Writing about text editors on a Linux blog is a bit like putting your fingers in a river of blazing lava. Everyone has their favourite and they are ready to go to the end of the world defending it. Sure, we’ve had a fair share of “discussions” over programs like emacs and vi in our team room, and probably will continue having them for days to come. However, I feel like I have some thoughts about editors that I must share here.

Recently I bumped into a web site of an editor called Scratchpad. Since I have always been interested in software usability and this one promised to be very different in that field, I decided to fetch the sources and compile the thingie. And yes, different it is.

First and foremost, it does have a File menu entry, but the contents of that entry made me smile. There is no Save or Open command at all! Having to deal with saving files is a classic caveat in software usability. After all, why would I be interested in saving a file? I just need to edit the contents. I can undo the changes if I make a mistake. One is so used to having that Save option that it even feels quite strange not to have it. At first, that is. After using the editor for a while you get a funny feeling that you’ve forgotten something and when you actually realize what it is, it makes you smile even more :)

Another problematic user interface has been the Open file dialog box that almost every piece of software seems to have. You have to use some buttons and tree views that never seem to quite fit into that small dialog box. Not with Scratchpad. There is an Open folder command in the File menu which just opens a file browser window and you can then double click on a file you want to edit. The good thing about this is that the file browser is already well suited for finding a file you need and contains all of your bookmarks etc.

Scratchpad also has very nifty search and replace functionality which allows you to tag parts of text based on search results or selections, and then apply a replace string for all of the tagged parts.

All in all, I would say that Scratchpad does it’s job in a very clean and usable way. I wholeheartedly recommend it to everyone who is ready to change their age old habit of having to press some magical key combination every now and then. No more (Ctrl-S / Ctrl-X, Ctrl-S / Esc-ZZ / whatever) for me, thank you!

(Edit: After writing this text happily with Scratchpad I copied it over to our blog software and now have two Save buttons in front of me. They sure look daunting.)

As I was playing around with VMware Workstation’s screen recording feature, I accumulated a number of videos showing our product in use. I took some time to recode and edit the clips and decided to upload them to our blog. The quality varies somewhat, so their usefulness can probably be debated.

• Installing Linux Server Security on SUSE Enterprise Linux 10: 4,4 MB MPEG-4 download, YouTube^[1]
• Using a SLES 10 Samba server with Server Security and Windows XP: 27 MB MPEG-4 download, YouTube^[1]
• Updating a freshly-installed Ubuntu 6.10 system with Server Security (see earlier post): 22 MB MPEG-4 download, YouTube^[2]

I searched through ccMixter for some music to go with it:
1. ninoffInDub by Danny Van Der Loy
2. self_realize by weed201
Both are released under the Creative Commons Attribution 2.5 license.

If you’re running our Linux Client or Server Security software on a desktop distribution with frequent system updates, like Ubuntu, you’ve no doubt become a bit bored of entering and leaving the Software Installation Mode every time there are packages that need to be upgraded. However, here’s a small tip that will ease the pain a little for our Ubuntu users:

• As superuser, create a file called “99fsav” (or similar) in /etc/apt/apt.conf.d by running the following command:

    sudo gedit /etc/apt/apt.conf.d/99fsav

• In the editor, paste the following two lines:

    DPkg::Pre-Install-Pkgs {"/opt/f-secure/fsav/bin/fsims on";};
  DPkg::Post-Invoke {"/opt/f-secure/fsav/bin/fsims off";};
  

• Save and exit the editor - done!

Now, the next time the system installs a package, it will automatically tell F-Secure Client Security that it’s about to do so by activating the Software Installation Mode. In this mode, some features are disabled in order not to interfere with the installation process. All files accessed are still scanned for malware as normal. When the installation or upgrade is done, dpkg will tell Client Security that by invoking “fsims off”. This will trigger recompilation of kernel modules (which is necessary in case the package installed was a kernel upgrade), and a full re-scan of the Integrity Checking baseline table, that contains hashes of important system files.

