LinuxMuse
Information, Ingenuity, Inspiration.

Looking at Lycoris Desktop LX

By: bilbrey on 2002-05-02 09:55:00

< articles home >

Section 1 - Who and What IS Lycoris?

Lycoris debuted in 2000 with a buzz-making new distribution name: Redmond Linux. When I first heard of it, two thoughts flashed through my mind. Is Microsoft dabbling in the waters, behind a thinly veiled front? Second, the implication here is strong interoperability with products sold by that more prominent Redmond corporate inhabitant. The latter is definitely a design goal for the distribution team. The former may be part of the reason for the branding change that happened this year.

The distribution is now touted as Lycoris Desktop/LX. However, what's publicly available is a lightly updated Redmond Linux, code-named Amethyst -- none of the new Lycoris branding is present. From reading in the forums on the Lycoris.org community site, it is apparent that the Lycoris branding will be prominently featured in the next edition in the Amethyst family, which is the pending Build 46 (Lycoris internal designation).

In 2000, I tested a couple of betas from what was then Redmond Linux. These were works in progress, with glitches galore, and some real gems in the making. Overall, at the time, I found that it was extremely significant that the installer they had chosen was not as stable as could be. For ease of use, installation must be flawless. Yet they had chosen the Lizard tool, which originated at Caldera. This may reflect the experience of Joe Cheek, Founder and CTO of Lycoris, since he was the co-author of a Caldera Linux book. (Small world, eh? See this Linux book, too!) Familiarity makes a good argument for choices.

Time has passed, and it's time to have a fresh look at the Linux distribution that's coming out of Microsoft's backyard. Herein I'll review the installation, security, desktop and applications in the current publicly available version of Lycoris Desktop/LX.

Section 2 - Installation

As I noted in the previous section, Lycoris uses a re-branded Lizard installer which is fundamentally identical to the original used by Caldera in their 2.4 series distribution. Since I covered an extremely similar installation with screenshots extensively in another forum (but be careful about that link, with images, it's a 1.8M html page), I'll pass on inflicting ALL of that on you. Instead, I'll just display selected tidbits.

A tip of the hat goes out to VMware for their generally excellent software - I used VMware 3.0 workstation to capture all of these installation images.

There are only two options in the installer: Install Redmond Linux Personal or Safe Mode Install. If you've got non-supported video hardware then you'll be using the latter. However, on my Acer laptop, there were no problems with a standard installation. I used Safe Mode in VMware because of the emulated video support.

Once started, there's a minute or so of autoprobing for all the assorted hardware that Lycoris might recognize. This is reflected in a modified boot screeen, where progress through the various add-in cards, chipsets and such is shown, one item at a time. When an item of specific type is detected, the line is marked with an OK, otherwise it's shown as Skip. No user interaction is needed at this time, but I recommend paying attention. For example, if you *know* that you have a SCSI card in the system, yet the relevant line reads, "Probing for SCSI hosts......Skip", then you know you're going to be running into trouble. Perhaps switching to a console and manually loading a driver module will do the trick in this sort of case. I had no issues, however.

Hardware detection is followed by a welcome screen which is full of the sort of marketing pap that one comes to expect from long experience with Windows software - I'm sure it will reassure those that need such. Click Next on this (and ensuing dialogs, I'll only mention it this once) to continue. The first item of configuration is the Select Mouse, as shown in Figure 1.

Select Mouse dialog during installation process

Figure 1 - Select Mouse dialog during installation process

I was most impressed here. Not only did it properly detect the mouse as presented in the VMware guest installation, but on the Acer Laptop, it picked up and configured the touchpad and the USB mouse and configured them BOTH for simultaneous use, both during the install, and in the running X configuration when the system came up. That's a first for me, as I usually have to manually add the external mouse later. One MusePoint awarded.

In quick progression, I dealt with the Keyboard and Video card configurations, then we reach the cryptically-named Select Target screen. What it's referring to is the target disk/partition for installation, but someone unfamiliar with Linux terminology is going to be wondering what this Target thing is all about. The dialog is shown in Figure 2.

