Episode: 387
Title: HPR0387: Linux Security
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0387/hpr0387.mp3
Transcribed: 2025-10-07 19:34:49

---

Thanks for watching.
Hello everybody and welcome to another episode and this episode we're going to talk about
Linux security. It's quite a broad topic but we're going to talk about Linux desktop security
in general and in Linux server security in general. I'm Mark Clark from South Africa living
Johannesburg and I work for open source solutions company in Johannesburg. I'm joined by
Makar's darling Parker. How do I lean how you today? I'm great Mark. How are you today?
Oh thanks. All right. So just to refresh people's memory my name is Darlene and I am in Calgary,
Alberta, Canada and I worked for I worked for a Linux based company that provides solutions
around the world and also today we're joined by another guest, Mohammed Ayade and he is located
in Libya and he's also a Linux expert and I'm sure he has lots to share with us today about
Linux security. Hello Mohammed, how are you? Hello Mark, how are you? I'm fine thank you.
First of all I'll introduce myself I'm Mohammed Ayade from Libyan spider network.
Libyan spider network is a processing company based on Libyan. I'm working as a Linux server
administrator and I think I am most of my time to Linux in general. So first of all let's let's
talk about Linux desktop security. I think as more and more people start using Linux on their
desktop probably going to get more and more reports of security breaches on the Linux desktop.
You know I think that's one of the inevitable things that's going to it's going to happen.
You know if you look at the standard Linux distributions when you install them by default they
don't have a whole lot of ports open listing and protected ports listing for incoming traffic on
the internet but yeah but there's still vectors of a tech that are there. Dolly what do you
think about Linux desktop security and are you required a bit with that? Well I think that
they only truly secure machine that you have is a standalone machine that's not connected to
the internet at all. So whether you're running Windows Linux VSD whatever I think you still have
to be aware that there are some some holes that you know we do promote that Linux is that much
more secure but again like you talked about some of the services that are running are they always
necessary because I did it in install of Fedora 10 and then I just made a you know a text document
of all the services that we're running and some of them are geared for when you're on a network
you know on a LAN and some of those aren't so those aren't necessary if you're a standalone
desktop user maybe in your home or whatever so I think people just need to be aware it's
similar to when you run MS config on a Windows machine there's lots of services that are running
that don't necessarily need to be there and so I think that's the first step is to be aware
you know just to spend a little time on your system and become aware of it what do you guys think?
Yeah especially for the user move it to Linux and from my to Linux they think about
Linux is secure so they don't pay any attention for security so they ignore it and they don't
care about the services and the firewall and stuff like this so there should be more attention
if they move to Linux so they heard about Linux security and Linux is more secure more secure
doesn't mean that the secure it's not completely secure it's still have the vulnerabilities we
have the services and these services that have vulnerability to be more secure with the Linux box
and we have to update it frequently with the latest update for the kernel for the service
and doing some hardening focus to be more secure what do you think?
Yeah I believe that's true that you should harden your system up because you know we talk about
is Linux you know secure by default or by design I think by design that it is it is secure more
secure than what we're used to with other operating systems but I would not necessarily agree that
it's secure by default what do you think Mark? Yeah look I think you know the design part of Linux
it's it's architecture is much more inherently secure than you know then you say Windows can
have a look at Windows can from a design for single user environment and to this day even though
they it's claims you've rewritten the code completely it has that you know that heritage
with Linux was written much earlier and it was built for a multi user environment so it has all that
stuff built in so I think it is more more secure by design but as you say a lot of the stuff is
what's installed and what's running in terms of applications what the operating system itself
and today there's a much is it a bit of a blurring of the lines what's the applications operating
system you know with Windows you get Internet Explorer bundled and all of that because if you look
at most of these hacking contests that they have you know and the people that win them the
the vector attack is always the browser and they break into the system by the browser so you know
like Firefox for example you know if they hack into Firefox then who's responsible for that
because that will be a vulnerability on Windows or on Linux so it's difficult I think in the desktop
arena you know you're always going to have security breaches as much harder to lock things down
because you're basically relying on people you know what they're installing you know what starts
they're going to have savvy that are in terms of you know like any kind of artist if some people
we're talking about quite a lot of other people will be able to detect that it's a kind of you know
not for force so it's it's quite difficult on the on the user desktop side I think as we see
more people using Linux on the desktop side we'll definitely get more reports of security breaches
