Archive for the ‘fud watch’ Category

New Zero Day – Linux Kernel

July 21, 2009

I’ve written repeatedly about the myth that Linux is inherently more secure. It always falls on deaf ears because some people don’t want to be bothered with the truth that all complex software is inherently vulnerable and insecure.

Here’s more proof that Linux has its own share of vulnerabilities.

The latest exploit affects kernel 2.6.30 and earlier versions. Bojan Zdrnja at Sans writes that Brad Spengler of grsecurity discovered this and adds:

Why is it so fascinating? Because a source code audit of the vulnerable code would never find this vulnerability (well, actually, it is possible but I assure you that almost everyone would miss it). However, when you add some other variables into the game, the whole landscape changes.

How so? Spengler writes in the comments to his POC that this vulnerability not only bypasses SELinux but is strengthened by it. Zdrnja explains:

While optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. In other words, the compiler will introduce the vulnerability to the binary code, which didn’t exist in the source code. This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland – and this finally pwns the box.

Is Linux or gcc to blame? Both/same. How many insist on “GNU/Linux”? Complex code, mutiple layers. So many links that there are bound to be some weak ones even if they’re not readily apparent by looking at the pieces rather than the sum of the whole. As Zdrnja concludes, “Fascinating research… again shows how security depends on every layer.”

Spengler’s solution is for administrators to compile the kernel with fno-delete-null-pointer-checks.

Remember what Linus said about masturbating monkeys? Or how many fanboi and other FSF-type sites raise anecdotal evidence about things like pwn2own as “proof” that Linux is insurmountable to attack or that Linux is more secure than Windows? It’s all bullshit.

Windows is more exploited because it’s prevalent. Linux has enjoyed security through obscurity, which is only obscurity and certainly not security. This isn’t the first or only exploit in the Linux kernel and it sure as hell won’t be the last. It really doesn’t help when so many in the Linux community — including Linus — are either nonplussed by vulnerable code, oblivious to security issues, or even willing to lie about it and spread their FUD that Windows is the only inherently insecure operating system and that Linux is inherently secure.

Time to get serious about security rather than treating it as an afterthought or engaging in deceit, especially if you want greater marketshare on computers, servers, phones, PDAs, DVRs/PVRs, or any other device that can run Linux. Otherwise, you’re a fucking joke.

(edited)

UPDATE – 18:20 21 July 2009: I found more at Register about this:

The “NULL pointer dereference” bug has been confirmed in versions 2.6.30 and 2.6.30.1 of the Linux kernel, which Spengler said has been incorporated into only one vendor build: version 5 of Red Hat Enterprise Linux that’s used in test environments. The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed.

An exploitation scenario would most likely involve the attack being used to escalate user privileges, when combined with the exploitation of another component – say, a PHP application. By itself, Spengler’s exploit does not work remotely.

With all the hoops to jump through, the exploit requires a fair amount of effort to be successful. Still, Spengler said it took him less than four hours to write a fully weaponized exploit that works on 32- and 64-bit versions of Linux, including the build offered by Red Hat. He told The Register he published the exploit after it became clear Linus Torvalds and other developers responsible for the Linux kernel didn’t regard the bug as a security risk.

With millions of eyeballs, it still takes only two to find what everyone else can’t or won’t see.

Linus wrote that it’s not a Linux problem but a setuid problem, which Rob Graham of Errata Security points out is a “design ‘flaw’ that is inherited from Unix” that is “going to be with us for many years to come.” Ahh, yes. That’s the same ol’ Unix which some ignorant dolts wildly claim is what makes Linux and OSX and so many other things invincible and safer than Windows despite the truth. And ample evidence to the contrary.

Spengler’s beef now, though, is that Linus and his team haven’t clearly disclosed the problem. In complaining about the fact that his POC led to the issue being categorized as DOS, Spengler said, “It kind of makes the vendors think the security is better than it actually is.”

That should set off alarm bells to anyone using Linux, especially if beguiled about its inherent security.

There is No Microsoft Tax Except on Lazy Twats

April 13, 2009

Disclaimer: I openly admit I’m in a very shitty mood today and that it probably contributes to the tone of this rant. So what.

WARNING: Contains bad words. Reader discretion advised (because I’m not using any myself today).

Seems nary a week goes by without hearing some clueless fucktard complain about a “Microsoft tax” — although it’s usually in the more toxic form of “Micro$hit” or “Windoze” or some similarly inane, juvenile bullshit. This supposed, mythical “tax” refers to the cost of a Windows license included in the cost of OEM computers, which, of course, make up the bulk of computers sold.

This, though, is a fallacy. It’s bogus. It’s FUD. It isn’t a tax — not a Microsoft tax, not a Windows tax, not a tax period. Whether the free software crowd likes it or not, the prevalence of such Windows pre-installed computers in stores and online reflects what most consumers want despite the availability of less-costly alternative operating systems like Linux. To those mainstream users, Windows is an essential value-added part of the system. It’s just like the RAM or hard drive or the power supply: it’s not something desirable without it.

Contrary to the unproven claims (more FUD) of the conspiracy nut crowd in the free software movement, Microsoft doesn’t pay the OEMs to include Windows on every computer. It’s the other way around with the OEMs paying Microsoft for bulk licenses, but the idiots who foam at the mouth about Microsoft don’t really care. To them, economies of scale — such as when someone gets a bulk discount compared to someone who buys smaller amounts pays more per unit — are evil when one software company does it; I wonder how many of them shop at discount places where they get lower rates because either they or the discount places have similar deals for various and sundry goods. Buying in bulk is good if you do it at your local hippie food co-op but not when buying software? I smell some hypocrisy!

