Shameless Words from Shameless Geeks

According to /., SCO’s life support is about to run out. I know that anything said against them now would sound a little like piling on, but I’d rather be accused of that than be accused of speaking ill of the dead. It looks like I only have a short time to speak up. If they go chapter 7 as the post suggests, that’s the business equivalent of an estate sale, and it means that the company is already dead.

I’m really glad that SCO got squashed. I genuinely feel sorry for the little people that got hurt in the process, but the company had to be an example of what happens when you try to rape open source. Can you imagine what would have happened if they got away with it? There’s no telling how it would have affected the whole IT business. Suddenly, everyone running an instance of Linux would owe money to SCO. What would have followed was a lawyers goldrush as every company who had ever been in the same room as a piece of Linux source code tried to make a similar claim. Just think… Hundreds of server farms, thousands of home routers, millions of critical embedded systems, all shut down due to greed.

The worst part about the whole thing was that the SCO who brought on the lawsuit had no real tie to the one that was around for the disputed project with IBM. They were several deep in mergers, acquisitions, and licenses. And even after you followed that seemingly endless chain of ownership, you wouldn’t find a company with a clear title, just one who “suspected” that someone may have used code that they both worked on at one time. They never even were able to point out which code… just a vague “some function that did this".

The annoying part here is that the sleazy lawyers and even sleazier entrepreneurs at the top of the company found a way to get rich anyway… mostly via funding traceable to Microsoft. Those are the guys I would like to see go “Chapter 7″.

Last night, Groklaw posted the final judgment in the SCO case. At long last, SCO’s attempt to bleed the open source community is at an end. It looks like the $600 fee that they tried to extort from every copy of Linux will never happen.

I wish I could say something about how great the judgment is, but about all I can think of is “it’s about time this ended". This whole thing has been going on for so long that I hardly remember when it started. It’s funny how the only ones who got rich were the lawyers.

Speaking of lawyers… I wonder how many are going to work with RIAA? The concept of the litigation is pretty much the same… be a cash leech.

Yesterday was supposed to be the big release date for two very popular software packages, and it was… sort of. First of all, Firefox 2 was released yesterday. I checked the web site several times yesterday, but could only find 1.5. Fortunately, I was able to download it this morning.

The other big news was that Fedora Core 6 was released yesterday. Ever since then, the site has been down for the count. I can’t say whether the cause was a crushing demand or something sinister, but it seems as if they may be out of commission for a while. Have no fear… you can download from one of the mirrors. Don’t expect a high bandwidth connection.

Intel is making the very welcome move of open-sourcing the GMA 3000 video drivers for Linux. This goes completely against the standard graphics OEM convention of excessive paranoid secrecy about their video drivers. Hopefully, it will allow the Linux community to tune and tweak the drivers for the benefit of all.

Unfortunately, graphics chip makers usually keep their drivers extremely secret. The claim is that they do so to protect the chip design. Most of us know that this is a bogus excuse, and that the real reason is so that nobody will see the “optimizations” (read as “cheats") that they put in for specific games and benchmarks. They certainly have the right to keep their trade secrets… even if they are dishonest about why. I just wish that they would release the drivers to the Open Source community and let their hardware stand on it’s own merits. Then again… maybe that’s what they are really afraid of.

Toms Hardware (the dark-side ad purveyor) has an article about the current state of Linux game graphics. If you can stand all of the blinking and flashing commercial annoyances, the article is worth reading. If not, here is the gist:

• Linux drivers work a lot better than they did last year
• Nvidia is much more Linux friendly than ATI
• Frame rates for UT look to be VERY playable
• They didn’t do a direct comparison between Linux and Windows

Games and office applications are two of the biggest reasons why the average consumer would buy a computer. As support for these increases, it is very likely that Linux adoption will increase as well. Hopefully, that will lead to a day when somebody (anybody… Linux, MacOS, whoever) is enough competiton for Microsoft to turn them back into an honest company. I’m really getting tired of a monopoly dictating how I can use my computer simply because they are too big to stop.

Firefox usage has increased to 15% in the US, 12% worldwide. The really good news is that adoption is starting to pick up speed again after a long period of stagnant growth. It’s clear that Firefox as a product is more than competitive with IE. Now all we can do is hope that it will someday be a true market competitor.

Just when you thought there wasn’t much to talk about in the SCO case, the judge has thrown out nearly all of the SCO claims because they are too vague. We’re all waiting for this to go away soon. Maybe SCO will get the hint now.

A very nasty bug has been found in the X-Windows code that runs on most Linux and Unix systems. This one is a buffer overflow that can enable Denial Of Service or root logins by machines authorized to use the display.

