Recent blog posts
Cameron at Spam v. FreedomCameron at GreenCommons.orgCameron at Not WindozeNavigationSyndicate User login |
Cameron at Not WindozeEcological niche attracts figureheadWe see these "what a jerk Bill Gates is" articles all the time. They really don't help us understand the problem.
It's not "Bill Gates," it's Microsoft Corporation. The standards-seeking nature of the computer business combined with our worldwide lack of meaningful antitrust laws creates a perfect ecological niche for a software monopoly. First it was IBM and them MSFT. The monopoliast needs a sympathetic public relations figurehead. If it hadn't found Gates there were plenty more who wanted the job. Gates was, as they say, born on third base and thinks he hit a home run. Despite the fact he was one of the founders and his mommy had the connections at IBM, I think it's just as accurate to say Microsoft created the person that is now "Bill Gates" as Gates created Microsoft. How much do you really know about Walt Disney? Did you know he hated Jews and children? Disney Corporation needed that cuddly grandpa entrepreneur character for its figurehead, and the public persona of Walt Disney was about as real as Mickey Mouse. Do you actually believe Thomas Edison invented the light bulb? Of course not, Edison invented the engineering sweat shop and the contract where engineers work for wages and sign away their patent rights. Nobody will ever know who was on the team that developed Edison Electric's tungsten filament light bulb manufacturing machine, but you can be sure it wasn't Edison himself. So what makes you think you know any more about "Bill Gates" than you know about Edison or Disney? Categories: Cameron's Blogs
You're not crazy, the docs really do suckMy friend in LA ran into a showstopping udev-related bug, while installing Ubuntu for a friend. Booting after the initial install, kernel waits for root FS and udev never creates the device name it wants. Device names, it turns out, aren't as persistent as they need to be. His friend installed Windows-2000 and will tell his friends for years to come how half-baked "Linux" (all free software) is. This is how we advocates of software freedom create MS-Windows fans.
I couldn't figure out the bug for him during a short phone call. There's no way he could have figured it out. The reason we were stuck isn't that we're stupid or the bug was at all subtle. It's because Ubuntu doesn't tell us how its boot sequence works, and because udev is poorly documented. When I had similar trouble with Lilo years ago, I read the 70 page Lilo reference manual (which was pretty good) and I wrote the Lilo Mini-HOWTO. Maybe you've used it. Since then I have been in the same place with a dozen other task problems, but there wasn't any 70 page reference manual or it was incomprehensible or obsolete. (Wi-fi. Docbook. Sound under KDE. SMTP AUTH submission. Postscript fonts in LaTeX. Udev. Postfix restriction classes...) For some of them, I would have written another Mini-HOWTO, but the information just wasn't there to do it with. Source code is not documentation. Categories: Cameron's Blogs
Try changing input focus policy on XP, VistaOn every window system I've ever used, except one, you can adjust the window behavior to suit your taste. I want the keyboard input to go into the window where the mouse pointer is, "focus follows mouse." Most other people seem to want the keyboard stuck to whatever window they clicked in last. That input focus policy is called "click to focus" and it wastes my time. When I move the input focus I want nothing else to happen. Most others seem to want the window they're typing in to jump on top of everything else. That annoying behavior, coupled with click-to-focus, is called "auto-raise." It wastes my time and my screen area. I used to ask MS-Windows users how to switch the focus policy to focus-follows-mouse. They'd gawk at me as if I were speaking a foreign language. Then a Microsoft developer explained to me why you can't do it on MS-Windows, at least through XP. Believe it or not, the window behavior was hard wired into the MS-Windows operating system kernel! How stupid is that! But it wasn't stupid at all. Microsoft wanted to prevent anyone else from writing a window manager for their operating system, or even porting one from somewhere else. "No more Quarterdecks!" One more MSFT design decision to serve the monopoly's needs, and against the users'. And it's why they didn't get virtual desktops until fifteen years after everybody else had them. So, can I have focus-follows-mouse on Vista? It doesn't seem like a lot to ask for, from the software company with infinite development resources, that its fanboys tell me is the usability leader. Categories: Cameron's Blogs
Fast install, just copySome MSFT fanboy was bragging that he can install MS-Vista in 35 minutes. Of course that's not including any MSFT applications. You have to do those one at a time, or you're "stealing."
