systemcall dot org

False security is worse than no security. It’s that simple.

Bruce Schneier won’t stop saying how CCTV cameras are not only plain ineffective, but they bring the false sense of security even on police forces that won’t patrol the streets as good as they would without cameras. People won’t worry as much as they would without cameras and become easy baits for common robbers.

The same apply to computer security, of course. Building up a firewall in your computer, running an updated version of the latest anti-virus / anti-rootkit / anti-malware / anti-whatever won’t protect you from the most simple of the attacks: social engineering. One email or phone call done right to the right person is enough to render the whole network inoperative for hours or to pass sensible information to black hats do whatever they want or need in order to hack a system. Yours or any other.

As if it was not enough, as Bruce always point out, placing cameras will make robbers attack on places without cameras. In the same line, placing personal firewalls will make viruses mutate and attack on more subtle ways. Placing proxies and snooping hardware on your network will only make the real offenders care more when they’re accessing prohibited websites or protocols, for they will anyway.

The fact is simple: You can’t assure 100% of security.

Money is hardly the issue here. Think on the amount of money the US spend on securing their own classified data. Probably more than what they spend on wars around the world. But it wasn’t enough, Gary McKinnon could get into all of that to search for UFO information (yes, I do believe him). Apple spends a whole bunch on securing their devices and Brazilian hackers unlocked it only 3 days after the new iPhone 3G was released.

DRM is the other myth I can’t understand how people with a bit (not much) of clarity and intelligence can ever think it’s worth the shot. All major locks imposed to consumers were broken immediately after they were released. Hackers (good and bad ones) can easily break into any security scheme but the normal public will have to use the digital handcuffs. It’s not only unfair, it utterly stupid and pointless.

There is no sensible choice other than agree with Richard Stallman’s philosophy: ideas should be open and free. Competitive advantage must be on what you are doing rather than on what you’ve done. It’s impossible to secure the past, let it go, walk forward, invent!

What’s the value (worth of stealing) of your previous achievements if your future ones are much better? What could a hacker possibly want with old things? If they’re hacking, it means you’re not fast enough! Keep up!!

Popularity: 1% [?]

Share This

I’m a big advocate of free software, highly active on the Anti-DRM campaign and a big fan of Richard Stallman (as you can see by reading back lots of posts on this very blog). In his last text to the media about Bill Gates’ retirement, he says (as usual) some very strong arguments about fair societies, freedom of use and copy etc. We all know that, right?

Well, there is one thing I don’t particularly agree: proprietary software.

In a recent talk, he said there was a fair reason why there is copyright: Investment in technology. In the old days, it was the press. Today, we have software companies.

The beauty and the beast

Microsoft, as he said (and I reiterate), only abused of development made by other companies since their first product. Worse, since then, they’ve been buying one company after the other and scraping each one of them (pretty much like Yahoo! is doing recently, therefore the interest). But there are lots of others that are doing fine, and it’s not fair to put them all in the same box.

Adobe Photoshop is a great example. Gimp is fantastic, of course, but the investment in Photoshop is huge and there is a clear difference. The cost is high, but the quality is also high. Like Photoshop, many other specialist software in music, video, animation, scientific, electronic, games and so on have a specific market, to which they belong and are doing pretty well. I’m not saying Adobe (or any other specialist company) is fair, just that some are investing seriously in development, not only sucking their users money and freedom.

Windows is unfair, it locks the user, it treats them as liars, cheaters, yes. Worse still, you can’t use it with anything else because it’s forcefully incompatible with the rest of the world, yes! They’re cheating by making you buy their license even if you’re not using, to force you update Internet Explorer even if you use Firefox, to report all your actions to Microsoft and god know what more. YES!!

Apple with horrible DRM locks, pushing iPhone updates and all we already know they do, Warner, Sony and all the like. Yes! They are mean! But that doesn’t mean all companies are.

Research and Development

If you have a free software (open source) that is enough for your uses, or you can hire someone to increment or adapt it to your needs, fine! If you can write software to your needs and redistribute it to the rest of the world, perfect! But why negate the existence of fair research and development, I don’t know.