Contrary to other assertions from the anti-Microsoft crowd, it’s a win-win-win situation. Microsoft makes less money per unit in the  bulk deals but they still come out fine because they guarantee themselves a revenue stream from bulk sales. Computer buyers win because they get affordable computers that work the way they expect. The bulk deals also benefit the OEMs because the people buying their computers expect an operating system and they expect it to look and work like Windows: these computers wouldn’t sell as well without an operating system, or even with Linux.

This last point is further established when comparing netbook sales. Linux had a tremendous head start but Windows now outsells Linux on netbooks at the same rate it does on desktops. Windows 7 will be the death blow of netbook Linux (and probably desktop Linux, too, though it’s hard to call it “alive” with its paltry marketshare). Linux netbook return rates — from disappointed users who expected a user experience more like Windows — have far outpaced returns of Windows units. Why are people so much more willing to pay an extra $50-100 for Windows-based netbooks if price is the primary criterion for their popularity?

Because it represents significant value to them, not a tax.

The whiners who bitch about this faux “tax” do so on the grounds that less expensive standard run assembly-line OEM boxes come preconfigured with Windows rather than Linux. They do have plenty of alternatives if they don’t want Windows. It’s not difficult to assemble a system by oneself: if anything, that gives the user absolute control over what parts go in and whether they’re supported in whatever operating system the user has in mind for it. There are also many builders of custom computers in most communities (well, in the developed world but also in some under-developed parts of the world as well) and online. These custom computers can be very affordable for the more miserly user or they can be built to kill — the sky’s the limit. Some OEMs, like Dell, sell Linux-based laptops and desktops in addition to Linux-based netbooks. Some OEMs will also sell custom-spec’d machines sans operating systems.

The actual cost savings, though, varies tremendously because of factors like the actual cash value of a bulk OEM license. Users aren’t necessarily going to get retail value off or refunded because the OEMs don’t charge users retail value for Windows: the computers would cost a lot more if they did (oh, evil Microsoft and their bulk license agreements — how dare they save average computer users money like that!). Also, the cost of an OEM computer sans operating system often qualifies as a “special run” or custom which comes with an extra charge even if the hardware is otherwise from a standard line. That’s the price of going against the tide.

Is that a price the true-believers are willing to pay? Or do they need a whipping boy to rail about — not to mention a straw man of a “tax” to tear down while preaching to their choir?

I think the only group for whom it really is a tax is those babbling bunches of pro-Linux cunts who are either too lazy or stupid to find computers sold without Windows and prefer to whine about some “Windoze tax” that wouldn’t even exist without them because most users want and get value out of pre-installed Windows. Remember that next time you see the word tax put anywhere next to Microsoft or any of its products.

Snobbery + Ignorance = Linux Advocacy

March 8, 2009

I’m not big on snobbery, especially when it’s packaged with an unhealthy dose of ignorance. I think that’s one of the reasons why I’ve always been put off by the lists put out by advocates of Linux — seems more often than not the lists contain things you can do in Windows, and often much more easily. To the Kool-Aid guzzling, true-believing advocate who gets a priapism when he sees a penguin, Windows is some maimed and dysfunctional computing ecosystem adopted through laziness and it, its creators in Redmond, and its users are to be mocked at all times. Never mind that Windows is every bit as capable of doing everything they say it can’t or doesn’t do, or that the applications they use in Linux also run in Windows. Linux advocacy suggests it’s contending against FUD when, in fact, it’s based entirely on FUD.

Linux advocacy is fundamentalism. The heretics and infidels continue to buy PCs with Windows licenses, so the jihad continues. And along with it is all the bullshit snobbery that “I can do this but you can’t.”

Oh really? 

The latest victim of my wrath example is Andrew Gregory at TechRadar, which is a site which bills itself as “deep into technology.” I was curious when I saw a feed truncated down to “Hack your Aspire One…” so I clicked it and saw the ellipse hid “Linux netbook interface.”

fucktard-so-called-guru-tweaks

Oh joy. Not only do we get to see how easy it is to change appearances of the interface, we get a healthy dose of “can’t do this in Windows” bullshit. But you actually can, it just takes a little more effort because most Windows users use computers rather than cum all over themselves from playing with eye candy.

This article would be bad enough if it were just a how-to. Unfortunately, it includes fucking retarded crap about neighbors from Vista Manor asking questions about their Linux-based netbook after an asinine statement about “They just want something that works, and when they try [Linux on netbooks], they like it.” If it works, why are they asking you?

Right, it just works. Like when I ordered my Aspire One, the internal mic didn’t work in the Linpus model but it worked in XP; or how the multi-card reader worked in XP but not Linux; how suspend and hibernate worked flawlessly in XP but had some serious issues in Linux; how the XP model worked perfectly with external monitors and projectors but the Linux model was rather crippled to say the least; etc. Guess which model I ordered? Yep, the one that just works: XP.

Don’t give me that fucking bullshit that “Linux just works.” If it had, I wouldn’t be using XP on an Aspire One right now. The few problems the XP models had, such as issues with the Atheros wifi (which thankfully haven’t affected me), pale in comparison to the crippled-from-the-factory woes of those who bought Linux versions of the AA1. I don’t know why Acer would ship non-functional hardware or choose it without appropriate drivers, nor do I understand why people would buy it. Guess that’s reason #24 “why Linux rocks and Windoze sucks” — you can see the source and write your own fucking driver. Riiiight.

And if people really want Linux, how the hell do you explain the higher return rates for Linux netbooks or how Windows XP has so thoroughly eclipsed Linux on netbooks sold? I’ll have another entry shortly on that latter point. Suffice for now, XP models now account for 90% of US netbook sales. There is no momentum for  Linux on desktops or netbooks; no, sunshine, there’s tremendous momentum away from it with fewer and fewer Linux models being offered in large markets like the US and UK. Just as I wrote last summer would happen as the niche matures. That won’t stop the Kool-Aid crowd from toasting Tux.