I can reproduce an entire GNU+X+Linux installation in half that time. With the applications. That's because the Free Software Foundation's version of the UNIX "cp(1)" program can copy everything on a disk partition, faithfully, in one operation. Then all you need to do is "make the drive bootable" (install a boot loader) which takes another minute or two. It's way faster than installing from scratch, and you don't have to repeat your post-install customizations. The (1) means it's in the first chapter of the online manual, and it's part of the program's name. GNU cp(1) is part of the GNU fileutils package, standard on any "Linux" distro you'll ever see. The first GNU+Linux distribution I really liked was H.J. Liu's "GCC Release." Its installation program was, you guessed it, GNU cp(1). MSFT users aren't allowed to copy their systems, even if it were possible. Categories: Cameron's Blogs
Advice to a new user, most open-source projects' web sites suckOne of my users got stuck trying to add a calendar to his new Drupal site. He has no idea what to do next, and doesn't even know how to ask.
I got your mesaage, but I didn't know where you got stuck or what you wanted me to do, so I left it for later. One of the things you will pick up about open source is how to ask questions. You have to say exactly what you are trying to do, what you did, what you expected would happen, and what happened instead. Nobody can do much for you without that information. If you are asking about a possible bug, the maintainers need enough information to reproduce it. If you are asking "what do I do next" we need to know exactly what you're trying to do, how far you got, and what you are missing before you can proceed. The chronic problem with open source documentation, and software documentation in general, is it is written by the only people who do not need it, and they have no idea when they left something out. When I looked at the Drupal site, for example, I needed an introductory overview and a glossary of Drupal jargon. But they jump right in to details of how to do this or that, assuming you already know what is in their heads. Sourceforge "project pages" are especially bad that way. The Apache and PostgreSQL sites show that it doesn't have to be that way. Many open source sites open with a front page blog of "news" where the developers are talking to each other about details of what they did yesterday, and you have to "drill" and search for any instructions or even a statement of what the product does. Sometimes the developers just have poor English composition skills and they are unable to write a sentence saying what the thing is. Slashcode and PHP are like that. What the hell is Slashcode? We don't know how to answer that question in plain English, but here's how to join the developers' mailing list. That's just how things are and you have to get used to it. You said "modules that need database configuration and installed software from drupal." As far as I know, each Drupal site on the server only needs one database. Ours is the "default" site, and its MySQL account has the privileges called for in the install instructions. Does the calendar require a second database? Does it need to be told where the existing database is? Are you using a different one than the one I pulled in? I could not find any other third-party modules. In fact I had to create the sites/default/modules directory to put calendar in it. Categories: Cameron's Blogs
Provoking the 800 pound gorillaMicrosoft (stock ticker symbol MSFT) sued Surpluscomputers.com for reselling academic licenses. Other retailers get away with it. Why was Surpluscomputers.com singled out?
MSFT doesn't really care if some small fraction of MS-Windoze installations are "stolen." As others have observed, "pirated" Windoze enlarges the footprint, creating more demand for Windoze over time. What bothers MSFT is loss of channel control. Almost all computer hardware and software is sold through a network of wholesalers, distributors, and resellers known as "the channel." MSFT's monopoly requires that MSFT be able to declare and enforce the rules of how the channel works: who gets how much of the cut, what retail customers are told, etc. It's a lot like the way cocaine and heroin are distributed. Fry's plays by the rules (selling almost all MSFT licenses with new computers or in retail shrink wrap, flooring Vista only...) and MSFT leaves them alone. Surpluscomputers.com doesn't (selling MSFT licenses on used computers, selling XP in 2007, selling more "OEM" than retail shrink wrap), and MSFT hits them hard. Categories: Cameron's Blogs
programs and processes, computer literacyThe monopoly says "you don't need to know that." It doesn't want you to gain the computer literacy which would let you make self-interested choices about your computing environment.