Though there are fixes available, it looks like there is a much simpler and more general purpose fix for this: don’t authorize other machines to use your display unless you know who they are! Since just about every version of Linux that I have run up against in the past few years has made it pretty difficult to actually enable this kind of authorization, I don’t feel sorry for those who get caught by it. Seems like this is a case where the bug can only be exploited on machines configured by crazy administrators.

Mozilla has released Firefox 1.5.0.3, which fixes a recently revealed bug that may enable a hacker to take over a system. As far as I can tell, the risk was fairly low, and the most likely result was a crash not a takeover.

Even at a low risk, a takeover bug is always worth squashing. I would suggest that everyone take the time to upgrade. I’ve just updated my work machine, and I’ll let you know if I see any problems.

If you ever had any doubts that Open Source was drifting from the left wing to the right wing, a recent post about the past musings of Marc Fleury may be the final evidence.

I’ve always found it funny how people who challenge the integrity of others can be persuaded otherwise by a few bucks. The thing that isn’t funny is that the records of this are disappearing from the Internet. Sounds an awful lot like Wall Street right after the dot bomb bubble burst.

Fedora Core 5 was released yesterday. Sorry about the late post, but I have a day job . You can pick up a copy at http://download.fedora.redhat.com, or just use ftp at the same URL like I do.

One piece of advice… It probably isn’t a good idea to install using the “everything” option. In the past, that option has installed too many obscure and unnecessary packages, causing serious stability problems. It’s always a better idea to check over the packages that you will be installing.

Thunderbird 1.5 has been officially released to the public. This is a much better situation than what happened in November, when rumors of a release were far more real than the actual software.

I’ve used the Linux version of Thunderbird since the 0.8 beta many moons ago. It’s a great program if all you want is an email interface. I have no experience with 1.5 yet, but I’ll let everyone know if I find any problems.

There is a lot of buzz about the possible announcement of a Google branded PC. You can find mention on a few online rags, but they all seem to point back to this Jan. 1 article in the LA Times. We’ll see about whether this one actually happens. Seems less than likely, but I’ve been wrong before.

As far as I can tell from the widely varying articles out there, speculation is that Google will sign an agreement with a major distributor (Wal-Mart is most often mentioned) to distribute a very basic, Internet-capable PC running on a Google-designed Linux variant.

An intriguing idea, but not quite original. (anyone remember Lindows… er… Linspire?) Even if this rumor turns out to be true, it is likely to go no further than any of the previous attempts.

I haven’t seen much online chatter about Fedora Core 4 having display artifacts, but I certainly was. It wasn’t a huge problem, but it was a big annoyance. Basically, if the display was mostly black (ie, if I used the default Fedora background image), I would see random horizontal streaks of white flashing through the display. This did not seem to happen if I put up a few white terminals, or if the majority of the pixels on the screen were non-black.

The good news is that the 5.12 version of Catalyst (X.org version 6.8.20) has completely eliminated the problem. If you have seen the same streaks, I would recommend the upgrade. Note that this is an ATI proprietary driver, so you may want to watch for “tainted kernel” issues if you intend to do Open Source development.

The machine in question:

• Athlon X2 3800+
• Sapphire X800 Pro
• Fedora Core 4

It looks like the Microsoft’s move toward Open Standards really was too good to be true. Obviously, last weeks big announcements were intended to give Gov. Romney of Massachusetts an excuse to embrace MS Office. Yet another example of Microsoft’s big money “persuading” the government. Sheesh!

Just thought I’d point out that there is yet another “Windows vs. Linux” study available for your amusement. As usual, you have two equally annoying sides to this story. Microsoft continues to believe that they will convince everyone how reliable Windows is by buying expert opinions. Linux lovers still think that they can convince Grandma that Linux is as easy to use as Windows by screaming it at the top of their lungs.

Is it just me, or does the tech industry seem to have a learning disability?

It’s official! Firefox has been downloaded over 100,000,000 times! I’m sure you couldn’t tell by the “Get Firefox” button at the top of the page that it’s my favorite browser. Congrats to the Firefox team for hitting this milestone!

A friend just pointed out a recruitment letter from Microsoft to Eric Raymond. For those of you who forgot who Eric is, he’s the guy who wrote one of the most anti-Microsoft publications: the Cathedral and the Bazaar. Eric could have been a lot more professional about his response. The letter shows how little you have to know about your market to be a recruiter, not some twisted Microsoft plot (though they probably have plenty of those too).

I’m sure that everyone in the computer biz has horror stories about stupid recruiters. I have personally been recruited for my own job twice. Both times were within a week of giving notice. I’ve also had a recruiter hand me a stack of resumes from AI experts, even though the job description was Electronics Technician. The recruiter’s response to my complaint was “same thing, right?”

