Several times in the past I’ve felt the need to address Microsoft’s questionable tactics with regards to Linux. Those tactics come under the banner of their “Get the Facts” campaign. In it they pay researchers to do studies that show Windows is cheaper then Linux, or is more secure then Linux, or that Windows is the better performer of the two. The main problem is that that you must take any such reports with great gobs of salt and should probably disregard them altogether. Why? Well for one thing, because we only hear about the studies that favour Windows and the ones that don’t were likely shredded immediately. Secondly because much of the paid “research” is based on criteria that is set in such a way as to favour Windows. One such example is the IDC report that claimed Windows had a cheaper TCO then Linux, but IDC (or at least one of the reports authors) later admitted that scenarios were chosen that would inevitably be more expensive to Linux.

One of the study’s authors accuses Microsoft of stacking the deck. IDC analyst Dan Kusnetzky says the company selected scenarios that would inevitably be more costly using Linux.

The other side of the coin is the money that changes hands. Either the studies are paid for and defined up front, or the study authors are paid when the study is included in the Get the Facts campaign. Since authors know that Microsoft will pay them for any studies included in GtF, and they know that Microsoft will jump at the chance to include any study that “looks reputable” and shows results that favour Windows, we get the end result that we can’t even trust research that isn’t paid for up front by Microsoft any more if it ends up in GtF.

Lastly is the studies that show that it is more expensive to convert from Windows to Linux then it is to stay with Windows. What those reports fail to mention is that more often then not, the reason there can even be a comparison, is because Microsoft have done everything in their power to make sure it is as expensive as possible for people to migrate away from their software. Proprietary formats, proprietary protocols and exclusionary tactics are the reasons that they can even make those sorts of claims with a straight face. Fortunately courts both legal and of public opinion are forcing Microsoft to reduce their exclusionary tactics or face the legal and PR results. That doesn’t stop them from trying as in the case of the EU anti-trust ruling and also their SenderID anti SPAM framework, or in fact their upcoming Open document formats, which aren’t really open. As I said, it doesn’t stop them from trying, it just means that people are more likely to be aware that their often touted claims of embracing interoperability are not worth their weight in bull s**t.

Remember, Microsoft are not running “Get the Facts” to improve Windows, presumably they are doing it to try to stop or limit Linux growth from hurting Windows sales. In other words, it’s an advertising campaign, pure and simple. Do you always believe every Ad you see on TV or in the newspapers? Interestingly even the standards bodies in advertising have had cause to dislike the “Get the Facts” campaign because of it’s obvious misrepresentation of the issues and as a result Microsoft have had to pull at least one of their Ads when a closer look at the comparison they made showed that they were comparing Windows on a cheap dual CPU server to Linux running on two very expensive IBM mainframes. Had they wanted an honest comparison, they’d have compared both Linux and Windows on a dual CPU x86 server. The fact that they didn’t probably indicates that the results were not in their favour when they tried it in private. Which leads back to my first point, that we never see those findings, we only see those that favour Windows.

So in short, “Get the facts”, should read “Get half the facts with an extreme bias favouring Microsoft products.” but then even the IT dense CIOs that “Get the Facts” targets would see that as only advertising, so “Get the Facts” works nicely for Microsoft and the CIOs reading it get to think, and tell board members and shareholders that by reading them they were “researching the issues”. The fact that most of them either aren’t true, aren’t entirely true, or are so narrow in scope as to be useless and are not indicative of anything relevant doesn’t seem to be an issue for them at all.

The inspiration for this latest “Get the Facts” tirade was this excellent article from Joe Barr on Newsforge. Well worth the read, particularly if you were considering basing a business decision on a “study” paid for by Microsoft.

The BSA (Business Software Alliance), which counts companies like Microsoft, Dell, Apple and HP as members, has been claiming that 33 billion dollars in revenue was lost due to software piracy ni 2004.

That some revenue is lost to piracy is without a doubt true, but many are somewhat doubtful about method by which the BSA reached this figure. In short, according to the Economist (subscription required) the BSA worked out it’s piracy figure by using surveys to determine how many programs the average user has in each area, they then compared that total to the amount of software actually sold in that area and used the difference to reach the $33 billion figure. There are so many problems with that reasoning, that you start to wonder if perhaps the BSA is just a collection of marketers, lobbyists and lawyers working furiously together to further the goals of their member companies. For starters, take me for example, I have OpenOffice.org, Firefox, NVU and Thunderbird on all of my machines. All of those are free Open Source programs, and yet they would count as “piracy” using the above calculation. When you consider that over 65 million people have downloaded Firefox alone, that, it makes you wonder how the BSA could tout such a figure and do so with a serious face. They also apparently jump to the conclusion that the people really guilty of pirating software would rush out and buy it were they unable to use their illegally gotten software. I find that assumption dubious to say the least. So I guess the moral of this is that we can all help the BSA tout bigger software losses if we all adopt and encourage Open Source software.