Some of my customers have trouble describing what is broken on their computers, or what they were trying to do when they got stuck. They can't say which program they were using, or which program popped up a warning or error message, because they don't know what programs are and how they're distinct from each other. The monopoly encourages that confusion. Confused people are helpless people, easier to exploit. A computer program is a list of instructions that the computer can execute. A computer program that is running is called a "process." (Purists may quibble. Some programs are written in a language that the Pentium 4 microprocessor chip doesn't execute directly all by itself. Instead there is another program which interprets that program. The Pentium 4 microprocessor actually executes the interpreter. That's an irrelevant quibble when we are talking about computers at this level of detail.) In unix (that means GNU/Linux, Mac OS, Sun's Solaris, etc) we try to have a lot of little programs where each does one thing well, and in a way that they can work together to do larger things. In Ubuntu, when you drag a file from the USB drive to the desktop, you are seeing a whole bunch of programs working together. There's a program called Nautilis which presents a view of the contents of a folder on the screen. There's a font server that knows exactly what characters look like on the screen. Nautilis has to consult the font server to find out how to depict the name of a file. And Firefox can consult it, too. So there is no need for Firefox and Nautilis to know what characters look like. That knowledge only has to be in one place because the programs work together. There's a program called hotplug that figures out what to do when new hardware like a USB drive or a wifi card suddenly appears out of nowhere. This matters because when something goes wrong you usually need to figure out which program screwed up before you can fix it. And if it all looks like (or is) one amorphous mass you can't really do that. Which is one reason MS-Windows is so hard to troubleshoot. Categories: Cameron's Blogs
Why Vista has security problemsMicrosoft's (stock ticker symbol MSFT) new "Vista" operating system distribution was supposed to be the most secure OS MSFT has ever shipped, and it may be. But that's not saying much. And Vista is turning out to be nearly as bad as its predecessors, which is a whole lot worse than any other modern OS.
Unlike any other software company, MSFT has a business imperative to make its products as complex as possible. They're the "standard" and the complexity inhibits compatible competition like SAMBA and WINE. It's a well known principle of software engineering that excessive complexity indicates a poor design and poor design management. A program that's a whole lot more complicated than it needs to be will have a whole lot more bugs than a simple program with the same function. In MSFT's case, it's intentional. They'd rather have a brittle, vulnerable product than competition, and their customers have no say in the matter. Categories: Cameron's Blogs
They're all the same, yadda yaddaSomeone wrote: "It is true that PDF is a "corporate standard". Then again, so are Windows, Unix, HTML, Intel, Motorola, Macintosh, the phone lines, the electricity used to run the machines, etc, yada yada, ad nauseum."
No they're not. Windows is a word in the dictionary. It's in the public domain. That people refer to a proprietary operating system distribution as "windows" is a travesty. MS-Windows is a "corporate standard". "UNIX" is a trademark. I believe it belongs to a 501c3 these days. unix (generic) is in the public domain. It got that way when the last patent (set user-ID) expired in 1989, which made it legal to publish UNIX "clones" world wide without royalties. (And that's why there were no free unixes in the '80s and they were all over the place starting in about '92.) That's what makes it different from Windoze, fer peat's sake. Windoze belongs to them. Unix belongs to us. If you want to be ridiculously pedantic about it, POSIX and GNU are ours and UNIX is irrelevant, but in common usage all three are just "unix." HTML is a public standard. Intel, Motorola, and Macintosh are trademarks. Plain old telephone service and 120VAC at 60Hz are public standards. There's a real difference that matters in people's lives between corporate standards and public standards. It goes to at least four of the Ten Key Values of the Green Party. PDF and RTF are "corporate standards," as far as I know. But they're published. The most important APIs and protocols in MS-Windows are trade secrets. That difference matters, too. You're not making ADBE more valuable when you create a PDF in the same way you make MSFT more valuable when you create an MS-Word document. Categories: Cameron's Blogs
how the "user friendly" vision was lostEase-of-use and ease-of-starting are two different things.
