Archive for the ‘FSF sucks’ Category

New Zero Day – Linux Kernel

July 21, 2009

I’ve written repeatedly about the myth that Linux is inherently more secure. It always falls on deaf ears because some people don’t want to be bothered with the truth that all complex software is inherently vulnerable and insecure.

Here’s more proof that Linux has its own share of vulnerabilities.

The latest exploit affects kernel 2.6.30 and earlier versions. Bojan Zdrnja at Sans writes that Brad Spengler of grsecurity discovered this and adds:

Why is it so fascinating? Because a source code audit of the vulnerable code would never find this vulnerability (well, actually, it is possible but I assure you that almost everyone would miss it). However, when you add some other variables into the game, the whole landscape changes.

How so? Spengler writes in the comments to his POC that this vulnerability not only bypasses SELinux but is strengthened by it. Zdrnja explains:

While optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. In other words, the compiler will introduce the vulnerability to the binary code, which didn’t exist in the source code. This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland – and this finally pwns the box.

Is Linux or gcc to blame? Both/same. How many insist on “GNU/Linux”? Complex code, mutiple layers. So many links that there are bound to be some weak ones even if they’re not readily apparent by looking at the pieces rather than the sum of the whole. As Zdrnja concludes, “Fascinating research… again shows how security depends on every layer.”

Spengler’s solution is for administrators to compile the kernel with fno-delete-null-pointer-checks.

Remember what Linus said about masturbating monkeys? Or how many fanboi and other FSF-type sites raise anecdotal evidence about things like pwn2own as “proof” that Linux is insurmountable to attack or that Linux is more secure than Windows? It’s all bullshit.

Windows is more exploited because it’s prevalent. Linux has enjoyed security through obscurity, which is only obscurity and certainly not security. This isn’t the first or only exploit in the Linux kernel and it sure as hell won’t be the last. It really doesn’t help when so many in the Linux community — including Linus — are either nonplussed by vulnerable code, oblivious to security issues, or even willing to lie about it and spread their FUD that Windows is the only inherently insecure operating system and that Linux is inherently secure.

Time to get serious about security rather than treating it as an afterthought or engaging in deceit, especially if you want greater marketshare on computers, servers, phones, PDAs, DVRs/PVRs, or any other device that can run Linux. Otherwise, you’re a fucking joke.

(edited)

UPDATE – 18:20 21 July 2009: I found more at Register about this:

The “NULL pointer dereference” bug has been confirmed in versions 2.6.30 and 2.6.30.1 of the Linux kernel, which Spengler said has been incorporated into only one vendor build: version 5 of Red Hat Enterprise Linux that’s used in test environments. The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed.

An exploitation scenario would most likely involve the attack being used to escalate user privileges, when combined with the exploitation of another component – say, a PHP application. By itself, Spengler’s exploit does not work remotely.

With all the hoops to jump through, the exploit requires a fair amount of effort to be successful. Still, Spengler said it took him less than four hours to write a fully weaponized exploit that works on 32- and 64-bit versions of Linux, including the build offered by Red Hat. He told The Register he published the exploit after it became clear Linus Torvalds and other developers responsible for the Linux kernel didn’t regard the bug as a security risk.

With millions of eyeballs, it still takes only two to find what everyone else can’t or won’t see.

Linus wrote that it’s not a Linux problem but a setuid problem, which Rob Graham of Errata Security points out is a “design ‘flaw’ that is inherited from Unix” that is “going to be with us for many years to come.” Ahh, yes. That’s the same ol’ Unix which some ignorant dolts wildly claim is what makes Linux and OSX and so many other things invincible and safer than Windows despite the truth. And ample evidence to the contrary.

Spengler’s beef now, though, is that Linus and his team haven’t clearly disclosed the problem. In complaining about the fact that his POC led to the issue being categorized as DOS, Spengler said, “It kind of makes the vendors think the security is better than it actually is.”

That should set off alarm bells to anyone using Linux, especially if beguiled about its inherent security.

Advertisements

Open Source Is Driven By Profit, Not by Egalitarianism or Selflessness

July 21, 2009

Some fellow commenters at distrowatch operate under the childish delusion that open source is some kind of equalizer against corporate interests. Nothing could be further from the truth. As I pointed out earlier this morning, most of the changes to the Linux 2.6 kernel have come directly from corporations or people who work for them.

