A Man and his Penguin

According to a new PC magazine I got today, AMD's new Phenom X4 processors equal the performance of Intel's hero Core 2 Quad Q6600, for about the same price. That's great news for all computer buyers, though unfortunately Intel is just about to release the Nehalem microarchitecture that will probably tilt the balance of power back to Intel.

If AMD's Phenoms can exceed the performance of the Core 2 Quads for a lower price, and if their discrete graphics cards gain 3D support in open-source drivers, I could be looking at obsoleting my current PC. My dream would be to have a passive-cooled Sapphire card and a fast overclocked Phenom X3. I imagine that the X3s should have a bit of scope for overclocking, but ideally we'd like to see AMD get their process down to 45nm to improve power efficiency and heat production.

After the IT support guys did a system restore of Windows on one of the computers at the shop, they found that Windows decided to need activation again, but that it wasn't accepting the serial number on the sticker on the side of the computer. I don't know if they forgot to chase it up, or assumed that maybe we had a pirated copy of Windows and didn't want to get involved, but that computer had been warning us for weeks that it needed activation.

When it reached 5 days, I decided to do the activation step. First, I tried putting in the serial number. Invalid. I thought "Maybe when the original activation happened, they accidentally swapped over the serial numbers with the other computer?". So I tried that, and once again it wouldn't accept it. It displayed an "Installation ID" number that I had to give to an operator so they could check whether I had genuine Windows.

So I had to call Microsoft. It was rather painless. The tollfree number connected straight away, I was asked to press 2 to get to Windows activation, and then enter the Installation ID on the phone keypad, six digits at a time. Once that was done, a recorded message told me that it had been installed more times (or on more computers?) than was allowed in the EULA. I doubt that. I HIGHLY doubt that. I don't believe those computers had been activated any other times since they left the Acer factory.

Anyway, I was put through to an operator, who asked me some questions like "Why did you need to reactivate Windows" and "Has this product been installed on more than one computer", and "Was this a preinstalled Windows or did you have to install it yourself". Then I gave her the first six digits of the installation ID and she was able to find the whole number, presumably from when I typed it into the keypad. She gave me another number to type into the Windows Activation program, which worked.

It took about 5 minutes and was rather easy. But I agree that there's some serious problems with Windows activation, if it doesn't accept legitimate product keys and you have to call Microsoft. It's not even like the hardware changed - it was just an in-place system restore!  I had thought that if the operator gave me any hassle that I could say "I have an Ubuntu CD in my hand. Here is the sound of me inserting it into the computer"  and see what happened; but honestly, the process was painless and apart from the pre-recorded message, I didn't feel like I was being treated like a criminal.

The West Australian are having a competition - subscribe to their daily news feed on your desktop and you get the chance to win a Dell laptop. The advertisement has the RSS logo in it, so silly me, I thought it might've been an RSS feed.

I went to the website and clicked on the RSS logo. It didn't open my feed reader. It took me to another page that asked me to download their program. "This program works on Windows PCs only".

Not only is it wrong not to provide versions for other platforms (or a single version that works on multiple platforms, e.g. a Flash movie-based aggregator), but it's also wrong to use the RSS logo when talking about their news feed.  The feed is locked to a proprietary program - you cannot look at the source code of the feed, nor access it from any other program - so the logo is being used in reference to a closed format. Mozilla's guidelines for use of the RSS logo clearly state that it "should be used to indicate the presence of information provided via web syndication in an open format...".

By "Open format", the Mozilla Foundation define that, among other things, it should be "free of legal restrictions on use, especially restrictions       that would prevent the format from being implemented by free and       open source software". Finding the actual location of the feed file and reading it would require reverse-engineering or decompiling of the software, both of which are prohibited by the EULA of the software.

I did try running the distasteful program in WINE, but the windows would not render properly no matter what settings I used.

I hope I'm still bloody registered to win the laptop.

Some fake screenshots of Windows 7 have been released. They're quite good fakes, referring to possibly-to-be-existent hardware products, and including lots of transparent windows and transparent circular menus... transparency and compositing all around.

Someone posted a comment on OSnews.com saying that they hated everything on the desktop to be transparent. The user phoehne replied with this gem:

In fact, they're going to make the monitor transparent. That way, you'll be able to see the dust accumulating in the corner of your cubicle behind your monitor. Transparent text on a transparent field, over a transparent background with a transparent monitor. This is part of their new push toward corporate transparency.

I cacked myself :-)

There's definitely something shady going on with this Windows XP EeePC, being cheaper than the Linux version.

In retail, there's something known as upselling - that's where you try and get the customer enthusiastic about buying something more expensive than what they originally intended. Often, a cheap product will be advertised in a catalogue to get people into the store, and then hopefully a certain percentage will choose to pay more to get a better product. Sometimes, if you advertise the cheap product, people will call or come in seeking out the more expensive product.

If Asus were acting normally, under no undue influences from Microsoft, the Windows XP version would always be a little more expensive than the Linux version. Most people would happily pay an extra 5% ($30) to get Windows. It would be an easy upsell - "this is the interface that you're familiar with; it works with all your existing programs". Sure, some people won't care and will save themselves $30. Or a bigger margin; Windows' familiarity will still sell for an extra $50.

Who, apart from Linux users, can upsell based on a bigger SSD and a less familiar operating system? I'd try, of course, but it would be incredibly difficult. That's why Asus is taking that option away from retailers.

Putting the Windows XP price below the Linux price doesn't make sense when you're selling the product. It does when you're being strongarmed by Microsoft (or they make you an offer you can't refuse).

--------

On the topic of selling, the president of News Corp says that Blu-ray's take-up has remained slow because of a lack of Blu-ray players on the market and in stores.

Bollocks.

There are eight Blu-ray players on the market today, not including integrated with home theatre systems. That is plenty, as most of the major brands have them - Sony, Samsung, Panasonic, Pioneer, LG, and Sharp.

Blu-ray players are mostly an add-on purchase - someone buys an HD TV, and gets convinced to add a Blu-ray player too. We can add an $89 power board to the sale easily enough, but it's difficult to sell a $599 blu-ray too.

The recent promotion with Samsung giving extra cashback if you buy a Blu-ray player with your TV, has actually sold out our stock of Samsung Blu-ray players, showing that if the players were $150 cheaper, they would sell better.

The EeePC originally ran Linux only; anybody who wanted an ultraportable laptop for $499 would have to buy a Linux-based machine. However, Microsoft has realised the threat that the Linux-based EEE placed on its Windows operating system, and now Asus offers the EeePC with Windows XP preinstalled.

I told you earlier of my workmate who wanted to buy an XP-based Eee for her son. She was going to choose the XP version because the rep told her it would be "easier to use if you're familiar with Windows". In the end, I built her a Linux computer and she gave her broken XP/Vista laptop to her son.

Somebody who I met on Friendster a long time ago e-mailed me to ask my opinion of the EeePC. I think she was reading this blog, as before I said that I had wanted to get one. I advised her to buy the Linux version:

• It's a better fit for the computer's small screen
• It runs faster with Linux
• More flexible
• It's simpler to use
• No viruses or spyware
• Bigger flash storage (or lower price)

She's going to buy the XP version, because "I know it will work well with my XP desktop, and I love XP".

So there you go. If they've already got Windows, they'll continue to use Windows, despite being told that Linux is the superior operating system, and especially the better OS for the EeePC.

It's great that we can buy a Linux-based laptop from a brand-name vendor, but the idea that the EeePC would bring people to Linux is simply not happening. This probably also means that competing ultra-portable Linux laptops will fail to find market share. Not because Windows is "better", or because it costs more, or because of any interoperability issues between Windows desktops and Linux laptops; but simply because they don't have the shiny Windows XP sticker on them. Sad, isn't it?

Here's a gratuitous Compiz screenshot (yes, you can run Compiz visual effects on an Eee!):

And another one:

Click the thumbnails to view full-size.

What's better for your computer than running anti-virus software? Simple answer: Getting a virus.

I finally figured out what was wrong with my workmate's new computer (you need to put the RAM into the FIRST slot, not the second) and dropped it back over. While there, she tried to use her husband's Windows XP computer to find an e-mail he'd been sent. She was cussing for minutes about how slow the machine was running.

I thought maybe he didn't have enough RAM. I looked all around Windows at snail's pace until I finally found the "Task Manager". This program is like Gnome's System Monitor, with information about CPU, memory, and network usage. His CPU was running at over 80% at every single moment it was turned on. Of the 512 megabytes of RAM in the machine, about 400 megabytes were in use. (contrast: My Ubuntu box is using 292 megabytes at the moment, with total CPU use between 1 and 5 percent).

