Archive for the ‘advocacy’ Category

GFY, Dave

May 23, 2010

I’m catching up on podcasts this afternoon and just got to lottalinuxlinks, starting with a mindless diatribe about going ogg-only. This is a fucked up decision for a lotta reasons. Chief among them deciding to call it an “oggcast” instead of a podcast. WTF…?

If you don’t want to offer your show in mp3, that’s fine. But spare your listeners the goddamn boilerplate advocacy lecture about it if you’re going to base it on phony arguments. These are the reasons given:

  • freedom
  • convenience (see laziness)
  • “the right thing to do” (whatever the fuck that’s supposed to mean)
  • laziness (not only about maintaining his site, but also intellectual laziness)
  • “turn about’s fair play” (whatever the fuck that means)
  • “stuff like that” (whatever the fuck that means)

Why prattle on for a bit about how ogg is the codec for Linux (“the file format of Linux”)? What the hell about flac? Not lossy enough for ya?

I know very few Linux or BSD or OpenSolaris users who rely solely on ogg for anything. And quite frankly, people who get that worked up about such things aren’t my kind of crowd anyway.

This isn’t about freedom. It sure as hell isn’t about choice. The moment you make a choice to force users or listeners to use this format or that format, you’re a fucking authoritarian — you represent the antithesis of freedom. You’re forcing people to change feed subscriptions, change links in scripts they use to download the same format they always have. Stop going on about it as if you’re doing something noble. It isn’t noble because you’re forcing your own demented values on others (unless others take your invitation to stop listening, which I probably will).

It’s not about freedom in the sense of a patented format, either. The legal issues don’t surround the actual file but rather the encoder and/or decoder. My media players are all legal for playing mp3 files. So are most of my computers. Some of my media players don’t play ogg. One of our computers doesn’t play ogg, either (and NO, I don’t care to add something capable of playing the less-common ogg format on Windows since Windows is quite capable of playing more ubiquitous and technically-superior mp3 and wmv formats).

Why not play ogg on one of the media players? Because ogg sucks ass. Technically it sucks ass. If it were technically-superior, more people would be using it beyond the handful of desktop Linux users who never bothering to install “tainted” codecs which ironically seem to perform better under Linux than the codec for Linux. Most of the world doesn’t use it. Not even the “free” (as in software, as in freedom, as in…) world. I’ve converted most of my media to mp3 so I can play it on any of my players. Including the stereo in my car, which doesn’t do ogg.

The only people who think this is about freedom and “doing the right thing” are poseurs and demagogues who think freedom is offering people fewer choices. Microsoft Windows isn’t that fucking restrictive out of the box. Most Linux distros are. Now so are Linux podcasts. Well, another one of them anyway. (Edit: I understand why most Linux distros don’t include “dirty” or “tainted” codecs by default. That isn’t the issue here. Every single distro, save for a few nutball ones like Gnewsense, make it possible for users to find, install, and use such software. Dave, why did you install Debian instead of Gnewsense if this is really of such importance to you?)

I don’t know what the fuck you mean by “turn about’s fair play” (what did the mp3-subscribers of your podcast do to warrant turn about?!) or “stuff like that.” I do accept the laziness/convenience argument. Even when you admit you’ve decreased the quality of mp3 podcasts while you increased the quality of the ogg podcasts (cripple-ware, anyone?). You gave the choice of formats, now you take it away. Fine.

But spare everyone the lecture and sophistry about how you’re doing “the right thing.” Didn’t stop you from doing “the wrong thing” all this time, did it.

You’re a charlatan, Dave. If you think this is the right thing, what are you going to do to make restitution to the patent holders for the mp3 codec for all your other mp3casts (heh)?

You give a few choices: convert the ogg podcasts to mp3,  go purchase an ogg player, or go away.

No, asshole, you go away. You’re not the one who’s being forced to “jump through hoops.” You’re a poseur who wants your listeners to jump through them. I’m not one to ask how high, I’m one to tell you to go fuck yourself.

Examples of “Unsophisticated Users” I Mentioned at DW

February 5, 2010

I was asked to elaborate on what I meant by “unsophisticated user” before I was banned at Distrowatch earlier this week.

Fortunately, my blog is getting plenty hits for searches related to GNOBSD so now I have some examples of what I meant — just from this morning. The “unsophisticated” classification is for those whose preference is to bypass any learning curve and use a Windows-like starting point. That means no console interaction, boot straight into X and a pre-configured desktop. For example, one of the DW reviewers wants things in a NetBSD-based CD to be more like Linux Windows with automounting and tons of services running by default. And then there’s the whole thing Ladislav started by distorting what actually happened in the OpenBSD lists when GNOBSD guy decided to spam it to notify the project of his fork.

At least these people are using search engines to find information. Some unsophisticated users won’t even try looking it up before rushing to the upstream project and badgering them with questions about something they don’t even support. Which brings me to this:

Attention GNOBSD searchers landing on my blog(s) (see my BSD blog listed in the blog roll on the right): I support and recommend OpenBSD, not GNOBSD. What difference does the underlying operating system mean to you if you’re only going to run a graphical desktop environment anyway? Gnome is Gnome whether it’s on Linux or BSD or OpenSolaris or any other operating system.

Adding gnobsd category so I’ll get even more hits. Woot.