you know it's like the I love you virus that was sent around and when was it in about 2000 or
something like that I mean that wasn't anything clever what was clever there was a social
genuine aspect of it you know somebody gets an email from some for one of their friends because
they're in the address book and it says I love you and I think what's going on yeah they click on
the attachment and it's just the basic bb script you know which anybody could write anybody could
do so you know is that aspect that nothing's really going to catch that you know if you're smart enough
with the social engineering aspect of it so yeah yeah and like you talked about before Mark
is that when people just click on random pop-ups on their desktop whether they're running Linux windows
Apple or Mac or whatever it still comes down to common sense right if you don't know what that
pop-up is about or you didn't go this is what I advice I give people especially regarding pop-ups
and stuff if you don't go looking for it and it comes to you randomly ignore it yeah yeah as we
started our recording by talking about the success of security for Linux security it's mean
you know Linux become more more popular operating so if we start searching about malware that
takes Linux as you say download Linux is became more popular so I think that the header they will
start targeting Linux machine before it's not that popular and most of the Linux user refers
to this geek and these geek things Linux popular inside their team right they are geek
thing they're meeting together in the popular okay it's popular in your area instead with your
friends all of your friends are geek but now it's more popular for all user but I think it's
will be more targeted with hackers what do you think Mark yeah look I think it'll definitely
be harder for hackers to to break into into Linux and the Windows machines you know it really it's
because what will happen is to see at least with Linux you know if somebody does break it and the
person is using logged in as a normal user I mean I think that's where Ubuntu is going to write
into the forcing people to use so you do to get root access rather than you know logging in as
root is that the person about to hack in and just destroy the you know the users home directory
will hack into that you know so us Linux cars will claim well that's great because the systems
are cheers unhack you know but from a user point of view if they lost all of their I mean they
don't really care about the boundaries and operating system and all of that you know they care
about their data you know so even though we say well it's secure then it's you know in a multi-user
system it says one user that can't get hacked they can only really destroy that user directory but
in today's world I mean you have you know computers dedicated to one person so for example on your
laptop you don't have multiple users normally running on it so it's all intent and purpose of the
home directory gets hacked you know the machine's hacked and it's of no use to the you know to the
to the user of that machine so I do think it's you know it's one of those things which is going to
make a more and more of an issue you know we're going to be careful of the success of our own what
you call it marketing as it were because everybody with a medic means ah you know I could just
you know it's almost like I'm invincible if I'm running Linux and then of course that that has
the same problems in terms of when things do go wrong and people think but I thought I was safe
yeah but I think I think the advantage to Linux though is if there are some issues the response
time of the Linux community is much faster than if you were a proprietary software developer software
provider like they sometimes you can take three fours you know six weeks to eat well that's
probably even a small one because I was actually just reading out while I was getting ready for today
Adobe reader has issues that it even compromises Linux desktops and I actually sent that to our
to our to our development team because we we've got the latest it's the the newest reader 9.1
8.1 and 7.1 that you actually have to turn off the JavaScript and it says in their in their
blog release here it's on their update that yes it can affect your Linux machines so who would know
you know yeah and that come coming that way right but that's proprietary software and their
response their first response was back in April they posted this that there was a a potential reader
issue and they're still trying to deal with it so like I say the community that I think the Linux
community is much faster to respond to these kind of threats than then a proprietary software company
but I mean you know one thing as well that's also a potential solution to all of these things I mean
also sort of touches a bit on the server side because you can use these solutions the server side as
well but things like security enhance Linux or easy Linux and the new thing from you know app
armor from novel and those are different solutions to to the problem because basically the
start of data because you never know whether this apps going to be secure or not or what they're
going to test going to come through it so you kind of rack the application as it were until at
this application you can only do x1's and it could only access this directory or access these ports
that kind of thing so even if it does get hacked it's limited what can happen and I think maybe
that's potential solution in future but I just have to make it a lot easier for your average user to
use because I know most people just switch off esse Linux you know when they install this system just
to complicate it to manage yeah so I just have a like a final thought that I like to share about
desktop security and that is you know maybe having a standard that's just like IP tables with
policies that are set so nothing gets in and some normal services can get out have any of you
