Archives par mot-clé : Security

Fingerprint authentication in Ubuntu

5 commentaires

It seems more and more laptops come equipped with fingerprint readers lately. If you want to see support for such readers officially rolled into Ubuntu 8.10 by all means click on that mean Brainstorm logo! Update: it seems the Brainstorm voting has closed, however the discussion that entry has about security is worth checking.

I recently got an HP Pavillion xt1000 series with such hardware and while researching its fingerprint support I came across Fprint.

From the project site:

The fprint project aims to plug a gap in the Linux desktop: support for consumer fingerprint reader devices.

Previously, Linux support for such devices has been scattered amongst different projects (many incomplete) and inconsistent in that application developers would have to implement support for each type of fingerprint reader separately.

The provided packages are:

  • libpam-fprint – PAM module allowing authentication (login, sudo, etc.) via fprint
  • libfprint-dev – fingerprint library of fprint project, development headers
  • libfprint0 – fingerprint library of fprint project, which allows using the fingerprint reader found of many of the more decent notebooks
  • fprint-demo – fingerprint scan and verification graphic utility

The packages that enable fprint functionality in Ubuntu are provided by Pavel Rojtberg, I’d like to invite anyone with fingerprint readers to try them. If you find any bugs I think they can be sent to the project’s mailing list, I couldn’t find an obvious link to any open bug trackers. Oh, and don’t miss the FAQ!

There is a lenghty discussion and interesting information on Pavel’s site. I contacted him personally and he setup a Personal Package Archive (PPA) to build the Ubuntu packages very quickly! Thanks for you work, Pavel! All the development work the Fprint project has achieved is made available very easily to us Ubuntu users via the PPA service in Launchpad. This will not make it in any official Ubuntu repositories just yet, but it’s very promising so far. Above all it should not be considered a replacement for other standard authentication and security measures. 🙂

libpam-fprint + libfprint + fprint-demo packages for Ubuntu 7.10 are available as an archive at:
http://madman2k.net/files/fprint-packages.tar

Hardy Packages are available in this PPA:
deb http://ppa.launchpad.net/madman2k/ubuntu hardy main restricted universe multiverse
(add that line to your /etc/apt/sources.list file and update your repositories: sudo apt-get update from comand line or just use Synaptic.

For other distributions see: http://www.reactivated.net/fprint/wiki/Download

ScreenshotFPThe fprint-demo package provides a graphical application to enroll fingerprints and set different options. After installing that package, fprint-demo can be invoked from command line only (no menu entry yet) by issuing this command (notice the underscore instead of hyphen):
sudo fprint_demo

In order to enable fprint authentication on Ubuntu install the libpam and libfprint packages and then edit your /etc/pam.d/common-auth so it contains

auth sufficient pam_fprint.so
auth required pam_unix.so nullok_secure

At your next login attempt or sudo command from terminal, this will first try to read your fingerprint before asking your password. For testing purposes, you can expire the sudo passowrd caching by issuing « sudo -k ». Do not try to disable password login completely; this is alpha software and you might lock out yourself.

Example of command-line fingerprint enrollment:
sudo pam_fprint_enroll --enroll-finger 7

For more information regarding the current (under consideration) integration of fingerprint readers support in Ubuntu, see:
https://bugs.edge.launchpad.net/ubuntu/+source/pam/+bug/187130

 

PCs with Ubuntu should be much more expensive

3 commentaires

A few days ago a friend asked me « How come Dell PCs with Ubuntu are only 50$ less than Windows ? ». I was actually suprised by his question and I thought I would share my answer.

If I apply the closed, non-free business models around proprietary software, I really think Ubuntu PCs should be much more expensive (like U$1000 more) than any Windows comparable machine. After explaining all you would need to add to a Windows install in order to make it comparable to Gnu/Linux, we actually agreed… I was then wondering what would happen if a tiny portion of Ubuntu users would contribute a portion of the U$1000 saved towards local development and advocacy efforts. Well, « finders, keepers » also works for me.