Corporations don’t do this with any other intention but to further their own self interests. Whether they do it to make Linux work or work better with their hardware or to make more general improvements in some area, they’re doing it because it affects their bottom line. IBM, Oracle, HP, Intel, and so many other companies have become big players in open source because they can monetize it. If there were no profit potential, they wouldn’t be as involved as they are.

Sun Microsystems were very candid and upfront about their reasons for licensing their software under various open source licenses. They did it to sell support and hardware. They didn’t have the best possible business model for monetizing their open source software (hence the sale to Oracle) but they were very clear that open source had everything to do with trying to expand their business and much less to do with some sort of selflessness or egalitarianism (though some of their people tried to suggest otherwise).

I think where some people really miss the boat in trying to distinguish between open source and proprietary software as it relates to corporations is that these are two separate coins rather than two sides of the same one. Companies exist to make profits whether they participate in open source or keep their own code closed up. Neither side is really about “control” or oppression, but about maximizing revenue streams and keeping costs low. In that sense, there’s zero difference between closed and open source shops except the part about whether their code is obtainable or not.

Companies are no different from the individuals who work in them. Everyone gets up and goes to work because there’s something in it for them. Everyone. That includes “selfless” types like monks and nuns because they, too, are working for some kind of reward whether it’s financial or spiritual, in this world or in the next. A nun gets up in the morning for the same reason a tycoon does. There’s no difference. Take away profit or spiritual rewards and both will find something else that will provide them with more than their respective starting points. People always do what’s in their own self interest, and only sacrifice their own interests when that’s actually in their interests to do so.

Open source is only egalitarian in the sense that anyone can participate and (usually) the best ideas end up rising to the top. That doesn’t change what I wrote above about self-interests. Lone wolf programmers who contribute do so to fill their own needs or for back-patting that accompanies doing things which benefit others. Those are rewards. Without them, few sane people would bother.

While there are many open and closed projects driven by lone wolves, companies involved in open source or closed source drive most of the innovation in the software world and are the leaders in the direction things go. Not because they’re inherently evil or controlling, particularly in relation to “ambitionless” or “selfless” (ha) individual programmers, but because they have the resources to drive innovation and are driven to do things the market — their customers — desire. Nothing at all to do with controlling customers, but filling others’ needs and trying to create more demand.

It’s time for the proponents of open source who use these vapid arguments against “corporate interests” to stop making fools of themselves. Open source would be a joke were it not for corporate interests and the resources they’ve poured into making open source better.

It’s also time for me to shake the dust off my feet at distrowatch. Those who want to worship RMS can do so if they choose. I appreciate the contributions he’s made to free/open source — I’m posting this from within emacs running Linux with all the usual GNU-age accompanying my current distro (despite my attempts to replace as much of it as possible with BSD/MIT-licensed alternatives). But, as I wrote yesterday and asked again this morning, he can’t be the father of something that already existed before you people say he fathered it.

screenshot-20090721124353

Think about it.

EconTalk: Digital Barbarism

June 29, 2009

Author Mark Helprin is this week’s guest on Russ Roberts’ excellent EconTalk Podcast. Helprin discusses ideas from his new book Digital Barbarism, a defense of traditional copyright law.

Helprin’s thesis is that the anti-copyright movement is an extension of the broader trend towards collectivization rather than an embrace of individual rights. Copyrights are about protecting the rights of individuals over and against the collective.

I’ve always shared the pro-copyright view and am not swayed by the vapid arguments that technology makes copyrights antiquated. As Helprin notes, it’s because of technology that copyrights were ever devised in the first place to protect the individual.

My own view has been formed around the concept that the choice of the rights-holder (whether an artist, writer, publishing house, or music company) to defend his own rights is paramount and should be respected and protected by any means necessary — including DRM, encryption measures, and civil penalties. When copyrights are viewed as traditional contract law, there are two parties rather than just the consumer. If a consumer doesn’t like the terms under which works are released, he or she can just walk away and find an alternative source under mutually consensual terms.

If you don’t like Metallica’s vocal opposition to P2P, listen to a band releasing works under liceses that allow free redistribution. If you don’t like movies being released on DVD with encryption, watch only unencrypted movies. If you don’t like proprietary software or software that costs money, use only open source software available at no charge.

Those who want to “share alike” — and I’ve licensed some of my own works under such a license, but I would never release everything under it — are always free to do so with their own content. They can do that for whatever reason they want, whether to expand an audience or because they don’t want the hassles of traditional copyright in a digital age; practical reasons often make such licenses more tenable than traditional copyrights.