I found the process list. This showed "avc" something ".exe" was using up most of the CPU time. I told this to my friend and she said "Oh, AVC. Something about that popped up when I started the computer. Bob said this was a really good anti-virus program".

Telling the program to kindly stop the scan worked. CPU use dropped to under 20% (well, it's an Athlon 2200 running all sorts of crapware, what do you expect?). Frets On Fire still wasn't playable, but I did wow my friends with my amazing jerky guitaring ability. About 80 additional megabytes of RAM were freed by stopping the scan too.

Everyone knows that viruses use as little CPU time and memory as possible, in order to avoid the user noticing their effects. So what's worse? Running an anti-virus program and having it keep your computer under heavy load 24/7, or having a virus that you can barely notice?

This is a case of the illness being better than the cure, I'm afraid. Ideally, everyone would run a secure operating system anyway, with a firewall router, and not open random programs that get sent through e-mail.

Work today was great! We had a busy day where we sold a lot of products. We were really happy at the end of the day. And tomorrow I'm planning on going for a long walk, if the weather holds up.

Final pieces of news: Someone recently noticed that the EULA for Safari for Windows has a clause that disallows you from running Safari for Windows on a "non-Apple computer". Heh. But this isn't news: I read the EULA that cames with my mother's iPod, and that has the same clause in it. I mentioned it online ALMOST TWO YEARS AGO.

Psystar has released a computer that comes preinstalled with Mac OS X. There's doubt over the legality of it, but I think EULAs wouldn't generally stand up in court, if properly challenged. Especially Apple's, as they distribute software for Windows PCs under the provision that you only use it on a Mac. Unfortunately, there's also doubt over whether Psystar is a legitimate company. If they give Ars Technica a review model as they promise, then that would be a good first step. Otherwise, this could just be a Medison Celebrity all over again. I like the PC cases they are using anyway. Very nice. Of course I got the idea that I could do the same thing - offer OS X on my computers - but I don't know how to support OS X when it breaks.

I put some adhesive letters spelling out my surname on the front of my workmate's PC. It looks great. It's my case badge :-)

In the second minute of the second day of the Pwn2Own competition, an attacker gained access to the Macintosh computer.

There are a number of miscomprehensions that I've noticed in various comments around the web:

1. "The hacker [sic] had physical access, what do you expect?!"

Actually, the attacker was not allowed to physically touch the computer.

2. "It doesn't demonstrate a vulnerability! It's not OS X's fault - it's the dumb user's fault for going to that web site in the first place!"

Yes, there are dumb users. I agree, OS X users are dumb users (sorry, couldn't resist that dig!). But the users don't have to be "dumb" in order to get attacked by this security flaw. Legitimate websites get attacked from time to time, with crackers managing to insert malicious javascript code into them. When users go to the compromised websites, the Javascript manages to take control over the browser process and use it for their own purposes.

A recent, hilarious example was Trend Micro. That's a legitimate website that many smart users go to, but it was still attacked with a malicious code insertion (I guess that proves that anti-virus isn't the be-all and end-all of computer security, huh?).

Safari should not put itself in the position where it can be convinced to access local files. Full-stop. Of course, Apple didn't have the slightest clue what it was doing when it programmed Safari, so there's really no surprise in the result. Safari is a buggy excuse for an internet-facing service.

3. "The Mac was attacked more visciously because the computer itself is more desirable as a prize than the other two computers; not that it is less secure. So this is a GOOD result for Apple because it shows that they have computers that people want!"

Nice way to turn an embarrasing defeat into a back-patting excercise. The winners don't just get the computer, they get $10,000. Ten thousand dollars can buy yourself a computer with more than one USB port!

It's sad to see that the winners of the competition will sign a non-disclosure agreement with Microsoft and Apple to help fix the vulnerabilities before they become well-known. It's simply a case of turd-polishing. The software won't get more secure, it will just become hardened through trial and failure.

Think about it, in terms of an analogy. It's like if an aeroplane crashed in Halifax, Nova Scotia, due to the right wing coming off during a throttle-up. Rather than make the connection between the wing and fusilage stronger, the plane manufacturers just implement a system whereby the plane refuses to throttle-up while flying over Nova Scotia. You wouldn't fly on that plane. No sane person would. But that's what the computer security situation is like right now.

#2475: Remove a feature from EFI on its Macintoshes, then write a program that puts the feature back ("Boot Camp"). Bundle the program with the new version of your operating system, to get people to upgrade.

What's next? Raising the chocolate ration?

...with VIA's Pico-ITX motherboard.

I was one of the Mac Mini's and Macbook Air's harshest critics about their low capabilities. I'm still scathing about the Air - its portability is not the sort of portability that people find useful. The Mini is not good as an entry-point Apple computer, and it's still locked down with a proprietary software stack. Despite what Apple fanbois say, it's not a "cutting-edge form factor".

And it's a giant compared to the computer I want to build, with a Pico-ITX board and a 4 gigabyte SSD. You could LITERALLY take it anywhere. The board itself is 10cm x 7.2cm. The power supply probably adds another 3-4cm on the long side.

It's not a powerful PC. It's not expandable. It's not supercheap, but it would cost less than my current computer. It's not easy to get the parts here. It doesn't even have the best Linux compatibility. But it's tiny, it's quiet, it works for basic tasks, and I've just got to get one.

It's so common to see computers advertised with "Quad-core power!", and then see that in fact the computer has the budget Core 2 Quad Q6600 processor. Remember the megahertz wars, where processor clock speeds increased because consumers thought bigger numbers were always better?

Now we're seeing the Core Wars. How much faster is a Q6600 than a Core 2 Duo E6850? If you're a scientist, the Q6600 would be faster. If you're an ordinary desktop user, even if you encode video, you'll probably find that the E6850 is faster.

Most consumers don't realise that their programs are single-threaded, and thus won't take advantage of extra processing cores. Most consumers don't know the difference between CPU and IO-bound activities - I often hear people saying "You could have a core dedicated to your virus scanner", forgetting both that virus scanning is an IO-bound activity primarily (is limited by your hard disk's speed), and that the user cannot make decisions about what core is used for what activity.

The Q6600 has four cores, each at (I believe) 2.2GHz. The E6850 has two cores at 3GHz each. Sure, if you tally them up, the Q6600 has "6.6 GHz" and the E6850 has "6 GHz", but it doesn't work that way. When I run a video editing program and tell it to use multiple threads for my multiple cores, I still find that the CPU only gets up to about 60-70%. One core is maxed out, the other core is moderately worked. If you had a quad-core machine, you'd find that two cores are maxed out, because the speed per core is lower.

Or, let's look at MP3 encoding. I think this is a single-threaded activity. If you have an E6850, you have a 3 GHz core working to full capacity. If you have a Q6600, you have a 2.2GHz core working to full capacity. MP3 encoding does not paralellise to multiple cores. What is faster? The dual-core!

Yes, I've been talking about clock speeds as the comparison, but these processors are still the same microarchitecture, where you *can* compare clock speeds as indicators of performance.

I'd like to see advertisements say "Top-of-the-range Core 2 Duo!" or even "3GHz dual-core!", but then I guess it's more difficult to sell computers based on what is actually better for the consumer, rather than what sounds more impressive. It's not like it costs anyone anything to put in a good dual core rather than an entry-level quad core, as they are the same price. Until we see better SMP-ness in operating systems and applications, I'll continue to recommend good dual cores over basic quad cores.

Today I went to a hilarious account of some people overclocking an Intel 486 using a bar freezer and some alcohol. I actually L'edOL!

If Linux is difficult for the computer illiterate to use, then Windows must be complete hell for them to use.

Two letters in the newspaper today to the resident "expert". It's probably the first week he hasn't been asked how to change an option in MS Word or Excel. But they made me laugh. Here are my answers.

Q. If my cable connection is on all the time, is my computer vulnerable to malicious interference from the Internet during the time my computer is booting up and before my firewall software is loaded?

A. How long does your computer take to boot up? It's probably about a minute, maybe 90 seconds, to boot up. Of course, not everything boots up all at once; the network card in your computer is only recognised and started after a few seconds. Once it's started, Windows loads the driver. Once Windows loads the driver, the computer sends a signal to your cable box, asking to be assigned an IP address. While it's waiting, the computer will continue booting up other parts of the operating system. Finally, once the computer has an IP address and the address of your cable router, it will become visible to the internet.

