Well that went by fast

Lots of media huffing and puffing, but not much rain (especially when compared with Debbie last month) and not too bad for wind.  Power stayed on the whole time, so yay.

So in lieu of other blog fodder, here's an insanely cool story about a guy who made Linux run on a 1971 Intel 4004 chip:

Hardware hacker Dmitry Grinberg recently achieved what might sound impossible: booting Linux on the Intel 4004, the world's first commercial microprocessor. With just 2,300 transistors and an original clock speed of 740 kHz, the 1971 CPU is incredibly primitive by modern standards. And it's slow—it takes about 4.76 days for the Linux kernel to boot.

...

While it has no practical purpose, the Linux/4004 project demonstrates the flexibility of Linux and pushes emulation to its limits.

Linux on 50 year old hardware has got to be some sort of record.

Alternative to Adobe Photoshop

OldNFO points out a post at Lawrence's place about how Adobe has changed their terms of service.  Basically, you have to agree that they own all the work you create with their software, in order to get access to your work that you created on their software.

Sweet. 

Now IANAL, and so don't know how the (inevitable) Class Action lawsuit(s) will play out.  However, I am an enthusiastic user of The GIMP, a free (as in speech) Open Source Photoshop-alike application.

Yes, it has a Photoshop-worthy learning curve, but it is full featured and powerful, cross platform, and free.  No weird terms of service getting changed at midnight.

If you're looking for an alternative to Photoshop, I highly recommend this.

Time to patch Linux

I've run Linux for years in large part because it's been more secure.  But not invulnerable:

Grab security updates for your Linux distributions: there's a security hole that can be fairly easily exploited by rogue users, intruders, and malicious software to gain root access and take over the box.

Specifically, a buffer overflow vulnerability in the GNU C Library's handling of an environmental variable was spotted by security firm Qualys, which has gone public with some of the details now that patches are being emitted.

The flaw, dubbed Looney Tunables, arises from the GNU C Library's dynamic loader (ld.so) mishandling of the GLIBC_TUNABLES environmental variable. And because GNU C Library, commonly known as glibc, is found in most Linux systems, this is something of an issue.

Essentially, setting GLIBC_TUNABLES to a carefully crafted value can cause a buffer overflow, which could lead to arbitrary code execution within the loader, allowing it to be hijacked.

Besides the funny name, this vulnerability has a very 1990s feel to it.  In any case, if you run Linux, get patching.

April Fools tech humor

Back in the early 90s I was a nerd [pauses to let shocked gasps die down].  There was a couple year period where I read every single one of the Internet specs that were released.  These documents are rather strangely named "Request For Comment" or RFCs.  Since it was my job to know nerdy Internet stuff then, I read 'em all, probably a couple a week back then.

Well every April Fools Day there would be a joke RFC.  There's a pretty good Wikipedia page that lists them.  Here's a recent example: RFC 8565, Hypertext Jeopardy Protocol.  The Abstract reads:

The Hypertext Jeopardy Protocol (HTJP) inverts the request/response semantics of the Hypertext Transfer Protocol (HTTP). Using conventional HTTP, one connects to a server, asks a question, and expects a correct answer. Using HTJP, one connects to a server, sends an answer, and expects a correct question. This document specifies the semantics of HTJP.

Pretty funny right there, in a very nerdy way.  But one that I remember from way back in the day was RFC 1149, Standard for the transmission of IP datagrams on Avian Carriers.  Basically it was sending Internet messages by carrier pigeon.  We yuked this up around the coffee mess.

Well, it turns out some nerds actually implemented this - they built a working system that used pigeons:

Finally, rfc 1149 is implemented! On saturday 28th of april 2001, the worlds very first rfc 1149 network was tested. The weather was quite nice, despite being in one of the most rainy places in Norway.

The ping was started approximately at 12:15. We decided to do a 7 1/2 minute interval between the ping packets, that would leave a couple of packets unanswered, given ideal situations. Things didn't happen quite that way, though. It happened that the neighbour had a flock of pigeons flying. Our pigeons didn't want to go home at once, they wanted to fly with the other pigeons instead. And who can blame them, when the sun was finally shining after a couple of days?