Likewise, traditional copyrights and patents serve a valid need in our society. Those who choose other means to protect  their property — no matter how strict and archaic — should be respected by those who disagree with those measures. Unfortunately, such mutual respect is difficult in the digital age given the number of and doctrinaire views of Internet scofflaws.

RIAA 2, Jammie Thomas 0

June 19, 2009

In yet another blow to the mindless, thieving scofflaws who think copyrights are antiquated or unenforceable, a jury has awarded the RIAA $1.92 million after finding that Jammie Thomas-Rasset willfully and illegally redistributed music via P2P. This was the second time a jury came down hard against Thomas; the first verdict was set aside after the judge declared a mistrial over a technicality (the judge believed he’d given faulty instructions to the jury).

The RIAA remains open to settling with Thomas, though she continues to feel defiant. About the jury’s punishment of $80,000 per song (the case revolved around 24 songs, but she had illegally swapped 1700), she said,”There’s no way they’re ever going to get that. I’m a mom, limited means, so I’m not going to worry about it now.”

During the retrial, the defense raised — for the first time since this ordeal started nearly five years ago — the possibility that one of her children or an ex-boyfriend had made the songs available via P2P. The jury apparently didn’t buy that, answering that Thomas had engaged in willful infringement. The first jury hadn’t found that.

Thomas has been made a focal point of the copyright war by the activists who think technology changes everything and that theft is now acceptable. She’d been given ample opportunity by RIAA to work out an agreement and likely still will. She’s fought two cases and lost resoundingly in each one. She’s also seen jury awards to RIAA increase from $220,000 to $1.92 million.

Game over. Or it should be. Unfortunately, the activists still don’t get it.

Technology doesn’t change anything about who owns what under the law. All technology does is make it easier to steal from the owner(s) of the copyright. A recording that’s been digitized retains all the rights of the original. You do not own the bytes of a digitized rip of a CD you purchase and you’re not free to redistribute those bytes.

Unless there’s some landmark change via the courts (unlikely) or legislation (also unlikely) that overturns centuries of common law principles, copyright infringement will continue to be a punishable crime. And that’s what it should be — we punish thieves who deprive others of the value of their work and property. Doesn’t matter if you shoplift an article of clothing from a store, break into a home and steal a computer, or deprive an artist of his livelihood by giving away his recordings. Theft is theft.

Until the law is changed, it’s not  the right of anyone to choose for others how their works are redistributed. If you disagree with copyright law and you think the existing business model chosen by artists and their record labels or by recording studios is obsolete, it’s not your right to put their works into the public domain via P2P. It should be the right of the artist and the labels how they do their business. You’re free to do commerce with them under their terms or reject their terms outright, but you cannot force them to give their rights and property away under your own terms. Especially when your terms don’t compensate others for anything. The free ride is over and you’re still going to have to pay.

Rant: Debian 5 Installation on AA1 and Other Nonsense

June 13, 2009

What started out earlier today as a relatively simple thing has mushroomed into a big retarded mess. Yea Linux.

I decided to install Debian on my AA1 via net install using the netinstall ISO running from USB with the help of unetbootin (one of the dumbest names ever, IMO, even though it’s pretty easy to use). I chose Debian because it isn’t tied to a reckless time-frame for releases, because it has repositories filled with plenty of software  choices (even though most of them are bloated with every possible dependency required), and because it receives frequent updates for security and bugs.

I also decided I’d go ahead and go through a full standard install. WTF, why would I do that? Because I remeasured some things while running Gnome in Fedora 10. My initial RAM hit at boot was low — much lower than Xubuntu running from USB. I’d trimmed things down a bit with a choice of more frugal applications, some of which (e.g., mencoder) work a lot better than the default choices did. I wanted to see if I’d see similar results with Debian.

I haven’t sold out, nor have I lost my mind. This decision isn’t permanent and in stone. If I can’t get resource use to a reasonable level, either I’ll use apt-get to remove a buncha BS or I’ll do a clean install (not Debian if things aren’t working at least as well as they were in Fedora).

I resized my XP partition for more room because I still anticipate using it more often than Linux. Then I repartitioned the rest of the drive to accomodate /, /home, and swap. Pretty simple, right?

