geek

...everybody has at least one.

And I, not to buck the trend, now have two blogs. Or 1.5, since I am not whole owner of this, the blog I share with my wife.

My new blog is to be found at joshuakugler.com. It is a blog that will focus mainly on tech stuff: programming, system admin, and computer topics in general.

And I have a new e-mail address, since bigfoot.com, after years of use, seems to now be having major technical problems. I am now reachable at:

joshua@joshuakugler.com

I hope you'll visit!

In response to Tristan's post which is in response to Aaron's post, the logo for Canonical is probably not accidental. Merriam-Webster defines canonical as:

of, relating to, or forming a canon

And a canon is:

a : an accepted principle or rule
b : a criterion or standard of judgment
c : a body of principles, rules, standards, or norms

But it also says canonical means:

conforming to a general rule or acceptable procedure

Which Canonical most certainly doesn't. Well, it may conform to free software, but certainly not to the widely accepted practices of proprietary software.

So, Canonical is a cannon designed to change/improve/destroy the currently canonical definition of how software is supposed to be created, sold and supported, thus forming the new software development canon? Sounds good to me.

It's happened! Dell has officially said it will support Linux! And what distribution will they officially support? Why, Ubuntu, of course. Details are still filtering out. Keep watching.

For details released before the official word, see this Desktop Linux article.

Woohoo!

UPDATE: More information on the Ubuntu site as well as the Dell site.

Mike Kruckenberg writes about a talk given at the 2007 MySQL User Conference. It seems the United States Navy is using MySQL running on four-node Linux cluster to handle operations aboard one of their aircraft carriers. Great to see Open Source getting its sea legs. Or is that improving its sea legs? Anyone know of other "nautical" Open Source applications or deployments?

The Firefox web browser has an extention called IETab which enables you to open a tab and browse websites via Firefox, but using the Internet Explorer rendering engine. This can help, for instance, if a site staunchly proclaims itself "IE only" and will not make changes for alternate browsers. Over at Hacking for Christ, Gervase Markham has a post entitled "IETab Considered Harmful?". He references the Slashdot article about MovieLink suggesting that users use IETab so MovieLink doesn't have to go to the "trouble" of making their web site Firefox compatible. Gerv observes:

The harm is that this 'solution' still excludes everyone on a Mac or on Linux, and its availability also makes the site far less likely to change to support Firefox properly. In other words, whereas before Mac and Linux users could add Windows Firefox users to their numbers when petitioning sites to upgrade to support web standards, the existence of IETab divides those two groups and gives those of us using non-Windows operating systems, and those who want to see sites supporting standards properly, far less clout.

Very true. The problem I have with IETab, however, is one of security. If you are using the IE rendering engine, you are opening yourself up to all the problems, standards non-compliance, and security holes you'd have if you used Internet Explorer directly. I keep telling friends, family, clients, and colleagues to use Firefox for better security. If there are sites out there encouraging users to "just install IETab to use our site," most of that security advantage will be negated.

At the conservative end, I think IETab should carry a big, fat warning along the lines of "This plugin is for development and testing only! Using it may compromise your system's security!" On the extreme end, I would have it done away with altogether. If you need multiple versions of IE for testing, on the Linux side of things, there is IEs4Linux, which allows you to install and run multiple versions of Internet Explorer on your Linux machine. I'm sure there is something similar for Windows. For Mac, you're still stuck, as IE no longer is available for Mac (at least last I checked). I suppose you could install Linux under Parallels and then install IEs4Linux.

So, yes Gerv, IETab is harmful, but not only for the reasons you bring up.

Izzy has a good post about security, viruses, and myths. In it, he explores the "age old" question as to why there are no viruses for Macs. While, in the past, the answer may have been market share, the main reason now is the same reason there are no viruses for Linux, Solaris, or any operating system with a strong security model: You. Simply. Can't. Write. One. At least not one that will have any measureable affect.

Why? Two words: security model. In the non-Windows world, users run as normal users, and not as administrators. Any application or script compromised can only modify files owned by that user. Any attempts to modify system files or system binaries will be denied. Now, Windows Vista is supposed to solve some of this by making a user run as a normal user, and prompting for additional privileges when needed, but I've read it's so annoying, people are turning the feature off and running as administrator.

Another reason: bad software design. Example: scripts in Word documents and in Lookout, er, Outlook e-mails that run without user intervention, and e-mail themselves to everyone in your address list. Yes, KDE4 will have DBus-in-everything-even-your-toaster^®, but to my knowledge, scripts attached to e-mails will not run without user intervention. And if you run a script or binary attached to an e-mail, you had better know what it is (there are also the holes in MS products that can be used to lie about the type of a file: calling an executable file a jpeg, for instance).

Another choice that makes Linux a little bit more secure (not sure about Mac) is that any file on a web site or in an e-mail is either opened by the application that can view it (not execute it) or it must be saved and have its execute permission set. No accidentally executing a program attached to an e-mail here. Granted, you could say, "Open this EXE attachment with Wine" (a windows emulator) or, "Open this Python script attachment with the Python interpreter," but again, you must take an explicit action, and are warned that opening an attachment can compromise your system's security. [Disclaimer: I've not checked the behavior of Kommander scripts for KDE. Clicking on one may offer to open them with the Kommander script interpreter.]

