Basically Tech - opinion

Malicious commands

nospam@example.com (Rob Newcater) — Wed, 28 Nov 2007 13:18:18 +0000

There's an alarming post on the Ubuntu forums warning of a recent trend whereby new Ubuntu Linux users are being tricked into running dangerous commands which will delete home directories, or overwrite the system disk, or the like.

One of the great strengths of Linux in particular and Open Source software in general has been the approachability and helpfulness of the community, and it seems some dweebs think its funny to exploit this openness and trick a new user to trash their system.

It's made me think. A significant part (**) of the security of a system lies in the users. Linux and Unix have always been professional operating systems, written by professionals, for use by professionals. When you use the command line to ask a *nix system to do something, the assumption is that you know what you're doing. That system won't ask you if you're sure you want to do what you've typed. It'll just do it. I don't think that should change. For me it's part of the attraction.

I've only used Ubuntu once. I was impressed, but not that much that I would leave the distro I currently use . It seemed to me that the Ubuntu people have made it possible to do pretty much anything you might want to do using the GUI, and this is the attraction that has brought in many (welcome!) newcomers to Linux. However the command line is far more powerful and flexible than any GUI, and as people slowly come to realise this and naturally start experimenting, I feel more issues of a similar nature may arise.

If you want your PC (running Linux or Windows) to remain safe and secure, you need to have a particular mindset. "Wary" probably describes it. "Keeping it simple" and experience definitely helps.

(** This is not to say that all systems are equal. Not by a long shot.)

Microsoft updates Windows without users' consent

nospam@example.com (Rob Newcater) — Thu, 13 Sep 2007 16:42:31 +0100

There is a small storm in a teacup brewing over recent events in which it's been confirmed that Microsoft has updated copies of Windows XP and Windows Vista without the users' consent, even if auto-updates have been turned off. Obviously these folks don't read (or is it "understand") the Windows EULA which they clicked on and agreed to when they first started their newly-purchased PC (or when they actually paid for and installed the software.)

Most users of Microsoft Windows seem to have their collective heads buried in the sand. The thing the don't seem to get is that Windows users are just that, users. They don't own the software, they have just purchased the right to use it. Microsoft explicitly retain ownership and the right to update their system as and when they choose.

I don't understand why people are acting so shocked. Windows doesn't belong to you. If it bothers you having a third party changing files on the PC you use without your permission, you can always use an OS which you do own.

Was Microsoft's first OS stolen?

nospam@example.com (Rob Newcater) — Wed, 01 Aug 2007 10:53:45 +0100

This is interesting.

In a book on American innovation, author Sir Harold Evans wrote that DOS inventor Tim Paterson relied heavily on an existing OS called CP/M (Control Program/Monitor) created by a programmer who has since died. Microsoft in 1980 struck a licensing deal with Paterson's company -- Seattle Computer Products -- to obtain access to DOS and resell it to IBM.
...
In his book "They Made America", Evans writes that Paterson, in developing DOS, took "a ride on" CP/M, which was created by the late Gary Kildall. Evans also wrote that Paterson's DOS operating system appropriated the "look and feel" of CP/M, copied its user interface, and "ripped-off" CP/M.

This is not the first time that people have claimed that Microsoft used stolen software or ideas in their products. But rotten to the root? Interesting.

Ubuntu rejects Microsoft deal

nospam@example.com (Rob Newcater) — Tue, 19 Jun 2007 14:27:55 +0100

Canonical, the corporate sponsor of Ubuntu Linux, has rejected an intellectual property deal with Microsoft because it refuses to reveal details of the patents that it claims are being violated in open source software. To quote Mark Shuttleworth, founder of Canonical:

"A promise by Microsoft not to sue for infringement of unspecified patents has no value at all and is not worth paying for."

This makes previous signees Novell, Xandros and (more recently) Linspire appear to be a little hasty, and it must be said, somewhat lacking in courage and foresight.

Microsoft, Linux, and patent questions

nospam@example.com (Rob Newcater) — Fri, 08 Jun 2007 12:42:08 +0100

Microsoft, after having struck a deal with Novell, have also been busy making Linux/patent-related deals with Samsung, Fuji Xerox, Xandros, and most recently LG Electronics.

The Novell deal has been in the news for months now, and has been commented on to death. I'm not quite sure what Xandros thinks it's going to gain from this. Perhaps some extra corporate business? Certainly, it's lost a lot of face in the Linux/FLOSS community. For a company with such a community-driven base product, can it afford to do that, long-term? Time will tell.