But then, your firewall software will probably load within a few seconds of the IP address coming up. Even if an attacker knew the IP address for your cable router and was waiting for you to come online, they'd have a window of approximately 10 seconds to do something to your computer. Even assuming a worst-case scenario, that such a malicious person would be waiting around for you to come online, there's next to no chance that they would be able to open a backdoor in 10 seconds.

And let's face it, nobody is going to keep pinging an address for hours on end just to find a single person to attack. Why on earth would they wait for you to come online when there are already millions of internet users who don't have any protection, or who will double-click on anything they're told to? Do you think you're really that important to an attacker? Even if they were pinging your cable box's address, they would have to work out what address you had with the router. They can only do that when you're actually online. And that's assuming that they actually knew you were online.

Besides, your cable box probably already has a firewall built-in.

So, to put it bluntly, you're being paranoid, and you urgently need deprogramming. Yes, there are plenty of nasty people who want to attack computers. Yes, Windows is a shithouse operating system in terms of security. But there's no chance of your scenario happening. Unpatched, unprotected Windows computers connected directly to the internet (no Network Address Translation) get attacked within an hour. Your computer cannot be compromised in a mere 5-10 seconds. That's just ridiculous.

Q. I have an old PC running Windows 98 which has an up-to-date anti-virus program and a free edition of the Zone Alarm firewall which no longer provides Windows 98 updates. Do you know of any free firewall program that still supports Windows 98?

A. So, we go from the ridiculously paranoid to the ridiculously computer-illiterate. Both of you need deprogramming. But you need an explanation of what a firewall is, and firstly what a firewall ISN'T.

A firewall does not "enumerate badness". It doesn't examine what comes into your computer and think "Hmm, that's nasty" or "Hmm, that's okay". It doesn't even know (or need to know) what is harmful and what isn't; therefore it doesn't need updated definitions of this stuff.

A firewall is a very simple program. Whenever data comes into your computer from a network, it comes through with a particular "port number"; the number identifies what sort of program will deal with the data. For instance, website requests happen on port 80, no matter what web browser you use.

A firewall merely looks at connection requests. Whenever a computer from the Internet wants to open a connection with your computer (NOT the other way around), the firewall will look at the port number, consult its settings, and correspondingly allow or deny the transmission based on port number alone. If allowed, the firewall will send the data through as though nothing had occurred. If denied, the firewall will "drop" the data so that your programs never recieve it, and will not send any data back in return.

By default, a good firewall will block all incoming connections.

It doesn't matter if you're a genius cracker who works for the FBI, CIA, and Russian Mafia - if you try to initiate a connection with a computer that is behind a configured firewall, you will not get anywhere. If you try to connect, the firewall will drop the connection and you will never have a way into the computer. You cannot fool it by making a malicious connection request look benign - because the firewall doesn't care; it would drop incoming connections from both Mother Teresa AND Adolf Hitler. The firewall doesn't know what's good and what's bad; it just knows what ports you have asked it to allow, and it will block all other incoming ports.

Firewall programs from 10 years ago will still work effectively today, because they still do exactly the same thing as today's programs do. They drop all connections that are on ports that you haven't allowed.

You need to be deprogrammed from the "I need to keep giving companies money so they can protect me" way of thinking. If you want a firewall that will block any incoming connections, then your current Zone Alarm will do the job just as well as anything else out there.

(by the way, the subject of firewalls touches a sensitive spot with me. Most Windows users say that you need a 2-way firewall - that can deny connections going out from your computer. Their reasoning is "If you get infected with something, a 2-way firewall can stop it from transmitting information back or becoming part of a botnet". This is quite dumb, and many of the people who advocate 2-way firewalls probably think that a firewall is an "enumerating badness" security measure.

Firstly, most malware traffic happens on ports that are used by non-suspicious, everyday services. Malware sends spam on port 25, which is the same port used by legitimate e-mails that you send. If your computer becomes infected with something that turns it into part of a botnet, then its communication with the rest of the botnet will happen on port 6667 - Internet Relay Chat. So a 2-way firewall will stop the malware from communicating on the ports that it doesn't communicate on. Get it?

And the second dumb thing is that firewalls don't enumerate badness, so a firewall would not stop malware from sending e-mails yet allow your e-mail program to send them. How does your firewall know what's malware? How would a firewall know that the 16-digit number that's passing through an e-mail is your credit card number? It doesn't.

The third dumb thing is that you're shutting the gate after the horse has bolted. If a piece of malware is running on your computer, the damage has already been done. That malware can do anything to your computer that you can, which includes disabling or reconfiguring the firewall.

The fourth dumb thing is that, whenever you install a legitimate Internet program, you need to find out what port it communicates on, and then enable that port. Some firewalls can prompt you when they come in contact with a new outgoing connection, but approximately 5 minutes after that feature is enabled, you get into the habit of clicking "Allow". And besides, Windows has so many crypically-named components, you wouldn't have any qualms about allowing something named "aries.sys" or "Plug and Play Device Manager" to communicate, despite it being known malware.

2-way firewalls? Dumb. Just use your 1-way firewall and don't do anything stupid, and you'll be fine.

I was reading the Dell Ideastorm today - you know, the one where they give the idea to "Put Ubuntu computers on display in stores" alongside the Windows ones.

And it looks like people will use any excuse to say "Ubuntu isn't ready". Including "But I can't make money off technical support for Ubuntu! The people who use Windows pay me to get rid of their viruses - what would I do if everyone switched to Linux?"

But the most incredible statement made was this:

@sanbha, This Physician works solo so he did not pay to have a developer create the custom applications for him. These are software that he purchased... A couple of them are subscription based. The main software that he uses to record patient data, billing, insurance and schedule patients is only available on Windows and MAC, no support of GNU/Linux, all his other important software are currently Windows only. The fact is the companies that create these boxed medical software have no incentive to port their applications to an Open Source OS, not when a single user box version for Windows/MAC sells for $1000 and support cost $129/hour.

This Doctor do use an Apple as his personal computer that he uses to write his books etc, but not even the MAC has grown up enough to take to work [my emphasis], unless if you work in the graphics department. (Note, I work at one of the largest financial companies in the country and there is only 1 MAC (a colored IMAC) in the graphics department, all the other machines are Windows)

Seriously. This person's view of desktop-readiness goes something like this:

Q. Is it Microsoft Windows?
A. No
Conclusion: It's not good enough for work.

But the thread on Ideastorm has given me fodder for the "Mac OS X desktop-readiness" article; look for an update soon.

I e-mailed Sony to ask about their Blu-ray burner; whether it comes with software for viewing Blu-ray discs on Linux. Their response was the official system requirements for the drive.

A couple of days later I read the e-mail again, and I realised something: The official system requirement is basically Windows XP. Sony does not support the drive on Windows Vista.

I'm enthusiastic about looking at some Full HD content on my computer's LCD screen (1024p screen, but hey), so I decided to check out Apple and Microsoft's sites. Apple's site only streams the video; a bit dumb considering you can't even stream 1080p video down a draft-N wireless connection.

I noticed something hilarious at the bottom of Microsoft's 1080p demos page:

Optimum Configuration
                                                        (to play 1080p video with 5.1 surround sound)

No mention of Windows Vista. So, Windows XP is the future of home entertainment!

While looking up the possibility of running Crysis on Wine, I came across a thread about Crysis on the PS3 using Linux and Wine.

I hope this is the definitive source for WHY it CANNOT be done.

1. People have been saying that you'd use this combination:
PS3 + Linux + Wine + Crysis. This will not work. The Playstation 3's CPU is the Cell, which uses the PowerPC instruction set. Windows and all Windows programs, and therefore Wine, rely on the host CPU using the x86 instruction set. The two are not compatible. You cannot run x86-compiled programs on a PowerPC processor, and Crysis is an x86 program.

2. You would need an instruction emulator in order to run Wine. Since Linux is the host platform, you're pretty much talking about Qemu as the instruction emulator. Qemu has "user-mode emulation+, so it's possible to run x86-compiled programs on a PowerPC processor using this. But if we're talking about PS3 + Linux + Qemu + Wine + Crysis, there's another gotcha. Nobody in the world has managed to get Wine to run on Qemu via user-mode emulation.

3. So, we'd be stuck with emulating a full x86 machine running Windows XP. Now the combination is PS3 + Linux + Qemu + Windows XP + Crysis. Emulating from one instruction set to another is very costly in terms of performance. Crysis doesn't run very well on normal PCs anyway - it won't be playable when emulated on top of an entire other operating system.