But the instincts won at last, and after about an hour of fun, we could see a couple of pigeons breaking out of the flock and heading in the right direction. There was much cheering. Apparantly, it WAS our pigeons, because not long after, we got a report from the other site that the first pigeon was sitting on the roof.

Read the whole glorious thing here.  Linux nerds FTW!

Microsoft and Linux, sitting in a tree ...

 K-I-S-S-I-N-G:

Microsoft this week released a preview version of Windows Subsystem for Linux GUI, or WSLg, which provides a way to run Linux applications with graphic interfaces on Windows devices.

...

"You can use this feature to run any GUI application that might only exist in Linux, or to run your own applications or testing in a Linux environment," explained Craig Loewen, program manager for the Windows Developer Platform at Microsoft, in a blog post.

Man, the tech world is getting weird.  Eric Raymond had a pretty interesting take on this last year:

Azure makes Microsoft most of its money. The Windows monopoly has become a sideshow, with sales of conventional desktop PCs (the only market it dominates) declining. Accordingly, the return on investment of spending on Windows development is falling. As PC volume sales continue to fall off , it’s inevitably going to stop being a profit center and turn into a drag on the business.

Looked at from the point of view of cold-blooded profit maximization, this means continuing Windows development is a thing Microsoft would prefer not to be doing. Instead, they’d do better putting more capital investment into Azure – which is widely rumored to be running more Linux instances than Windows these days.

Interesting world we live in.

A most unusual (but critical) Windows security update

There is a nasty security bug in Microsoft Windows 10 and Windows Server 2016.  You will want to update your operating system today.  Here's a handy guide on how to check if you already have the update, and if not how to get it manually.  This covers Windows 7, 8, and 10; if you have an older version then it's no longer supported and you don't really have any good options.  Skip to the end of this post for some thought on what to do.

But this is a really interesting security bug, not because of the nature of the bug itself but from how it was reported.  The bug is in the cryptographic subsystem, the library that does all the encryption routines.  This is pretty critical - not only does it handle the encryption of your browser traffic, but even more importantly (WAY more importantly) it verifies that you are talking to the actual web server that you want to and not some skeevy H4x0R site.  Most importantly of all, it verifies that the software you download (including, say, Windows security updates) are actually from Microsoft (and not from some skeevy H4x0R site).

Yeah, this is important.

But the interest here is that this was reported to Microsoft by the NSA.  Remember the Edward Snowden revelations?  NSA is ground zero for collecting attack techniques and code that the Fed.Gov can use against its enemies, foreign and domestic.  Here was a vulnerability present on literally every modern Windows computer in the universe, and they up and tell Microsoft to go build a patch for it.

Remember, these are the same guys who weakened the elliptic curve encryption routines so they could break all the web traffic, and these are the guys who paid RSA Data Security, Inc. tens of millions of dollars to slip weaknesses into the most popular encryption code sold at the time.  Now they're giving away the farm, so to speak.

Hmmmmm.  Here's the story and the interesting bit:

The NSA’s Neuberger said in a media call this morning that the agency did indeed report this vulnerability to Microsoft, and that this was the first time Microsoft will have credited NSA for reporting a security flaw. Neuberger said NSA researchers discovered the bug in their own research, and that Microsoft’s advisory later today will state that Microsoft has seen no active exploitation of it yet.

What's weird is that this is how you're supposed to do things - find a bug, report it to the developer, developer creates a patch, developer gives you credit for finding the bug.  But NSA actually did this, rather than keep the exploit secret.  Maybe some foreign government had discovered the vulnerability and somehow NSA found this out.  Who knows?    In any case, well done to NSA for doing it the Right Way.

But if you have Windows 10, go patch now.

If you have old Windows - say, XP you don't have support anymore.  It's no longer being maintained, so no more security patches.  You really have three choices here:

1. Stay on XP, and realize that some day you're going to get pwned.  It's sad to say, but it's not if you will get something take over your computer, it's when.