But even if you open an attachment with malicious code, it is running as your user, and no files can be modified other than your own. Conclusion: the virus can't spread on the system, and it can't infect system files. The worst it can do is replicate itself (poorly) to the user's files and maybe other people in the user's address book. It can't install itself as a system service, install a key-stroke logger, or other such malicious behavior.

Note: If you have scripts in your home directory which you run as administrator, make sure they're owned by administrator and not by you. Hmm...need to check my ~/bin. But then again, if you have scripts in your home directory that you run as administrator, it probably means they are custom scripts that would be very hard to write viruses for anyway.

So, it all comes down to security and how it is enforced. If Microsoft wants a secure system, they should write an emulator for backwards compatibility, throw away Windows, and start from the ground up to design and write a secure operating system.

Those of us who have been through software development, or sat through a software engineering course, learned about many different software development models: Waterfall, Iterative, etc. Larry Wall, the creator and "chief programmer" for Perl came up with a new one when asked "What criteria mark the closure of perl6 specification?"

It seems you are presuming a Waterfall model of development here. We're not doing the Waterfall, we're doing the Whirlpool, where the strange attractor whirls around with feedback at many levels but eventually converges on something in the middle. In other words, a whirlpool sucks, but the trick is to position your whirlpool over your intended destination, and you'll eventually get there, though perhaps a bit dizzier than you'd like.

I'm sure we'll see it in all the major text books in a few years.

You have a few hundred old computer mother boards. Your company needs a sign for their new lobby. What do you do? If you're the geeks at ServerBeach, you spend twelve hours on a weekend, and come up with the the most beautiful lobby sign I've seen anywhere.

Certainly something that will make any geek catch his or her breath at first sight.

"... one of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs." -- Robert Firth

[Old, but good.]

I came across an interesting phishing attempt the other day. I got an e-mail that wanted me to sign in to E-Bay for a "dispute resolution." The odd thing was, all the links actually went to E-Bay's sign in page. Well, that is odd for two reasons: 1) links in E-Bay e-mails don't usually link straight to the sign-in page (you are redirected there if you need to be signed in), and 2) if you are being "phished," the phishers don't link to the legitimate site. So, I investigated further and discovered that after you signed in on the legitimate sign-in page, it redirected you to the URL that the phisher had provided, which was a page that looked like the e-bay sign in page. It appears it was designed to convince you that you had mistyped your password and were being prompted again. This was especially scary for two reasons: 1) if you had checked the URL and the security certificate before you signed in, you might not check the second time and enter your information again, and 2) it was using E-Bay's own sign-in procedure to redirect you to a phishing page. I contacted E-Bay about this and suggested they lock down their redirector. They e-mailed me back the standard boiler-plate reply and said:

Thank you for writing to eBay regarding the email you received.

Emails such as this, commonly referred to as "spoof" or "phished"
messages, are sent in an attempt to collect sensitive personal or
financial information from the recipients.

The email you reported was not sent by eBay. We have reported this email
to the appropriate authorities.

In the future, be very cautious of any email that asks you to submit
information such as your credit card numbers or passwords. If you are
ever concerned about an email you receive from eBay, simply follow these
steps:

1. Open a new Web browser and type www.ebay.com into your browser
address field to go directly to the eBay site.

2. On eBay, sign into your account and click the "My eBay" button at the
top of the page.

3. Check the My Messages section located at the top of the My eBay page.
If an email affects your eBay account, it's now in My Messages. Any
email sent to your registered eBay email address from eBay or from
another eBay member via eBay's member-to-member communication system
will now appear in My Messages.

All very good advice, but it does not fix the problem that E-Bay's sign-in procedure can be used to catch people off guard and possible obtain their login credentials.

You can see an example of what happens by going to this link. After you sign in, you will be redirected back to this post.

I hope E-Bay fixes this soon.

If you're starting to end sentences with semicolons try Python. My new primary language. I have a draft saved at the moment about my transition to Python. Short story: I'm loving it. Stay tuned.

As a counterpoint to Jon's Photoshop overdose, I have my own story. When I was still living in the dorms, I was reading one night (in front of the computer, since I was working on a computer science class assignment) and turned the page. I realized I didn't want to turn the page, and for the briefest moment, I started to reach for the "Back" button.

So, blogs support these things called trackbacks. It's so blog writers will know you've made reference to their article in your blog. Of course, they don't always work out of the box, so things have to be tweaked. Jon and I think we have worked out the reason I couldn't create trackbacks to his site. We'll test this out by pointing you to one of this post on the joys (that Crystal and I are experiencing as well) of deciphering "toddlerese."

John Bourne made mention of our new web site. It's nice to get pointed to by an established blogger. And, no, Jon, I don't mind you filing the notice under "geek."