4. The Playstation 3 has only 256 megabytes of RAM. Xubuntu Linux requires 128 megs, Qemu requires about 32 megabytes for itself, Windows XP requires 128 megs, Crysis requires a gigabyte. We're out of RAM even before Windows XP has fully loaded.

5. Qemu cannot access the GPU to provide 3D acceleration to the guest OS. Crysis will not start without 3D acceleration.

6. Even if Qemu could provide 3D acceleration to a guest OS, Sony's hypervisor does not allow Linux to access the GPU.

In short, it's impossible. Not "possible but impractical". Not "theoretically possible but unplayable". Not "But wouldn't the windows emulator convert the instructions to whatever the linux os needs". Not "You might be able to get the title screen up". Not "The frame rate would be measured in seconds per frame". Simply: No. Impossible.

-----------
WARNING: Do not install the latest builds of Wine (0.9.48 and above). Right now there are too many regressions (things that previously worked, no longer work). Stick with whatever version you've got right now until things are in better shape. If you've got nothing to lose, though, file as many bug reports as possible or volunteer to be an application maintainer.

Is wireless ready for the desktop? I don't know. I remember a couple of years ago, lecturers at ECU always had to plug in their Ethernet cables in the main lecture hall despite the university having wireless APs all over the place.

I occasionally lose my connection, and I don't know what ends off bringing it back. It's the most frustrating thing. I don't know if it's Network Manager, but trying to use the ordinary Networking control panel to connect in these circumstances doesn't work either.

I got my connection back after putting the router upright on its little stand, turning on b+g mode, and changing the channel from 11 to 3. I also noticed while my father used his computer (he's finally using his new computer! Whoo hoo!) that his internet was like lightning compared to mine, despite us using the same router.

Maybe channel 11 is already in use in the local area, and packets are colliding? In any case, my internet seems a bit snappier right now, and it has finally connected and is staying connected.

--------
While my father readied his new computer, I noticed that I kept getting logged off MSN - it was reporting that I had logged in from another location. "That's strange", I thought. My father wouldn't have logged into Messenger.

I found out what it was. A bit later he was showing me what he'd done. He opened Outlook Express and it started loading in a list of my MSN contacts.

I wanted to take my MSN details off that computer so he wouldn't accidentally log me out again, but MSN Messenger (sorry, Windows Live Messenger) didn't seem to have anywhere I could see and edit the details! This is crazy! After about 10 minutes, I looked in the help file, and found the article "How to delete your Passport account details from the computer".

I ended off having to go into Control Panels, then User Account, then click my own account, then click a link in the sidebar for "Manage stored accounts" or something. This just goes to show you - familiarity is where you find it, and the reason why Windows seems so "easy to use" is because you know where all these things are. When someone from the Linux world tries to use Windows, it seems difficult to use because you don't know where anything is or how to do things in it.

I would delete Windows Live Messenger from the computer, but it's NOT INSTALLED according to the Add/Remove Applications control panel. Yes, I'm aware that you can delete it if you put a command into the MS-DOS prompt and add several keys to the registry, but this is 2008! I shouldn't have to use the command-line for anything! That's why Windows will never get more than 2% of the... oh hang on, it *does*. It's the dominant platform, but to remove software you have to type a very long command into the command-line. It looks like you're directly invoking a function in a core system library... ouch!

I've said a lot of negative things about the Macbook Air, so I'll say something positive about it.

It doesn't have a Firewire port.

When the Firewire specifications were drawn up by Sony and Apple, they got a bit too smart and tried to make Firewire able to replace most of the other ports on the computer. Heck, they tried to make Firewire able to do debugging of other computers - and that's where the problem lies.

It's no surprise that Apple didn't exactly have security at mind - it's behaviour you still expect from Apple today - but to be fair there wasn't a climate of security threats like there is these days. As a result, crackers can gain full access over a computer system by writing maliciously-crafted data to Firewire, creating a virtual device, and then using that virtual device to read and write directly to the system memory of the host computer.

Whoops. Linux combats this problem by providing two devices: /dev/dv1394 and /dev/raw1394. The dv1394 device can only recieve video, and can be accessed by any user on the system. The raw1394 device can do everything that the Firewire specification allows for (including the memory access trick) and as such as limited to root.

The difficulty is, DV capture programs generally require write access to Firewire, to remotely control the camera. /dev/dv1394 does not allow that. This is a current problem with the kernel device interface, and there are a couple of hackish workarounds. The most hackish was the one I just did - allowed read/write access to all users for /dev/raw1394! But I hadn't learnt the better ways, and I believe that Mac OS X and Windows allow all users read/write access to Firewire anyway.

So, the good thing about the Macbook Air is that it doesn't have the security flaws involved with having a Firewire port :-D

------
Oh, and in case you hadn't guessed, I bought a Samsung Mini-DV camera today! They finally came in at work, so I grabbed one.

Starting from today, Asus is opening the distribution of the EeePC to all major electrical retailers, including Retravision (which includes us). So yes, our shop can order the EeePC!

Now I know why Myer prices it at $499 - they really couldn't put it any lower in price.

With my work discount, I'm now starting to think about getting one. But I still can't justify it, especially since I don't get a heck of a lot of money off something this cheap. I'd rather get one of the Samsung video cameras that should be coming in some time this week. Then I can put all sorts of useless crap onto Youtube :-P

You've got to wonder.

First off, you have to have a TV with component or HDMI input. There are some CRT TVs which have these, but they aren't really common. There are standard def plasmas which have them, but I figure that anyone with enough cash to spare for an Apple TV isn't getting around with a cheapo SD plasma. So, basically, you'd have a high definition TV.

The Apple TV doesn't have any sort of tuner in it. It's not a PVR. It just allows you to watch iTunes purchases, and more recently Youtube videos, on your HD TV. Wirelessly (well, wires going to the TV).

iTunes purchases are 640 x 480 (not even full standard definition) and Youtube videos are 320 x 240 (VCD definition). On a TV capable of displaying 1,266 x 768 or 1,920 x 1,080. That's going to look like shit.

And if the rumours are true, you'll be able to hire "DVDs" through iTunes, which expire after 3 days or 3 watchings or something. Whoop-de-doo. Okay, so there's possibly going to be a bump up of resolution to 768 x 576 if we're talking about "DVD quality", but you'll still have to download a couple of gigabytes worth of movie and you can only see it a limited number of times.

Why does Apple bother pumping cash into the Apple TV? The thing can't have sold very well. It's not one of Apple's major products, and many IT commentators have described it as a white elephant. I don't see the point of the product, and I suspect that most people with HDTVs don't really cherish the thought of buying a device that will only output SD or sub-SD video. Instead, they are probably more likely to buy a Blu-ray player, especially if they are in America and starved for high definition content to match their TVs.

Apple should dump the Apple TV like they did the Newton, eMate, and Pippin; and reallocate the staff toward writing an operating system that is actually secure enough to be deployed on desktop and embedded devices. The Newton and eMate were ahead of their time, where the technology and marketing weren't ready yet. The Pippin and the Apple TV are just examples of dumb ideas done dumbly.

The iPhone is insecure, the iPod is unreliable, and OS X is a virus target waiting to happen. But that's not all.

If you have been running Mac OS X since 10.2.8 or before, and your password has more than 8 characters, your upgrade to Leopard will cause you to lose access to your user account. That means booting up into single-user mode.

How on earth did:

a. This bug get introduced
b. This bug not get detected at some point during development
c. Anything change in password management between the 10.2 and 10.3 series?

My alternate password has 9 characters, so if I was a Mac user I'd pretty much be buggered. I thought the "Industrial-strength Unix base" would follow Unix convention and put hashed passwords into /etc/shadow with an appropriate salt. Now that I'm thinking about it, the whole thing sounds like a 1-number-out programmer error is to blame when determining the salt to use, but I still can't imagine how any Apple developer would even touch such a time-tested authentication system; unless of course it was "enhanced" (crippled) by Apple at some point for some godforsaken reason.

We all know that Apple was going to lock down the iPhone until hackers made a mockery of its "closed platform"; well now Apple wants to lock down your entire computer so you don't have administrative access. More likely is that their shithouse modifications to the authentication system have completely buggered up the sudoers file too, converting the default administrator account to a standard account.

Sigh. And Apple wonders why only Mac zealots want to run OS X on servers.

The article where I learnt about these security-related problems also yields some very telling comments from readers:

I currently have one account on my PowerBook G4, which is an admin account. I know, I should really run as a standard user, but it's tiring having to enter a password every time I install a new app or move something in the hdd folder. So, should I create a second admin account?