2. Upgrade to a newer version of Windows, which probably will mean buying a new computer.  Windows is famously resource hungry, and Windows 10 will be slow as molasses on a computer that came loaded with XP.  ASM826 and I put up a series of posts on backing up your data, so you can move everything over (you do back up your data, don't you?)

3. Load Linux on your existing computer.  Linux is a lot happier on old hardware then modern Windows is, and the backup techniques in the posts linked above will work just dandy on it.  Here's an old post recommending Linux Mint.

Linux: not a lot has changed in ten years

From 10 years back:

How Linux development works

There's a grain of truth in that.

Linux on the Desktop - it's finally here

For the last 20 years we've heard that the next year will be the year that Linux comes to the desktop - each and every year, we heard it.  Well, it actually looks like it's here, because Microsoft is shipping it:

The biggest news of Microsoft's annual developer get-together, Build, this year was the arrival of the Linux kernel as part of Windows Subsystem for Linux 2. Oh, and a new tab-happy Windows Terminal? It's in GitHub. 

Windows Subsystem for Linux 2 

The Windows Subsystem Linux (WSL), which lets you run Linux programs on a Windows box, has seen some serious love from Microsoft as its engineers attempt to demonstrate their commitment to open source and Linux.

And it's even GPL'ed.  By Microsoft.

Just stop and think about that for a second. It means when you come to run a program, the Windows kernel will either interface with it directly if it's a Windows application, or allow the Linux kernel to manage it if it's a Linux application. Now you can run Linux software truly natively on the world's largest desktop OS platform, developed by a company that once declared Linux "a cancer."

I did not expect the future to be so weird.

The Cold Civil War comes to Linux

Unless you're a Linux Nerd like me, you don't run Linux at home on your computer.  But you almost certainly do run it on devices in your house - Android is based on Linux, and your home router/firewall almost certainly runs it.  More importantly, the Internet runs on Linux - the bulk of the servers you talk to and services you rely on are hosted on Linux.

And so the culture wars coming to Linux is a big deal.  The news from a couple weeks ago was that Linux Torvalds (father of Linux and the guy who has guided its development for 20+ years) broke down and imposed a Code Of Conduct for the kernel development group.

In the past, the key question was whether a developer's code was good or not; now with the CoC other issues - the developers race, sex, or gender identification, or his/her hurt feelings - will take precedence.  At the extreme, this could break the Internet, or at least mire it in suckage as bad code (protected from replacement by the CoC and concerns over "diversity" developers' hurt feelings) make things work poorly.

This isn't just an academic concern: we have seen codes of conduct repeatedly abused by activists (a good background of this sort of thing is here), and so there's a lot to worry about here.  Well, the linux kernel hackers are pushing back, saying that if they are disciplined under the code of conduct that they will revoke the right to use their code in the kernel:

An open letter posted to the Linux Kernel Mailing List explains:

Date Thu, 20 Sep 2018 09:28:14 +0000
From unconditionedwitness@redchan ...
Subject Re: A Plea to Unfuck our Codes of Conduct

Regarding those who are ejected from the Linux Kernel Community after 
this CoC:

Contributors can, at any time, rescind the license grant regarding their 
property via written notice to those whom they are rescinding the grant 
from (regarding their property (code)) .

This is a really interesting pushback, and if you are a tech nerd you should click through to read the whole thing.  I don't know that we've hit peak Social Justice, but there are signs all over the place that people are sick of the agenda pushing into every nook and cranny of peoples' lives.

Cats and dogs, living together

You can download Kali Linux from the Microsoft Windows Store.

Man, it sure is a long, long way from the Halloween Documents.

Linux: still runs on a 486 computer

While this seems like a bit of a goofy project, this demonstrates why Linux is so popular in the server world.  Modern Linux runs on ancient computers:

What is the oldest x86 processor that is still supported by a modern Linux kernel in present time?

