The past few week has not been good for them. They have very serious security defects in all version of Internet Explorer from as far back as records go up to and including the very latest version in Windows 7. Several governments have formally recommended that users do not use IE of any version until it's fixed.
To make matters worse it now transpires that they knew about the problem some time ago and even when exploits were being used they did nothing about it.
Using Microsoft products is one long pathetic patch process. You buy, you hope, you patch, you patch again and finally you start again at buy...
No sane person starting today would ever deploy anything from Microsoft, the only reason anyone uses their products today is because of ignorance, inertia and the fact even if they want to change they are trapped (addicted?).
This week I've been going up to Feltham near London for a training course. Normally this would mean a simple train trip and to pass the time I'd read books. This week because of a rain damaged bridge it's been a slow and complicate process - but I've at least had more time to read and think about books.
One of the books I've been reading via Reading is Linux System Administration Recipes by Juliet Kemp. Fatally I had high hopes for this book, I've followed her blog and columns and was expecting a very good book. The book is not bad, it's just that I was expecting so much more. My first problem with the book is that it's way too short, a slim volume just isn't suitable for a computing recipe book, the format demands a more lengthy work. My second worry is the topics that have been selected, it's not that they are wrong per se rather that there hasn't been sufficient discussion of the alternatives.
Another problem I have with the book is that Juliet is a keen advocate of Kerberos, which is good as it's not as common as it should be, but she misses the opportunity in the "centralising" chapter to talk about Keberose secured NFSv4, rather sticking to the older insecure NFSv3.
There are also some "school boy" errors that really should be lurking in a technical book, some of which have been picked up in the publisher's errata, some that have not.
I really wanted to like this book, however it feels like an unfinished draft, still missing content. I'll next have to write the book up as a full review on the LUG's website. The problem will be creating a constructive review, I think the book is a good start and I really hope that a later edition will be a great deal better.
The UK is a real techno laggard. I'm ashamed of how backwards we are in the UK. We have poor domestic broadband, terrible IT education and dire open-source adoption. Our own government seems hell bent of spending more money than anyone else on failed closed source IT projects and seems unable to adopt open source and save billions: Open Source and the Fear of Failure.
Meanwhile our neighbours across the Channel seem to be running away with technology. They have good domestic broadband provision and several high profile open source projects driven from central government. So far they have saved a fortune and not had the same dismal failures that the UK has been plagued with: FR: "Almost entire public sector is using open source'.
What has happened to British inventiveness and forging the future in the white heat of technology? I suppose we've swapped it all for buying our way out of depression with borrowed money...
posted 18:13 ::
/unix/foss ::
permalink ::
^
Carla Schroder's blog article De-Programming Windows Refugees is really interesting. Obviously it makes the point about getting Windows users to unlearn all the bad habits they have picked up if they want to upgrade to a proper operating system. It's often easier to teach Unix to someone who has never used a computer than a seasoned Windows user...
She goes on to make a more interesting observation. The marketing drones at Microsoft and Apple go on about how "intuitive" their products are, yet when you think about it that's an absurd claim.
Neither the Mac nor Windows are intuitive, and I wish the word "intuitive" would go away entirely because the poor thing is so misused it needs a long vacation. Here is a dictionary definition of intuitive: "Known or perceived by intuition."
What is intuition? "The act or faculty of knowing or sensing without the use of rational processes; immediate cognition."
Some synonyms are clairvoyance, innate knowledge, instinct, premonition, presentiment. Some antonyms are knowledge and reason.
O'Reilly's best selling book isn't anything to do with "hard" Linux but it's "easy" Macs that need manuals: Mac OS X, the Missing Manual....
This week I deployed a Debian GNU/Linux system at work, I'll deploy another one shortly. They should be Microsoft Windows XP systems but it's company policy that only approved Windows systems go on the network, and all company Windows systems MUST have a screen saver with password set.
The problem is that these systems are basically running public displays so the screen saver is required to be off. Therefore it's easier to deploy a Linux system which isn't part of the company wide Windows Domain to solve the problem than it is to use a Windows systems...
Ironic isn't it? Personally I'm always happy to replace Windows systems with Linux ones but in this case the decision was forced onto me by the IT department - which is becoming increasingly less Windows centric...
posted 12:28 ::
/unix/debian ::
permalink ::
^
I'm normally quite conservative with computing, it is more important that it works than it's the latest toy. The only exception is my desktop system, which runs Debian "testing", so periodically things break.
The latest 2.6.30 kernel and 173.13.09 nvidia glx drivers are not compatible. I can either run an older kernel with working drivers or a later kernel with the 2D only open source nvidia drivers which are working fine.
