(wow,security) Schneier on Security: Security by Letterhead


"It's an effect of technology moving faster than our ability to develop a good intuition about that technology."

This is why Bruce Schneier is Bruce Schneier:

I too read the original article he is referring to (at http://worsethanfailure.com/Articles/Security-by-Letterhead.aspx ), a few days ago. I too had a good laugh at the idea that a letterhead is any measure of security, and thought to myself that people who do not know technology as well as we do are forever going to be digging themselves into holes like this one.

But it takes a Bruce to analyse it in such a crisp and concise way, yet pack much more meaning into his analysis than I ever could.

This is not because he knows English better than I do (although that may well be true too). It is because he has been thinking about security a lot more deeply than I, or indeed pretty much anyone outside of deepest academia, has been doing.

(malware) When antivirus products (and Internet Explorer) fail you | The Register


Good stuff. If any of my readers are actually using IE for routine web surfing, you haven't been reading my blog. Or you don't care about your machine and your data!

"Internet Explorer's interpretation and handling of mangled HTML and supported scripting input certainly contributed to making the Internet accessible to a wider audience, though now it is leading to making the platform more accessible to malware authors (if that was possible)."


google talk, yahoo messenger, jabber, and lotus notes sametime -- all on one client (pidgin)

About 4 years ago I discovered the magic of Instant messaging using a specific server (the jabber server) and any jabber compatible client.

Now I have discovered (courtesy a somewhat overdue OS upgrade on my work desktop, running Mandriva 2008 now) the magic of pidgin, a multi-protocol IM client that does everything that I could wish for. (Well it doesn't do voice and video chats, but that's a plus point in my book!)

I had written (back in 2003 or so) an article extolling the virtues of IM for a corporate environment. With a multi-protocol client available, I can now login to google talk, yahoo messenger, our departmental jabber client, as well as the company wide Lotus Notes Sametime network, all in one client! I'm logged into four networks using one client :-)

Of course, pidgin is available for windows also; in fact it's been called the firefox of IM clients :-) So you don't have to switch to Linux to use it.

What are you waiting for?


gotta love this...

I have to love something that simultaneously disses both Vista (for being crap), and Sony (for being proprietary) ;-)



Why Ubuntu?

[UPDATE: less than a month after this, I switched back to Mandriva, my favourite for the past 9 years or so.]

My first criteria for a Linux distribution has always been: how can I make this attractive to non-tech folks without scaring the shit out of them? For the last 8-9 years, the only real contender was Mandrake (now Mandriva). Nothing else came close, and if you think Debian or Fedora are good, you haven't seen Mandrake :-)

I now think Ubuntu/Kubuntu is even better at this than Mandriva.

[Security warning: Ubuntu uses only one password needed to get root - you just have to type it twice . This is only marginally better than Windows, where the user is the admin by default. On my ubuntu systems, therefore, the "sitaram" user doesn't have admin privileges. Instead, I create another user called "fakeroot" who has admin privileges, and if I have to admin the system, I have to jump from "sitaram" to "fakeroot", and then from "fakeroot" to "root". I strongly suggest anyone setting up a machine on the internet should do something like this.]

The update treadmill - catching up without running!

Linux changes fast. Windows 2000 is still in use on many computers, and I am told even Windows 95 is still around, but RH 2 (released fall 1995) and RH 7 (fall 2000) are unheard of, and if you still see RH 9 (2003), it's only because it was the last of the RHL series before they split into Fedora and RHEL.

Mandriva never seemed to encourage me to do regular, incremental, updates to the system. Its "urpmi" is just as easy to use and as capable as Ubuntu's Debian-derived "apt" system, but their equivalents for "update" are much slower than Debian's, both in terms of bandwidth as well as in updating the RPM database. On a home machine with limited connectivity, this became something to avoid. And while I haven't actually measured it scientifically, this seems quite doable in Kubuntu, even thought my internet pipe is only 64 kbps (barely more than a POTS modem!).

Anyway, as a result I used to upgrade using a full DVD, about once a year. And sometimes I would do a full install instead of an upgrade if I thought the upgrade would leave a lot of cruft on the system.

And so, for most of the year, therefore, pretty much nothing on my system would change except firefox and thunderbird (my mail client). For instance, some of the programs I use (like kphotoalbum) would come out with new releases and updates, but I couldn't get them because they required updates to core stuff like KDE or whatever

I guess it was a bit like being on Debian stable, although not quite so bad ;-)

And I also got tired of the treadmill. I found myself skipping upgrades simply because I didn't have time to do it. Even an upgrade from a DVD was a specific event, requiring (by definition) a reboot at least. Who wants to reboot just to upgrade?

What I really needed was something that I can stick on the machine and let it work pretty much as long as the hardware holds out, yet always be on the leading edge without being on the bleeding edge.

I needed to be able to upgrade much more frequently, but without having to worry about it as a task, or worry that it will break something.

I needed something in between Debian stable and Debian unstable :-)

Ubuntu fills that need very well.


(PHB^1000) Fox News hires Carly Fiorina, ex-chief of HP - International Herald Tribune


I always hated this woman. I had good friends at HP as well as at
Tandem, which eventually became part of HP, but even if I didn't, I
would still have hated her for what she did to such a great company.

As some of the comments on slashdot said:

- "I hope she brings [to] Fox the same integrity and good business
sense that she brought to HP"

- "And Lucent. Let's never forget the fine job she did there. It's an
astounding accomplishment to drive two of the world's premier
engineering organizations into the ground within a decade. Truly Fox

Too bad she's only going as a "contributor". I would have loved to see
her as CEO of Fox -- would have been a match made in heaven.


Bug #1 in Ubuntu

Been playing with Ubuntu (well Kubuntu -- the KDE version) a little over the last few weeks.  Learned a lot, pretty nice stuff there.

I started with Linux in 95 with Yggdrasil (*), very briefly, then a year or so of slackware, then RH till 98.  I switched from RH to Mandrake in 99 for one and only one reason: Mandrake made it much easier to evangelise Linux to the non-geeks.  And now, I think I finally found something to beat Mandrake, so I have been thinking of gradually switching all my desktop systems (as and when time permits).  I still love Mandriva -- 9 years is a long time, so this was not an easy decision.

The decider came when I found "bug #1 in Ubuntu", which, sadly, has STILL not been fixed.


Now how could I resist that one?



(*) yes, you kids wouldn't have heard of it; it's older than Slackware, I think, and actually when I started it was almost defunct!


(security) Be afraid. Be very afraid...

"Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it."

But the really scary part?
"Oddly enough, Storm isn't doing much, so far, except gathering strength. Aside from continuing to infect other Windows machines and attacking particular sites that are attacking it, Storm has only been implicated in some pump-and-dump stock scams. There are rumors that Storm is leased out to other criminal groups. Other than that, nothing.

Personally, I'm worried about what Storm's creators are planning for Phase II. "

from "Schneier on Security: The Storm Worm"



(geek) The History of the World, as seen through /.


This is just as much as geek test as anything else -- if you get even half these jokes, you're a geek!