Home Linux Community Community Blogs Business (or Enterprise)

Community Blogs

VPN-O-Rama : IPCop to IPCop with IPSec

After a short introduction ( it's time to face the facts and see something practical.

As previously mentioned I'd like to focus on ready made Linux distros so you can create a VPN connection on the fly and easily in just few easy steps. In my first episode I'll approach IPCop ( and I'll create a VPN connection between two IPCop machines, screenshots are something nice to see but our first step is to plan the example.

This example is built in a private network with virtual appliances, you can obviously modify it to fit your needs, I'll use fake names and networks, translate them to your current network if needed


Network topology:




Headquarter (Coruscant)

Subsidiary 1 (Alderaan)





Linux Distro

Private IP (LAN)

Public IP (WAN)


IPCop v1.4.21


IPCop v1.4.21


For simplicity I've two private and separate networks (representing two offices) connected to a private net ( representing the Internet. It's an easy example quite portable to everything. I also have static IP Addresses (LAN and WAN) and no NAT traversal troubles around (at least in this example, I'll come back with NAT traversal and dynamic IP addresses later...).

IPCop installation is pretty straightforward, I'll assume you're familiar with it or you can install it without serious issues (or let me know and I'll write something for you if needed); from a basic installation without additional modules or plugins you've everything you need to setup an IPSec connection between your machines.

I'll use IPCop IPSec built in capabilities to set everything up, first connect to your machine in you headquarter (Coruscant), just go to:, then select VPNs Menu and choose VPNs option or go directly to if you prefer. Here's what you see with a clean installation


If you've done some tests or you've some previous configurations you may press “Remove all CA and certs” to wipe everything. If you want to use IPSec on this host you need to check the “Enabled” flag (on top left) and issue a fully qualified domain name (FQDN) or public IP address for this machine (in our case is than it “Save” button to start IPSec on IPCop.

Now as your first step you'll create root/host certificates, press “Generate Root/Host Certificates” to create an X509 cert from Coruscant firewall (, in the next screen you need to fill some data related to your host and office, here are mine :

You've just created an X509 certificate inside your firewall (Coruscant) with a root and host certificate for your machine, here's what you'll see after this:

Now save your root and host certificates by hitting the two little disk icons on the bottom right (download root certificate / download host certificate) and name them as:

  • cacert.coruscant.pem
  • hostcert.coruscant.pem

Now we need to do the same in the other IPCop machine (Alderaan), here are screenshots taken from :

Generate Root/Host Certificates button

hit Generate Root/Host Certificates button and here's the result

Now save your root and host certificates by hitting the two little disk icons on the bottom right (download root certificate / download host certificate) and name them as:

  • cacert.alderaan.pem
  • hostcert.alderaan.pem


Importing Certificates on both sides

Now on Coruscant firewall ( you need to import Alderaan root certificate, in VPN page type “Alderaan” as CA Name and select cacert.alderaan.pem by hitting the “browse” button, see image for details:

Hit “Upload CA Certificate” to continue, here's the result

Now you know Alderaan certification authority on this machine and you're ready to create a VPN tunnel, let's do the same on Alderaan firewall (, see screenshots:


Ready, Set, Go !

Where's my VPN tunnel ? Relax, we're creating it now; we've done the tough part related to certificates and authorities, now let's establish the tunnel.

On Coruscant firewall hit the “Add” button in the middle of “Connection status and control” tab so you can decide the type of VPN connection; we're trying to connect two networks so we choose Net-to-Net Virtual Private Network in the following screen, then we press add to continue (screenshot)

Now fill remote data (Alderaan) with proper values, as you may see they match remote Alderaan network ( and Alderaan public/static IP address.

In the authentication section you need to select “Upload a certificate” and use hostcert.alderaan.pem certificate downloaded before, in the bottom of the page hit the “Save” button to continue,

you'll now see a new closed VPN connection on Coruscant firewall

Now do the same on Alderaan firewall to establish the connection, go to (Alderaan) and press the “Add” button to create a new VPN connection, select NET-TO-NET as done before


Now fill remote data (Coruscant) with proper values, you're on the other side so you need to reverse everything: Coruscant network ( and Coruscant public/static IP address ( In the authentication section select “Upload a certificate” and hit “browse” to select hostcert.coruscant.pem , see the screenshot

Then press save on the bottom of the page to continue


Yeah ! we're up and running

Now these two networks are fully connected and working, I hope you'll benefit from this article and find it useful for your work; let me know if you want further details or additional information.