Select Target dialog: Partitioning

Figure 2 - Select Target dialog: Partitioning

All of the options in the Select target dialog are standard Linux fare, including the obligatory "Update my existing installation" item in the list of options. My opinion on upgrading is DON'T. There are too many ways that upgrades can go wrong. Since you're backing up anyway (you do keep good backups, right?), make sure that you backup your /home, /etc and /usr/local (those are my choices, anyway), wipe the system partitions, and install a new system from scratch, then restore your data if necessary (and you can adapt key configuration data from the reserved /etc directory tree). Another MusePoint awarded for only having one confirm step in this process. I detest programs that ask me over and over again if I really really want to do what I just said.

In both installs for this review, I chose the "Use the entire hard disk option". It's the most likely option for a new user, and the fastest, easiest selection available. On the following screen, I select a (or the only) disk, and prepare the disk for Linux (by clicking on a button labeled "Prepare selected disk for Redmond Linux") This created on my Acer a root partition (for system data) of about 2G, a swap partition (for virtual memory) of about 260M, and a home partition for user data that took up the rest of the drive. The filesystem used is EXT3, the journalling-enhanced version of the standard Linux EXT2 fs. If I had taken a more expert route, I could have chosen from among ... EXT3. Heh. Father knows best, huh?

After partitioning and formatting, the Installation proper starts. While the rest of the configuration items are set, the software packages that comprise the Lycoris distribution are copied and installed from CD to the hard disk. Progress for installation, then post-installation is shown with a progress bar in the lower left of each dialog from this point forward.

Here's a list of the balance of configuration screens in brief. There are no questions asked that someone who's installed Windows and setup networking once or twice before can't handle. There is context help available in each dialog.

Minus half a MusePoint for not offering GMT or Local time from the hardware clock in the Time Zone dialog. Local time is assumed, which is fine only if you're moving from Windows. Linux boxes run best with GMT (aka UTC) from the hardware clock, and then a timezone correction applied. Also, I wish they'd say which bootloader was being used. The Grub identifying message flashes by awfully quickly during a normal boot. With both Grub and Lilo configured and present, I'd wish that Lycoris would just say which they used, during installation.

Clicking on the Finish button on that last screen restarts Linux in a sort of hot boot (no regressing all the way to the BIOS POST screen), and ends up at the KDE login manager dialog, in front of a very pretty scene. This is shown in Figure 3.

Lycoris (Redmond Linux) KDE Login screen

Figure 3 - Lycoris (Redmond Linux) KDE Login screen

With that, installation is done. Time to get to work. Now let's have a look at the security on this distribution.

Section 3 - Security First

I'll be brutal about this: The very first thing that I do with a freshly installed distribution is run nmap on it from another box, to see what's open. I read in another Lycoris review (after I finished the first draft of this document, it was Linux For The Everyday Desktop - The Lycoris Experience on monolinux.com) that "It's secure out of the box (no Apache or other server applications means there's no worrying about updating these programs with the latest security patches)." Uh-huh. Here's how Lycoris really stacks up:


bilbrey@garcia:~$ nmap gryphon

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Warning:  You are not root -- using TCP pingscan rather than ICMP
Interesting ports on gryphon.orbdesigns.com (192.168.1.9):
(The 1547 ports scanned but not shown below are in state: closed)
Port       State       Service
111/tcp    open        sunrpc
139/tcp    open        netbios-ssn
515/tcp    open        printer
631/tcp    open        cups
963/tcp    open        unknown
6000/tcp   open        X11
32775/tcp  open        sometimes-rpc13

Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

Harumph! RPC from the portmap daemon's there. Are we expecting an NFS environment for Desktop/LX? The NetBIOS service is unsurprising - MS Network integration is a prominently featured attribute of this distribution. Two different printer listeners, one (on port 631) for the CUPS administration and printer URI, the other is ... what? I don't want to offer either (and not just because there's no printer attached to this box). Then there's X11 and the unknowns. While it's not offering telnet or FTP, I sure wouldn't call this "secure out of the box"

Well, there's some cleaning up to do, and this box doesn't present SSH as a first boot service. This is not a server install, that's for sure. I fire up the KDE Control Center (aka Control Panel) from the My Linux System window (open that from the desktop). Then I navigate to System Settings, and open the Services item. Mmmm. All of the options are grayed-out, and there's a button down in the lower left corner that says Modify. Clicking on that gets me a prompt for the root password, then activates the module for changes. This is shown in Figure 4.

