X11 forwarding (AKA X Forwarding) is a slow but manageable way to run a program remotely, accessing a remote systems disk, memory, CPU, and filesystem, but sending all user interactions and display over the internet to be shown on your computer. X forwarding allows my to run visual diagnostic tools like kdirstat, or even pull up my home photo management program (fspot) without needing to install a local copy, or connect to the remote disk and deal with those complexities.

Typical X Forwarding Use Case

Let's image for a moment you just want to browse the remote filesystem with dolphin.

Step 1 - ssh server01 -XYC The XYC flags will enable X forwarding, compress the communication, and enables "trusted" X Forwarding.

Step 2 - Run your program, for example kdirstat / This command will run kdirstat using the memory, cpu, etc of server01, but the display will be shown, and interact with the mouse and keyboard of the client.

Multiple hop X Forwarding

Unfortunately it's not as easy to chain X11 forwarding as it is to chain normal SSH connections. The workaround is to use SSH tunneling. The general strategy is to create an SSH tunnel which you can open a second SSH connection with.

Using these commands in two terminal windows (the first one will just be a normal SSH connection to server01 that you will need to leave open) will open kdirstat / using the CPU, memory, etc of server02, on the display of the original client, as desired.

Despite Dell's own statements about the quality and security of Linux (Ubuntu in particular), it seems that they have now dropped Ubuntu support from their website. As of now, Dell is no longer selling Ubuntu based machines from their website.

I'm continually astounded by the fact that more people don't use Linux. Economics should dictate that when people want Ubuntu, and it sells well, they increase their offering. The problem with Operating System economics is that there is a huge fear of changing operating systems, making lock-in much worse than with normal market economics. The other piece is that Microsoft has an established monopoly. In order to use the software someone wants, that software has to be built for one or more operating systems. Most people can't switch to a better, higher quality, lower cost solution because their software is built for a specific list of operating systems (GoToMeeting, Adobe Products). This lock-in hurts consumers, and prevents better options from being a choice.

This problem has been alleviated somewhat by web-based software, but the problem continues to this day. This is why it's so saddening that Ubuntu is giving up their Ubuntu offering.

There are a lot of ways to connect various Linux or Windows machines. Linux has great support for the windows remote desktop protocol (RDP) with rdesktop, but if you have second (or third) screen that can be seen at the same time as your main screen, you should try out x2vnc.

What is X2VNC

X2VNC is a software tool readily available for linux that creates a mapping between a VNC server (on any system type) and an X screen in linux.

Example X2VNC Setup

I have a two screen setup on Kubuntu. I also have a TV screen above and to the left of my two monitors. x2vnc allows me to map the VNC server running on the TV as a third screen on my main system. The first step was to install a vnc server on the computer connected to my TV. The second step was to run x2vnc -west yt:5900, which creates the screen mapping.

It was allegedly announced that a new photo management tool called Shotwell will be replacing F-Spot in future Ubuntu releases. Whether or not this is true remains to be seen, as the only evidence I have found comes from a slashdot article which refers to various tech blogs.

If it is the case that Shotwell is taking over for F-Spot as the photo management tool, I'm extremely disappointed. I just installed Shotwell to try it out on my computer and was shocked by what I found. After opening Shotwell, I discovered that in traditional Gnome fashion, there are NO OPTIONS, which means you can't configure how the import works, or where you store your collection.

The inability to do any configuration is a huge deal for me because although I store my photos in ~/Pictures, I currently manage them with F-Spot. This means that after I tried out an import with Shotwell, my F-Spot folders were being filled with unmanaged (by F-Spot) pictures. Fortunately Shotwell makes copies of images, rather than moving them, so I was able simply to trash all of the photos in Shotwell to restore my computer to the earlier state. Because there are no configuration options, there is absolutely no way for me to try out Shotwell, or to properly migrate my collection from what I have presently.

The other problem with Shotwell is that it seems very far from complete. To add tags, you have to right click or use the menu to manually "Add Tags" which then allows you to manually type each of the tags you want associated with a photo or a set of photos. This type of interface is clunky and takes users away from the ease of use and visual capabilities that F-Spot has.

Shotwell Recommendation

Perhaps things will get better in the future, but for now, stay very far away from Shotwell, or install it in a virtual machine.