I’ve been on the academia side of development to know very well what happens here: some PhD writes a piece of software, without any care for quality or extensibility. Later on, someone (or themselves) make it open source and people start using it, extending it. But most of the time it’s not possible to carry on incrementing, its need a re-write. And people re-write software fortnightly on academia.

The investment is in giving PhDs a good time and not to produce good software. Free software is good not because of that investment, but because people that need it, do it. It’d be fantastic if academia could teach them about software quality, if there was a real control over what they produce (like acceptance by the open source community) as part of their grades.

Now, private companies (like many around Cambridge) invest a good bunch of money in research and development, hiring those same guys and giving them a proper training in software engineering and getting things done, very well indeed. That costs money, I can’t see how they could open the source, at least not in the first years of sale.

Extensibility

Some companies give it for free (as in beer) for academic institutes. But the most important (IMHO) is to be extensible and to have a clear interface. Good software, even if closed source, have a clear and easy-to-use interface. With that, you can extend it to suit your needs. It’s not as good as having the source, but it’s a start.

Enforcing DRM locks, spying on users, making impossible to connect to other software, being nasty is the problem, not being proprietary.

Popularity: 5% [?]

Share This

Another fine example about how the open source community can be impressive, even when comparing with the biggest software companies.

Yesterday we had a gig at our annual Music Evening and I needed to edit the videos to upload them on my wife’s website. I go on cinelerra’s website download page and get the Ubuntu 8.04 repository, update the package listing and try to install cinelerra:


sudo apt-get install cinelerra


It should be that easy but unfortunately the repository had an error:


Err http://repository.akirad.net akirad-hardy/main akiradnews 20080417
500 Internal Server Error
Err http://repository.akirad.net akirad-hardy/main libguicast
1:2.1.0-1svn20080530akirad1
500 Internal Server Error
Err http://repository.akirad.net akirad-hardy/main libmpeg3hv
1:2.1.0-1svn20080530akirad1
500 Internal Server Error
Err http://repository.akirad.net akirad-hardy/main libquicktimehv
1:2.1.0-1svn20080530akirad1
500 Internal Server Error


Well, with nothing else to do about it, I’ve followed the instructions on the website saying to email the guy that put the packages in place, which I did. Seriously, I thought it would take a while (days?) until the guy could have time to go home, do whatever he wanted to do at home, check his emails, talk to the ISP, bla bla bla.

To my surprise, after exactly 1 hour and 20 minutes he replied (in English and Italian) that the packages were reloaded, I should be able to get it, which I did, and indeed, worked absolutely fine. I now have my videos edited.

The “guy” was actually Paolo Rampino, which I thank him very much, but also I’d like to acknowledge once more the power of the open source community. I wonder if I had any much more serious problems (security) with a copy of Windows or Office if Microsoft would take 1:20 hours to not only answer, but to fix it!

Thanks again Paolo, you made another user very happy indeed.

Popularity: 6% [?]

Share This

Recently I posted about Stallman and Copyright, and how his beautiful ideas about how artists could make a living. Not every one think the same way, though…

Terry McBride, a somewhat famous music manager is also spreading the world about the end of copyright, as reported by El Reg, but with a bit of a twisted view on how actually bands could get some money out when labels won’t exist anymore.

The idea is quite old and obvious, football teams and websites do it for years, and is simply ad-driven free content. It’s not exactly free as in freedom as Stallman would love, I’m sure, but it’s a closer reality and I’m afraid we’ll have to go through that to reach real freedom.

Google is probably already developing AdSense for young female singers to display “Ads by Google” on their forehead while playing in a concert, and Microsoft is already filling the patent on how to force Vista buyers click on their “Ads by Yahoo! (I mean, Microsoft)” links on bands’ websites with “free” download that can only be played on leap years.

All in all, GNU is doing well and Stallman should be proud of it. The French revolution was an intermediate stage to “free the people” which was kinda necessary, pity they never reached true freedom. We might need this intermediate state again now, I just hope we don’t do the same mistakes this time (whatever they were)…

Popularity: 13% [?]

Share This

Yesterday I went to Stallman’s talk at Cambridge University where he proposed a new copyright scheme. Here is the transcript of the same talk elsewhere, not the same text but the same ideas.

