|
|
Linux and Open Source News for 12th March 2007
|
Linux Today News Service
|
|
Source: Linux Today It seems to be a trend among some proprietary software vendors: attacking open source with lies
Source: Linux Today By now, many of you may be wondering why Dell is passing up such a great niche market by not offering Linux as an alternative OS option to Windows
Source: Linux Today How can a company give away its flagship product and still make money? Ask Red Hat, because it's doing a great job at doing just that. Really. Go here to download it
Source: Linux Today The time for adoption has never looked better, but unfortunately, we are still sitting on some very serious problems
Source: Linux Today Recently, Fred Amoroso of Macrovision published his response to Steve Jobs call for a DRM free world. Needless to say, he did not agree with Steve
Source: Linux Today Thomas Bayes, a Presbyterian minister and mathematician born just over 300 years ago, would be shocked to see most of the email messages that bid for our attention nowadays
Source: Linux Today When Bill Hilf came from IBM Corp. to join Microsoft three years ago, the company's stance on open source vacillated wildly
Source: Linux Today The Switzerland-based Remote-Exploit.org project team earlier this week announced the release of BackTrack 2.0, a SLAX-based live CD with a comprehensive collection of security and forensics tool
Source: Linux Today If you went to the keynote speech at South by Southwest Interactive here Sunday and found your cell phone not working, it wasn't your carrier's fault
Source: Linux Today There's a lot of exciting things going on in the world of Linux distros and while browsing for alternatives to (K)Ubuntu I stumbled across PCLinuxOS
Source: Linux Today Debian GNU/Linux used to have a reputation as the toughest GNU/Linux distribution to install, yet the easiest to maintain
Source: Linux Today No one would buy a car with the hood welded shut, but that is essentially what commercial software is. However, since computing began, some software has been distributed in such a way that users can change or repair it by modifying its source code
Source: Linux Today After the recent switch to the Ubuntu code base, Freespire announced that it has restarted its development process with the first alpha release of Freespire 2.0, Alpha1U (1.2.42)
Source: Linux Today The OpenOffice Project has sent a letter to Michael Dell, showering praise on Dell Inc.'s chairman and CEO and asking him to consider pre-loading OpenOffice onto PCs
Source: Linux Today SCO has asked the Court for more time to respond to Novell's Opposition to SCO's Cross Motion for PSJ on Novell's Fourth Claim for Relief, which was filed under seal
Source: Linux Today Is a flaw in the Firefox browser fixed or not? A security research claims that it's not. Mozilla says it is
Source: Linux Today When French MPs and their assistants return from their summer break this June, they will conduct parliamentary business on PCs running Ubuntu. From the next session of parliament, 1,154 desks will feature the Linux-based PCs
Source: Linux Today The Urban Forest Mapping Project is infoporn for the eco set. The open-source database, which launched Wednesday, gives anyone access to all sorts of information about 140,000 public trees in San Francisco
Source: Linux Today While open source licensing of soft microprocessors allows designers easily modify FPGAs and greater visibility into the CPU architecture, it is important to understand the implications of associated licensing models
Source: Linux Today If you've ever worked with MySQL databases, you are probably familiar with phpMyAdmin, a PHP-based tool that allows you to create and manage MySQL databases via a browser
Source: Linux Today If I set the SUID or SGID bit for a file, this causes any persons or processes that run the file to have access to system resources as though they are the owner of the file
Source: Linux Today When you start learning the source code of an unfamiliar project, you don't have the knowledge of its structure or the meaning of specific functions, classes, and units in the project
Source: Linux Today As some of you have probably already noted, I recently joined the MySQL board. There are a couple of good reasons
|
|
News for nerds, stuff that matters
|
|
Source: Slashdot: Linux FliesLikeABrick writes "The Ubuntu Weekly Newsletter has stated that Linspire announced that they will be switching to base their distribution off Ubuntu. With their polished KDE desktop this makes Linspire the latest in the impressive list of operating systems based off Kubuntu. It was also announced that Linspire's Click and Run install programme would be added to the Ubuntu archive, giving users of all Ubuntu distributions easy access to a large range of free and proprietary software."
Source: Slashdot: Linux TheCoop1984 writes "A recent article on distrowatch, and an extended thread on the gentoo forums, have pointed out that gentoo is not what it used to be. Daniel Robbins came back and went again after only a few days, developer turnover is as high as ever, personal attacks on the mailing lists are common, and people are generally not happy about the current state of affairs. Is gentoo rotting from the inside, and can anything be done about it?"