Ease-of-use is about how efficient and comfortable you are once you have figured out what to do. Ease-of-starting is about whether you can do anything at all without reading and understanding instructions or being shown. For the first two decades of widespread availability of computers, ease-of-use was the gauge of "user friendliness." How well does it work once you know how to work it. Is the user interface reactive? Is it fast enough? Does the display give you a headache, or the noise make your ears ring? Then several Project Athena-inspired, relatively low cost computers hit the retail market, the most famous being Apple Macintosh. The Macintosh was a market failure in 1984. It was too expensive and didn't have any applications. Apple had aimed it at wealthy consumers and they weren't interested. So Apple reconsidered its strategy and "repositioned" the product to appeal to businesses who wanted to reduce their investment in employee training. In the late 1980s and early 1990s, the workforce was becoming disposable, and that investment was becoming a major problem. They would spend tons of money on low-performance computers if they could be used to do very simple tasks by completely untrained staff. At about that time, Microsoft Corporation (stock ticker symbol MSFT) spent a ton of money introducing a caricature of modern user-friendly software: MS-Windows and MS-Office. MSFT had a network-effects monopoly by then, and if they'd offered shit on a shingle it would still have been instantly "the standard." "The Mac" and "Windows" redefined "user friendly." It wasn't about ease-of-use any more. It was about low training and dazzling appearance. It was a tragedy. The original vision of empowering computing driven by the users' (not the employers') needs, from Project Athena and Xerox PARC and Bell Labs, was bulldozed in the marketplace by Apples's and MSFT's marketing force. But it lived on in the Free Software movement, which wasn't constrained by shareholder demands. Our software is easy to use, once you make the effort to learn a little bit about it. Their software is harder to use but easier to get started with. I often hear it put, "it's easier to do easy things on the corporate stuff, it's easier to do hard things on freeware." So think about that the next time you get frustrated with unfamiliar software. Why do you resent having to learn to use it? Computer literacy is an investment in yourself that makes you less disposable. Due to the Copyleft, the GNU system is part of your cultural heritage as a human being. Nobody can take it away from you. Learning about it will pay off as long as you use computers. That's why the monopoly wants you to make do without it. People who tell you "you don't need to know that" are not your friends. Categories: Cameron's Blogs
for the monopoly, 'piracy' is still a saleA poster on Techrepublic opined that "third world countries" are moving away from MSFT because of price alone, and asked "If Microsoft products are inferior, why do people pirate them?"
The Reagan Pentagon commissioned a RAND study of the real strategic threats to the US. Of course killer malware was one of them. We haven't seen Al Queda's email virus yet, just the relatively harmless ones the spammers commission. A security conscious organization will move off of email systems that remain intentionally vulnerable to that threat. But there was a second threat: proprietary formats let a vendor hold a customer's data hostage. Suppose MSFT announced that starting next year they would charge you twenty cents each time you opened an MS-Word file. What's to stop them from doing that? How do you know MS-Office doesn't already have the mechanism in place to do it? RAND thought that was a bad risk for the Department of Defense to take. That's why the Reagan DoD and GSA kept buying generic unix while the private sector took the risk. It kept unix alive for a decade. Engineering and scientific work wasn't really a big enough market to keep the big manufacturers interested, it was government purchasing. Venezuela and Munich and Massachusetts aren't stupid; when they studied the problem they came to the same conclusion. I never said MSFT products are inferior. MSFT has one of the best software quality assurance organizations in the world. They ship pretty much exactly what they want to ship. They like to point out that they've never had to re-release the flagships (Office and the OS) because a show-stopping bug made it to production, and it's true. I said MSFT's products are about the last place you'll find technological advances in software. They let everybody else take those risks. With their mindshare, they can get away with taking credit for everybody else's inventions when they get around