No, moron! You're already logging into one too many administrator accounts. STOP LOGGING IN AS ROOT. Log in as ordinary user and accept that you have to enter your password occasionally. Security through obscurity (PPC chip) has saved you thus far, but don't push your luck; if you downloaded a virus or some sort of malicious script tonight, your computer would be completely compromised, and many late Unix veterans would be spinning in their graves.

And as for your suggestion of creating a second admin account: Well, you're doubling your chances of getting your passwords cracked. It's a really dumb idea to have two admin accounts for one user, for this purpose (and for others).

My accounts disappeared and they each had a 1 character password.  I haven't seen this mentioned anywhere so far.

Congratulations, you get my vote for non-Windows-computing dumbass of the year. What is the point of a password if it's one character? It can be cracked in less than a quarter of a second, even if it's not alphanumeric. You wouldn't have known this, but various hashing techniques can be dehashed fairly easily too if it's just hiding one character. I hope for your sake that Apple uses a salt to make the hashing stronger.

No websites will let you have a password that is less than 4 characters; didn't it occur to you to use the same password for the web as you do for the computer, and therefore have a stronger computer password?

A couple of days ago I saw that Myer was advertising the Asus EeePC, so today I went down to my old store and had a look.

Not bad, not bad. I didn't get the opportunity to use the proper KDE environment side of it; I was just using the At-Ease-style interface for it. But OOo Writer launched in 7 seconds (pretty good), and it was responsive. The reports are correct: The keyboard is incredibly difficult to type on. It's probably okay for hunt-and-peck'ers (the target market?), but a touch-typist like myself really struggled to hit the right keys.

I even had a little play on Planet Penguin Racer; the machine struggled there, the game was almost unplayable. I also noticed that Bubble Bobble and Crack Attack were installed. There is an included KDE program for looking at the webcam; the webcam's quality is very good to my untrained eye, and actually better than the webcam I bought last week.

Weight-wise, the thing is quite light with a pretty good distribution of weight. I don't imagine it will do backflips off your lap. The computer also didn't seem to be putting out a lot of heat either.

The final thing I noticed was an "Anti-virus" program on the machine! I don't know if it was using the ClamAV backend, or if it was possibly a placebo, but the About box says that it was developed by Xandros. I imagine it's there more as a placebo - otherwise people would buy the computer, be worried that there's no anti-virus on it, and then try to load Norton's onto it (and/or ring up Asus and complain). Still, there's nothing on there that suggests anti-spyware - maybe they'll still get complaints?

All in all, I'd love to own one of these things. After the short time I spent with the machine I simply couldn't get it out of my head, but unfortunately I can't justify spending $500 on it. I don't have a wireless router, I don't travel, and my main computer is always free for me to use; and I'd rather wait until the post-Christmas sales and then learn to build a faster computer for myself.

Still, if you're looking for a computer to give as a present, you can't go wrong with the EeePC!

(EDIT: Is there an open-source alternative to Xandros' EeePC program launcher interface? If not, why not?)

I was reading PC World today, and they had a feature on "environmentally-friendly" pieces of computer gear. One of the products they listed was the new iMac, because apparantly it's got 30% less packing than before, and they managed to get rid of a hundred grams of lead from the machine itself.

How on earth is the iMac "environmentally friendly"? In the future if you want a faster processor, or you want a bigger internal hard disk, you can't just open up the computer and add those things. No, you have to buy a WHOLE NEW COMPUTER. How the fuck is that good for the environment if you have to dispose of an entire computer? If you're concerned about the environment, buy a PC, so you can actually upgrade the thing and not have to get rid of a perfectly good computer just to stay up with the times.

---------

I just had a look at the Netplus Computers website (www.netplus.com.au) to look at my idea of building an ultimate Linux machine, and found that they've got the Asus EeePC listed as an item they are accepting preorders for! Interesting!

AUSTRALIANS: The Asus EEEpc is going to be launched at Myer on December 2nd. Unfortunately, the thing is going to be released at a price of $499. For comparison, I paid $560 for the desktop computer sitting next to me. For comparison, one of the big electrical chains here was selling a Compaq notebook for $550, I believe, after cashback.

It's great that Aussies will be able to get this computer, but it's not great that it's overpriced. Teaming up with Myer was a bad idea - somebody should have told Asus that Myer makes money through marking up, not through rapid sell-through (the two are mutually exclusive).

Sure, at $500 I'm sure Myer will sell a good number of them. They might even sell one to me; I don't know for certain yet. But Asus will sell fewer units per head of population here than probably anywhere else.

Science fiction writers theorise that if a computer becomes super powerful and learns enough information, it will become self-aware and start attempting to communicate with us.

Well, Storm isn't quite at that level yet :-)  But it is speaking. The latest round of Storm-sent spam attempts to inflate the price of EXTO shares by... wait for it... SPEAKING to you in an almost incomprehensible voice. Or rather, it sends you an MP3 file of this speech.

Are these files pre-made and distributed to the botnet? Or are they generated by the botnet's computers on-the-fly? I have downloaded two samples of them, which have the same content, and their MD5 sums don't match. So they aren't exactly the same file. I don't know if someone has changed the ID3 tags or something on purpose, though.

I'll end this post by saying "I don't have to worry about it" as I'm using Linux, which doesn't get this infection; and here is a rather worrying article from TrendLabs Malware Blog about the future of Storm.

Storm in Segments

October 17th, 2007 by Mayee Corpin

It is said that change is the one constant in life, and it is proving true in the case of the Storm malware. Usually, change is good, but where the said malware is involved, change may mean another thing.

The infamous Storm worm has gotten an update, with the giant botnet that it employs now broken into segments, or smaller networks. The latest Storm variants now use a 40-byte key to encrypt traffic over the peer-to-peer (P2P) protocol Overnet, as first reported by our counterparts in SecureWorks. Overnet aids singular bots to connect to other infected systems. Using encryption means that communication is only possible between botnet nodes that are using the same key.

This may be an indication that the Storm worm creators are set to go to market with Storm variants, which they could sell in malware forums to other malicious users (spammers or DoS attackers). This could translate to automated spam kits, which could in turn lead to a skyrocketing of Storm infections.

Another reason could be for the Storm authors to more easily manage their networks. The upside could be that system administrators themselves may now be able to better protect their networks against the deluge of the Storm malware, whereas before the Storm botnet was believed difficult to eliminate because of its use of P2P technology (instead of a single C&C server).

The Storm worm began its downpour in January this year, earning its name for its social engineering technique of squatting on the real-world Kyrill storm that was then ravaging Northern Europe. It first sent out spammed email messages that promised more information about the said storm. Users ended up downloading a Trojan that rendered their machines zombies, part of the Storm botnet that is now estimated at 1-50 million PCs.

Since then, the botnet has been constantly evolving, employing one new technique after another. More notably, it came as eCard spam that rode on big occasions like Fourth of July, Labor Day, and the NFL season; contained links that supposedly led to a YouTube video file; offered downloads of the otherwise legitimate application Tor Proxy or a BETA testing program; and posed as “welcome” messages for memberships to various online services. Most recently, it was seen as a worm that came via fake eCards meant for unsuspecting users with a fondness for felines.

There is still no end in sight to the twists and turns in the history of the Storm worm. But if this new development works in the Storm authors’ favor, this malware family is poised to devolve into a cyclone, with said creators bringing more damage to property and earning in the process. For now, the coast is yet unclear.

I have placed dibbs on the first wireless iPod virus: "Zuspar". As soon as a virus that takes advantage of the wireless features of the new iPod is written and discovered, it shall be called "Zuspar" as I have already reserved naming rights in advance.

If it's not given this name, I will lobby the anti-virus corporations!

Recently, I've found Macedonian phrases creeping into my language. (My boss is Macedonian). One such is "Ke ce bear!" which I gather means "How's it going, mate" or something similar.

Another is "zuspar" (not sure how to spell it). It means "someone who lives in a world of their own". Some people came into the shop yesterday to look for dishwashers that have a "rock salt dispenser", to turn "hard water" into "soft water". Apparently "all European dishwashers have it". The reason why European dishwashers have it is due to their water being "hard", and we don't need it because the water here is "soft". Why did these zuspars need it? No reply.

So that's what a zuspar is.

Now I'm here to tell you that if you buy one of the new iPods, you're a zuspar.

Sure, anyone who buys iPods more than once is a zuspar anyway; before the iPod came around I never knew that people could have such brand loyalty to a product that is unreliable and has a history of problems. But this new iPod is a worse beast; it runs Mac OS X and has a wi-fi connection that can access the Internet.

