Free and Open Technologies by Nucleus

Open Source software, as defined by the Open Source Initiative, has a different definition (and a different set of restrictions). This is because open source isn't about preserving the user's freedom the way that "free" software is. In fact, I would prefer the term "freedom-preserving software", because that makes it clear what the purpose of these licenses really is. Yes, open source is provided with few restrictions than proprietary EULAs give you. But open source may not always preserve that freedom--at an intermediate step, someone may have obtained open source software and bundled it with proprietary-licensed software in such a way that said freedom is gone. Or they may have made some changes but not provided the end user with the source of those changes (and may not have contributed that source back upstream to the open source project)--free licenses such as the GNU General Public License are designed to protect against these types of freedom-eroding measures.

An example of what I mean would be to look at Microsoft Windows, which is not freedom-preserving. When you turn the computer on and connect it to a network, it attempts to call home to Microsoft. No one knows exactly what it is reporting, so it could be telling such things as serial numbers for key hardware pieces as well as a list of installed software. Or, perhaps, it could be carrying information about where you've been online. That foreign online casino, for example, isn't legal for Americans to use. If some anti-gambling task force shows up at your home around 3AM, it could be that they showed up in Redmond WA with some legal papers. Then again, I would assume that some online bad guy may have already penetrated Microsoft's database where they keep this information, so there's no telling what said bad guy may plant there.

Now, I'm not singling out Microsoft here. Anti-user activities are a natural consequence of proprietary commercial software, because the whole model is based on scarcity: they make it difficult to obtain and utilize the software without paying for it, and that necessitates an ever-increasing amount of suspicion toward even legitimate paid customers. The bits are free (zero-price), or close to it, so the scarcity is artificial. And let's make it clear: Apple is at least as guilty of anti-user activities as Microsoft is. I'm told, for example, that there is code within OS X that is meant to detect when it is installed in non-Apple hardware and to prevent it from running there.

Important: Free software is not necessarily zero-price software. We are discussing software that preserves your freedoms, not discussing the price of software.

Anyway, Richard M. Stallman's article has more information and is a better summary, so go read it there.

Years ago, browsers didn't have the ability to use tabs to organize multiple pages, so opening a new window was an assault on the user's computer resources. For a resource-constrained computer, opening a new window could freeze everything up, forcing a hard reboot. These days, the computer is in the trash can long before it reaches that stage, and with the advent of tabbed browsing, it doesn't take much more resources to open a new tab than were already being used.

Meanwhile, we have lots of bad guys taking advantage of uninformed users that leave sites while logged in--particularly those who are logging in on a public computer, such as might be found in a public library or a hotel lobby. Yes, if you go to Yahoo mail, Hotmail, Gmail, or another well-known webmail provider's site, you often find that someone didn't log off. It would be easy for someone with malicious intentions to impersonate that person.

At work, I tell the people I support to be sure they log off of every site they log into before they leave the computer. Additionally, I tell them to lock the screen or shut the machine down. All it takes is one person without character to ruin someone's career.

So it should be no surprise that I detest sites that send logged in users offsite while they are logged in. It is very easy to get carried away with the content found at another site and forget to hit the back button twenty times to come back and log off. For this reason, it is bad design for a site to send logged in users to another site in the same tab. Open another tab, so the user has some indication that there is unfinished business to deal with.

Now, I know that there are many sites that do this. But then, there are many sites that can send you current password in an e-mail message. Current standard practice is to do an HMAC (or at least an MD5 hash of password + a "nonce"), so that there is not an unhashed version of the password anywhere except in the user's mind. But I was at a state government site about a year ago, where they showed me my username, password, e-mail address, and other information that shouldn't be so easy to access. I didn't even have to wait for an e-mail message.

Meanwhile, the bad guys of the Internet are about at the point where no one should be using a human-rememberable password anymore. Instead, we should be using password managers to generate, store, and enter passwords on every site. Now, no one is doing this yet (or very few of us), but it does no good to have a complex, hard to guess password if you click on a link while you are logged into a site and it sends you somewhere else. Until your session times out, anyone that uses that computer is "you" as far as the site is concerned.

So, to sum up, don't use password storage techniques from the 1990s. Use a modern, secure password storage method, and make sure the passwords are "strong" enough to slow down bad guys who would seek to fraudulently log in as one of your users. Encourage them to use software such as Password Safe or KeePass, both of which have versions which can ride on a USB flash drive. And make sure that all links outside your site open in a new tab when users are logged in. If they aren't logged in, you don't have to do this, but when they are logged in, try to make it clear that they need to log out before they leave.