Speaking of which, Mr Gregory eases the reader into the complexities of Xfce settings with the calming assurance that “you’re not a newbie: you’re a Linux guru in the making.” WTF? Can one really get the Platinum Certified Linux Guru (TM) card just by tweaking a few window manager controls now? I think they give you that for misspelling “windoze” or “micro$haft” and other signs you’re sipping the Kool-Aid with them.

Mr Gregory suggests, “If you’re used to Windows you’ll probably be surprised by the extent to which you can change the way the system works, but that’s part of what makes Linux so powerful.” If Mr Gregory could pull his head out of  his arse long enough to use Windows, he might be surprised to the extent to which Windows can be changed. It might also surprise Mr Gregory that what he’s configuring isn’t even Linux. It’s a friggin’ window manager that runs on the X Window System and, accordingly, isn’t a Linux hack.

So this is his lame idea of power? Changing an interface so it’s more aesthetically pleasing, which is a personal preference and has ZERO to do with how the system (Linux, GNU, or anything else) actually functions? (Another warning about upcoming posts: I’m going to add another video to my youtube account shortly — hopefully — to demonstrate at least another of many Linux advocacy fallacies about resource use. “How the system works” goes far beyond tweaking user interfaces.)

I’ve been working with Linux for over a decade — servers, embedded, desktop, you name it. Before that, real Unix; currently, I’m using BSDs more than Linux distros. Prior to getting an Aspire One (XP model), I hadn’t done very much work with Windows since the late 90s with NT 4.01 (server and workstation). We have another XP computer, but I’ve rarely used it in the six years or so we’ve had it; it’s slated to become a file server in the near future. My beloved has a Vista laptop which she loves (she hates all Unix-like operating systems), but I’ve only used it a few times. But one of the things I’ve always appreciated about Windows is that it’s scalable and flexible and configurable — and very easily so despite the mindless FUD from little wankers who think Windows is preconfigured and you’re stuck with its defaults.

I know a thing or two about tweaking interfaces — I don’t consider it hacking at all because it’s so bloody fucking superficial. It doesn’t affect productivity (sorry, Nathan, it really doesn’t). It can be a fun diversion, but that’s about it. 

One of the biggest sources of hits to this blog is searching related to themes (not to mention links from DSL for the same) because I posted quite a few for jwm. Why did I do that — because I have some sick predilection for gussied-up user interfaces? No! I did it to shut people up by showing:

  • aesthetics is a very personal and subject area;
  • accordingly, no single distro can please everyone;
  • window managers aren’t inherently “beautiful” or “ugly;”
  • any window manager can be configured to please any user, from colors to controls;
  • people who whine about user interfaces are the very people distros should avoid welcoming to their communities because they tend to value style above substance;
  • most distro reviews are about two things: aesthetics and the incessant dick measuring contest of versioning numbers (“this distro has foo 4.3, which is behind the times because that distro released the same day includes foo 4.4rc2”); and
  • it doesn’t matter whether a distro uses fluxbox, jwm, openbox, kde, gnome, e16 or e17, or whatever else because it can all be gussied up to look pretty much the same but they ultimately provide the same or similar functions.

I was fucking tired of reading in the DSL forums that jwm was ugly. Or that it presented a barrier to wider adoption. So I did a lot of those themes to at least open minds, if not to change them. Some had even balked at the move from fluxbox as the default window manager to jwm, as if that’s what DSL was all about. So I showed how to set it up so it looked and worked (no menu on taskbar, only on right click) like fluxbox. Etc. The window manager doesn’t define what’s  under the hood. Nor does the way it’s painted.

Computers are tools, machines. It’s how they perform that should count. Not how they look. Or, a big peeve, when people try to tell me how something “feels,” as in, “this feels more {stable,vanilla,____(fill in the freaking blank with nebulous drivel)}.” How does “stable” or “vanilla” feel? Compared to what benchmark? Short of crashing or stuff not running correctly, I don’t know what the average user would notice about stable/unstable. Vanilla? That’s usually ascribed to Slackware to denote that it’s not filled with patched binaries or marked up with logos like other distros.

Which was more important with DSL 4: that it marked  a paradigm shift from previous versions’ focus on applications to being more data-centric with MIME-type associations on the desktop and with the new file manager OR that it had a certain “look”?

Every fucking review I read either skimped over the nuts and bolts or mentioned a lot more about the paint job (while occasionally mentioning the aforementioned dick-measuring version numbers for everything, of course) than the change. I usually stop reading or listening to reviews as soon as default aesthetics come up — that tells me about the reviewers sense of aesthetics, not qualities about whatever’s being reviewed.

So the same useless goddamn bickering starts between Linux advocates about Windows. More Linux advocacy lies to crush.

I’ve played this game before, and I win it every fucking time. There was the asshole who said that Linux rocks because it has tools like cron and a shell like BASH. So I showed him a batch script that accomplished the same thing, and that it can be run from Scheduled Tasks. Then there was the fucking idiot who said that Linux was superior because of the wide selection of open source applications; he was left stammering when I showed him that they all — every single one of them — also ran on Windows. Or the blowhard who prattled about proprietary software while I helped him configure ndiswrapper so his blob could run in his pure and  unadulterated open source operating system (I politely nodded my head; he was paying me to set up his certified easy-to-run and free-as-in-beer-and-speech distro).

So now ya say Windows XP can’t be dressed up? Yeah, it’s XP. I can’t take credit for it, even though I have several of my own themes. I did the background myself — all 40.1kb of it. The theme itself is genuine Microsoft, available if you search for it (“signed embedded theme xp” seems to work), signed and all so it didn’t require any DLL hacking.

fucktard-try-this-at-home

I need to throw in an image showing window decorations. Because we all know how important that “Piranha” look around all your windows is to getting things done.

