nubae's Habari | Linux and Education

The idea of collaboration as implemented by Sugar Labs in the XOs is something truly fascinating. The direction is definitely to incorporate desktop wide collaboration in all future operating systems. I read a recent article in Wired that actually spoke about the future direction of Microsoft windows being this type of unified integration in their OS. They have started on this, but it probably won't show for a good number of years. On linux we have it a lot of it now! and its improving all the time. The service responsible for this is called Telepathy, and is at the heart of not only Sugar, but Gnome and Kde now too. Because of this standardization of a xmpp communication protocol across the entire desktop, instead of having to build a new comms protocol every time for every application, it is making it very easy for application developers to add collaborative functionality to their apps.

This is done through tubes. Tubes are a way for the server to offer a socket to a messenger contact, the remote contact accepts the socket and they can begin to write/read data on it. the big advantage is that with tubes, even if the connections are NATed on both sides, the apps can still share data.

What follows is an experiment in setting up a collaborative environment under Gnome. A lot of the collaborative stuff is really quite alpha/beta still, so this is just an exercise in setting it up for research purposes.

First up we have the telepathy layer and common apps that run with it. We will be installing Empathy for chat, video, audio and sending files. This fairly newcomer is quickly becoming the de facto standard chat client due to its wide support for other protocols and deep integration of telepathy into itself and the desktop, as well as tube support. It will most likely replace pidgin as the standard chat client in Ubuntu starting with Jaunty. Here's a screenshot with a variety of plugins installed and a custom theme:

I have been running it for a good week now, and it seems very stable, albeit requires installation from the Telepathy PPA to give it the latest features.

Add the the telepathy intrepid ibex PPA and install empathy:

sudo echo "deb http://ppa.launchpad.net/telepathy/ubuntu intrepid main" | tee -a /etc/apt/sources.list /dev/null
sudo echo "deb-src http://ppa.launchpad.net/telepathy/ubuntu intrepid main" | tee -a /etc/apt/sources.list /dev/null
sudo apt-get update
sudo apt-get install empathy telepathy-idle

If you had pidgin before, empathy will automatically import all your accounts into it upon first start up. You can then remove it afterward as there is no point in having 2 apps that do the same thing. If you plan to use facebook messaging, you'll have to patch haze.manager and add a facebook-im profile. Also note I did this already having the facebook plugin installed for pidgin, so ymmv:

wget https://bugs.freedesktop.org/attachment.cgi?id=20810
mv attachment.cgi?id=20810 ~/.local/share/telepathy/managers/haze.manager
wget https://bugs.freedesktop.org/attachment.cgi?id=20811
mv attachment.cgi?id=20811 ~/.local/share/mission-control/profiles/facebookim-haze.profile

One thing that is currently sort of missing from empathy is file transfer, which is only possible over Salut. The good thing is, that making a Salut connection is incredibly simple, and requires no server as it works directly over avahi. This is the same protocol used by Ichat.

The really interesting stuff, though, happens when you set up an ejabberd server which allows for collaboration to happen across a variety of applications in a variety of ways. To set up ejabberd, take a look at a previous article I wrote, and follow the ejabberd parts:

http://www.nubae.com/sugar-on-ltsp-ubuntu-intrepid-ibex

Once ejabberd is setup, you can add accounts to be used on your local network via the web interface by browsing to: localhost:5280 and clicking on users to add them. You can then use those details to connect to a jabber server via empathy. Other plugins for empathy are being worked on and include things like sharing webpages to contacts and sharing contact details from calendars. The future looks bright, but there are already some applications that work well with telepathy and collaboration in various forms.

Inkscape is a vector based imaging application that allows for collaboration via its messageboard facility. It's easy to install:

sudo apt-get install inkscape

It is currently a way to send files to and from other jabber apps, as well as chatting, but it will certainly grow to incorporate other collaborative functions. Here's a screenshot of it in action:

The other big app to do collaboration is Abiword, and it allows multiple users to edit a document in real time, each writing their little bit and collaboratively changing areas. The collaboration for Abi Word is done either through the standard ejabberd manner, or via a direct tcp connection. This works not only across computers and networks, but across operating systems too! You can collaborate with windows users just as easily as with Linux users and apple users. Install it:

sudo apt-get install abiword

Here is a screenshot:

A well known app amongst developers, Gobby allows for users to create sessions and then join them, and work on documents together. It is highly useful for hackfests and gatherings, and is used by the Ubuntu devs when they are at such gatherings. It can show a list of documents, users, and then the ability to work on those. Right now, Gobby is avahi based, with plans to support xmpp/empathy in the future.

sudo apt-get install gobby

To get an idea of where this is all going, I looked at a couple of other apps, which are not quite finished yet, but certainly give food for thought. One was Jokosher, which intends to allow collaboration through audio, allowing instruments across the network, voice over ip interviews, and all of this streaming in real time.

