nubae's Habari | Linux and Education

The idea of collaboration as implemented by Sugar Labs in the XOs is something truly fascinating. The direction is definitely to incorporate desktop wide collaboration in all future operating systems. I read a recent article in Wired that actually spoke about the future direction of Microsoft windows being this type of unified integration in their OS. They have started on this, but it probably won't show for a good number of years. On linux we have it a lot of it now! and its improving all the time. The service responsible for this is called Telepathy, and is at the heart of not only Sugar, but Gnome and Kde now too. Because of this standardization of a xmpp communication protocol across the entire desktop, instead of having to build a new comms protocol every time for every application, it is making it very easy for application developers to add collaborative functionality to their apps.

This is done through tubes. Tubes are a way for the server to offer a socket to a messenger contact, the remote contact accepts the socket and they can begin to write/read data on it. the big advantage is that with tubes, even if the connections are NATed on both sides, the apps can still share data.

What follows is an experiment in setting up a collaborative environment under Gnome. A lot of the collaborative stuff is really quite alpha/beta still, so this is just an exercise in setting it up for research purposes.

First up we have the telepathy layer and common apps that run with it. We will be installing Empathy for chat, video, audio and sending files. This fairly newcomer is quickly becoming the de facto standard chat client due to its wide support for other protocols and deep integration of telepathy into itself and the desktop, as well as tube support. It will most likely replace pidgin as the standard chat client in Ubuntu starting with Jaunty. Here's a screenshot with a variety of plugins installed and a custom theme:

I have been running it for a good week now, and it seems very stable, albeit requires installation from the Telepathy PPA to give it the latest features.

Add the the telepathy intrepid ibex PPA and install empathy:

sudo echo "deb http://ppa.launchpad.net/telepathy/ubuntu intrepid main" | tee -a /etc/apt/sources.list /dev/null
sudo echo "deb-src http://ppa.launchpad.net/telepathy/ubuntu intrepid main" | tee -a /etc/apt/sources.list /dev/null
sudo apt-get update
sudo apt-get install empathy telepathy-idle

If you had pidgin before, empathy will automatically import all your accounts into it upon first start up. You can then remove it afterward as there is no point in having 2 apps that do the same thing. If you plan to use facebook messaging, you'll have to patch haze.manager and add a facebook-im profile. Also note I did this already having the facebook plugin installed for pidgin, so ymmv:

wget https://bugs.freedesktop.org/attachment.cgi?id=20810
mv attachment.cgi?id=20810 ~/.local/share/telepathy/managers/haze.manager
wget https://bugs.freedesktop.org/attachment.cgi?id=20811
mv attachment.cgi?id=20811 ~/.local/share/mission-control/profiles/facebookim-haze.profile

One thing that is currently sort of missing from empathy is file transfer, which is only possible over Salut. The good thing is, that making a Salut connection is incredibly simple, and requires no server as it works directly over avahi. This is the same protocol used by Ichat.

The really interesting stuff, though, happens when you set up an ejabberd server which allows for collaboration to happen across a variety of applications in a variety of ways. To set up ejabberd, take a look at a previous article I wrote, and follow the ejabberd parts:

http://www.nubae.com/sugar-on-ltsp-ubuntu-intrepid-ibex

Once ejabberd is setup, you can add accounts to be used on your local network via the web interface by browsing to: localhost:5280 and clicking on users to add them. You can then use those details to connect to a jabber server via empathy. Other plugins for empathy are being worked on and include things like sharing webpages to contacts and sharing contact details from calendars. The future looks bright, but there are already some applications that work well with telepathy and collaboration in various forms.

Inkscape is a vector based imaging application that allows for collaboration via its messageboard facility. It's easy to install:

sudo apt-get install inkscape

It is currently a way to send files to and from other jabber apps, as well as chatting, but it will certainly grow to incorporate other collaborative functions. Here's a screenshot of it in action:

The other big app to do collaboration is Abiword, and it allows multiple users to edit a document in real time, each writing their little bit and collaboratively changing areas. The collaboration for Abi Word is done either through the standard ejabberd manner, or via a direct tcp connection. This works not only across computers and networks, but across operating systems too! You can collaborate with windows users just as easily as with Linux users and apple users. Install it:

sudo apt-get install abiword

Here is a screenshot:

A well known app amongst developers, Gobby allows for users to create sessions and then join them, and work on documents together. It is highly useful for hackfests and gatherings, and is used by the Ubuntu devs when they are at such gatherings. It can show a list of documents, users, and then the ability to work on those. Right now, Gobby is avahi based, with plans to support xmpp/empathy in the future.

sudo apt-get install gobby

To get an idea of where this is all going, I looked at a couple of other apps, which are not quite finished yet, but certainly give food for thought. One was Jokosher, which intends to allow collaboration through audio, allowing instruments across the network, voice over ip interviews, and all of this streaming in real time.

The Rythmbox music program has many advanced features, one of which is showing the status in your im according to the music playing. It also allows for sharing of music across the network, with password protection if needed.

Finally there are various games like tictactube and gtetrinet which create tubes to share sessions between each other, and I imagine this trend will multiply across gnome games, allowing for collaborative gaming experiences.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

WebDAV is software to allow collaboration between users to manage files through an easy drag and drop interface, and works across windows, mac and linux. It is intended for web servers, and includes rudimentary version control and file locking for groups. This is how to get it working with the Apache webserver on ubuntu linux.

