Aronzak’s Rantings

Yahoo has gone and made a fool of themselves. They are now “sorry” for offering lap dancers at their open hack day event in Taiwan. This comes after they are facing bad publicity and falling income.

http://www.dailytech.com/article.aspx?newsid=16570

http://kara.allthingsd.com/20091019/yahoo-sorry-about-lap-dancers-at-hack-day-in-taiwan-so-whats-the-excuse-for-last-years-go-go-girls/

But how sorry? Sorry enough to provide a related search:

Well done Yahoo. Oh, and if you don’t know what a lap dance is, consult the experts at Yahoo answers. The best answers provided are “you should ask you parents” and “One of the great joys in life!”.

The stupidest idea Microsoft’s had for a while.

I’ll confess, i used to like installing new versions of Linux. I used to find it exciting, starting up into a new system, with a new look. Unfortunately, the excitement tends to wear off when you realise that there is no perfect system. In reality, The biggest difference between many versions of Linux is the desktop background. Oh, except and sometimes you strike a jackpot with an OS that has things that don’t work.

SJVN says that the best 5 features of Fedora 11 are :

- Fast boot

- Ext4

- New Xorg

- Synaptics drivers

- DNSSEC

Interestingly, he misses out the new virtualisation feature, which is also interesting. It is nice that the boot time has been worked on, and there are some pretty features like smooth wallpaper switching. But then there are heaps of annoyances. The graphics are mostly nice, but the default gnome layout with two whopping great white bars that trap your desktop in some kind of cage is terrible.

It’s nice that Ext4 is used, which can give some performance speedups, but this means that there must be a boot partition with an ext3 filesystem. This is where the pain really sets in. Fedora insists on marking the partition as bootable and placing it as a primary partition. It’s annoying when the partitioner in the installer, already very hard to use, disregards what you tell it to do and does something else. This really doesn’t make me feel confident about potentially destructive changes.

Next, the installer wants to install a bootloader, but only recognises Wondows 7 and itself. This is unacceptable for a 2009 Linux release. It’s easy for me to go and guess the grub setup needed, but having to do it is a pain for me. And yes, these days it is possible that someone might want to multiboot more than just Fedora. If anyone is stuck, here’s the part from the grub loader:

title        Fedora 11 Guess
root        (hd0,3)
kernel        /vmlinuz-2.6.29.4-167.fc11.i686.PAE ro root=/dev/sda11
initrd        /initrd-2.6.29.4-167.fc11.i686.PAE.img

This is a support disaster waiting to happen.

After that major issue, there’s a string of minor problems to contend with. Firstly, opening the file manager shows nautilus’s basic display. Great. This is really ugly and should never be used. The browser view is much better, letting you use bookmarks and tabs.

I’m amazed that nobody thought of this. In a distribution shipping the latest version of gnome, very basic usability considerations have been left out.

The next annoying thing is that a root password is needed to mount other hard drive partitions. Really, this should be done automatically. SO fstab will need to be edited. What next, needing to manually mount your own CDs?

Next annoyance is that unlike in Ubuntu, there isn’t an easy way to set up samba sharing.

The next annoyance is that for some reason firefox runs slowly. It’s scrolling is terrible until you turn off smooth scrolling. Another poorly chosen setting.

There’s a range of others, like something called ‘makewhatis’ and ‘updatedb’ running in the background and chewing up resources.

Fedora 11 has some nice ideas, but a major issue in installation and other major annoyances keep me from using it. Hopefully the good ideas will feed into Ubuntu 9.10’s development.

There’s an article from IBM about Android development. It has the following graph:

There’s a small piece of Linus in every phone. ” Hi, I’m Linux. I mean Linus. Damn, I always get that mixed up.”

Having a VM install of Windows 7, I thought it would be a good idea to install “Windows Live Essentials” mail, which is essentially a new name for Outlook. Dumb idea, as setting this up to use “Windows Live Mail” (which, in fact is different to”Windows Live Essentials Mail”) is more difficult in thunderbird (and I’d need to use a VM all the time, because the installer fails miserable in wine).

The naming issue is only slightly confusing. Searching for “Windows Live imap setup” and whatnot will give you a list of irrelevant results talking about how to set up what is actually outlook to use a boring email server. The link you probably want is this one. 50MiB download wasted, I came across this:http://help.outlook.com/en-us/140/cc188672.aspx

Update: This was written for version 1.7, but the same process works with version 2.

Version 2 of Bibletime has been changed to run on Qt4, giving it a KDE 4 feel.it has a variety of nice features. Some of the new features are:

• Bookshelf Manager installer has been redesigned. It’s much easier to use and it doesn’t block the rest of the user interface.
• The main Bookshelf panel has been rewritten. It’s possible to group the works by Category and/or Language. Rarely used works can be hidden.
• Bookmarks have been moved to another tab. It’s possible to move and copy folders.
• Bible and Commentary windows have dropdown lists for book, chapter and verse.
• Search dialog has an option for AND and OR searches.