Below is a mix of what he said and my thoughts on the subject based on his thoughts (complex, I know) so don’t take this as his strict opinion, go to gnu.org to know his real opinions.

Copyright

Copyright was invented to protect evolution of ideas and development of new technologies, to protect those that invested so much to create a good product not being scavenged by the lazy competition, but the way it’s been implemented today it not only taking aways our most basic freedom of use and friendship (by means of lending to friends) via DRM, but it’s also mining development of new technologies (see the BluRay case) and the evolution of ideas (see software patents).

To address how to create a copyright law that would get us back on protecting evolution and development, he divided creation in three groups and proposed a scheme based on them:

• functional: Things you use at work or to perform work. Good examples are software, cooking recipes, tools, etc.
• testimony: For the lack of a better term, testimony is the category which works of report, history, opinions, achievements (like scientific papers) are part.
• art: Entertainment or artistic purposes only. Movies, music, paintings etc.

Reach everywhere

His copyright proposal says that every piece of work, no matter in which category it lies, should be allowed to be freely distributed (as in backing up your CDs as well as lending the backup to your friends indefinitely). This allows anyone to copy whatever they like, whenever they want, as many times as they think it’s good.

Some questions raised, and easily addressed:

1. How to control who is only copying and who is actually buying your work? Easy, you don’t. You don’t have this control today, and it’s a dream to think you will ever be able to do such thing.
2. So, how to authors make money? Lots of authors already make money out of donations, like a Canadian singer (I’m guessing this one) already makes a living out of donations and she’s not even locally famous. According to him, her wages were above what average bands get from “normal” recording companies.
3. But I’m a new band, no one is going to see my website. For that, he said, governments could have a tax (like one pound per month or so) and the money would be distributed directly to the authors and not their recording companies or publishers, based on popularity. The whole polling/popularity/tax thing was in the early stages of evolution in his mind but nevertheless, it was already practical for other famous bands like Radiohead.
4. Why should I have a website to make money? You don’t, and that’s a stupid question. This was one of the ways of getting money, you can ask for money on your shows too, be creative!

Some modifications allowed

The difference comes to modification. According to him, every commercial use of anything should be strictly bound to the copyright laws, which should block any unauthorized use of the material for around 10 years (some say 5 is better). After that, everything is on public domain.

Before that, though, for some types of work you cannot modify it without the author’s (or the bunch of lawyers from the recording company) consent. This is the price we pay for being in a capitalist society.

Indeed, this is a fair price to pay for art and testimony works, as we don’t need to modify Mona Lisa to be creative, we can create something new and, when the copyright expired, than we can modify it and be creative on top of it.

But not everything can wait. If a hammer is too long for your work you can saw it in half and be much more productive. You are allowed to say your friends to buy the hammer and saw it in half, to blog about it, write books and talk it on TV.

The same idea should be always true to software. If the program doesn’t work the way you want you should be able to modify it, post the patch, publish a book about it if you want. But the source code is hidden.

Hidden source code not only takes you the freedom of change to be more productive, but also takes aways the freedom of knowing what you’ve got in the first place. It’s very common to see big companies installing root kits, DRM kits, monitoring kits on your computer and you can’t detect it because the source is not available. Those kits takes away other freedoms as well. You can’t use the media as you like, share with friends and so on.

So this freedom is critical and for that, Stallman’s proposal is to make it compulsory to any functional work to be open to public scrutiny, allowing modifications and redistributions as many times as needed.

Some of the questions were:

• How do you discern between art and functional work? It’s not up to you to define that. When you go to a court, the judge and jury defines if you’re guilty, if it was homicide or just manslaughter, and what your penalty should be. For some things it’s so obvious that you don’t even go to the court, the policeman can arrest you straight away (of course you still have the right to a lawyer and a call) but for others you always have the public opinion a sa last resource.
• Hot to make money out of software, then? This is a very old question and Stallman himself answered it many many times, check the gnu.org link provided above.

Big deal

It seems impossible, though, to achieve such a radical change in every country’s laws all over the world. It’s a task that many would consider crazy, not to say useless. Others will say that there are many other quests that are much more important than that, so why bother?