Who Are the Bad Guys in This?

February 2, 2010

This is the kind of crap Linux Hater loves because it shows how idiotic the open source community can be.

I want to provide more complete context of the quotes offered by another site’s owner/reviewer [edit due to too many IMs: yes, Distrowatch] as proof that OpenBSD people “attacked” the GNOBSD guy. I couldn’t find any attacks by OpenBSD people. They didn’t care what the guy did with their code, they only didn’t want him to advertise it in their lists — it was just wrong forum for it. But that’s not how the owner/reviewer saw it and he stoked the irrational passions of his most irrational readers.

Let’s be fair and look at the other side of the story.

First, Gilles@ replied with:

omg ... there will be blood ... :-)

Note the smiley.  How is that combative?

Bryan B next replied with legitimate questions:

You can install to a USB stick with the OpenBSD CDs.  What is special
about yours? Why add a bloated Desktop like GNOME?  What's wrong with
fvwm, ormaybe even fluxbox (in a pinch)?

Tomas B kindly replied:

You will misguide users a lot, because I think that most of the users
of OpenBSD don't need GUI installer and users which will try your OS
may think that it's somewhat easy as eg. Ubuntu because - hey, look at
this nice GUI installer and then they expect GUI everywhere.....

Don't do PR of personal projects on mailing lists which are official
for different projects ;-) Of course that you can do your own project
based on OpenBSD, but take care with marketing.

Again, note the emoticon in addition to the approval to do whatever he wants just don’t announce it on the OpenBSD lists. How mean is that?

Steph and Tomas Pf added a similar advisory about the purpose of OpenBSD lists and linked to another thread in which a similar fork was addressed. They didn’t attack GNOBSD guy.

Mehma then asked Stefan (GNOBSD guy) if he’d be interested in working within the OpenBSD project. Was that over the top?

Chris D amused me with the following:

Generally the best day to post these announcements is the first day
of the fourth month of the year.

And if you're into product life cycle management, it's a wonderful day
for a product to be out of service...

To which Bret L replied

But the day these ideas are traditionally developed is on the twentieth
day of the fourth month of the year.

Then someone from the other site, taking the reviewer’s cue to whine about abject mistreatment and abuse, jumped into the thread. Scott offered (ummm…) “sage” advice about everything from how live Linux CDs work to alternative window managers to advising GNOBSD guy to keep at it and named him an OpenBSD developer. This was corrected by Ingo S — GNOBSD is a lone wolf, not operating within OpenBSD development.

Michiel vB responded to Scott’s mistaken notions in greater detail. He pointed out that many Linux live CDs don’t work. He also addressed Scott’s complaint that FVWM is “outdated” and reiterated the bloat factor of Gnome. The most pertinent point he could make, though, was pointing out that PCBSD users don’t support FreeBSD in response to Scott’s deluded point that GNOBSD supports OpenBSD. Michiel also wrote that the OpenBSD people are okay that this project is being done but they’re not okay that their list is spammed with its announcement:

We dont worry about others, except when they start using the OpenBSD
mailinglists as free advertisment channel for their crap.

Jacob M replies to Scott that live CDs are “legacy” now.

Over all, the most inflammatory post in the whole thread is Scott’s — and he was “defending” Stefan/GNOBSD guy. There wasn’t any hostility from the OpenBSD people. They asked that announcements not be made on their list, explained that they wouldn’t use it, that it doesn’t fit in with what OpenBSD is about.

I’ve seen a lot of bullshit in my years using and cooperating with open source projects. I’ve also dealt with enough assholes in the open source community to know how rough things can get. This wasn’t rough. This was pretty gentle, even diplomatic.

Those who think this was abusive must have some pretty thin skin. Then again, I’ve been banned for having the nerve to tell people that “respect is a two way street and you might want to look both ways before crossing it.” Imagine that.

It was disrespectful for GNOBSD guy to plug on an OpenBSD list. It was disrespectful for Ladislav to make a mountain out of a molehill and besmirch the OpenBSD developers when they were very even-handed about things — certainly more even-handed than he was in taking comments out of context and suggesting things were hostile and abusive.

It was also disrespectful that his sycophants think OpenBSD developers have to cater to their whims and demands. OpenBSD is its own project and has its own goals. They don’t have to be just like any Linux distro to “succeed,” particularly since the project hasn’t ever really seen fit to use popular adoption of itself as a measure of success (compared to security, proper coding, etc.). The project shouldn’t cave to petty demands by users who aren’t sophisticated enough to bother with learning how to use it.

{KDE,Gnome,GNOBSD} != OpenBSD

At the end of the day, though, only one person at Distrowatch was respectful (well, kind of… it’s funny how I’m always the fucking asshole in these situations when others first resort to calling me “troll” and then they make additional posts to pedantically explain the obvious) enough to honestly answer my question about how much difference there is between running Gnome atop Linux or OpenBSD. There’s no difference because Gnome isn’t Linux or BSD and using a desktop environment from boot until shutdown pretty much divorces the user from the underlying operating system. Unsophisticated users — like the one who prattled on and on about themes and configuration, as if an operating system is about aesthetics — don’t actually care what’s under the hood, they just want to be able to say they ran something they didn’t really run and that in reality they didn’t even bother or desire to understand.