have either of you configured that IP tables or anything like that on your side
I tend to use it more on the server side of my desktop you know and I think that's the point
and IP tables quite hardcore for your average user yeah the setup but there's a whole lot of
gritty tools these days but still you know if you ever just said do you want to block port 80 or
you know I don't even know what you're talking about you know if you say even if you want to block
web traffic don't really understand so yeah so it's a it's a difficult you know scenario and I
think also we're straddling here but we're straddling here we also we're talking to just ordinary
users but we're also talking to IT administrators who you know will be taking care of desktops right
because have they come more popular yeah I mean I tell you what I mean like I'm a mom machine
like I did the development work so you install all kinds of services you try different things
and that you know I don't necessarily uninstall them and you take your laptop over you know it's
another network somewhere you plug it in and you just so it's not necessarily also you know it's
also suppose what you call it people you aren't diligent yeah maybe like you know and you leave
these ports open or you got a share you quickly want to transfer a file to another machine in your
home network so you you know you just make the share public and that's okay when you're at home
you know then you take your machine and you dump it on some public network or especially these
wafer hot spots you know next-minute machines like wide open so there's is this something which
also you know you've got to take it to count the human factor I think as well using firewall
IB tables is actually you know darling these days is more easier than before as we see a lot of
graphic interface on board we can find a lot of graphic interface using IB table surfaces like I
think firewall started or something like this and important to firewall and yeah this this
graphic interface make it IB tables easy to use easy to configure not just like before it's not
easy even for that administrator especially if you're trying to to configure your server starting
from the rules denied all and you have to start open only required the surfaces train so yeah
yeah it's a popularity popularity for Linux it's come from more easy to more friendly that's
what it's became popular right especially the event of the GUI for it right just one comment
also I didn't make before we move on to the server side of things as well as you know one thing I
do think which is a bit of a limitation of the current design structure of Linux you know
as this whole group you know you can only really define access to a file or resource by owner
group and in other you know so you can't have these complex group structures which is quite you
know someone make it the field to manage now I know they do have ACLs and Linux these days but you
don't find it widely used I mean I think we need to also potentially as we start using Linux more
and more you know hard to say okay you know Joe is part of the accounts group they can have access
to these files he's also part of this group that that can have you know I don't know a read write
access to another set of files and you can give both groups you know different routes to different
different files rather than just a single group that you can assign to it there in a posture you
have to go add Joe to all these different groups and it's a bit it's a bit of a difficult task so
I think yeah you know this ACL thing and that's been in the next four while now but it's not sort
of in widespread use because you need to use extended attributes in this system in this case I
think you should using security and hands at Linux which is have but have a more advanced
permissions and more advanced access list for user but security hands at Linux we will return
to it's not easy to go and figure especially for normal user if we talk about the normal user
and we're talking about a multi multi multi user machine if you want to to to to put more security
another in that machine so I have to configure security and hands at Linux to avoid this and
giving more advanced permission and access list control take over control the use so what do you
think about this we have to install antiviruses for our Linux box or maybe Mac box yeah I don't
I don't I don't tell them to put antivirus on I just tell them to stop all the unnecessary services
that get started when they do a default install do on the service I think you do need to run
antivirus for the software but especially if you got like a sunburst here because in an everybody
storing their files there and then obviously even though Linux is available to the Windows
viruses other Windows users can access those files and then and get attacked but I have yet to
find a decent antivirus package that can run on a sunburst here and do like on access scanning
and all of that kind of stuff I don't know whether you've got any of the environment or dolly
yeah yeah I agree with you actually I agree with you about it's required in case as we know that
these days we have a hybrid network some machine is Windows and some machine is Linux running
the same network and they can share resources so I don't want to my to my workstation to be
as distribution points for viruses to Linux user to win this user actually so as you say that we
maybe we need this antivirus is to protect actually Linux Windows user from being attacked or
being infected from my workstation Linux workstation actually we are popular for Kaspersky so we have
this Kaspersky have the engine for sunburst server to antivirus for sunburst server I've tried once
one time and it's nice it's using the same database to use it with that workstation so it will be
effective with your language machine okay now we try that was it the the guys for the Windows
