August 22, 2007
My brother just got a new HP notebook computer running (what else) Windows Vista. (Home Premium, if anyone cares.) He was forced into the purchase after his previous notebook (and only computer) crashed on Sunday. Within the first 24 hours of use, Windows Vista had already presented him with the infamous Blue Screen of Death. Despite all of Microsoft’s best efforts, it would seem that Windows Vista (running on Vista-certified hardware) still has stability issues.
He’s since obtained a copy of the AMD64 build of Ubuntu Linux from me. Seems like a decent solution to me.
August 17, 2007
While I think that the RIAA lawsuits over filesharing are downright despicable, I also think that the Santangelo family really needs a reality check here. According to this arstechnica article, they are alleging that the makers of KaZaA and AOL, their ISP at the time, are partly culpable for their file sharing. They allege that Sharman Networks failed to warn them that using the application could allow them to violate the law and that AOL did not block the infringement. Read the rest of this entry »
August 16, 2007
According to ZD Net, Free Software (Linux et al.) may need to be worried about pirated copies of commercial software. Apparently your average user would prefer to run an illegally obtained copy of a commercial application than run legitimately free software. There’s an interesting discussion on this here. My thinking: it doesn’t matter. Linux isn’t terribly concerned (yet) about home market share: the business place is where it really excels. The lack of games and completely legal MP3/DVD/etc. implementations is a bigger hindrance to Linux at home than the availability of pirated copies of Windows.
August 16, 2007
The Linux Foundation has started publishing a Linux Weather Forecast — a summary of ongoing development in the Linux community and predictions for forthcoming developments and technologies. It’s a very cool snapshot/summary of development, and it’s presented in a very understandable manner.
August 15, 2007
Ubuntu 7.10/Gutsy Gibbon is still Alpha Software. That being said, I’ve been running it on my laptop and run into a few snags.
The first, and most annoying (partly because it’s by design) is the removal of the orinoco_cs driver from the kernel package. Apparently they thought everyone would move to hostap. Apparently they didn’t do their homework: Lucent Technologies Orinoco cards are NOT supported by ANY driver other than orinoco_cs. That means my wireless card is effectively useless under the 2.6.22-ubuntu kernel series.
Why am I using a PCMCIA wireless card? Well, I’d bet it has something to do with the bcm43xx driver continuing not to work properly. No surprise there, however… the hardware is broadcom, so what can anyone do but hang their head in shame?
Yesterday I was updating Gutsy and a new ATI driver came down for xorg… so imagine my surprise when, today, I boot my system and get a full black screen. Ooops, looks like the new ati driver is broken. I’m about to go file a bug report on that. Running on the so-slow vesa driver right now, but at least I could get back in.
At this point, I’m back to using a generic video driver and the Feisty Fawn kernel… hopefully there will be some pending updates to repair things.
August 14, 2007
LinuxBrainDump.org has an article on the 10 Linux Commandments. The most controversial of these is “Thou shalt not log in as root”. I’d like to take a moment to point out some of the flaws in the belief that it’s okay to run as root — as well as some of the risks you face by running as root.
- Being compromised as a non-root user still leaves your data vulnerable. This is completely TRUE. Your data is vulnerable either way. Your data is your most valuable asset: OSs can be reinstalled, data cannot. This is why we have DVD+Rs, Backup Drives, etc. Use them: they protect you against attackers, stolen computers, hard drive failures, and (done properly) fires, tornadoes, and floods. Amazing technology.
- A user can still send spam mail and other annoyances. This is true as well. Unless you have a high security system where no users can have executables (i.e., a noexec /tmp and /home) any user can bring in an executable and run it.
- Most home computers are single user machines. Probably not anymore. I know my girlfriend has an account on my machines. Other people I know have been granted guest accounts, and I’ve got multiple accounts for testing things. Root would have access to all of this, a normal user only to their own account.
- It’s no worse to be compromised as root than as a user. Completely false. An attacker with root can cover their tracks much better than a user. A root attacker can create new accounts, modify system binaries, and otherwise damage much more of the system. And, of course, they can do all of the above. An attacker with root can also craft custom packets to exploit other systems on your LAN. Also, a root attacker could run a packet sniffer on your network and read traffic. A compromise is bad, root access is a nightmare.
Long story short: it still makes sense not to run as root. Mac OS X, Linux, and Unix have always run this way. Windows Vista has even moved away from users being given administrative privileges by default. “Allow or deny?” was not added because it looks cool: running as a non-privileged user is REALLY better. Don’t be fooled into thinking it’s okay because it’s only a workstation: security is important everywhere, especially around your data.
August 10, 2007
I just returned from the 2007 LinuxWorld Expo in San Francisco. This was my first LWE, and I had a great time. I was out there on behalf of LinuxQuestions.org, the Linux community site I am a moderator on. Though more business- than community-oriented, it’s still a great event to get to know others in the Linux community and marketplace as well as keep up on the latest technology (how anyone keeps up on it ALL is beyond me).
Read the rest of this entry »