Summary: “Open-Source Could Mean an Open Door for Hackers,” says a new article from Robert Lemos, but the facts just don’t add up and suspicions arise that Microsoft is in fact partly funding these claims
Two readers separately E-mailed us about a new article that looks too suspicious because it’s flatly wrong. “This came up in the ACM daily email today,” wrote one reader and another one writes: “Find out if there is any Microsoft connection”
“Apparently, this is another Microsoft-funded study bad-mouthing open source software,” said the first reader. I asked: “Where can I see that it’s Microsoft funded?”
“Even if that’s not the case,” he replied, “it has been characterized as a FUD attack.”
“I didn’t have time to investigate it myself,” points out this first reader who cites Dana Blankenhorn and some of the comments we’ll get to in a moment:
You don’t expect misleading FUD about open source from MIT’s Technology Review. But here it is.
The story is about a Boston College professor (and Georgia Tech grad — go Jackets) named Sam Ransbotham…
The misleading bit is the idea that open source vulnerabilities spread faster, and are exploited both sooner and with more force, than bugs in proprietary software.
It’s true, but it’s wrong to draw large conclusions from that.
In his work Ransbotham looked at a list of 883 known vulnerabilities and found 97 exploited over two years, 30 of them in open source. Attacks on open source were broader and moved faster than those on closed source.
The real story is a bit nastier. The biggest correlation Ransbotham found was not between open source and attack, but between the existence of a security signature and attacks.
Here is the original article. There is a comment titled “How Paid Studies Reflect Desires of Those Who Pay” and it says (emphasis in red is ours): “Paid studies are all notorious for proving that the sponsor of a study can usually get findings that support their desired outcome. Since this study is funded primarily by Microsoft, then the results should not be surprising. The article is not based on any outright deception or lies, simply on two levels of ignorance. First, the naivete and lack of programming expertise of the general audience who might accept these findings — a response that no credible or responsible programmer would support, unless he or she also were a partisan MS loyalist. One must only read the weekly threat announcements of critical vulnerabilities in Microsoft and Adobe products, for example to realize that nothing could be more vulnerable than these highly vaunted proprietary products. The second level of ignorance relates to intrinsic security permissions in most UNIX/LINUX operating systems versus that of Microsoft Windows, including Windows Seven. Most of the worlds secure servers are all running on some UNIX based OS, not Windows, for matters of security and reliability — they are running Solaris, UNIX, or some flavor of LINUX. And this has everything to do with inherent security permissions for the Root user account, versus the “administrative permissions” in Windows that always leave a number of little windows, shutters, back doors and ports wide open to attack, and ability to modify critical registry entries in the Windows OS. There is no “registry” to attack in UNIX, Solaris or LINUX, and nothing can modify a Root file unless it is a live password protected Root User. Autorun scripts and VBS scripts cannot exploit these systems at all.”
Another commenter claims an “advertisement coincidence” when s/he writes: “The advertisement for this article is for Microsoft Server. Coincidence? I think not.” █
Steve Ballmer’s presentation slide from 2009 shows GNU/Linux as bigger than Apple on the desktop
Summary: Response to fear mongering from IDG, which uses a tricky line of reasoning to suggest that “desktop Linux has floundered” (which it hasn’t)
SHOWN above is a chart from last year (source: Microsoft) just to remind people why Microsoft considers GNU/Linux to be a top desktop (“client”) competitor. On the desktop too GNU/Linux is thriving, especially in emerging markets where the cost of Windows settled around $0. Eric Knorr from IDG wrote a provocative piece preceded by some headline with the obligatory question mark. He appeals to emotion when he asks: “Can desktop virtualization save desktop Linux?” (which insinuates that “desktop Linux” needs saving or is dying)
Desktop Linux has floundered for three main reasons: too few applications, limited desktop hardware compatibility, and too few tools (not to mention skilled people) to manage a boatload of Linux desktop systems.