gas applied as they went in both the license they didn't consult us on it and they bought that AVG
license but it was a real schlepa you had to recompile the kernel and add in this module and then
you know it was like it was like a major effort just to get to run this antivirus thing which meant
that you know you all future upgrades now it was just a pain if you upgraded your kernel it means
you know antivirus will stop working and all of that so I don't know if it is the same
it's the same yeah that's the same it's not used to configure it yeah that's the same
I think there's some space there it may be the Linux community needs to sort of look at a bit
and make it easier to integrate these antivirus even if it's just clan AV you know into the whole
look on excess scanning capabilities of somber um I'm surprised it actually it hasn't it hasn't
happened in the past because we're lying on you know if you're alarm the Windows client machines
to be running the latest antivirus that never really works always somebody who is turned off
updates or something like that you know and then all you need is one of those guys and it happens
that clients you know quite often where just one person can affect the whole somber share you know
yeah actually most of the vendors considering oh we will make a product for Linux users so
most of Linux users are provisional so we don't have to make interface just only with commands
the blah blah so that's why it's not easy to install even as well it's not easy to they don't have
a actually interface with a graphical interface for user no user to run in gesprisk and the Linux
and I learned from architecture somber not somebody developed or even looked at the kernel rule but
you know they could provide some sort of API hooks into like wind files or read to be able to make
easier to run that antivirus because typically what you have to have is like these modules which
like are notify which sort of that you know you know that get cool when when the file changes
and then calls antivirus and all of that so you would think it would be easier to you know there
would be easy better hooks available especially on the somber side now since it's used I mean that's
what it's designed for integration to Windows networks that there'll be more ability to do sort of
server side scanning of files okay so I think we should maybe just talk a little bit about the
server side of things that I think it's a different different aspect completely then that the
desktop side because you obviously you rely on the fact that you've got a server administrator you
know it's a bit more about what's going on than your average user plus you're also not running
a whole bunch of like things like you know web browsers and email clients on the server so
you eliminate a whole bunch of possibilities the internet borrow attack vectors but of course
opens up a whole bunch of other vectors for attack you must configure servers and that kind of stuff
now Mohammed I know you've got a lot of a lot of experience in this area because you run quite a
large hosting and provider there in Libya we are we're posting company and we are facing a lot
of hacking attacking attention from our server so after we're doing some research and the following
that got in line for security we find we found Apache is not secure by default we don't talk we
I'm not talking about the service itself the vulnerabilities for the Apache but it's not secure
if you don't using the third party modules or you you have to make a hardening for Apache to work
more secure okay what kind of a touch are you are you seeing manifesting the in terms of the
Apache server in particular yeah user they can be running scrap from one account another jump
into from account another account and they can't using running some commands from Apache because
by default Apache using nobody user by default so nobody user he can't follow with nobody user
who doing that action if you're trying to tracking the some action happened so we have to do a lot
of work with Apache to do to make it more secure well I mean if I look if you also do some web
hosting outside and most of the attacks that we get come from fully implemented stats that we
host there's not there's not a direct attack on Apache as such you know there'll be like a
cross start scripting attack because the guy who are a secret injection attack because they haven't
escaped his sequel properly within their application code but it's not necessary from from the
text a week kind of see it's not necessarily a you know exploiting in Apache itself you know
so it tends to be around that I mean you can do hard in PHP and those good things but then you end
up you know also there's a bit of a trade off because in the system it comes more more difficult
to actually to actually use so yeah I'm just interested more in finding out that the kind of a
text that are being directed you guys will sing on your service because it's a very honest most
of us are just spammers you know trying to basically send automated bots to just edit spam comments
to science industry that kind of stuff yeah as I mentioned that I'm not always talking about it's okay
about she is as a service itself it have vulnerabilities so even the latest version for Apache they
still feed they have a vulnerability and they didn't fix it yet okay but the not that's
script kitty we are checking us all script kitty we're not talking about that the professional hacker
they will use it about itself to hack the server okay so some most of the script kitty using
the way that actually is running like running nobody user to running maybe PHP shell or something
like this in your server and they start trying to having a back door in the server and get that
giving a root kit they're trying to get access to the server and also they're trying to jump in
from the server from account to account the same server to trying to hack some pages and get