Stallman’s answers (not literal, compiled and re-written by me with my own words) was quite clear, sober and simple (and this is why I admire him so much):

1. I’m only a man, I can’t fix all problems in the world. No one can in a life time, so we need to focus on one problem and go as far as we can. This is my focus.
2. It’s not only about software, it’s about freedom. Today’s society is heavily based on software so freedom of software is freedom of society. When you listen to a song in your iPod you’re listening to a stream of bits played by a software. Your freedom to listen to music, watch movies and work productively is at stake, we can’t afford to let it go.
3. Finally, I’m not saying you should do it, you do whatever you want, but who wants to join me in that quest is more than welcome.

So, freedom of software is, in fact, freedom of society. Each step towards digital restrictions is a step against freedom of society as a whole and every one can help with this quest by changing their ways just a bit here and there. It’s so easy, it costs so few and the result is so important that there is no excuse to avoid it.

Use open formats (for documents, videos, music), open source software (Ubuntu is easier to use than Windows IMHO), avoid buying DRM-ready media or giving money to companies that promote any kind of unlawful restrictions.

On the other hand, if you’re eager to help, join the DefectiveByDesign campaign of the Free-Software Foundation, or even FSF itself and make the world know that you DO care about your freedom.

PS: Stallman, let me know if you think you were misrepresented by this post in any way. Unfortunately this is not a wiki where you could change it yourself but I’d be glad to make any change.

Popularity: 14% [?]

Share This

After Yahoo! rejecting MS offer and all the fuzz about Yahoo! takeover now Yahoo! itself is breaking apart…

No wonder the shareholders are mad, Yahoo! has been falling to pieces since Google got into scene and now with the $31 / share offer when it was barely holding it self above $20 the shareholders saw all the return for their investment happening in a very short time, what might be the last chance they have to see any money back at all.

So here’s a bit of futurology:

David Filo moves to Hawaii, shareholders sue Jerry Yang and he’ll end up very poor on his own Caribbean island, Yahoo! is bought by Microsoft by half the price (after the lawsuits there will be few left) and the shareholders will be very happy to, at least, get some money back.

All FreeBSD / Apache / PHP will be converted to Windows 2003 Server / .NET / C# and Yahoo! services will be even worse than they used to be, Microsoft will take the users and force them to start using Google services (no one likes to eat crap anyway) and Google will be the last hope of the Internet.

Fortunately Google is by far more efficient than Microsoft and Yahoo! together (it’s not that hard anyway) and it’ll be piece of cake to take them both down while still holding their hats with the other hand. I just hope Google doesn’t try to dominate the world as Microsoft is attempting for decades, they probably know by now that it’s like reaching the speed of light, the bigger you are the more energy you need to increase speed.

Microsoft and Yahoo! will still exists for a loooong time and Google will have a bit of competition for a while, at least until the “next-Google(tm)” shows up and put all three in the sack “with a wave of her hand(tm)” and the cycle will start all over again.

Let’s hope for the best, whatever that is…

Popularity: 10% [?]

Share This

Some Brazilian guys are doing FREE BEER in the true sense: using open source recipes licensed by creative commons.

Every batch is tagged with a version, 1.0, 2.0 etc. They’re currently on version 3.4! But you can still get the last 1.0 at ebay.

Popularity: 10% [?]

Share This

Multics arose from the dead in the source code shape! MIT has just released its source and now you can see with your own eyes how it was back in ‘64!

It’s not easy to retrieve the whole code (no tarballs) but it’s a good exercise to read its parts if you can understand the structure, of course. If you couldn’t, don’t worry, start here.

Popularity: 8% [?]

Share This

The first big favour Microsoft did to the Linux community was to delay Windows Vista over and over (and over) again. That put into highlight some Linux distributions such as Ubuntu. Not that it was the only reason, of course but it did help a lot. Ubuntu got many deals, in special with Dell, selling per-installed Ubuntu systems to the general public.

Now it’s even better! They’re (thinking of) using a black screen of death security system that if your copy is not legal it’ll lock your computer and die. Pretty much what used to happen with the previous blue screen of death, only intentional.

It’s a mighty gift, much better than the One Ring to Boromir, it’ll force all people that use pirate copies of Windows (the vast majority) to buy legal copies or crack the system.