Next episodes will cover, different Linux and BSD distro, more configurations, NAT and dynamic IP addresses as well.



VPN-O-Rama: VPNs intro, practical HOWTOs

IPCop to PFSense with IPSec


Andrea Benini


VPN-O-Rama: VPNs intro, practical HOWTOs, screenshots

I've spent few days on corporate VPNs with few Linux and BSD distros and I've decided to write down some notes and publish few screenshots for practical usage, even for newbies.

I've read some docs but I've never found a quick guide with practical examples for newbies to create a VPN from scratch, in these episodes I'll create VPNs with real examples. As you may know you can create VPN between two machines/networks by using a lot of different security mechanisms like:

  • IPSec (my favorite) IPv4 and IPv6 capable

  • OpenVPN (SSL/TLS based), nice for roadwarrior connections but you may have troubles with NAT and firewall policies

  • MPVPN, never used it, I've seen it during certification exams but I really don't know who uses it

  • PPTP, Microsoft Point to Point encryption system, avoid it like a plague if possible, buggy and it had several security issues

  • SSTP, Secure Socket Tunneling protocol introduced by Microsoft with their Windows Server 2008 and Vista/7, seems to be nice but not so portable or available on third party systems

  • DTLS, mainly from Cisco Systems


There are even more VPN solutions but mostly proprietary based, this saga has several different achievements in mind:

  • It has to be portable. I'd like to use my favorite security mechanism with available hardware or software, we don't want to rely on specific OS or platform. I even want to use it on very cheap hardware or embedded devices (read: high class smart phones)

  • It has to be secure, so we don't want security issues or known troubles around us

  • It has to be free and publicly available so everyone may take a look at it


When you need to connect two different hosts/networks you may have different scenarios:

  • you need to connect a single host to a remote network

  • you need to connect a network to a remote network

  • you've public and static IPs on on both side

  • you've dynamic IP at least on one side

  • you've one or more firewalls in the middle with one or more blocking rules (and sometimes you cannot modify them)


As you may know from the top I'd like to use IPSec because that's what I'm using now for these reasons:

  • It's available everywhere, from cheap DLink DSL routers to heavy BSD servers, it's not tied to a particular operating system

  • It's stable and solid

  • no security issues (yet) [ is it real or a fake ??]

  • IPv4 and IPv6 ready

  • few troubles with NAT'd networks compared to others

  • works great with static IPs (and that's my case), but even with dynamic if you cheat something; by the way I'll show you even something more from OpenVPN, that is my favorite roadwarrior solution


I'll start with IPSec in different scenarios but I'll go further with other solutions like OpenVPN or PPTP if you want, I'll try to publish a single and detailed article for every case or you can suggest me your needs.



If you've a lot of time and you'd like to know everything on IPSec you may take a look at (, it's a good guide for a Linux sys admin. Also read Openswan documentation (, Openswan is an implementation of IPSec for Linux. It's quite hard to start from scratch with Openswan on the command line but this is the definitive guide (now) for it. If you've enough time to set everything up and fine tune every aspect of your connection I suggest you to use only these components: the Linux kernel, IPTables, Openswan. If you've limited time and you want to deal with ready made distros oriented to firewall/VPN solutions you may follow next articles.


Next Step:
IPCop to IPCop with IPSec

IPCop to PFSense with IPSec


Glad to read your comments

Andrea Benini



Mouse/Keyboard not responding on VMWare Player with Linux

Many of you use everyday virtualization products to emulate other machines and run specific tasks on them.

As many of you already know I only use Linux machines at work, it ain't that easy if you need to survive in a corporate Windows forest (AD controller and windows environment) but I'm still fighting for it. Sometimes you need to use certain Windows apps or developer tools and you don't want to install WINE or something like that, as many of you I use customized and virtualized Windows machines. VMWare player outside "mainstream" distros have some lacks or troubles, expecially when you deal with GTK.

it happens to have mouse garbled, or if you move it inside VMPlayer window it disappears or acts in a weird mode, the same happens to the keyboard (not proper working), after a while I've figured how to solve it, it's not that strange or particular, it's a quite known problem and the fix is quite easily available if you use google for a while.