Guess that’s what separates me from Linux advocates. I actually use my computer to get things done, whether it’s while using Windows, Linux, or one of the BSDs. I have digital picture frames for when I want to admire pretty stuff.

You know what, I think I’m like most people that way. Maybe that’s why Linux advocacy isn’t working.

Edit: Here’s the lowly window decorations for the embedded theme. Maybe not spiffy enough for l33T Xfce-tweaking Linux gurus, but it does clear up the lie that Windows can’t be themed apart from the classic or XP looks. Twats.

fucktard-so-called-guru-tweaks2

edit 2: Here’s Microsoft’s Zune theme (also signed — no dll hacking required — and available if you search for it) on my netbook, again with a quicky homemade background (I’ll tweak the colors later). Also edited content above.

fucktard-try-this-2scaled

Linux Advocacy – No Forest, Just Trees

October 22, 2008

Once again, the immature hysteria of open source advocacy has reared its tiny, ugly head. This time in the form of asking an industry panel why they don’t advertise “Linux” and all kinds of trash talk about industry because their answers weren’t brown-nosing enough for some.

No, Carla, Linux is not a dirty word. (Same goes to you, Kenny.)

First of all, you’re wrong that they don’t discuss Linux. IBM has used Linux by name in advertising. The ad campaign wasn’t shortlived in comparison to other IBM ad themes. Dell is also set to advertise their Ubuntu-based computers.

Not good enough? It’s something that will never rally the masses. There’s no conspiracy centered in Redmond, Washington, with little satellite branches headquartered in Fortune 100 tech companies to keep Tux down. These companies — IBM, HP, Dell, et al — know where and how their bread is buttered. They can sell “Linux” solutions by name to a certain kind of consumer — likely in a milieu involving significant infrastructure rather than individual desktops and laptops. The consumer marketplace isn’t clamoring for Linux. For the consumer crowd, it boils down to a choice between Windows and OSX. That’s not the doing of those selling hardware, that’s a reality of the market; if you don’t like that, fix Linux so consumers consider it a valid choice for their desktops.

There are many ironies in raising such a fuss about IBM and Lenovo in this context. For starters, IBM took on Microsoft long before there was a such thing as Linux. IBM tried to sell OS/2 as an alternative to Windows; they advertised it extensively to limited success (though many people still prefer it despite IBM dropping support for OS/2). IBM was an early adopter and supporter of Linux. They’re the only company whose ads I’ve seen — in primetime, during major sporting events — featuring Linux as noted above.

Where the fuck was Kenny when all those ads were airing?

I’ve written many times here and elsewhere that people are more likely to adopt Linux if they don’t know they’re using it — on DVRs, cell phones and PDAs, and in other devices where it functions without need for configuration by users. If it’s preconfigured and “just works,” there’s no learning curve. That’s far different than what “Linux” represents to most consumers, and it’s far different than putting it on their computers when they’re already comfortable with something else.

Advertising can and does shape perceptions. So does practical use. As far as Linux has come in recent years, it’s still not an ideal solution for all users — especially those who aren’t particularly technically inclined. The world isn’t filled with geeks, just people who want to use their computers. They expect things to work in a manner in which they’ve already become accustomed. Linux doesn’t do that, which is why the return rate is much higher for Linux-based devices than Windows-based devices (search my previous entries for articles about this).

The companies accused of not being “real friends” of open source have devoted tremendous resources — cash, code, manpower — to the cause of open source. They share their people with LUGs, they encourage involvement in the community. They’re not freeloaders.

Yes, their motives are profit-based. There’s not a fucking thing wrong with that — that’s why people get up and go to work, why companies exist. It’s not a matter of lip service to them, it’s their bottom line.

It’s not exploitative, either. Making software free — as in freedom — means reducing barriers rather than creating them regardless of their means or their goals. That goes for the “suits” as well as anyone else. They don’t have to take vows of poverty to use free and open source software. They also don’t have to contribute back to it other than the changes they distribute per the GPL and similarly restrictive licenses.

Everyone using open source and libre software “profits” from it; the productivity, joy, or any other quality derived from the experience — if positive — is a benefit to someone. And I don’t think users have to see a goddamn penguin with “Tux Inside” (would most consumers know wtf that means anyway?) to benefit from it. If it works, they like it. They don’t care beyond that.

Casting aspersions and accusing others of taking but not giving (or treating Linux like a dirty word), though, is sheer demagoguery. Demanding others give lip service and behave in ways you think they should is authoritarian. It’s the antithesis of freedom.

Is that what free software is about now?

If not, you might try attracting flies with honey rather than vinegar. The “suits” freely using and contributing back to open source aren’t your enemies. You shouldn’t become theirs just because you can’t see the forest for the trees.

Open Sources Biggest Enemies: Open Source Users

July 28, 2008

I had a few minutes in which to skim through the disgruntled Ubuntu user’s blog. Between his racist banter (Foxconn is located in Taiwan, so their communication isn’t perfect English; the user in question disgustingly lampoons them for it) and insistence that Microsoft is to blame, it’s clear that it only takes a few bad apples to spoil the whole bunch with respect to how companies view the open source community.

You can work with people or you can make everything worse for everyone else by making demands and allegations. There are already enough companies who WON’T have anything to do with Linux or other open source projects because the world is — and will be for many years to come — very much Windows-centric. It doesn’t help open source when users act without any tact and go around accusing others of trying to subvert open source.

