Category Archives: General

Security Report: Windows vs Linux

Posted on by
1

Over at the Register they have published a security report comparing Windows and Linux [PDF]. The results are as expected, but the report does a good job of debunking the FUD that Microsoft is spreading about the security of their excuse for an operating system.

Those system administrators out there still running Microsoft based servers for anything need to read this and then install something that actually might be able to do the job in a secure fashion. Windows will never be secure until it is completely redesigned and rewritten to be so. The design of Windows is simply flawed in such a way that it can never be secure. Above all though, remember that no software, including operating system software, is 100% secure. Keep watching for updates and make sure you install them (Linux, or perhaps even better FreeBSD system, will significantly reduce the amount of work you have in this area though!).

For desktop users the problem is a little more complex as the only really viable alternative for general use is Mac OS X, but it requires special, and often expensive hardware. The problem is that Windows requires more attention than any other OS I’ve used, but most of the people using WinXP do not have the required skills to maintain it securely – myself included much of the time. Keeping up with all the flaws is a full time job, and I don’t want a second job!

Fake iPod Generation 5

Posted on by
1

Fake iPod Generation 5An article at Gizmodo talks about the fake iPod shown to the right. They provide a link to the full size ‘ad’ image too which includes a spec. While this is clearly a joke, I would have changed a few things to make this more realistic:

  • Drop the Dragonball CPU in favour of a high speed ARM or XScale CPU, perhaps with Jazelle Java acceleration technology built in.
  • With such large hard drive, there’s no need to have so much flash, but at least 256MB of RAM would be handy. Perhaps even more.
  • For wireless support, include 802.11n Wi-Fi or even WiMax for always-on wireless access (at least in metro areas, where one or both of these technologies might be used to light up a whole city).
  • Add USB host support to get the photos off my camera and on to that HD while I’m travelling. Better still support for doing this over a wireless link, but that requires my camera supporting Wi-Fi or Bluetooth – and the one I have now doesn’t have either option 🙁

They are spot on with the OS though. There is no reason at all, at least not once you move to a real CPU, to have a port of the BSD/Mach based Mac OS X on a handheld device like this. I run the Familiar distribution of Linux on my iPaq which has a much lower spec than even today’s PDAs and it works just fine. NetBSD proves that BSD can be ported to many platforms (they claim more than Linux, though that must be getting close now). Why not have Mac OS X on a handheld?

[If folks over at Apple are reading and like the idea, perhaps I could do the port for you – I have been porting operating systems to embedded platforms for much of my career!]

Register suffers DDOS attack

Posted on by
Reply

One of my favourite tech-news sources, The Register, was hit by a DDOS attack yesterday. I noticed that the site was inaccessible in the early hours of the morning here in California.

It is sad that there are people out there who think that it is smart to take down somebody else’s site. It’s a shame that those people cannot spend their time contributing their own content to the world instead of just destroying other people’s. And why attack a news site like the Register?

Of course, it would also help if the thousands of zombie Windoze boxes that enable people to run these attacks so easily were not on the internet. I think it is about time that Windoze boxes were banned from connection to the internet until MS completely re-writes the whole OS in a secure way (assuming that they know how to do that). Either that, or bill them for each one of these attacks that originates from machines running their crappy excuse for an OS.

And, while we’re on that subject, I have a better plan for controlling spam too. Rather than Bill’s plan that would have us all pay him to send email, I propose something that would charge MS for every spam email sent via a zombie Windoze box. That should be enough of an incentive for MS to actually plug the holes in the OS.

TV-B-Gone

Posted on by
Reply

An article at Wired News describes a remote control that sends out a stream of ‘off’ commands for television sets, one manufacturer’s code after another, with just a single press of the button. The device, called TV-B-Gone [the site was down for exceeding its daily bandwidth allowance at the time of writing], is a key fob sized device that will turn off most TVs with a single click. This could be a fun thing to carry around, especially in places where there are banks of TVs churning out promotional content loops all day 🙂

‘Phishing’ Attacks

Posted on by
Reply

In addition to an increasing number of Nigerian/419 scam emails arriving in my mailboxes, I have noticed that there are a lot more phishing emails.

According to the folks over at the Anti-Phishing Working Group, these attacks are on the rise. In July 2004 they had almost 2000 attacks reported, almost a third of which were against Citibank. My experience would go much further than that since almost all the phishing emails I see are Citibank ones, including the one I received tonight that prompted this posting.

I have a proposal for dealing with these in a more pro-active way… I think that one way to make these attacks less useful to the criminals behind them would be to flood them with false information. That would make finding the real card details in their data much, much harder. Since most are simple CGI or PHP scripts processing HTTP post forms, it is a simple matter to extract the names of the form fields that they are interested in (username, password, account number, PIN etc) and create a script that generates random responses for usernames pulled from a dictionary of common names. More sophisticated solutions might also verify that the credit card number being submitted is actually a valid number (i.e. it passes the Luhn algorithm validation), or perhaps provide username variations (e.g. adding a numeric suffix to the username).

Finally, an old article at BankersOnline.com talking about a phishing attack that took place on January 25, 2004, seems to go way over the top. The introductory paragraph states that “terrorists leveraging resources in Korea, and posing as United States government representatives, attacked our country in an attempt to undermine the security of our banking systems.” It goes on to say that the “reaction should be immediate neutralization of the threat.”

Update [October 21, 2004]:The BBC is running a story about the sophistication of phishing attacks now, and also some possible techniques that they might employ in the future. Seems that phishing is in the news these days. Let’s hope that the message gets out to as many potential victims as possible.

