Possible use of Lubuntu 12.04??

[bigmango]

@cpg

Thanks for your feedback and also thanks to Bigfoot for pointing you to this thread, he is doing a great job of supporting people here on the forums. Sorry for my "strong" comments above; they were meant to get your attention

Not only the community is a mess in Ubuntu. Debian people, who know their stuff, reject helping on Ubuntu (it's NOT Debian!), and Ubuntu community people are largely clueless on technical stuff. Their process is largely driven by Canonical and they barely contribute to Linux at all.

First time I hear this.

But if Ubuntu does not work for you there are other Long Term Support distributions (Centos, Debian,...). BTW, OpenMediaVault seems to be doing great on Debian, with GUIs Amahi can only dream of for Greyhole, Snapraid,... (I'll consider moving to this as Amahi is now focused on no LTS support).

But you choose Fedora: only 13 months support, minus Amahi usually releases ~6 months after Fedora releases = ~ only 7 months security fixes & updates for Amahi (and I'm not even repeating the case of the many applications that are dropping Fedora RPM packages availability as soon as Fedora reaches End Of Life).

This does not cut it for a SERVER, but even more so, you are making it the main network ROUTER !

In any case, I don't get why people are so obsessed with security patches when Amahi systems are run behind a firewall. Only once in the history of Amahi we had to release one security update. It was a DNS server bug where updates on the internet side of DNS server could potentially creep into the local DNS server. But even then, it was extremely remote that anything could come into a private network. Your server will continue running for years and years if you let it run!

How can you even say something like this, especially as you are a sever software Project Lead?

Amahi is not only a server, you are also making it the default ROUTER! It is connected to the internet unattended 24h/24. People are using it for a lot of different things, to make media available via the internet, to run web apps, databases, etc.. etc...

Vulnerabilities are exposed all the time (SQL injections, root exploits, ....). Ubuntu & Fedora are getting security fixes at least 4 or 5 times per week, if not every day.

The news are talking about professionally maintained corporate servers getting hacked every day (we are not just taking about a firewall here). Even the NSA, the pentagon, the FBI are getting their servers hacked. But you - as Amahi SERVER Project Lead - think that because you have a firewall you don't need security fixes ? This is madness.

The bottom line is that Fedora, their repos, packages, etc. are managed professionally and, as hard as it is, Ubuntu is nowhere near the level of professionalism and execution as Fedora.

To the contrary of Fedora, Ubuntu is available commercially , used in corporate environments, it's also the linux platform of choice for many manufacturers (Dell, Lenovo, etc...).

It has great support, but you who are saying you don't need security fixes for an online sever, are saying it is not "professionally managed" ? Come on...

As said above, there is absolutely NOTHING professional about choosing Fedora as an online SERVER OS. Of course it is backed by RedHat expertise, but this doesn't change the fact that it only remains a test ground for them, with a 13 month limited life time, of which Amahi only uses about ~7.

We tried it at great effort and we mostly made it work.

Ubuntu Amahi is working great here. So, I guess you are talking about porting the new implementation you have with Fedora 19.

If we have Ubuntu contributors, we will support the next LTS.

Good to hear.

So, this seems to be the problem you are facing: Unfortunately, it looks like no knowledgeable IT professionals are interested in investing time in Amahi. Which leaves it open only to contributions from home users with little professional experience who mainly like Fedora (otherwise they would not make Fedora widely available as a server distribution, with only ~7 month life time, AND furthermore disabling Fedora security updates, etc...).

That said, some things are changing in this area at RedHat. They started a new server initiative and they reached to the Amahi community to http://fedoraproject.org/wiki/SIGs/Server
Maybe something comes out of it. Also, RedHat acquiring CentOS may bring changes in this area as well.

Bottom of the page you are linking to:

FAQ
Q: does more server orientation mean an extended lifetime too?
A: no, extended lifetime is covered by the derivates like RHEL, CentOS, etc.

I think this sums it up....


cpg, thanks for taking the time to discuss this. Even if you don't agree, it is important for Amahi to consider this issue. You guys have done a great job with making Amahi an easy to set up server for the home user. Now we just need to make sure we are having Long Term distribution support.