The Rythmbox music program has many advanced features, one of which is showing the status in your im according to the music playing. It also allows for sharing of music across the network, with password protection if needed.

Finally there are various games like tictactube and gtetrinet which create tubes to share sessions between each other, and I imagine this trend will multiply across gnome games, allowing for collaborative gaming experiences.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

WebDAV is software to allow collaboration between users to manage files through an easy drag and drop interface, and works across windows, mac and linux. It is intended for web servers, and includes rudimentary version control and file locking for groups. This is how to get it working with the Apache webserver on ubuntu linux.

First make sure apache, php and its modules are installed:

sudo apt-get update
sudo apt-get install apache2 php5 libapache2-mod-php5
cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/dav* .

Next we need to set up a DAVLockDB file for file locking when multiple users are sharing the folders. This is a very important step, as you'll wind up with Internal Server Errors if you try to use WebDAV without it.

sudo mkdir /usr/share/apache2/var
sudo touch /usr/share/apache2/var/DAVLock
sudo chown -R www-data.www-data /usr/share/apache2/var

Next we need to setup some form of authentication for the users. WebDAV can be a security risk for this reason, so its important to use something strong. In this case, SHA passwords using .htpasswd should suffice:

sudo htpasswd -s -c /etc/apache2/.htpasswd 

Other usernames can be added afterward by using the same command but without the -c flag (create file) as a file is already there. Next we create the webdav directory, which can be called anything, in this case we'll call it shared:

sudo mkdir /var/www/shared
sudo chown www-data.www-data /var/www/shared

The final step is adding the directives to Apache so it knows what to do with the shared WebDAV folder. Edit the file httpd.conf:

sudo nano /etc/apache2/httpd.conf

and paste the following into it:

## Location of the DavLock file
DavLockDB /usr/share/apache2/var/DavLock
       
## Set up the shared directory to use WebDAV and authentication

       	Dav On
        AuthName "WebDAV shared Login"
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
	## Limit access for enhanced security
\
        require valid-user

        Order allow,deny
        Allow from all

Now restart apache and you will have webdav enabled by doing:

sudo /etc/init.d/apache2 restart

You can download a webdav client for firefox here: http://webfolder.mozdev.org/installation.html

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

One of the items Moodle is working on for its 2.0 release is the inclusion of a portfolio which contains all the data for a specific user. A personal area, if you will, including course progress, files, user information, important dates and other similar items. Other software already does this in quite an effective way, and one of these pieces of software, Mahara, developed in New Zealand, the land of Moodle, is the one I chose to look at and install. From the reviews I saw, and reading briefly through its documentation it seems to integrate perfectly into moodle with single sign on galore. These are the steps I took to install it on my Ubuntu Intrepid Box, though the instructions should be similar for other distros.

This assumes you have Moodle already installed, for which I have instructions in an earlier thread.

To begin with, download the latest Mahara release. The Intrepid repositories have version 1.0.4, while at the time of writing the latest sources are 1.06, and are likely to evolve pretty fast so I suggest downloading from the mahara.org website.

First create the Mahara Database from the command line:

mysql -u root -p
[enter password]
create database mahara;
grant all on mahara.* to 'username'@'localhost' identified by 'password';

Obviously change username and password for something else. Untar and unzip the downloaded file, and then move it to the web directory:

tar -xjvf mahara-1.0.6.tar.bz2
sudo mv -f mahara-1.0.6 /var/www/mahara

Then you need to make an extra directory outside the web directory (we will use the same system moodle uses and put that in /var/lib/) for storing files and edit config.php to contain the right connection details (make sure you replace password with your password, and localhost with your domain:

sudo mkdir /var/lib/mahara
sudo chmod 777 /var/lib/mahara
sudo cp /var/www/mahara/htdocs/config-dist-php /var/www/mahara/htdocs/config.php
sudo sed -ie 's/postgres8/mysql5/' /var/www/mahara/htdocs/config.php
sudo sed -ie "35 s/''/'mahara'/" /var/www/mahara/htdocs/config.php
sudo sed -ie "36 s/''/'mahara'/" /var/www/mahara/htdocs/config.php
sudo sed -ie "37 s/''/'password'/" /var/www/mahara/htdocs/config.php
sudo sed -ie 's/'http:\/\/myhost.com/mahara/http:\/\/localhost\/mahara/' /var/www/mahara/htdocs/config.php
sudo sed -ie 's/\/path\/to\/uploaddir/\/var\/lib\/mahara/' /var/www/mahara/htdocs/config.php

Next add a crontab for mahara:

crontab -e

and add the following line:

* * * * * www-data php /path/to/mahara/htdocs/lib/cron.php

You should now be able to navigate to your mahara installation at http://localhost/mahara and login with admin and password mahara.