According to Brian Lunduke, the statistics for game purchase conversions from his experience breaks down as follows: windows users are converted at about 1 in 1000, and Linux users are converted at around 1 in 50. There is also the concept that in order for Linux to become a mainstream desktop operating system, it needs commercial development support. Companies need to be able to make money with Linux in order for them to make any sort of investment in it, and for the game development industry, this is especially true.

There is now an opportunity to make a purchase that support 5 independent games that run on Linux. The Humble Indie Bundle is an offering where you get to decide how much you want to pay (anywhere from $0.01 to hundreds of dollars). They also offer you the opportunity to mix your contribution in any way you want between the developers and the two quality charities. They have a nice musical video explaining the process that is a very unique commercial for this type of game bundle. I chose to spend $35.00 and I chose for all of the money to go to the developers. Although the charities I could have selected, including Childs Play and the EFF, are definitely worthwhile (The EFF in particular from my perspective), the key missing piece in the Linux landscape is Development Company buy-in, so I decided to support the developers above the charities.

In the package:

1. World of Goo - World of Goo is offered as a .deb or a .rpm. Installing the deb doesn't connect the application to any of the standard menu, but it installs 32bit and 64bit executables in /opt/WorldOfGoo/.
2. Aquaria - Offering a 32bit binary executable (aquaria-lnx-humble-bundle.mojo.run: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.8, stripped)
3. Gish - 32 and 64bit binaries packaged directly a inside a tar.
4. Lugaru[HD] - 32 bit binary executable. Works under 64 bit Ubuntu. Installed to the location of your choice.
5. Penubra Overture - A .sh file with an embedded binary blob. Uses Nixstaller and asks where you would like the installation. For me the installer crashed at 1/2, but starting the game still worked.

F-Spot ends up storing its database and configuration in two separate places on your system:

1. ~/.config/f-spot/
2. ~/.gconf/apps/f-spot

It seems that both of these are necessary if you don't want to regenerate your database, or reset your configurations.

I gave my talk to the Penguins Unbound group this weekend. Things went well, people asked some good questions, and there was a little bit of information for everyone.

Download the powerpoint from my presentation

One of the most critical uses of computers in modern society is as a portal onto the world wide web and the internet. This is an area that is well supported under Linux, and Linux is seeing some of the latest cutting edge technologies immediately as they become available. I am going to cover what browsers are available on Linux, how to try them out, some of the differences between them, and what is coming in the near future.

I'm giving a talk about Browsers on Linux at Penguins Unbound on March 27th from 10:00AM - 12:00PM. Come and check it out!

While Ubuntu updates usually work relatively well, maintaining settings, configurations, and upgrading packages to new versions. This is nice, but sometimes it's better to just install the new system from scratch. This is always a tough decision because a balance needs to be struck between migrating files from the old system to the new one, and leaving things behind that you don't need or want anymore.

Deciding when to start fresh with a new distribution

In general, if you are happy with what you have, DON'T START FRESH! The only time you want to start fresh is when you have had your computer for a while and you are beginning to suspect things are getting a little bit dusty or more clogged than they should be. For me this meant that I had gone through 4 Ubuntu release upgrades, but I had also been dangerous and tried out some of the betas and alphas, which probably left a few files and configurations in places that I didn't even know about. For me this also meant that my grub install had never been upgraded, and my /etc/ folder was filled with settings and configurations from programs I hadn't used in years. These things don't typically have a huge impact, but to me having as few files on my computer as possible, and as few legacy configurations as possible is a cleanliness and reliability goal.

Another reason for me to upgrade was to get new applications and features that wouldn't be deployed with normal upgrades. The main 3 features that come to mind for me were an EXT4 filesystem, GRUB 2, and starting fresh with my audio stack. I could have migrated and upgraded these things manually (the filesystem would have been a huge pain, and potentially corrupted my whole system in the process), but with the number of unknown factors in these, it was easier to begin again from scratch.

Before you start with a new distribution

Before you start, the most important thing is to make backups. Without backups your data is extremely likely to be lost. If you don't have good quality backups, your only hope when you data and applications and settings go missing is to give up and forget anything you lost.

