Development

Getting more out of your project (including more users!)

Do you have an open source project, yet you feel that it could more users? You are not alone! Many other open source projects have the same problem. The good news is that with only a few steps, you can new and more active users. Time to learn how promotion can be done without the pushy tricks that marketing and salespeople use.

While ‘shopping’ for some libraries, it struck me how many open source software projects are suffering from basic mistakes. Well, mistakes might sound too harsh. What I mean are those things you find on a project, which could be better. They are usually things not considered by the developer, as we (developers) were never told about them.

Doing 20+ years of open source development now, I can safely say I made many mistakes. Time to get them all fixed and document them, part of the open source community. I’m Michael Boelen, and you may know some of my work, like Rootkit Hunter (rkhunter) and Lynis. Here are some of the lessons I learned. You can use them next time when choosing a new open source project and make a better judgment call. If you are developer, then you can use these lessons to improve your own project.

The world has changed a lot in the last era, especially when it comes to computing. This applies also to the services we run on our Linux systems. Some of these services (like rlogin), were previously the defacto tools to do administration. Now they are considered to be bad and insecure.

What makes a service insecure?

Services can become insecure when they have characteristics like:

• No (or weak) authentication
• No (or weak) encryption
• Insecure protocols
• Running as root

Authentication insecurities

One example might be if a program only requires a password or pin, without any information like an username. This happens often in physical solutions, but sometimes also in software. The risk involved is two-folded: it is easy to guess and provides no (or weak) accounting.