I wish I’d pinged mirrors to find a fast one before committing! The install took several hours, which I guess is par for the course given how much stuff (800+ packages) was installed. Fine with me. I had plenty other stuff to do anyway. Still, it would’ve left me with more time to deal with all the other stuff that  happened afterward (never mind that I was going to use my computer to work on stuff today). It’s not very assuring looking at the estimated time as it jumps from an hour to three hours to over fifteen hours. It took close to four and a half hours. Next time, I just get the full ISO and get it over with.

After the install process finally ended, I was ready to reboot. I got GRUB error 17. Okay, I can deal with that. I still had a USB stick with Fedora 11 available. Fixed it, rebooted, got a GRUB prompt rather than menu. Okay, that’s an easy one: configfile /path/to/menu.lst. Voila? No, of course not. Reboot and go through it again, this time e to edit the entry. Ahh, once again installing from USB resulted in GRUB being installed to /dev/sda when that node is the USB stick — same thing happened in PCLOS when I installed it. So I edited the sdb to sda and I was able to finally boot into Debian 5 (Lenny or Squiggy or Laverne or Shirley or some such). Logged in and had a shiny new Gnome desktop. I yawned.

Still have to configure wireless. I tried once but it didn’t connect and I had shit I had to get done. I think I may need to install something else because of my router’s configuration. In fact, I was unable to pick up any SSIDs via iwlist scan even though lsmod showed that ath5k was loaded. That’s pretty fucked up because I’m using Windows now and there are six visible networks right here. Oh well, I’ll sort it out tomorrow. Along with making some more edits to the wacky menu.lst installed by Debian.

Speaking of which…

Word of advice to the GNU-tards who whine about Windows-related MBR issues and having to install Windows first, Linux second: when you get your own shit together, you can complain all you fucking want. Until then, I’ve had two distros install GRUB to a goddamn USB stick from which those respective distros were installed instead of the hard drive where the distros were installed. Don’t give me any FUD about Microsoft not playing fair — neither do you (I also had to edit the Windows entries beyond correcting the hard drive) — and no, you don’t get a free pass when people install from USB rather than optical drives. Can’t you script source and destination so that only destination gets GRUB?

I’ll also be switching some software around tomorrow if/when I get wireless working. That includes installing stuff that works right in spite of license issues. I have a rant to post about that (see below). I insist upon genuine closed-source Flash from Adobe because this swfdec is a lame POS that doesn’t work very well. Same for Gnash. Oh, I know there are often performance issues with Flash in Linux because different distros use a hodge-podge of mismatched libraries, which makes it damn near impossible for the nice people at Adobe to please everyone even though they go out of their way to give away their software to ingrates (only a handful of whom will ever demand the source). I installed swfdec in Fedora and my first hit at youtube made me cringe. It also made my CPU cringe as it raced like crazy while the audio and video were so fucked up that I had to kill Firefox. And then hunt down and kill the stupid fucking wrapper that persisted after closing Firefox and was overheating my AA1 while it tried to send distorted sound to my headphones through the abortion known as pulse audio. If swfdec and pulse audio are the answers, open source authors are working on the wrong friggin’ questions.

WTF, here’s the short form of the rant about license issues: if you can rebrand Firefox as “IceWeasel” to get around licensing issues, you can do similarly for ion and truecrypt. In the latter two, the authors don’t forbid you from doing whatever you want with their code; they only ask that you call it something else if you don’t distribute it as they release it. I can see their point, too. You’re not distributing what they release once you start changing it, so why should they field questions and be asked to fix bugs that come from your patches or other changes from what they recommend and/or require? These aren’t onerous requirements at all. The alternative is the way Opera, Skype, and Adobe handle it by controlling their own source, which means your users have to go around your efforts to restrict them to open source software with “pure” licenses.

I use truecrypt in Windows, I want truecrypt in Linux. I like ion but don’t plan on using it again anytime soon. One thing I hate about Linux is how ridiculously fundamentalist so many users/advocates and developers are. You know, the ones who preach at us to use Gnash instead of Flash because the whole fucking world will come to an end if we won’t stop using closed source software. Never mind that Gnash and swfdec will crash and die (repeatedly) before Planet Earth ever will.

More tomorrow. Maybe some love for Debian. Maybe some hate. Either way, it’ll be well-deserved.

And maybe I’ll also get to work on the Hard Drive Install Guide, which is why I’d hoped to finish this install and configuration earlier today. So much for that. Using a computer — regardless of OS — shouldn’t be a pain in the ass. Today it definitely was. And I have a feeling I’m going to go through it all over again soon.