First make sure apache, php and its modules are installed:

sudo apt-get update
sudo apt-get install apache2 php5 libapache2-mod-php5
cd /etc/apache2/mods-enabled
sudo ln -s ../mods-available/dav* .

Next we need to set up a DAVLockDB file for file locking when multiple users are sharing the folders. This is a very important step, as you'll wind up with Internal Server Errors if you try to use WebDAV without it.

sudo mkdir /usr/share/apache2/var
sudo touch /usr/share/apache2/var/DAVLock
sudo chown -R www-data.www-data /usr/share/apache2/var

Next we need to setup some form of authentication for the users. WebDAV can be a security risk for this reason, so its important to use something strong. In this case, SHA passwords using .htpasswd should suffice:

sudo htpasswd -s -c /etc/apache2/.htpasswd 

Other usernames can be added afterward by using the same command but without the -c flag (create file) as a file is already there. Next we create the webdav directory, which can be called anything, in this case we'll call it shared:

sudo mkdir /var/www/shared
sudo chown www-data.www-data /var/www/shared

The final step is adding the directives to Apache so it knows what to do with the shared WebDAV folder. Edit the file httpd.conf:

sudo nano /etc/apache2/httpd.conf

and paste the following into it:

## Location of the DavLock file
DavLockDB /usr/share/apache2/var/DavLock
       
## Set up the shared directory to use WebDAV and authentication

       	Dav On
        AuthName "WebDAV shared Login"
        AuthType Basic
        AuthUserFile /etc/apache2/.htpasswd
	## Limit access for enhanced security
\
        require valid-user

        Order allow,deny
        Allow from all

Now restart apache and you will have webdav enabled by doing:

sudo /etc/init.d/apache2 restart

You can download a webdav client for firefox here: http://webfolder.mozdev.org/installation.html

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

Making ssh less exploitable from internet brute force break in attempts is something relatively important and straight forward under ubuntu. The way LTSP works right now, makes the ssh handling available to the outside world if you dont block access to port 22 from the wan interface entirely. This is potentially unsafe if your users have weak passwords, because there is potential for anyone on the internet to gain user-level access by brute-force attack. The solution, which is somewhat controversial, as many say you should be making the passwords strong enough so you don't need this, is to create 2 instances of ssh, one serving the internal ip on port 2222 and one serving the wan interface on port 22. If you only have one interface, then both ssh sessions would serve the same interface, but one would serve port 22, and the other 2222. This is how to set this up:

sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh
sudo cp /etc/default/ssh /etc/default/ltsp-ssh
sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config
sudo cp -a /var/run/sshd /var/run/ltsp-ssh
sudo sed -ie 's/Port 22/Port 2222/' /etc/ltsp/ltsp-sshd_config

Note that these are the filenames in a Debian-based system. Other systems may vary. Also you are free to use a different port than 2222, it is just used here as an example. If you are using 2 interfaces also do:

sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' /etc/ltsp/ltsp-sshd_config

Here change 192.168.0.1 as needed.

sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' /etc/ssh/sshd_config

Change 10.0.0.42 with the address of your wan facing interface.

You will also need to change the .pid of the new ssh instance:

sudo echo "PidFile /var/run/ltsp-sshd.pid" | tee -a /etc/ltsp/ltsp-sshd_config /dev/null
sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\"-f \/etc\/ltsp\/ltsp-sshd_config\"/' /etc/default/ltsp-ssh
sudo sed -ie 's/AllowUsers/AllowUsers *@192.168.0.0\/24/' /etc/ltsp/ltsp-sshd_config

Finally we harden the outward facing wan interface by doing the following:

sudo sed -ie 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -ie 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -ie 's/AllowUsers/AllowUsers sysadmin nubae/' /etc/ssh/sshd_config

Changing your most trusted sudoing users for sysadmin and nubae in the above example.

To make the second ssh instance default to start also do:

sudo update-rc.d ltsp-ssh defaults

A final note is that the safest approach over all would be to put a firewall and port blocker on a totally different machine and only allow ssh access to one account on that computer, from which one could then access the internal network. But if you just have one server, hopefully this gives you peace of mind.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5

The Asus eeePC has become an extremely popular linux based laptop, and it works great with the preinstalled OS Xandros. It is, however, a desirable thin terminal in that its small, already has a monitor and is cheap. The smaller model's screen might be a bit too small, but one can always add an external monitor, keyboard and mouse and make it a full thin terminal. In order to do that, one must fix the atl2 kernel panic bug. The instructions that follow are not mine, I found them elsewhere on the net and adapted a little:

sudo chroot /opt/ltsp/i386
nano /etc/initramfs-tools/modules

add atl2 to the modules list.
Next update your initramfs with (where kernel-version is version number of your kernel [ie. 2.6.27-6-386):

update-initramfs -k kernel-version-number -c 
exit

This will update the kernel and create the initramfs that is in /boot/ under a name something like initrd.img-2.6.27-6-386. The file must now be copied from /opt/ltsp/i386/boot to /var/lib/tftpboot/ltsp/i386 after having renamed the existing one, for backup :

mv /var/lib/tftpboot/ltsp/i386/kernel-version-number /var/lib/tftpboot/ltsp/i386/kernel-version-number.bak
cp /opt/ltsp/i386/boot/kernel-version-number /var/lib/tftpboot/ltsp/i386/

You should now restart the asus eeePC and it should just work.

Rate It! (Average 0, 0 votes)

• 1
• 2
• 3
• 4
• 5