What do you accomplish when you mock others’ grammar, especially when they don’t speak English? What do you hope to accomplish by making repeated attacks on a company who manufacturers something you want to use when it appears they’re willing to work with you to solve issues that affect < 1% of their customer base? What does it say about the open source community when there’s a lot of this bullshit about companies being in Microsoft’s pocket simply because they either have a Vista-ready emblem on their site or because they suggest you see if there’s a similar issue by running an operating system (Windows) they know works on their hardware to see if it can be isolated to one board? What good does goading the people trying to help you do? Or writing the FTC that “I am complaining because I feel this violates an anti-trust provision in the Microsoft settlement, I further believe that Microsoft is giving Foxconn incentives to cripple their motherboards if you try to boot to a non-Windows OS”?

If there’s a buggy BIOS, the odds are very good that Microsoft had nothing whatsoever to do with it. But with myriad kernel versions and configurations, how the fuck is a board manufacturer supposed to keep up with every change? At least Microsoft plays friendly with the manufacturers so their hardware and software will work. Linux users just throw tantrums and make all kinds of allegations and demands. And then they expect equal support for Linux as Windows or don’t understand why companies who sell 90+ percent of their goods for use in Windows can’t “guarantee” it works with every possible permutation of Linux.

Do you still wonder why companies like Broadcom don’t care to work with open source types? Who needs that when your business model is already working just fine without it.

Running around with a chip on your shoulder, shouting anti-MS hysteria, making irrational and unfounded claims, and/or scanning the skies for black helicopters is no way to increase open source adoption. Or even open source cooperation.

If there’s a silver lining in any of this, the user in question has been banned from Ubuntu’s forums. Nice to see some discretion exercised when someone appears so incapable of it himself.

Open Source Conspiracy Nuts: _OSI, Your BIOS, and You

July 28, 2008

I’m not a big fan of conspiracy theories. They exist to give weak-minded, irrational people the extravagant and irrational explanations for irrational events they seem to need — belief in widespread conspiracy is a coping mechanism for the mentally unstable.

Bogeymen, secret societies, remote control aircraft, grassy knolls, UFO secrets, and all the rest.

Now add Foxconn and Microsoft. At least for certain Ubuntu fanboys.

Turns out someone ran into some serious ACPI issues with a new Foxconn mobo. A bit of BIOS hacking revealed something a bit odd — Linux support appears to be broken. Rather than learn more or even wait for answers, the user decided to run to the Ubuntu forums and present this is the latest MS attempt to kill Linux. It gets picked up by semi-coherent twits at Slashdot, snowballs, and before you know it there are all kinds of allegations and insinuations being made.

Uh, what’s the definition of FUD again? Nothing like a conspiracy theory to demonstrate the power of fear, uncertainty, and doubt. Especially among the uncritical thinkers who use Linux as some anti-Microsoft fashion(less) statement.

Matthew Garrett delved deeper into the issues, the BIOS, and Linux ACPI.

mjg59: Further Foxconn fun:

Take home messages? There’s no evidence whatsoever that the BIOS is deliberately targeting Linux. There’s also no obvious spec violations, but some further investigation would be required to determine for sure whether the runtime errors are due to a Linux bug or a firmware bug. Ryan’s modifications should result in precisely no reasonable functional change to the firmware (if it’s ever hitting the mutex timeout, something has already gone horribly wrong), and if they do then it’s because Linux isn’t working as it’s intended to. I can’t find any way in which the code Foxconn are shipping is worse than any other typical vendor. This entire controversy is entirely unjustified.

That’s what happens when you shoot first and ask questions later. Anyone who’s ever compiled a kernel and taken the time to read the documentation knows of all the hardware-specific kludges (or “bugfixes”) contained therein. It wouldn’t be the first time there’s a problem related directly to a bug in the kernel source or in the way it was compiled. It’s not the manufacturer’s fault when Linux kernel development is often over-ambitious and frequently imperfect. Dittos for the problem of using a default one-size-fits-all (when they don’t) kernel. Usually default kernels are adequate for most hardware. But not for all. Is this something related to Ubuntu’s config?

I have an old board that will not even boot with SMP kernels and, being a fan of older hardware, I also have boards that have other SMP issues. That’s no cause for me to attack the board makers, just compile a non-SMP kernel for them. BFD. That’s why you have the source in the first place — so you can use it as you need it to run and as you see fit. Not so you can whine about MS and hardware vendors.

Now how the hell do these anti-MS zealots and conspiracy-peddling crackpots put the toothpaste back in the tube?

DSL, GPL, etc.

June 18, 2008

Recent threads at the DSL Forums have covered issues pertaining to licensing, the GPL in particular. Many people casually praise the GPL without considering what it actually says and what it means to casual users and developers alike.

The first issue arose when someone posted links to his remasters of DSL. I was annoyed that he posted the same information twice in the forums, and in places where it wasn’t really on-topic. I asked how I could get sources for GPL software he used. I reminded him of the judgment of the FSF/SFLC that downstream and/or derivative distros (like Knoppix, Mepis, DSL, Slax, Vector, etc.) had to maintain and provide sources regardless of availability of sources for unmodified binaries taken from upstream repositories. This led to some heated discussion (and also some productive discussion as well) about the whole issue and whether it was appropriate for distros to sell media with their sources.

This gets at the heart of many misunderstandings about GPL. It is NOT about free/no-pay transmission of software. It’s about the freedom to see and change source code. As FSF very clearly says throughout the gnu.org site and elsewhere, you can charge a billion dollars for GPL’ed software. The only restriction is that you cannot charge an excessive amount to restrict access to the sources.

Second, DSL has another GPL controversy today. DSL had switched from using flua, lua with a set of FLTK bindings, to murgalua (which has FLTK bindings and a lot of other stuff thrown in) several months back. Unfortunately, murgalua requires the full runtime of lua and fltk and libz and sqlite and luafs and who-knows-what-else to be run all at once even if it’s for a simple lua non-GUI task.

So DSL refactored the bindings so lua can be run on its own and FLTK and all the other bindings can be used independently as-needed — something much more suitable for the needs of DSL and its users.