Gyro’s 3D Fear Factory

Posted on by
Reply

Saturday night we checked out the Gyro’s 3D Fear Factory Haunted House event at the end of Pier 17 in San Francisco. Tickets are a rather high $17.95 per person, cash only. That gets you two mazes. For the first one you wear those odd 3D glasses (the polarising kind, not the dual colour ones). That has the effect of making lots of the decorations jump off the walls and floor – this was well done. The second maze does not have the 3D effects which made it less impressive.

While walking around both mazes, costumed actors jump out at you, hammer on the walls above your head, or drop upside-down from the roof. This seemed to be moderately effective for some, and had no effect on others. If you’re not easily scared by these things, take somebody who is so you can enjoy watching them jump if nothing else! There did not seem to be many other special effects (I was expecting some animatronic spiders, for example, rather than just static models).

If you want my recommendation, I’d suggest passing on this one for the price. If it was under somewhere in the $5 to $10 range it might be worth it, but at almost twice the price of a movie I’d say it was definitely over priced.

Racoons Again

Posted on by
1

Racoons Late last night (around 3am), there were noises coming from the tree outside my bedroom window. Wondering what it was, I got up and went out on the balcony to see shapes moving in the tree. Getting a torch (US:flashlight), I managed to catch sight of three racoons in the tree. They were pulling the cones off, eating whatever part they liked, and then throwing the remainder down onto the concrete path three floors below.

The shot on the left is not stunningly high quality (OK, it is stunningly low quality), but it was the best I could do on short notice and with limited tools (basically my little Canon S100 and a torch for some additional lighting). The racoons were not bothered by the light I was shining at them constantly, or by the flash I used on the camera. They were even less disturbed by me being there, and apart from a few inquisitive looks when I first turned on the light, they just carried on with the task at hand. In fact, I got the feeling one of them was taking advantage of the additional light I was providing to look for new cones.

Software Patents

Posted on by
1

It has been a busy week for the patent lawyers out there who are trying to extort money for what they claim is an invention, but is in reality only another arrangement of binary bits in the memory of a computer.

Top of the list, at least in terms of headline grabbing appeal, was the Eastman Kodak vs Sun case over Java. Kodak, the company known for photographic products, attacking one of the premier server companies, Sun, over a freely available object-oriented programming environment, Java? Yes. Seems that Kodak gained three patents when it acquired Wang Laboratories a while back, numbers 5,206,951, 5,226,161 and 5,421,012. These relate to certain aspects of object-oriented programming, and a jury in Rochester, NY decided that Java infringed them. Kodak was planning to ask for over $1B in damages. You can read more about this in an article at Groklaw.

In a surprising turn though, Sun has settled with Kodak out of court for $92M (less than a tenth of the damages Kodak was asking for). So, what some were hoping would become the test case that got software patents off the books again, seems to have escaped quietly.

In other patent news, Acacia, a company of lawyers that buys patents with the sole intention of “enforcing” them to make money, has acquired a patent from LodgeNet it believes it can use to extort money from wireless hotspot owners. An article at Wi-Fi Networking News has more information on this one. This is one of two patents in the area of browser redirection, the other being held by a company called Nomadix. Many believe that both of these are essentially worthless though as there were other browser redirection systems up and running before either one was filed with the patent office. One such claim comes from Jim Thompson, former CTO and VP of engineering at Wayport, who claims that Wayport had their portal up and running before the LodgeNet patent was filed. He also goes further in claiming that the idea is ‘obvious to one “skilled in the art”‘ – i.e. something that does not belong in a patent in the first place.

It is not all bad news though. Much less widely publicised was pubpat.org‘s success in getting all claims in the Microsoft FAT patent rejected in a re-examination. So, if you know of a patent that is clearly bogus, especially one for which there is well documented prior art, send all the information you have to the folks at pubpat.org and perhaps they can get it overturned. Even better would be to get the whole concept of software patents (and their close relatives the process patents) back off the books, but I don’t think that is likely to happen without a high profile test case, like the Kodak vs Sun one could have been.

Get Firefox?

Posted on by
1

Get Firefox!Finally I decided the time was right to switch from Mozilla 1.7 to the new Firefox browser. As a browser it is impressive, but I do still miss having the integrated email client (the main reason I reverted back to the mainstream Mozilla version last time I tried Firefox. I now have Thunderbird as my email client, which again is great but separate.

Part of my reason for trying Firefox again now though was to see if it has the same memory leak problems that seem to be present in the Mozilla 1.x series of browsers. So far it does seem to be better, but only time will tell. If you’d like to try the latest version, whether you run Windoze, MacOS, Linux, Solaris or even AIX (and I’m sure more will follow), click on the button above.

Cell Phone with Built-in Hard Disc

Posted on by
Reply

The folks over at Tech Digest report that Samsung has debuted a cell phone, the SPH-V5400, with a built-in 1.5 GB hard drive. As well as an integrated 1 megapixel digital camera, it also includes an MP3 player and an FM transmitter. Yes, transmitter! It can transmit those MP3 files over FM to a nearby receiver, such as the one in your car. This is a feature that other MP3 players could do with.

So, why buy a standalone MP3 player? Well, I can still see a couple of good reasons:

  1. It is still a very small hard drive; the iPod mini is 4GB and the new Creative MuVo2 is 5GB (it will also be shared with the camera, so it is going to fill up fast too if you use both features a lot)
  2. I don’t want to have to convince the aircrew on my next flight that the cell phone is off while I listen to MP3 tracks from it (even assuming it has a mode where the phone portion is off)

Engadget has pictures of the new phone for those interested.