Control Panel, Modify Services, OpenSSH selected

Figure 4 - Control Panel, Modify Services, OpenSSH selected

While there, in addition to turning on SSH, I'll shut down the AutoMount Daemon and the Print server options. I'll leave Samba in place, since that's a big part of the feature set of this distribution that I want to look at later. Now that SSH is up, I can login, and use some command line tools to clean out that lovely yet abundant nmap listing. Ideally, what I want to see right now is just ssh and netbios-ssn. I'll probably break some functionality in the process. But fixing things to run securely is part of the joy of using Linux.

Checking in /etc/inittab, I see that the default runlevel is 5. That's multiuser, networking with X11. So the place to turn my attention is /etc/rc.d/rc5.d for a look at the start scripts for that runlevel. Mmmm, once there, I see start links for all services, including those I've shut down. Let's track through a reboot and see what starts this go-round. OK, a service turned off in the GUI stays off. That warrants some exploration.

To follow a boot, start off with the file /etc/inittab. This shows the order in which things are started, where they're called from, etc. However, some dedicated script reading didn't yield the gold I was hunting for, so I fell back on my tried and true technique:


gryphon:/etc# touch newest

That creates a file, empty, but with a timestamp of right now. Then, using the GUI tool in question (in this case, Control Panel --> System Settings --> Services, as before) to make a quick change and apply it. Then I can use the find command to locate files that are even newer than the file I just touched... This trick comes in very handy when every distribution I touch puts things in slightly different places.


gryphon:/etc# find . -newer newest
./sysconfig/daemons
./sysconfig/daemons/amd
./sysconfig/daemons/cups
./sysconfig/daemons/sshd
./system.cnf
   ...

Ahah. /etc/sysconfig/daemons/ is the path I'm searching for. I need that, because there are services that aren't listed in the GUI that I want to disable. Now, I'd turned ON amd (the AutoMount Daemon) in order to locate this directory, let's see how to turn it off manually:


gryphon:/etc/sysconfig/daemons# cat amd
IDENT=AMD
DESCRIPTIVE="Auto Mount Daemon (NFS & local)"
ONBOOT=yes

Well, that's easy as pie. Change the ONBOOT option to no, and type /etc/rc.d/init.d/amd stop to shut down the service now. Repeat that for portmap, and I'm more than halfway home. Now, I need to ID the specific service that running the printer daemon, I'll take advantage of the lsof command for that. (lsof is a utility to list open files, I can use it to list open network connections, too).


gryphon:/etc/sysconfig/daemons# lsof -n | grep LISTEN
inetd      740    root    5u  IPv4        615               TCP *:printer (LISTEN)
smbd      1413    root   10u  IPv4       1044               TCP *:netbios-ssn (LISTEN)
sshd      1432    root    3u  IPv4       1067               TCP *:ssh (LISTEN)
kdm       1502    root    7u  IPv4       1175               TCP *:32768 (LISTEN)
X         1515    root    1u  IPv4       1179               TCP *:6000 (LISTEN)
kdm       1516    root    7u  IPv4       1175               TCP *:32768 (LISTEN)
sshd      1669    root    6u  IPv4       1909               TCP *:6010 (LISTEN)
sshd      1700    root    6u  IPv4       2143               TCP *:6011 (LISTEN)

All right! That's progress. The printer's moderated by the inetd daemon. X and kdm are the other two things I want to shut down, but those are individually configured. So, to attack the printer listener, I'll edit the /etc/inet.d/cups-lpd file (I found that by reading /etc/inetd.conf), and comment out the printer line. Then I can restart the inetd service by typing /etc/rc.d/init.d/inetd restart

To fix up kdm, add the following line to /etc/X11/kdm/xdm-config, at the top of the "DisplayManager" section:


DisplayManager.requestPort:     none

To keep X from listening on an external port, edit the file /etc/X11/kdm/Xservers. Change the line below to read as shown (the bold stuff is what I added).


:0 local /usr/X11R6/bin/X :0 -nolisten tcp vt05

Now, to get these changes incorporated, I'll reboot again (or simply take the system down to runlevel 1 (from a local console, not remote, using the telinit command), then use Control-D (when prompted) to bring the sytem back up


gryphon:/etc/X11/kdm# telinit 1

That's it, a fresh nmap run should show only SSH and NetBIOS connections, and indeed that is the case.


root@garcia:/home/bilbrey# nmap gryphon

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Interesting ports on gryphon.orbdesigns.com (192.168.1.9):
(The 1552 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh
139/tcp    open        netbios-ssn

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

You'll note that I haven't done anything to ensure that the Samba daemon (that netbios-ssn listener) is secure. It isn't, no getting around it. Here's my hard and fast rule: If you run the Samba daemons on a computer, then do NOT connect that box directly to the Internet. Set it up behind a firewall. Otherwise you might as well have "HACK ME" tattoo'd on your forehead.