Wait a second. First of all, it has not floundered (it grows rapidly in tablets and sub-notebooks, even smart phones. Apple and Google have both acknowledged that these are the growth areas and Microsoft is nervous about this evident computing shift). Second of all, GNU/Linux has a compatibility layer which enables it to run more applications than Windows. Thirdly, hardware support is better in Linux than in Windows and lastly it ought to be added that people rarely struggle to cope with their GNU/Linux desktops when they use a modern desktop environment. It’s really user friendly, as many new users would happily attest to. One could go on and refute the other parts of this inaccurate article from Knorr, but what’s the point? It’s like feeding the provocateur. █
Now that we know it’s a payment which bought Microsoft this ‘ticket’, the story becomes very familiar. It becomes a lot clearer that Microsoft actually paid with “sponsorship” to get that spot, i.e. it publicly speaks to the opposition’s crowd because of money. Fab from Linux Outlaws won’t go to LinuxTag this year, partly because of that action from Microsoft. He’s probably not the only person who feels that way and he said that would rather have Novell attend. He says that “everything is better than Microsoft” and that he will be the first who shouts “no”. Well, that’s just what Microsoft intended by its own admission (see quote at the top).
For those who listen to the audiocast/oggcast from which the quotes are extracted, skip to around 1hr:10min when this discussion takes place. Dan plays the apologist’s role (or devil’s advocate) to add some balance, which is fair enough. Neither of them is excited to “go across Microsoft logos” and someone in their IRC channel writes: “what about if there are conditions attached to the sponsorship?”
Well, they have already injected a public talk. We saw this several times before. Microsoft is essentially buying itself a talk by offering sponsorship. It’s as though there are strings attached. This is very deliberate.
Fab says: “I’ve been… even in the time I do this podcast I read about so much abuse… I don’t like them as a company.”
“Over my dead body, Ballmer.” –Fab from Linux OutlawsHe asks rhetorically: “Why do they do that?” Well, that’s because they are Microsoft. They like to break things, even events of their competition [1, 2].
Dan says that it “looks good for them if we rant about them.” Yes, that’s just part of their plan. “Give them ammunition… [to say about GNU/Linux people that] they are crazy,” Dan adds.
Fab angrily replies with: “Over my dead body, Ballmer.”
Dan persists by presenting the other side: “I don’t know whether this will change the event.”
“It makes me sick” is the response.
It ought to be emphasised that this is not the first time they are involved. Fab speaks about a Microsoft guy at the Novell stand — one who kept staring and made him uncomfortable in prior events that he attended. And again, this very much deliberate. Microsoft knows what it’s doing and it uses friction to drive people against one another and come out looking like the professional “saint”.
Dan says: “it’s difficult… I didn’t feel like having a Microsoft logo on my shirt.”
Of course. Nobody likes that. It makes people angry and resentful towards the event, which is really being victimised, sometimes coerced. They do this also to Apple and they explain how to grease up the organisers, who later regret what they do.
Microsoft wins either way because if the organiser says “no”, then Microsoft will publicly throw a fit and daemonise the organiser/event. The solution is to publicly agree that Microsoft is forbidden from accessing such events as a matter of cross-event/events-wide policy, for the simple reason that it admitted quite explicitly that it wants to sabotage such events. Novell would of course stand in the way of such policies.
As a side note, Dan has not been keeping up with Microsoft. He thinks their Xbox was successful even though it’s an utter failure. To be unaware of the reality is fair enough if the big media/PR is all one has to rely on. Sometimes it’s better to just concentrate on GNU/Linux, i.e. the positives. █
“About 45,000 “Smart Meters” from Pacific Gas and Electric have had problems that lead to the company sending bills for “estimates” of use that are often double actual electricity use. The meters are unable to connect to networks and frequently reboot, losing all of their information.
