Distro Review: LinuxMint 3.1

Part 1 in a 2 part series

I recently had the opportunity to try out Linux Mint, a new linux distribution aimed at capturing desktop user share from Microsoft. Linux Mint is a Ubuntu (debian) based distribution with some interesting user interface improvements, a few notable additions, and some closed source files that Ubuntu doesn’t ship with. I know first hand that when my windows user friends come over and use my laptop to check their email, they are often taken aback by the graphical user interface differences between linux and windows.

Where Linux Mint Excels:

1. A User Friendly Interface

I know first hand that when my windows user friends come over and use my laptop to check their email, they are often taken aback by the graphical user interface differences between linux and windows. In windows everyone knows that the start key is on the bottom left hand side of the screen. In a typical Gnome-based Ubuntu distribution of course it defaults to the top left and doesn’t even appear as an obvious button. Windows users don’t know what the hell they are looking at. Linux Mint gets around this by removing the top bar and putting the ‘start’ (or program access) key at the bottom left of the screen. Where Ubuntu drops the ball, Linux Mint does a fairly good job of avoiding confusion for windows users.

Linux Mint Desktop Screenshot

As you can see from the screenshot the start button is not quite as obvious as a windows XP or Vista start key with the highly identifiable Microsoft logo, but a good deal more intuitive than a typical Gnome desktop.

2. The Start Menu

The start menu looks just like Windows XP/Vista. Menu items are grouped in a logical manner consistent with the average desktop user’s experience.

Linux Mint Start Menu

3. The Control Panel

One of the most daunting things to a brand new-to-linux user is finding the locations of all the individual component-specific control panels. We have a font control a display control, a desktop control, an accessibility, a network, and countless other controls typically listed in the drop down menu under the system tab when Microsoft has them all neatly located in a ‘Control Panel’ dialog box. Linux Mint organizes them in a nicely organized intuitive display as well:

Linux Mint Control Panel

4. Graphics Card Support

Mint ships with a nice little installer called ‘Envy’ for installing non-free video drivers from ATI and Nvidia. Unfortunately my graphics card on my laptop is an ATI radeon mobility which uses the standard driver so I was unable to test it out. In addition since my graphics card is so pathetically old I am unable to use the Open GL Beryl desktop. Mine defaulted to the standard gnome. However, it does come bundled with beryl and emerald. Here is a picture of some Emerald window decorations you can choose from:

emerald control panel

5. Wifi Support

Strangely my wireless adapter (which uses the fairly standard atheros chipset) didn’t work with the live cd version of Mint, but once I installed it to my drive it worked without a hitch. For unsupported wireless adapters, Mint comes with a handy NDIS wrapper installer so you can just insert your wireless card’s install disk, browse to it and install it for use in Mint.

6. MintDisk: NTFS read/write and drive mounting out of the box

Mint disk is a handy little tool that automatically mounts ntfs partitions – and not with the typical read only access that you get from a vanilla ubuntu install. Worked perfectly for me and could work hand in glove with ndiswrapper to install windows wireless ethernet drivers on dual boot machines.

mintdisk ntfs small

I have only had a couple of hours to play with it so I expect to have a lot more to say in part 2.

Using Asterisk And VOIP To Save Your Small Business A Bundle

Overview

By now most people have heard of the open source PBX Asterisk and what it can do, but how does this translate into savings for your small business? I have written this brief HOWTO to show how it has saved my company over $500 per month by leveraging the synergy of open source software and VOIP.

Why use VOIP?

The cost savings from using VOIP (Voice Over IP) over the traditional PSTN (public switched telephone network) are tremendous. By eliminating the need for using traditional phone companies expensive infrastructure (a switched phone line originating at your office and terminating at your customer’s), a small business can completely eliminate the need to pay per-minute long distance fees and outrageous access charges levied by Ma Bell to use their antiquated telephone network.

Why use Asterisk?

Anyone that has started up a new business office knows behind labor and their leased space, phones often rank third. For one you must buy or lease a PBX (personal branch exchange) from a company like Avaya. On top of the lease for equipment you pay for the actual lines and usage charges for local and long distance calls. If your business has a high call volume you could easily be paying a small fortune. Asterisk was created by Mark Spencer the CTO of Digium and is licensed under the GPL which has attracted lots of third party add ons that increase its functionality. What does this mean for the small business owner? No software licensing fees, no hardware leasing and the power of a fully functional pbx with robust features built for voip.

This sounds great! How do I start saving money with Asterisk?

THE GAMEPLAN

There are a few steps that we must take in order to get started with our new high tech phone system.

  1. Choose a VOIP provider
  2. Choose a broadband internet provider (DSL/T1)
  3. Purchase a computer to install Asterisk on
  4. Install Asterisk
  5. Purchase Phones
  6. Configure Asterisk to Communicate with Provider

Choosing a VOIP Provider

For my new office we chose Inphonex. They offer unlimited 1-800 calling plans which was very important to us as we have a high inbound call volume and have to offer an 800 number. Inphonex is Asterisk-Friendly, and was the only business class service that offered an unlimited 800 plan. They are based out of Miami and have written a HOWTO on how to setup asterisk servers to connect to their service as well. After three months I haven’t experienced any down time with their service.

There are a few other providers I considered such as Teliax,Telasip, viatalk. Perhaps someone could post in comments about their service or others?