The second chapter in this woeful story relates to the current software patent issue dividing the EU. The BSA released figures that once again have been twisted to serve the interests of it’s members, nearly all of whom are huge companies. Their claim was that software patents benefit small and medium sized companies (SMEs) as much as large enterprise. Rather then go into all of the detail here, I will instead direct you to Ingrid Marson’s article at ZDnet where the saga has been explained more clearly and in more detail then I could hope to achieve myself. One comment I would make is that the BSA is behind much of the current lobbying in the EU in favour of software patents and their figures have been quoted by at least one MEP over there as reasons why software patents should be legally approved. That the figures are hopelessly inflated in the BSA’s favour is apparently not worth considering.

Every day thousands and thousands of computer users fall victim to the multitude of online security threats. Viruses, SPAM, Trojan horses, Spyware, Phishing, and just plain old fraud are rife. We all know it, many of us make it our business to minimise the risks, but for many others it is all just too hard or too confusing. This breeds both paranoia and victims.

The victims of online security attacks pay a high price. Their personal information is stolen and used in the worst of ways, loans are advanced in their names, their credit cards are charged with fraudulent transactions, and entire savings (or even entire mortgage offset accounts) are transferred out for the credit of criminals. While some of these victims are able to recoup their losses through claims, their ‘victim-ship’ is transferred to the credit card merchants and banks who ultimately foot the bill when a claim is paid.

Meanwhile, the paranoia builds amongst the rest of us. Our trust takes a battering, and we start losing faith in E-Commerce. If we let it get to us we reduce (or altogether cease) our online purchases, and this time the merchants suffer from a decrease in sales volumes. We know where it goes from there: they lose, we lose.

Responding in some way to the limited consumer understanding of online security, the Australian High Tech Crime Centre and the Australian Bankers’ Association have developed a Fact Sheet entitled Protecting Your Information Online [PDF]. This is a “Complete Idiot’s Guide” to the subject (but without lame jokes), with content including:

1. Avoid being caught by fraudulent e-mails;
2. Tips for protecting your computer [a good prelude to our tips]; and
3. Using Internet Banking [safely!].

What makes this publication especially valuable is that the advice in it is for everyone, not just confident computer users or people working in IT, but for our parents, wider family, and friends: the potential victims of a future security threat. While it is an Australian publication, the advice is well and truly global. This is the kind of document that should be sitting in the E-mail Inboxes belonging to our family and friends (along with the jokes you forward), and I can only think of one way you could get it to everyone in your address book. 😉

Meanwhile, the Australian Institute of Criminology High Tech Crime Brief reports that Identity Crime and Phishing are on the up and up (and up!). Perhaps we could all do our bit to try to reverse this trend by spreading the news?

According to Gartner, the continous flow of phishing attacks together with other well publicised security scandels has undermined the public’s faith in the security of E-Commerce. These results are based on a survey of 5000 US consumers and it seems that it will impact E-commerce growth by between one and three percent. Other points of note in the report are that 80% of those surveyed have less faith in E-mail from unknown parties and that 85% of those folks delete them without opening them.

Also see:
Informationweek
TheRegister
InternetNews

There are several things that can be done to try and stem the tide and shore up public trust. For one thing, commercial security packages could take a page from Open Source products like ClamAV which, when used on a mail server, will block known Phishing attacks (which are generally just text/HTML E-mails containing links) as well as the normal Viruses. Improvements in security need to be shouted from the roof tops and banks in particular, need to do more to advise their clients on the risks of online banking and what they can to reduce their exposure. For all the talk about big online companies having their data stolen, most of the problems actually appear to stem from actual uses falling victim to Phishing attacks, or Trojan/keyloggers/Spyware.

For the smaller developers in E-commerce fields, not storing sensitive customer data on publically accessable servers goes a long way to lessesing the potential exposure.

As an Adsense member, I spend a good deal of time and effort working out what the best methods are to get this site to pay for as many of its expenses as possible. To that end I have played endlessly with the position of the Google Ads to reach a balance between revenue and annoyance. The idea that the site should pay for itself (and one day perhaps for us also) isn’t such an unreachable goal I believe, but I will not turn it into a walking billboard as that would turn the people we most want to visit us away from the site in disgust.

Anyway, while moving things around and watching the Adsense earnings to see how the changes effect the click through rate on Ads, I noticed a somewhat annoying problem that probably affects a good many sites using content aware advertising.
Since we cover not just web development issues, but also security and some general IT issues, sometimes small stories on these subjects can almost completely kill the Ad revenue from the site. For instance both Don and myself recently covered the Mastercard card theft story here, and the result is that now our Ads are mostly for cheap credit card offers. Since most people get enough of such offers in their daily SPAM, I can only assume that they’ve had enough and this is why our revenue for the past couple of days has fallen into the toilet. Most of our traffic comes from Google search and Google news. Since both of those services are remarkably good at sending people to the right places, our visitors are generally interested in our subject matter. The problem is that that subject matter doesn’t really include cheap credit card offers. So our two tiny articles on the Mastercard issue (and probably this article as well) result in most of a weeks worth of advertising our users are not interested in at all.

