Utah Open Source Planet

After reading all the details about the “new” DNS exploit I feel quite annoyed. These types of attacks have always been possible. This isn’t new. Cache Poisoning has always been on every DNS server administrator’s check list of things to carefully plan to prevent. I compare it to Firewalls: Every firewall administrator knows that best practice is to block everything by default and only make exceptions for what should be allowed.

This idea has been around for well over a decade. Maintaining a discrete list of what is allowed which can be completely enumerated with a great level of confidence and block the rest. Badness cannot be enumerated completely. Blacklists will always be missing important aspects. Expecting that all people are good and don’t do bad things will always turn bad.

Patches released for DNS services that are vulnerable do not fix the root cause. It can’t be fixed because it is part of the original specification and migrating away from it will be equally as painful as the migration to IPv6 is. These patches only implement other kinds of mitigation for the exploit. The best form of mitigation comes in the form of implementing standard best practices that have been around for many years.

DNS servers should carefully control who is allowed to ask questions about non-authoritative zones (recursion). DNS servers at ISPs should limit recursion to customers only. Corporations should run internal recursive DNS servers with access restricted to internal users only. This will severely isolate any damage caused by cache poisoning.

I am not saying nobody needs to patch their servers. In fact the patches should be applied quickly because it does help quite a bit. I am just saying that if you have already implemented best practices you shouldn’t have to worry very badly. And if you haven’t implemented them, do it now!

After reading through CrackBerry’s Top 10 Reasons Why the iPhone is NO BlackBerry I thought I should compare it to my situation.

I really like my AT&T BlackBerry 8820 a whole lot. I really hate Windows Mobile devices, and dislike the Treo line. But I still want an iPhone really badly. This article makes it sound like BlackBerrys are better. I disagree.

10. The iPhone’s Not Designed for One-Handed Operation

Duh, I call this a feature, not a problem. Even when I am not driving, I still hate typing with one hand. I could care less.

9. Every iPhone is Created Equally–At Least on the Outside

Again, so what. The one model of iPhone is the model I would want.

8. No Removable Battery, No Backup Power Supply for the iPhone

Based on my BlackBerry usage, the removable battery is completely unnecessary. I generally only charge it once every 2 - 3 days. I have never replaced a battery on a cell phone ever. I usually replace the phone before the battery dies. Even if the iPhone’s battery doesn’t last 3 days, charging it once a day is not a problem.

7. The iPhone Has No Native Video Recording Capabilities

And neither does my BlackBerry! I have an 8820, no camera at all. I mean WTF?! I have to step down to the Curve which is a rickety P.O.S. to get a camera? No way.

6. The iPhone Is Too Darn Expensive

Considering I didn’t pay for my BlackBerry (my company did), this doesn’t apply to me again. Plus the difference between an 8820 and an iPhone is worth the benefits.

5. The iPhone Doesn’t Support VoWi-Fi–Even Though It Could and Should

And neither does my AT&T BlackBerry! Not that I really care though since I am on my company plan with huge voice and data discounts.

4. iPhone User? No GPS for You

Ok, this point isn’t completely negligible. I did run TeleNav on my BB for a while. It is incredibly cool, and does some very awesome things with GPS. But in truth I never really used it. GPS for Google Maps was plenty for my usage.

I’d miss the GPS in Google Maps on an iPhone but not seriously enough to not buy one.

3. Want an iPhone? Hope You’re Ready to Switch Wireless Carriers…

Wrong again! I’m already on AT&T. I’m already suffering with Edge (no 3G on AT&T BlackBerrys).

2. No Physical Keyboard? No Thanks.

I am pretty good with the BB keyboard. I will concede that using a virtual keyboard will suck for quite a while. But I will get over it. I am flexible and adjust quickly. The increased screen size is worth the short period of adjustment.

1. The iPhone Third-Party Apps Debacle

The only apps I would miss, that either don’t already exist, or don’t have a webapp replacement, is my Google Talk or an IRC client. There are ways around both via Webapps, though not quite so pretty. Oh well. not a big deal.

