2013-10-26

FOSS Week in Review

NSA: Locking the barn door after the horse is stolen

On Monday, Reuters reported in an exclusive story that the NSA had failed to install some super duper software meant specifically to protect the agency from inside threats at the site in Hawaii where Eric Snowden downloaded thousands of classified documents. In other words, after spending who knows how much taxpayer money developing internal security software, made by Raytheon by the way, and getting it installed and tweaked at NSA installations everywhere, little Eric Snowden was shuffled off to one of the only, if not the only, locations where internal security wasn’t in place. In hindsight, this made the NSA akin to two lengths of case hardened steel chain being bound together by a link made from a paper clip.

According to this report, the Remote Operations Center where Snowden was stationed didn’t have the software installed because of low bandwidth issues. If the software had been operating, officials at the NSA would’ve been notified the minute Snowden began his now infamous download. In other words, it was merely by chance that the spook with a conscious found himself stationed at the one place where NSA computers were set to look the other way by default as the NSA’s dirty secrets were downloaded.

“He was only there for a few weeks before he told his employers that he needed time off because of health problems. Snowden then disappeared and turned up several weeks later in Hong Kong. There, he gave a TV interview and a trove of secrets from the NSA and its British counterpart, Government Communications Headquarters, to writer Glenn Greenwald, filmmaker Laura Poitras, and journalists from Britain’s Guardian newspaper.”

We’re not very religious here at FOSS Force, but in this case we’re willing to explain this “coincidence” as an example of divine intervention.

Shuttleworth ticks people off again

It seems that an awful lot of people are too thin skinned. A week ago Mark Shuttleworth made the following comment in his blog:

Mir is really important work. When lots of competitors attack a project on purely political grounds, you have to wonder what THEIR agenda is. At least we know now who belongs to the Open Source Tea Party And to put all the hue and cry into context: Mir is relevant for approximately 1% of all developers, just those who think about shell development. Every app developer will consume Mir through their toolkit. By contrast, those same outraged individuals have NIH’d just about every important piece of the stack they can get their hands on… most notably SystemD, which is hugely invasive and hardly justified. What closely to see how competitors to Canonical torture the English language in their efforts to justify how those toolkits should support Windows but not Mir. But we’ll get it done, and it will be amazing.

It seem that many of Ubuntu’s detractors became upset at the reference to “the Open Source Tea Party.” My gawd, it was just a joke–and to make sure everyone knew he was just kidding, he followed it with a winky emoticon. Chill out, people.



Mark Shuttleworth of the Ubuntu Tea Party

As for Mir… Ubuntu belongs to Mark Shuttleworth and Canonical. The last time we checked the GPL, they’re allowed to do with the code anything they want so long as they give any changes back to the community, which they appear to be doing.

We don’t use Ubuntu here at FOSS Force, but if we did and if we didn’t like the notion of MIR, we’d just find another distro to use. As we’ve discussed here on this site in the past, there’s no shortage of distros.

Windows phablets and tablets from Nokia

On Wednesday we learned from the BBC that Nokia unveiled a slew of phablet and tablets at Nokia World in Abu Dhabi.

Although Nokia is still technically independent of Microsoft, since the sale isn’t expected to be finalized until early next year, the new products can only be seen as indicative of what to expect from Nokia when it becomes a subsidiary of Redmond. Included in the mix is the first Windows RT tablet from anyone but Microsoft.

Stephen Elop was at the event and according to the Beeb, he came very close to calling Nokia’s adoption of Windows a mistake:

“Nokia’s former chief executive Stephen Elop, who resigned to become head of the company’s devices and services division until his transfer to Microsoft, admitted to the BBC that choosing Windows Phone rather than Android as an operating system had presented the company with ‘a very difficult challenge.’

“‘It’s been hard. It’s a very difficult challenge; it’s a very competitive environment, but we’re pleased with the fact that we’re building momentum,’” he said.

You’ll excuse us if we refrain from wishing the new Nokia much success.

We also learned this week, from CNET and the Wall Street Journal, that there are rumors about that Microsoft is developing Windows eyewear:

“‘Citing the usual ‘people familiar with the matter,’ the journal revealed no details about the prototypes, but it did note that the project is part of Microsoft’s strategy to compete with Google, Samsung, and Apple in the device market.