to imitating or buying them. It's a lot like Edison Electric a century ago. MSFT enjoys what reasonable economists would call a monopoly, in at least two of their target markets. It's the type of monopoly that depends on what economists call "network effects." In that kind of monopoly, it is far more important to suppress and control competition than to maximize revenue. It really doesn't matter to MSFT whether any particular instance of the flagships was paid for or "pirated." It's one more desktop or small-office/home-office server that's not running Red Flag or Ubuntu or FreeBSD. Every keystroke someone pounds into MS-Word is another brick in MSFT's wall. That's the primary network effect. MSFT's nightmare is that the International Standards Organization's Open Document Format will cut seriously into MS-Office's share of daily and yearly document production over the next couple of years. It even went to the trouble of creating a decoy (OOXML) to confuse the issue and try to slow ODF down. Categories: Cameron's Blogs
It happens outside the US firstTechrepublic mentioned a Yankee Group "survey of IT executives shows that 23% respondents intend to migrate off of [MSFT] Exchange to Linux-based mail servers in the next 12-18 months. Of the respondents, 65% of them currently run Exchange." The writer was skeptical.
If the survey was biased towards "Exchange shops" in the USA, I don't buy it either. Some of the respondents are just using the survey to register their displeasure with MSFT. (Was the survey conducted in English only? Was it only offered to readers of an English-only Web site or magazine?) If the survey was worldwide and conducted in many languages, it's plausible. Over that time period, MSFT customers are being told to replace their investment in the "32-bit Exchange" with a new "64-bit Exchange" that runs on a new operating system distribution that's meeting a lot of market resistance, especially outside the US. More than half the people with Internet access live outside the US. That's where the Internet is growing the fastest, too. Across Latin America and Asia and in the European Union countries, alternatives to MSFT are being adopted much faster than they are in the US. It's part of our technological decline relative to the rest of the world. As software technology goes, MSFT is kind of a backwater. That's a consequence of its corporate philosophy of never inventing anything. Invention is risky. The market rejects some inventions. Truly new ideas don't do anything to reinforce the monopoly. MSFT is the technological incumbent. It makes more sense for the incumbent to wait for others to prove new ideas in the marketplace. Once they're tested, MSFT can imitate them or buy them. Categories: Cameron's Blogs
Vista, hell of a gamble, 100% MSFT's faultCNet asked, "are the problems people are having with Vista Microsoft's fault?" As if someone else might be to blame for Vista's outrageous hardware requirements.
Anyone who designs PC hardware or software for MS-Windows has two bosses. The company who signs her pay check, and MSFT. When I was designing Ethernet cards at 3Com, the boss came around every year and apologized, and dropped a copy of the Microsoft Hardware Design Guide on my desk. Every year it got thicker and more constraining. If you broke any of the rules, MSFT would blackball your product. They do that by prohibiting you from using the "Designed for Windows" logo. That locks you out of the distribution channel. They can also "make a mistake" and drop your driver from their release "by accident." It hurts a big company so badly it might never recover. It's instant bankruptcy for a smaller one. To a much greater extent than you would know from the trade press, MSFT directs and controls the PC hardware business. It's tighter than Apple ever was over its "third party" hardware makers. With that kind of control, MSFT is 100% at fault for all of the problems with Vista. MSFT took a huge gamble with Vista, gambling that its network effects-based monopoly is so strong that its customers would tolerate being told they have to discard a generation of hardware that runs competing software platforms just fine. (If you don't know what "network effects" are, look in a good economics textbook.) That gamble reflects MSFT's confidence in the strength of the monopoly. They want to retire the working hardware because it is relatively open, and replace it with stuff that will enforce Digital Restrictions Management. The jackpot MSFT is going after is control over music and motion picture distribution in the next decade. Heck of a gamble. Categories: Cameron's Blogs
User friendly!Some of my PC repair customers switch ("migrate" would be a better word) from MS-Windows to GNU+X+Linux.