I have loved the Ubuntu family of operating systems every since I first encountered version 5.04 in 2005. Prior to that, I had been very much a Red Hat / Fedora user. But I am facing a problem that I find difficult to resolve. I dislike the GNOME desktop and most GNOME software. SuSE was my first distro, but I've long since moved past it. I do still install Mandriva about once a year, but it rarely lasts a week before I return to the Ubuntu fold.

Xubuntu is a wonderful desktop. It is now my main environment and my personal recommendation. However, I don't use it stock. I install some software and uninstall other software to make it useful.

1. Evince / Okular--Like most GNOME applications, Evince is not very configurable. Further, the GNOME file dialog doesn't generally handle files that are somewhere else (e.g., on an HTTP server somewhere). With Okular, I can copy a link for a PDF file that is on a website somewhere and the KDE file dialog will open it.


2. GDM / KDM--GDM sometimes has trouble starting other desktop environments or window managers. I first switched to KDM because I was starting to use IceWM on low-resource older computers, and GDM wouldn't launch it properly. Since KDM is part of the K Desktop Environment (KDE), I go ahead and install it, and then make Xfce my default environment. Newer versions of GDM haven't had the same problem, but why go back when KDM works so well? (For the record, I typically install LXDE, too.)
   


3. Gnumeric / OpenOffice.org--While Gnumeric is fine for the functionality it implements, I tire of fighting with it over every spreadsheet someone e-mails me. OOo isn't perfect by any means (slow-acting and a memory hog), at least it works for most files. I generally leave AbiWord installed, but I don't use it much, unless I already have a lot of things open and don't want to make the computer lag.


4. I cannot recall what media players were preinstalled, nor what photo manager. It doesn't matter, because I changed them. For photo managers, I haven't found anything that matches the functionality of digiKam. So when I have to deal with F-spot, for example, I get frustrated. Media players ... I always install VLC and Amarok. I install K3B for burning CDs and DVDs, and get rid of GNOME-based burners. Xubuntu uses Xfce, so I also install xfmedia and xfburn.


5. Browsers: I always make sure to have Firefox and Opera. I've been known to install Konqueror, Arora, reKonq, and Epiphany. Epiphany, Arora, and reKonq are based on Webkit, the same engine behind Safari (which isn't available on Linux) and Chrome. All Webkit browsers take a while to start loading the page. In the case of Chrome, I can actually completely load a page in SeaMonkey (which must be the world's slowest modern browser) before Chrome finishes "resolving host". Once they start loading, the Webkit browsers are fast. Epiphany, being a GNOME product, relies on something similar to the Windows registry. If you are using a non-GNOME desktop, you may not have a GUI interface to Gconf. What this means is that there might be some (advanced) functions that you cannot easily change.

These are my personal customizations. I am considering a move to Arch Linux, because I like the idea of a rolling release. No more having to re-customize periodically. (I generally upgrade to the latest Ubuntu/Kubuntu/Xubuntu version within days of release, which rolls back my customized software selection before doing the upgrade.) However, I wish that there was something with the rolling release of Arch Linux, with the common-sense layout of Gobo Linux (FHS, the file hierarchy standard, is way overdue for replacement), and the compiled-from-source design of Gentoo Linux, but which is Debian-ized enough to use a modified version of Synaptic as its graphical "package management" interface and has the Ubuntu fit and polish.

But for now, it is Xubuntu for me (with a small dose of Linux Mint and a small dose of Fedora). If it weren't for Xubuntu, I might have to go with a Linux-from-Scratch thing. I'd like that, but it would be hellacious to maintain everything that goes into a modern desktop. Xubuntu has rescued me from much of that maintenance work.

What about Windows or Mac OSX, you might ask. Well, I've purchased three computers with Vista on it in the past 18 months. Two of them (mine and my nephew's) now run Linux. One of them still runs Vista, but is rarely used, because my youngest son uses his Mac instead. That Mac is interesting. I paid for it, but I never use it, and it takes me days to get up to speed whenever he asks me to do something with it (such as set up printing). I can't imagine a computer that is so simplified that no one can figure out how to set up printing! (I had to find the terminal, install the developer tools, and compile the driver, even though the printer is on a remote machine that already had the driver. It took two days to find this out, and then an hour to do it.)

I am glad to hear that both YouTube and Vimeo now support the HTML5 tag. However, it makes little sense to do the work to add HTML5 support when over 90% of Web users have Adobe Flash Player installed (and some of those who do not have Adobe's player have swfdec or Gnash). The only way it could make sense is if the sites were seeking a significant market of users who could not view Flash (e.g., mobile users). Unless, of course, the eventual plan is to replace Flash with HTML5

If that is the case, an open format like Ogg Theora or Dirac is a better choice than a codec like H.264, which is covered by software patents in some countries (including the USA). Why? With an open format, it is possible for every browser to implement it without fees or bothersome restrictions on passthrough rights. And if certain browser makers also have their own proprietary audio / video formats to protect, it is still possible for someone to produce codec packs that will help those products to be able to play the videos. It is likewise possible for site owners to post such videos without fearing a visit from the patent patrol.