In summary, BlackBerry has GPS, better 3rd party app support (for now), and a physical keyboard. iPhone has a *camera*, huge screen, total hawtness, awesome mobile web browser, media player that doesn’t totally suck. I can certainly say I’m going to get an iPhone as soon as I can.

A recent New York Times article very clearly and rationally explained my stance on marriage. As long as the government recognizes and assigns rights/privileges to those with a marriage licenses, it is an infringement of the civil rights of those denied licenses.

Those opposed to granting marriage licenses to others based on the choice of partner often spew forth ideas based on religion. I have no desire to legislate religion, but the marriage license is not only a religious idea, it is deeply intertwined with government processes, rights, and privileges, making it a civil right.

I can think of two possible solutions to this violation of rights. Remove the marriage license as a government document and tool to determine ones rights. Or the easier alternative to remove the immoral, discriminatory restrictions for getting said marriage license. Religions can continue to decide which marriages they accept or not.

I decided to give Fedora another try after a very long time of using and loving FreeBSD, Ubuntu, and Debian. I thought to myself that it’s continued popularity has to be a testament to it’s greatness. Perhaps it has improved over time.

I was initially turned off RPM based distributions long ago by the pain of dealing with dependencies, tracking down RPMs, and bloated default installs. I had given them up long since RedHat 8.0. Since then I have given half-assed efforts to look at them a couple of times. Once with FC3, and again with OpenSuse 10.1. Both times was immediately turned off by bloated installs and/or having to hack in apt and external repositories.

This time is going to be different. I am going to keep an open mind. Here are my thoughts as I progressed.

• I just downloaded the DVD image of Fedora Core 6 since my test machine has a DVD drive. I really like single CD installation sources, but maybe I won’t mind a single DVD.
  
• Why have the installation verify the medium by default. It is extremely rare to get even this far if your medium is somehow damaged. Lame defaults, not lame functionality.
  
• The installation program (anaconda) is extremely solid and professional looking. RedHat has always had good install programs. IMHO, the installation program isn’t that important, so whoop-de-do.
  
• The installation has a wonderful partition editor, it allows you to set up complex raids, and/or LVM. Wow! Best one I have ever seen.
  
• Install seems much quicker than I remeber. I always thought RPM based distros took forever. Perhaps it is because this system is so much faster than my previous test machines.
  
• Couldn’t boot Fedora. The installer didn’t give me the option to install the boot loader in the MBR of sdb so I picked sdb1. The FreeBSD boot manager couldn’t start it. Oh well, I just ran the rescue from the install disc, and installed grub manually into the MBR of sdb. All better boots fine. Not a problem with Fedora really, just a complicated setup on my end.
  
• Booted, finished the first boot install step. Holy cow. It properly detected my monitor’s native resolution. Sweet! I have a widescreen LCD with a native resolution of 1680×1050.
  
  
• Launched Firefox, clicked on the Fedora FAQ link. I learned that Fedora doesn’t install any non-free software. That is wonderful. Even Ubuntu installs a tainted kernel by default. I am so proud.
  
• I had a look at the xorg.conf and saw the smallest xorg configuration evar. There was no font, monitor, resolution, or mouse configuration info. xorg detected and made everything work perfectly. Is this a feature of xorg 7.1.1, or is this Fedora specific?
  
  
• Further exploration of the gui reveals all the standard Gnome-y goodness I come to love and expect from my distro.
  
• The "Add/Remove Programs" is slightly different from Ubuntu, but works just about as well.
  
• There is a lot of stuff installed by default, but not to the extreme like it used to.
  
• sudo is not setup by default. I really liked the way Ubuntu locks root, and uses sudo for everything. I had to assign myself to group wheel and enable sudo for the group manually.
  