[droth49]

First, my support of Amahi is no accident. My first install was Amahi 7 and it went very well, at least until I tried to get a GUI going on a headless system. I was impressed as to how an out of the box install came up and ran with little to no configuration. However, as I said I am a user and the use of a command line is not something I enjoy nor am I particularly good at it and so when in can time to install a printer or consider some of the other apps available I choose to move to the Ubuntu side wear I can see graphical what I am doing. Once again that install went very well, it came up and ran in similar fashion and with the addition of the GUI I was able to do more of what I wanted and needed. It was at that point I chose to start a monthly contribution with the hopes other things would come.

Now let me put some things in perspective for you. I am a 65 year old retired high school and Jr. college technology teacher who has taught A+ certification, networking and electronics. I have always been interested in the hardware much more than the programming side of computer technology all of which came about well after I graduated from college. Most of what I know I picked up on my own. The politics of Linux, which is what you are talking about, I have little use for, (not a business person) however, I am well aware of what you are talking about.

BTW, the reason people are worried about up dates and security is because they come form a desktop environment. The do not realize that a server by in large does nothing more than serve up information and apps. It does not do heavy computing and as a rule requires little of the OS and hardware. I know, I do not have to tell you that because you know it. I know it and still find myself fall into the desktop trap.

Thanks for send along the fedoraproject web site. I gave it a quick look and find that much of my concerns with Amahi are things that the community as a whole have issues with. So I am going to go out on a limb and tell you what I think would make Amahi better for the home user, and thus better for any user no matter what level. There needs to be a road map to help the end user reach their goal. Right now you have the basics with samba, Apache, dns, and sql. All of which load, configure and run with great ease on a headless system as well as Ubuntu. But what is the recipe for the rest of what the system can do? For the most part those need to be determined by the user. I am going to use what my goal are as an example: I want a system that does what you are already are doing with these additions.
1. Able to log in to the headless system and have a GUI that will run on either a window, apple, or Linux system and allow me to:
a. set up print server
b. monitor system operations
c. graphical file management
2. Configure a web server
a. http with caution on the dangers
b. https with password login
c. set up with internet domain name
3. How apps integration into the home web site, what is that going to look like and which apps work best
This is wear I end but other might want more
4. Mail server
5. Business to Business with place to list items for sale and then purchase.
6. Smart phone apps
Now I know that all of these things are already in Amahi in some way or another but a home user, such as myself has very little knowledge of how to implement them from both a server side and even a client side. These programs and protocols are not familiar to the average user. The amahi wiki pages are full of this kind of information but offer little help as to which step to take first, or which is the best piece of software or app to use to meet the goal. Please understand what I am trying to say. Amahi has all the pieces, and then some, but no clear direction on how to move beyond that point.

On a selfish note for me to be able to log into my headless fedora server with a GUI running on my Linux mint box would be great. I have backed away from it for now because of the frustrations of getting it done. Again I am willing to help document these things for Amahi in either/both fedora or Ubuntu but I do not see a clear direction at this time.

[cpg]

Amahi is most definitely not a router and should sit behind a firewall (typically on the router or the modem). Amahi is meant to be in a trusted network, and we make no secret about that. Most definitely should not be connected directly to the internet.

Note that I did not say we do not need or care about security. We do take reasonable steps to secure systems out of the box. It's the "updates" craze that seems ridiculous for a server behind a firewall. For example, for the VPN, which is a component that could be exposed to the network at large via port forwarding, we enable "auth_throttle 60" so that failed authentication attempts will be throttled to at most one attempt every 60 seconds. SSH? we strongly discourage exposing it, but if users must, we encourage using a different port than the default to largely avoid scans, which takes random threats by 99% or more.

Inside a network, if you assume have a rogue agent, nothing will last long. I can pop a cd into the box, boot from it and i own everything inside the box in no time.

We have tried CentOS. It's perennially behind on tech that not only Amahi needs but also the apps need. Also it suffers from the "death by a thousand cuts" syndrome -- CentOS changes quite a few things in subtle ways that turn out to break things.

[bigmango]

@droth49

Good points.

BTW, the reason people are worried about up dates and security is because they come form a desktop environment. The do not realize that a server by in large does nothing more than serve up information and apps. It does not do heavy computing and as a rule requires little of the OS and hardware. I know, I do not have to tell you that because you know it. I know it and still find myself fall into the desktop trap.

It is unfortunately more complicated than that.