The other three, Samsung, Fuji Xerox, and LG Electronics, have rather more transparent motives. They were bullied. They spend lots of money on Microsoft products, and probably get huge discounts. If they agree to simply sign a bit paper which indemnifies them from being sued by Microsoft for something which Microsoft could never sue them for anyway, then the big discounts continue. Some Open Source enthusiasts might boycott their products, but it's small change compared to what they would lose.

A comment on the Computer Business Review Open Source Weblog seems to hit the nail on the head:

The suggestion is that Microsoft is not so much protecting its intellectual property as it is its business model. By creating a group of ‘patent-approved’ Linux vendors and discouraging enterprise adoption of alternatives via the threat of litigation the company would be able to stifle disruptive business models and innovation – all without ever proving any intellectual property infringement.

I think we can expect a lot more of these types of deals to appear.

A day without Open Source

nospam@example.com (Rob Newcater) — Fri, 11 May 2007 19:46:30 +0100

This interesting article hypothesises a day without Open Source software. It raises some interesting points.

For starters, the Internet would “disappear” for the average user. Most Domain Name Servers (DNS) are run on open source software like BIND, which turns www.whurley.com into the IP address of the appropriate server. The majority of basic Internet users would be literally lost in translation.

It's the readers' comments which raise some of the more interesting points. Imagine suddenly being without Firefox, Mac OSX (based on FreeBSD), Apache.

MSN couldn't handle load without open source.

Their sole load balancing solution is boxes from F5 Networks, all running embedded linux

Other readers mentioned that Windows would lose it's TCP/IP stack (based on FreeBSD), and that many cell phones, home routers, e-mail, and most NAS devices would stop working.

Arch Linux review

nospam@example.com (Rob Newcater) — Tue, 08 May 2007 17:01:57 +0100

There's an interesting review of Arch Linux (my distro of choice ) on the polishlinux.org website.

I wouldn't call Arch "smooth and cuddly", but it is a good distro for those wishing to learn about Linux. It has a philosophy of trying to keep things simple, which suits my mentality! Minimal configuration is performed, it's up to you to set up the system the way you want it to be; it doesn't come with all the bells and whistles thrown in automatically. This does tend to make a secure system.

Arch is not for beginners, but if you're feeling jaded by your existing distro and want a bit more control from the start, give Arch a try on a spare machine. Have an internet connection available so you can refer to the forums and Wiki if it's your first time using Arch. The community is helpful.

One man writes Linux drivers for 235 USB webcams

nospam@example.com (Rob Newcater) — Mon, 30 Apr 2007 20:47:36 +0100

I came across this eye-opening article on the Inquirer website. The author relates how he had problems with a cheap USB webcam he bought. Memory leaks with the provided driver meant he had to reboot Win2K on a daily basis. When he started to look for some other OS which might support them, he relates:

I found out last week that there are now Linux drivers for hundreds of those cheap "Made in China" webcams with strange brand names and a Vimicro chipset inside. The surprise was more shocking when I realized that drivers for 235 webcams -at the time of this writing- are the work of a single unknown hero who works from his home in France, does so with no corporate sponsorship, and what's even more outrageous, very few people know about the existence of those drivers and about the person behind them.

The author sought out and managed to interview the man responsible for these Linux drivers. Parts of the interview are quite telling, and show the difference between the motives which drive the communities and individuals who create open source software, and the companies which produce proprietary software. The interviewer in the excerpt below is FC. MX are the initials of Michel Xhaard, the "webcam driver" man.

FC: How do you feel knowing that there are a few really big corporations with million dollar budgets all peddling Linux, and you do all this critical work of helping Linux gain webcams support -by the hundreds!-, yet not a single one of those big firms has decided to formally sponsor your work?
MX: my work is not "Linux Kernel centred" my goal is to provided video input support for Linux users, and I am not sure that these big companies are interested in the end user .

(Emphasis added.)

He's being sarcastic. Of course these companies are not interested in the end user. Look at how Vista tramples on your freedom and rights. It's the job of listed companies to keep shareholders, not customers, happy. Of course they'll try and do both, but if they have to choose, then the shareholders will be chosen over the customers every time.

I've heard some folk say that Linux or Free/Libre/Open Source software (FLOSS) "needs big business". That's claptrap. If anything, "big business" needs Linux/FLOSS. When big businesses go down (and they always do), Linux and FLOSS will still be around, maintained by the efforts of people like Michel Xhaard.

(Edited 4 May 2007: title changed: 352 -> 235)

Who's in charge of your PC? - Part 2

nospam@example.com (Rob Newcater) — Fri, 13 Apr 2007 12:49:18 +0100

Last year, I posted a link to an article about proposals by the Swiss government to surreptitiously install trojans onto people's PCs.

