, the Troj/BankAsh-A Trojan will disable the anti-spyware program. Just great. So with your anti-virus automatically running viruses and your anti-spyware being disabled by malicious code, don’t you just feel all warm and fuzzy inside?

I suppose for people running Windows, its all about having fun. Fun for the guys exploiting gapping holes in the Windows structure, fun for the Microsoft developers to make patches, fun for guys like me to go in and patch these systems and fun for MS’s marketing department to come up with innovative ways to make these horrendous security issues palateable and “not as bad as Linux” and other MS competition.

hehe.. I guess I’ll just keep deploying FreeBSD.. just for some insight, here are some current numbers for the BSD machines:

System 1 — Do everything server — Uptime: 119 days (reason: power outage)
System 2 — Do everything server — Uptime: 120 days (reason: system upgrade (new hard drive))
System 3 — Mail Server Gateway — Uptime: 75 days (reason: original install)

And some numbers for the Windows servers I keep an eye on:

System 1 — File/Print server — Uptime: 5 days (reason: major security issue patched/reboot)
System 2 — Active Directory master server — Uptime: 4 days (reason: major security issue patch/reboot)
System 3 — Active Directory backup server — Uptime: 4 days (reason: major security issue patch/reboot)

See the difference? Windows makes work and requires downtime because of it. FreeBSD serves and does its job well and only requires downtime when factors outside the OS impact it (power outages, hardware upgrades, etc..). FreeBSD is so boring and predictable like that.

Back on October 12th, I wrote about 10 security issues Microsoft released bulletins about.. At the time, the depth and severity of the issues were pretty big for the “super gulp” that MS customers had to swallow getting their networks up-to-snuff..

Anyways, MS today outdid themself .. instead of just 10, they released 12 advisories covering a staggering 17 security flaws in their umm.. quality, trustworthy software.

So just for the fun of it .. lets list out what these issues involve……

• MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175) - Impacts everything, include XP SP 2 (Their super-duper security update) — crappiness in Internet Explorer…
• MS05-002 Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711) - Impacts everything except WinXP SP2..
• MS05-003 Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
• MS05-004 ASP.NET Path Validation Vulnerability (887219) - This update resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. - Hmmm.. great.. got an ASP.NET based site? hope you don’t mind it being owned by a script kiddy .. starting.. now.
• MS05-005 Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352) - Remote code execution in an office suite? Are these guys serious????
• MS05-006 Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) — *yawn* .. another network product, another critical issue..
• MS05-007 Vulnerability in Windows Could Allow Information Disclosure (888302) — yippie.
• MS05-008 Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
• MS05-009 Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
• MS05-010 Vulnerability in the License Logging Service Could Allow Code Execution (885834)
• MS05-011 Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) - An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
• MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) — If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS05-014 Cumulative Security Update for Internet Explorer (867282) — If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS05-015 Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) — If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

It amazes me.. simply amazes me. Much of the above security issues impact WinXP SP2 .. remember.. SP2 was developed well after the entire “Trustworth Computing” initative, the “security is #1 priority” memo, yada yada.. Heck, these issues even impact Windows 2003 Server which the Redmond-ians claimed was the first full OS built under the entire trustworthy computing, security focused Microsoft… blech.

I honestly don’t see how ANYONE in IT could trust Microsoft with anything .. honestly. They tout all these marketing gimmicks, but at the end of the day, the ASP.NET platform which they tout to be the best thing for website development (read: ecommerce sites processing millions in product daily) is, as of tonight, vulnerable to an exploit that allows a remote attacker to bypass any type of security on the system. Thats scary. Thats REALLY scary that something like that can happen.

Anyways .. have fun patching your Windows boxes and heres to hoping it doesn’t bork any critical components to your infrastructure.

Trolltech’s QT API has gone dual-license on the Microsoft Windows platform.

For those of you who do not know, Trolltech QT is an application development framework. Basically it provides a rich set of fundamental tools that application developers can utilize when programming. A framework such as QT has a huge advantage over native frameworks included with operating systems as it provides cross platform compatibility. As a result, an application developed in the QT framework can be easily ported to Unix, Linux, Mac OS X, Windows and embedded platforms with minimal code rewrite.

Whats interesting is up until todays announcement, QT was not available under the GPL (open source) license on Windows. As a result, many applications that were developed with QT on Linux and other platforms could not be easily ported to Windows due to the unavailability of a GPL licensed QT for Windows. This includes a huge list of software including the KDE desktop environment, KOffice productivity suite, KMail (award winning mail client), Juk (playlist based music player), Konqueror (web browser), Quanta Plus (web/programming editor), Kate (KDE Advance Text Editor), etc.

Given the GPL nature of these applications, it is a very real possibility that many of these applications will be ported over to Windows. In addition to this, the primary reason for not using QT for open source development (no GPL-licensed version for Windows) is no longer an issue. As a result, it is a very real possibility that Trolltech with this move will be the preferred development platform for a huge range of open source applications. This may even include ports of existing popular applications (Firefox, OpenOffice.org, etc..) to the QT framework to benefit from the accelerated development that the QT toolkit provides.

It will definitely be interesting to see how this change in licensing will impact FOSS. At first there will be more open source software available for Windows including perhaps some of the best open source software that simply has not been able to be ported to Windows previously due to the QT licensing. This may lead to more people using this software due to the ability to use the same software and versions across platforms. Perhaps this will ultimately lead to the underlying operating system being less and less relevant to most people as more and more applications are available cross platform.