the database and stuff like this yeah but it's not this is an opportunity in a patch acts actually
it's like the way that the default configuration for Apache we're using if they're part modules
with like more security it's like a work file wall you have any wood server that doesn't have
most security is open for public so any user can do anything for the server for the
nobody users actually if they using this default user for Apache and also using a super user
page modules to protect the user from running a script under another user account so these tools
really is very helpful and can protect your server and can save a lot from attack okay so you
just recommend as people look at running mod security and and um suphp to kind of
yes exactly it's a kind of thing okay and in terms of your I mean for us in our log file we just
basically run like a log watcher and talk over the files looking for any critical messages and get
emailed to us they want a daily basis do you have any early warning detection systems that you use
how to review a log file yeah also using a third-party tools like
from complex server they they providing free tools for firewall can it can't be integrated with
the mod security and it can be integrated with another services to warn you with the abnormal
action or maybe some some attacks come to the server so using this complex server with a third-party
file wall the professional hacker they will use it about itself to hack the server okay so some
most of the security using the way that Apache is running like running nobody user
to running maybe PHP shell or something like this in your server and they start trying to
having a back door in the server and get that giving a root kit they're trying to get access to
the server and also they're trying to jump in from the from account to account the same server to
trying to hack some pages and get the database and stuff like this but it's not this is not
vulnerable in Apache actually it's like the way that the default configuration for Apache this
is only the default configuration okay actually to we're using a third-party modules with
like more security it's like a work file wall you have any web server that doesn't have
most security is open for public so any user can do anything for the server for the for the
nobody users actually if they using this default user for Apache and also using a super user
PHP modules to to protect the user from running a script under another user account so these tools
really it's very helpful and can protect your server and can save a lot from attack yeah okay so
you should be recommending as people look at running mod security and and
yes you PHP to kind of yes you page exactly it's a kind of thing okay and in terms of your
I mean for us in our log file we just basically run like a log watcher and talk over the files looking
for any critical messages and get emailed to us they want a daily basis do you have any early warning
detection systems that you use yeah also using a third-party tools like come it's come from
config server they they providing free tools for firewall can it can be integrated with the
mod security and can be integrated with another services to warn you with the abnormal action or maybe
some some attacks come to the server so using this config server that third-party file wall
plus the main the main concern is that it tends to be a lot of bandwidth I mean sometimes you can
have like you know 20-13 to your bandwidth can be some guys trying to post endless comments on
to a forum site somewhere yeah so what we do is we use like fail to ban for that kind of stuff
and for obviously attempts to hack your SSH port which you have open for administration purposes
now on our side we we tend to run a run of those things the fail to ban is quite good in terms of
at least saving your bandwidth and you know also preventing dictionary attacks and that kind of
don't you sort of have a different what's it called a different concern on our side
I'm at there but I must have a look at mod security hopefully it stabilizes and start introducing
it into the into the official repositories and that then I think they're different to use it
like you know the approach also that that mod security seems to be taken is very similar to
to app armor and easy Linux that we talked about earlier I don't know whether you have any
experience with with easy Linux darling or Mohammed actually I have a bad experience
with the Linux I don't even configure it one time my machine so I face a lot of problems
so I have to read the manual very carefully especially with the security hands Linux and take it
in my in the consideration every time when I install a new surface when I try to install a new
application because the security hands Linux have advanced the X control and
advanced and change a lot of care and behavior so once we install security hands Linux
it's next we have to take in our administration we will face a lot of problem in the future especially
when trying to add a new surface add a new tools add new applications to our machine I mean that's
also been marked with easy Linux I've been reading articles recently apparently they made a lot
easier to use now I don't know how true that is but you know I think app armor is giving them a
bit of you know I make them sort of be a bit more competitive but I haven't used app armor
myself and also read the marketing heart was that app armor is really easy to use but I you know
I think where I understand app armor is that you basically don't know pre-configured profiles
so if you're downloading a pre-configured profile and you can choose your applications you know
you want to sort of protect so it seems to me I could be completely wrong that's easy Linux kind of
everything you know once you got it installed everything must be configured to run the easy Linux
it looks like with app armor you know you say look I want you to protect this application otherwise