I’d love to hear any stories you have about clueless recruiters. Who knows… Maybe Shameless will write an opinion column.

I’m really not sure what to make of this… but the non-profit Mozilla foundation has spawned off a corporate stepchild. It isn’t without precedent… Apache and Cygnus are similar concepts… I’m just worried that a big, public switch from an Open Source ideology to a corporate mentality will result in further mass defections to the dark side.

Just to be clear… nobody in the Open Source community has suggested that the “Open” adjective be removed, but I fear that it is coming. As these folks get more and more profitable, and thus more and more accountable to stockholders, the concept of exclusivity will get more and more attractive.

If you need any examples of this type of thing happening, just take a look at Microsoft. In the late 80’s and early 90’s, it was common knowledge that Microsoft would “never, never, ever copy protect their software". Though that is, very strictly speaking, still true, is it really true in practice? The original concept was that joe everyuser would take home a corporate copy of the software, install it on his machine and get addicted. It’s not a new strategy. It has been used by drug dealers for ages. The strategy worked… only too well. Now most corporations are so addicted to Windows that they can never break free.

Linux, Mozilla, Apache and other OSS packages were created by a dedicated community that had the high ideal of providing a publicly owned code base that everyone could build on. It would be terrible if big money started exercising control over something like that. It would be even worse if we found out that we were just fooled by a different kind of drug dealer.

Once again, Microsoft is tightening restrictions on the use of it’s software in yet another “anti-piracy” drive. I still have a problem with Microsoft’s requirement that I buy a new copy of Windows every time I upgrade my machine beyond a certain point. It’s about like telling me that I have to get a new monitor every time I upgrade my motherboard, or additional copies of a CD if I want to play it in my car.

I don’t practice or condone piracy, but someone has gotta stop these people. The root cause of piracy is Microsoft’s inability to find a reasonable way to regulate the distribution of their software. I don’t have an answer for their problem, but I know that accusing people of theft because they upgrade their equipment often is a really bad option.

Unlike many OSS advocates, I don’t have a big problem with Microsoft’s software products. I don’t even have a problem with them making a profit on it. What I have a BIG problem with is the arrogance that they display with their licensing arrangements and predatory business practices. With Windows XP, they convinced us that it was OK for them to keep an enormous database that tracked every machine that runs Windows. Now we see that they will be using it against us.

Every time Microsoft shows a slowdown in growth, they tighten the stranglehold on their own customers. This time it’s only free upgrades that are denied to those who are “unclean". It’s only a small step beyond the Big Brother inspired database that came out with XP, but I shudder to think what’s next.

Get ‘em while they’re hot! Mozilla.org has released Firefox 1.0.6 and Thunderbird 1.0.6. The new versions were released to fix compatibility problems with the 1.0.5 releases, which were themselves released to fix security issues. It’s nice of Mozilla to do the mea culpa thing again, but it’s getting a little old. I’m guessing that there are a few red faces out at Mozilla.org these days.

Forbes.com has an article about OpenBSD pioneer Theo de Raadt that includes a lot of Linux bashing. I’ll be the first to admit that I’ve looked into some Linux code and exclaimed YUCK! in a closed room. The charges that Linux is somewhat of a rats nest of code have merit, but it sounds a lot like sour grapes.

Here’s a clue to all of those who believe in the perfection theory of design: Users of boxed software really don’t care how clean the source code is. That may be difficult for a developer to swallow, and it may not fit into their view of how the world should be, but it is the absolute truth. If you take an ugly piece of code and test it thoroughly enough, you will end up with something that works as reliably as the immaculate work of art, (which should have been tested just as thoroughly). Thats as far as the user is likely to ever see. Period.

OpenBSD may very well be better written than Linux. The problem is that users never know or care… and isn’t the user the important one?

I downloaded and installed both the i386 and the x86_64 versions of Fedora Core 4 yesterday as a prelude to testing it on several machines. Let me tell you that I’m certainly not impressed by the quality of this release. This is the first time I have ever had to abandon an install and revert to a previous version.

Let me start by saying that I understand that Fedora has essentially been an experimental proving ground for Red Hat… until now that is… I don’t think anyone is quite sure what it is anymore. I also understand that I’m not paying them for it. Be that as it may, I think they need to take a closer look at their product. I expect bugs, but I don’t expect to see a version that is essentially the same as the previous, except with more flaws.

Here’s my experience.

First Machine: an old Dell SmartStep 250N. Installation seemed to go OK on this machine, but once it booted up, I found that I couldn’t get some of my favorite software to run, most notably Thunderbird. I also noticed some strange graphics effects with KDE (which the Fedora crowd seems to despise anyway). Beyond that, it had pretty much the same versions of everything that I had been running for months. Disappointment, but only a small setback.