Since it really makes no difference to them in any meaningful way, it makes this whole thing even more amusing.

Banned at Distrowatch, LOL

February 2, 2010

Haha, I’ve been blocked from commenting at Distrowatch. The funny part is some tard wanted to challenge my virility.

For the record, I don’t have a girlfriend. My better half won’t let me have one. Neither will the kids. (Edit: Out of curiosity, what’s more Darwinian: your “feelings” about how much action I get or that you actually have “feelings” about it? MYOB, putz. Stop thinking — worse, feeling — about my sex life and worry about your own.)

Here’s my last reply, which won’t post and redirects me to the DWW page:

SUBJECT: @unsophisticated users
@103: "Unsophisticated users" = those Windows/Linux users who won't bother
to actually learn OpenBSD but merely want to pad their "tried that"-resumes'
by running something pre-configured and dumbed down. Kind of like a couple
weeks ago with the whole automounting crap and an expectation based on lowest
common denominators that everything should work just like Windows. 

Just install OpenBSD if you want to run OpenBSD. If your goal is a Gnome
desktop, there are already plenty of Linux projects which accomplish that
and it's clear that the OpenBSD project doesn't care to participate in
attracting "market share" from those projects. They have their own
comfortable niche. They don't want to cater to the kinds of users who want
automagic everything.

Again, it's *irrelevant* what OS is running beneath your desktop environment
if you don't want to get your hands dirty with the OS. This whole thing is
amusing from that aspect because you people are acting like someone's depriving
you of something by not catering to the lowest common denominator of
(unsophisticated) computer user. I've installed OpenBSD 4.6 and its installer is
quite easy to use, even easier than earlier versions -- and those were pretty easy
for anyone willing to actually RTFM.

As I wrote on my own blog yesterday, "Dumbing the process down brings in dummies"
and that's not one of the goals of the OpenBSD project. It's not about snobbiness,
it's just about the project's goals -- and it's not that OpenBSD's goals are out of
step with people like you, people like you are out of step with OpenBSD's goals. They
respect your right to use other operating systems that will cater to your sort, so why
can't you respect their right to not appeal to users like you?

If it's out of step with the project's goals, why should they want someone to spam
their list with an announcement about a fork? If you don't respect the project enough
to work within it, don't be surprised if they express some form of rebuke -- in this
instance, I thought it was very mild -- when someone outside their own ecosystem uses
their list to advertise a fork. They don't owe forks or fork-ers anything. If you don't
work with them, why should they work with you? Answer that, please. 

What's up with the personal attack on my virility, lamer? Stop projecting and stick to
the issues. You *really* don't want to go there.


Personal note to Ladislav: I’ve been banned by better people from better sites for a lot worse. If you can’t stand valid criticism and other points of view, maybe you’re in the wrong business.

Oh Boo Fucking Hoo

February 1, 2010

I just read a “review” of GNOBSD over at a certain website. It was less a review than a timeline of the guy creating a live Gnome-based live DVD using OpenBSD 4.6 and how some in the OpenBSD community reacted when he advertised it in their mailing lists. He withdrew his ISO due to server traffic and less than positive feedback from the community.

He’s not the first to fork from or base something on OpenBSD. He won’t be the last. He’s also not the first person to receive a rebuke of some form from those in the OpenBSD development (and user) community.

I looked through the thread. I didn’t think any of the comments in the thread were incendiary. Some had smilies. Some directed the poster to another thread from last year about a similar issue. I’ve seen much harsher treatment where it’s more deserving. This was all fair and even-handed.

I also think the reaction of the OpenBSD development community might have been a bit different if this GNOBSD guy had first become involved within their community rather than working outside their ecosystem and then advertising a derivative out of the blue in their email lists. Dittos for the guy in the other thread for his “remix” last year. For starters, it would’ve given him an understanding of the community his work is potentially disrupting.

Yes, disrupting. I don’t buy the argument that separate, forked projects like this are of benefit to the upstream project. OpenBSD development is funded by sale of their release CD sets. People downloading an ISO are unlikely to go to the upstream project and support it (just like all the software, music, and movie pirates have a disincentive to go buy more software, music, and movies despite all the fucktards who think they’re acting in the interest of artists when they take it upon themselves to violate copyrights); unfortunately, they are likely to go to the upstream project and ask inane rudimentary questions the developer teams have already answered in their documentation — from their own guides to their man pages. Dumbing the process down brings in dummies. That’s not beneficial to their project.

(Yes, dummies. What’s the fucking purpose of installing something like OpenBSD with a graphical desktop preconfigured if you can do that already with Linux or something else? If you’re unwilling to understand what you’re doing and unwilling to configure it to work exactly the way you want, then you’re looking at the wrong operating system. Stick to your Ubuntu, stick to something that you don’t have to or want to comprehend. Gnome and KDE aren’t Linux or BSD, they’re Gnome and KDE. Most apps can be compiled to run in Windows, so your “friends and family” don’t even have to switch operating systems to see, try, or use them.)

So this is a lose-lose proposition for OpenBSD developers. If they wanted to expand their market share, they already know what they could do — and they’re not doing it. OpenBSD developers are talented enough to assemble such a project if they wanted to. The fact that they haven’t should demonstrate that they’re really not interested in a market-share or dick-measuring contest with other BSDs or with Linux. Accept it.