I recommend you make a backup of your entire /home/ folder, as well as your /etc/ folder. You might not use either of these folders again, but they are extremely useful if you do need to restore an earlier system, or if you just want to copy or reference an earlier version. For example, my /etc/ backup came in handy about 2 months after upgrading recently; I needed to reference my /etc/X11/xorg.conf file to determine the proper setup for metamodes on my computer.

This is probably a good time to make a separate /home/ partition. Putting this folder on an entirely separate partition gives you the ease of upgrading, installing new distros, and trying things out in general. While changes to your operating system can completely break your install, there is almost nothing you can do to break your /home/ folder. Keep in mind one notable exception, which is if you have compositing enabled in your KDE settings in your home folder, you may not be able to boot into your desktop environment if you boot into an OS that doesn't support compositing. I recommend you disable compositing before doing any upgrades or reinstalls.

If you have spare disk space on another drive, you could rsync your entire root filesystem to a safe location. Most files are in /home/ or /etc/ that you would want to migrate, but occasionally there are files and programs that will store files in other places. Two examples of this are gitosis, which by default keeps its files in /opt, and any databases, which are likely to be stored in /var/db/.

Picking a distro

If you have a distro that you like, I wouldn't recommend starting from scratch while trying a new distro. New distributions are best learned in a virtual machine, or in a separate partition, where you still have something to fall back to.

Save your files

Here is a list of files you should consider transferring when you are moving to a new or updated distribution. One of the things I recommend is not transferring your home folder. At least for me, my home folder tends to get filled with configuration files from programs I ran months or years ago, as well as numerous files that should be sorted elsewhere. The strategy that worked for me was to have a separate home folder that I kept as a backup, and then copied files from as I discovered I needed them. If you have copies of the items below, that should cover some of your basic needs, but everyone uses their computers differently, so making sure you have a way to recover your files can be very important.

• Browser Config
  This includes ~/.config/chromium/ or ~/mozilla/firefox/ depending on your browser of choice. The reason to keep this is that I believe there is value in saving your bookmarks (if you don't have online sync), as well as history and passwords. These are things not trivial to recreate in a new environment.
• File System Tab
  This for me meant reading my old /etc/fstab file, and adding any entries that were missing from my new system. You don't want to just copy the old file because some of the entries may have different options or preferences chosen differently from your old distribution to your new one.
• F-Spot (Or photo management)
  For F-spot, these files are located in ~/.config/f-spot/. This is important if you want to keep your database and organization associated with your images, especially if you don't store your tags in the files themselves (which I highly recommend)
• Git Global Configuration
  Git stores several global configurations (such as your username and email address) when you set them up. It may be easier not to migrate the git configuration files, but simply keep track of what you had set in the old system, and remember to set these when you begin using Git in your new system. This item most likely only applies to developers.
• Wine Environments
  These are stored in ~/.wine/, or if you use PlayOnLinux, they are stored in ~/.PlayOnLinux/. I highly recommend migrating these because they tend to be a lot of work to set up.
• Virtual Machines
  Virtual machines have similar logic to Wine Environments in that you typically have them set up exactly as you need them, and they are non-trivial to rebuild to the same state.

