Zaf’s Blog

My 10 year old has been watching Cartoon Network on SkyTV all morning, and I’ve had the, um, priviledge of watching it on and off with him. This has unfortunately lead me to realize, I’m an old fart.

I confess! I don’t know what these cartoons are! I can’t follow them! They don’t make sense! What happened to Duck Tales, The Flintsones, The Jetsons, and all those other cartoons from my childhood!? I had a glimmer of hope when Teenage Mutant Ninja Turtles came on, but this one is set in 2150, and doesn’t make any sense at all. All the characters have the same names, but they look, sound, and act different. Its like I’ve woken up in an alternate dimension!

What I did notice however is the difference modern computer based animation has made to the cartoons. They lack a certain depth, a style, and movement that the older cartoons have. They also seem to be very heavily influenced by the Japanese style cartoons. I’m not sure if this is because they are targeted at this market, or if because this style is the preferred style by the youth of today.

I certainly miss Duck Tales, but I am reassured my 10 year old that it is still on, he just doesn’t know when, but he’s seen those old cartoons somewhere.

I just recently installed the FreeNX server on my Ubuntu linux system, and I’ve documented the very brief set up that was required. Fortunately the work is minimal, as compiling from source is complicated and poorly documented elsewhere.

(more…)

So I’ve been playing with FreeNX, which is a free version of NoMachine’s NX server. NoMachine’s NX Server is like VNC, RDP, and X11 all rolled into one. Essentially I can run an application on my home PC from anywhere in the world (just like VNC/Remote desktop, yes), but the bandwidth requirements are supposedly a lot lower. It also integrates into Linux a bit better than some distributions manage with VNC.

I’ve been trying it out tonight, and made a few observations.

• Its not as low bandwidth as we’d like to believe. Yes you can use it on Dialup, yes it is faster than RDP or VNC on dialup, but no, its not really usable on dialup unless you’ve just taken a downer.
• Security (at least of FreeNX) is interesting, I’ll note about it below.
• You can run it in two modes, traditional desktop mode where you get a whole desktop, (just like VNC), or in application mode where you run a single application, and the application displays on the client PC just like a native local program. This is the most promising mode for me, as you can obviously deploy linux applications to a Windows desktop, and the user wouldn’t even realise its a Linux app (except that of course, when you go to open/save a document, its on the remote server filesystem).
• There is no server process per se, nothing runs in the background. The clients use SSH to start the nxserver process which then starts their session.

Security

The protocol is implemented over SSH, this is, in my opinion, good. It means the encryption side of things is should be good. The problem is they distribute a fixed known private/public key with the setup. This means that a man-in-the-middle attack can see the initial part of the protocol exchange. This may not be too bad a thing, because the nxserver application then initiates a second SSH session, this time logging in as the desired user.

Now here is where I’m hoping they haven’t screwed up. I’m hoping the nxserver application running on the server sets up a tunnel between the client and the server, and lets the client initiate the SSH session to the server. If this is how its implemented, a man-in-the-middle can’t actually affect the VNC/X11/RDP session directly. However they may still be able to affect the control protocol. In order to figure out how dangerous this is, I’ll have to look carefully through the source.

Of course, if they have screwed up, the entire protocol is very vulnerable to man-in-the-middle. Fortunately from what I’ve established so far, this isn’t the case.

Installing

In my next post, I’ll have my instructions on setting up FreeNX on Ubuntu Feisty.

Well, I had a rather interesting experience recently. This wordpress install was compromised due to a security bug in the previous version I was using. This was the latest version that comes out with Ubuntu, but because this version comes from the Universe repository, the Ubuntu security team refused to release a patch to fix the bug, and the Ubuntu Wordpress maintainer obviously wasn’t interested in releasing a new version.

So to all you Ubuntu users out there, be aware, Universe can and probably DOES contain remote exploitable software that can lead to root compromises.

I have upgraded this system to the latest from Wordpress, and reminded myself to subscribe to the announcement list in hopes of getting info about possible new security problems. If it gets compromised again, I’ll have to uninstall it completely and find something else.

Addendum: Please note that the failure here was in me in not checking on each and every piece of software available for Ubuntu, and the Ubuntu Wordpress maintainer for showing indifference to a known in-the-wild remote exploit for the software. I don’t blame Wordpress for the compromise, because as a software developer, its difficult to write secure software (note: difficult, not impossible).