And to the whiners and bitchers (10, 19, 22, etc.) over at Distrowatch who say they’ll either stop using OpenBSD or never try it over this episode, good riddance. You’re probably not the kind of users Theo&Co would want anyway. Grow a pair.

Freedom, Security, and Lacking Credibility

January 22, 2010

This is in response to something on another site.

Just a quick note to the whiny little fucktard who wanted to lecture me on another site about credibility: screw you.

Every time you asked a question or made a point, I gave a rational and coherent explanation. That includes my own example of why someone wouldn’t necessarily want to automatically run a server despite installing such software. That includes the issue of blind trust via social engineering that could lead someone to install something which unknowingly could present an issue with respect to something on a USB stick “automagically” starting without your knowledge or consent or interaction. Etc.

Oh, but it’s Linux! No fucking worries here. Ever!

That site has become something of a joke, especially the distro reviews (where did Caitlyn go?!). I pointed out that BSDs are not Linux only to get a response from the author about “old ways” as if some isolated KDE-oriented sub-project supersedes the one on which it’s based. You know, as if an exception overshadows the norm. Last time I checked, not one of the three major BSDs sets up automounting by default (and why the fuck should they? certainly not to match the Linux world by starting extraneous processes by default). That “last time” was yesterday when I installed NetBSD 5.0.1 on my new workstation. Works the same as it always has: insert USB stick, console messages (haven’t set up X yet) show me it’s there, “disklabel  /dev/point” shows me what partitions are available on it, then it’s straightforward to mount it and/or add entries in /etc/fstab. Duhhh. But probably not so straightforward if you expect it to work like Linux Windows without ever reading any documentation. Just burn the image, boot it, and wonder why you have to set up something because some developer didn’t do it for you.

By the way, the “Linux way” the author prattled about in his review used to be the “BSD way”: users were given control of what gets mounted and when rather than developers taking it upon themselves to dumb everything down so Windows converts would feel more at home. The “Linux way” is an anti-Unix way, it’s really the Windows way. And it’s apparently a flaw if a reviewer has to ever RTFM to learn that he has to manually add extraneous filesystems to his computer. Let alone manually mount something in the first place.

Unix isn’t Windows. I loathe those who demand making Unix more like Windows. It won’t attract more users. It hasn’t thus far. All it does is piss off people who have to go undo things that shouldn’t be done in the first place for a wide variety of reasons (yes, fucktard, including security — no matter how remote the risks might be, as I pointed out at least twice).

Auto-mounting is not a “feature.” I accept many users may indeed want it — we’re talking lowest common denominator and that’s going to be a lot who don’t bother or want to RTFM. That doesn’t mean it should be configured without user interaction of some sort.

If Linux and open source is ultimately about freedom, then stop forcing users to accept myriad running services in the background until they realize they have a lot of bullshit to undo and instead offer them opportunities to start what they want/need at install. Some distros do this, but most don’t. Isn’t it telling that the distros most popular among Windows users and converts give less freedom at install than Windows itself does? And isn’t just as telling that the Linux distros and BSDs that want the end user to have the most freedom and flexibility are the ones that give users a blank slate and tools upon which to build what they want/need and also seem to have an eye on things like stability and security?

But never mind my lone opinion. As the aforementioned fucktard suggested, nobody can take me seriously. I lack credibility because I think users should decide when things start or mount or are added to any system rather than a developer taking such liberties. Go read the lame reviews, pat the author on his buttocks, and wonder why more distros aren’t just like Windows — or wet your pants over the ones that do take all the decisions out of your hands… while you probably write snotty things about Microsoft for doing that very thing. Putz.

Boycott Stupid Linux “Advocacy”

July 28, 2009

I saw this morning I’m getting a little (I mean little) stream of traffic from an anti-Microsoft site. I decided to look at the referring page and saw that someone had posted a link and kindly called the linked page “a great blog posting.” Thanks for the props. And thanks to other sites and places I’ve seen that particular entry posted.

Normally I wouldn’t respond to hysterical types who frequent sites like the referring site, but I want to take exception to two who left comments. First, someone said my arguments that there’s not a “Microsoft tax” were hollow and not serious. In fact, I pointed out that the only people to whom it can even be considered a tax are those who want a different operating system than most people; I added that after explaining that most people  — the masses — who buy computers demand they come with Microsoft Windows. Those mainstream users, who make up over 90% of the computer market, aren’t paying a “tax” to Microsoft or anyone else. They’re getting a value-added feature at a lower price than they would get if computers came without any operating system and, accordingly, no savings from a bulk OEM license agreement.

In my blog article in question, I pointed out that those who don’t want to buy a computer with Windows pre-installed have several options. Among those options is either building a computer yourself or having one custom built either by a small custom shop or by one of the OEMs (which they will do for you but sometimes at a higher price because such a computer is “custom”). So the argument that it’s impossible to buy a computer without Windows is bullshit. You can. The question is whether you’re willing to practice what you preach. I’ve suggested before that the people who call it a “Microsoft tax” are too lazy to do that. I am correct about that. Not only are they too lazy to practice what they preach, their thinking is so slovenly that all their arguments are intractably bound to their shitty little jingos. Linux advocacy has, unfortunately, become the domain of the intellectually lazy and the brazenly dishonest.