There is No Microsoft Tax Except on Lazy Twats

April 13, 2009

Disclaimer: I openly admit I’m in a very shitty mood today and that it probably contributes to the tone of this rant. So what.

WARNING: Contains bad words. Reader discretion advised (because I’m not using any myself today).

Seems nary a week goes by without hearing some clueless fucktard complain about a “Microsoft tax” — although it’s usually in the more toxic form of “Micro$hit” or “Windoze” or some similarly inane, juvenile bullshit. This supposed, mythical “tax” refers to the cost of a Windows license included in the cost of OEM computers, which, of course, make up the bulk of computers sold.

This, though, is a fallacy. It’s bogus. It’s FUD. It isn’t a tax — not a Microsoft tax, not a Windows tax, not a tax period. Whether the free software crowd likes it or not, the prevalence of such Windows pre-installed computers in stores and online reflects what most consumers want despite the availability of less-costly alternative operating systems like Linux. To those mainstream users, Windows is an essential value-added part of the system. It’s just like the RAM or hard drive or the power supply: it’s not something desirable without it.

Contrary to the unproven claims (more FUD) of the conspiracy nut crowd in the free software movement, Microsoft doesn’t pay the OEMs to include Windows on every computer. It’s the other way around with the OEMs paying Microsoft for bulk licenses, but the idiots who foam at the mouth about Microsoft don’t really care. To them, economies of scale — such as when someone gets a bulk discount compared to someone who buys smaller amounts pays more per unit — are evil when one software company does it; I wonder how many of them shop at discount places where they get lower rates because either they or the discount places have similar deals for various and sundry goods. Buying in bulk is good if you do it at your local hippie food co-op but not when buying software? I smell some hypocrisy!

Contrary to other assertions from the anti-Microsoft crowd, it’s a win-win-win situation. Microsoft makes less money per unit in the  bulk deals but they still come out fine because they guarantee themselves a revenue stream from bulk sales. Computer buyers win because they get affordable computers that work the way they expect. The bulk deals also benefit the OEMs because the people buying their computers expect an operating system and they expect it to look and work like Windows: these computers wouldn’t sell as well without an operating system, or even with Linux.

This last point is further established when comparing netbook sales. Linux had a tremendous head start but Windows now outsells Linux on netbooks at the same rate it does on desktops. Windows 7 will be the death blow of netbook Linux (and probably desktop Linux, too, though it’s hard to call it “alive” with its paltry marketshare). Linux netbook return rates — from disappointed users who expected a user experience more like Windows — have far outpaced returns of Windows units. Why are people so much more willing to pay an extra $50-100 for Windows-based netbooks if price is the primary criterion for their popularity?

Because it represents significant value to them, not a tax.

The whiners who bitch about this faux “tax” do so on the grounds that less expensive standard run assembly-line OEM boxes come preconfigured with Windows rather than Linux. They do have plenty of alternatives if they don’t want Windows. It’s not difficult to assemble a system by oneself: if anything, that gives the user absolute control over what parts go in and whether they’re supported in whatever operating system the user has in mind for it. There are also many builders of custom computers in most communities (well, in the developed world but also in some under-developed parts of the world as well) and online. These custom computers can be very affordable for the more miserly user or they can be built to kill — the sky’s the limit. Some OEMs, like Dell, sell Linux-based laptops and desktops in addition to Linux-based netbooks. Some OEMs will also sell custom-spec’d machines sans operating systems.

The actual cost savings, though, varies tremendously because of factors like the actual cash value of a bulk OEM license. Users aren’t necessarily going to get retail value off or refunded because the OEMs don’t charge users retail value for Windows: the computers would cost a lot more if they did (oh, evil Microsoft and their bulk license agreements — how dare they save average computer users money like that!). Also, the cost of an OEM computer sans operating system often qualifies as a “special run” or custom which comes with an extra charge even if the hardware is otherwise from a standard line. That’s the price of going against the tide.

Is that a price the true-believers are willing to pay? Or do they need a whipping boy to rail about — not to mention a straw man of a “tax” to tear down while preaching to their choir?

I think the only group for whom it really is a tax is those babbling bunches of pro-Linux cunts who are either too lazy or stupid to find computers sold without Windows and prefer to whine about some “Windoze tax” that wouldn’t even exist without them because most users want and get value out of pre-installed Windows. Remember that next time you see the word tax put anywhere next to Microsoft or any of its products.