The ones who have the hardest time are the MS-Windows "Power Users." People who never used a computer before, or who only used "AOL" or some minicomputer twenty years ago have a much easier time. That's because the "Power Users" know computing from the visual cues presented by Microsoft's user interface. When those visual cues change even a little, they're lost and afraid. That's one reason you should try several GNU+X+Linux distributions. You should at least see the most popular desktops: KDE, GNOME, XFCE, and maybe Fluxbox. You should try changing the mouse policy: you might, like me, find that focus-follows-mouse with no auto-raise is a lot easier to use and makes better use of your screen area than the policy (click-to-focus with autoraise) that MS-Windows and the original Mac OS forced on you. You might really like using a different virtual desktop for each task. You might like Konqueror or Nautilus better than Firefox or Internet Explorer. You might like KOffice better than Openoffice.org. It's too bad there's no GNOME Office. Seeing the same tasks presented several different ways will give you an intuitive understanding that the user interface isn't the computer. The MS-power users are confused and bewildered by all those choices. But you'll be learning to use the computer, not just the user interface, so you won't have that problem. Categories: Cameron's Blogs
comparing expectationsMildly interesting exchange this weekend on a CNet forum. Thread began with "which was MSFT's worst OS?" Everyone agreed it was MS-Windows Millenium Edition. That was their last distribution with the Windoze 95 kernel before they scrapped it.
Someone opined that no OS is reliable, they all need to be reinstalled routinely, they all get "registry corruption," etc etc. I've only known MS-Windows users to say things like that. They use words like "touchy" and "iffy." People who use other computing environments expect them to work right, in the absence of malicious/careless users or hardware failure. The only other OSes people use on PCs or Macs are unix, so this was taken by two MSFT fanboys as yet another silly "macs are better" thread. As far as I know VAX/VMS, AS/400, and the mainframe OSes are just as good, but that didn't come up. We're talking computers consumers use. But what stood out was the MSFT Power Users' absolute conviction that no computer operating system is reliable. I mentioned the only time I'd seen a Linux file system corrupted so badly it couldn't be recovered was when the drive had failed. I have heard intruders can destroy a file system with a buggy rootkit also. Power failures and accidental resets, recoverable. Running for years under load, no corruption, no lost files. Both of them said that must be a lie. It seems to me that's another adverse impact of the monopoly. People don't expect computers to be reliable any more. That would be a good thing if it prompted people to do backups and make recovery plans, or be suspicious of critical systems. (Computers in hospitals, banks, power plants, airliners...) But I don't see that coming out of it. It's like spam: people just accept it as inevitable instead of asking why. Categories: Cameron's Blogs
MSFT stumbles over daylight savings time changeOf all the things. Big story this week about how MSFT's "patches" to various products don't apply correctly. It seems the US Congress moved the start of Daylight Savings Time (DST) forward a few weeks, with less than two year's notice. Computer software needs to know the time of day, so it cares about DST.