                                                                                                                                            
[warning] /usr/bin/vuze: Unable to locate swt in /usr/share/java
file:/usr/lib/jni/ ; file:/usr/lib/java/ ; file:/usr/share/java/Azureus2.jar ; file:/usr/share/java/log4j-1.2-1.2.15.jar ; file:/usr/share/java/commons-cli-1.2.jar ; file:/super/workspace/
java.lang.reflect.InvocationTargetException                                                                                                                                                 
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at org.gudy.azureus2.ui.common.Main.directLaunch(Main.java:229)                                                                                                                     
        at org.gudy.azureus2.ui.common.Main.main(Main.java:132)                                                                                                                             
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at com.aelitis.azureus.launcher.MainExecutor$1.run(MainExecutor.java:37)                                                                                                            
        at java.lang.Thread.run(Thread.java:636)                                                                                                                                            
Caused by: java.lang.NoClassDefFoundError: org/eclipse/swt/widgets/Shell                                                                                                                    
        at org.gudy.azureus2.ui.swt.mainwindow.Initializer.(Initializer.java:111)                                                                                                     
        at org.gudy.azureus2.ui.swt.Main.(Main.java:88)                                                                                                                               
        at org.gudy.azureus2.ui.swt.Main.main(Main.java:255)                                                                                                                                
        ... 12 more                                                                                                                                                                         
Caused by: java.lang.ClassNotFoundException: org.eclipse.swt.widgets.Shell                                                                                                                  
        at java.net.URLClassLoader$1.run(URLClassLoader.java:217)                                                                                                                           
        at java.security.AccessController.doPrivileged(Native Method)                                                                                                                       
        at java.net.URLClassLoader.findClass(URLClassLoader.java:205)                                                                                                                       
        at java.lang.ClassLoader.loadClass(ClassLoader.java:321)                                                                                                                            
        at com.aelitis.azureus.launcher.classloading.PrimaryClassloader.loadClass(PrimaryClassloader.java:103)                                                                              
        at java.lang.ClassLoader.loadClass(ClassLoader.java:266)                                                                                                                            
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:334)                                                                                                                    
        ... 15 more                                                                                                                                                                         
Start fails:                                                                                                                                                                                
com.aelitis.azureus.core.AzureusCoreException: Azureus core already instantiated                                                                                                            
        at com.aelitis.azureus.core.impl.AzureusCoreImpl.create(AzureusCoreImpl.java:120)                                                                                                   
        at com.aelitis.azureus.core.AzureusCoreFactory.create(AzureusCoreFactory.java:46)                                                                                                   
        at org.gudy.azureus2.ui.common.Main.main(Main.java:160)                                                                                                                             
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                                      
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)                                                                                                    
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                                            
        at java.lang.reflect.Method.invoke(Method.java:616)                                                                                                                                 
        at com.aelitis.azureus.launcher.MainExecutor$1.run(MainExecutor.java:37)                                                                                                            
        at java.lang.Thread.run(Thread.java:636)                                                                                                                                            

Fixing this issue with vuze and swt

It turns out that the temporary solution was to make a link to the correct placement of the swt.jar file. For me this meant running the following:

With this change, Azureus is able to find the swt jar, and is able to launch successfully. This will hopefully get overwritten when the package maintainers fix the issue and solve the problem in a more long-term manner.

Hardening a linux system is something easy to do, and can have a lot of additional security benefits for the paranoid, and for those who might be targets. There are a lot of guides to hardening different parts of the system. I'm going to review the steps I took recently in order to harden one of my desktop computers.

Understand what is open

Before you can harden anything, you need to understand how exposed your currently are. There are a few ways of doing this, and I recommend you try at least a couple. The first way is to use nmap to scan your IP address. You will need to do this from another computer, preferably in your local network. This scan will provide information about all of the ports your computer responded on. The second way I recommend you understand what your system is exposed to is to run the command netsat -atuv. This command will return a list of listening and active connections your computer has.

Review the open ports list

This step will require some knowledge of your system and of networking. Each port typically serves a standardized purpose. This means that you will need port 22 open, for example, if you want to allow incoming ssh connections. You will need port 25 open if you want to run a mail server. You will need port 80 or 443 open if you want to run a web server. Unless you want no remote access on your machine (a valid assumption for some people), you will need to be careful what you disable.

In my default install ports list, I have ssh, smtp, mdns, bootpc, and port 37319 open. You can tell a port is open from netstat, as it will look as follows:

In this output, the "*:ssh" means that SSH is listening on all network addresses, and that any computer that can connect to mine can open a connection with SSH. THe "localhost:ipp" means that my CUPS printer setup is NOT listening on any address, and that only programs local to my machine can open connections. Localhost servers are generally safe and won't expose your machine to malicious remote users, unless they break your user authentication, or already have a local user.

Secure smtp or Postfix (port 25)

Postfix by default listens to your network and trusts mail reporting that it is coming from your local network. This typically isn't needed, and you can secure postfix to only listen to the local machine for additional security. Open the file /etc/postfix/main.cf find a line containing "inet_interfaces = all", and change it to "inet_interfaces = localhost". You then restart postfix with sudo postfix stop and sudo postfix start. You should check netstat -atuv again to ensure this worked.

Secure mdns (port 5353)

After researching mdns briefly, it seems this is something I wish to keep. This allows computers on the local network to find other computers using friendly names. This means that your computer will auto resolve when using "hostname", rather than always having to rely on your router, or needing to use the IP directly. This is useful to me, and worth the security risk to leave open.