My Global Blog: Views on Vista

March 27, 2009

I started another blog a few weeks ago beyond the scope of this one. Originally, I was going to use it for content centered on the Aspire One but decided to make it a more general topics blog — a global blog. Mostly I’ve written about issues related to politics, the economy, and finance. When I’ve had time.

Today I’ve written about my latest experiences with Vista and my opinions of it now that I’ve had a little more time with it. I was never on the hate-Vista bandwagon. That’s because I didn’t have enough time with it to make a reasonable and rational decision.

Let me also reiterate: I’m fairly agnostic about operating systems even though I favor Unix-like systems (discounting OSX, which is an abysmal piece of beast excrement). I don’t think there’s a single solution for everyone and for every need. I also believe very strongly in freedom of choice. That choice includes — not excludes — Microsoft Windows. That’s why I don’t dismiss it out of hand. Many people use it, many people like it. More power to them. More power to those who prefer Unix-like systems.

I’m not a Microsoft fan, but I’m also not a Microsoft hater. They do a lot of things right and they occasionally get something wrong. I think their detractors get a lot more wrong than Microsoft does. That includes groups like FSF who spew lies (and offer an “alternative” operating system such as GNU HURD that after 25 years of development doesn’t and probably won’t in another 25 years suit most users’ needs) as well as nations who’ve sued a company for daring to succeed at the level they have (Linux distros are even more guilty of bundling software than Microsoft is but the EU won’t sue Ubuntu for including a browser or media player or office software in any given release).

I think Microsoft gets a lot of things right with Vista and — from the sound of things since I haven’t tried the betas yet — Windows 7. Whether and how soon they can recover from distorted public perceptions remains to be seen. I’m increasingly impressed with what Microsoft is doing and am seriously considering Windows 7 for my Aspire One. Enough so that I’m willing to reallocate the space taken up by PCLOS to try the new Windows 7 release candidate when it’s available.

Linux Advocacy – No Forest, Just Trees

October 22, 2008

Once again, the immature hysteria of open source advocacy has reared its tiny, ugly head. This time in the form of asking an industry panel why they don’t advertise “Linux” and all kinds of trash talk about industry because their answers weren’t brown-nosing enough for some.

No, Carla, Linux is not a dirty word. (Same goes to you, Kenny.)

First of all, you’re wrong that they don’t discuss Linux. IBM has used Linux by name in advertising. The ad campaign wasn’t shortlived in comparison to other IBM ad themes. Dell is also set to advertise their Ubuntu-based computers.

Not good enough? It’s something that will never rally the masses. There’s no conspiracy centered in Redmond, Washington, with little satellite branches headquartered in Fortune 100 tech companies to keep Tux down. These companies — IBM, HP, Dell, et al — know where and how their bread is buttered. They can sell “Linux” solutions by name to a certain kind of consumer — likely in a milieu involving significant infrastructure rather than individual desktops and laptops. The consumer marketplace isn’t clamoring for Linux. For the consumer crowd, it boils down to a choice between Windows and OSX. That’s not the doing of those selling hardware, that’s a reality of the market; if you don’t like that, fix Linux so consumers consider it a valid choice for their desktops.

There are many ironies in raising such a fuss about IBM and Lenovo in this context. For starters, IBM took on Microsoft long before there was a such thing as Linux. IBM tried to sell OS/2 as an alternative to Windows; they advertised it extensively to limited success (though many people still prefer it despite IBM dropping support for OS/2). IBM was an early adopter and supporter of Linux. They’re the only company whose ads I’ve seen — in primetime, during major sporting events — featuring Linux as noted above.

Where the fuck was Kenny when all those ads were airing?

I’ve written many times here and elsewhere that people are more likely to adopt Linux if they don’t know they’re using it — on DVRs, cell phones and PDAs, and in other devices where it functions without need for configuration by users. If it’s preconfigured and “just works,” there’s no learning curve. That’s far different than what “Linux” represents to most consumers, and it’s far different than putting it on their computers when they’re already comfortable with something else.

Advertising can and does shape perceptions. So does practical use. As far as Linux has come in recent years, it’s still not an ideal solution for all users — especially those who aren’t particularly technically inclined. The world isn’t filled with geeks, just people who want to use their computers. They expect things to work in a manner in which they’ve already become accustomed. Linux doesn’t do that, which is why the return rate is much higher for Linux-based devices than Windows-based devices (search my previous entries for articles about this).