The second commenter at that particular site makes a similar, common error among those who consider bulk OEM license agreements some kind of tax — that a lack of computers with Linux or any other operating system is proof of some kind of monopolistic “tax” on buyers of OEM hardware. I think that’s a non sequitur.

The reason OEMs install Windows by default is because of the more than 90% of buyers expect a computer to come with an operating system, and the demand of the mainstream buyers that the installed operating system be Microsoft Windows.

It’s about supply and demand. That’s all. Little or no demand for Linux, very few models are offered with Linux. Great and nearly 100% demand for Windows, guess what gets installed.

I’ve covered related issues previously, such as when data about netbook sales and returns showed displeasure with Linux-based models. The fact that Windows XP continues to gain marketshare against Linux on netbooks is prima facie evidence that demand for Linux is not only waning but it’s never really been there. When the earliest models were 100% Linux-based, the first major hack was installing XP (or, for more daring souls, Vista or OSX). Return rates were very high. Then the OEMs started selling XP-based models. Before long, the Windows netbooks were outselling Linux models at rates similar to other laptops and desktops — 9:1 or better. And the return rates for Windows models were much lower, more comparable to return rates of general computers.

It should come as no surprise when companies like HP, Asus, and Acer curtail or even eliminate availability of Linux-based models when sales demonstrate next to zero demand for Linux and nearly unanimous demand for Windows models. When Linux has been offered in the past, sales rates have never been high enough to show that it’s profitable to continue. There just isn’t the demand. At least in most Western markets.

Accordingly, it would be extremely impractical for them to put Linux on n% of computers, where n is either the rate of current Linux use or much higher (using the whiny demands of the fucktards who insist OEMs install Linux on more computers headed for store shelves). Their distribution models are for a generalized market, not for serving a niche. If n is the 1-2% (conservative) of desktop Linux users, a line up like Dell’s Ubuntu-based offerings is more sensible. But there’s simply no way OEMs are going to put greater than that amount on store shelves even if they want to: the stores won’t stock what they can’t sell and they’ve already learned they cannot sell Linux models at a rate which makes sense for them. The “if we install Linux they’ll buy it” business model doesn’t work (except in the isolated markets where demand for Linux is already high), and OEMs and retailers would rather deal with a tiny group of clueless, whiny Linux advocates zealots than throngs of dissatisfied customers who expect Windows on their computers.

Worse, in a sense these kinds of Linux advocates zealots would restrict mainstream users’ choices when they buy computers. Think about what they’re really advocating. Either OEMs and retailers comply with their demands and put Linux models on the shelves or they only stock no-OS computers and either install for customers or force them to install it themselves. No OEM or retailer is going to like the last option which will most likely drive down sales and/or increase calls to tech support. The current model is to cater to the most significant demand. Just like when you order a Big Mac it comes with the meat, special sauce, lettuce, cheese, etc., on a sesame fucking seed bun. If you want your Big Mac customized, you have to wait for them to make it for you. They’re not going to make a bunch of fucking sandwiches only one or two people are going to order, and it’s not a “McD’s special sauce tax” just because you’d rather have yours with mustard instead. Fucktards.

Geez. It must be nice to have such a simplistic, jingo-filled view of the world that lets you see supply and demand as a “tax,” or which views any deviation from the pro-Linux side as “angry” or “hollow.” I think it’s ironic the number of Bush-haters I saw using Linux and on one hand mocking the previous administrations’ “them versus us” view of the world while doing the same with the other hand with respect to software. Don’t blame me for calling out your hypocrisy or muddled thinking.

As for the suggestion that I spend my time on a platform I actually like, I think I already do that — I make my own choices without tying myself down to brain-dead “this good, that bad” thought processes. I use Linux and BSD when I want, I use Windows when I want. Big fucking deal. I’m not threatened when someone chooses to buy a computer with whatever operating system on it, I really don’t care what they choose to run — I don’t see it any different from what brands of cars they drive, what color houses they live in, which god they worship (so long as they don’t sacrifice or harm other humans), or any other personal decisions they make.

For many people, Windows is ideal and Linux just won’t cut it. Really. Get over it.

New Zero Day – Linux Kernel

July 21, 2009

I’ve written repeatedly about the myth that Linux is inherently more secure. It always falls on deaf ears because some people don’t want to be bothered with the truth that all complex software is inherently vulnerable and insecure.

Here’s more proof that Linux has its own share of vulnerabilities.

The latest exploit affects kernel 2.6.30 and earlier versions. Bojan Zdrnja at Sans writes that Brad Spengler of grsecurity discovered this and adds:

Why is it so fascinating? Because a source code audit of the vulnerable code would never find this vulnerability (well, actually, it is possible but I assure you that almost everyone would miss it). However, when you add some other variables into the game, the whole landscape changes.

How so? Spengler writes in the comments to his POC that this vulnerability not only bypasses SELinux but is strengthened by it. Zdrnja explains:

While optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. In other words, the compiler will introduce the vulnerability to the binary code, which didn’t exist in the source code. This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland – and this finally pwns the box.