Secure bootpc (port 68)

Bootpc is a part of the standard DHCP system. How DHCP works is that you send out a multicast UDP packet to the network requesting information from any available server. This means that you must also have a process listening for responses. This is a standard part of linux networking. You could remove your DHCP capabilities, but the boopc listener shouldn't be a security risk.

Remember to use a firewall

One of the important things to remember is that you should always use a separate firewall between yourself and the internet, and only use port forwarding for the things you absolutely need to be able to forward. I recommend only forwarding SSH, as you can use SSH to tunnel any other sorts of traffic. I also recommend running SSH on a nonstandard port, as this will reduce the amount of "doorknocking" your computer receives. These security steps are primarily designed to protect you if someone else has gained access to your network, or if there is another compromised machine somewhere behind your firewall.

As modern web development methodologies continue to improve and optimize our workflows, one of the workflows that has risen to the top is a development deployment model using git.

Making it Secure

Before you do any of these steps, make sure you add the following to your .htaccess, and that URL Rewriting is working in your apache setup.

Without doing this, anyone will have read-access to all of your code, and your entire source history.

Use git

This guide assumes a lot of knowledge about source control, management, and is not a guide to git. This guide assumes you can figure those parts out, but that you want to know more about one specific workflow that works very well in my opinion.

The main idea behind this workflow is that you will have a central repository, a development version of the software, and a published version of the software.

Convert something else to git

If you want to keep any history, the first step is going to be to convert the source control history to git. If you are using cvs, you will need to convert to SVN, and then to git. If you use SVN, simply use git to do a git svn clone of the repository somewhere on your local system. From there I recommend you move the .git folder to the remote production server, and make a copy in the development folder. If you go into each of these folders and type git status, you will see any differences that have not yet been committed to the repository, but you will be ready to make and receive changes.

Now that you are setup, time to develop

From there, things are relatively simple. Simply make any changes you want in your development environment. When you are finished with your changes, and they have been tested to your satisfaction, commit the changes, and push them to the repository. You can then enter your production server, and pull the changes from the repository. You can also simply pull directly from the development server, but organizations I have worked with tend to like a 3rd copy of the source, somewhere separated from the hosting environment.

If you want to, you can make emergency or urgent changes directly on the production, following any existing workflow you have for ensuring something is not broken. When these changes are complete to your satisfaction, simply commit and push them, and do a pull from the development environment.
comments | permalink

I recently installed copies of AutoPano Pro and AutoPano Giga, which are some great panorama stitching programs that I would highly recommend, as they work on Linux, Mac, and Windows. After installing these programs, there was a horrible font problem that made all of the text in the application illegible.

The solution I believe was to install qt4-config, run qtconfig, change the font size up to 9, and then back down to the default of 8. When you launch the program again, all of the fonts and text should be fixed and legible. Have fun using this awesome program!

In March I'm going to be giving a talk on Browsers in Linux, with a lot of specific examples and demos from Ubuntu. Hopefully this talk will cover some of the basic things for beginners who need to know things like "What are the options", and "how to install new browsers in ubuntu", as well as advanced options detailing some of the more unique and advanced features of the available browsers, as well how to get started with development for browsers.

This talk will be at the Penguins Unbound Linux users group in Falcon Heights, Minnesota on the last Saturday of the month. I will post additional details and documents closer tot he date.

In a default Kubuntu install, Dolphin is a great file manager. It typically works with many different file types seamlessly. One of the things it doesn't seem to handle out of the box is previews/thumbnails for video files.

How to install video thumbnails

The first step is to install the mplayer thumbnails package. My research indicates that this has been in the standard repos since Jaunty.

This will change dolphin so that that when you click on a video, it will be previewed in the preview panel. To make thumbnails show up in the icon view, you need to do a little more configuration. Go into Settings->Configure Dolphin. Click on the "General" section from the list of sections on the left, select the "Previews" tab, and check the box next to "Video Files (MPlayerThumbs)".

That's it, enjoy your video thumbnails in dolphin on KDE

A few weeks ago I installed the Ubuntu Lucid Lynx second alpha. Typically Ubuntu alphas and betas have quite a few bugs, and I have been burned in the past by upgrading Ubuntu versions prematurely. This time I decided to try it out a little early by installing it in a separate partition where I had cleaned up some space and taken it back from my ntfs partition.