John Murga is the author of murgalua. He licensed his bindings under GPL even though the bulk of the parts of his runtime — lua, etc. — are under much more permissive licenses like LGPL, MIT-X, and BSD. Today he’s posted a notice on his forum that DSL has transgressed the GPL and linked to another post he made on his forum in which he said (or suggests) he won’t condone or support the re-use of his bindings apart from the runtime. He reiterated that

Either way I am unhappy with MY CODE being used in this way (if that counts for anything).

The GPL gives users freedom to change the code to suit their own needs so long as redistribution follows the rest of the GPL’s terms. If Mr Murga has ANY objection to others using his bindings under the license he used, he should re-license it in manner which will give him as much control over how others use it as he wants. The more permissive licenses used by lua, sqlite, etc., certainly allow that.

Both issues relate to similar problems. First, most users and developers wrongly associate GPL with things it doesn’t mean. It doesn’t mean zero-cost, it means sources must be made available (directly or via normal computer-readable media) when distribution occurs. Second, it doesn’t give anyone the right to determine how it’s used on anyone else’s computer. THAT IS WHAT THE FOUR FREEDOMS ARE ALL ABOUT — the right to see and change the code as well as the right to redistribute it as it was received or as it has been changed. So, to Mr Murga I say: no, your feelings REALLY DON’T matter.

I’m not a fan of the GPL. I’ve written plenty of places here and in other places why I object to it. Some of its demands are onerous, such as the requirements that downstream derivatives maintain their own source trees for unmodified binaries, for requiring a hypothetical user who compiles an app for his friend or relative to make the sources available, etc. I’ve found that it appeals to two groups of people: one is the zealot who sees software as a political (or even religious) issue and the other is the uninformed who makes the false link between GPL and “free as in beer” with nary a thought about the actual meaning of the license. Sometimes the line is crossed and you have a hybrid — you can find many instances of that in the Linux/FOSS advocacy with lists of reasons that give very little about “you can see the sources” (even if you don’t know wtf it all means) and a whole lot about how your only costs for Linux is the CDs onto which you burn a zillion distros to try and find one that works for you.

These recent spats have only served to reinforce my objections to the GPL.

George Ou Calls Out EFF for Supporting Metered Internet

December 3, 2007

Here’s another net neurality article courtesy of George Ou. He was invited to discuss the EFF’s position in the Comcast-BitTorrent saga and was eventually told to “shut up” if he wasn’t going to take the EFF’s side.

EFF wants to saddle you with metered Internet service:

We’re all going to have to go back to the cell phone model where we worry about peak and off/peak hours and how many megabytes we used just like we worry about how many minutes we use….Not only does a metered Internet service plan screw the low-end users, it makes BitTorrent or any kind of peer-to-peer networking cost prohibitive.  The EFF ironically claims its standing up for BitTorrent rights when it fact it would kill it with metered Internet services.

Ou is right, and his comparison to cell phone billing is apropos. The EFF’s solution is much worse than the alleged problem. I say alleged because I remain unconvinced that what Comcast is doing by throttling the bandwidth of subscribers who transmit more data than some small nations via peer-to-peer is evil. I see it as a benefit because it (a)  spares the rest of us from having to pay more per month and (b) allows the rest of us to have decent connections throughout the day.

Markey’s Bill Won’t Fix Comcast/BitTorrent

December 3, 2007

Net neutrality may not resolve Comcast vs. BitTorrent:

…[E]ven some supporters of new laws–which would enact antidiscrimination regulations aimed at broadband providers–are now reluctantly conceding that the proposals that have been circulating in Congress for more than a year may not do much to stop Comcast…. When asked whether Comcast’s conduct toward BitTorrent would be prohibited under [Congressman Ed Markey’s] original bill, the [unnamed staff] aide said the clearest answer is “maybe.” In any case, the bill’s authors want to leave it up to an “expert agency,” presumably the FCC, to decide whether a company’s conduct in a particular situation was both “reasonable” and “nondiscriminatory,” the aide said.

The FCC presently allows providers to manage their networks with “reasonable and non-discriminatory measures,” which is what Comcast says they’re doing. “Comcast does not, has not, and will not block any Web sites or online applications, including peer-to-peer services, and no one has demonstrated otherwise,” spokeswoman Sena Fitzmaurice told CNET News.com. “We engage in reasonable network management to provide all of our customers with a good Internet experience, and we do so consistently with FCC policy.”

Half Truths Don’t Make for Good Open Source Advocacy

September 21, 2007

Here’s an example of the kind of thing that doesn’t help Linux advocates. It’s a list of things a user says he can do in Linux. Problem is, I do them almost all in Windows as easily as I do them in FreeBSD and Linux. It’s not personal, it’s just all too typical. I’m not picking on this particular person’s choice, I’m just picking apart the argument he presents.

Things I can do in Linux:

1. Update every single piece of software on my system with a single action. This is one of the main reasons I run Linux. For every Linux distribution I’ve used (Gentoo, Red Hat, Suse, Ubuntu,Fedora, Mandriva), updating is simple. When you update, you have every application, every library, every script – every single piece of software upgraded automatically for you. And on most of them, they will check for updates automatically and notify you. This is great for security, fixing bugs quickly, and getting the latest in features.

That sounds almost like Windows Updates. There’s a qualitative difference, though, between security updates and “latest features” — what I call the bleeding edge. That’s especially true when comparing updates between commercial vendors and those from open source projects, and it boils down to user threshold for instability. Projects like Ubuntu aren’t suitable for enterprise, in my opinion, because their six-month arbitrary release cycle is tied less to stability (and security!) than similar offerings from, e.g., Debian. Or Windows.