Is Linux or gcc to blame? Both/same. How many insist on “GNU/Linux”? Complex code, mutiple layers. So many links that there are bound to be some weak ones even if they’re not readily apparent by looking at the pieces rather than the sum of the whole. As Zdrnja concludes, “Fascinating research… again shows how security depends on every layer.”

Spengler’s solution is for administrators to compile the kernel with fno-delete-null-pointer-checks.

Remember what Linus said about masturbating monkeys? Or how many fanboi and other FSF-type sites raise anecdotal evidence about things like pwn2own as “proof” that Linux is insurmountable to attack or that Linux is more secure than Windows? It’s all bullshit.

Windows is more exploited because it’s prevalent. Linux has enjoyed security through obscurity, which is only obscurity and certainly not security. This isn’t the first or only exploit in the Linux kernel and it sure as hell won’t be the last. It really doesn’t help when so many in the Linux community — including Linus — are either nonplussed by vulnerable code, oblivious to security issues, or even willing to lie about it and spread their FUD that Windows is the only inherently insecure operating system and that Linux is inherently secure.

Time to get serious about security rather than treating it as an afterthought or engaging in deceit, especially if you want greater marketshare on computers, servers, phones, PDAs, DVRs/PVRs, or any other device that can run Linux. Otherwise, you’re a fucking joke.


UPDATE – 18:20 21 July 2009: I found more at Register about this:

The “NULL pointer dereference” bug has been confirmed in versions 2.6.30 and of the Linux kernel, which Spengler said has been incorporated into only one vendor build: version 5 of Red Hat Enterprise Linux that’s used in test environments. The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed.

An exploitation scenario would most likely involve the attack being used to escalate user privileges, when combined with the exploitation of another component – say, a PHP application. By itself, Spengler’s exploit does not work remotely.

With all the hoops to jump through, the exploit requires a fair amount of effort to be successful. Still, Spengler said it took him less than four hours to write a fully weaponized exploit that works on 32- and 64-bit versions of Linux, including the build offered by Red Hat. He told The Register he published the exploit after it became clear Linus Torvalds and other developers responsible for the Linux kernel didn’t regard the bug as a security risk.

With millions of eyeballs, it still takes only two to find what everyone else can’t or won’t see.

Linus wrote that it’s not a Linux problem but a setuid problem, which Rob Graham of Errata Security points out is a “design ‘flaw’ that is inherited from Unix” that is “going to be with us for many years to come.” Ahh, yes. That’s the same ol’ Unix which some ignorant dolts wildly claim is what makes Linux and OSX and so many other things invincible and safer than Windows despite the truth. And ample evidence to the contrary.

Spengler’s beef now, though, is that Linus and his team haven’t clearly disclosed the problem. In complaining about the fact that his POC led to the issue being categorized as DOS, Spengler said, “It kind of makes the vendors think the security is better than it actually is.”

That should set off alarm bells to anyone using Linux, especially if beguiled about its inherent security.

Open Source Is Driven By Profit, Not by Egalitarianism or Selflessness

July 21, 2009

Some fellow commenters at distrowatch operate under the childish delusion that open source is some kind of equalizer against corporate interests. Nothing could be further from the truth. As I pointed out earlier this morning, most of the changes to the Linux 2.6 kernel have come directly from corporations or people who work for them.

Corporations don’t do this with any other intention but to further their own self interests. Whether they do it to make Linux work or work better with their hardware or to make more general improvements in some area, they’re doing it because it affects their bottom line. IBM, Oracle, HP, Intel, and so many other companies have become big players in open source because they can monetize it. If there were no profit potential, they wouldn’t be as involved as they are.

Sun Microsystems were very candid and upfront about their reasons for licensing their software under various open source licenses. They did it to sell support and hardware. They didn’t have the best possible business model for monetizing their open source software (hence the sale to Oracle) but they were very clear that open source had everything to do with trying to expand their business and much less to do with some sort of selflessness or egalitarianism (though some of their people tried to suggest otherwise).

I think where some people really miss the boat in trying to distinguish between open source and proprietary software as it relates to corporations is that these are two separate coins rather than two sides of the same one. Companies exist to make profits whether they participate in open source or keep their own code closed up. Neither side is really about “control” or oppression, but about maximizing revenue streams and keeping costs low. In that sense, there’s zero difference between closed and open source shops except the part about whether their code is obtainable or not.

Companies are no different from the individuals who work in them. Everyone gets up and goes to work because there’s something in it for them. Everyone. That includes “selfless” types like monks and nuns because they, too, are working for some kind of reward whether it’s financial or spiritual, in this world or in the next. A nun gets up in the morning for the same reason a tycoon does. There’s no difference. Take away profit or spiritual rewards and both will find something else that will provide them with more than their respective starting points. People always do what’s in their own self interest, and only sacrifice their own interests when that’s actually in their interests to do so.

Open source is only egalitarian in the sense that anyone can participate and (usually) the best ideas end up rising to the top. That doesn’t change what I wrote above about self-interests. Lone wolf programmers who contribute do so to fill their own needs or for back-patting that accompanies doing things which benefit others. Those are rewards. Without them, few sane people would bother.

While there are many open and closed projects driven by lone wolves, companies involved in open source or closed source drive most of the innovation in the software world and are the leaders in the direction things go. Not because they’re inherently evil or controlling, particularly in relation to “ambitionless” or “selfless” (ha) individual programmers, but because they have the resources to drive innovation and are driven to do things the market — their customers — desire. Nothing at all to do with controlling customers, but filling others’ needs and trying to create more demand.

