Whahahaha… it had to happen one day. A problem with an anti-virus update marks a false positive and puts the file in quarantine. The OS can’t load the file anymore and… oops… reboots… and…. reboots…. and… reboots… This is actually a great feature. Rebooting windows is like 80% of normal usage and it is now fully automated.
Fixing it can be a bit hard… since the computer is rebooting all the time. McAfee could create a bootable windows CD that restores the missing file from the system but.. hey wait.. no they can’t do that. You can’t distribute a proprietary OS like windows for free… Maybe they can create a Linux boot CD to restore the windows file… Something to contemplate: using Linux to revive a windows machine.
Well as many developers already know: security is a concept, not a product! You can’t just throw “some security” at a piece of software. Security considerations must be part of the original design and development of software. The Pwn2Own hacking contest shows –once again– that there is too little security awareness in current software design. Look at these embarrassing results: all major browsers took a fall: Internet Explorer, Firefox and Safari. Most browser are compromised by popular plugins like acrobat reader
These OS’s took a fall: Windows 7, Windows XP, Mac OS X snow leopard. The only OS that is still standing is Linux. Because Linux is indefinitely more secure? Well maybe but there’s also something else: Linux is an open source OS where highly skilled developers are coding. Changes are reviewed by others before they are merged into the main kernel tree. In other words: security is part of Linux. Another thing is that people who run linux are people who are aware of abuse. These are –in general– not the people who would click on the ‘cute-kitten-movie.exe‘ attachment. So Linux is just not that interesting to Black Hat Hackers. True: Mac OS X is build on an open source OS as well: FreeBSD but the presentation layer and Safari is proprietary code from Apple (except for the WebKit on which it is build).
Microsoft currently runs the Security Development Lifecycle (SDL) model. This should make security an integral part of the development lifecycle. Well to be honest when budgets are getting tight and deadlines are running out: documentation and code quality are the first areas that take the fall. So really I don’t expect much from SDL. Especially since MS is trying to develop a ‘catch all’ (silver bullet) security measure inside the kernel… I’m not saying these measures aren’t worthwhile, they are (Linux has them for ages now), it’s just not enough.
The phrase ‘security is a concept, not a product‘ proves its point when you look at the measures current OS’s are implementing to prevent ‘arbitrary code execution’. Windows XP, Windows Vista (still in use?) and Windows 7 has DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). Both ‘techniques’ should prevent (or make it harder) to execute arbitrary code… but they don’t. Dutch security researcher Peter Vreugdenhil showed an impressive circumvention of DEP and ASLR in windows 7. See: security is not a product…
The good thing is that the hackers are not just updating the vendors on the leaks they found. Instead they tell the vendors how to find the leaks themselves in an attempt to raise awareness.
I’ve blogged about World of Goo before on this site. It’s a great game that will entertain you for many hours. I got a tip yesterday from Sander (thanks mate!) about the World of Goo birthday sale. In short: you can determine your own price for the game. Watch it… this will only last until october 19!
You will get all downloadable versions… so one for Windows (why would I want that?) & one for Mac OS X & even the versions for Linux. I’ve donated $1.00 for the game and it makes me feel like a cheap ass but I think that’s the whole meaning of the birthday sale. I think you can donate as less as $0.01 to get the game but I didn’t try it out myself.
Yesterday Google officially announced Chrome OS, an operating system targetted netbooks (both intel x86 & arm-based). Chrome OS will be built on the linux kernel. Google will reimplement the security architecture of Linux. A new minimal graphical interface will provide an easy to use interface. As google says it: “it should just work”.
Speed, simplicity and security are the key aspects of Google Chrome OS. We’re designing the OS to be fast and lightweight, to start up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. It should just work.
Mayday… Mayday… the vehicle that tried to spread FUD (fear, uncertainty & doubt) in the open unix community is going down… The demise of SCO is neigh… Many times investors have tried to keep the warship afloat but this time it’s going down for good.
Groklaw has a nice article on it… Chapter 7 may be the last chapter of SCO.
Not to long ago I wrote a small entry about how sometimes a game stands out against the rest. These games are not mere imitations or improvements of other games but are genuinly original. Today I came across another such game and it is called “World of goo”. Recently the native Linux version of the game has been released (Mac and Windows was already available).