In further steps towards Smart Grid development, the company has this year also announced leadership partnerships with SAP, Cisco, and Microsoft to accelerate the delivery of standards-based solutions …
“It should be noted that Microsoft has a competing product in this market called Hohm. Expect Microsoft friendly sites to spin this failure as something Microsoft can fix rather than something Microsoft may be responsible for.” █
Cutting costs is at or near the top of every IT manager’s priority list. Moving your enterprise from proprietary to Linux-based systems may be one of the best ways to increase efficiency while reducing your overall expenses. Here is a glimpse at just three cost-cutting perspectives you may not have considered before.
I switched on the printer and plugged in the USB cable. Immediately I started to click through to the printer setup area to see if I could set it up. Suddenly my eye caught a little dialog popup next to my network monitor.
Most people probably have never heard of an operating system different than Windows. Most of them are not as widely advertised as Windows either.
I have completely switched to Ubuntu about a month ago and I must say I do not regret one single bit of doing so.
I was using Windows Vista as my main operating system and I couldn’t help but notice how slow it was at times. Especially when I had all the needed applications installed. It was so frustrating to wait for it to boot up in the mornings when I needed it to boot up fast, because all I needed was Firefox. Right then I found out about Ubuntu.
Ubuntu is free, fast, functional, customizable and user friendly!
If we want to fix bug number one, get rid of the Microsoft monopoly that’s been plaguing the world for 20 years, and actually bring free software to the masses, we need to hit the gym and get in shape. Not only our product, Ubuntu, but our collaboration and our protocol, our infrastructure and our people.
We’re all working towards the same thing, so don’t get all defensive if I criticize your work – I’m trying to help. Don’t work in secrecy when you’ve got an entire community of intelligent and talented people at your disposal literally asking for stuff to do, and don’t skimp out on the minor details, because it’s all those minor details put together that make a good product into a great one. Work out where to draw the line between forcing something that’s unpolished into a release because you’re stuck on a schedule, or perhaps giving it another six months before incorporating it.
“With Linux, the operating system is effectively free,” says Phil Cox, principal consultant with SystemExperts. “With Microsoft, there are licensing fees for any version, so cost is a factor.” And relative to any physical hardware platform, Linux performance appears to be about 25% faster, Cox says.
Last week we openly asked the question if and when will X12 emerge to replace X11, which was met by a variety of responses. Some view the Wayland Display Server as being a potential successor to the current X11 / X.Org Server, but others don’t give it much credit seeing as it’s not too actively worked on — well, directly, but it leverages a lot of work actively going on with the Mesa and kernel DRM. The last time the Wayland Display Server received new commits to its code-base was back in March, but that changed this weekend.
While many new packages have been pulled into the “Maverick Meerkat” repository for Ubuntu 10.10, one area that hasn’t yet received many changes compared to the Ubuntu 10.04 LTS packages has been the X.Org graphics stack. However, that soon will change with X.Org Server 1.8 being pulled into the Maverick repository in the very near future.
I’ve been working on a project for work involving the re-use of older (6-8 years old) PCs and laptops using Ubuntu 10.04 LTS, with the goal of distributing them to some of our tech-impoverished Georgia libraries (nothing’s firm yet – still in the exploratory phase). These were state library staff members’ computers from maybe 2 generations ago and if they are not re-used, they’ll be surplused or discarded. As I was installing and configuring Ubuntu, it occurred to me that since we would be redistributing whatever software we install, we are constrained about what we can include when they are sent out. Ubuntu, as-is, is all free software and all included packages can be redistributed freely. However, installing Adobe Flash, Sun (or Oracle) Java, or many proprietary A/V codecs or device drivers, makes it illegal to redistribute.
This tutorial shows how you can set up a Fedora 13 desktop (GNOME) that is a full-fledged replacement for a Windows desktop, i.e. that has all the software that people need to do the things they do on their Windows desktops. The advantages are clear: you get a secure system without DRM restrictions that works even on old hardware, and the best thing is: all software comes free of charge.
