Practical Technology

for practical people.

December 15, 2009
by sjvn01
0 comments

Another Day, Another Adobe Security Hole

Poor Adobe, they’re just not doing well with security lately. No sooner do they patch a bunch of serious Adobe Flash Player security bugs, than another zero-day exploit is unveiled. This time Adobe Reader and Acrobat are the targets, and regardless of whether you’re running Linux, Mac OS X, or Windows, you’re vulnerable.

What makes this even worse is that, like Flash, almost everyone uses Adobe Reader to read PDF (Portable Document Format) files. So, in short, almost everyone could be tripped up by this security hole.

Symantec staffer, Joji Hamada, uncovered this newest Adobe bug just in time for the holidays. Hamanda reported that “We received a tip from a source that there is a possible Adobe Reader and Acrobat 0-day vulnerability in the wild. We have indeed confirmed the existence of a 0-day vulnerability in these products.”

More >

December 14, 2009
by sjvn01
0 comments

SFLC hammers GPL violators

Almost everyone uses Linux thanks to its growing popularity in consumer electronics in everything from TVs to DVR (digital video recorders) to DVD recorders to you name it. Some companies, however, think that they can use Linux and open-source software for their products without releasing the source code or, in some cases, paying the creators. Wrong. The SFLC (Software Freedom Law Center) is lowering the boom on more than a dozen companies including Best Buy, Samsung, Westinghouse, and JVC, which have violated the GPL (Gnu General Public License).

Bad news guys, you can’t get away with it. These companies, according to the SFLC, have ripped off BusyBox’s GPLv2 software tool collection. The SFLC announced that they were suing these companies because they had ripped off BusyBox, a popular collection of Linux/Unix utilities which is known as the “Swiss Army Knife” for embedded Linux. To be exact, these companies have been accused of using BusyBox illegally in such devices as “Best Buy’s Insignia Blu Ray DVD Player, Samsung HDTVs, Westinghouse’s 52-inch LCD Television, and more than a dozen other products that the defendants have continued to sell without the permission of the software’s copyright holders.” Specifically, the companies behind these, and almost 20 other products, aren’t living up to the terms of the GPLv2, which states that anyone can view, modify, and use the program for free on the condition that they distribute the source code to customers.

More >

December 14, 2009
by sjvn01
0 comments

Scareware gets Scarier

There I was doing some research on a story, well actually looking for the latest Dr. Who episode, when I was presented with a message that my computer might be infected by a virus and it was being scanned. Yeah. Right. This was on one of my Linux desktops and it’s no more likely to get a virus than my Pittsburgh Steelers are to win the Super owl this season.

What was actually happening was that I’d stumbled over a site trying to scam me into buying, at best, bogus anti-virus software, and, at worse, infect me with malware and steal my credit-card information. I’m not the only one. The U.S. Government’s Internet Crime Complaint Center just reported that this kind of scareware is getting to be a lot more common. Indeed, the “FBI is aware of an estimated loss to victims in excess of $150 million.”

I strongly suspect far more money has been lost than that. These fake virus warnings are very hard to get rid of once they appear on a Windows PC. If you try any of the usual ways to close a program or window nothing is likely to happen. Your only sure way of escaping from one is to re-boot your computer. What a pain!

More >

December 13, 2009
by sjvn01
0 comments

Opposition mounts to Oracle’s MySQL acquisition

The EC (European Commission), the European Union’s top competition authority, isn’t crazy about Oracle buying Sun. You might have thought it was just open-source advocates objecting to the deal out of the fear that Oracle, the world’s biggest proprietary DBMS (database management systems) company would close down the most popular open-source DBMS. You’d be wrong. Microsoft wants to block the deal too.

As Mary Jo Foley reported recently, Microsoft is arguing that Oracle shouldn’t be allowed to buy Sun. According to my sources, the reason why Microsoft wants to block the deal has nothing to do with MySQL remaining open source. It’s all about making sure Oracle can’t use MySQL as a low-cost alternative to SQL Server on the low end.