One can understand why my family and my servers at home and work all run Debian "stable" (currently 5.0.2). Once it goes in, it keeps working, Debian stable upgrades are perfectly safe.
posted 22:09 ::
/unix/debian ::
permalink ::
^
Yesterday was a good LUG meeting at Nokia Farnborough. It was another joint Hampshire /Surrey meeting, as usual there were some interesting questions posed and observations made.
Next month we are at IBM Hursley near Winchester (if everything goes well). After that we hope go to Jamie's Computers and then November back to Southampton University.
Without the generosity of others it would be very hard to run a LUG. To all our hosts - many thanks!
Some time ago I had a discussion with a colleague about weather Google would release their own OS to complete with Microsoft Windows. I felt and still feel that it's a lot of effort for Google and the pay back isn't worth it.
Evidently Google think that there is some money to be made from their own OS and this week announced that they will be releasing their own Linux distro called "Chrome OS" for ARM and x86 netbooks in 2H 2010.
The media (as usual) failed to realise it's just another Linux distro and like all previous distros it will be based on something existing plus it will have something new to bring to the party. Google are known to be a Debian/Ubuntu fan so it will probably be based on Debian but with a very light-weight Google front end and be designed for a Web 2.0 world.
The good news is that it will probably drag some hardware vendors to the table with hardware specs, as even Google can't tinker with the Linux kernel without sharing their tinkering. As it's being primarily targeted at the ARM processor it will also eliminate the normal Wintel inertia problem that often harms people's migration away from Windows - most netbooks started out on Linux only, but it was easy for Microsoft to push people back to the BSOD that they were use to with little effort.
We live in interesting times...
posted 14:51 ::
/unix/debian ::
permalink ::
^
I've long used Fabrice Bellard's excellent QEMU system emulator. It's slow but complete, so you can emulate a SPARC system on an AMD64 for example. As long as your host system is fast you can emulate a wide range of other systems acceptably.
Fabrice also released a QEMU accelerator called KQEMU, basically a kernel plug-in that allows QEMU to drop all none guest-kernel calls through to the host CPU unemulated. The upshot is that if you have an x86 CPU host system you can run a x86 guest system on top with nearly real time performance. The rest of the system is still emulated, so graphics isn't fast but it's great for servers.
On the desktop I've been using Sun's VirtualBox which I find faster when running graphical guest systems than QEMU/KQEMU. It also has a nice GUI so it's easier to play with - QEMU is all command line, which is fine once you have it configured but not as easy for dabbling.
This week I thought I try out KVM, which is a mainline Linux kernel plug-in that works with newer AMD/Intel CPUs only. Basically it creates a generic interface that other user-land virtualisation systems can take advantage off. In practice you install KVM into your kernel then basically use QEMU for the rest of the virtual host system. In theory KVM+QEMU should be marginally faster than KQEMU+QEMU on compatible hardware, however you can't use it older CPUs so you need to use KQEMU on them.
It took a few goes to get it working, but so far on my server which has the right hardware, it looks pretty good, marginally faster than KQEMU with lower CPU load on the host system. It's another interesting technology to have to play with.
QEMU is really good stuff, not only is it usable on it's own, but it's the extendible with both KQEMU or KVM and even VirtualBox uses large chunks of it! Open source is great!
posted 15:04 ::
/unix/foss ::
permalink ::
^
Microsoft security expert Roger Grimes says in his blog that being different doesn't make you secure, or at least there is nothing wrong with a monopoly. He is right that just because you are different does not mean that you are automatically safe but the rest of his argument is weak.
He is arguing that if you have a monopoly that doesn't make you insecure because everyone goes for you. What makes you vulnerable is you write poor code. He has a point in as far as it goes, but for years we have known from game-theory and biology that monoculture are more profitable targets than diverse systems and hence there is more pressure to find weakness in them, which once exploited can cause chaos.
We know that the number of defects are directly related the the size of the code base and the complexity of the system. Windows has more lines of code and is an intrinsically more complex operating system than Linux, Unix and Mac OSX, therefore Windows will have more bugs in it.
Windows tends to be run by people with little or no security training and therefore tends to run in the default state. As we know that by default Windows is less secure than Linux, that make Windows more vulnerable. Both can be made a lot more secure with proper configuration and both can be made very insecure...
The various Linux/Unix systems are all subtly different from each other. Sometime this can be annoying but in a security scenario it makes each attack on them subtly different, which puts the crackers off a tiny bit more.
The result is that:
It's not surprising that over 99% of all viruses are exclusive to Windows systems.
He is arguing that Microsoft products gets the most viruses because they are insecure and the Linux gets less because it's safe, which is the opposite of the normal Microsoft position of the "we are the most common so we get the most viruses" argument.
The truth is that security is not a single dimension problem. You just can't make sweeping statements and generalisations without looking at all the facts.