Lucid Lynx - Ubuntu Alpha 2

So far, Lucid Lynx has been extremely stable. For the entire release cycles of Jaunty and Karmic, as well as alpha 1 of Lucid Lynx, the Live CD wouldn't work on my system. It wouldn't boot at all, regardless of using the alternative installer, or the live CD with a plethora of boot flags attempted. Lucid Lynx went so far as to work in my system without the Kernel flag acpi=off which I have needed for my entire life with Ubuntu.

The installer was nice, easy to use, and although my Nvidia drivers weren't installed properly by the Jockey (KDE) GUI, they were very easy to install with sudo apt-get install nvidia-current

In addition to this, Kubuntu installed ALSA without PulseAudio by default, which in the past hasn't worked with my microphone, but this install seemed to fix everything I have been fighting with for the past few years. Once again we will see how long it lasts, and I had almost gotten used to the per-application controls of pavucontrol. Who knows, maybe I will install PulseAudio a year from now and everything will just work with ALSA + PulseAudio in perfect harmony. I'm not holding my breath.

KDE 4.4

A couple of the features I was waiting for with KDE have finally landed. The first which I wanted, but I had no idea why I wanted it is a feature that is most easily described as "Windows 7 Snap". This means that I can drag windows to the left or right edges of my screens, and they will "snap" into place at 100% height and 50% width. You can also drag windows to the top of the screen and they will maximize. This hurts my workflow a little bit in that it isn't instant to drag and drop maximized windows between monitors, but I believe I will get used to it. This also works for multiple monitors, which is surprising because as of a week ago (before I ran some package updates) wasn't working for the middle bar between the monitors.

Another improvement that I wasn't expecting is that they remade (or finished) the Add Widget menu. Now when you add a widget, whether to the desktop or a panel, a very nice bar pops out that is easily navigable, and uses drag-and-drop for placement.

The final thing I didn't expect was that moving files and deleting files is much smoother. In Karmic and before, when I deleted a set of files in Dolphin (or sent them to the trash), they would remain on the screen for a few moments while KDE worked in the background. Now these types of processes are instant, as they should be. The notifications for file transfers and activities have also been much improved. Now the useful data is presented first, with the option to expand the notification to show the rest of the information. Biggest of all about the notifications, they actually seem accurate now.

Hopefully I will be able to write more about any new features of KDE I discover as I continue this dangerous journey through the Ubuntu 10.04 alphas.

Internet Explorer usage continues to decline, losing somewhere between a tenth of a percent and half a percent each month to better browsers such as Firefox and Chrome. My prediction is that this is going to slow and eventually come to a stop. The problem is that there is a solid percent of internet users that have no idea what a brower is, and don't want to know, and will probably never learn. This block of users will never be persuaded by functionality or speed or new features.

In response to this inevitability, I propose people that write about or involve themselves in the Linux, or even in the general power user populous, stop supporting all versions of Internet Explorer immediately. I will admit that my website still has around 20-30% usage of Internet Explorer, but I am coming more and more to the opinion that those who continue to use it, probably wouldn't understand anything I'm writing about. This leads me to believe that this traffic ends up being people that are confused, as well as web spyders disguising themselves as a normal user, artificially inflating the numbers for IE.

Benefits of abandoning IE

By abandoning IE, it makes web development and testing easier. Development can focus on the standard DOM, and on leveraging some of the more advanced functionality of the web, such as new request types, as well as little things like rounded corners, or every-other CSS selectors.

Abandoning IE as a web developer or publisher is going to send a message to Microsoft and indirectly to uninformed users about their computing choices. When a percentage of the websites a person visits in a day stop working, they are going to ask why. If the answer is that their browser is broken (which it truly is), they will be much more likely to make a switch. The message it sends to Microsoft is that shipping a broken browser that is out of touch with the modern internet is going to hurt their users. This would also tell them that if they want to ship a working browser (which is what Apple and the open source community had to do in the past), they are going to have to adopt the features and usability of the other browsers, which in this case would be primarily based on standards and extensibility.