I asked the above quiz question during the Geekcamp tech conference in Nov 2017 during my emcee role. The theoretical answer as you can glean from the title of this post is the 486 which was first released in 1989.

He got a modern operating system running on a 25 year old (!) computer.  This is all good fun, of course, but there are some really important take aways:

1. Linux has exceptional support for old hardware.  One of the reasons people have used it is that instead of throwing away old Windows computers, they can turn them into servers.

2. The operating system is very, very stable.  You can have some confidence turning your old hardware into servers because very little in the OS is hardware dependent and so it just keeps running.

All in all, this is a pretty interesting article (although it's very linux geeky).

New life for your old Windows Vista computer

El Reg talks up a new Linux distribution that seems a great fit for old Vista boxes:

The Linux distribution Q4OS sounds like textspeak from a teenager from 1997, but it has potential, and it's not a bad option for Linux newbies. 

Click to enlarge

The Linux OS is flexible. If one Linux distro is an unfriendly fit, you can replace it with another one that has a more appealing options list on the desktop environment or user interface front. 

Debian-based Q4OS, developed by a team of software designers in Germany, has a lightweight design that allows it to run on nearly any hardware config. I have run it on ageing computers from the early days of Windows Vista.

Fast, secure, and runs on old hardware (including 32 bit CPUs).  Oh, and it's free.  If you have a wheezing old Vista box, you might want to try this out.

Cats and dogs, living together

LOLwhat?

Microsoft finally confirmed that Hell has indeed frozen over – Ubuntu is at long last available from the Windows Store. 

Canonical's Linux distro is now available for installation on Windows Store on Insider build 16215 and higher. Windows 10 already supports Ubuntu via the Windows Subsystem for Linux, rolled out in the Creators Update earlier this year. 

Microsoft says the advantages of installing the Windows Store version of Ubuntu are more reliable and faster downloads as well as support for installing and running different distros side by side. For example, if you already have a legacy Ubuntu distro installed, your Windows Store downloaded version will run "alongside but isolated" from it.

I'm pretty sure that this is one of the signs of the Apocalypse.

So just how much data does Windows 10 collect from your computer?

Wow.  That's a lot of data.

My recommendation is to set the data collection to "Basic", which will still collect a ton of data from your computer, but at least not the ginormous amount from Full mode.

Even better, install Linux Mint.

Why security stinks, part 4,927,831

Linux has a reputation for strong security (which is why I run it on the Castle Borepatch supercomputers).  But even Linux isn't free from boneheaded security problems:

"After running this command, PID 1 is hung in the pause system call. You can no longer start and stop daemons. inetd-style services no longer accept connections. You cannot cleanly reboot the system." According to the bug report, Debian, Ubuntu, and CentOS are among the distros susceptible to various levels of resource exhaustion. The bug, which has existed for more than two years, does not require root access to exploit.

The discussion thread gives a really good overview of why computer security stinks.  Essentially, a simple and secure but basic bouts routine got replaced by a feature-rich but complicated one.  Unsurprisingly, the complicated replacement has a grotesque security problem.

Complexity is the enemy of security, and developers are racing to add complexity.  You can estimate where that will lead us ...

UPDATE 3 October 2016 11:24:  It's actually even worse than I had thought.  System implements the DNS protocol, but never implemented the DNS recommended best security practices.  Idiots.  This sums it up for me, too:

And folks wonder why I hate SystemD with a passion… Designed wrong, implemented badly, doing things it ought not do, in ways that are broken. And that’s just at first glance… now we know that anyone can hang your system in a non-recoverable state and the DNS can be poisoned. Oh Joy. /sarc;

Complexity is not Security's friend.

Not nice, Microsoft

Not nice:

Image copyrightMICROSOFT

Microsoft has faced criticism for changing the pop-up box encouraging Windows users to upgrade to Windows 10. 

Clicking the cross in the top-right hand corner of the pop-up box now agrees to a scheduled upgrade rather than rejecting it.

Personally, I recommend Linux Mint.