Moreover, software I use in Windows, like Firefox and Thunderbird, will prompt me when there are new versions for me to download. Or I can set them up to update automatically. I prefer a hands-on approach to see what’s fixed before I install something. I do that whether I’m using Windows or Linux or FreeBSD.

2. Update nearly everything on my computer without a reboot. On Linux, there is only one thing that requires a reboot after updates. The kernel. And even then you can continue to run on the previous kernel. You just need to reboot to get the benefit of using the new kernel (say, if it has a bug fix or a new feature).

Most Linux users I know shutdown and/or reboot their systems at least daily. I know many Windows users who leave their computers on 24/7 and don’t shutdown — their computers stay on until they make a system change that requires a reboot. You can do that. Windows doesn’t require daily or even weekly rebooting. This is hardly a reason to adopt one operating system over another unless there’s a pressing need for uptime, such as in a server setting. And that really doesn’t affect most desktop users.

3. Keep my system secure without software that consumes my system resources, requires my time, and frequently nags me.

Oh, so you don’t run Gnome or KDE or Sunbird or Open Office? Hahaha.

You don’t need a. Antivirus protection. AV software consumes resources and requires routine scans.

That’s not entirely true. There are rootkits and other malware that affect Unix-like operating systems — not to mention keyloggers, cross-scripting vulnerabilities, phishing, etc. The Internet is a dangerous place regardless which OS you choose to run. The resources of my Windows AV and firewall software combined run in less than 10 MB (8.3 to be precise). That’s not a high price to pay for security on a modern computer.

b. A software firewall like ZoneAlarm or the one built into Vista that constantly asks you if you want to allow software to contact the Internet. More time on your part.

Time?! It only constantly asks you such things if you don’t know how to configure it properly. How much time do you waste setting backgrounds and icons compared to properly setting up firewall rules?

c. Adblock Adaware and/or Spybot Search & Destroy on a routine basis, consuming your time, and requiring your manual intervention. People often forget or don’t “get around to it”.

Ever set up such things in Scheduled Tasks (Start-All Programs-Accessories-System Utilities)? It’s a lot like cron. It helps if you actually know what the tools are across platforms, not to mention how to use them. It’s also a lot more intuitive to set up than cron. Users who DO know how to use their tools can take care of such tasks without much “manual intervention” — even run them while their computers aren’t being used, just like scheduling system cron jobs in Linux and FreeBSD.

d. Never trusting software. You have to go through life assuming every bit of software and every website on the Internet is going to screw you over. What a sorry state of affairs that is.

Do you trust everything you use in Linux? Perhaps you should check out secunia and other security-related sites for examples of why you shouldn’t. Not all open source is safe. Only fools trust things implicitly regardless of operating system choice.

All of this requires your attention, slows your computer, and ruins the open experience of the Internet. None of this is necessary in Linux.

Bullshit. Total bullshit. The weakest link in any situation is the user, not the OS. The OS can make things easier or harder, but it comes down to the user knowing how to secure his computer and how to avoid compromising it by careless downloads, visiting untrusted sites, clicking on links in e-mails, etc. There are dumbasses using Linux who think they’re immune, there are Windows users who practice safe computing. It’s the USER, not the OS, that makes computing safe.

You get your software through your distribution. As long as you can trust your distribution, you can trust the software available.

Software distribution is something of an irony: I tend to use the same software in Windows that I use in FreeBSD and that I also used in Linux. Firefox, Thunderbird, vim, python, ruby, etc. It’s a comfort factor.

Having a firewall is a good thing even in Linux, but most of us have a firewall built into our Cable and DSL modems, or our wi-fi router.

A cable bridge isn’t a suitable firewall. Firewall software isn’t bloatware regardless of OS.

4. Run an entire operating system for free without pirating software, and without breaking the law..

I can also run Windows without resorting to piracy. I have multiple licenses. I happen to think the convenience of Windows — having something that works without the hoops Linux users have to jump through to get various drivers or wifi working — is well worth the cost of a license. I also don’t buy the FUD that Windows authentication is a hassle or invasion of privacy.

While unlikely, the potential is there for software companies to come after you just like the RIAA has come after countless people. With Linux, this isn’t necessary.

First, the people RIAA have gone after can actually be counted. Second, this is more bullshit especially when making points about running IE — proprietary software — in an emulator. Moreover, it depends how you intend to use open source software. The FSF and other groups do go after people they believe violate open source licenses, such as the case today with the lawsuit against Monsoon Multimedia. The point remains that you can run Windows legally without paying a lot of money: nearly all the same open source applications you run in Linux are available for Windows.

You can run the software you need without paying for it, and without breaking the law. I know I sleep better at night.

That’s nice. So you broke the law before you switched to Linux? In any event, someone with a Windows license can run many of the same open source applications without ever having to learn how Linux works.

5. Take my settings with me where ever I go.

So do I. See my pages on PortableApps. Since I use the same apps in Windows, FreeBSD, and Linux, I’m never without an excuse for not having my files or apps with me.

In Linux, all your personal settings are stored in your Home folder, most in folders that begin with a period (like .gaim). So, I can copy all these settings from one computer to another. I can put these settings on a USB drive. When I switched from Gentoo to Ubuntu, I kept all my settings.

Maybe you didn’t realize it, but you also have a similar file structure in Windows and it’s just as portable. Some of the same open source synchronization apps — look here — you use in Linux also run in Windows. And since that one I linked to is samba, it can work between Linux/BSD and Windows (with permissions issues since Unix-like differs from Windows; same issues when using CDs, DVDs, and USB storage).

6. Run Internet Explorer 5.0, 5.5, 6.0, and 7.0 on the same desktop. I have all installed thanks to the wonderful IEs4Linux project. I can even run them side-by-side if I want. For a web developer, that’s huge. Testing browser compatibility to that level on Windows requires multiple machines or something like VMWare. Further, when I run IE under Linux, I don’t have to worry about any malware or virus getting onto my system.