Choosing A Broadband Provider

When choosing a broadband provider there are several considerations to take into account. The most important is the number of phones your company will require along with the compression codecs the provider supports. My new office requires only 4 phones at the moment. There are several bandwidth calculators that can guide you through your selection of required ip bandwidth and codec selection. A quick check of the Inphonex website shows what codecs they supports. They offer support for several codecs including G.723, G.729a, G.726 ulaw and alaw. This provides you with some compression options in case you need several lines over a DSL line.

Building Your Server

I built a bare bones computer by purchasing a case, motherboard, cpu, hard drive and network card at NewEgg. Any old computer will do, but starting on a fresh machine ensures to some degree that components will work for some time to come. Since this machine isn’t running any Microsoft bloatware, the machine doesn’t really need to be a supercomputer. My computer cost a total of $200. One of the advantages of running it on a linux server is that you can SSH into the machine remotely and manage it or you can access the web enabled GUI. I am using trixbox which comes with FreePBX already installed which makes managing your asterisk server easy even if you’ve never used linux or SSH before.

Installing Asterisk

I have installed asterisk on several different linux distros but the easiest way to get asterisk up and running on a dedicated server is to download trixbox. Trixbox is basically a linux distribution that grew out of the Asterisk At Home distribution of a few years back. Trixbox uses a database back end to store configuration values but other than that it is very similar to a typical Asterisk server compiled from the vanilla source. Trixbox also bundles in several features including an apache server, mysql database, FreePBX web based management, HUD, flash operator panel, and community based forums that are very helpful in solving configuration issues.

You will need to:

Choosing Your Phones

I settled on GPX-2000 phones from Grandstream. I bought them from 888voipstore and everything went very smoothly and I got a very reasonable price. I paid $78.95 per phone for phones with every feature I could want. Configuring them to work with my Asterisk server was extremely easy as well. Grandstream phones come with a web based GUI:


Click to Enlarge

GrandStream Back End

Basically you only have to enter in the LAN/IP address of your asterisk box as your sip server and your phone works. Of course you still have to set up an extension on your asterisk box as well. Navigate in FreePBX to Settings-> Extensions and set up an extension number and choose a password like this:


Click to Enlarge

extension setting

Configure Asterisk for Inphonex

Inphonex is an asterisk friendly provider. Conveniently they have a simple configuration guide to setting up trixbox to work with their service. My working configuration is here:

allow=ulaw
canreinvite=yes
context=from-inphonex
disallow=all
fromdomain=sip.inphonex.com
fromuser=[myusernumber]
host=sip.inphonex.com
insecure=very
nat=yes
pedantic=no
qualify=yes
secret=[mypassword]
type=peer
username=[myusernumber]

My Register String:


Click to Enlarge

Inphonex register string

For further help you can always search the trixbox forums or contact Inphonex’s support.

Microsoft: Secure Wireless Networks With WEP?

I was planning on spending some time today rebutting a recent article on securing your wireless network on digg.com so I thought why not check out the trusty reference guide over at support.microsoft.com. I started digging around and found this gem. By now anyone that has a wireless router and cares the slightest bit about preventing unwanted intrusion knows that bypassing WEP (Wireless Equivalency Protocol) is trivial.( as I pointed out in my recent tutorial on cracking WEP with BackTrack). Apparently the folks over at Microsoft didn’t get the memo.

Here are some highlights from the article:

  • Enable the highest level of WEP that your hardware provides. WEP provides some security and is effective in deterring casual attempts by outsiders to infiltrate your network. Most 802.11b certified products can use basic 64-bit WEP encryption. By default, however, 64-bit WEP encryption may be disabled.

That alone ought to eat up about 15 seconds of a wifi hackers time.

  • Change the default Service Set Identifier (SSID) and passwords for your network devices. Access points/wireless routers ship from the manufacturer with default SSID and passwords which is the same on all devices made by that manufacturer. Leaving these at default makes it easy for a malicious outsider to gain access.

That would actually be good advice if they were coupling it with WPA encryption. Kismet can sniff out an ssid even when it’s not “broadcast”.

  • Purchase access points and network adapters that support 128-bit WEP. Some products only support 64-bit (40 bit key) WEP, and are not as secure. Note that some adapters may only require a driver upgrade to attain 128-bit WEP capability.

Brilliant.

  • Some access points allow you to control access based on the media access control address of the network adapter trying to associate with it. If the media access control address of your adapter is not in the table of the access point, you will not associate with it. If your access point has this feature, enable it and add the media access control addresses of the network adapters you use.

Your wireless adapter’s MAC address is broadcast constantly. Kismet or Kismac picks it up in a heartbeat. Spoofing your mac address might be a little harder in windows, but it’s a snap on the mac or linux. You can use ifconfig or macchanger and many other simple scripts.

So how should you secure your home wireless network? Well the home user should obviously ditch WEP for WPA. WPA uses a much stronger encryption technique. It can be cracked with a brute force attack but if you name your SSID with a long obscure name and use a sufficient passkey it will be very difficult for a hacker to compromise your network. The reason this is more effective is that the encrypted key is computed by using the SSID (broadcast name) of the router AND the passkey itself. For this reason WPA is not very secure unless you randomize your SSID by changing it from the default setting, ie linksys, default, belkin etc, AND use a random password generator (A good one is available here) you are fooling yourself.