On a selfish note for me to be able to log into my headless fedora server with a GUI running on my Linux mint box would be great. I have backed away from it for now because of the frustrations of getting it done. Again I am willing to help document these things for Amahi in either/both fedora or Ubuntu but I do not see a clear direction at this time.

This is not so complicated. There are several ways to do this, it's in the wiki.

Search the wiki for how to install a vnc server, you can then connect to your server GUI from any desktop.

I have installed x2go (wiki.x2go.org), this is one example and it works great. It is easy to install ("sudo apt-get install" with ubuntu). I am sure it should be easy with Fedora too.

[bigmango]

Amahi is most definitely not a router

This is news.

Bigfoot and others have advertised for a long time how Amahi has to be the network router in order for the Amahi apps to work, etc... , that the "hardware" router DHCP should be disabled, etc... etc... (what a mess this is, seriously). There have been long discussions about this on this forum in the past.

It also has DHCP on by default. I have personally disabled this as it messes up with my network (what a headache this was: my hardware router was assigning IPs and Amahi was too, rebooting Amahi was messing devices up, etc... -and if the "hardware" router was not serving and Amahi was in "maintenance" mode the network was not available).

This was discussed so much on this forum, and now you are telling me Amahi was "most definitely not a router"? You guys have been telling us it was and had to be and why it was such much better.

and should sit behind a firewall (typically on the router or the modem). Amahi is meant to be in a trusted network, and we make no secret about that. Most definitely should not be connected directly to the internet.

Of course.

The problem is that users are using Amahi for so many different things. As you know, as soon as the web apps, media sharing, databases, ssh, vpn, etc... need to be accessed from the internet ports have to be forwarded, and as soon as you do this you are in situation comparable to being connected directly to the internet on the selected ports.

Note that I did not say we do not need or care about security. We do take reasonable steps to secure systems out of the box. It's the "updates" craze that seems ridiculous for a server behind a firewall. For example, for the VPN, which is a component that could be exposed to the network at large via port forwarding, we enable "auth_throttle 60" so that failed authentication attempts will be throttled to at most one attempt every 60 seconds. SSH? we strongly discourage exposing it, but if users must, we encourage using a different port than the default to largely avoid scans, which takes random threats by 99% or more.

I understand.

The problem is that security is so complex as there are so many possibilities and vulnerability situations.

Just look at one example: on our Amahi we have installed a minecraft server for our kids (open so that their friends could connect). After 6 months with no issue someone hacked it 3 weeks ago. Fortunately the minecraft was running as a local user, so the hacker just messed that user account up. Now imagine what would have happened if they had managed to get root privileges.... This Amahi has 15Tb data, soon to be 19Tb. (I think I'll start separating the servers in virtual machines. But that's me. How knowledgeable is the lambda Amahi user?).

Inside a network, if you assume have a rogue agent, nothing will last long. I can pop a cd into the box, boot from it and i own everything inside the box in no time.

Right.

Now look at the many kinds of web apps, servers,...., people are making accessible on their Amahi from the internet (how many official Amahi pugins are there?). There are so many situations and complexities, it is madness to disable distribution security fixes.

Of course if you are on a closed LAN there is no problem. Really? ... does an Amahi user have WIFI? What about his neighborhood? How secure is his WIFI? Firmware has been compromised in the past, is it up to date? Some users have bluetooth enabled.... Meanwhile, the Amahi box is running 24h/24, unattended, security updates disabled.

We have tried CentOS. It's perennially behind on tech that not only Amahi needs but also the apps need. Also it suffers from the "death by a thousand cuts" syndrome -- CentOS changes quite a few things in subtle ways that turn out to break things.

Yes, this is why Ubuntu was probably one of the better choices: rather up to date software with LTS support, and ease of use for the end user.

Debian could be good too, but software is behind (they aim for stability), there's less driver support out of the box and less guis for the end user.

Well, if you want to keep Fedora as the main distribution, could you at least make it so that we can upgrade to the new Fedora version as soon as the current Amahi version reaches EOL? The issue here, other than the security fixes, is that many software providers are dropping RPM availability as soon as a Fedora version reaches EOL. When this happens, we are in "dependency hell" to get the RPMs for the newer Fedoras to work. Ubuntu LTS doesn't have this problem as everything is always made available for it's 5 years lifetime.