Source: Slashdot: Linux atamyrat reminds us that last November it was announced that the French Parliament had decided to switch to Linux. At that time the distro had not been determined. It will be Ubuntu: "[T]wo companies, Linagora and Unilog, have been selected to provide the members of the Parliament as well as their assistants new computers containing free software. This will amount to 1,154 new computers running Ubuntu prior to the start of the next session which occurs in June 2007."
Source: Slashdot: Linux An anonymous reader writes "The Greenphone comes at a time when there are countless mobile Linux platforms, but not many of them are open for easy development. This little device aims to fill a niche for a community-oriented mobile development platform. How does it perform? Linuxlookup.com has the Trolltech Qtopia Greenphone and SDK review."
Source: Slashdot: Linux derrida sends us to an article in the Guardian by Jack Schofield explaining why he believes Dell won't offer Linux on its PCs. In the end he suggests that those lobbying Dell for such a solution go out and put together a company and offer one themselves. Quoting: "The most obvious [problem] is deciding which version of Linux to offer. There are more than 100 distros, and everybody seems to want a different one — or the same one with a different desktop, or whatever. It costs Dell a small fortune to offer an operating system so the lack of a standard is a real killer. The less obvious problem is the very high cost of Linux support, especially when selling cheap PCs to naive users who don't RTFM and wouldn't understand a Linux manual if they tried. And there's so much of it! Saying 'Linux is just a kernel, so that's all we support' isn't going to work, but where in the great sprawling heap of GNU/Linux code do you draw the line?"
|
|
The O'Reilly Network ONLamp Articles and Weblogs
|
|
Source: ONLamp.com The next issue of The Perl Review is out, and it’s a special edition for the Nordic Perl Workshop! Not only that, the PDF-only price is now only $7. Subscribe now to beat the price increase for US postage rate increases in May.
The Spring 2007 issue of The Perl Review is online and ready for download. Subscribers should have already received an email telling them all about it. In this issue (besides the cover showing Gary Blackburn’s license “PERL GOD” license plate), there’s:
History of the Nordic Perl Workshop — Jonas Nielsen
New Features in Perl 5.10 — Renée Bäcker
Dynamic Object Reconfiguration — Peter Scott
Adding Transactions to [cpan://DBM::Deep] — Rob Kinyon
Parsing with Parse::Eyapp — Casiano Rodriguez Leon
can() You Do It? — brian d foy
and other stuff
Source: ONLamp.com The Port 25 blog entry…
Technical Analysis: Linux VPN & How-To
…points to a new Microsoft technical document titled: Linux VPN Technical Analysis and HOWTO.
As its title implies, this 33 page PDF document gives both a technical reading of Linux VPN as well as specific how-to information. The work is based on testing using Red Hat and Fedora Core Linux distros.
If you are looking for some Windows VPN help, you might want to check out the OpenVPN GUI for Windows I mentioned in an item in my personal blog recently.
Source: ONLamp.com William Hurley first got in touch with me many years ago, not to promote one of his own projects, but to set me up with some of his colleagues to write about network security. Later, he got involved in several open source ventures in networking.
So William is both an innovator and a facilitator. He’s willing to lend his expertise wherever there’s a good chance someone can make a difference in an area he cares about. And he definitely cares about open source.
Now he’s chief architect for BMC’s open source strategy. As he points out in a podcast, this position is an important step for BMC, but only one of several.
In the free software world, we’re getting used to companies putting money and support behind the software. This doesn’t diminish the importance of the individual zealot. Individual zealots are the source of many new tools, and the genius of free software is the ease with which it allows someone to introduce a new idea and then let larger institutions amplify it.
With William at BMC, I can be confident that this large company will not only continue to contribute to open source, but will maintain strong community bonds so the route from individual innovation to large-scale adoption remains pothole-free.
Source: ONLamp.com I was talking tonight with a friend that manages the medical arm of a large humanitarian organization. We were talking about poverty and he suggested that there are basically three things necessary to enable people to pull themselves out of poverty:
Food and water. It’s difficult to worry about building for tomorrow when you can barely make it through today.
Health. In like fashion, it’s very difficult to earn one’s way out of poverty if debilitated by disease or other maladies.
Security/safety.
My friend focused on this third thing. He suggested that most people overlook it, but that it’s imperative to enable poverty-stricken people and societies to pull themselves out of poverty. Why? Because it’s useless to plant if there’s little chance of harvesting. There’s little reason to build a product or render a service if the government or a neighbor will likely rip it away tomorrow.
Security matters. This is why governments are set up - to remove us from our Hobbesian existence (”nasty, brutish, and short”) and give us the opportunity to reap what we sow. This is also why the US Constititution provides for intellectual property protection.