There are two solutions to the problem. One is to not write about such things, which is something I’d prefer not to do as it is important for web developers to be aware of potential security issues. The other solution is for the Ad company (Google in this case) to create an ignore list that site owners can use to ensure that certain words are not considered “content” by the algorithm that decides what Ads are best suited for our sites. Google does give us the ability to block certain URLs from our Ads, but to stop the credit card Ads would seemingly require that I add about 200 or more different URLs to the block list. If they offered an “Ignore” list, I could simply add “Credit Card” and “Mastercard” to the list and that would be the end of our problems, this time at least. Companies offering these services seem much more interested in helping the people and companies purchasing the advertising rather then the publishers that end up displaying the Ads on site. Until that changes, all we can do is grit out teeth and wait for the “less desired” Ads to be replaced by something hopefully more profitable and related to our subject matter.

Failing the ignore list, I’d alternatively like to see something like the recent rel=”nofollow” attribute that content publishers can put around terms that they’d prefer the Ad services ignored when parsing a site. That would be easier for the Ad companies to instigate, and simple for content publishers to adopt.

The SCO group that has spent much of it’s time and money recently in a fight to extort billions of dollars from IBM for alleged intellectual property infringements with regards to Linux, has filled their latest server release (OpenServer 6) with all manner of Open Source/GPL products. Products like Apache (the worlds most popular web server software currently running on nearly 70% of the worlds web sites.), Samba ( software needed for Unix servers to talk to Windows servers and clients), MySQL, (very popular Open Source database), OpenSSL/OpenSSH (tools for encrypting communication between systems), not to mention Open Source applications like Firefox and OpenOffice and the KDE Window manager/desktop platform. It is interesting that the company that claimed in court and the press that the GPL (the license covering the vast majority of Open Source software) was unconstitutional and void or voidable has released a product in which most of the useful tasks such a product can do on a modern network are provided by the very Open Source software for which they have shown such disdain.

Since all of the same tools and more are available totally for free with an enterprise Operating System based on Linux like CENTOS, or for those that prefer a paid, supported product by Redhat, it makes you wonder who would buy an SCO product with the same features which would serve no real purpose other then to open yourself to potential future litigation from SCO, (Ask DaimlerChrysler and Autozone for example).

MSN and Hotmail web mail systems will soon flag E-mail that doesn’t conform to Microsoft’s patented SenderID process as potential SPAM. There are several problems with their announcement, not the least of which is that Microsoft’s SenderID is not usable by Open Source MTA (Mail Transfer Agents, or Mail server software) which handle most of the Internet’s E-mail. It’s unusable because Microsoft made their license incompatible with Open Source software, intentionally it seems. This is the same tactic Microsoft are employing with their EU anti-competitive remedies. They are forced to make interoperability information available, and they did so, but in a way that makes their biggest competitor unable to use it.

Basically, if you own a Hotmail or MSN email account, after Microsoft starts flagging non SenderID email as potential SPAM, you can no longer guarantee that you will actually see all the E-mail you are sent, whether it’s SPAM or not. The reason for that is because SenderID is not universally used, in fact it’s not even on the majority of the E-mail systems (try slightly over 1% of mail servers).

This appears to be yet another case of Microsoft’s Extend, Embrace and Extinguish philophosy. They joined the coalition that was looking for an answer to the SPAM problem, they came up with their own solution that rides on the backbone of another technology (SPF) that was provided free to all for the good of all. Then they patented their version in a manner that blocked a significant portion of the worlds biggest MTA’s from adopting it and that ended up disbanding the coalition with nothing useful decided upon as a result. Now Microsoft are trying to use their vast number of Hotmail and MSN users to force ISP’s and other mail server providers to adopt their technology. The ironic thing is that when they find themselves in court for anti-competitive behaviour, they honestly don’t seem to understand why they are getting targeted all the time, and while all this goes on, their PR people are busy telling the gullible how wonderfully interoperable all their products are.

My advice? get a free Gmail or Yahoo email account, they both offer more space and features then the free MSN/Hotmail anyway and you actually stand a good chance of seeing all your E-mail. See CNET for the full scoop.

Update: Apparently I’m not the only one to view Microsoft’s move with disdain. Speaking of alternatives, TheInquirer has done a small review of AOL’s new free webmail service and given it surprisingly good marks. Apparently they offer 2GIG just like Gmail, but also offer IMAP as a connection option, meaning you can use any IMAP capable E-mail client (like Thunderbird) to access your mail. They did say that AOL’s offering doesn’t have the same search ability as Gmail, but if you are using Thunderbird as your client, then you have Thunderbirds search facilities at your fingertips which is very powerful with tools like Virtual search folders (a folder that doesn’t really exist but contains all the results of a particular search term (or multiple terms). IMAP is a huge improvement over POP3 because the mail stays on the server. With POP3, when you download your mail from one location, it is no longer available to download from another. IMAP looks and works the same as POP3 from a users perspective, except that you can access all your mail from any location and until you delete it, all your old mail is accessable to all of them. I’ve bene a big convert of IMAP’s features for some time now.