In a recent blog Steven J. Vaughan-Nichols states that Linux and Windows are Different. He is quite correct that Microsoft software comes out with a very slow release cycle and that bug fixes come out at regular monthly intervals often after they are being exploited in the wild. In comparison open source software is released often and with a much higher frequency.
I think it's a bogus argument in the contex of Steven's blog, however he has made an observation about the frequency of change which is interesting.
The up-shot is that a typical Linux user will have a continuous upgrade or improvement cycle. Bug fixes and security patches will be made available quickly often before exploits are available. Depending on the software distribution this continuous improvement could actually be quite annoying and painful, but for most it's painless and routine.
A windows user installs Windows and it stays the same for long periods of time punctuated with infrequent but usually painful upgrades. It is not uncommon for a machine to be physically disposed of rather than be upgraded. In the event of a major security flaw being discovered, Windows users are often left exposed for days or weeks before Microsoft are able to respond.
Basically upgrades and changes are painful. Microsoft aim to reduce the pain by making changes infrequently, Linux distros aim to make the upgrade painless so the frequency is no longer a problem. That is a difference.
The long period of relative stability with Windows XP has clearly caused pain for Microsoft with a lot of resistance from customers, unwilling to upgrade to the clearly superior Windows Vista.
Microsoft have dug an awfully big hole and are now standing at the bottom of it. The current economic condition is a bit like pouring a few tonnes of raw sewage on top of them...
Basically Microsoft failed to replace Windows XP quickly enough with Vista. Windows is a swine to get right and previously Microsoft's continuous moving of the goal posts prevented anyone from settling down getting things just right. Vista came out far to late and people had finally got XP working right and were not keen to start all over again getting things right.
To most non Windows users Windows Vista looks okay, it's slow and not exactly innovative when compared with Mac OSX or Linux, but it seems to work okay. To Windows users it less popular, lots of legacy Windows programs don't work and Vista is missing lots of drivers to existing hardware - it's also slower than XP and takes a lot of relearning.
Microsoft panicked and have pretty much abandoned Vista allowing people to buy Vista but actually install and run XP. They then rushed out a fairly insignificant service pack and when that failed to work, announced that a new version of Windows would fix everything.
Reports in the press now suggest that companies have no plans to migrate to Windows 7 - the current economy precludes unnecessary expenditure and even Microsoft will allow people who buy Windows 7 to freely "downgrade" to Windows XP...
It is madness, they have dug a big hole and don't know how to get out of it... Even killing off Windows XP isn't going to help Vista sales now that Windows 7 is on the horizon. Microsoft will have to kill XP and Vista and hope that something new arrives that only works with Windows 7.
Given Microsoft's appalling track record in innovation and most companies fear of them it's unlikely that anything is going to come along that will save their bacon. The best they can hope for is a destructive computer virus that XP is very vulnerable to but Vista/7 is resistant too - which isn't too outlandish Microsoft killed NT4 and 2K with that trick before...
Someone in my LUG posted this today: Shopping delivered to Great Grandma, by Ubuntu Linux. It's a great example why most IT instruction and use fails miserably. People are not taught useful things in a way they can understand and use. Most of the time people are badly taught something that is not useful and then expected to make sense of a complex and badly designed tool. No wonder most of the time people fail.
If people are properly taught how to do something useful and given appropriate tools they do on the whole find it much easier! In this case Grandma managed to get on with Linux having failed miserably with Windows...
This is something I have been going on about for a while... Desktop Adapted for Dad.
A few weeks ago Apress sent me some books to review for them. Two of them went out to a LUG member and two I planned to review. Brad sent his first review in this week and I posted my first review shortly after. Both are now on the LUG web site: /BookReviews.
I decided to cross-post some of my earlier reviews to the LUG site to flesh the section out and make it look less bare. It's not easy reviewing a book, my first book from Apress, "Expert Shell Scripting" wasn't that good, it wasn't that bad either but I'm glad I didn't buy it. Some books you really like and some you really don't, a lot are a bit more in the middle...
Any how I hope we've not scared off Apress and they keep sending us books to review. In the mean time I'm going to start on the second edition of "Automating Linux and Unix System Administration", which should be okay - I already own the first edition so I'm not expecting it to be bad.
Yesterday was a joint Hants-LUG/ Surrey-LUG. It was a bit unconventional in that we didn't have network access but there were plenty of talks and it was well worth going to.
| 2010 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2009 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2008 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2007 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2006 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2005 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
| 2004 | |||
|---|---|---|---|
| 01 | 02 | 03 | 04 |
| 05 | 06 | 07 | 08 |
| 09 | 10 | 11 | 12 |
![[Valid RSS]](/i/valid-rss.png "Validate my RSS feed")
I am not a PC,
I am a free man!