Problems with abandoning IE

By abandoning IE, you may make your website unusable for users that don't know, or can't upgrade (some corporate offices still require everyone to run IE6). This could also decrease your traffic. There is also a chance that Microsoft will just ignore any sites that do this, which is a definite probability based on their past behavior.

Summary and Philosophy

In theory by abandoning IE you will be able to focus on innovating for your best users, rather than hacking and making workarounds for your worst.

Installing the latest Firefox 3.6 release in Ubuntu is easy. You have to get the packages from Mozilla rather than Ubuntu, as Ubuntu is much more cautious with their release cycle, and with the rate they import packages into their system. This is a step you will only have to do once, and then you will have access to all of Mozilla's releases designed for ubuntu. Simply type the following commands to install Firefox 3.6:

The step to remove existing firefox installations may or may not be necessary for you. On the machine I tried it on, I had to remove "firefox" before the new required packages for firefox-3.6 would install properly. Don't worry, as installing/uninstalling software should never affect your user preferences.

What's awesome in Firefox 3.6?

One of the best things about Firefox 3.6 is their new concept of "personas". Rather than a full theme, personas are more similar to a desktop background. This means the persona is going to affect the color and images used in the browser, but not much else. The best thing about personas is that they can be previewed live in the browser simply by hovering over each of the themes, and apparently there are already 30,000 themes, most of which are pretty cool looking. Check out getpersonas.com to browse the entire catalog.

The second most interesting thing is that Mozilla has continued improving the speed of the browser overall, and apparently it's 20% faster than Firefox 3.5, which is great for a browser that most people love, but has been receiving a lot of flak for being slower than Chrome.

One of the built-in pieces of security in many linux machines is a piece of software called denyhosts. This piece of software works with the SSH daemon to catalog the types of requests and failures come in. If it detects an IP trying to connect to the computer that has exceeded certain thresholds, it adds it tot he /etc/hosts.deny file, which immediately bans an IP from connecting with ssh.

In the default settings in Ubuntu, valid users are only allowed 10 failed valid-username attempts over a period of 5 days, or 5 failed invalid-usernames over the same period.. This may seem like plenty, but occasionally when travelling you will repeatedly use the wrong password or the wrong username, you can get your entire IP blocked. At this point you have to use another machine (or another IP) to connect to the server to fix the problem.

How to unban yourself in DenyHosts

The easiest way to temporarily unban yourself is to delete the entry containing your IP in /etc/hosts.deny. This will work for a few seconds, before DenyHosts regenerates the file. It should be enough to connect and fix the issue from your main host. You will also want to do this in combination with the next step.

How to fix the problem permanently

In my opinion, the problem with DenyHosts in a default Ubuntu install is that successful connections don't reset any of the failure counts. This means that if you attempt to connect each day, and fail twice, and succeed on the third attempt, by the 3rd day of this, you could be banned from your own server.

The fix involves editing your /etc/denyhosts.conf. Open this file as root in your preferred editor, and locate the configuration option RESET_ON_SUCCESS and make the line read as follows:

After making this change, and restarting denyhosts with /etc/init.d/denyhosts restart, you will want to unban your IP, and connect again successfully so that your fail counts are reset. Hopefully from there, you won't be banned by your own innocent login failures.

The browser wars are ongoing, but there is a clear leader on Linux at this time. This winner is Chromium. Chromium is the open source base that Chrome is built from, but it doesn't have any of the proprietary parts or unknown data reporting built into Chrome.

Chromium includes a super-fast webkit rendering engine, their own v8 javascript engine, and process-separated tabs. Chromium also includes support for HTML5 tags, including the video tag, supporting both Ogg Theora/Vorbis, as well as the controversial .h264 / mp4.

How to install Chromium on Ubuntu

The easiest way to install it is to add the PPA to your repositories. You can follow the instructions on the PPA directly, or follow the instructions below, assuming you are running Karmic or later.

How to Get Started

Either run chromium-browser directly, or choose it from your menu. Chromium supports extensions, as well as bookmark sync that uses your existing google account. Find these things in the preferences menu, which can be opened by clicking on the wrench icon in the upper right hand corner.

Youtube HTML5 Videos

Until youtube offers full support for HTML5 rather than Flash for videos, you can install the following extensions which swaps out the page components for you: YouTube HTML5-ifier which is in development by Mark Renouf and myself.