Software should be as simple as possible. It's less buggy that way. One way to make things simple is to have well-tested shared subroutine libraries for functions like getting the time of day and expressing it in local time, that lots of programs need to do. Unix (including GNU+Linux) handles this in the standard C library (libc) that almost all user programs include. They include it at run-time. That way you can update the function one place, when the suits do something silly like changing how the wall clock works. Debian handled this huge complicated problem by reissuing the software package with the time zone data files that the function in libc consults, tzdata. You go apt-get update && apt-get upgrade, you're done. If you're maintaining a thousand Debian machines, you "push" that out through your update routines. Or maybe you're more cautious and go apt-get update && apt-get install tzdata so nothing else updates just then. But the MSFT monopoly holds a unique position in the software world. It's got an interest in making its products as complicated as possible. That way IT people have to dedicate their careers to MSFT and don't have time to master the alternatives. Apparently there's time zone code in Outlook Express and Exchange Server and a lot of other stuff. Those packages got reissued, and the upgrades aren't working real well. Not only that, but MSFT is charging $4000 for upgrades to older versions like Exchange 2000. Why are companies still running the seven year old version of that buggy thing? Because MSFT's upgrades don't work too well... Categories: Cameron's Blogs
Debian moltsThe most comprehensive and carefully maintained software distribution I know about is Debian GNU/Linux. Started by Debbie and Ian Murdock in August 1993. It's an open project by an association of tens of thousands of developers and testers worldwide. It's published at four levels of maturity:
You choose which works best for you. If you don't want to participate in the development, use Stable. If you want the latest features and don't mind reporting a bug now and then, try Testing. It you want to help, join Unstable. Every couple of years, Testing "freezes." We keep fixing bugs but don't add new features. (That's the only way to approach a bug-free system, and MSFT doesn't do it. MSFT's Service Packs and Windows Update "patches" introduce complex new features with new bugs.) After the freeze, it takes a few months to reach zero show-stopping "release-critical" (RC) bugs. When the last RC bug is squashed (or the package it's in removed), there is a NEW DEBIAN RELEASE. Stable becomes Old Stable. Testing becomes Stable. Work begins on a new Testing. Unstable just keeps changing as always. It's about to happen. The current Stable is Debian GNU/Linux 3.1. It is about to become Old Stable. The current Testing is Debian 4.0. It will be Stable any day now. It feature-froze in November '06 and it's had security support since then. If you install Debian today, you should install Testing. Debian GNU/Linux 4.0 (nicknamed "Etch") will be available on three "Official" DVDs or twenty-five "Official" CDs. That's the "i386 binary" you can install on an IBM-PC-Compatible computer. (The source code is available for the whole system. That's another 25 CDs. New users don't need it. Developers usually use the online archive, not CDs.) You can also use the disk set to upgrade your Debian 3.1 system. There are dozens of socially responsible vendors who will sell you a disk set by mail. I once considered getting into that business but it is just too competitive. But I'll sell you an Etch disk set when it's released, at an outrageous markup, as a fundraiser for Green Internet Society. Drop me a line to reserve a set, cls@greens.org. Nobody needs the whole thing. Etch has about 25,000 packages. A typical home workstation uses less than a thousand. A typical Internet server uses less than five hundred. If you have fast Internet access (DSL, cable TV, or fast wireless) you can install only the packages you need, as you need them, over the Internet. That's the recommended method. The most popular packages are on the first CD. You can use the first Etch CD to install a usable home workstation. When you run the installer, it will try to find the online archives automatically, and you can install (and maintain) the rest of what you want from there. There is also a "network install" CD. It fits on a "business card" mini-CD. It's only useful if for some reason you can't deal with a whole CD. Categories: Cameron's Blogs
Please tell Microsoft about this problemworld's largest error message
The only billboard in Times Square that's not animated. Two stories high. Categories: Cameron's Blogs
But I use an antivirus!I got a spam yesterday, sent from a compromised MS-Windoze computer on a DSL line. It had a real domain name so I left the guy a message and he called me back.