Now its time to link the networking between mahara and moodle. First login to both mahara and moodle with the admin user. For both mahara and moodle, choose networking and turn it to On. Then we go to Mahara's Single Sign on Option, located under manage institutions. Edit the default if you will only be serving one moodle install. Switch XMLRPC to on for shared authentication and edit the institution name. When u switch on XMLRPC and press add you'll get a pop up window, where you have to make sure "They SSO in", "Update user info on login", and "we autocreate users" have the tickboxes ticked. Also point wwwroot to your moodle installation (mine is at http://localhost/moodle)

Finally we go back into our Moodle installation and from the Site Administration menu, choose
Networking >> Peers, and add a new host, in my case I chose http://localhost/mahara/htdocs. Pressing add should bring up a page with the sitename and public key. You can edit the site name to reflect whatever feels right and then press save changes to continue. Next click on the services tab on the same page. Under SSO identity provider choose Publish, and under SSO service provider choose subscribe. In the Site Administration panel, click on Users and choose Authentication from the menu. Choose manage authentication and enable the Moodle Network Authentication plugin.

The final step is to give your users the permission to roam to other sites in the Moodle Roles system. Choose Users >> Permissions >> Define Roles from the Site. Edit the "authenticated user" role and allow roaming for remote moodle sites.

To turn on Mahara access in moodle, with Admin editting turned on, choose a Network Servers Block, and the Mahara site should just appear.

That's it, you now have single sign on access between moodle and mahara, so users can just login to Moodle and from there get their mahara portfolio. Far more items are shared between users, it just a matter of experimenting to see what's available and possible.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

Making ssh less exploitable from internet brute force break in attempts is something relatively important and straight forward under ubuntu. The way LTSP works right now, makes the ssh handling available to the outside world if you dont block access to port 22 from the wan interface entirely. This is potentially unsafe if your users have weak passwords, because there is potential for anyone on the internet to gain user-level access by brute-force attack. The solution, which is somewhat controversial, as many say you should be making the passwords strong enough so you don't need this, is to create 2 instances of ssh, one serving the internal ip on port 2222 and one serving the wan interface on port 22. If you only have one interface, then both ssh sessions would serve the same interface, but one would serve port 22, and the other 2222. This is how to set this up:

sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh
sudo cp /etc/default/ssh /etc/default/ltsp-ssh
sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config
sudo cp -a /var/run/sshd /var/run/ltsp-ssh
sudo sed -ie 's/Port 22/Port 2222/' /etc/ltsp/ltsp-sshd_config

Note that these are the filenames in a Debian-based system. Other systems may vary. Also you are free to use a different port than 2222, it is just used here as an example. If you are using 2 interfaces also do:

sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' /etc/ltsp/ltsp-sshd_config

Here change 192.168.0.1 as needed.

sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' /etc/ssh/sshd_config

Change 10.0.0.42 with the address of your wan facing interface.

You will also need to change the .pid of the new ssh instance:

sudo echo "PidFile /var/run/ltsp-sshd.pid" | tee -a /etc/ltsp/ltsp-sshd_config /dev/null
sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\"-f \/etc\/ltsp\/ltsp-sshd_config\"/' /etc/default/ltsp-ssh
sudo sed -ie 's/AllowUsers/AllowUsers *@192.168.0.0\/24/' /etc/ltsp/ltsp-sshd_config

Finally we harden the outward facing wan interface by doing the following:

sudo sed -ie 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -ie 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -ie 's/AllowUsers/AllowUsers sysadmin nubae/' /etc/ssh/sshd_config

Changing your most trusted sudoing users for sysadmin and nubae in the above example.

To make the second ssh instance default to start also do:

sudo update-rc.d ltsp-ssh defaults

A final note is that the safest approach over all would be to put a firewall and port blocker on a totally different machine and only allow ssh access to one account on that computer, from which one could then access the internal network. But if you just have one server, hopefully this gives you peace of mind.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5