“A spokesman for Microsoft told CNET that the company had no comment on the rumors.”

Linus Torvalds calls Fedora developers “stupid”

Linux’s head penguin, Linus Torvalds, made it back into the news this week when Softpedia reported on a bit of a spat between Torvalds and the folks at Fedora.

It started when Torvalds made a remark on Google+ about Fedora’s use of an old kernel, which is problematic for some users:

“Is there some basic reason why you never regenerate the install images? Right now the F19 install images use some ancient 3.9-based kernel. Which means that they may boot on most machines, but it’s missing wireless ID’s for new laptops etc, so making it useful is unnecessarily painful.

When Red Hat developers explained they didn’t have enough money to test Fedora properly with a more up-to-date kernel and they didn’t want to release a product that might not work on some hardware, Torvalds replied:

“Because right now you say ‘we don’t have Q&A to verify the images’, and I’m telling you ‘that’s bullshit, because the old image is known to be broken, so claiming that the new images might be broken is all kinds of stupid, isn’t it’?

“And no +Lukáš Zapletal , I don’t want to have rawhide images. I want to get a stable F19 install. And if you have Q&A issues, you’ll have angry users that did ‘yum upgrade’ and it resulted in a non-working system for them.

“So all your arguments are just f*cking stupid. Call it F19.x, warn people that it’s ‘more up-to-date’, and just stop making stupid excuses for having an image THAT DOES NOT WORK, because you want to not test whether the new image MIGHT NOT WORK.”

We just love it when Linus talks dirty.

PHP website compromised by malware

PCWorld reported yesterday that PHP.net was unreachable for a number of days for users of some browsers, which was just as well since accessing the site exposed visitors to malware. The site was blacklisted after it was hacked and Google’s crawlers discovered it trying to deliver a dirty payload:

“The php.net site was blacklisted early Thursday by Google Safe Browsing, a service used by Google Search, Google Chrome and Mozilla Firefox to prevent users from visiting malicious websites. As a result, Chrome and Firefox users who tried to access php.net over the course of several hours Thursday were warned that the site contained malware.

“The PHP Group, which maintains the php.net website and the PHP distribution packages, initially thought the warning was the result of a Google Safe Browsing detection error. ‘It appears Google has found a false positive and marked all of http://php.net as suspicious,’ Rasmus Lerdorf, the creator of PHP, said on Twitter.

“But a more in-depth investigation revealed that the userprefs.js file had been modified repeatedly as a result of an intrusion, the PHP Group said in a message on php.net. ‘We are still investigating how someone caused that file to be changed, but in the meantime we have migrated www/static to new clean servers,’ the group said, adding that there’s no evidence of the compromise extending to the PHP distribution files.”

The PCWorld article went on to note that sites like PHP.net, which are used primarily by developers, might be valuable targets for black hat crackers:

“PHP developers can be valuable targets for attackers because their computers usually contain intellectual property like source code and other sensitive information, including log-in credentials for websites they maintain. Many developers are also likely to visit php.net from company-issued computers, and compromising those computers could allow attackers to access corporate networks.”

“All Things Open” to return

Todd Lewis, Conference Chair for All Things Open and Executive Director of IT-oLogy/Columbus

At the closing ceremonies for the All Things Open conference in Raleigh on Thursday, Conference Chair and Executive Director of IT-oLogy/Columbia, Todd Lewis, announced that the conference will definitely be back for an encore performance in 2014. Lewis said his hope is for All Things Open to become the premiere open source conference on the East Coast of the United States.

From what we understand, the attendance at this inaugural event far exceeded expectations. A spokesperson for IT-oLogy, the host organization, told FOSS Force they had been hoping to attract at least 300 people to the event and had prepared for 500. In the end, about 800 folks attended the two-day conference. Next year’s event is scheduled to take place on October 22 and 23, 2014.

Right now, our Christine Hall is busy at work on a series of articles about the event that we plan to start publishing early next week.

**********

Well, that’s going to do it for today. Until our next Week In Review, may the FOSS be with you…

The post PHP Attacked, the Shuttleworth Tea Party & More… appeared first on FOSS Force.

Show more