He was pretty angry, but it wasn't at me in particular. He's trying to run email service for three hundred customers on that computer, using some commercial mail-server-in-a-box product. He'd already fielded four trouble calls on it that day, and that was a typical day. It's keeping him from running his web design business. He didn't know it was spamming. He couldn't believe it was spamming, either. He's spending hundreds of dollars per year on "antivirus" products, and they'd given him a powerful false sense of security. And he was using one of the "professional" antivirus things, not that stuff Symantec and McAfee sell to consumers. When I want to watch the log from my mail server, I type "tail -f /var/log/mail.log". Usually it's in the shell history so I just call it up from that last time I typed it. Apparently the "user friendly" mail-server-in-a-box product has no equivalent functionality. He can't watch its activity in real time. Windoze has a task manager, but the spam bot was hiding from it. He's in the dark. But it does let him look in its mailboxes and queues, and he found a few hundred of the spams in there. Now, I've been reading email headers and logs for a while. The only thing you can really trust is the IP address of the sender that your email software recorded. Practically everything else in the incoming spam is trivially easy to fake, and the spammers fake it. I'm not an expert on TCP/IP but I know faking the source IP address is so hard the spammers don't bother. Here's why: the spammer's software needs to hear back from my server to complete its transmission, and my server is going to reply to the fake address. So he has to control the computer at the fake address as well as the real one. There was one spammer doing that for a while. His fake address was a throw-away dial-up account, and the fakery protected his real, expensive Internet connection. The poor guy couldn't believe his system could be compromised because he is doing everything right, according to the advice computer owners get from commercial sources. I explained the problem known as zero day threat. It is impossible to inspect the source code of the Microsoft system, because it's a trade secret. Also because it's way more complex than it needs to be. Therefore, when a new Microsoft system (or "security patch") comes out, we have to wait for an exploit to appear "in the wild" and then we have to wait some more while the antivirus venders figure out how to detect and remove the thing. There is no way to discover vulnerabilities before they are exposed to the hostile Internet environment. Therefore the most dangerous "virus" or intrusion technique is any brand new virus or intrusion technique. That's called the zero day threat. In all the self-training this guy had done to get a mail server going for three hundred people, he'd never come across the term. Categories: Cameron's Blogs
Another step towards escape!The toughest cage to break out of is your own mind. One reason so many people think they can't live without MSFT products is they have never seen a Windows-compatible PC run anything but MS-Windows. We can fix that right now, with no risk and no commitment. You need a blank CD.
Go to http://www.damnsmalllinux.org/download.html and choose a nearby download site, and download the file dsl-3.2.iso (or whatever version it's up to) from the "current" directory. This 50 MB file took six minutes on my ADSL line. Burn this CD image onto a CD with your favorite CD burning program. I picked Damn Small Linux because it fits on a business card CD, but you can put it on a regular CD if you like. I burn CDs with K3B (from www.K3B.org) but you might use Nero. The file you downloaded is a raw, bootable disk image. It needs to be written to CD that way. Copying it as a file into a new CD file system will not work. It's a whole file system, itself. Insert the CD in the computer to boot (or reboot) the computer. If you bought a generic PC locally made, or someone has reinstalled its operating system since it left the factory, the computer's motherboard "CMOS settings" (BIOS settings) are probably correct already. If you bought the PC by mail from Dell or Gateway, it will probably just boot into MSFT Windows without looking for a bootable CD first. You'll have to go into the BIOS settings (watch the screen during a reboot. It will say something like "F2 for SETUP" and you have to hit F2 right then. It could be DEL or ESC.) and find the boot settings, or "boot priority." Set your BIOS to look for a CD-ROM before trying the hard drive. When the computer boots off the Damn Small Linux CD, you'll know it. It goes straight from the motherboard BIOS into Damn Small Linux. MSFT never runs. There is a Damn Small Linux "splash screen" with a boot prompt boot: in the lower left. Hit Enter and sit back and watch. Durn Small Linux takes a little while to scan your computer and figure out how to run there. It prints a bunch of chatty messages about a bunch of modules it can't find. Ignore all of that. Then the screen goes dark, and comes back on with a fine crosshatch with a big X in the middle. That's the X Window System from MIT. Damn Small Linux' desktop takes over. A lightweight Web browser called Dillo opens to a page about getting started. You can safely explore this system. It won't touch your hard drive until you tell it to. If you have DSL or cable TV Internet access, you may already be connected. Try Firefox. It's got a launcher on the desktop. When you're tired of Damn Small Linux, click the right mouse button to get a pop up menu. Click on "Power down" and select Shutdown or Reboot. Damn Small Linux will shut down its desktop and eject the CD. When you boot again, there's no trace that Damn Small Linux was ever there. But you'll never see that MSFT splash screen (with the clouds and the giant Windows logo) quite the same way. Categories: Cameron's Blogs
|