Not that this is likely to surprise anybody, but Fairfax has a report from security expert Bruce Schneier that details that Windows is still the favourite OS of malicious parties everywhere and that DCOM and RPC appear to be the favoured attack vectors used when writing malicious code. Not to mention flaws in web browsers like Internet Explorer. The prediction of future attacks being “blended” in that they target specific software flaws with exploit code and can therefore spread without human interaction is nothing new either since it’s happened several times already. So apparently we can expect more of the same except for the likelihood that such code is going to be able to target several different exploits in the same Virus/Worm package. Interestingly he also predicts that peer to peer networks will be used more in the future as a distribution mechanism for malicious code and that more of them will use search engines to target specific hosts in an effort to hide their presence better.

SecurityFocus has an article that is well worth the read for anybody interested in security and privacy. Specifically how does one balance the need for privacy with the requirement of security? When your library asks for your fingerprints before letting you use their systems, or local councils ask for the same thing, you find yourself wondering just who can get hold of the information about you that is stored away in multiple databases. As the article points out, the Patriot act may make your information available to people you’d perhaps prefer didn’t have access, and there isn’t much you can do about it either. Well worth the read.

In yet another cell phone caper, a phone belonging to Jimmy Buffet is reported to have been found and used to call former President Bill Clinton, according to the Smoking Gun Website. The memory card from the cell phone is still missing.

If you have a cell phone with any sensitive information you should immediately enable a user password that locks the phone against outside use. In addition, consider using coded names or nicknames for your aquaintences so that any Tom, Dick or Marvin could be dialing your friends and selling your contacts. With the advent of pda type of phones, even more sensitive information is often saved in them including financial information.

Mike Industries got a new Casio camera … and now I want one too. His Casio EX 2750 boasts basically zero shutter delay ( a big advantage over my Sony), 220 photos with a $69 memory card, and 7.2 mega-pixels. The video sample and photo sample he shows on his site are awesome. It is time for all of us to go digital.

There has been numerous accounts of how MSN has had to tone down the China MSN portal to eliminate such evil words as “democracy” and “freedom” and “human rights” in order to keep the powers that be over there happy, and as much as I’d like to jump on the bandwagon and condemn Microsoft for it, I can’t bring myself to do it. The reason I can’t is pretty simple, MSN are not the first, and they won’t be the last. China is a massive potential market for all of these big companies, and China is rigidly communist controlled. The Chinese government has a long standing tactic of controlling (or trying to control) everything their people see, hear and read. The Internet is a much less “many and varied thing” in China. Sites over there that run counter to the government’s views have seemingly disappeared and external sites are often blocked from access by the people. So Microsoft wants into China for the potential profits, but they have to play nice with the government in order to do it, so they did. Google and Altavista have been blocked by China in the past for linking to forbidden sites, and search engines that have a presence in China have had to tow the official line. The fact that Microsoft blocked a few words is hardly surprising in light of their history and apparent desires. They are a public company, they are in it for the money, and there is big money in China.

To get an idea of how much effort China puts into making sure their people don’t see anything untoward, opennetinitiative has an interesting technical summary of the systems in place and how they work. Protesting that sites should make no allowances for the Chinese government is not going to achieve anything useful. Some information for the people is better then none at all and hopefully one day the lack of information freedom in the country will be abolished. But criticizing any company that has to make allowances to be heard in that country serves no purpose at all. Having said that, sites that propagandize the party line are another matter entirely.

Microsoft has decided to strategically take on open-source software as a true competitor according to this article at News.com. Open Source software has long been taking business from such expensive competitors and in the long run that is a good thing for the consumer and businesses.

LAMP is the combination of four things used in combination from the open-source arena:
L is for Linux,
A is for Apache Web Server,
M is for MySql, and
P is for PHP, Perl or Python.

Used in combination, or as a stack in the parlance of the web engineers, they offer a formidible set of capabilities, with much lower risk of virus propogation and much less bloat generating great speed advantages.

Microsoft’s response, according to that article, is to argue that its products are cheaper when you look to the total cost of ownership: maintenance, upgrades, support, etc. In reality, however, I think just the opposite will be true for many organizations and individuals. Further, Microsoft is going to be offering some express or lite versions of software in an effort to cut the up front costs. Don’t fall for it, it is just a hook to eventually force you to buy the more expensive versions down the road. Competition is a good thing when done fairly. So go Microsoft, compete, but compete by doing a better job.

Sun Microsystems has released Open Solaris in an attempt to take some of the collaborative community that surrounds Linux and also to try to sway companies that are considering Linux to instead give Solaris a try. There are a few problems with their approach however, and they look like they will seriously dent Sun’s ability to command a following anything like the one Linux has.

For one thing, Sun is free in the money sense, not in the freedom sense. Basically if you write code that improves Solaris in some way, you must then give Sun equal copyright to the code so they can essentially do whatever they want with it. (This is unlike GPL Linux where the copyright stays totally in the hands of the developer.) You must not use that code in any GPL products also. In short, Sun’s version of what Open Source means, is very different from what the general Open Source community believes it means. Sun thinks the free in free software means “no cost”, where as the OSS community tends to view free as in “freedom to improve/use/distribute changes etc”. The CCDL license that Sun has adopted is not in any way compatible with the GPL governing the vast majority of the Open Source software available. It is that lack of “freedom” that is going to cost them the large community they obviously wish to create around OpenSolaris. The problem stems from Sun’s desire to control the development of Solaris with an iron first. It’s really just a one way exchange, Sun wants a community to contribute changes and improvements for free and to give Sun almost total control over that new code, and in exchange the developers only get to use it for free. It just won’t work like the GPL because Sun has kept total control over the project. Anyone can take the Linux kernel, modify it to their own design and release it for distribution as they see fit. The same cannot be said of OpenSolaris. Sun has apparently done this to avoid “forking” or incompatible versions of Solaris floating around, but it hasn’t been much of a problem with Linux so why are they so concerned? Why help Sun build a better Solaris when you don’t get anything back from it? That is the question many developers appear to be asking in light of all the announcements.

(more…)