It’s time for the proponents of open source who use these vapid arguments against “corporate interests” to stop making fools of themselves. Open source would be a joke were it not for corporate interests and the resources they’ve poured into making open source better.

It’s also time for me to shake the dust off my feet at distrowatch. Those who want to worship RMS can do so if they choose. I appreciate the contributions he’s made to free/open source — I’m posting this from within emacs running Linux with all the usual GNU-age accompanying my current distro (despite my attempts to replace as much of it as possible with BSD/MIT-licensed alternatives). But, as I wrote yesterday and asked again this morning, he can’t be the father of something that already existed before you people say he fathered it.


Think about it.

Snobbery + Ignorance = Linux Advocacy

March 8, 2009

I’m not big on snobbery, especially when it’s packaged with an unhealthy dose of ignorance. I think that’s one of the reasons why I’ve always been put off by the lists put out by advocates of Linux — seems more often than not the lists contain things you can do in Windows, and often much more easily. To the Kool-Aid guzzling, true-believing advocate who gets a priapism when he sees a penguin, Windows is some maimed and dysfunctional computing ecosystem adopted through laziness and it, its creators in Redmond, and its users are to be mocked at all times. Never mind that Windows is every bit as capable of doing everything they say it can’t or doesn’t do, or that the applications they use in Linux also run in Windows. Linux advocacy suggests it’s contending against FUD when, in fact, it’s based entirely on FUD.

Linux advocacy is fundamentalism. The heretics and infidels continue to buy PCs with Windows licenses, so the jihad continues. And along with it is all the bullshit snobbery that “I can do this but you can’t.”

Oh really? 

The latest victim of my wrath example is Andrew Gregory at TechRadar, which is a site which bills itself as “deep into technology.” I was curious when I saw a feed truncated down to “Hack your Aspire One…” so I clicked it and saw the ellipse hid “Linux netbook interface.”


Oh joy. Not only do we get to see how easy it is to change appearances of the interface, we get a healthy dose of “can’t do this in Windows” bullshit. But you actually can, it just takes a little more effort because most Windows users use computers rather than cum all over themselves from playing with eye candy.

This article would be bad enough if it were just a how-to. Unfortunately, it includes fucking retarded crap about neighbors from Vista Manor asking questions about their Linux-based netbook after an asinine statement about “They just want something that works, and when they try [Linux on netbooks], they like it.” If it works, why are they asking you?

Right, it just works. Like when I ordered my Aspire One, the internal mic didn’t work in the Linpus model but it worked in XP; or how the multi-card reader worked in XP but not Linux; how suspend and hibernate worked flawlessly in XP but had some serious issues in Linux; how the XP model worked perfectly with external monitors and projectors but the Linux model was rather crippled to say the least; etc. Guess which model I ordered? Yep, the one that just works: XP.

Don’t give me that fucking bullshit that “Linux just works.” If it had, I wouldn’t be using XP on an Aspire One right now. The few problems the XP models had, such as issues with the Atheros wifi (which thankfully haven’t affected me), pale in comparison to the crippled-from-the-factory woes of those who bought Linux versions of the AA1. I don’t know why Acer would ship non-functional hardware or choose it without appropriate drivers, nor do I understand why people would buy it. Guess that’s reason #24 “why Linux rocks and Windoze sucks” — you can see the source and write your own fucking driver. Riiiight.

And if people really want Linux, how the hell do you explain the higher return rates for Linux netbooks or how Windows XP has so thoroughly eclipsed Linux on netbooks sold? I’ll have another entry shortly on that latter point. Suffice for now, XP models now account for 90% of US netbook sales. There is no momentum for  Linux on desktops or netbooks; no, sunshine, there’s tremendous momentum away from it with fewer and fewer Linux models being offered in large markets like the US and UK. Just as I wrote last summer would happen as the niche matures. That won’t stop the Kool-Aid crowd from toasting Tux.

Speaking of which, Mr Gregory eases the reader into the complexities of Xfce settings with the calming assurance that “you’re not a newbie: you’re a Linux guru in the making.” WTF? Can one really get the Platinum Certified Linux Guru (TM) card just by tweaking a few window manager controls now? I think they give you that for misspelling “windoze” or “micro$haft” and other signs you’re sipping the Kool-Aid with them.

Mr Gregory suggests, “If you’re used to Windows you’ll probably be surprised by the extent to which you can change the way the system works, but that’s part of what makes Linux so powerful.” If Mr Gregory could pull his head out of  his arse long enough to use Windows, he might be surprised to the extent to which Windows can be changed. It might also surprise Mr Gregory that what he’s configuring isn’t even Linux. It’s a friggin’ window manager that runs on the X Window System and, accordingly, isn’t a Linux hack.

So this is his lame idea of power? Changing an interface so it’s more aesthetically pleasing, which is a personal preference and has ZERO to do with how the system (Linux, GNU, or anything else) actually functions? (Another warning about upcoming posts: I’m going to add another video to my youtube account shortly — hopefully — to demonstrate at least another of many Linux advocacy fallacies about resource use. “How the system works” goes far beyond tweaking user interfaces.)