• I wanted to install a few other basics I expect to have available. Some are already installed (rsync, mutt, sudo). Some are easily installed using yum (nmap). Some are nowhere to be found (tcpflow, tcptraceroute, etc). This is horrible. After some more reading and poking around I find that there are third parties that publish these packages. WTF! tcpflow and tcptraceroute should be in the Core repository, or at least in Extras. This is a total F$#! up. Why can’t the Fedora community come together and merge the Dag/Dries repository with the Extras repository. They can leave out the non-free stuff, but at least get the obvious stuff.
  
• On a side note, I think it is very funny that http://ftp.freshrpms.net/ is "Powered by" Debian. ROFL.
  

In summary, Fedora is no longer a distro to be detested. It’s dedication to Free Software; addition and focus on yum; use of new technology like xorg 7.1; and more conservative default install has made it usable, and almost recommendable. However, it’s repository is extremely lacking, and it needs more thought into default options for some things.

Tags: Fedora

Slashdot linked to an article from Forbes that speculated the GPLv3 could "tear it apart". It, referring to the Linux industry. The summary on Slashdot sounded interesting, and RMS is always interesting.

Very early in the article I was upset by a huge lie.

But while Torvalds has been enshrined as the Linux movement’s creator, a lesser-known programmer–infamously more obstinate and far more eccentric than Torvalds–wields a startling amount of control as this revolution’s resident enforcer. Richard M. Stallman is a 53-year-old anticorporate crusader who has argued for 20 years that most software should be free of charge. He and a band of anarchist acolytes long have waged war on the commercial software industry, dubbing tech giants "evil" and "enemies of freedom" because they rake in sales and enforce patents and copyrights–when he argues they should be giving it all away.

This is a complete lie. The FSF has nothing against selling software. The term "Free" they refer to is not about price, but about Freedom. Any journalist with an ounce of responsibility would easily find references to the talk about _Free as in Freedom, not Free as in Beer_. There is even a complete article written by RMS all about selling software.

This immediate lie angered me already. I could handle reading a biased, commercial, anti-Linux article without getting angry. However, once they outright lied about something so obvious, I became very quick to anger. The rest of the article is so obviously biased, I won’t even bother detailing them. I instead will focus on the inaccuracies, or the twisting of hard facts.

Stallman hopes to use that licensing power to slap the new restraints on the big tech vendors he so reviles. At worst it could split the Linux movement in two–one set of suppliers and customers deploying an older Linux version under the easier rules and a second world using a newer version governed by the new restrictions. That would threaten billions of dollars in Linux investment by customers and vendors alike.

The licensing power referred to here is deserved as he and his group actually wrote most of what makes up the "Linux" system. Linux is actually just the kernel of the OS. Lots of other people make the mistake of calling the OS Linux, when it should be GNU/Linux, so I’ll give them a little slack here.

This licensing power is also the same power wielded by "big tech vendors" to do much more heinous things. Examples include: preventing you from playing your **purchased** songs on any player you wish; Restricting your ability to use, modify, and share software that you own; Preventing you from expanding technology.

The only vendors the GPLv3 might threaten are those that are using Free Software to actively do very non-Free things, like Patent lawsuits, DRM, etc. These vendors are not the majority in the industry. It doesn’t threaten customers (end-users) at all.

A cantankerous and finger-wagging freewheeler, Stallman won’t comment on any of this because he was upset by a previous story written by this writer. But his brazen gambit already is roiling the hacker world. His putsch "has the potential to inflict massive collateral damage upon our entire ecosystem and jeopardize the very utility and survival of open source," says a paper published in September by key Linux developers, who "implore" Stallman to back down. "This is not an exaggeration," says James Bottomley, the paper’s chief author. "There is significant danger to going down this path." (Stallman’s camp claims Bottomley’s paper contains "inaccurate information.")

No comment … upset at this writer … I wonder why. Could it be that you tell lies, skew the truth, and bias every word? The only damage it will do is to possibly make vendors, like Tivo, to maintain old versions of GPLv2 software themselves. Is this a big deal? What has Tivo done for our community anyway? This paper sounds just like something Microsoft wrote about Open Source not too long ago. Our ecosystem may change a bit, but if it is good, it will persevere.