Shortly after Alex Austin released Gish’s source code, Gish got its first new public feature courtesy of FrozenCow. I find these “zero day open source contributions” really interesting. It reminds me of the immediate rush to crack DRM or to exploit a newly disclosed vulnerability, but this is unequivocally awesome, feels good, and is only motivated by positively helping the community.
In terms of popularity KDE is the second most popular desktop environment. Like Gnome it is fully matured and provides it’s own full application set as well as GUI tools for configuration. KDE also has a wide selection of “plasma widgets”, which are handy applets you can place all around your desktop for all sorts of tasks. They range from something as practical as a calculator to as useless as a display from “The Matrix”.
All of the various desktop environments have their advantages and their disadvantages. Which one is right for you largely depends on your task at hand. Personally I run LXDE on my netbook, KDE on my gaming laptop, and Gnome on my home media center. If you are not sure which is best for you, try them out! It is all free software after all, get a feel for which desktop environment you
are most comfortable on and use that one.
Is there another desktop environment that you enjoy using that I failed to mention here? If so let me know, I am always looking to tinker with new things.
Of course, there is still a lot of work to do. I’ve already got a few ideas for the future of quicklaunch, but since KDE SC is currently in it’s beta phase, these will have to wait until trunk unfreezes for the 4.6 cycle. In the meantime, if you’ve got the chance to have a look at the new qucklaunch plasmoid and you’d like to share some feedback (be it positive or negative), please let me know.
This is a feature a lot of people have been asking for. I have never really used a tiled window arrangement. I suspect that this would be good for people with large monitors, who work on multiple applications at once – for example developers, journalists or technical writers. However, on my 13 inch laptop screen, there’s just not enough screen real estate for tiling to be practical. It’s difficult to say whether this is a good or bad implementation of window tiling. Given I’ve never really played with window tiling, I’ll leave such an analysis to the those users who are tiling junkies.
Right now, as in KDE SC 4.5 and Qt 4.6/4.7 is still not for everyday use, is still not so stable and there are some graphical glithces (this actually varies from a graphics driver/video card model like crazy) but what is encouraging is that since this feature was introduced (Qt 4.4) it came a very long way, it’s really sooo better than when it was originally out.
When I found about Pardus some weeks ago, I was surprised to find a distro which is not among the most popular ones, but an impressive piece of work nevertheless. I personally believe the Pardus developers have a very good understanding of their users needs, specially those users who may not have any experience in Linux or KDE. I think they have done a superb job at removing “obstacles” where it matters, joining other great distributions like PCLinuxOS 2010 or Linux Mint 9 in making the Linux desktop more accessible than ever.
Overall, though, I am enthusiastic about the possibilities Arch Linux offers and plan to continue experimenting with it. This article has been completed using the beta version of OpenOffice.org 3.2, which is available through the Arch Linux repository. Both the stable and the beta versions can be installed. It would be immensely valuable to me if users could try the new packages for features important for them and provide feedback.
After all this, I ended up with a usable Slackware 130.0 installation. Login screens have a pleasing dark theme by default while the desktop is very blue. There may be no OpenOffice but KOffice is there in its place and Seamonkey is an unusual inclusion along with Firefox. It looks as if it’ll take a little more time to get to know Slackware but it looks good so far; I may even go about getting 13.1 to see how things might have changed and report my impressions accordingly. Some will complain about the rough edges that I describe here but comments about using Slackware to learn about Linux persist. Maybe, Linux distributions are like camera film; some are right for you and some aren’t. Personally, I wouldn’t thrust Slackware upon a new Linux user if they have to install it themselves but it’s not at all bad for that.
The shortest posts I seem to have are always for the tools that are the quickest, most efficient and most effective. PLoP Bootmanager is one of those things, and for that reason, I’m afraid I don’t have much to say about it.