The companies accused of not being “real friends” of open source have devoted tremendous resources — cash, code, manpower — to the cause of open source. They share their people with LUGs, they encourage involvement in the community. They’re not freeloaders.

Yes, their motives are profit-based. There’s not a fucking thing wrong with that — that’s why people get up and go to work, why companies exist. It’s not a matter of lip service to them, it’s their bottom line.

It’s not exploitative, either. Making software free — as in freedom — means reducing barriers rather than creating them regardless of their means or their goals. That goes for the “suits” as well as anyone else. They don’t have to take vows of poverty to use free and open source software. They also don’t have to contribute back to it other than the changes they distribute per the GPL and similarly restrictive licenses.

Everyone using open source and libre software “profits” from it; the productivity, joy, or any other quality derived from the experience — if positive — is a benefit to someone. And I don’t think users have to see a goddamn penguin with “Tux Inside” (would most consumers know wtf that means anyway?) to benefit from it. If it works, they like it. They don’t care beyond that.

Casting aspersions and accusing others of taking but not giving (or treating Linux like a dirty word), though, is sheer demagoguery. Demanding others give lip service and behave in ways you think they should is authoritarian. It’s the antithesis of freedom.

Is that what free software is about now?

If not, you might try attracting flies with honey rather than vinegar. The “suits” freely using and contributing back to open source aren’t your enemies. You shouldn’t become theirs just because you can’t see the forest for the trees.

It’s Linux, Not GNU

August 19, 2008

I’m not a fan of using additional syllables where they’re not needed. I’m sick and bleeping tired of twits who insist I call every Linux distro “GNU/Linux.” Not every Linux distro uses GNU utilities. And many users’ experiences center on X, KDE, and other parts in userland that aren’t GNU or even GPL’ed.

I think one of the reasons people like Richard Stallman are so insistent on this point is to cover up the shortcomings of the GNU part. GNU is Not Unix — not by a mile. GNU is Not Usable, too. GNU is also not an operating system. It’s a half-assed, half-finished implementation that’s been hamstrung by the very people who insist on inserting “GNU” before Linux. Rather than embracing “free” software that already existed, Stallman, et al, chose to reinvent the wheel. They haven’t gotten very far and instead have wasted a lot of time in pissing matches about freedom and issues that are unrelated to free software (e.g., anti-DRM measures which are content- or data-centric rather than related to software, per se). Were it not for Linus Torvalds and his kernel, GNU would be even less Unix and usable and useful than it is now.

Some words take on meanings that are either broad or narrow. In the narrow sense, Linux is a kernel. In a broad sense, though, it encompasses a lot more than that — the broader ecosystem transmitted in the form of a distribution. In a way it’s analogous to trademarked names that become increasingly generic because of prevalence and familiarity. I know I’ve been given plenty of “xerox copies” from non-Xerox printers. I think Linux is like that and can be safely and accurately used in a broader sense to encompass not just the kernel but the full system of any given distro.

As I noted above, most users don’t experience the kernel or GNU utilities directly but rather through interfaces that are definitely not GNU. Without X, without desktop environments like KDE or window managers like enlightenment, Linux adoption would be even less than it is now (especially on desktops). But we don’t hear the X or KDE people insisting that it be called X/KDE/GNU/Linux. Thank goodness.

Moreover, not every distro uses the GNU utilities. Some use busybox  to replace GNU utilities and leave out a toolchain, but they still most definitely use the Linux kernel. This is where the arrogance of the FSF types and GNU/kooks prevails and cons developers into calling it GNU/Linux despite the lack of a GNU toolchain or utilities. I’m singling out Slitaz for using “GNU/Linux” when they’re really just Linux. Or busybox/Linux (which is even dumber than prepending GNU). How much GNU software is in Slitaz’ base? X isn’t GNU software. Neither is jwm or Xfce. Nor openbox. X isn’t even under the freaking GPL.

If it’s not GNU, why the stupid blanket insistence by the GNUtards that it be called what it isn’t? Dumb, dumb, dumb.

So this got me to thinking about how much of the GNU bloatware I might be able to replace. I already ditched bash for the free-er and more nimble ksh — mksh  to be precise. I considered the Linux port of OpenBSD’s ksh but the guy who ported it reflexively slapped GPL on it. I really hate that kind of thing but that’s an article for another day.