Second machine: Intel 865G system with 2.8G P4 and 512MB RAM. This one was a disaster. I was able to boot from the CD, but when I tried to run any of the installs, it would forget where it put the RAM Disk and panic the kernel. Couldn’t find any online help for this either. I ended up reverting to FC3. This was a huge disappointment because I had been waiting to install a new disk for the last 2 months, thinking that I could kill 2 birds with one stone when the next Fedora release cane out. This one was irritating.

Third machine: A64 3200+ with 1G RAM. This one seemed to go OK once I got a good burn of the DVD. Haven’t tested this one as much as the others, but it crashed once in it’s first 15 minutes of run time. Note that this machine probably hasn’t crashed once this year, even when running Windows.

I really don’t see any advantage to installing FC4. At this pont, it looks like installing FC3 and running “yum -y update” will get you the same features and a more stable system. My next install would have been on my LAMP server, but I think I might stick with FC2 on that one for now. Color me disappointed.

As of today, interested Geeks can download the release version of Fedora 4 either straight from the Fedora download page or from one of the many Fedora mirrors. You can also get it from the torrent.

Among the new features of Fedora 4 are Gnome 2.10, KDE 3.4, and a preview of GCC 4.0.

The release of Fedora 4 comes on the heels of the announced separation of Red Hat and Fedora. Though I’ve seen lots of stories announcing the breakup, I haven’t seen any that actually talk about when it will happen, or even if it has already happened.

Despite the obvious controversy incitement attempt, here is an article on how Windows is increasing it’s enterprise market share. Windows is pulling ahead slightly as companies continue to invest more in their infrastructure. However, the conclusion that Windows is “wiping the floor” with Linux is FUD of the highest order, and isn’t based on any facts mentioned in the article. It sounds a lot like the idiots who said that Linux would make Windows extinct by the end of the decade. I guess poor reporters have to generate controversy somehow.

The increase in Windows usage seems to be an indicator of two things:

1. People are beginning to trust Microsoft after they finally fixed the security issues.
2. Standard Unix systems (Solaris, etc) are extremely expensive, and no longer give an adequate return on that investment

The swing isn’t away from Linux to Windows, it is away from higher-priced Unix systems to Windows. A lot of this is due to the fact that the Unix world has been slow to move away from the world of six-figure server systems that they lived in for years. It’s hard to convince people to spend hundreds of $K on a whizzbang super system when you can get nearly the same functionality from a souped-up high-end PC. Now that Microsoft has improved security, the final argument for large systems is getting weaker by the day. As the justifications for big systems shrink, Windows is the logical choice for many companies.

Mozilla is getting ready to release a Firefox alpha. Though that is not usually something that the average geek would care about, the eWeek story that brings the news also has a peek at the updates that it will contain as well as what’s in store for Firefox 1.1.

I ran into this Forbes article about Larry McVoy’s defection from Linus Torvalds, and I have to agree with a lot of what he says. Unfortunately for him, he only has about half of the story.

The point about Open Source not being as lucrative as commercially written software is well taken. If the world were to switch exclusively to an OSS business model, software developers and the companies that employ them would probably have to take enormous pay cuts, causing a mass exodus from the industry. Fortunately, most sane people aren’t really suggesting this. His final point about an eventual balance between OSS and traditional business models tends to say that he isn’t suggesting it either. That’s good, but he is only about halfway there.

His point about OSS folks not being able to make innovative software while making a profit is almost, but not quite correct. It certainly hasn’t happened yet, but that’s mostly because OSS companies haven’t hit their stride yet. They still face huge bills for legal battles and FUD control that could easily wipe out any small company’s IRAD budget. In addition, most of the OSS companies out there either make their profits by creating distributions or selling their expertise to others. Distribution companies have their hands full just incorporating the changes introduced by others. The “expert” companies, which McVoy calls “loss leaders for hardware companies", are the ones who do all of the innovations… becuse that’s what they are paid to do. Interestingly, McVoy gets the “loss leader” part right, but seems to think that it is something to be ashamed of. It’s something that many companies have made a living off of for decades.

The assertion that traditional companies are the only ones who can afford innovation is just a big load of bunk. Who can afford it is irrelevant… who actually does it is important.

Innovation in a stodgy old traditional company can cost several times as much as in a small, reactive company. If you add the fact that innovation is always risky, you will find that the traditional companies are completely uninterested in innovating. Take the example of Microsoft. You are unlikely to find anything truly new that was invented there. All of the so-called innovation was actually acquired from little companies after the viability of the technology was already proven. Big companies don’t invent, they acquire.