Dumb, dumb, dumb. The iPhone has already been hacked, but it's unlikely that there will be viruses for it simply because IT WON'T TAKE OFF. But this new iPod will be very popular, just because of the name. With an insecure (but complete) operating system like Mac OS X, combined with a wi-fi connection, it will be such an easy target for crackers.

Criminals will be able to write viruses and push them onto other people's iPods through wi-fi. Let's face it, Mac OS X for ARM will have enough security flaws to drive a fleet of road trains through. Once the viruses get onto the iPods, they will be able to use the Wi-fi connections to access local wireless networks and commit DoS attacks through the internet or, more frighteningly, directly into WEP or unprotected networks. A criminal could even harvest information from secured networks, where one of the network's users is an iPod owner. Outgoing firewall? Not a problem, as the virus could store the information until it is able to establish an outgoing connection through someone else's network.

I place dibbs on the naming rights for the first wireless iPod virus / worm.  I want it called "Zuspar". Named after all the people who will buy one without considering the consequences.

Here's the second in my series of slugfests: A Dellbuntu Inspiron laptop versus a Macbook Pro.

Firstly, I decided that I *MUST* pay a bit extra to get a nice colour on my Dellbuntu. Apple charges extra for black on the ordinary Macbooks - the Dellbuntu comes with black as standard, and you'd have to pay more for white. However, there's heaps of other colours to choose from. I decided to go for Ruby Red; I was surprised that, since this is a Linux laptop, that it wasn't called "Beryl Red"!

Anyway, an extra $50 US for that. Here's the specs of my Dell, in comparison to the Macbook:

• Intel Core 2 Duo T7500 (2.2GHz/800Mhz FSB/4MB cache)

• Ubuntu 7.04 (no support this time) compared to a possibly-soon-to-be-obseleted-OS-X-version

• Glossy, high contrast, widescreen 14.1 inch display (1280x800) (a little smaller than the 15 inch screen with the MBP). The glossy screen was a free upgrade, or rather a free crossgrade that was also available with the MBP.
• Intel graphics (the MBP comes with Nvidia)
• 2 gigabytes DDR2 at 667 megahertz
• 160 gig SATA hard drive at 5400rpm
• Dual-layer DVD burner
• Intel wireless card (G standard, not this soon-to-be-nightmarishly-incompatible-N-draft)
• Bluetooth 2
• 6-cell LION battery (no idea what comes with the MBP)

I didn't splurge this time. Both laptops could be configured with 4 gigabytes of RAM. The Macbook might need it, but I know Ubuntu wouldn't need it as I don't edit video. Both laptops could get a faster 160 gigabyte hard drive, but the MBP could also be configured with a slower 200 gigabyte disk. The MBP could be configured with a 2.4 gigahertz Core 2 Duo processor as well. The MBP featured Nvidia graphics and draft N wireless.

The grand total: The Dell comes in at $US 1,129. The Macbook Pro comes in at $US 2,074.  Oh, I think the Macbook Pro may come with a better battery, faster wireless (draft N! Eeek!), and faster system bus; but I know that those things won't justify the price difference. And we *are* comparing a lower-end Dellbuntu with a Macbook Pro; let's hope Dell's Ubuntu product range increases soon like they've been promising.

Just for fun, I might try outfitting an ordinary Macbook:

$1,549

That's for the white one with a 2.16GHz Core 2 Duo, 160 gig HD, 13.3 inch glossy screen, and Intel graphics. Here Apple gets a little closer, but a slower processor and a smaller screen make this one a write-off.

If you want a computer to run something that's an alternative to Windows, then you can't go past the Dellbuntus. Sure, people with more demanding requirements will still want to look at System76 or the Macbook Pros due to their potentially bigger specs, but with the Macs I have shown that you pay a large premium for the name.

System76's offering: $1,171

Pangolin Value - same as Dellbuntu except:

• 15.4 inch monitor
• Firewire

So, a bigger screen and a Firewire port, and it's about $US 50 more. Very competitive stuff. System76 is a fairly small company, no huge volume discounts on parts, and yet they can be competitive with Dell, and value-wise they absolutely piss all over Apple (a multi-billion dollar company with worldwide resources).

If you live in the US, you should seriously look at System76 as a vendor for a computer with a non-Microsoft OS. If you live in another country, either investigate your local alternatives (there often are some) or wait until the Dellbuntus arrive.

iPhone insecurity			E-mail to a friend Send us feedback TalkBack: Add your opinion del.icio.us Digg this
By Robert Vamosi Senior editor, CNET Reviews June 18, 2007

Apple excels in creative and innovative marketing. Often it's what they don't tell you that creates the most buzz. For example, we know next to nothing about the Apple iPhone.  We know little about the new Leopard release of Mac OS X. Both have generated a lot of press, and so far the hype has succeeded in distracting everyone from a very real concern: the overall security of each. When you strip away all the creative marketing, when you take away the Steve Jobs' induced hype, what you have is a new mobile phone based around an operating system that is just as vulnerable as the next one. Trouble is, Apple isn't being as forthcoming about security as other vendors.

The naked iPhone
For the moment, iPhone will be running a version of the current Mac OS 10.4; in the fall, Apple will presumably upgrade its phones to the newer Mac OS 10.5. So far, the company seems to be rolling out a series of patches, one a month for last year or so, which is good. Apple might, however, want to follow Microsoft's lead and standardize its releases to the second Tuesday of each month.

	While the point of a beta is to ferret out the bugs on a variety of different machines before it goes final, some of the flaws disclosed in Safari this week were pretty easy to find.

When flaws are patched, Apple often does not acknowledge the researchers who actually brought the vulnerability to its attention. Apple is known to be looking for more security researchers. It's not an ego thing; by working with the vendor to correct the vulnerability, researchers put in long hours, usually without compensation. A public "thank you" is more than enough. But that hasn't happened.

Shoot the messenger, why don't you?
Instead, Apple has created history of attacking security researchers. Last summer, during BlackHat USA, security researchers David Maynor and Johnny Cache disclosed a wireless vulnerability using an Apple Computer Macbook. The team found that malformed network traffic could allow the laptop to be compromised, and they provided a video of the attack.The researchers did use a third-party wireless card for their video demonstration, but said repeatedly that the Apple Airport wireless driver was also vulnerable.

Apple should stop attacking the messengers--the researchers--and change, as did Microsoft, by working with them.

After BlackHat, Apple rebuked Maynor's employer, saying "despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is." Apple orchestrated media attention toward third-party wireless device drivers, which is fine because those drivers were patched quickly. Two months after BlackHat, Apple quietly released a patch, which, if the vulnerability that was fixed had been exploited, could have compromised the Airport wireless drivers in Macbooks. Apple forgot to mention David Maynor and Johnny Cache.

Reap the seeds that have been sown?
Ironically, it was another Apple vulnerability that put David Maynor in the news again this week. He was one of three independent security researchers who disclosed vulnerabilities within the new Safari 3.0 for Windows beta. Some of the flaws exist on the Mac OS as well. While the point of a beta is to ferret out the bugs on a variety of different machines before it goes final, some of the flaws disclosed in Safari this week were pretty easy to find. In other words, Apple could have found these vulnerabilities themselves during various alpha builds.

Rather than work quietly with the vendor, Maynor and the others made their findings public. A few weeks ago, I interviewed security researcher Chris Soghoian who pointed out that disclosing an Apple vulnerability is almost a guarantee of a lawsuit. Instead, many security researchers would rather find a fault with another vendor. On the other hand, Maynor is rumored to have another Safari exploit primed and ready, one that works on both the Windows and Mac OS versions of Safari. It's ready to go once he gets his hands on an iPhone.

iPhone worries
Which brings us to the iPhone. Again, no one outside of an elite few has actually held an iPhone, yet there's legitimate concern about its security. But Jobs has said that it will be a closed operating system, meaning you cannot write mobile applications for it--directly. The carrot Jobs extended to the WWDC crowd was not a software development kit (SDK) for writing applications (which the developers I spoke to all wanted), but a way to write applets within the Safari browser.

As we have seen, security researchers were able to find fault with Safari 3.0 within days of its beta. Malware today is almost always financially motivated. The crowd that stands in line on June 29 for the 6 p.m. release of the iPhone has at least $500 to spend, more with the two-year contract to AT&T. These early adopters are going to load their iPhone with important contacts--maybe even download songs and movies that have value as well. In the end, the typical iPhone user may have a target on his back.