My latest de-GNU’ing came last week when I installed libarchive (from FreeBSD) and symlinked bsdtar and bsdcpio to be my de facto tar and cpio. I also added OpenBSD’s pax (with Debian’s patch). Can never have too many archiving utilities, especially when considering replacing one operating system (or one distro) with a better one.

I know I’m mostly stuck with GCC, which is unfortunate because it typifies the kitchen-sink bloat mentality of the GNU types. And there are some things like screen that I know I’ll continue to use whether it’s GNU or not — but that’s separate from the base utilities. I’m looking for more anti-GNU replacements for this just to see how little GNU I can have in my Linux. That way I can correct any lamer GNUtard who stupidly tries to correct me when I intentionally and willfully — and quite happily — leave GNU off Linux.

DSL, GPL, etc.

June 18, 2008

Recent threads at the DSL Forums have covered issues pertaining to licensing, the GPL in particular. Many people casually praise the GPL without considering what it actually says and what it means to casual users and developers alike.

The first issue arose when someone posted links to his remasters of DSL. I was annoyed that he posted the same information twice in the forums, and in places where it wasn’t really on-topic. I asked how I could get sources for GPL software he used. I reminded him of the judgment of the FSF/SFLC that downstream and/or derivative distros (like Knoppix, Mepis, DSL, Slax, Vector, etc.) had to maintain and provide sources regardless of availability of sources for unmodified binaries taken from upstream repositories. This led to some heated discussion (and also some productive discussion as well) about the whole issue and whether it was appropriate for distros to sell media with their sources.

This gets at the heart of many misunderstandings about GPL. It is NOT about free/no-pay transmission of software. It’s about the freedom to see and change source code. As FSF very clearly says throughout the gnu.org site and elsewhere, you can charge a billion dollars for GPL’ed software. The only restriction is that you cannot charge an excessive amount to restrict access to the sources.

Second, DSL has another GPL controversy today. DSL had switched from using flua, lua with a set of FLTK bindings, to murgalua (which has FLTK bindings and a lot of other stuff thrown in) several months back. Unfortunately, murgalua requires the full runtime of lua and fltk and libz and sqlite and luafs and who-knows-what-else to be run all at once even if it’s for a simple lua non-GUI task.

So DSL refactored the bindings so lua can be run on its own and FLTK and all the other bindings can be used independently as-needed — something much more suitable for the needs of DSL and its users.

John Murga is the author of murgalua. He licensed his bindings under GPL even though the bulk of the parts of his runtime — lua, etc. — are under much more permissive licenses like LGPL, MIT-X, and BSD. Today he’s posted a notice on his forum that DSL has transgressed the GPL and linked to another post he made on his forum in which he said (or suggests) he won’t condone or support the re-use of his bindings apart from the runtime. He reiterated that

Either way I am unhappy with MY CODE being used in this way (if that counts for anything).

The GPL gives users freedom to change the code to suit their own needs so long as redistribution follows the rest of the GPL’s terms. If Mr Murga has ANY objection to others using his bindings under the license he used, he should re-license it in manner which will give him as much control over how others use it as he wants. The more permissive licenses used by lua, sqlite, etc., certainly allow that.

Both issues relate to similar problems. First, most users and developers wrongly associate GPL with things it doesn’t mean. It doesn’t mean zero-cost, it means sources must be made available (directly or via normal computer-readable media) when distribution occurs. Second, it doesn’t give anyone the right to determine how it’s used on anyone else’s computer. THAT IS WHAT THE FOUR FREEDOMS ARE ALL ABOUT — the right to see and change the code as well as the right to redistribute it as it was received or as it has been changed. So, to Mr Murga I say: no, your feelings REALLY DON’T matter.

I’m not a fan of the GPL. I’ve written plenty of places here and in other places why I object to it. Some of its demands are onerous, such as the requirements that downstream derivatives maintain their own source trees for unmodified binaries, for requiring a hypothetical user who compiles an app for his friend or relative to make the sources available, etc. I’ve found that it appeals to two groups of people: one is the zealot who sees software as a political (or even religious) issue and the other is the uninformed who makes the false link between GPL and “free as in beer” with nary a thought about the actual meaning of the license. Sometimes the line is crossed and you have a hybrid — you can find many instances of that in the Linux/FOSS advocacy with lists of reasons that give very little about “you can see the sources” (even if you don’t know wtf it all means) and a whole lot about how your only costs for Linux is the CDs onto which you burn a zillion distros to try and find one that works for you.

These recent spats have only served to reinforce my objections to the GPL.