UPDATE 26 May 2016 16:12: Well, well, well:

Microsoft has u-turned over changes it made to a pop-up encouraging users to upgrade to Windows 10.

Users were angry that clicking the cross to dismiss the box meant that they had agreed to the upgrade.

Based on "customer feedback", Microsoft said that it had added another notification that provided customers with "an additional opportunity for cancelling the upgrade".

They really stepped in it with this.

Cats and dogs, living together

Microsoft is drinking the Linux kool aid, big time:

So the latest news is that you can run Ubuntu and bash on Windows 10. In other words, from the bash command-line, you execute apt-get to get/run any Ubuntu binary -- the same binary that runs on Linux. How do it work?

I don't know yet, but browsing around on the Internet suggests that it's a kernel driver in Windows that emulates Linux system calls.

Native Linux commands to install and run Linux commands - on Windows.

[blink] [blink]

I do believe that this is one of the signs of the apocalypse ..

Irony, sweet irony

The Linux operating system has been dominant for servers for years and years because it's fast, stable, secure, and free.  It formed the core of the Android operating system and so it's all over the place now - fast, stable, secure, and free are winners in the mass market as well.  The fact that you could keep around old server hardware that was too under powered to run the latest Microsoft server software, and the old nag would still be useful meant even more savings.

But it was always a niche OS for desktops, pretty much only used by nerds like me (confession: I've used a Linux desktop since 1994, and the 0.99 kernel).  The issue hasn't been with the Internet "killer apps" - email and web browsing.  These work great.  It's not even that the office apps (OpenOffice and the newer/better LibreOffice) don't work.  Microsoft keeps changing the data format of the data files in their Office suite to keep out the competition, but the Linux apps provide 95% of the functions.

But Linux has something like 1% of the desktop market.  It seems that fast, stable, secure, and free just isn't enough when there's one killer app that has really not been supported well: gaming.

Linux has always been pretty bad here.  It's been a chicken-and-the-egg problem: the graphics board companies haven't invested in Linux device drivers because the market was too small, and hard core gamers wouldn't install Linux because they couldn't use their uber graphics hardware (for that extra frisson of excitement during the post-explosion splatter).  Game over, dude.

Except nasso fast:

Making the rounds on the Internet today is a rumor that NVIDIA Corp is allegedly working on their own Linux distribution.

Generating interest on Reddit and elsewhere is that NVIDIA is supposedly developing their own Linux distribution / operating system. This Linux OS would supposedly be suited for gamers.

The premise isn't really different from Valve's OS and the only "proof" is an alleged screen capture of an installer screen for this operating system supposedly going by the "NLINUX" codename at NVIDIA.

Sure, this is a rumor, but SteamOS is built on Linux, and Steam is pretty quickly becoming the gaming platform of choice.  nVidia is ging to have to support Linux drivers anyway, and so this is actually plausible.

Sure, if we're doing chicken metaphors we should remember not to count this until it hatches.  But the irony of Linux coming to the desktop to support Power Gamers is pretty rich.

Microsoft loves Linux

This seems a bit early for April Fool's Day, and seems legit:

Put down your coffee gently. Microsoft has today released a homegrown open-source operating system, based on Debian GNU/Linux, that runs on network switches. 

The software is dubbed SONiC, aka Software for Open Networking in the Cloud. It's a toolkit of code and kernel patches to bend switch hardware to your will, so you can dictate how it works and what it can do, rather than relying on proprietary firmware from a traditional networking vendor.

[blink] [blink]

Back in the day, we used to laugh at jokes about "MS Linux".  The world is getting weird.

Cats and Dogs, living together

Back in the late 90s, Linux began being seen as a threat at Microsoft.  The "Halloween Documents" were internal Microsoft memos outlining a strategy to compete with the then new upstart OS.  The folks in Redmond saw Open Source as a serious threat.

Seemingly, that's changed.  Microsoft has announced a version of SQL Server for Linux.

[blink] [blink]

I'm pretty sure that this is one of the signs of the Apocalypse ...