Think about it, I am sure you can come with more than this short list but… since being an Ubuntu user at home and at work,

  1. I don’t need antivirus, firewall, cleanup, anti-spyware or other such  » security » software. This may require a bit more explanation, but what can I say. I my personal experience, I really don’t need any of this.
  2. As a result of #1, I don’t actually need to waste a dual-core’s machine power so I can be « running a virus scan and management agent in the background« . I’d rather put that to good video transcoding use 🙂
  3. As a result of #1, current sub U$500 cheap Celeron based laptops run just fine with only 512MB of RAM – they’re not  » useless » as I was told at the store
  4. I can choose and download a healthy few thousands applications (including many servers like web, voip, etc.) from one central package/repository management application. Like, say, Windows update but for all applications. Multi-lingual, and including security updates, unlike Windows Marketplace. I do happen to work in spanish and french too.
  5. I can have my systems (and all included applications) available in several languages at once.
  6. I don’t worry about manual security updates, except for software I have decided to manually download and install from other sites (a rarity, but happens)
  7. I don’t reinstall! Well, my work consists of advocacy and consulting / coaching / providing tech support so my main laptop does get reinstalled often. Home PC hasn’t had a reinstall for 3 years though.
  8. I can keep using the oldest, crapiest hardware I love, like that PCMCIA reader or the « Windows 98-only » webcam, along the newer one
  9. When I come across a missing feature / problem / documentation omission or translation problem I take the opportunity to contribute back and learn in the process
  10. I can copy all this to any amount of people around me, without restrictions or underground illegal activities – the only limit being my bandwidth, and ability to give out CDs or other media. In fact I am often asked if the software I used is legal, as I seem to have a little or big app for most any use.

So how much is that worth to you ? I was thinking I would need to talk about the freedom, the formats, the licences, patent problems, etc., I guess that’s for another afternoon when I chat again with my friend.

 

New Launchpad release out, news blog online

2 commentaires

This morning I was really excited to see the Launchpad 1.1.6 milestone announcement! Launchpad is a collection of services that assist in software development. Ubuntu uses it to manage its specifications, bugs, meetings, events and other assorted things. the Launchpad HowTo describes how this is done.

Among the many details of bugs and new development in this announcement, a few are of particular interest to any Ubuntu LoCo teams using Launchpad to manage their community and keep track of participation:

  • Teams can now only join other teams with the approval of the first team’s administrator.
  • Team members can now renew their own memberships, when their membership is close to expiry if the team is set-up with an on-demand policy.
  • Answer contacts will now receive notification of new questions in their preferred languages only. – as a team administrator, visit any project’s page (like Ubuntu’s, then go to the Answers tab, and choose  » Set answers Contact » from the left menu. Previously you also received notices in English. If you don’t select a preferred language, it will automatically be set to your browser language preferences.

This last feature alone is very important for local teams that wish to have their members keep track of the help they provide to local communities in their native language. I also think it will be a good way to keep answers to common support question out of the mailing lists – sometimes a few technical questions can generate a *lot* of email traffic. An added bonus, you loco team members will get precious karma for every participation.

There were also two nice changes to improve privacy of participants in Answers and the bug trackers:

  • Email addresses inside the Answer and Bug Trackers are now obfuscatedto anonymous (not logged in) users – e.g. Google.
  • Quoted emails and standard signature lines are now stripped from emailed responses to Answer Tracker questions and also bug reports.

There are many more improvements and new features, the full announcement is in the Launchpad-users mailing list archives.

Additionally, there is now a Launchpad News blog now available at http://news.launchpad.net/ – it’s great to have another channel with regular updates and insight directly from the users and developers behind Launchpad.

Now, to make this a perfect « Launchpad fans » day, it would have been lovely to see an update about making Launchpad free and open source under the GPL or another licence… 🙂

 

Prrésentation mensuelles FACIL: Sécurité des applictions en lign

Nicolas nous rappelle que jeudi prochain (21 juin) il y a une présentation organisée par FACIL au CRIM. Damien Seguy va nous sortir de notre petit nid douillet en nous parlant de La Sécurité des applications en ligne.

J’ai rencontré Damien à plusieurs reprises et je dois dire que je regrette beaucoup de ne pas pouvoir aller à sa présentation, alors ne manquez pas de lui dire bonjour de ma part si vous y allez suite à votre lecture de ce billet 😉