If you work with the latest version of Gnome your VMWare Player won't work well because it was supplied with previous version of GTK, even if you have "grab when cursor enters window" option set. It won't grab the pointer and it looks strange when moving it inside the VM Window, I hope this workaround will help you until VMWare solves compatibilities with the GTK library (and even release a VIC/vsphere like client for linux !!!).
You need to force VMPlayer to use shipped version of GTK. here's what you need to do:

  • locate vmplayer program path (`which vmplayer`), /opt/vmware/player/bin/vmplayer in my linux gentoo distro
  • It's a text file so you can edit it with your favorite editor (nano or whatever)
  • add a line with  `  export VMWARE_USE_SHIPPED_GTK="force"   ` after "set -e" line, so it will look like:
# is installed.

set -e


line "export VMWARE_USE_SHIPPED_GTK="force"" is what you need to add, it works even with "export VMWARE_USE_SHIPPED_GTK=yes", choose whatever you like


Now when you run it you'll see an application with a bad look, the older GTK version is used there and it ain't that nice but at least it works fine

Now run your favorite virtual machine and you'll see no mouse garbling now. This solved my troubles on Gentoo but even with other distros. Hope it helps


Glad to read your comments

Andrea (Ben) Benini



Easy backup with RSync, windows client configuration

Now for the latest article of this first rsync saga I'd like to share with you my current Windows clients configuration, as I've already explained, rsync is quite easy to understand and configure; in your windows client you only need these files:

  • rsync.exe
  • cygpopt-0.dll
  • cygwin1.dll
  • Copying.txt

Copying.txt is the GPL public license, it's needed only for license purpouses, the other files: 2 DLLs (cygpopt-0.dll, cygwin1.dll) and 1 EXE file (rsync.exe) are part of your solution. As you imagine these files are taken from a working cygwin installation: you can download them from the net, from a working cygwin environment or directly from [this link where I've provided them for you]. These files allows rsync to work properly and syncing your local disk with a remote RSync server.

Rsync has an excellent manual and configuration page, a ton of options ready for you, here's just what I'm using for my backups:

rsync --verbose --recursive --compress --delete --perms --owner --group --specials --stats --devices 
--links --times --exclude=”system*” “/cygdrive/c/backuphomedir/”
“array1_backup@myfavoritenas::array1_backup/ComputerID/” 1> “errorlog.txt” 2>&1

This is the raw command used for tests, of course you need to script it in a batch file or wherever you want. I don't want to enter into rsync syntax flags deeply when you've an excellent man page (like this one []), but briefly:

--verbose be verbose on operations, useful for generated log file
--recursive copy directory specified and go recursively into subdirs
--compress compress file data during transfer
--delete delete file from remote host if local files doesn't exists anymore
--group --specials preserve group and special files
--stats give some transfer statistics (again, useful for logging)
--devices preserve device files
--links preserve links
--times preserve modification times

This command works with previous samples from past episodes, now pay attention to parameters related to your own machine settings like:

/cygdrive/c/backuphomedir/ it's the home dir where you want to start from copying your data, for Windows users the translated path is “C:ackuphomedir“, I've reported “/cygdrive/c/backuphomedir/” because cygwin environment starts with “/” (as UNIX), then it appends “cygdrive” (all local drives) then the name of the Windows drive “c”, then your backup sourcedir; (backuphomedir).

--exclude flag: directories to exclude from your backup path (inside c:ackuphomedir), so directories starting with “system” (like: c:ackuphomedirsystem, c:backuphomedirsystem32, …) will be excluded from your copy. Why ? Because I store rsync, DLLs and my batch file inside this dir

array1_backup@myfavoritenas::array1_backup/ComputerID is the rsync path where you want to sync your data, “myfavoritenas” is the machine name, “array1_backup” are username and “rsync share point”. ComputerID is just a directory inside your rsync share point, use different directories for different PCs so you've a dir for each pc of your net (use MachineID, username or whatever you want).

errorlog.txt is my log file where rsync operations are stored, very useful for further readings

If your rsync share point has a password as mine you need to type it on command line if you're executing this command as it is; if you're scripting it into your own program you need to export a Windows variable called RSYNC_PASSWORD (set RSYNC_PASSWORD=”your pass”) to have it running, read rsync manual page for details.

Be careful about locked files, rsync and every windows program will fail the backup if the file you want to copy is locked by someone else, an example ? Take a look at Outlook .PST files, you cannot copy them when Outlook is opened

Here are few considerations for applying this solution in a real environment, here's my experience:

  • I've set a “resume time” in BIOS for every PC I've in my net (example: wakeup at 00:01 am)

  • I've inserted a scheduled job (windows scheduler is fine for me even if it's nothing fancy) which runs a C++ application created by me (example: start app at 00:30 am)
  • My applications acts as a wrapper to rsync, makes its own copies and so on
  • When copy is finished to powers off the PC again, if the PC was already on (user leaved the computer on from yesterday) I leave it on by checking computer uptime

That's it !


