domingo, 26 de julio de 2009

Are we too naive by believing that GNU/Linux is more secure by design?


I've been wondering for the last couple of days about the proposition that I use where I state that GNU/Linux is far more secure than Windows among other things because it's designed to be so (a real muti-user OS by design, real Networked OS by design, etc) plus other customs that we *NIX users have like not using the root account to play Frozen Bubble and so on.

Now, there are people that say that it's just that GNU/Linux is less attractive to malware software because there are so few of us GNU/Linux users. I have always thought that this is crap but anyway....

Now, think about the things that FLOSS developers get to do:
- Crack encrypted DVDs
- Allow for communication between Microsoft Windows hosts (with a twisted SMB protocol) and *NIX hosts before Microsoft (reluctantly... but with a lot of PR spin, as usual) released the documentation about it
- Synchronize with iTunes
- Running GNU/Linux on basically any piece of equipment worthy of running it (with or without support by the vendor).. and some others that aren't worthy but....
- Brake every DRM mechanism ever built

And the list goes on and on. No matter what the developers wanted to restrict, there has always being a way to crack it.

Now... if FLOSS developers are able to do basically just everything they set themselves to do, wouldn't it be possible that malware developers will get get to do the same with the security barriers set on a GNU/Linux (or *NIX for that matter) no matter how hard we try to restrain them?

I just wonder

sábado, 25 de julio de 2009

Random musings on GPL and Microsoft

This has been a very remarkable week.

We had Microsoft releasing some 20,000 LOC of Linux drivers so that Linux can run faster on their Hyper-V solution. A lot of MS PR saying how they love interoperability and how cool they are. I will be the first to say that I was in shock (and I bet I wasn't the only one). After all, we are talking about a license that their managers explicitly hate so why release code under that license then? I just couldn't help seeing a little hypocrisy involved.... to say the least. It's always cool to say that they had to eat their own words anyway so I didn't take it as a bad thing, after all, as Linus says, we are all developing scratching our own itches.

But a couple of days later things got even more interesting when we hear that there was an issue with some GPL code that they were using in their solution that was improperly linked and so they had to release the code... BUT it was not a GPL violation (or so they say). Now, wait a minute... if there was a situation that had to be called upon (which people involved say they wanted it to be handled quietly) and ended up with them releasing the 20 KLOC, then how can that not be a GPL violation? If there was no violation then there was no situation to be called upon (which people involved wouldn't have had to say that they would have wanted it to be handled quietly) in the first place, was there? I don't know, but something smells fishy here.

Now, let's make something clear. Microsoft representatives have stated in the past that GPL is viral and that it attaches itself in their IP. Look, pal... GPL doesn't attach itself. It's not a living thing. It's attached by developers when they choose to use it. Their own in-house developers do it (as Cisco via Linksys and others have had to learn the hard way... now perhaps Microsoft joined that Hall of Shame). After all, nobody is forcing anyone to use GPL code in their solutions. Well, at least I haven't heard of anyone complaining of having RMS threating them with using GPLed code in their solutions or.... So if you don't like the GPL, then don't use code released under its terms. Stop wining about how bad the GPL is, do your homework and write your own code instead. I know.... there's excellent GPL code out there and it's gonna take time to reproduce it but... if you choose to use it, then abide by its rules. That's all their creators asked for when they released the code under its terms after all, right?

domingo, 5 de julio de 2009

Miguel: You, the man! - Open letter to Miguel de Icaza

Dear Miguel:

During the last couple of weeks there has been a tremendous amount of information pouring about Mono, the free (speechwise) implementation of .NET started by you, Novell's vice-president of Development Platform, and how it should/would be handled by distros. We even had RMS himself come into the fray and tell us his take on it (which he had been mum about till now).

Mono is a development framework that (more or less) implements .NET (yes, that framework from Microsoft). The thing is that while some parts of .NET are open standards approved by ECMA and released under RAND terms, there has to be a solid word from Microsoft about what these RAND terms would be for Mono. The biggest fear of it is having a patent related claim later on when Mono-dependent applications become more "established" and harder to be replaced.

We have seen that when you are asked on it, you point at ECMA and when they are asked they do an HTTP redirect to Microsoft instead.. and they are just as mum as RMS was (conveniently so for them, I think.. they must be laughing their asses off by seen how we debate on the topic with them moving not a single finger).

So, coming back to the point, what we need, Miguel, is a statement from Microsoft, and I mean from someone that has gained a little confidence from the FLOSS community like Sam Ramji or Lawrence Crumpton who have at least shown their faces and stared at the beast (us) straight into the eye and not some random PR representative, telling us how the thing with Mono is.

Now you are the guy with the contacts at Microsoft, you are in charge of Mono, so just like in "The Ladykillers" (do I love that movie!) when the quarterback grabs Lump by the helmet's grill and tells him: "Hey, butt-head! You, the man!", now it's my time to tell you: You, the man! Get us out of this FUD feast (from both sides of the debate) and make them say something we can eat.

Glad to be of service