I’ve been working with Linux for over a decade — servers, embedded, desktop, you name it. Before that, real Unix; currently, I’m using BSDs more than Linux distros. Prior to getting an Aspire One (XP model), I hadn’t done very much work with Windows since the late 90s with NT 4.01 (server and workstation). We have another XP computer, but I’ve rarely used it in the six years or so we’ve had it; it’s slated to become a file server in the near future. My beloved has a Vista laptop which she loves (she hates all Unix-like operating systems), but I’ve only used it a few times. But one of the things I’ve always appreciated about Windows is that it’s scalable and flexible and configurable — and very easily so despite the mindless FUD from little wankers who think Windows is preconfigured and you’re stuck with its defaults.

I know a thing or two about tweaking interfaces — I don’t consider it hacking at all because it’s so bloody fucking superficial. It doesn’t affect productivity (sorry, Nathan, it really doesn’t). It can be a fun diversion, but that’s about it. 

One of the biggest sources of hits to this blog is searching related to themes (not to mention links from DSL for the same) because I posted quite a few for jwm. Why did I do that — because I have some sick predilection for gussied-up user interfaces? No! I did it to shut people up by showing:

  • aesthetics is a very personal and subject area;
  • accordingly, no single distro can please everyone;
  • window managers aren’t inherently “beautiful” or “ugly;”
  • any window manager can be configured to please any user, from colors to controls;
  • people who whine about user interfaces are the very people distros should avoid welcoming to their communities because they tend to value style above substance;
  • most distro reviews are about two things: aesthetics and the incessant dick measuring contest of versioning numbers (“this distro has foo 4.3, which is behind the times because that distro released the same day includes foo 4.4rc2”); and
  • it doesn’t matter whether a distro uses fluxbox, jwm, openbox, kde, gnome, e16 or e17, or whatever else because it can all be gussied up to look pretty much the same but they ultimately provide the same or similar functions.

I was fucking tired of reading in the DSL forums that jwm was ugly. Or that it presented a barrier to wider adoption. So I did a lot of those themes to at least open minds, if not to change them. Some had even balked at the move from fluxbox as the default window manager to jwm, as if that’s what DSL was all about. So I showed how to set it up so it looked and worked (no menu on taskbar, only on right click) like fluxbox. Etc. The window manager doesn’t define what’s  under the hood. Nor does the way it’s painted.

Computers are tools, machines. It’s how they perform that should count. Not how they look. Or, a big peeve, when people try to tell me how something “feels,” as in, “this feels more {stable,vanilla,____(fill in the freaking blank with nebulous drivel)}.” How does “stable” or “vanilla” feel? Compared to what benchmark? Short of crashing or stuff not running correctly, I don’t know what the average user would notice about stable/unstable. Vanilla? That’s usually ascribed to Slackware to denote that it’s not filled with patched binaries or marked up with logos like other distros.

Which was more important with DSL 4: that it marked  a paradigm shift from previous versions’ focus on applications to being more data-centric with MIME-type associations on the desktop and with the new file manager OR that it had a certain “look”?

Every fucking review I read either skimped over the nuts and bolts or mentioned a lot more about the paint job (while occasionally mentioning the aforementioned dick-measuring version numbers for everything, of course) than the change. I usually stop reading or listening to reviews as soon as default aesthetics come up — that tells me about the reviewers sense of aesthetics, not qualities about whatever’s being reviewed.

So the same useless goddamn bickering starts between Linux advocates about Windows. More Linux advocacy lies to crush.

I’ve played this game before, and I win it every fucking time. There was the asshole who said that Linux rocks because it has tools like cron and a shell like BASH. So I showed him a batch script that accomplished the same thing, and that it can be run from Scheduled Tasks. Then there was the fucking idiot who said that Linux was superior because of the wide selection of open source applications; he was left stammering when I showed him that they all — every single one of them — also ran on Windows. Or the blowhard who prattled about proprietary software while I helped him configure ndiswrapper so his blob could run in his pure and  unadulterated open source operating system (I politely nodded my head; he was paying me to set up his certified easy-to-run and free-as-in-beer-and-speech distro).

So now ya say Windows XP can’t be dressed up? Yeah, it’s XP. I can’t take credit for it, even though I have several of my own themes. I did the background myself — all 40.1kb of it. The theme itself is genuine Microsoft, available if you search for it (“signed embedded theme xp” seems to work), signed and all so it didn’t require any DLL hacking.


I need to throw in an image showing window decorations. Because we all know how important that “Piranha” look around all your windows is to getting things done.

Guess that’s what separates me from Linux advocates. I actually use my computer to get things done, whether it’s while using Windows, Linux, or one of the BSDs. I have digital picture frames for when I want to admire pretty stuff.

You know what, I think I’m like most people that way. Maybe that’s why Linux advocacy isn’t working.

Edit: Here’s the lowly window decorations for the embedded theme. Maybe not spiffy enough for l33T Xfce-tweaking Linux gurus, but it does clear up the lie that Windows can’t be themed apart from the classic or XP looks. Twats.


edit 2: Here’s Microsoft’s Zune theme (also signed — no dll hacking required — and available if you search for it) on my netbook, again with a quicky homemade background (I’ll tweak the colors later). Also edited content above.