In the end, OSS is probably here to stay, but it won’t wipe out the traditional software industry. We’ll end up with some sort of balance, and there will be plenty of innovation to go around. We should listen to McVoy, but we should always remember that he’s is a bit miffed when he projects the amount of money he may have lost by giving his product away. Some of the companies that contribute to OSS will lose out, just like with any risky venture. Consumers, on the other hand, should be grateful to OSS. It’s the only thing keeping the “big boys” honest.

Mozilla punched out a quick Firefox update (1.0.4) to patch the recently discovered “extremely critical” flaws. It is strongly recommended that everyone upgrade ASAP.

Still pretty ticked off that FrSIRT released an exploit without helping with or waiting for the patch first. Maybe the web community should start shunning those with such poor, poor judgement.

Firefox and Mozilla users are being advised of a pair of extremely critical flaws that can allow an attacker to run code on your machine without user intervention. Mozilla.org is scrambling to release a patch. Until then, the workaround is to disable Javascript, and disallow other web sites from installing software.

Thanks to FrSIRT (French Security Ignorant… er, I mean… Incident Response Team) for leaking the exploit code before the patch was available. Maybe we should charge those geniuses for all of the cleanup. Geez… some people don’t care who they hurt, as long as they get to claim their pointless victory.

Gizmodo is reporting that the geek quest of having Linux booting on anything is going strong. They report that the Nintendo DS is now capablable of booting to BASH prompt. Following onto the DSLinux.org site they say that you can play some text games as well. You definitely are a Shameless Geek to buy a dual display game system and then play text games. Go Geeks.

Hold on to your hats folks. Microsoft appears to be extending the hand of friendship to the Open Source community. It would be nice to end, or at least tone down, some of the spiteful talk from both sides, but I have my doubts. These two groups tend to despise each other’s philosophy to the very core. Their flame wars rival the partisanship of Washington DC. Excuse me for being a bit skeptical.

Note that the second half of this article goes into the issue of software patents, which is something that Microsoft has a huge financial stake in. No matter what the so-called “experts” say, when someone is allowed to patent a language operator (IsNot), the system is broken beyond repair. The little tweaks that software patent advocates propose are really just a way to make themselves look more virtuous without actually affecting their bottom line.

I think this is just the “embrace” part of “embrace and extend". The “extend” part is the one that actually hurts.

With the news that Microsoft will soon support Linux virtualization, it appears as if Linux is no longer the leper OS of yesterday. In 4 years, Linux has gone from a “cancer” to a supported guest OS running on a Microsoft platform. Interesting.

So does this mean that all of the OS guys are now friends? Are they going to have joint developer conferences and take each other to lunch? Sorry, didn’t mean for you to injure yourself laughing.

Various security orgs are reporting the existence of some nasty PHP bugs. It is recommended that anyone with a PHP based webserver (like this one) should upgrade ASAP.

A good look at the vulnerabilities shows that they allow a specially-built image file to consume 100% of the server’s resources, thereby creating a DoS attack. Luckily for me, this server doesn’t have an image upload feature, so I’m good for now. It gives me the luxury of waiting for my disty to provide the upgrade via it’s regular upgrade cycle.

According to eWEEK, the Mozilla Foundation has released new versions of Mozilla and Firefox that plug a known JavaScript engine flaw as well as a few others. The article akes no mention of an OS-specific vulnerability, so I would advise everyone to upgrade. You can find all of the latest versions of Mozilla products here. Strangely enough, the browser itself usually warns me about updates before I see them online. I have no idea why this time was different.

According the TheRegister.com, SCO’s well known business model of demanding payment for free software still doesn’t seem to be working. They are still way in the red, with the Unix licensing bringing in a paltry $70k last quarter. It looks like their best chance of profit is through litigation, and that hasn’t been going very well lately either.

SCO finally got around to filing it’s financial paperwork for most of last year. Unfortunately, it still may be too late to keep them from being delisted by Nasdaq. Hard to reconcile the extremely late filing of business paperwork with a company whose main work product is lawsuits. Shouldn’t one of those lawyers have spoken up about the dangers of irritating Nasdaq?

When Adobe announced a new Linux version of their .pdf reader last month, I was as pleased to hear about it as anyone else. When I tried to actually find it at Adobe.com, I was a bit confused. It was nowhere to be found, so I waited until it was published. I tried again, but still didn’t find it. It was only after a couple of tries that I looked into the new release a little deeper and found out that I wasn’t the only one waiting.

Not to worry… I’ve managed to dig up an unpublished link to FTP index of Adobe Reader 7 for Linux. It’s an exposed link, so it’s perfectly legal and appropriate to publish it.