Below the surface
Even before the Safari announcement, the underlying Mac OS remains vulnerable, although by locking outside vendors to writing code for the iPhone, the overall security risk could be lower than expected. Eric Chen, writing on Symantec's blog site, said back in January 2007 that the iPhone was prone to two types of vulnerability exposure. One, the Mac OS is based on Unix, and Unix has a number of well-known vulnerabilities that could also affect the Mac OS. While the incentive to exploit these exists today (to give Apple a black eye, not to mention wreak havoc on the Apple community), there's much greater financial incentive in waiting to go after the mobile version of Mac OS in July. Second, Chen worries about the rise of nonstandard software on the iPhone. I think that the latter is somewhat removed now that Safari will be the legit platform for ad hoc programmers.

From an IT perspective, say you want your workforce to switch over--what security guarantees do you have? Does the iPhone include auto update or an update button, or will there be a way to push out updates across the network so your employees can remain patched? And if there's a firewall included, does the user have the ability to tweak it or opt out? These are questions that will be answered in two weeks.

Can't really predict
Criminals today are not writing code to garner "greetz" from their 3l337 crew; they're targeting attacks aimed at the most profitable parts of the Web. Apple may not enjoy the 90 percent saturation of Windows, but of that 5 percent it does hold dear, the relative income of the Apple user base may be enough to finally make Apple a big target.

And of the percentage that purchases the very first iPhone with its two-year contract to AT&T, that too is a financially attractive group for criminals to attack. Given that they wouldn't want to risk compromising the iPhone with gnarly malware infections, Apple might see the light. Apple should stop attacking the messengers--the researchers--and change, as did Microsoft, by working with them. Maybe, with the popularity of the iPhone and Leopard OS, that will happen.

----------------------------------------------------------------------

My own commentary: I've mentioned this a number of times before, but:

Safari used to automatically execute shell scripts inside Zip archives that it had downloaded. How dumbass is that. Mac OS X had such a ridiculously simple local privilege escalation (to root!) vulnerability - open the terminal, open any setuid root GUI program, then open the terminal again from the Recent Items.

If Apple cannot even catch these obvious security flaws before release, then expect to see "Norton iPhone Security Suite" or "iCillin" in a computer store near you.

My restoration of the iMac is going quite well. I reinstalled Mac OS 9 and then merged the fresh System Folder with the new one (as you can't do a complete replacement in one spot).

The Frankensystemfolder boots, and a quick test of Outlook Express suggests that it was a successful merging.

Isn't it funny how, whenever you merge a fresh system folder with a backup one and boot it - Quicktime Powerplug always gives you an error message? Also, Mac OS 9 is ancient but I'm still learning new things about it. If you are running any programs other than the Finder when you add new fonts to the Fonts folder, Mac OS gives you a warning that they won't be usable in the currently-open programs until you quit them.

This restore is going very quickly, since the raw disk images are usable. In other words, I haven't had to use the Binhexed versions of them, so there's no lengthy decompression process.

It has made me think. I know that Linux is good, I know that all OS X users reckon there was nothing good about OS 9 that should've been kept. But, in reality, it's quite easy to make a system bootable on OS 9. As long as there's a System Folder, the Mac will be able to boot it, and bits and pieces of different systems can be instantly dropped in place (and there's not too many bits). No need to worry about installing a bootloader, and it's comparatively easy to put the OS back together from parts. Compare this to Linux or OS X, where it's almost impossible to take parts of a running system and merge them with parts of a backed-up system, and you'll see why OS 9 was so easy to administer.

I've also been thinking about security. Is OS X's Unix-like system really helping the security situation, or is it possibly hindering it? After all, a well set up and maintained Windows system is probably more secure than a badly set-up Unix-like system, and I have no faith in OS X's setup.

Consider this: When Mac OS X shipped, it contained a ridiculously simple local root compromise. If you opened Terminal.app, closed it, then started a setuid GUI program (like the Network manager), and then opened Terminal.app again from the Recent Items list in the Apple menu, you would get a root shell. At first I couldn't understand how the trick worked, but I think it's got something to do with the application drawing the menu bar - if the root-running program is drawing the menu bar, then any applications spawned from the menu will also run as root.

It looks to me like Apple is basically fighting the Unix-y system to provide the features and functions that it wants. When you think about some of the other dumb security flaws that were found in other Apple programs (Safari automatically running shell scripts inside zip archives that have been downloaded), you've got to wonder whether our computing future is really safe in Apple's hands.

If anyone can get a stock Gnome, KDE, or XFCE to do the same thing as Mac OS X used to do as regards setuid GUI programs, I will issue a press release telling people to switch to Mac OS X.

I went to Mandurah today.

"How nice Chris, you finally got a holiday!"

Not quite... I was delivering 2 gas hot water systems in my car. I'm amazed at:

a. The car made it there and back
b. It used under a quarter of a tank of petrol
c. How tired I felt afterward

---------
A guy came into work today to buy a kettle. A corded kettle. He had to have this particular one. Anyway, he said he worked for Apple, and that Apple had forecast sales of 10 million iPhones in the first year. Optimistic? I told him that I was more of a Linux man, and he thought I must be really advanced. I lied - I said that I wasn't really that good with computers, but that Linux was easy for me to use. I betrayed my real knowledge when he said "Linux is apparantly very stable, that's why Apple uses it in OS X" and I corrected him with "OS X doesn't use Linux, it uses Unix; BSD.".

Interesting about the Apple iPhone bit. He had some rather dubious "facts" about Macintosh sales. A company with 5% of the pie does NOT have more marketshare than any other single computer manufacturer. Maybe in terms of total computers sold over Apple's total history, but then Apple has been around longer in the PC business than any of its current competitors.

I will quote the Cynux column from the previous Linux Format magazine (which I bought today):

The Maginot Line

Linux isn't secure. It's an open invitation for misuse. It's a neon sign in the Forest of the Forgotten that reads "Oi! Looky here! False sense of security!".

Perhaps you're incredulous: Linux is the impenetrable fortress, strong enough to deter any fiendish misanthrope...

Well, that may be the case if you stick to your distribution's own packages, installing only security upgrades. But who does that? Not Cynux. Indeed, everyone Cynux has the misfortune to know gleefully snags the latest packages from the furthest reaches of hte internet, pasting uncensored binaries all over their hard drives...

Even the clever ones, compilng their own packages from source, are not immune. Do they check every line of code, every object... for signs of malevolent intent?..."

True. Oh, very true. However, Linux users don't have the greatest sense of false security in the world.

Mac OS X users are probably the worst for this. They think that OS X is as secure as a server OS simply because it's got bits of a Unix in it. As such, they take no security precautions whatsoever.

Somebody wrote a trojan for OS X which infected some people. A security researcher obtained a copy and put it online for other security researchers to download and study. News of this trojan circulated to the general OS X public, and the link circulated too.

Next thing you know, there is a second outbreak of the virus. Some users had downloaded and double-clicked it, thinking "I'm running OS X so I'm invulnerable to this virus, but I wonder what it will do?". No Linux users would be so dumb as to do that. However, I'll admit: A Linux user once posted a link to a site which would pretty much destroy a Windows computer, and warned Windows users of what it would do and under no circumstances should they go to it.

Most Linux users said "Heck, I'm not going to go to it even though I'm probably protected". But there were enough Windows users who still clicked that link and then complained when the viruses and spyware destroyed the OS.

I've heard a lot of hype about the Mac OS X program "Quicksilver". So I took a look at the tutorial.

From what I can see, it's merely a keyboard-driven application launcher. Mac users have literally been proclaiming it as "the biggest breakthrough in UI on a computer for a long long time." (that's a direct quote).

Except, just like Spaces, it's an idea stolen from the world of Linux and Unix.

Quicksilver: Press Control-Space. Start typing the name of a program. It will recognise the name of the program once you've typed enough of it. Press Return. The program opens.

Gnome: Press Alt-F2. Start typing the name of a program. It will recognise the name of the program once you've typed enough of it. Press Return. The program opens.

Admittedly, Quicksilver does have a couple of other abilities, like opening files in specific programs. But this is hardly as groundbreaking as the Mac fanboys claim. A combination of Tilda (or Yaquake) and Alt-F2 will do everything AND MORE on KDE and Gnome that Quicksilver does on Mac OS X.

Linux users have been preaching the time-savings of the keyboard for years. Finally, others are starting to realise it.

I had a dream last night that my whole computer was compromised with a virus that I just couldn't get rid of, and that it got in through the Linux side. I treated the dream very seriously, because a while ago I once had a dream that my computer's hard disk crashed, and a few days later it DID!