all other applications run as under normal security kind of all you call it up mode so you know
can you say you got a yeah that sounds great yeah that sounds great because then you can just sort
of wrap your patchy they're quite like profiles of my SQL and patches or I want to like a
wrap a patchy I want to wrap my SQL you know that's all ones you really are supposed to care about
you know more you don't really care about wrapping you know some other some other sort of services
and stuff which you don't really use that much or which aren't exposed to the internet you know
so yeah so I'm probably going to give app armor and security enhance Linux a bit more of a
you know I've given some more tension and tried them again but yeah but I think those are sort of
looks like the you know the next generation of attempts on security and the server side
sometimes also security issues or actually design flaws and the architecture of the service itself
so you know in a matter of heart sort of careful you are and setting up your machine you're
going to be exposed to them. I mean a classic example of that was a DNS poisoning attack
of vulnerability that was exposed last year I mean it was a vendor that had a rush to patch
the DNS service um now how much did you have any experience with that yeah I remember that
when I had a first time about this DNS poisoning we inform our ISP to upgrade their DNS server
because when we check there are DNS server we find that it's vulnerable to DNS poisoning
but I was just sort of a vulnerability that was inherent in the architecture why DNS works
um so you know even if your DNS was within really secure it was it was basically in this
foundations hard work so yeah so you've got to be careful about those those kinds of
this was also important to always patch your machines and make sure they running the latest um
you know security patches from your distribution. What I remember from the vulnerability the way
it works is that you know when you send out a DNS response request that you want to look up first
national bank dot Kaiser and the guys out to the DNS server that says I request to DNS server
but your machine will respond to whatever you ever you know with even machine response first
so it doesn't look to see a car sent us a request to server you know ABC um and the response
came from server x y z so what the vulnerability would do as far as I understood it was there that
would just sort of almost spam sending out response addresses for like let's say if it was a big
bank in South Africa so I'll just sort of continue to view out responses for fnb by mapping it to
the incorrect rp address and I'll just hopefully hit a machine that would would make this request
so if your DNS server is doing like a recursive look up um you could actually poison the cash
of the DNS server bar because we're just accept whatever response it got then we didn't check it um
and so thereby you know you might think well that seems like really you know like a sort of gun try
to approach to it but if you took like a popular soft like Facebook or something like that you know
and you just kept us being honest you know like you get it hit so yeah so that's when it comes
down to the sort of the the architect show how these things are built I know that my challenge in my
work has been to bring Linux out to the ordinary users or to you know explain the difference
between Windows and Linux to tell people you know and I believe it's a real hands-on experience
so I know Muhammad that back in March you had a first open day first Linux day in Libya
and it was uh you guys was the was fossil rates of free you know was the organization that you
worked with to do that can you tell us more about fossil yeah um the organization
behind this day is called fossil free open source software in Libya
uh this uh group established in 2008 the first events were actually for us it was Linux day
towards the first Linux day uh the official Linux day in Libya uh Linux day in Libya it's
become this idea become from this group and leaving a spy with the company I'm working with
there there was a sponsor for that day and without this company actually that day we
will not come to show and uh for Linux day we we expect that uh about 400 uh people will
participate in that day but we we surprised that it was a 1,300
after that day and uh yeah we we uh we distributed about uh 900 uh you bought to CD the
top you want to CD for for the user or for the uh participated people uh actually in general
it was a very successful day for us and uh after that day a lot of people become uh asking for Linux
and I'm still receiving uh uh a message from user they're trying to get CD for Linux and they
want to try Linux because they heard a lot Linux and they don't try it before and they still
they thought that Linux is using a terminal they don't have the uh Linux doesn't have
interface some users they have to still have thinking like this Linux have no interface
is Linux Linux only for Geek but when we're running actually one from the important point
we we constricted Linux day is running combos actually okay I have a combo proficient user
with us and they yeah in person people with uh 3d effects for desktop and how they do
it's crazy like crazy desktop for user they're seeing that effects visual effects so they like it
wow so most of the new user actually then now they are installing you going to and going directly
to install uh combos and doing this action and blah blah blah stuff like this yeah sounds like
it was a great success there and you know I know yeah yeah as a defector as well um you know the
the government also quite big into open source at least officially they support a lot in terms of
the open source that software feed and the our government are organizers activities around that
was there living in government involved in anyway in in the show uh actually uh last year