I’ve only been using it on my Athlon-64 system for a short time, but the improvement over old versions of Acrobat are impressive already. First of all, it loads instantly. Secondly, it’s appearance is much closer to that of the Windows version. The clunky-looking Motif windows are gone, and have been replaced by an infinitely more appealing user interface. So far, not a single crash or problem to speak of. The only little complaint is this: when I click on one of the little Adobe advertisements in the upper right corner, I get an error message, and the link target appears in a pop-under. It wouldn’t make sense for either of these behaviors to be intentional, but they are certainly annoying. If that’s all I can find to complain about, then Adobe can congratulate themselves on a job well done. If I find anything else to rave or whine about, I’ll be sure to post it right here.

So far, I see no reason why Adobe has been so quiet about this release. As far as I can tell, it is something that they should be proud of.

While perusing eWEEK today, I saw an article about the WordPress home page caught in the act of search engine spamming. Please say it isn’t so. This very blog runs on a slightly modified version of WordPress 1.2. I would hate to think that the same organization who wrote a great blog tool has stooped to something that low. These folks have been among the leaders in the fight to eliminate blog spam. Shouldn’t they practice what they preach?

I’d like to give the Wordpress guys a chance to respond, but I really can’t think of an excuse. Telling an online publication that what they did wasn’t “spam” is just an attempt to get away on a technicality.

If the guys can’t come up with a good reason, maybe the OSS blogging community should think about putting WordPress in the hands of someone better, or if necessary, starting a new project.

Color me disappointed.

Is it just me, or have the FUD wars heated up? Most recently, we have the release of a controversial report that was mentioned here last month. I was hard on the methodology as stated, but maybe not hard enough. Now that they have published a paper describing their methods, they did an even worse job than I thought. I read through the entire methodology paper, and found it very superficial. The methods were extremely simple, and looked to be reasonable. Unfortunately, they made a few omissions.

First of all, they FINALLY admitted that they were funded by Microsoft. Now that doesn’t necessarily mean that they skewed things in favor of their meal ticket, but it puts things under suspicion. Their failure to disclose this fact in their “preview” release only multiplies the suspicion.

IMHO, the profs probably did their best to do an honest study. They came up with a methodology that they thought would lead them to a valid conclusion. They also believed that Microsoft would fund a study that could possibly prove that Linux was superior to Windows. That last part is the enlightening one. Someone who truly believes that Microsoft would fund a study about something this important without knowing the answer ahead of time probably owns a lot of swampland. Enough about the funding part. It’s irrelevant anyway.

The first hole is not actually their fault. It concerns the classification of the flaws. There doesn’t seem to be any distinction between a “severe” flaw that is the result of a remote break-in and one that is initiated by a logged-in user. This is a serious, serious flaw in my estimation. Although logged in users can do as much damage as remote break-ins, the required login is enough to significantly decrease the odds of an attack. There is also no consideration of whether an exploit actually existed. Some vulnerabilities exist in an ethereal world where an unlikely series of events could conceivably lead to a break-in, but nobody ever actually figures out how to force those events. This would be the difference between an oops and an Uh-Oh!.

Another HUGE gaping hole in the comparison is the fact that the professors compared a full-up LAMP server to a Windows 2003 Server system, then classified it as a “Linux” system. Sorry guys… the AMP part (Apache, MySQL, and PHP) aren’t part of Linux. Just the inclusion of an immature app like MySQL is a mistake, and PHP isn’t much better. Blaming Linux for whatever flaws are found in these apps is about as bad as blaming Windows for flaws found in Doom3. I also didn’t see anything in the methodology about whether MSSQL and PHP (or whatever) were included in the Windows system calculations.

The study actually does raise a few questions that the OSS community should address. Though there appears to be some lopsidedness in which apps were chosen, securing the full LAMP server is not an unreasonable request. Although the Linux and Apache part are probably OK, maybe some more time should be invested in the other major components of a server.

Ultimately, the major flaw in the study is it’s simplicity. Because Microsoft and the OSS community have such widely differing approaches to software, a direct comparison between the two is nearly impossible. The two systems vary greatly in functionality and architecture, making a proper comparison about as difficult as trying to fill a sieve with water.

A major Firefox fix was released on Wednesday. The problem was an old leftover Netscape vulnerability that was caused by the improper handling of buffer overflows in .gif files. Translation: something that should have been fixed years ago. At least the fix was released before an exploit was released in the wild. That would have been a huge embarrassment for a browser that sells itself as the “safe” alternative to IE. Apologies for the delay in this story. Sometimes, life gets in the way of schedules.