So I downloaded ClamAV and KlamAV (the KDE frontend) and ran it over my home directory. An hour later, I came back and checked the log to find that IT HAD FOUND A TROJAN!

I right-clicked on the virus report and asked it to show me information from the two anti-virus vendor's websites. Nothing - they couldn't find any information. So I tried Google, and found that the "trojan" is merely a piece of annoying Javascript that does stuff to your browser window. It's actually classified as a "bad joke".

But where did it come from? It came from a program called Eversoft First Page that I had unsuccessfully installed in Wine. It's an HTML editor which comes with some sample Javascripts and things.

Tonight I must tell Clam to scan my whole Windows partition, even though that will take HOURS and HOURS! And Klam will probably crash near the end, which is what happened tonight.

For extra security, I've got my Evolution mail piping through clam.

http://reviews.cnet.com/4520-3513_7-6690672-1.html?tag=nl.e497

In this article, the senior editor of CNET Reviews claims that Windows Vista's firewall is "half-cocked" because it is set to allow all outbound connections by default.

I don't see the problem with this, honestly. You want a firewall to disallow inbound connections unless you've purposely poked holes in it ("created a rule"). That stops malware from getting onto your computer, assuming your wetware has all the security patches applied.

So, inbound blocking stops malware getting to your computer. What purpose does outbound blocking do then, other than irritate the user? Outbound firewall prompts are a serious PITA - I used someone else's computer for two hours with an outbound firewall, and I got sick of clicking the "Allow" button all the time. Microsoft are right when they say that it detracts from the end-user experience. The whole idea is akin to shutting the gate AFTER the fox has eaten your sheep.

The columnist's example of Tomtom navigation systems and iPods being accidentally shipped with viruses is also extremely poor. Such things have happened so rarely, it's like wearing a fluro rainjacket outside in summer to prevent yourself being hit by a half-blind motorist. (I like analogies today, don't I?). Of course, an outbound firewall wouldn't help there, as the virus would already be on your computer.

The columnist also says that an outbound firewall will stop malware from transmitting your personal information, making it join a botnet, or becoming a spam relay. Will it? Personal information can be transmitted through HTTP - port 80, which would always be left open by default anyway. Spam is transmitted through port 25, which will always be left open anyway as it is how legitimate e-mails get sent! Botnets I don't know too much about, but I know that some of them work through IRC - another port with legitimate uses.

You don't need an outbound firewall, you just need to stop threats getting onto your computer in the first place. Use Linux. Or an inbound firewall with up-to-date anti-virus.

My final gripe with the article is how often the author says the wrong thing: He claims that Windows Firewall "allows inbound connections unless there is a rule, which is what you want". Huh? No, it DISallows inbound connections unless there is a rule, which is how firewalls should work (yes, I'm aware that the firewall in Ubuntu is set up to allow everything by default, but nothing in the default installation accepts remote connections anyway; still, I think this should be changed).

Check out this video that was released to computer retailers by Microsoft, promoting the benefits of Windows 386 all those years ago. Marvel at how each application has 640 kilobytes of memory! Gasp with astonishment at how the actor creates pie charts!

The comment with the video says "Boring until the 7 minute mark when the production is taken over by crack-smoking monkeys". Agreed. I think I'd rather watch "I'm a PC, I'm a Mac".

SPOTTED: On the PC Authority website, the headline: "Windows Vista arrives with minimal security". No, it's not an anti-Windows article, although the headline certainly sounds that way. It's actually talking about how only one anti-virus and anti-spyware program has been released for Windows Vista, despite it being available for businesses to purchase.

Why is it that anti-virus and anti-spyware software is regarded as "security"? It's like describing antibiotics as an "innoculation"! You only use anti-virus and anti-spyware software AFTER these things actually get into your computer. A prison doesn't hire guards to find and retrieve prisoners who have escaped back into the community, it hires guards to stop prisoners from getting that far in the first place!

I distrust anti-virus corporations as much as I distrust Microsoft. Windows Vista probably won't be very secure in reality, but it doesn't have any viruses yet. McAfee has just released a product that does sweet bugger all! The sheep will still buy it though. People still post to the Ubuntu Forums, asking how to install their anti-virus software on Linux, and Sal once said that he could only get permission to install Ubuntu onto a friend's computer if he installed AVG too.

I think some people still kinda believe that a computer virus is a micro-organism that can spread to any computer regardless of operating system.

In Copland-related news, I found that the output of sudo fdisk -l is formatted COMPLETELY differently on PowerPC than it is on x86, and that HFS and HFS+ partitions are not distinguished from eachother. I modified my existing automatic fstab adder program to read the fdisk PPC output and allow for the mounting of HFS drives, now I've just got to do some real testing of it. I figured out a way to discover whether a partition is HFS or HFS+, thanks to Copland's default installation of the hfsplus package.

I also tried extracting the Xubuntu Edgy PPC SquashFS image, but on my x86 development machine I only ever got segfaults (the program crashed) the instant I tried. I'll try extracting it on the iMac using my lovely new USB hard disk, but I don't know if that's the real problem. I'll also try installing squashfs-tools temporarily on an x86 Edgy Live CD, in case version matters.

This is a long post, but I've not really updated for a while. As I mentioned, I bought a 250 gigabyte USB hard disk. I went into the store and asked if they had USB hard disks. Upon hearing the answer, I asked if they needed extra drivers to run.

The salesperson said "Are you running XP?" (I assume he was checking because Win 98 doesn't come with USB Mass Storage drivers)
"No, Linux."
"Well then, as long as you're running kernel 2.4 or above, and you reformat the drive as Fat32 or Ext3, you'll be fine"

It seems like all computer-knowlegable people know Linux :-)  Except the guy who writes the advice column in the newspaper, but he's not knowlegable about Linux, only about Windows and Outlook Express.

I also bought a VHS/DVD Recorder. It's a great machine, with so many brilliant features... but it's sadly infested with DRM. You can't copy commercial tapes to DVD if they have the "copy-protected" signal, it supports a form of DRM encoded into TV shows (I don't think the TV stations down here have it) to prevent those being recorded, and it allows the restricted use of an online DivX movie store.

Otherwise, it's a brilliant little unit, and it only cost me $369 (staff discount on top of a general markdown). Unfortunately, DRM is like Soviet Russia: It assumes you are guilty, and doesn't give you the chance to prove your innocence. I was only trying to back up an old Star Trek Voyager tape to DVD, and it wouldn't let me. Now I'll have to wait until my video digitiser is replaced under warranty before I'll be able to back up the video.

Just on that note: The encryption on HD-DVD has been cracked; well, a player key has been discovered. Somebody online said "Right, now you can all back up your HD-DVDs". But I thought the idea of a backup was that the backup would last longer than the original. I have data backups that I made onto CDs back in 2004 that are now unreadable, despite not a photon of light hitting their recording sides in the meanwhile. I haven't had a DVD writer long enough to find out how long DVD-Rs last, but my guess is that real pressed DVDs will still be working years after the +/-Rs fail.

Oh, oh, oh. I don't like Apple anymore.

I wanted to download a Mylene Farmer album from iTunes Music Store. I selected the album, made sure I had enough credit, clicked "Download"... and it told me that I needed the latest version of iTunes. iTunes 7. It's been out all of a week, and now all Music Store customers need to upgrade.

I go to the Apple site and go to download it... and it's frigging 34 megabytes! (By comparison, AmaroK is 14.5 megs). So, grumbling, I download it, and have an idea.

Windows has a feature called "Run As", where you can tell it to run a program as a particular user, or with the shoddy Windows equivilant of AppArmour. So I log in as a restricted user and tell Windows to run the iTunes installer as administrator.

Things go alright for a while, my existing iTunes 6 is erased. Then the installer tries to open up a new program. Unfortunately, Windows is too dumb to realise that a program run as administrator will want its child processes to also be run as administrator. This new program is run as the limited user, and of course the installation fails because of this. The iTunes installer ends off having to roll back its changes... except for the "deleting iTunes 6" bit.

So that's why Windows users don't use the Run As feature; because programs run with it don't work properly. Either that, or they don't realise how bad running as root is (I suspect the latter). It may also explain why new Ubuntu users always want to activate a real root account.

So I log back in as the administrator account, and install properly. During the install I find out that the installer includes a full copy of the latest version of Quicktime, which of course was not installed since I already have it.

To clarify: I had to download ANOTHER copy of Quicktime embedded in an installer! There's a lot to be said for the dependancy system on Linux.

iTunes 7 works now. It's simply crazy that the installer was over half the size of the album I wanted to download.