I haven't any MusePoints to hand out here. Lycoris has decent security setup for the likely installation environment: coexistence with an installed base of MS machines, behind a firewall. They'd get a point for running nothing but ssh on first boot, and requiring active service initialization and configuration. I'll bow deeply to the first distribution that says, during installation, "Our default installation doesn't enable any external services whatsoever by default. Check this box if you want an SSH server running. All other services must be properly configured and enabled after installation is complete. You're safe, installing Distro X on an Internet-connected box."

I can dream, can't I? Anyway, now that we've locked down the box considerably, we can have a look at just what's installed in the Desktop/LX distribution.

Section 4 - First impressions

The philosophy apparent in Lycoris's distribution is that while choice is good, it is the distribution's responsibility to choose wisely for the new Linux user. I think this may be a good thing. Overwhelming a Linux newbie (of the Aunt Mildred class of user) with not only a subtley different interface, but also literally hundreds of new applications would be a Bad Thing (tm).

Breeding familiarity

Lycoris starts with a KDE desktop that isn't themed like an MS system (although it could be). The interface is distinctively KDE flavored, and that's good. Early on, I found that when I made the look and feel of the UI resemble Microsoft products too much, I tended to use keystrokes and expect behaviours that I'd find there. Linux on the desktop is not identical to Windows, and it won't be. I like an interface that reminds me of that.

However, if things are too different, then a transitioning user will become quickly lost. In place of the stylized K to mark the menu button, Lycoris has in the lower left of the screen a multicolored button marked GO. For people that aren't positionally oriented, this helps significantly. On the desktop itself, there are just four icons: My Linux System, Network Browser, Personal Files and Recycle Bin. I'd imagine that the correlation with known interfaces is pretty easy for most users. My Linux System is shown open, in Figure 5.

My Linux Services window

Figure 5 - My Linux Services window

Note that while the names of things are different (and perhaps a bit more informative), there's very little that's unfamiliar or hard to figure out. The only confusion that I might have is the Floppy Drive listing, since there is none on my Acer laptop. However, there is a floppy controller, so the part of the hardware that a driver sees is present. Should I try to access the drive, it would show just as if there were no diskette in the drive, and that's fine. We'll look at the control panel later.

I'll also reserve a discussion of Network browser for the Distinctive tools section coming up very shortly. Personal Files is a direct link to a data sub-directory for the logged in user. Note that this is not the user's home directory, but a subfolder of the Desktop "folder" in the user's home. This makes it easier to segregate user data files from user-specific configuration files for the neophyte.

Recycle Bin is a tool for assisting users in the prevention of accidental file deletion. Please note that this is ONLY useful in the window manager. If you type rm somefile at a command line, it will indeed just remove that file, no questions asked. However, default file delete behaviour in KDE (using the file manager, by selecting files, and pressing the Delete key) is to move a file to the "Trash" rather than actually delete it. A right click context menu offers the ability to explicitly Delete as well.

The primary tool selections available in Lycoris are Mozilla for browsing and email, gFTP for FTP access, and the KOffice suite for productivity software. There is also a reasonable sub-set of programs available for games, utilities (Accessories), digital photo and art programs, Music and video software, and system tools. I'm not unhappy with their choices. Here's a list of some of the more popular sofware packages that come with installation of Lycoris Desktop/LX:

Versions of Key Packages

For a distribution version that's several months old, Lycoris Desktop/LX isn't doing too badly. They updated several key packages in January. The Linux kernel version is 2.4.12, XFree86 is at v4.1x. KDE is version 2.2.2, and Mozilla is a snapshot from January 9th.

Updates are done with a special program accessed through the menu system: GO --> System Management --> Update Wizard. In brief, intuitive steps, updates are located and described. This stage of the updater is shown in Figure 6.