Now it seems that the German government has similar ideas.

German Interior Minister Wolfgang Schaeuble has confirmed plans to seek a change to the constitution to allow the state secret access to the computers of private individuals, in an interview published Thursday.

"Under certain conditions it must be possible for the Federal Criminal Police Office to search computers in secret," Schaeuble told the Handelsblatt newspaper.

To be honest I felt I was somewhat restrained in my analysis of the previous article. This sort of thing (surreptitious searching of a PC) can happen in two ways:

The government secretly installs a trojan
The vendor installs a backdoor

The problem with the first option is getting the anti-virus people on board. Only one of them has to step out of line (and proudly boast about it) to stop this from working. So this leaves the second option. With the second option (and with the first option, to be honest), only one or two possible candidate OSes spring to mind. Windows and MacOS. It simply isn't going to happen with Free/Open Source operating systems, because anyone can see the source and adjust it as they see fit. Furthermore, vendors who need to please their shareholders, and desperately want sales would love to have a "government approved" sticker on their product.

Either way, tech-savvy people will find ways around it. It's too risky not to, since crackers will find ways to use these loopholes for their own purposes - if there's a door, there will be a way to open it. By referring to the "tech-savvy", I also mean the people that the German government are supposedly targetting, so ultimately only the "innocent" will be running infected PCs. But as many of these types like to say when civil rights get eroded for political ends, "if you've got nothing to hide ..."

What the article really demonstrates is how stupid politicians and civil servants are when discussing anything other than their own field of expertise, which is politics, not IT. I wonder if the plans allow for police officers' and politicians' PCs to also be compromised in this way.

Microsoft - friendly towards Open Source?

nospam@example.com (Rob Newcater) — Wed, 14 Mar 2007 09:47:31 +0000

The title is rhetorical of course; not a chance. It does seem that Microsoft have suckered many people in the industry into believing that they are being friendly towards the Open Source movement.

Microsoft is crafting a multifaceted plan to approach open source from a number of different levels: Linux as an operating system competitor; interoperability with Linux in mixed environments; partnering with open source ISVs; development of Shared Source Licensing; contributions to and support for community development sites.

Ooh, "interoperability with Linux in mixed environments". Jeremy Allison has something to say about Microsoft's attitude to interoperability, from his experiences at the San Francisco 2005 Linuxworld conference:

Microsoft even joined in the fun by turning up as "Darth Vader" and a couple of "Star Wars" stormtroopers... It all gathered a lot of positive press for Microsoft of course, which is why they did it. "Look what good sports they are" everyone said, and of course they were, showing how much things have changed with Microsoft at a Linux show, talking about interoperability

Wow, maybe they are changing ... oh, hold on, there's more:

The week before the LinuxWorld San Francisco conference that Microsoft attended with such a flourish was the much quieter CIFS (Common Internet File System) conference, also in the Bay Area in Santa Clara. You remember CIFS don't you ? It's the file system that all Microsoft clients use to communicate with the Microsoft servers. The conference was started by Microsoft and was attended by all the server vendors who have to make their software actually interoperate with Microsoft clients. It's one of the largest events in the calendar for the Samba Team as we all get together with peer engineers from all CIFS vendor companies to make sure our software actually interoperates and works well together. Except for one major server vendor of course. The biggest one in fact. They didn't even bother to turn up, or send any engineers to work on interoperability. Can you guess who that was ? Maybe they were too busy getting ready for their presentations on "Interoperability" at LinuxWorld to actually do any work on interoperability.

So, what's it all about, all this courting of Open Source? Let back to our first article again, right near the top:

"It does seem to me that Microsoft is trying," says Michael Cherry, lead analyst at Directions on Microsoft in Kirkland, Wash. "Bill Hilf seems to be trying to figure out how to get the advantages of the open source development methodology. And there's no question that one of the lessons of Vista development is that companies have to evolve their process of engineering. Microsoft needs to look at their processes and borrow best practices from anywhere they can get them."

(Emphasis added.)

So this is what it's all about. Saving money. It seems that the communist cancer is somewhat more efficient than some folks gave it credit for.

Trust Microsoft? Not me.

Let free music files ring

nospam@example.com (Rob Newcater) — Tue, 13 Mar 2007 18:10:05 +0000

Richard Stallman has written a short article for the Boston Globe about file sharing.

The record companies, seeking to bully people who share music, have demanded that colleges identify students who share. They use smear terms such as "piracy" and "theft" that imply sharing is wrong. Don't believe it. Sharing is friendship; to attack sharing is to attack the basis of society.