Now let’s be serious, how many people you know will actually buy a real copy? If you live in the US, most. In Europe? Some. In the third world countries? One or two… A hack will eventually be available but the more they force people out of piracy the more people will be using Linux, and that’s the best scenario for us, freedom supporters!

They are so dependent in piracy (and they know it) that the less piracy there is, less market they gain, less people the get brainwashed, less of a monopoly the industry becomes, the more freedom we all have… It’s a bless!

Again, thank you very much!

Popularity: 17% [?]

Share This

It has now passed almost 170 years since the first programmer did the first code in the first analytical machine and yet we are so lame I can barely be proud of what I do, professionally of course.

Coders are now among the richest people in the world, programs sell more than bananas nowadays and the investment in technology is considered now one of the basic blocks of modern society and still we can’t build a piece of software that lasts for more than 5 years without being completely scraped.

The open source community is probably the biggest anarchist movement in history with all the good and bad things we all knew about anarchy and for the surprise of capitalists it’s working far better than big technology companies (check IBM’s OSS support and Vista’s problems in the general news).

Of the hundreds of open source softwares that emerge only a very small fraction have success but yet they manage to stay for longer in a stable status and growing smoother than paid software.

Companies are so worried about money that even tech companies can’t write proper code. Scientific institutes are so worried about doing the perfect way every time that they re-write everything everytime and still need to re-write from scratch next time again. Money and ego are the villains in our industry and unfortunately most of us are affected by at least one of them.

Case studies

Banks, for instance, focus on what works instead of what will last. The result is a complete mess (our beloved ball of mud) that eventually have to be re-written in the future and replaced by another ball of mud with bits of the legacy balls (just in case something breaks). If customers could see the code that run a bank before opening an account they will never open it, in ANY bank.

Internet companies have the same problem but a few more, it must look good and it must be new. It doesn’t matter if the code is good, or if someone really need that feature, but the more features it have the better. (Not) Maintaining that in the future is a completely different problem.

Big companies only follow standards when it’s not needed, like writing core libraries in PHP because that’s the company’s default language or sticking crappy systems together with tape just because they’re the standard libraries used worldwide.

Scientific institutes are not free of problems too. Money is much less a problem but the ego is so big that it can be even worse. Everyone wants to re-write everything their own way and no one disagrees and just shake their heads and wait years to have another non-working beta system to maintain alongside with all other systems made by people that left the institute decades ago but there is still one person using (and normally afraid of moving as it’s not his code as well).

So, why?!

Simple: ego, fear, pride and prejudice.

Not many programmers really care about money, as much as they care about their own ego. The money problems in private companies is institutional and not personal. Our problem is personal.

Most CTOs, CIOs etc know about all problems of taking the actions they take but they’re often afraid of taking radical decisions (even when it’s for the better) or their ego demand them to change something that is working well just because it was someone else who did it.

Most programmers will have a huge pride of their systems and consequently an even bigger prejudice on the others’. Reason can’t work where pride and prejudice rules, nothing good can come out from an environment as bad as that.

Now take those four problems and you know why are we SO lame!

This is also the same reason why open source software is not as lame as closed source. Programmers still have ego and pride but code is pure logic. When your code is exposed you won’t be proud of a bug and if someone points you to one in your code you rather fix it than yell at him/her. In this case your ego and pride will not save your job but make you loose credibility in the community and your project will be put aside and other will arise, so if you don’t cooperate, you die.

Open source promotes dialogues, refining code and algorithms, finding bugs and fixing them the best way possible. It might be (arguably) slower than big companies but still the overall local quality is much better.

What to do?

It’s not just a matter of solving one or other problem, as the environment is already filled with rubbish up to the top, it’s a matter of acting different, from scratch. (my ego is working now)

If you know something is wrong, report it. If someone says it’s impossible to do, demand proof. If someone takes actions based on ego, fear, pride or prejudice, open your mouth and speak loud.

You might loose your job but I’d rather loose my job than work on such a lame place and today, unfortunately, it quite difficult to find somewhere not lame.

Popularity: 13% [?]

Share This

« Previous entries