Redmond Linux Updater: Available software updates

Figure 6 - Redmond Linux Updater: Available software updates

As of this writing, only two updates are available to the package set released in January 2002. These are zlib and OpenSSH, both of which experienced major vulnerabilities in the intervening span. I'm pleased to see them here. I do wonder how Lycoris is handling code that's compiled statically against zlib (meaning that other programs can be vulnerable even after the update). I'll ask them.

With both available packages selected, clicking on Next downloads, verifies and installs the software updates. The installation step requires entry of the root password. I like that setup. Only give the password (and thus the permissions) out for the step that requires it. One more MusePoint in the jar.

Now let's proceed to the Distinctive Tools section, where I'll show you the bits that really make Redmond Linux ... err, Lycoris shine. [Darn, that difference in branding keeps biting me!]

Section 5 - Distinctive tools

Here's where we're going to find the golden parts of this distribution. The number one complaint I hear from users who want to move from Linux to Windows is how challenging it is to access their data on other Windows machines. While it's not really hard to configure network access to SMB shares on Windows boxes, there are no good tools for simple GUI access... or are there?

Welcome to Network Browser. This tool is the number one reason I've been meaning to get back to this distribution. Click on the Network Browser icon on the desktop, it goes out and finds every SMB-capable machine on your network. Click on one of those, and you're prompted for a user and password valid for that machine. Quickly you're where you want to be, as in Figure 7.

Lycoris's Network Browser at work

Figure 7 - Lycoris's Network Browser at work

It's every bit of that easy. Two MusePoints for Lycoris on this one. Now, let's see if I can figure out how to setup permanent mappings... That would be excellent for most users in transition. Nope, nothing GUI that addresses that need. There is a good, complete explanation of how to configure more permanent mounts and automate the user/password authentication step. The tutorial was written by Ken Puckett, and it is found here.

Another area where I find that Lycoris has done a good job is in the KDE Control Center (aka Control Panel, from the My Linux System window). They've created a deeper menu system that makes it easier for people to find (and change) the most common items, and put the less frequently accessed configurations behind an "Advanced" label in each major section.

I could go on and on, but let's wrap this thing up.

Section 6 - Summary, Resources and More

Summary

I find myself liking this simplified distribution. Lycoris has managed to perform a fair balancing act between ease of use and access to power. I'd recommend it for someone new to Linux, but comfortable in Windows. Desktop/LX is available for between 30 and 40 dollars US, depending on the edition, and comes with 60 days of email support. I have exchanged a couple of emails with them, and imagine that they're capable of answering your questions as well as they did with mine.

I'd like to test out the beta edition of Lycoris, but although I was told it could be found, I've had no success. I'll return again, when I can get my hands on something new to talk about.

Lycoris Desktop/LX, aka Redmond Linux Amethyst, aka Build 44 is a solid, easy to install distribution. I can recommend it. In the course of this article, I awarded it a total of 4.5 MusePoints. These are subjective, and on no determinate scale. Therefore they're useless for purposes of comparison with any other reviews I might write. However, a review that gets no points does mean that I didn't find anything standout to compliment. We'll see how the ratings develop over time, since I just invented it.

Collected resources

Riding into the sunset

As always, expect to find more Linux distributions reviewed here on as frequent a basis as I can manage. If you subscribe, then you'll get us one step closer to being able to do this full time - We love to help people, but there's rent and food to pay heed to...

GNU Emacs version 21.1.1 was used in the construction of this article, running on a Gentoo Linux v1.1a workstation. The raw XML is processed via PHP code written by Greg Lincoln. Presentatioon is via PHP, MySQL, and CSS, courtesy of Greg and Brian (but mostly Greg).

This article is Copyright 2002 by Brian P. Bilbrey. All rights reserved. Brian is a California-based geek, an author, administrator, technical writer, product designer and husband. He enjoys reading, fishing and hiking, but is usually found behind a keyboard or three instead. It's not his fault, he watched too much British comedy on television during those all-important formative years.

< articles home >






RedHat Linux mod_gzip Apache mysql PHP

Linux is a registered trademark of Linus Torvalds. Linux systems contain a large component of GNU Software, see www.gnu.org for details.

All other brand and product names are or may be trademarks of, and are used to identify the products and services of their respective owners.

All other content Copyright (C) 2002 Linux Muse. Powered by MagaMuse v0.3.5, (C) 2002 Greg Lincoln.

Other Legal Stuff ... Privacy Statement