Microsoft’s only toe-hold in serious DBMS work is in the SMB (small-to-medium business) space. Open source or not, a low-price MySQL with Oracle branding could boot Microsoft out of this line. They really, really don’t want to see that.

More >

December 11, 2009
by sjvn01
0 comments

Linux Security Kernel Clean-Up

While Windows has more security problem than a barn dog has fleas, Linux isn’t immune to having its own security holes. Recently, two significant bugs were found, and then smashed. To make sure you don’t get bit, you should patch your Linux system sooner rather than later.

Bug number one on the hit list is a remote DDoS (distributed denial-of-service) vulnerability that could potentially let an attacker crash your server by sending it an illegally fat IPv4 TCP/IP packet. Those of you who are network administrators may be going, “Wait, haven’t I heard of this before?” Why, yes, yes you have.

It’s the good old ping-of-death DDoS attack back again. What happened, according to the Linux kernel discussion list, was that somewhere between the Linux kernel 2.6.28.10 and 2.6.29 releases someone made a coding boo-boo and made it possible for this ancient attack to work again.

More >

December 11, 2009
by sjvn01
2 Comments

Red Hat heads back to the desktop with SPICE

Red Hat is the number one Linux company, but they haven’t been interested in the Linux desktop for years. With the open-sourcing of SPICE (Simple Protocol for Independent Computing Environment), that’s changing.

SPICE, like Microsoft’s RDP (Remote Desktop Protocol) and Citrix’s ICA (Independent Computing Architecture), is a desktop presentation services protocol. They’re used for thin-client desktops, and SPICE will be too. In 2010, you can count on Red Hat returning to the Linux desktop.

But they won’t be doing it as a competitor to traditional desktops like Ubuntu 9.10 or Windows 7. Thin clients are meant for corporate desktops, like those in a company where Red Hat is already powering the servers. Remember, it’s in Linux servers, not desktops, that Red Hat has found its riches.

On the server side, SPICE depends on KVM (Kernel Virtual Machine) for its horsepower. Guess what virtualization software Red Hat focuses on? That would be KVM. So if you have a company that’s already invested in Red Hat on the servers, wouldn’t it make sense to offer them a complementary Linux desktop option as well? And perhaps sell a few more server licenses along the way? I think so, and Red Hat thinks the same way.

A few months back, I asked Red Hat CTO Brian Stevens if Red Hat was going back to the desktop. "Yes, Red Hat will indeed be pushing the Linux desktop again" with KVM, he told me.

The open-sourcing of SPICE is a step in that direction. Indeed, by the time Red Hat bought Qumranet, the company that was behind both KVM and SPICE, Qumranet had already released a complete KVM/SPICE virtualization program, Solid ICE).

Red Hat hasn’t announced a re-release of a now completely open source-based Solid ICE, but that’s only a matter of time. It’s the next step, and it will be a smart one.

I say that because, unlike RDP, ICA or Unix/Linux’s VNC (Virtual Network Computing), SPICE isn’t a "screen-scraper." With these protocols, the server has to do all the heavy lifting of rendering the graphics. But with Solid ICE and SPICE, each SPICE session can access local system resources. In other words, a SPICE Linux virtual desktop user can use their PC’s graphics. This means SPICE users get close to stand-alone desktop video performance and at the same time the servers aren’t being overloaded.

As Stevens explained in a statement about the open-sourcing of SPICE: "The SPICE protocol is designed to optimize performance by automatically adapting to the graphics and communications environment that it is running in, so vendors have a terrific opportunity to enhance it for their specific applications."

What all that means for you is that, some time in 2010, you can expect to see the release of Red Hat Enterprise Virtualization for Desktops. I expect to see it arrive sometime before another thin client-like take on the Linux desktop, namely Google’s Chrome OS, arrives.

As I’ve said before, we’re in for some interesting time in 2010 with desktop operating systems.

A version of this story first appeared in ComputerWorld.