A long time ago I kept Smart BootManager on hand, for times when a machine wouldn’t boot from a CD. Any more though, PLoP has supplanted it, and won a place in my little CD binder.
ed Hat Inc. options saw high put activity today. A total of 1,871 put and 276 call contracts were traded raising a high Put/Call volume alert. Today’s traded Put/Call ratio is 6.78. There were 6.78 puts traded for each call contract.
In short, I’m not running the latest versions of applications anymore, because Fedora doesn’t have a rolling release schedule. This used to be a big deal for me, now I find that I don’t care. The repositories are extensive, but of course Arch has the AUR which contains almost all open software known to man…but I’m not running anything exotic anymore.
Fedora 13 is the latest update to the Redhat-sponsored, RPM-based Linux distribution. It has long held a reputation of being a testbed for features that will eventually make it into Redhat Enterprise Linux, and, therefore, less stable than other desktop-oriented distributions. And I think that’s one reason why Fedora has features that you’ll not find on other desktop-focused distributions.
I am sure the people working on this release are painfully aware of the implications of a release number of 10.10, no failures will be tolerated in what has already been dubbed the 10/10 (ten out of ten) release.
A considerable segment of embedded systems are often found in mass-market products and are therefore subjected to hard economic constraints. The basic nature of these systems mandates further constraints on physical size and power consumption. These in turn give rise to resource constraints on the computing platform level, e.g., constraints on computing speed, memory size, and communication bandwidth etc. In spite of the rapid development of computer hardware these constraints are true due to the economic overheads. In most cases it is not economically justified to use a processor with more capacity due to the overall product’s cost limits.
In the emerging netbook market, Google decided it would announce a new-style Linux-based OS that would be perfect for netbook owners, set for release in Q4 2010. Recently, Google has also showed off a new application market for Chrome and Chrome OS. We at The PC Report have used Chrome OS briefly when it was first released, but today we’ve taken an in-depth look at the OS and how it will affect the OS and netbook markets.
Fidelity: Software running in a virtualised environment should not be able to detect it is running on a virtualised system. Containment: Activities within a virtual machine (VM) should be contained within the VM itself without disturbing the host system. A guest should not cause the host or other guests running on the host to malfunction.
You’ll find many Linux-based and/or open source options when searching for a Wi-Fi hotspot solution. Whether you’re wanting to give away or charge your visitors for the wireless Internet, you should find something that will work. The best part is that most of these solutions are free — you don’t have to spends hundreds on a off-the-shelf hotspot gateway.
This Firefox add-on installs a menacing little “Destroy this page!” icon on the Firefox toolbar and all you have to do is load up your favorite or even not-so-favorite webpages and hit the button. Soon afterwards, you are greeted to arcade music and a countdown timer that beckons you to “Destroy the Web.”
Everyone has heard the old saying “lies, damn lies, and statistics”, well statistically OpenOffice.org is used somewhere between 0.2% and 22% depending as to where you live. (these statistics can be found at Webmasterpro.de). This leaves a lot of people saying, “Huh?!?”. So I will resolve to discuss OOo adoption anecdotally. The first class of pharmacy students I taught 4 years a go had never heard of OpenOffice.org prior to me using it for a presentation, but this past month (May 2010) I had several students email me their pharmacy law papers as ODTs. The reasons for this increased adoption could be due to multiple reasons such as alternatives being perceived as bloated, slow, and expensive or the increased number of students I have using alternative operating systems where OOo has a native port or maybe even the fact that they find their pharmacy professor so darn cool that they want to be just like him and run OOo as well. As biased as I am towards myself, I seriously doubt it’s that last reason but I am seeing more and more OOo use. My intention with this article is not to proselytize OOo, but instead to show some good ways to extend the use of OOo.
A. “If open source is free software, how do you make money with it?” is a question I hear often, sometime expressed simply as “you can’t make money with open source”.
Since 2002, I have made my living working with open source software, specifically the OpenNMS project. While I wouldn’t describe myself as wealthy in terms of money, I am both happy and comfortable. It is possible to make money with open source, although being free does mean a departure from traditional software business models.