This kind of gullibility can only get people in big trouble. You run a browser in Linux that I don’t run in Windows. I run a browser in Windows that you can run in Linux. That doesn’t explain why anyone should run Linux instead of Windows or even OSX.

7. Understand everything that is going on in my computer. Linux is not a black box where you can see the outside, but you have no idea what is going on inside. Under Linux, you can look at the system logs, where you can see most issues.

Same is true for Windows — and its logs are just as useful in troubleshooting. Most distros are increasingly covering up boot processes just like Windows does (at least by default — you can set it up to boot without splash and see everything in its glory, like I do). I don’t think, though, you “understand everything” going on in your computer regardless of which OS you run.

You can search for the log messages on Google, and can usually track the cause and often find a fix.

Windows users do the same thing.

If not, I can even go look at the source code to find the offending problem. Granted, most people aren’t capable or don’t have the time to look at the source code.

Counting yourself. How well do you know C and the Linux kernel?

But the fact that tens-of-thousands of geeks do is often very, very helpful. And if you do spend the time filling out a bug report, you are helping other people just like yourself, not contributing your time to a rich software company.

That presumes that by “rich software company” you mean a software company that oversees fixing bugs that affect over 90% of computer users. That’s selfish of you. But that also suggests that all bugs are OS-specific and the purview of only one company (singular). Most issues and bugs are related to specific applications, not the OS itself. Microsoft doesn’t fix bugs that affect Firefox. Firefox users and maintainers do. Windows users participate in such bug-fixing, too. Because it benefits other users. Same as in the Linux world.

8. Customize every aspect of my desktop.

This can also be done in Windows. My Windows desktop looks more like NeXT than XP, squarish icons and auto-hide taskbar on the right side (and apps on a separate always-on-top bar across the top). There are plenty of options available to customize Windows XP and Vista appearances. Some are sold, some are free. The only thing it takes is creativity.

I can choose the window manager, the desktop environment, the theme, the GTK engine, the icon theme, the special effects (see Beryl or Compiz), the file system browser, and so on.

Ironic, so can I. Right down to choosing Crux for my GTK2 apps in Windows. I can also choose file managers, same as I can in FreeBSD or Linux. I’m not limited to what I have in my ports collection, what’s in apt pools, or what Ubuntu has in their repository. I can go buy one if it suits my needs. Wow.

Nearly every aspect of the system has competitive options. If you look around the internet at screenshots of various Linux desktops, you rarely see two that look the same.

Same with Windows. Look at the gallery above. I see as many bland Ubuntu desktops as I see bland default Windows desktops. The only thing that tells me is that the people using those computers have something to do, are go-getters, and aren’t time-wasters who can’t decide if they need 10% more transparency in their menus. Do you actually use your computer or sit around and admire your most recent screenshots?

9. Benefit from competition between projects for each system on my computer.

Windows users likewise benefit from competition. If you don’t like Norton, you can use Macaffee. There are also free and open source alternatives for Windows users. So Windows users have even more competition to benefit them.

As I mention in point 8, there are options for every aspect of the Linux desktop. Not only is it fun to try the various options,

Most Windows users are practical and want something that works rather than fiddling for weeks on end for something that fits their needs and without a list of half-assed or completely missing things in a project’s “to do” wiki.

but it leads to better software as multiple projects compete against each other to be the best.

How is that any different than in proprietary settings where companies have a vested interest in putting out the best possible product? This isn’t a selling point exclusive to open source, it’s one of the barriers to adoption of open source because there is often more than one fully functional proprietary option available to users. And if there isn’t and it’s a level playing field, there are perceptions that you get what you pay for.

Can you imagine competing printing backends, competing desktop environments, or competing USB mounting systems.

I can imagine connecting my webcam and printer in Windows and both working without any further interaction. I can also imagine trying to configure them both with certain distros, including one that’s supposedly among the best at automagic set up, and still not getting the webcam to work right. Not only can I imagine these scenarios, they’ve actually happened to me.

10. Learn about, support, and appreciate the value of free software.

Firefox. Thunderbird. Open Office. Abiword. Apache. Ruby. Python. Perl. Emacs. Vim. Pidgin. Ogg vorbis.

All of the above are open source. All of them are free. All of them will run on Windows.

I believe free software is important to us all.

So do I. I also believe there’s room for proprietary systems. People should be free to choose between systems that suit their own levels of comfort, their own needs, and have accurate information about their options. Unfortunately, those who are the most vocal proponents of Linux adoption are the least accurate about reasons why people should switch.

Even if you use non-free software, the free software movement ensures checks and balances on non-free software by offering an alternative. By running a free operating system and becoming involved in the community, I’ve contributed to free software, even if only in a small way.

I view competition favorably. There are some excellent open source software projects. There are also many half-assed projects up on SourceForge. They serve as a reminder for why there should always be proprietary software — because there are people are willing to pay for software development if it means the software is useful, usable, and fills needs.

I think that includes Windows. Windows fills a need that Linux doesn’t. It’s useful, it’s usable. It doesn’t have as steep a learning curve as Linux. It can be nailed down tighter than some Linux distros — Puppy and Dynebolic run as root-only, something Windows hasn’t done since the mid-90s — and adequately maintained by both free (as in beer) and open source projects.

I also think imitation is the sincerest form of flattery. The increased prevalence by distros like PCLOS and Ubuntu of hiding boot processes, point and click management, automagic hardware detection and set up, and other things that make Linux look and “feel” more like Windows is why those distros are more popular with Windows refugees. I don’t think that’s enough in the long run, though, to win over the masses. Linux desktop adoption has plateaued and it’s below 5%. Windows still rules the desktop world.

And it’ll take much more convincing arguments — and much more accurate arguments — than those above if that’s ever going to change.