Why using this kind of solution against others ?

  • GPL, no license fees, easy configuration, easy customization

  • Easy server installation, no custom packages or services, rsync is well known for its simplicity and configuration
  • RSync support and documentation is HUGE across internet, there're a lot of things done with it
  • Multiplatform: linux/OS-X/Windows/... you don't care about the operating system, you just need to have rsync compiled (cygwin for windows is ok) but you can also have your XYZ operating system or whatever you want. Not so many backup solutions have a port for nearly every existing platform like rsync has
  • No installation on Windows platform, I know, this is a rude solution but it works fine and flawlessly; I've just paired windows scheduler with rsync. No setup, no install, no virtual machines/.NET/... just copy the files

This episode concludes my first RSync saga, nothing strange or complex, just a common use of rsync in a real environment for handling daily operations in a network.


Previous Steps:
Easy backup with RSync, introduction
RSync server side config on linux platform
Linux RSync client side configuration
Windows RSync client side configuration


Hope it helps you to save time

Glad to read your comments here if you find it useful


Andrea (Ben) Benini


Easy backup with RSync, linux client configuration

After the basics and the server configuration here's a quick 'n' dirty example of my linux client configuration.

Each Linux client (but generically speaking a UNIX or OS/X client) only needs the rsync program installed, no additional dependencies, each linux distribution has it, just type:

~$ rsync --version
rsync version 3.0.6 protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, no xattrs, iconv, symtimes

rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.

To see if it's properly installed.

This example coming from real world is connected to an RSync server as detailed in my previous article,the script itself is not complex, it just feet my needs and I use it with cron each day, in the first section there is a configuration part for remote host setup, the second part is where the business logic resides, a little bit of logging is inserted as well

~/bin$ cat backup.rsync
# Sync sensible data of this pc to a remote rsync host

# Configuration Section, change your parameters below

# Remote host name

# RSync connection on remote host (username as well)

# Remote directory name where rsync copies will be created

# Local directory name to sync (not the whole disk...)

# RSync password for the connection (see rsyncd.secret)

# Exclude FILES
--exclude "$HOME/.Trash" --exclude "$HOME/.bittorrent" --exclude "$HOME/.dbus" --exclude "$HOME/.evolution" --exclude "$HOME/.fontconfig" --exclude "$HOME/.gnochm" --exclude "$HOME/.icons" --exclude "$HOME/.macromedia" --exclude "$HOME/.metacity" --exclude "$HOME/.mozilla" --exclude "$HOME/.mysqlgui" --exclude "$HOME/.nautilus" --exclude "$HOME/.nx" --exclude "$HOME/.python" --exclude "$HOME/.qt" "

# Business logic, don't change anything below this line
--verbose --recursive --compress --perms --owner --group --specials --stats --devices --links --times --delete $EXCLUDE_FILES "

# Exec command
RSYNC_COMMAND="`which rsync`"
DATE_BEGIN="Begin : `date`"
if [ "$1" != "" ]; then
echo "End : `date`"

echo $DATE_BEGIN >> $LOCALE_DIR/backup.rsync.log
echo "End : `date`" >> $LOCALE_DIR/backup.rsync.log

As you can see from example you can invoke this script just by typing:

~/bin$ ./backup.rsync

If you provide an additional parameter on command line you can store rsync operations in a log file (backup.rsync.log)

~/bin$ ./backup.rsync log


Glad to improve my example if someone of you wants to contribute or add something
Next article covers windows client configuration, stay tuned

Windows RSync client side configuration

Easy backup with RSync, introduction
RSync server side config on linux platform
Linux RSync client side configuration
Windows RSync client side configuration


Glad to see your comments
Andrea (Ben) Benini


Easy backup with RSync, server configuration

Now after this quick solution preview I'd like to share with you my current rsync server configuration, as I've already explained you rsync is quite easy to understand and configure, just install it in your favorite distro and configure these things:

  • /etc/rsyncd.secret file, this file contains rsync shared connection and password
  • /etc/rsyncd.conf file, this file contains rsync server configuration itself

Now let's have a look of rsycnd.secret file, it's something like:

root@myfavoritenas:/etc# cat rsyncd.secret
.... (and so on)....