The idea is that you pick up blobs of goo and position them to create constructions. However it is all goo and flexible. The other blobs of goo will freely move along the trails of the construction. Well it’s hard to explain. Just watch the video below.
Oh this is nice. Some hackers have been able to boot Linux on their iPhone. A lot of the iPhone hardware is not supported (yet) but it boots and you can enter shell commands (using USB). Nice hack…
Hans Reiser has led police to the grave of his murdered wife. He finally admitted that he strangled her. The whole story can be read on wired. Hans Reiser is sentenced to 15-to-life. Hans Reiser apologized to society for taking someone’s life. Apology not accepted.
Unfortunately linux evangelist and publicist Joe Barr has passed away at the age of 63. There is an in memoriam at Linux.com. His blog is still up and cynically his last article is a goodbye to Bill Gates. Joe Barr gained momentum and fame with his magazine “The Dweebspeak Primer” available here. If I’m wrong and there is a heaven then it will run Linux pretty soon.
Some Linux kernel developers have issued a statement in which they call upon the hardware manufacturers to deliver open source linux-drivers for their equipment. Here’s the statement:
We, the undersigned Linux kernel developers, consider any closed-source Linux kernel module or driver to be harmful and undesirable. We have repeatedly found them to be detrimental to Linux users, businesses, and the greater Linux ecosystem. Such modules negate the openness, stability, flexibility, and maintainability of the Linux development model and shut their users off from the expertise of the Linux community. Vendors that provide closed-source kernel modules force their customers to give up key Linux advantages or choose new vendors. Therefore, in order to take full advantage of the cost savings and shared support benefits open source has to offer, we urge vendors to adopt a policy of supporting their customers on Linux with open-source kernel code.
Here’s the original statement including the list of developers. The Linux foundation also issued a supporting statement. This would be a great step forward. I support the statement as well. For most hardware you can select a product that has open source drivers however for graphics adapters you are stuck. There is only a small number of manufacturers of graphics adapters. Intel is offering adaptes with open source drivers but these are way below par on features and speed.
Hans Reiser (inmate BFPS63) finally heeds the advise of his lawyers. After ignoring the advise of his lawyers and taking the stand to defend himself at his trial Hans now resorts to silence. A juror said after the trial that Reiser might have been acquitted had he exercised his constitutional right against self-incrimination.
Too bad Hans resorts to silence now because Threat Level, who have been following the Reiser trial all the way, came to visit Hans Reiser in Santa Rita jail to ask him some questions. All for nothing because Hans declined any comment “on the advice of my attorneys”. From the article:
And as he hung up the telephone handset connecting us through the glass, all this reporter could think was that Hans Reiser waited too long to start heeding his lawyers’ advice.
The jurors have spoken and found Hans Reiser guilty of first degree murder. Hans Reiser could not give believable explanations for his suspicious behaviour after his wife “disappeared”. Hans faces 25 to live.
Now this is a remarkable piece of technology. Ksplice allows you to patch a running Linux kernel without the need to reboot your system. Of course there are restrictions. The patch should not introduce semantic changes to kernel datastructures. Now this is not really a restriction since most security patches won’t change the kernel datastructures and this technique is typically used to apply security patches to running systems. ZDnet also reports on Ksplice.
When I have the time I will definitely play around with this software.
After eight release candidates the new Linux kernel is here: 2.6.25. Of course there are many fixes and support for new devices and even support for a new architecture (MEI MN103E010). Control groups were introduced in 2.6.24. You can assign tasks to so-called cgroups and control the amount of memory and CPU to the group of processes. There are many more enhancements. I had to download this puppy and try it out. Thanks to all the kernel hackers for this great release.
Hans Reiser (of ReiserFS fame) is still on trial. We’ve seen some dramatic witness testimonies already. Now the mother of the disappeared Nina Reiser and the father of Hans Reiser took the stand. This trial and the testimonies of the witnesses are becoming a freak show. Read the part about the father explaining that he (just like Hans) removes seats from his car when they malfunction instead of replacing them. There’s a whole lot of bizarro stuff going on. Threat Level is still writing up reports as the trial continues.
I’ve blogged about 