Yet again, Microsoft, Sun, and a host of other Linux competitors have formed an organization for the purpose of generating FUD. This time, they call it the Agility Alliance. If you read their recent press release, you can’t help wondering if these guys are really stupid enough to believe that they are fooling anyone. At a time when many large businesses are seeing the merits of Linux for server systems, every Linux competitor of note joins up to release a statement that warns people not to. Yep… thats worth believing… without question. The only company I can see there that won’t lose a bundle to Linux next year is Oracle, and they may be ticked off about the fact that there are so many free database engines for Linux. Forgive me if I look at their words with a critical eye.

Did anyone else notice that their spokesman, a VP for EDS, referred to Linux as a language? I’m guessing I know which company to avoid when I have a technical question, don’t you?

It would like to say “nice try” here, but it wasn’t even that. It was a desperate and incoherent blurb with ludicrous assertions and absolutely no supporting facts.

You can point to the OSS community and see a bit of FUD there on occasion, but it is usually just someones misinterpretation, not this kind of unvarnished attack by someone who doesn’t even know the difference between a language and an OS.

A new E-magazine for new Linux users.

That’s the point of this ZDNet UK article. I think the point is a good one. Now that SCO’s case has just about lost all of it’s fire, the Linux community can now say that they have scrutinized the code, and it is clean. The big hulabaloo from the lawyers drew attention to the OS, and the word ‘free’ got the attention of a lot of bean-counters. As a result, just about everyone in the IT biz has at least tried Linux, and most that I have talked to are fairly impressed. I never thought I’d say this, but… umm… Thanks SCO.

Found on Slashdot today: a break-in challenge from Linuxense. It’s just a bragging rights challenge… no cash prize. They will be putting a “generic” Linux box online without a firewall, and they are challenging the Linux / Security community to try breaking in.

Obviously, it is part of some type of publicity stunt. If the system stays up, we’ll be hearing all about how “robust” (dontcha hate that buzzword) someone’s Distro/app is. Details are sketchy at best, with no mention of which distro, apps, or security software are on it. If the machine is successfully broken into, we will probably never know any of the details of the system. It is also unlikely that the owners will publicize the name of anyone who might break in. Still interested? Follow the link at the beginning of this article. (Hint: if you don’t know how to do that, don’t bother entering the contest)

phpMyAdmin and phpBB, have been flagged with security vulnerabilities. If you aren’t running a web server, you probably won’t need to worry about any of this. If you are, then the latest patch levels contain fixes for the vulnerabilities.

It looks like SCO may go down for something unrelated to it’s main claim to fame. According to eWEEK (and others), they may get delisted for a paperwork snafu. It’s difficult to imagine a company that seems to produce nothing more than lawsuits coming back from a blow like that.

LinuxDevices.com has the story of how Wind River Systems has migrated to Linux. It doesn’t look like they have abandoned their old flame altogether though. They are also offering middleware to help with IPC between Linux and VxWorks.

Once upon a time, VxWorks was king-of-the-hill in the realtime and embedded OS space. Unfortunately, the high price of their stuff had no chance of competing against the ever increasing quality and availability of embedded Linux. Their OS performed well, but the same features that made it blazing fast, also made it an easy trap for bad programmers to get caught in. Once upon a time, having a lot of VxWorks experience looked good on a resume. *sigh* Times change.

Umm… not sure what to say about something like FUDZilla. Yes there is a lot of FUD out there. And yes, a lot of it comes from Microsoft. But not everything they say about their product should be considered FUD. Puffing, Sales twaddle, opinions, and inflated comparisons are not FUD. Presenting intentionally twisted FACTS (that’s not opinions) is FUD.

For example, saying that Windows is more secure than Linux is an opinion . It’s a pretty good joke too, but it is opinion. Pushing out the numbers of 15 vs 34 vs 78 vulnerabilities fixed is borderline FUD. It can’t be real FUD because there is no Fear, Uncertainty, or Doubt asoociated with it. Nobody believes it, including the guy who said it. A better TLA for it would be LOL.

We should probably attack the real FUD like the “Get the Facts” campaign, where Microsoft actually convinced a lot of people that Windows was much cheaper than Linux. It only started to fall apart when their own quoted sources began to ask them to remove their assertions. If that hadn’t happened, who knows how far they would have gone.

What I see at FUDZilla is mostly rebuttal of someone’s opinion. Though I probably agree with much of what they say, it’s really just part of an ongoing debate. Calling this stuff FUD just waters down the term. The fact that MS can point to it and call it FUD themselves doesn’t help much either.

I’ve been avoiding all of the recent news about SCO’s ever deepening troubles because I didn’t want to seem like I was picking on them.

OK. You caught me. I like picking on them, and I don’t care what it looks like. There you go.

If you want to see what I like picking on, check out Groklaw’s latest post. It looks bad for SCO right now. I would feel sorry for them if their actual output of product wasn’t lawsuits. This is less of a case of someone stealing from them, and more of a case of claiming ownership to what’s not yours.