this config file was taken from my current NAS, each line have two columns: share name and password, in the example above share name is "array1_backup" and password is "idonttellmypasswdtoyou", more lines may follow depending on your config. Due to security reasons you cannot read the file except if you're root, so file have chmod 0400

root@myfavoritenas:/etc# ls -la |grep rsyncd.secret
-rw------- 1 root root 368 Jul 10 2009 rsyncd.secret

Now the big part is inside rsyncd.conf, let's have a look:

root@myfavoritenas:/etc# cat rsyncd.conf
uid = root
gid = root
use chroot = yes

path = /mnt/array1/backup/.
read only = no
auth users = array1_backup
secrets file = /etc/rsyncd.secret

This config has been taken from a Buffalo TeraStation, I think you may have something similar in your favorite distro, I don't like so much buffalo configuration but this is really simple and easy to understand, I can even attach a config from your favorite distro if you like.

As you can see there's uid/gid for rsync process (don't like to see root run it), rsync chrooting, and you can see a section for each share you define (array1_backup in my example)

Next: Linux Client Configuration

Easy backup in a Windows/Linux network with RSync
Easy backup with RSync, server configuration
Easy backup with RSync, linux client configuration
Easy backup with RSync, windows client configuration


Glad to see your comments

Andrea (Ben) Benini


Easy backup in a Windows/Linux network with RSync

This time I'd like to show you a really easy backup method using open source solutions as usual.

I mainly work as a network administrator in a company, keeping services running and having an efficient network is my primary task. One of my big troubles in the network is not related to servers or network physical backbone, troubles comes frequently from users and client desktop PCs, mainly Windows machines.

Problems are divided in two different categories: hardware and software failures; crappy PCs nowadays are frequent and cheap hardware is always a problem, software failures are mainly related to the operating system (mainly XP and Vista, no 7 in my net yet).

You cannot mess with hardware, you can try to buy better PCs or from well known hw manufacturers but if you're trying to recycle old PCs sometimes you run into troubles. Hard Disks are one of my biggest point of failuires. Operating system and mostly user misconfigurations also drives you to every kind of mess, in a regular network like mine corporate users don't have custom or strange apps, they're using Office Automation tools and few more; real problems comes from user custom data, not always backed up as it should be ("what are backups ?") and always locally stored on workstation hard disk even if they're not allowed to do it.
This solution covers data backup only, I don't care about applications setup, operating system setup or something more, just only data backup. In my case, in my network, operating system setup takes me just an hour and applications needed are only Office Automation tools as I told you before. One tool comes in mind to me to achieve this kind of backup: "rsync".

Here are main benefits:

  • You don't need to install additional software or tools in each client, rsync app compiled with cygwin comes with few dll dependencies, no install required
  • It comes for free, just deploy GPLv2 file with the license along with rsync files
  • no strange windows config on it, just need to schedule a task to run rsync periodically, windows scheduler is enough for running this kind of task
  • you don't need to rely on windows auth, permissions, samba, Active Directory or whatever
  • you only need a network and rsync server. RSYNC servers are really easy to setup, you can run them on linux (my choice) or windows or whatever you want
  • you've plenty of options for easy setup from client side as well as from server side

RSync server side config on linux platform

Easy backup with RSync, introduction
RSync server side config on linux platform
Linux RSync client side configuration
Windows RSync client side configuration

Hope it helps

Andrea (Ben) Benini


SOS Open Source: automated qualification and online selection of Open Source Software

SOS Open Source is an automated methodology to qualify and select open source software that uses data from directories, forges and meta-forges and creates comprehensive information.

SOS Open Source returns a score for each open source candidates, based on strength (stable, mature and backed by a viable community), level of support (either by a community or vendors) and promise of evolution (have readable and maintainable code).

Here is the home page of SOS Open Source


Why Open Digital Standards Matter in Government

The full text of the essay I wrote for the O'Reilly Open Government book is finally online at Stop!Zona-M. In it I discuss what open file formats and other digital standards really mean for us, why they are often even more important than Free Software and why Government must lead the way when it comes to their adoption:


Orange Juice vs Coke

It happened few days back when I explained about Open source technology in a Food Service forum.  I was telling about my Open source Point of Sale for Restaurants named  Floreant POS ( and the way vendor of close source products  reacted was very interesting.  Here I am sharing the conversation between Robert  Lehman, owner of a POS software company and me.