it was a successful year for Microsoft in Libya oh yeah yeah they have a contract with the
higher education they have a contract with uh general vacation Libya they have contract with
the institute they have contract with the uh general electrics electricles uh Libya they cover
all most important sector in Libya but uh we can't convince user to or the government using
open source without a planning it's will be a disaster I think yeah yeah first of all we have
to build the community we have to find a qualified people to to support open source in Libya then we
we have the more uh more power to convince the government or give them some proof that
its open sources the right choice and uh Linux it will be the future operating system
now to be honest we don't have this power okay but you also said uh last night uh
Muhammad that you were doing a lot of translation because there wasn't a lot of of uh
documentation in Arabic right for open source so there's another kind of a hurdle to overcome as well
yeah that's right actually lately I was talking about we don't have uh rich uh resources for in
general about Linux and open source in Arabic we don't have a rich resources and this is really
making me sad because why why all languages they have resources and in Arabic we have late we have
leakage okay we have resources but not that much resources and you can't make depends on these
resources and most of the uh IT people who don't following this article uh documentation for example
if I translate uh uh a thousand pages from documentation and professional way and give them to
IT people professional IT people actually they will not read it they will go to find another
documentation in English okay um yeah but where are you aiming that documentation to is it to
end users or to your system amendments like who are you trying to to bring over to that in general
actually in general yeah as I told you yesterday that I'm trying to translate the whole
uh document a facial documentation for and community documentation for your pointer uh I think it's
about thousand five hundred pages um this this this is not easy work to do by myself I'm trying to
find a volunteer to help me to contribute this project and actually the volunteer or
contributors will be from the hall anyone can speak um or understand both language Arabic and
English and also should be involved in the IT field because translating the IT documentation
requires some skills and some understanding yeah so let's put a poll on there then for anybody
that can it can help Muhammad there was a translation exercise I mean if I need to get hold of
you they can get hold of you at Spada net what Libya Libyan Spada.com there yeah Libyan Spada.com
okay just send it email from there okay great stuff tell me um Muhammad what's uh do you
guys have an active business software launched organization in Libya at all you know the anti
the copyrights you mean copyrights yeah copy or the guy looking for pirated copies and unlasted
versions of software and all of that I mean I know we've got one y'all so that you know is it now
we've got one y'all so that you know like a few weeks ago they released the latest report
and they said software power is up one percent you know from 34 to 35 percent I mean that means basically
a third of all installations that they go unlastenced um yeah of course that they blame this one
all kinds of things like increasing access to international markets like Pakistan and uh what else
did they blame and then they blamed oh yes obviously always a lot to blame broadband internet
access for increase in piracy um yeah I didn't even mention the fact that we in the world's worst
economic crisis is 1929 you know and maybe people don't have money to pay for the software um to
me one percent increase seems quite a mile given given the circumstances but um you know
what one of the things I guess I'm trying to comment on because often in in in like sort of
the third world countries like South Africa and then um it's hard software power series and people
and that's why I feel you know open source software is a hard time competing against it because
essentially the software is also free it's not open source but it's also free in South Africa um
and uh and that's why people don't really see the there's no economic need to potentially change
from from from this um but what I do find is strange though it's like you often find a lot of
these Microsoft guys you know they'll come in and argue as soon as you some like open source
software making inroads into an organization they become very defensive and aggressive about it
you know and they started arguing that your Microsoft is better because it's paid for and then
you say to them well have you paid for your software your your version of Visual Studio and XP
and they say no if it's so great why don't you pay for it you know so there's like this there's a
strange relationship yeah okay I think that's a that's a wrap for a quick episode on Linux
security we just really scraped the service then dealt with Linux security at a at a hard level
and touching on some tools and um ideas that we sort of discussions that we have about
but Linux security a lot you think um dolline for joining us today um as well as Mohammed dolline
yeah well I'm glad uh that uh it was able to share some ideas and some insights with our listeners
because uh has we repeatedly said throughout the podcast has Linux gains and popularity that
uh this will be something we will have to address and again I thank Mohammed for joining us as
well and providing some uh really good information and I hope our listeners uh enjoyed it and
look forward to hearing from us again yeah thank you next thanks dolline thanks everybody yes
catch you next time all right
you
thank you for listening to hacker public radio hpr sponsored by caro.net so head on over to
c-a-r-o dot anything
you