HTML5 is the second most buzzed word around I think, second only to the Hypepad. In case you’re wondering whether your current browser is compatible with it or not, a simple tool to help you determine this is the HTML5 test tool.
Here is the response from the ‘Microsoft press’ (Pender) and other sympathisers. They defend their own interests, but then again, Google’s interest in demoting Windows gets reported very widely [1, 2, 3] now that it formally dumps Windows. Google does have a conflict of interests (it has at least 3 Linux-based operating systems), but the news is considered so big that it is affecting Microsoft’s stock (which fell “17.84% Since Reporting Quarterly Results 43 Days Ago”). From a financial news site:
Microsoft Takes Punches (MSFT)
If that statement is true, Microsoft (MSFT: Charts, News, Offers) might want to hang their hat on that statement as the company took it on the chin again today with the announcement that Google (GOOG: Charts, News, Offers) is moving away from the Windows operating system because of security concerns.
Google, up until now the rare company that lets employees pick their operating system, has banned Microsoft’s Windows, ostensibly for security reasons. Microsoft responded by mocking the journalists who bought that explanation.
Unfortunately for Green, that PC was the same computer his kids used to browse the Web, chat, and play games online. It was also the same computer that organized thieves had already compromised with a password-stealing Trojan horse program.
A few days later, the crooks used those same credentials to steal nearly $100,000 from the company’s online accounts, sending the money in sub- $10,000 and sub-$5,000 chunks to 14 individuals across the United States.
Recently, the folks at Core Security noticed that Microsoft has been delivering more fixes during patch day than they have documented in their security bulletins. It’s great that Microsoft is fixing more security issues, but when they’re not documented the IT department’s job could become even more challenging.
Those 34 flaws which Microsoft has counted for Tuesday are likely to be another fake number that Microsoft can choose rather arbitrarily by hiding the changes it prefers to stay secret. Those figures from Microsoft are widely reported everywhere (dozens of articles in recent days) without any questions asked about those numbers and their validity, just their source or origin (Microsoft, with no independent audit). What a shame.
Expensive malware appears for Microsoft’s Windows Mobile
Malware embedded into legitimate-looking games designed for Windows Mobile has appeared, automatically dialing up foreign telephone services to ring up hundreds of dollars in illicit charges for users behind their backs.
The Wall Street Journal reports that several current and former Microsoft employees express growing concern about the company’s struggles in the consumer market, especially the mobile segment. So when the blogosphere erupted late last week with reports that Microsoft told a developer conference audience it expected sales of devices based on its forthcoming Windows Phone 7 OS to top 30 million by the end of 2011, citing market data from research firm IDC, more than a few onlookers did a double take. One problem: IDC has no idea where those numbers originated. “We don’t know who used it and where it came from. It’s kind of disturbing,” IDC wireless analyst Will Stofega told The Seattle Times. “We’re really pissed.”
More nonsense from IDC. Its own (former) employees have admitted that they make stuff up based on gut feeling. It’s all about advertising clients while looking sophisticated enough. We have leaked E-mails which show IDC doing this with Microsoft. IDC is also still counting the wrong/improper thing to belittle GNU/Linux in servers. These analysts don’t bother listening to critics and correcting their measures. They would rather lie over and over again (it’s periodic FUD, quarterly or annual).
In any event, Microsoft is doomed when it comes to mobile devices, unless of course it does something radical (“Microsoft’s mobile future questioned”). “KIN” reviews continue to show that it’s a failure [1, 2, 3, 4, 5]. Microsoft is trying discounts/sales [1, 2], but “Microsoft Kin Critics [are] Venting On Facebook,” says CRN. We gave other examples of many complaints from buyers of “KIN”, which seems to be more experimental than OpenMoko. It has serious hardware and software flaws, so it’s no wonder its leadership quit Microsoft last month [1, 2, 3] (or was pressured to leave, i.e. fired). █