Even the Linux program’s progenitor and namesake, Linus Torvalds, rejects Stallman’s new push to force tech companies to design their software his way and to abandon patent rights. Torvalds vows to stick with the old license terms, thereby threatening the split that tech vendors so fear. The new license terms Stallman proposes "are trying to move back into a more ‘radical’ and ‘activist’ direction," Torvalds says via e-mail. "I think it’s great when people have ideals–but ideals (like religion) are a hell of a lot better when they are private. I’m more pragmatic."

Yes, Linus disagrees with RMS. However there is no split to fear. Any developer can choose which version of the GPL to use.

Even the Linux program’s progenitor and namesake, Linus Torvalds, rejects Stallman’s new push to force tech companies to design their software his way and to abandon patent rights. Torvalds vows to stick with the old license terms, thereby threatening the split that tech vendors so fear. The new license terms Stallman proposes "are trying to move back into a more ‘radical’ and ‘activist’ direction," Torvalds says via e-mail. "I think it’s great when people have ideals–but ideals (like religion) are a hell of a lot better when they are private. I’m more pragmatic."

But then, Richard Stallman rarely is pragmatic–and in some ways he is downright bizarre. He is corpulent and slovenly, with long, scraggly hair, strands of which he has been known to pluck out and toss into a bowl of soup he is eating. His own Web site (www.stallman.org) says Stallman engages in what he calls "rhinophytophilia"–"nasal sex" (also his term) with flowers; he brags of offending a bunch of techies from Texas Instruments by plunging his schnoz into a bouquet at dinner and inviting them to do the same.

Come on. This has nothing to do with the article. If his strangeness would have any effect on the community, it would have happened many years ago. This is total crap.

And though he styles himself as a crusader for tech "freedom," Stallman labors mightily to control how others think, speak and act, arguing, in Orwellian doublespeak, that his rules are necessary for people to be "free." He won’t speak to reporters unless they agree to call the operating system "GNU/Linux," not Linux. He urges his adherents to avoid such terms as "intellectual property" and touts "four freedoms" he has sworn to defend, numbering them 0, 1, 2 and 3. In June Stallman attempted to barge into the residence of the French prime minister to protest a copyright bill, then unrolled a petition in a Paris street while his adoring fans snapped photos.

Another lie. RMS never said his rules (GPL) are necessary for people to be free. His GPL is just another Free Software license developers can use if they want. His organization publishes a list of other Free Software license alternatives.

As programmers wrote hundreds of building blocks to add to Linux, Stallman’s Free Software Foundation persuaded them to hand over their copyrights to the group and let it handle licensing of their code. Stallman wrote the central license for Linux: the GNU General Public License or GPL. For his part, Linux creator Torvalds never signed his creation over to the group–but he did adopt the GNU license, granting Stallman further sway.

What programmers? If the author is referring to the programmers of GNU, they did most of their work long before Linux. Therefore Linux was added to GNU, not vice-versa. If the author was referring to any Open Source programmer, he never asked nor required any of them to hand over their copyrights. Stallman has no control over programmers who choose the GPL. However he will help defend them, when they need it.

In recent years Stallman and the FSF have been cracking down on big Linux users, enforcing terms of the existing license (GPLv2, for version 2) and demanding that the big tech outfits crack open their proprietary code whenever they inserted lines from Linux. Cisco and TiVo have been targets; Cisco caved in to Stallman’s demands rather than endure months of abuse from his noisy worldwide cult of online jihadists. Nvidia, which makes graphics cards for Linux computers but won’t release enough of the code behind them to satisfy Stallmanites, also came under attack. "It’s an enemy of the free software community, so we call them ‘inVideous,’" says Peter Brown, executive director of the Free Software Foundation.

This is true, but the description of jihadists should be placed on Cisco and TiVo. It was Cisco that was trying to steal the GPL code and use it for their own purposes. This is breaking the terms of the license, hence breaking the law. Cisco caved in because they were caught breaking the law and didn’t want to piss off the Free Software community, especially since we make up a huge portion of their customers.