Why promote Open Source? Do you programmers not want to be paid for your work? What do you only want part-time editors making changes as their hobby? It just doesn't make sense to me. Please
explain if I've got it wrong, but that won't change my opinion.
Robert Lehman

Dear Robert, Open source is an established business model. Instead of selling
software license, open source model sells service (support,
customization, modification of reports etc). There are many successful
projects who left their source open and still making enough money to
Traditional software business rely on hiding source code and they may
get surprised how a software company can survive giving away their hard
Let me give answer your question with a layman's example. Think
-Source code is like Recipe for Cooking.
-Compiling can be compared to Cooking and
-Binary Executable are final cooked food. Now Closed source (Traditional) companies are those restaurants who hide
their recipe. They hide recipe because no other can produce same taste,
so they would make more profit and lock their guests. This model works
when cooks get sure their recipes are unique.
But we know there are already lots of Recipe books in the market and one
can cook delicious foods without special recipe. Most of the
restaurants in the world in fact runs with common recipes and people
eats there even though they could cook same thing at home. Interestingly all those generic recipe restaurants make business. How
can they survive? Reason is market is so big that one player cannot
capture the whole. Guests can find food in his area and whoever gives
better service makes better profit.
I told before that Close source works best when you have a special
formula which is hard to repeat by anybody(like Coca cola). In software highly researched mathematical program may be similar candidate, But
Restaurant business, Accounting App or ERP have almost similar business
process for many years. Literally there are nothing new and most of the
software we program reinvents the same wheel. In contrast to Coke, It
could be Orange juice where many companies can produce same orange juice
and make business.
In Assembly or machine language days all software companies were locking
business like Coke companies! There was a day when writing code
required huge time and compilers were expensive. Now paradigm has
changed. There are IDE, Wizard and tons of freely available snippets,
that reduced cost of software. So its proven that hiding source code now
give little advantage. In contrast if a programmer give away the source
code in public domain he may invite our competitors to work on same
code but market will expand dramatically. Such way it benefits a big community.
Not sure if you could get some idea from that. BTW there are tons of articles in internet and live example of projects like Apache, MySQL who are big companies based on open source technology.  You may be using Firefox - its open source too.



Help Get Coreboot Onto System76 Machines!

   Not too long ago, I had stumbled across a post on the Ubuntu Forums in the System76 support section. But first, perhaps I had better back up a bit.


  System76 is a computer hardware company located in Denver, Colorado. They are particularly unique because they offer Ubuntu Linux across their entire hardware line. All of their hardware is tested to be Linux-compatible, and there are numerous reviews from users that love their machines. To use a cliche here, It Just Works. For beginners and people that are new to the GNU/Linux world, this is the go-to for getting a machine that works out of the box with Linux. Heck, it's great for seasoned users as well!


   However, there is a small problem that plagues System76 machines. For everyday Average Joes, this isn't much of an issue. But, to Free Software enthusiasts, it's a glaring problem. Their BIOS are proprietary.


Well, that doesn't sound so bad, you say. But think about it. BIOS is the system software that runs on the motherboard. It is the system firmware on most desktop and laptop computers. For years, various middleware companies such as American Megatrends have peddled their own BIOS offerings onto machines. These BIOS often rarely get updates for years on end, and actually hamper capabilities of the machine itself. In this sense, BIOS can be restrictive.


However, a project exists called Coreboot. It was started in late 1999 to provide an alternative to proprietary BIOS, using a lightweight Linux kernel (or other boot extensions) to configure a system. It is capable now of running GNU/Linux, FreeBSD, and even Windows versions all the way up to Windows7 (No word on running MacOSX, of course).


The fact of the matter is, Coreboot is extremely flexible. It is also supported on a plethora of hardware currently, and herein lies the problem: although it supports quite a range of hardware, Coreboot is not officially supported on any laptops. A few netbooks support it, such as the Lemote Yeeloong. But there aren't really any laptops that ship exclusively with this Free Software BIOS alternative. I think System76 has a great chance to step up and support Free Software by adopting Coreboot.


And this is where we come in. I have started a petition to System76 to voice our opinions about Coreboot on their machines. I would love for everyone to take a moment to sign the petition and spread word throughout the Free Software community. This is a chance to have a hardware manufacturer truly support Free Software in North America with laptops, desktops, and servers for consumers. This is our chance to prove to the world that Free Software is profitable by voting with our money.


I have started the petition here, be sure to sign it and pass it along to anyone that might be interested!

Page 4 of 7

Upcoming Linux Foundation Courses

  1. LFS230 Linux Network Management
    06 Oct » 09 Oct - Virtual
  2. LFS416 Linux Security
    06 Oct » 09 Oct - Washington
  3. LFD331 Developing Linux Device Drivers
    13 Oct » 17 Oct - Virtual

View All Upcoming Courses

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board