I stumbled across this TCO Analysis by a retired World Bank CTO. This is the first of 4 articles advertised to be an honest attempt to determine the “real world” TCO of both systems by a Linux devotee. Though imperfect, the first part of the article points out how difficult it is to actually purchase a Windows-free desktop machine, and how little is actually saved when you do.

Though purchasing Linux-based systems on the web is probably much easier, how many people do you know in your purchasing department who would take the risk of buying “Blah Blah Super System” or something like that? The answer is probably zero. And remember… Telling a non-technical purchasing agent that a system is P4 FSB800 etc. sounds the same as “Blah Blah Super System". One really big milestone would be convincing Dell to add Linux (any distribution) to their dropdown web configuration menu. Then, Linux will have arrived.

Mozilla has released Sunbird 0.2, a standalone calendar app to go with their recently released Firefox and Thunderbird products. If this is anything like the last two products, it will be sensational when finished.

I’m not much of a user of calendar applications. My standard approach to scheduled meetings is to apologize for missing them. That gets me invited to fewer mettings, and everyone is happier. If anyone has an opinion on Sunbird, please post it here.

Linus, in his own way, has added his opinion of software patents to the growing number of experts expressing concern about them. As usual, he doesn’t say much more that “it doesn’t help".

Current patent processes have lost much since 1994, when my name went on an application for a hardware patent. I was put through the ringer about “common practice", “prior art” and “reduced to practice". 3 different examiners objected to a section of the schematic as prior art because it used the term “double buffer", even though “double buffer” can’t be any more proprietary that “chip". Now you get a patent if you pay the fee and spell your name right… and the spelling part may be overlooked.

Famed free software Guru Richard Stallman has a few choice words about Sun’s recent patent release. In it, he chides Sun for making what is essentially a non-announcement. He goes on to rant about software patents in general in his own, typically Stallman way. He does make some good points though, and his rant is well worth reading.

The USPTO has been allowing silly patents for years. Now the lawyers have discovered that they can sue software companies for things that were once considered “prior art” because judges, juries, and USPTO “pseudo-engineers” don’t understand it. Throw the SCO suit in, and you have what amounts to blood in shark-infested waters.

News Forge has a hilarious analysis of Windows viruses running on Linux using Wine. Ok… so only a real Geek would find this even remotely funny. It really does show how hard it is to level the playing field of OS’s.

Firefox Keeps on growing, at least if you count the total number of downloads. I’ve made my feelings known about the browser in the past. I heartily recommend it. The link at the top of the page should have given you a clue

Seems that IE is getting a little run for it’s money. Firefox and other non-IE browsers have been gaining steadily since June. Though the big boy still has a 90% share, that is down from 95%+ about a half-year ago. That means that the little guys are taking twice as much bite out of IE as they did 6 months ago. It looks like we may actually end up with a choice after all.

ATI has released a whole bunch of driver software for me to download. This includes a update of
Catalyst 5.1 for XP and a whole new x86_64 driver for Linux. Happy days for me!

I’ve added a Linux/OSS category to the blog. Since I add quite a few news items about the Open Source Software community in general, I guess it’s time to add a category.

Stumbled across this pointer to coLinux online. It looks to be something like VMWare, but in Open Source form. It allows you to run a linux kernel from within Windows. If anyone has an analysis of this package, or wants to preview it, I’d be glad to publish the results.

In his ZDNet interview Mozilla’s board chair discusses the past, present, and future of open source. He makes 2 interesting points: 1. Firefox users should stop gloating. 2. Taking out Microsoft (or any other commercial company) isn’t the point of open source. It’s nice to hear a OSS guy who has a reasonable attitude. The OSS community has gotten a little too overconfident after the recent Linux and Firefox gains.

Red Hat, Suse, and Mandrake released a bunch of Linux patches, some of which were labeled “extremely critical". They mostly concern DoS and local DoS vulnerabilities in .pdf and pixmap libraries.

Sidebar: For those running Fedora Core 3, kernel 2.6.10-1.741_FC3 is available.

It seems that Red Hat has noticed how they annoyed their customer base when they split their product line in two. Now they are trying to make up for it by making the Fedora project a little more developer friendly. It’s good news, but it remains to be seen whether they can attract all of the disgruntled Geeks back to the fold.

A Flaw in the way that certain executables are loaded in Linux can allow a local user to gain root priveleges. This is one of those flaws that you can ignore if you don’t have any login users on your machine, or if you trust all of your users. For all other cases, it can be a pretty big security nightmare. This flaw is found in all 2.4 and 2.6 kernels, and there isn’t yet a workaround or patch.