Well, we all know that most musicians get almost nothing from the record companies. In fact, the record companies almost seem like drug pushers, the way they pay just enough to maintain the artists' dependency on them.

"Authors own their books and license them to publishers. When the contract runs out, writers gets their books back. But record companies own our copyrights forever."

Courtney Love

Back to Richard Stallman:

The real solution is to legalize sharing. This won't affect the record companies much, but if they did go out of business, we could rejoice that they can no longer threaten anyone.

They pay zero cents of your CD purchase price to musicians (except for superstars), so the absence of these companies would be no loss to society.

Hear, hear.

Becta signed secrecy clause with Microsoft

nospam@example.com (Rob Newcater) — Fri, 09 Mar 2007 15:22:58 +0000

It seems that Becta (the British Educational Communications and Technology Agency) has signed a secrecy clause with Microsoft which prevents it from revealing the prices schools are paying for software licences.

Figures released by the Department for Education and Skills show that in 2005-06 schools spent £615m on ICT, including Microsoft products. But when Conservative MP Brooks Newmark asked the government for details of purchasing agreements with Microsoft, schools minister Jim Knight said the information is confidential.

"This information is the subject of legally binding non-disclosure arrangements and excludes estimates in relation to Original Equipment Manufacturer licences," Knight said

This is taxpayers' money, which should be fully accounted for. How can there be no transparency?

Microsoft: Office Format War Over

nospam@example.com (Rob Newcater) — Wed, 07 Mar 2007 12:32:10 +0000

Microsoft Office program manager Brian Jones says the format war with OpenDocument is officially over ... and the winner, he says, is both ODF and OpenXML.

Well, Microsoft don't play second fiddle to anyone if they can help it, nor is equal footing acceptable to them, not in the long or even medium term. In fact, by saying that both formats are winners, Brian Jones reminds me of my eldest (five years old) son. If he wins (a race, game, or whatever) against his younger (four years old) brother, then he boldly and loudly declares that he was the winner. If he comes a close second, he will still often assert that he was the winner. If he is clearly beaten, then he says: "Both are winners!" 'Til the next race of course.

So, lets just review the real meaning behind these two statements:

"The format war is over" means "The format war is not over"
"The winner is both" means "The winner at the moment is ODF"

These statements are intended to make you relax, but you can't relax against a competitor like that.

I wonder what the future holds for my two boys ...

Microsoft calls IBM hypocritical on document standards

nospam@example.com (Rob Newcater) — Tue, 20 Feb 2007 13:22:25 +0000

Following on from the earlier word processor review post, this article hints at the importance which Microsoft attaches to ODF's ISO standard rating. There are usual laughable quotes from Microsoft execs:

We see a level of hypocrisy in IBM's activities...They have long called on us to standardize formats, make the IP (intellectual property) freely available to the broader community, and we've done it.

(Emphasis added.)

Well, sorry, but in a word ... BULLSH*T.

It's the comments beneath the article which as usual, raise some interesting points:

After transparently attempting to derail HTML standards, javascript standards, java standards and XML standards, Microsoft has absolutely no credibility when it comes to standards and interoperability. Microsoft has pursued a strategy of closed proprietary formats and diversionary tactics with standards organizations for many years

why on Earth did these folks from the Redmond Campus not attend the Open Document Format Standards (ODF) parties which were sponsored by the OASIS GROUP when they were invited to

Most people working in IT know that Microsoft does everything within its powers to make it hard for others to making compatible products, when trying connect to MS-products. There are too many examples.

The same is happening at the so-called Microsoft open xml data format. Everyone concerned about the matter (including Microsoft) know their format is NOT REALLY OPEN. Let me qualify: The actual xml structure they use is open, so much is true, but not the binary information Microsoft places inside the XML, and with that the whole data format is NOT OPEN, useless to the public.

A data format that is NOT REALLY OPEN should not be a standard. The masses of people out there/the world needs ONE standard that is TRULY OPEN AND ACCESSIBLE TO ALL, not just the software of one proprietary vendor.

Etc, etc. There is lots more. My, my, so much distrust.

MS patent application - assuring delivery of paid advertising to a user

nospam@example.com (Rob Newcater) — Mon, 12 Feb 2007 13:01:21 +0000

Who even thinks of this stuff? I mean who would be so sad as to sit down and dream up of ways to force us to watch advertising, and then go so far as to patent it?

A method and apparatus for assuring delivery of paid advertising to a user may involve asking a question about an advertisement or requiring data about the advertisement to be entered.

When the allowable number of incorrect answers has been exceeded, several response are possible, from noting a user's record but taking no action, to a follow up communication with the user, to disabling or even repossessing the computer

(Emphasis added.)

This is something to be proud of?