I’ve spoken against proprietary software in the past but, hearing my friend speak tonight, I think I should qualify my opposition to current usage of copyrights and patents in software. My contention is not that these are not necessary - they are. I firmly believe that it’s important for software developers, just like farmers, land developers, etc., to be able to build something and be secure in their expectation of attempting to monetize their product. Microsoft, just like everyone else, needs to be able to invest in R&D with confidence that its money is not automatically wasted simply because the system rejects investment.
But what if this old version of intellectual property has been superceded? What if, in fact, one can get equal or possibly better protection by putting the same code under an open source license, rather than under a closed-source license? I’m not talking about relinquishing ownership of one’s developments. On the contrary, copyright law is absolutely foundational to both traditional software licenses and to open source software licenses: open source is meaningless without property. You must first own it in order to assign copyleft-style distribution requirements.
Rather, I’m suggesting that perhaps we’re entering a new phase in intellectual property (2.0), when our basic needs don’t change (food, health, security), but the way we fulfill them does. I can still earn a living (to feed myself and my family) with open source, and I can provide equally (or superior) infringement protection (health) with open source. And, importantly, since open source depends on the same rule of law to guarantee security, I’m safe in my development, too.
All that changes is how I choose to monetize the software. Instead of charging for access to the software, I charge for access to a certified version of the software. Or to services around the software. Or the software as a service, itself (like Google, Salesforce.com, or a range of others). In other words, I make the software experience more about experience and less about software.
This sounds like progress to me. I know that there are a wide range of companies tied up in IP 1.0, which will find the transition to IP 2.0 difficult. Microsoft need not be one of these. The company has been aggressive in trying to figure out open source and this 2.0 world. It just needs to keep moving in this direction.
Source: ONLamp.com While the idea of circumventing the privacy offered by Tor via DNS, Flash, and Java (applets) is nothing new, HD Moore’s “Torment” Tor server hack has made news at Securityfocus and ZDNet. Although I’m not quite sure why this big news now all of a sudden, it does have positive side effects for the Tor project (see my opinions below).
Moore’s methodology is based on the following strategy (also see Decloak):
1) A modified version of the Tor server is used.
2) When the Tor server is an exit node for a particular connection, it parses HTTP traffic for keywords that indicate criminal activity.
3) When an active keyword is found, the modified Tor server will embed HTML code in the response that will cause the Tor client’s browser to:
- Resolve a host name containing a unique identifier. Applications that use SOCKS 4 resolve hostnames using the ISP’s DNS (without going through the proxy server). In this scenario, the entity running the modified Tor server will also have to run a modified version of a DNS server that will match DNS queries to the unique identifier. This technique allows for the identity of the ISP of the client to be revealed (unless the user is using DNS that does not belong to his or her ISP).
- Load and run a Java applet hosted by the entity running the modified Tor server. The applet will determine the local IP address and pass it to the Tor server owner. If the end user is behind a NAT router, his internal (non-routable) IP address will be revealed.
- The Java applet will send a UDP packet to the server that served the applet. This UDP packet will be sent directly to the destination without going through TOR and will reveal the actual IP address of the client.
Here are my opinions on this:
1) Attempting to identify criminal activity based on keywords may help identify some criminals, but it will most likely result in too many false positives. This will compromise the anonymity of many legitimate Tor users, thus defeating the entire idea behind the Tor project.
2) The proposed methodology uses techniques that are circumvent-able by using Socks4a aware browsers and disabling plugins such as Flash and Java. I am sure Moore is aware of this, and to his credit, most users as of today are most likely to install and use Tor out-of-the-box. Also, disabling plugins such as Flash and Java may not be an option for many users because many web applications require these.
3) The fact that this topic has gained attention will have the following positive side effects on the Tor project:
- Some legitimate Tor users will pay attention to post-installation steps (use Socks4a, disable plugins) they need to perform in order lower the chances of their anonymity being circumvented.
- The Tor project, or a new project that utilizes the Tor system, may make an effort of offering a one stop solution or enhancement to the download package that may aid in automating some of the post-installation steps.
- The Tor download page provides warnings against the limitations of Tor, and even suggests that users investigate plugins such as NoScript and QuickJava. Unfortunately, a regular Tor user is not likely to spend time researching these proposed suggestions and will end up being suscsceptible to the techniques described by Moore. In addition, Tor users who use plugins such as QuickJava may still be susceptible because of the dynamic tag generation proposed by Moore, and there are already ongoing efforts by Tor volunteers to fix this.
In summary, I don’t believe Moore’s proposed idea is the most efficient solution to catching criminals who use Tor as the ZDNet seems to suggest, but I do believe that he has done a great job of demonstrating how most Tor users are susceptible to information leakage, and I believe this will in turn strengthen the Tor project.
|
|