One big potential victim of the Stallman stunt is Red Hat, the leading Linux distributor, with 61% market share. Red Hat bundles together hundreds of programs contributed by thousands of outside coders. If Linus Torvalds sticks with his old kernel under the older and less restrictive version-2 license, and Stallmanites ship version-3 code, what is Red Hat to do? The two licenses appear to be incompatible. There’s also the problem of forfeiting patent enforcement rights if Red Hat ships v3 code. Red Hat could stay with an entirely "v2" Linux system, taking on the burden of developing its own versions of whatever programs move to v3. But it’s not clear that Red Hat has the staffing to do that.

More crap. First, RedHat has not commented on anything regarding GPLv3. Second, GPLv2 and GPLv3 are compatible. In fact, GPLv3 is more compatible with other licenses than GPLv2 was. RedHat would only be forfeiting patent enforcement rights on code RedHat wrote and released unter GPLv3. RedHat is more than capable of releasing their own code under the GPLv2 and ship it with other programs licensed under GPLv3. Shipping programs together does not mean they must be licensed the same.

"Red Hat gets a lot of code from people who don’t work for Red Hat. They would have to replace all that and do the work in-house," says Larry W. McVoy, chief executive of software developer Bitmover and a longtime Torvalds collaborator. Even then, however, Stallman and his loyalists may carry on developing their own v3 versions. This "forking" of multiple incompatible versions could lead to "Balkanization" and derail Linux, the Torvalds camp warns.

Red Hat and other Linux promoters also may find themselves in an awkward spot with customers. "IT managers want to buy stuff that puts them at as little risk as possible. If there was a risk that Stallman could become such a loose cannon, that’s something most IT managers would have wanted to know before they bet their companies on Linux," McVoy says.

The only reason why RedHat may want to "fork" GPLv3 licensed programs, is if they want to modify these programs in such a way that would be disallowed by the GPLv3, or sell to a client that wants to do this. It is important to ignore this author’s assumption that the whole operating system must be licensed the same way. Just because Bash might be licensed GPLv3, doesn’t mean that Apache is licensed that way. You would only need to fork Bash if you want to modify Bash to add in DRM, or to enforce patents you have in your modifications to Bash. Obviously this is highly unnecessary.

It is quite interesting that the author would talk to McVoy about this. McVoy has even less credibility on this issue than just about anyone else. His company BitMover sells a proprietary product called BitKeeper. Yes, McVoy collaborated with Torvalds. In fact, Torvalds was using BitKeeper for his Linux development. Torvalds later found out that using proprietary software could bite him in the butt when he had to switch to something else.

Both McVoy and Torvalds should know more than anyone that the risk in using proprietary software is much greater than that of using Free Software. The absolute worse case scenario you can have with Free Software is having to maintain updates to it yourself. Worst case in proprietary software could mean finding another software package, but possible loss of data. No intelligent IT manager would consider the issue of the GPLv3 to be more of a risk than that of proprietary software.

Bottom Line is that neither Richard Stallman’s crusading, nor the GPLv3 will tear the GNU/Linux community apart. It may cause a few minor problems for patent enforcers, and DRM developers that are leeching off the GNU/Linux community. These vendors won’t hurt that much either, they can just maintain their own old versions, or switch to any of the BSD-licensed alternatives.

A few years ago I had a sleepless night in which I also felt an Out-of-Body Experience. At the time I thought it might be Astral projection. I did propose that it could be in my head. While I was really thinking it could have a psychological cause, it is just as possible to be physiological.

Now today, I read an article in the New York Times that actually confirms my theory that Astral-projection, Out-of-Body Experience, etc. really is in your head.

via mindjuju in #uphpu on chat.freenode.net

While I generally detest re-publishing crap everyone has seen already, this video is different. It is a critical piece of education for any male (or person assuming to be male). Never, ever, talk in the restroom.