The features that I like the most are things like being able to drag bible references from one panel into another.

If you want to compile from source, you need a lot of dependencies. I was joking to myself, perhaps the devil is trying to keep you in dep hell? Here’s most of what you need (Ubuntu 9.04):

sudo apt-get install libboost-dev qmake libclucene0ldbllibclucene-dev qt4-qmake cmake kdelibs5-dev libsword-dev

That will save you a lot of grief and googling bizarre error messages.

And I think you need to change build/CMakeCache.txt if you get an error saying that the compiler is not found.

//CXX compiler.
CMAKE_CXX_COMPILER:FILEPATH=/usr/bin/g++-4.3

There seems to be an issue with panels in the latest version locking up sometimes. I’ll look into this some more.

A story on slashdot today links to the orbituary of Richard J. Petnel. One of the major ways in which he was known is for his involvement in maintaining an Ad Block Plus filter. I’m writing this because I’m extremely disapointed. The obituary states

In lieu of flowers, memorial contributions may be sent to Community Hospice of Albany, 445 New Karner Rd., Albany, NY 12205.

And in the right hand side of the page is an ad.

This is shameful. I didn’t know Richard Petnel, but I feel still feel this is wrong.

A recent article, How to write a Linux virus in 5 easy steps outlines a vulnerability in KDE and gnome desktops. The article is well written and makes some good points about how no operating system is “inherently secure”. Essentially, the .desktop format bypasses the binary execution bit, which would otherwise stop a script that someone downloads from executing malicious code without explicitly allowing it to. Unfortunately, the article suffers from a few simple problems:

1. .desktop

Let’s try this out for size. First, I’m going to create a blank file called hotpictures.jpg.desktop, and email it to myself. The first thing any user would notice is the unusually poor grammar, and unusual request. (Most people these days are fairly good at managing to use Google to look up things for themselves, though some Linux help forums beg to differ.) Here’s how opening the attachment appears in Gmail and Thunderbird.

To download this file, I would have to ignore the .desktop filename 3 times. Same with Thunderbird:

Even if there is a long name, there is plenty of space to display the filename in the dialog boxes. The end of the filename will still show in the bottom of Thunderbird. Also, while the article states that a user would often download files to the desktop, Google’s online office software and PDF-HTML conversion system means that users are increasingly viewing documents as in the browser first, rather than downloading files straight away. If this fails, most users would be extremely cautious.

Next, if a user downloads the file to their home directory, and not the desktop, they will see the .desktop file for what it is again.

Finally, even if there is a bogus “document” icon or some such, people will expect a preview of the image, as with the portrait of Obama. Users would have to be very stupid to download a file with a format that they have never heard of, which doesn’t have a preview of the image that it is pretending to be.

2. root permissions

The article says that root permissions don’t matter as much as people may think. This is true. Superuser privileges are’nt needed to change some software like adding a keylogger to a single browser. this could be dangerous, but it is fairly trivial to pick up and remove. I’m not aware of a porgram like this being able to hide itself with only user level access, so a root shell can easily monitor the running process, and, if a user is on the ball, note that it is a rogue process. The possibility that graphical password managers, like kdesu and gksu can be subverted is unlikely, with a smart user picking this up very quickly. Observe:

Again, a smart user will not fall for this one. Also, having only user level access makes it much easier to recover by booting to level 2 and then sorting out the results. Simply creating a new user and copying the old data will ‘disable’ the code.

While an interesting theory, this couldn’t really be used to spread malware. The article does point out that groups like governments are adopting Linux, which could mean that there are a lot of users that are unfamiliar with Linux that are on each other’s email contacts lists. Other than that, this couldn’t work in real life as emailing Windows and Mac users with a Linux virus is just stupid. There’s no way for a virus to be able to know which platform email contacts are running (and not just which OS, but if Linux users are running a particular distribution, desktop etc…). In this way, multiple platforms, as well as the myriad of possible choices in Linux are a help. Just as it makes it hard to write an application that will work on all Linux distributions, it is hard to write malware that will.

What does scare me, and should you, is the alarming ease with which someone with physical access to almost any machine caget full access to it. Using grub, someone can press ‘c’ and add “init=/bin/bash” to the kernel parameters, and immediately get full root access, and the ability to change all of the passwords (or worse). Grub passwords can prevent this, but booting off other media (eg USB) will also give full root access straight away. The only real solution to this seems to be full system encryption, which is a pain.

There is a fair point that is made by the article that the security of Linux isn’t absolute. This doesn’t negate, however, any of the real security benefits the OS has. Many open source naysayers will say that this is evidence that the model of development doesn’t work when it comes to security, but it is evidence that it does. An article like this can be released, people can make note, and if there are any serious issues, the code can be changed, whereas in the proprietary development world the issues are suppressed with gags and NDAs, and outstanding issues can go unresolved.

By the way, Linux computers can still spread Windows viruses, through network sharing and other means. If you run antivirus software on Windows, it is a good idea to run antivirus software in Linux also.