Mozilla is building in Ogg support (with both Theora [video] and Vorbis [audio] codecs). So current or future versions of Firefox, SeaMonkey, Flock, Songbird, K-Meleon, and Wyzo should all soon be ready. Opera is also building that support in. I would hope that the KHTML / WebKit browsers will also gain this, although Apple has its own proprietary codecs that it will also want to support (and Google recently purchased a company that owns some video codecs [including the successor to the codec that became Theora]). Assuming that this happens, only Microsoft will be missing. As mentioned above, the essential patent-free and license-free nature of Vorbis, Theora, and Dirac

If you don't already know it, software patents are evil, and that includes patents on physical apparatuses in which firmware plays an essential part of its patentable functionality. They don't drive innovation or invention, because patents are written in vague, legalistic terms to make them both harder to copy and easier to use against a competitor. In addition, patent examiners lack specific field expertise (and so are not able to know whether something is truly an advance in its field versus "putting old wine in new bottles"). And patent examiners, who should be paid based on the quality of what they let through, are actually under pressure to meet a quota of approvals.

One final thing: In taking up this battle, Mozilla is taking a long-term view, thinking about the implications of its decisions. This is good. It makes me wonder why so few others have the brains to do this? For all those who want to trash-talk RMS, this is one area where he's been right again and again. And Theo (from OpenBSD) also. If you make short-term choices that compromise your freedoms based on convenience, eventually, being non-free will be inconvenient, but you will not have maintained a defensible ground upon which to stand. As the Free Software Foundation notes, "free software is not about the price" of that software, but about protecting your freedoms to use and modify the software as you see fit (and to distribute your modifications). This is why you should be looking for these licenses on your (end-user) software: GPLv2/GPLv3/AGPLv3/LGPLv2/LGPLv3. Only if you cannot find acceptable software with said licenses should you look at software with any other license.

Like many others, I am currently re-evaluating the use of MySQL to power the applications on the sites I run. Of course, most of the applications I am using are hard-coded for MySQL, so there isn't much chance of switching over to PostgreSQL any time soon. Still, I'm already starting to look for database-independence, so I could conceivably abandon MySQL after Oracle's acquisition completes.

That said, I like MySQL. I've been using it since version 3.23. Me moving away from MySQL is probably going to be dependent on Oracle's decisions in regard to FLOSS (free, libre, and open source software) and whether their need to push users to the full Oracle database causes them to slow development or limit features of MySQL.

SOURCE: Nicholas Clayton.

This is where science and research and technology have to be kept in submission to something that can make moral and ethical decisions. Just because we can develop such a life-recording system does not mean that we should do so. For one thing, such broadly inclusive "augmented memory" is sure to promote embarrassing moments: "I was checking my memory stream today and saw when you were in third grade and you peed on yourself at school." Try saying that in front of your son's new girlfriend.

It could lead to a version of political correctness. Suddenly, you have no reason not to remember your brother-in-law's birthday. Nor can you persuade your wife that you did not agree to mow the lawn Saturday afternoon, instead of watching the game. But the real reason is that history has shown that the way to prevent misuse of data is not to collect it in the first place. The government got search records from the big search companies because those companies collected that data in the first place. Had they not been collecting the data, there could have been no requests and no lawsuits. (At least Google fought the request. Yahoo and Microsoft were reported at the time to have willingly handed over this potentially privacy-breaching information without a fight.)

If you think the surveillance cameras that cities are installing with federal grant money will not some day be used to help suppress dissent, you are not seeing the big picture. And so it is with electronic augmented memory. Just wait until a judge issues an order compelling one or more people to turn over their data to investigators.

There is a lot more to say about this, but I think that social and legal issues make this an exceedingly bad path to take.

Social networking remains the most targeted area for attacks as SQL injections preferred - SC Magazine UK

One in five hacking attempts were on social networking sites this year.

According to the latest Web Hacking Incidents Database (WHID) 2009 bi-annual report from Nebulas Solutions Group and Breach Security, social networking sites were the most targeted vertical market in the first half of 2009, with hackers exploiting Web 2.0 features such as user-generated content including Twitter posts to launch their attacks.

Surprise, surprise. Computer criminals target popular sites in cyberspace the way confidence men use popular themes in meatspace (real life). Is anyone really surprised at this?

The article also talks about the most popular method of attacking sites. I encourage you to go to the site and read it. If your site attracts a lot of users, it will also attract a lot of computer criminals. That's why you should collect & store the absolute minimum amount of personally-identifying information (PII) that you can and dispose of it as quickly as you can. What you do not have can never be stolen from you.