Cracking the GNU/Linux Security Cliché

One of the jibes about GNU/Linux from the closed-source crowd is that the only reason there so few security exploits against it is that its market share is too small for crackers to care. Against that background, the following development must represent some kind of milestone....

On Open Enterprise blog.

Open Source Skype Scuppered

I don't use Skype much, so news that it probably has a backdoor that lets others (hello, secret services) eavesdrop doesn't much concern me personally. But it's regrettable for several reasons.

First, obviously, that such a flaw should be built in is bad. It weakens the product - crackers of the world are doubtless firing up their Skype programs even as I write - and suggests an extremely patronising attitude to users. But I think there's another, less obvious, problem with this revelation.

For some time, people have been talking about getting Skype to go open source: you can now forget that. If there really is a backdoor, Skype is not going to reveal it - or let people rip it out of any released code.

Ah well, there's always Ekiga....

The Russian Experiment

I've always thought that Russia offered very fertile ground for free software. It has some of the best hackers in the worlds (not to mention crackers), a need for customised software (not least because it will be in Cyrillic) and not much dosh to pay for exorbitant licensing fees. So news that Russia was aiming to move schoolchildren to free software seemed promising, even if the cynic in me wondered whether anything would actually come of it.

Well, here's a useful update on what exactly is happening with the project:

First of all, first deliverables have already become available. Openly and publicly (Russian). Among others, you are able to download the specially tailored Linux distributions, including a version tailored for older PCs with 128-256 MB of RAM and P-233-class CPUs and a Terminal Server edition that allows to use older PCs as thin terminals provided a decent server is available in the classroom.Secondly, the information is now coming from more than one source, which indicates that the regional participants of the project have both freedom and willingness to act (Perm, Tomsk, Moscow, all in Russian). The most curious is the website of the Perm region, where a map of the integration progress is available. The numbers in black correspond to the total amount of schools (first number is for city/town schools, second is for rural schools), the numbers in red correspond to the schools where Free Software is already being used.

What's (Open) Source for the Goose...

A report suggesting that the Chinese military has hacked into German government computers could have a negative impact on the prospects in Western markets of Chinese equipment vendors Huawei Technologies Co. Ltd. and ZTE Corp. (Shenzhen: 000063 - message board; Hong Kong: 0763), believes an analyst at Dresdner Kleinwort .

...

"The ability of Huawei and ZTE to participate in, let alone win, telecom infrastructure tenders in the Western hemisphere may have lessened considerably following last week's shock report," writes Lindberg in a research note issued Monday. "It could trigger a return to national security clearance when it comes to procurement of telecom networks," he adds.

OK, so this may be pure paranoia, not least because it's not clear that the alleged Chinese spyware has anything to do with the Chinese telecom equipment.

But there's a more general principle: if it ain't open, you don't know what's going on, so all this kind of stuff could be going on, unbeknownst to you. Of course, it also applies to Chinese procurement as well, which is one reason why I think open source is bound to win out there, as elsewhere.

After all, if you are a (paranoid) government flunky, do you really want to risk national security (and your post) on that black box? No, I thought not. (Via GigaOm.)

The EU Thinks it Can Pwn You

Sigh.

EU Justice Commissioner Franco Frattini has assured Germany's Federal Minister of the Interior Wolfgang Schäuble (Christian Democratic Union; CDU) of his "full support" for the plans of the federal government to engage in so-called online searches of private PCs.

Leaving aside the issue of the gross privacy intrusion this represents, and leaving aside the fact that it seems to be espousing police cracking of computers, there's a teeny-weeny problem here. It's called a firewall; it's what any sane person connected to the Internet will have on their system precisely to prevent crackers gaining access.

While politicians and their advisers remain so ignorant of technology there's hope for us yet.

There's Monoculture, and There's Monoculture

Here's eWeek all breathless:

If the plan is perfectly executed, Nicholas Negroponte's One Laptop Per Child project will deploy 100 million laptops in the first year. In one fell swoop, the nonprofit organization will create the largest computing monoculture in history.

Well, that depends how you define monoculture.

Yes, if you mean exactly the same machine; but definitely not, if you mean effectively the same environment. The honour of mega monoculture certainly belongs to Microsoft Windows, in all its later incarnations. Each has offered what is basically the same lush virtual mulch to several million crackers: the operating system, Internet Explorer and Outlook. What more do you need? As the unrelenting attacks based on just these elements show, you certainly don't need to have identical systems to succeed in sowing mayhem. (Via Techmeme.)

Why Hackers Do It

If you've ever wondered what makes hackers (not crackers) tick, you can relax: somebody has now submitted a doctoral thesis on the subject (in German) to give us an academically-rigorous answer.

It has as its title "Fun and software development: on the motivation of open source programmers," and includes, in an appendix, an email from RMS, whom the doctorand unwisely addressed as an "open source developer". To which Stallman inevitably (and rightly) replied:

Thank you, but I do not consider myself an ’open source developer’, and I don’t like my work to be described as ’open source’.

My work is free software (freie Software, logiciel libre).

One result, noted by Heise Online, is particularly striking:

Only about half the programming work is thus undertaken by the developers in their free time; for 42 percent (in temporal terms) of their engagement with open source the programmers are being remunerated -- an astonishingly large percentage. On this point the author of the dissertation Benno Luthiger Stoll remarks that this figure is likely to be even higher when the big picture is taken into account: The developers most likely to be paid are those working for large open-source projects; projects that in many cases have their own project infrastructure, he notes. Those active open-source programmers questioned, however, had come from Sourceforge, Savannah and Berlios, which in general tended to host less elaborate projects, he adds.

Happily, it also seems that

When compared with some 110 developers working for Swiss software companies, those engaged in open-source projects were seen to have more fun.

But maybe Swiss software companies are particularly boring.