One important detail is that if you use the update manager, Synaptic or similar GUI tool, you must click “Details” to access the terminal in order to enter a new baseline passphrase for your Integrity Checker (see the second screenhost).

Also, since you need to enter that passphrase to finish off the installation, this is not very suitable if you’re doing unattended installations or upgrades.

Oh, and sorry about the language in the dialogs; I just grabbed the screenshots off of my regular workstation at the office, which is configured to use Swedish, my mother tongue. But if you’ve used Ubuntu you’ve probably seen those dialogs enough to know what they mean. :-)

Update: check out this post for a video clip showing this trick in action

Here is Rescue-CD 2.00. It can be used to scan your machine for malware.

If you suspect that your machine is infected and/or virus detection capabilities has been compromised use this tool to scan machine.

It will rename all found malware on the machine.

Rescue-CD 2.00.1476 ISO image (80 MB)

To use, just burn the ISO image to a CD-R, and then re-boot your PC, allowing it to boot from the the Rescue-CD.

The two main use-cases of the Rescue-CD are:

• The computer no longer starts, as the operating system has been corrupted by malware. In this case you can use the Rescue-CD to scan the computer and quarantine the malware. This may allow the operating system to start properly again.
• If you suspect that your security software has been compromised by malware. You can use the Rescue CD to check this, as it is incorruptible and it is independent of the operating system.

The F-Secure Rescue-CD is normally shipped on the same CD as other F-Secure Windows products, such as Internet Security 2007. It allows the user to boot into a slimmed-down Linux system, from where they can scan using our Linux malware scanner — using the same technology that serves as the basis for our Linux Server and Client Security products.

Technically, the 2.00 version of Rescue-CD is a Knoppix-based Linux distribution with our command-line malware scanner pre-installed, slimmed down to only 80 MB. Upon booting from the CD, the user will be presented with a text-mode menu-based interface to the malware scanner, from where they can scan their computer for malware after the Rescue-CD has downloaded the latest malware databases from the Internet. The user can also access a normal Linux shell prompt to examine and repair a broken system.

Ian Murdock, of Debian fame, has written a nice summary of the recent LSB Packaging summit that explains what’s in the works when it comes to the future of Linux package management. It is very nice to see that there are good people working in this area, and I’m hopeful that in the future, third-party software installation in Linux will be a breeze.

As software developers targeting the Linux platform, this is of course a topic that concerns us very much. Here in the F-Secure Linux team, we as recently as today had some heated discussions about different ways to solve the packaging dilemma. We have several goals to fulfill, among them (in no particular order, and some of us may even disagree with some of these statements):

• we want our software to work on several different Linux distributions
• it should be reasonably manageable by system administrators
• from a building, testing and logistics perspective, it’s nice to have a small number of “end-products”, i.e. installer packages, produced by our build system

Currently, we’re shipping our products in a hybrid solution, trying to combine some of the benefits of a packaging system while being able to produce a single package “blob” of each build containing everything that is needed to install, configure and run the product. That package is a self-extracting executable installer that, by default, dumps a bunch of RPMs into a /tmp subdirectory, installs them, and then runs the configuration scripts needed to get the product up and running (it can also do some other magic, but that’s not important here). We are well aware that using RPM is not optimal for, for example, Debian-based distributions, but thanks to LSB, we can usually assume that the hurdles of installing RPM-based software aren’t too big. By supplying an “extract” argument to the installer executable, the operator can extract the raw RPM packages and install them manually, if need be (which is often a requirement to facilitate large installations of many hundreds or thousands of machines).

There is still much to be done, and we are surely keeping our eyes open in all directions when it comes to Linux package management - whether it be using alien to integrate more nicely with dpkg, moving to an autonomous package installer such as Autopackage or even any of the commercial packagers. I feel that while the solution we have now isn’t by any means optimal, it works pretty well and still gives the user some control. In the end, I want the installer to “just work” and fit right into whatever environment the user is using.